diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/AuthorizationDataProvider.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/AuthorizationDataProvider.java
index 597a04aec735c1d9e0196867be31f56efa433d88..8818ab48cb6c848fc4dc84277307a83687ebe4f3 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/AuthorizationDataProvider.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/AuthorizationDataProvider.java
@@ -448,12 +448,6 @@ final public class AuthorizationDataProvider implements IAuthorizationDataProvid
return daoFactory.getSampleDAO().getByTechId(techId);
}
- @Override
- public SamplePE tryGetSample(PermId id)
- {
- return daoFactory.getSampleDAO().tryToFindByPermID(id.getId());
- }
-
@Override
public GridCustomFilterPE getGridCustomFilter(TechId techId)
{
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/AuthorizationServiceUtils.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/AuthorizationServiceUtils.java
index 51c354f99ad8f96a9a9b8c12672e9fbb28ff0f56..903e4db4230140a468ede4b6c01175ef34840d86 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/AuthorizationServiceUtils.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/AuthorizationServiceUtils.java
@@ -25,7 +25,7 @@ import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.StatusFlag;
import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.DataSetCodePredicate;
import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.DelegatedPredicate;
-import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.ExperimentIdentifierPredicate;
+import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.ExperimentAugmentedCodePredicate;
import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.MetaprojectTechIdPredicate;
import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.SampleOwnerIdentifierPredicate;
import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.SpaceIdentifierPredicate;
@@ -222,7 +222,7 @@ public class AuthorizationServiceUtils
private boolean canAccessExperiment(String experimentId)
{
- ExperimentIdentifierPredicate predicate = new ExperimentIdentifierPredicate();
+ ExperimentAugmentedCodePredicate predicate = new ExperimentAugmentedCodePredicate();
predicate.init(new AuthorizationDataProvider(daoFactory));
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/IAuthorizationDataProvider.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/IAuthorizationDataProvider.java
index 0ab8877e2b4a8bc954ceeac60a40960761624f2a..71685af3508907a7d652004ce70a0c938aa1c0f1 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/IAuthorizationDataProvider.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/IAuthorizationDataProvider.java
@@ -140,11 +140,6 @@ public interface IAuthorizationDataProvider extends IDatabaseInstanceFinder
*/
public SamplePE getSample(TechId techId);
- /**
- * Returns the sample with given <var>permId</var> or null if such sample doesn't exist.
- */
- public SamplePE tryGetSample(PermId id);
-
/**
* Returns the filter with given <var>techId</var>
*/
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/PredicateExecutor.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/PredicateExecutor.java
index 2acf7be1c312d04f058e41773af6cb8cf8805343..2bac26d692f400c8d504e6bc2b030978730a7e8f 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/PredicateExecutor.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/PredicateExecutor.java
@@ -18,6 +18,7 @@ package ch.systemsx.cisd.openbis.generic.server.authorization;
import java.util.List;
+import ch.rinn.restrictions.Private;
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.openbis.generic.server.authorization.annotation.ShouldFlattenCollections;
import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.ArrayPredicate;
@@ -104,7 +105,8 @@ public final class PredicateExecutor
shouldFlattenCollections);
}
- public final <T> Status evaluate(final PersonPE person,
+ @Private
+ final <T> Status evaluate(final PersonPE person,
final List<RoleWithIdentifier> allowedRoles, final T argumentValue,
final Class<? extends IPredicate<?>> predicateClass, final Class<T> argumentType,
final boolean shouldFlattenCollections)
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/AbstractExperimentPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/AbstractExperimentPredicate.java
new file mode 100644
index 0000000000000000000000000000000000000000..4d7aaf3e353cad2df49917a186581a53ccadfc6b
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/AbstractExperimentPredicate.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2013 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
+
+import ch.systemsx.cisd.openbis.generic.server.authorization.IAuthorizationDataProvider;
+import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.AbstractTechIdPredicate.ExperimentTechIdPredicate;
+
+/**
+ * An abstract <code>IPredicate</code> for experiments.
+ *
+ * @author Bernd Rinn
+ */
+abstract class AbstractExperimentPredicate<T> extends AbstractPredicate<T>
+{
+ protected final ExperimentTechIdPredicate experimentTechIdPredicate;
+
+ protected final SpaceIdentifierPredicate spacePredicate;
+
+ protected final ExperimentPermIdPredicate experimentPermIdPredicate;
+
+ protected final ExperimentAugmentedCodePredicate experimentAugmentedCodePredicate;
+
+ public AbstractExperimentPredicate()
+ {
+ this.experimentTechIdPredicate = new ExperimentTechIdPredicate();
+ this.spacePredicate = new SpaceIdentifierPredicate();
+ this.experimentPermIdPredicate = new ExperimentPermIdPredicate();
+ this.experimentAugmentedCodePredicate = new ExperimentAugmentedCodePredicate();
+ }
+
+ @Override
+ public final void init(IAuthorizationDataProvider provider)
+ {
+ experimentTechIdPredicate.init(provider);
+ spacePredicate.init(provider);
+ experimentPermIdPredicate.init(provider);
+ experimentAugmentedCodePredicate.init(provider);
+ }
+}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/AbstractProjectPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/AbstractProjectPredicate.java
new file mode 100644
index 0000000000000000000000000000000000000000..b26d73e529565ae3c94868e73a5e8a9001c8d7a9
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/AbstractProjectPredicate.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2013 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
+
+import ch.systemsx.cisd.openbis.generic.server.authorization.IAuthorizationDataProvider;
+import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.AbstractTechIdPredicate.ProjectTechIdPredicate;
+
+/**
+ * An <code>IPredicate</code> implementation that has the tools for authenticating projects based on
+ * any kind of identifier.
+ *
+ * @author Bernd Rinn
+ */
+abstract class AbstractProjectPredicate<T> extends AbstractPredicate<T>
+{
+ protected final SpaceIdentifierPredicate spacePredicate;
+
+ protected final ProjectTechIdPredicate projectTechIdPredicate;
+
+ protected final ProjectPermIdPredicate projectPermIdPredicate;
+
+ protected final ProjectAugmentedCodePredicate projectAugmentedCodePredicate;
+
+ public AbstractProjectPredicate()
+ {
+ this.spacePredicate = new SpaceIdentifierPredicate();
+ this.projectTechIdPredicate = new ProjectTechIdPredicate();
+ this.projectPermIdPredicate = new ProjectPermIdPredicate();
+ this.projectAugmentedCodePredicate = new ProjectAugmentedCodePredicate();
+ }
+
+ @Override
+ public final void init(IAuthorizationDataProvider provider)
+ {
+ spacePredicate.init(provider);
+ projectTechIdPredicate.init(provider);
+ projectPermIdPredicate.init(provider);
+ projectAugmentedCodePredicate.init(provider);
+ }
+
+}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/AbstractSamplePredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/AbstractSamplePredicate.java
new file mode 100644
index 0000000000000000000000000000000000000000..8fb99535b0af314134b5711f8d7fa871c90c1e0d
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/AbstractSamplePredicate.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2013 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
+
+import ch.systemsx.cisd.openbis.generic.server.authorization.IAuthorizationDataProvider;
+
+/**
+ * An abstract <code>IPredicate</code> for samples.
+ *
+ * @author Bernd Rinn
+ */
+abstract class AbstractSamplePredicate<T> extends AbstractPredicate<T>
+{
+ protected final SampleTechIdPredicate sampleTechIdPredicate;
+
+ protected final SpaceIdentifierPredicate spacePredicate;
+
+ protected final SamplePermIdPredicate samplePermIdPredicate;
+
+ protected final SampleOwnerIdentifierPredicate sampleOwnerPredicate;
+
+ protected final SampleAugmentedCodePredicate sampleAugmentedCodePredicate;
+
+ public AbstractSamplePredicate()
+ {
+ this.sampleTechIdPredicate = new SampleTechIdPredicate();
+ this.spacePredicate = new SpaceIdentifierPredicate();
+ this.samplePermIdPredicate = new SamplePermIdPredicate();
+ this.sampleOwnerPredicate = new SampleOwnerIdentifierPredicate();
+ this.sampleAugmentedCodePredicate = new SampleAugmentedCodePredicate(sampleOwnerPredicate);
+ }
+
+ @Override
+ public final void init(IAuthorizationDataProvider provider)
+ {
+ sampleTechIdPredicate.init(provider);
+ spacePredicate.init(provider);
+ samplePermIdPredicate.init(provider);
+ sampleAugmentedCodePredicate.init(provider);
+ }
+}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/DatabaseInstanceIdentifierPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/DatabaseInstanceIdentifierPredicate.java
index 248f35c636a9fc113545e25934c852ceacfceede..be46a65336c99fd66d3188d0eeef6c790ce71166 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/DatabaseInstanceIdentifierPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/DatabaseInstanceIdentifierPredicate.java
@@ -45,6 +45,10 @@ public final class DatabaseInstanceIdentifierPredicate extends
private final static boolean isMatching(final List<RoleWithIdentifier> allowedRoles,
final String databaseInstanceUUID, final boolean isReadAccess)
{
+ if (isReadAccess)
+ {
+ return true;
+ }
for (final RoleWithIdentifier role : allowedRoles)
{
final RoleLevel roleGroup = role.getRoleLevel();
@@ -53,14 +57,6 @@ public final class DatabaseInstanceIdentifierPredicate extends
{
return true;
}
- // TODO 2008-08-07, Tomasz Pylak: is this really necessary to belong to a group to have
- // access to instance samples?
- if (roleGroup.equals(RoleLevel.SPACE)
- && role.getAssignedSpace().getDatabaseInstance().getUuid().equals(
- databaseInstanceUUID) && isReadAccess)
- {
- return true;
- }
}
return false;
}
@@ -76,8 +72,8 @@ public final class DatabaseInstanceIdentifierPredicate extends
}
@Override
- protected
- final Status doEvaluation(final PersonPE person, final List<RoleWithIdentifier> allowedRoles,
+ protected final Status doEvaluation(final PersonPE person,
+ final List<RoleWithIdentifier> allowedRoles,
final DatabaseInstanceIdentifier databaseInstanceIdentifier)
{
assert initialized : "Predicate has not been initialized";
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/DelegatedPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/DelegatedPredicate.java
index 85a5e35ffa2fd4bf835186a6e37969efaa521fee..58d795dfee19b44456fe98b1c11ad8f3eb25705a 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/DelegatedPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/DelegatedPredicate.java
@@ -39,6 +39,8 @@ public abstract class DelegatedPredicate<P, T> extends AbstractPredicate<T>
{
private final IPredicate<P> delegate;
+ boolean initialized;
+
protected IAuthorizationDataProvider authorizationDataProvider;
public DelegatedPredicate(final IPredicate<P> delegate)
@@ -58,8 +60,10 @@ public abstract class DelegatedPredicate<P, T> extends AbstractPredicate<T>
@Override
public final void init(IAuthorizationDataProvider provider)
{
+ assert initialized == false;
this.authorizationDataProvider = provider;
delegate.init(provider);
+ initialized = true;
}
@Override
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentAugmentedCodePredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentAugmentedCodePredicate.java
new file mode 100644
index 0000000000000000000000000000000000000000..c7b32b5f6c920ab00ff77e78f4f432f98b88cb2b
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentAugmentedCodePredicate.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
+
+import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ExperimentIdentifierFactory;
+import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier;
+
+/**
+ * Predicate based on the augmented code of an experiment.
+ *
+ * @author Franz-Josef Elmer
+ */
+public class ExperimentAugmentedCodePredicate extends DelegatedPredicate<SpaceIdentifier, String>
+{
+ public ExperimentAugmentedCodePredicate()
+ {
+ super(new SpaceIdentifierPredicate(false));
+ }
+
+ @Override
+ public SpaceIdentifier tryConvert(String value)
+ {
+ return new ExperimentIdentifierFactory(value).createIdentifier();
+ }
+
+ @Override
+ public String getCandidateDescription()
+ {
+ return "experiment";
+ }
+
+}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentIdentifierPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentIdentifierPredicate.java
index d734ec1bbde62e5f73f50c17d898c2ad9d685b22..66147f597c24d6d1f3f511a48545eee9f3c34aeb 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentIdentifierPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentIdentifierPredicate.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2011 ETH Zuerich, CISD
+ * Copyright 2013 ETH Zuerich, CISD
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -16,32 +16,70 @@
package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
-import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.Experiment;
-import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ExperimentIdentifierFactory;
-import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier;
+import java.util.List;
+
+import ch.systemsx.cisd.common.exceptions.Status;
+import ch.systemsx.cisd.openbis.generic.server.authorization.RoleWithIdentifier;
+import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.ExperimentIdentifier;
+import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
+import ch.systemsx.cisd.openbis.generic.shared.dto.PermId;
+import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
/**
- * Predicate based on {@link Experiment}.
+ * An <code>IPredicate</code> implementation based on {@link ExperimentIdentifier}.
*
- * @author Franz-Josef Elmer
+ * @author Bernd Rinn
*/
-public class ExperimentIdentifierPredicate extends DelegatedPredicate<SpaceIdentifier, String>
+public class ExperimentIdentifierPredicate extends
+ AbstractExperimentPredicate<ExperimentIdentifier>
{
- public ExperimentIdentifierPredicate()
- {
- super(new SpaceIdentifierPredicate(false));
- }
-
@Override
- public SpaceIdentifier tryConvert(String value)
+ public final String getCandidateDescription()
{
- return new ExperimentIdentifierFactory(value).createIdentifier();
+ return "experiment identifier";
}
@Override
- public String getCandidateDescription()
+ protected Status doEvaluation(final PersonPE person,
+ final List<RoleWithIdentifier> allowedRoles,
+ final ExperimentIdentifier identifier)
{
- return "experiment";
+ assert spacePredicate.initialized : "Predicate has not been initialized";
+ assert experimentTechIdPredicate.initialized : "Predicate has not been initialized";
+ assert experimentPermIdPredicate.initialized : "Predicate has not been initialized";
+ assert experimentAugmentedCodePredicate.initialized : "Predicate has not been initialized";
+ Status status = null;
+ if (identifier.getDatabaseId() != null)
+ {
+ status = experimentTechIdPredicate.doEvaluation(person,
+ allowedRoles, new TechId(identifier.getDatabaseId()));
+ if (Status.OK.equals(status) == false)
+ {
+ return status;
+ }
+ }
+ if (identifier.getPermId() != null)
+ {
+ status = experimentPermIdPredicate.doEvaluation(person,
+ allowedRoles, new PermId(identifier.getPermId()));
+ if (Status.OK.equals(status) == false)
+ {
+ return status;
+ }
+ }
+ if (identifier.getAugmentedCode() != null)
+ {
+ status = experimentAugmentedCodePredicate.doEvaluation(person,
+ allowedRoles, identifier.getAugmentedCode());
+ if (Status.OK.equals(status) == false)
+ {
+ return status;
+ }
+ }
+ if (status == null)
+ {
+ return Status.createError("No identifier given");
+ }
+ return Status.OK;
}
-
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentPEPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentPEPredicate.java
index 946386e3e80b3da8be994e0861dc09e0aa8329cb..fdf6f48d3da8d10bc55f6ac9c164390bbf7aadb8 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentPEPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentPEPredicate.java
@@ -26,6 +26,16 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.SpacePE;
public class ExperimentPEPredicate extends PersistentEntityPredicate<ExperimentPE>
{
+ public ExperimentPEPredicate()
+ {
+ super();
+ }
+
+ public ExperimentPEPredicate(boolean isReadAccess)
+ {
+ super(isReadAccess);
+ }
+
@Override
public SpacePE getSpace(ExperimentPE value)
{
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentPermIdPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentPermIdPredicate.java
new file mode 100644
index 0000000000000000000000000000000000000000..9fe72115949a3cc365cc93f65a3819312ce31d1c
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentPermIdPredicate.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2009 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
+
+import java.util.List;
+
+import ch.systemsx.cisd.common.exceptions.Status;
+import ch.systemsx.cisd.openbis.generic.server.authorization.IAuthorizationDataProvider;
+import ch.systemsx.cisd.openbis.generic.server.authorization.RoleWithIdentifier;
+import ch.systemsx.cisd.openbis.generic.shared.dto.ExperimentPE;
+import ch.systemsx.cisd.openbis.generic.shared.dto.PermId;
+import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
+
+/**
+ * An <code>IPredicate</code> implementation based on permId of an experiment.
+ *
+ * @author Izabela Adamczyk
+ */
+public class ExperimentPermIdPredicate extends AbstractDatabaseInstancePredicate<PermId>
+{
+
+ private final ExperimentPEPredicate experimentPEPredicate;
+
+ public ExperimentPermIdPredicate()
+ {
+ this(true);
+ }
+
+ public ExperimentPermIdPredicate(boolean isReadAccess)
+ {
+ experimentPEPredicate = new ExperimentPEPredicate(isReadAccess);
+ }
+
+ //
+ // AbstractPredicate
+ //
+
+ @Override
+ public final void init(IAuthorizationDataProvider provider)
+ {
+ super.init(provider);
+ experimentPEPredicate.init(provider);
+ }
+
+ @Override
+ public final String getCandidateDescription()
+ {
+ return "experiment perm id";
+ }
+
+ @Override
+ protected final Status doEvaluation(final PersonPE person,
+ final List<RoleWithIdentifier> allowedRoles, final PermId id)
+ {
+ ExperimentPE experiment = authorizationDataProvider.tryGetExperimentByPermId(id.getId());
+ if (experiment == null)
+ {
+ return Status.createError(String.format("User '%s' does not have enough privileges.",
+ person.getUserId()));
+ }
+ return experimentPEPredicate.evaluate(person, allowedRoles, experiment);
+ }
+
+}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentUpdatesPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentUpdatesPredicate.java
index 2545969c4859f94b2f7d8b996a56941f54840549..7d1cf715f163858504f709e16b2cb259b8d81a95 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentUpdatesPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ExperimentUpdatesPredicate.java
@@ -19,9 +19,7 @@ package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
import java.util.List;
import ch.systemsx.cisd.common.exceptions.Status;
-import ch.systemsx.cisd.openbis.generic.server.authorization.IAuthorizationDataProvider;
import ch.systemsx.cisd.openbis.generic.server.authorization.RoleWithIdentifier;
-import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.AbstractTechIdPredicate.ExperimentTechIdPredicate;
import ch.systemsx.cisd.openbis.generic.shared.dto.ExperimentUpdatesDTO;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
@@ -32,25 +30,8 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
*
* @author Tomasz Pylak
*/
-public class ExperimentUpdatesPredicate extends AbstractPredicate<ExperimentUpdatesDTO>
+public class ExperimentUpdatesPredicate extends AbstractExperimentPredicate<ExperimentUpdatesDTO>
{
- private final ExperimentTechIdPredicate experimentTechIdPredicate;
-
- private final SpaceIdentifierPredicate spacePredicate;
-
- public ExperimentUpdatesPredicate()
- {
- this.experimentTechIdPredicate = new ExperimentTechIdPredicate();
- this.spacePredicate = new SpaceIdentifierPredicate();
- }
-
- @Override
- public final void init(IAuthorizationDataProvider provider)
- {
- experimentTechIdPredicate.init(provider);
- spacePredicate.init(provider);
- }
-
@Override
public final String getCandidateDescription()
{
@@ -62,6 +43,7 @@ public class ExperimentUpdatesPredicate extends AbstractPredicate<ExperimentUpda
final List<RoleWithIdentifier> allowedRoles,
final ExperimentUpdatesDTO updates)
{
+ assert spacePredicate.initialized : "Predicate has not been initialized";
assert experimentTechIdPredicate.initialized : "Predicate has not been initialized";
// Skip all further checks if the person has instance-wide write permissions.
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/PersistentEntityPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/PersistentEntityPredicate.java
index b6cdbc22c7d0a97b27cca3e5d9285da945fdd5fd..ec17e2691cbc606b3381dc93ee3ca4decf2733ad 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/PersistentEntityPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/PersistentEntityPredicate.java
@@ -28,12 +28,28 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.SpacePE;
/**
- * A predicate for persistent entities.
+ * A predicate for persistent entities. This predicate by default authenticates for write access.
*
* @author anttil
*/
public abstract class PersistentEntityPredicate<T> implements IPredicate<T>
{
+ // Everyone can read from the database instance level, but only users with appropriate role can
+ // write. This flag tells if only the read-only access is required to database instance objects.
+ private final boolean isReadAccess;
+
+ /**
+ * Default: authenticate for write access.
+ */
+ public PersistentEntityPredicate()
+ {
+ this(false);
+ }
+
+ public PersistentEntityPredicate(boolean isReadAccess)
+ {
+ this.isReadAccess = isReadAccess;
+ }
@Override
public Status evaluate(PersonPE person, List<RoleWithIdentifier> allowedRoles, T value)
@@ -44,9 +60,15 @@ public abstract class PersistentEntityPredicate<T> implements IPredicate<T>
return Status.createError("null value cannot be authorized");
}
- SpacePE space = getSpace(value);
- DatabaseInstancePE instance =
- space != null ? space.getDatabaseInstance() : getInstance(value);
+ final SpacePE space = getSpace(value);
+ final boolean isInstanceEntity = (space == null);
+ if (isInstanceEntity && isReadAccess)
+ {
+ return Status.OK;
+ }
+ @SuppressWarnings("null")
+ final DatabaseInstancePE instance =
+ isInstanceEntity ? getInstance(value) : space.getDatabaseInstance();
for (RoleWithIdentifier allowed : allowedRoles)
{
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ProjectAugmentedCodePredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ProjectAugmentedCodePredicate.java
new file mode 100644
index 0000000000000000000000000000000000000000..8b213d9defc7b438e928eb4d14ca4a343742e854
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ProjectAugmentedCodePredicate.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2012 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
+
+import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ProjectIdentifierFactory;
+import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier;
+
+/**
+ * A {@link IPredicate} for a project's augmented code (i.e. DB:/SPACE/PROJECT).
+ *
+ * @author Bernd Rinn
+ */
+public class ProjectAugmentedCodePredicate extends DelegatedPredicate<SpaceIdentifier, String>
+{
+ public ProjectAugmentedCodePredicate()
+ {
+ super(new SpaceIdentifierPredicate(false));
+ }
+
+ @Override
+ public SpaceIdentifier tryConvert(String value)
+ {
+ return new ProjectIdentifierFactory(value).createIdentifier();
+ }
+
+ @Override
+ public String getCandidateDescription()
+ {
+ return "project";
+ }
+
+}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ProjectIdentifierPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ProjectIdentifierPredicate.java
index 64dd2db3c3f7db89874ac0142e03b6e203313ecc..d151b387594525143e1b8ad04462d828253ecad0 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ProjectIdentifierPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ProjectIdentifierPredicate.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2012 ETH Zuerich, CISD
+ * Copyright 2013 ETH Zuerich, CISD
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,35 +20,64 @@ import java.util.List;
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.openbis.generic.server.authorization.RoleWithIdentifier;
+import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.ProjectIdentifier;
+import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.ProjectPE;
-import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ProjectIdentifier;
-import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.ProjectIdentifierFactory;
/**
- * A {@link IPredicate} for a project permanent id (i.e. DB:/SPACE/PROJECT).
+ * An <code>IPredicate</code> implementation based on {@link ProjectIdentifier}.
*
* @author Bernd Rinn
*/
-public class ProjectIdentifierPredicate extends AbstractSpacePredicate<String>
+public class ProjectIdentifierPredicate extends AbstractProjectPredicate<ProjectIdentifier>
{
@Override
- public String getCandidateDescription()
+ public final String getCandidateDescription()
{
return "project identifier";
}
@Override
- protected Status doEvaluation(PersonPE person, List<RoleWithIdentifier> allowedRoles,
- String value)
+ protected Status doEvaluation(final PersonPE person,
+ final List<RoleWithIdentifier> allowedRoles,
+ final ProjectIdentifier identifier)
{
- final ProjectIdentifier identifier = new ProjectIdentifierFactory(value).createIdentifier();
- final ProjectPE project = authorizationDataProvider.tryGetProjectByIdentifier(identifier);
- if (project == null)
+ assert spacePredicate.initialized : "Predicate has not been initialized";
+ assert projectTechIdPredicate.initialized : "Predicate has not been initialized";
+ assert projectPermIdPredicate.initialized : "Predicate has not been initialized";
+ assert projectAugmentedCodePredicate.initialized : "Predicate has not been initialized";
+ Status status = null;
+ if (identifier.getDatabaseId() != null)
{
- return Status.createError(String.format("User '%s' does not have enough privileges.",
- person.getUserId()));
+ status = projectTechIdPredicate.doEvaluation(person,
+ allowedRoles, new TechId(identifier.getDatabaseId()));
+ if (Status.OK.equals(status) == false)
+ {
+ return status;
+ }
}
- return evaluateSpace(person, allowedRoles, project.getSpace());
+ if (identifier.getPermId() != null)
+ {
+ status = projectPermIdPredicate.doEvaluation(person,
+ allowedRoles, identifier.getPermId());
+ if (Status.OK.equals(status) == false)
+ {
+ return status;
+ }
+ }
+ if (identifier.getAugmentedCode() != null)
+ {
+ status = projectAugmentedCodePredicate.doEvaluation(person,
+ allowedRoles, identifier.getAugmentedCode());
+ if (Status.OK.equals(status) == false)
+ {
+ return status;
+ }
+ }
+ if (status == null)
+ {
+ return Status.createError("No identifier given");
+ }
+ return Status.OK;
}
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ProjectUpdatesPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ProjectUpdatesPredicate.java
index bd3c36e53dbdf5229ebb46005ddb2247f0e60fa0..1c21e2ab5b25000a64bc0983744303a31d101c84 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ProjectUpdatesPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/ProjectUpdatesPredicate.java
@@ -19,9 +19,7 @@ package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
import java.util.List;
import ch.systemsx.cisd.common.exceptions.Status;
-import ch.systemsx.cisd.openbis.generic.server.authorization.IAuthorizationDataProvider;
import ch.systemsx.cisd.openbis.generic.server.authorization.RoleWithIdentifier;
-import ch.systemsx.cisd.openbis.generic.server.authorization.predicate.AbstractTechIdPredicate.ProjectTechIdPredicate;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.ProjectUpdatesDTO;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.DatabaseInstanceIdentifier;
@@ -29,38 +27,13 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier;
/**
* An <code>IPredicate</code> implementation based on {@link ProjectUpdatesDTO}. Checks that: 1) the
- * user has rights to update the project 2) if project is moved to a different group the user has
- * access to this group.
+ * user has rights to update the project 2) if project is moved to a different space the user has
+ * access to this space.
*
* @author Tomasz Pylak
*/
-public class ProjectUpdatesPredicate extends AbstractPredicate<ProjectUpdatesDTO>
+public class ProjectUpdatesPredicate extends AbstractProjectPredicate<ProjectUpdatesDTO>
{
- private final SpaceIdentifierPredicate spacePredicate;
-
- private final ProjectTechIdPredicate projectTechIdPredicate;
-
- private final ProjectPermIdPredicate projectPermIdPredicate;
-
- private final ProjectIdentifierPredicate projectIdentifierPredicate;
-
- public ProjectUpdatesPredicate()
- {
- this.spacePredicate = new SpaceIdentifierPredicate();
- this.projectTechIdPredicate = new ProjectTechIdPredicate();
- this.projectPermIdPredicate = new ProjectPermIdPredicate();
- this.projectIdentifierPredicate = new ProjectIdentifierPredicate();
- }
-
- @Override
- public final void init(IAuthorizationDataProvider provider)
- {
- spacePredicate.init(provider);
- projectTechIdPredicate.init(provider);
- projectPermIdPredicate.init(provider);
- projectIdentifierPredicate.init(provider);
- }
-
@Override
public final String getCandidateDescription()
{
@@ -74,6 +47,8 @@ public class ProjectUpdatesPredicate extends AbstractPredicate<ProjectUpdatesDTO
{
assert spacePredicate.initialized : "Predicate has not been initialized";
assert projectTechIdPredicate.initialized : "Predicate has not been initialized";
+ assert projectPermIdPredicate.initialized : "Predicate has not been initialized";
+ assert projectAugmentedCodePredicate.initialized : "Predicate has not been initialized";
Status status;
if (updates.getTechId() != null)
{
@@ -85,7 +60,7 @@ public class ProjectUpdatesPredicate extends AbstractPredicate<ProjectUpdatesDTO
allowedRoles, updates.getPermId());
} else
{
- status = projectIdentifierPredicate.doEvaluation(person,
+ status = projectAugmentedCodePredicate.doEvaluation(person,
allowedRoles, updates.getIdentifier());
}
if (status.equals(Status.OK) == false)
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleAugmentedCodePredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleAugmentedCodePredicate.java
new file mode 100644
index 0000000000000000000000000000000000000000..55d63e7e164349ff16368b3820fb9359fd134a5c
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleAugmentedCodePredicate.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2013 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
+
+import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SampleIdentifierFactory;
+import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SampleOwnerIdentifier;
+
+/**
+ * Predicate based on the augmented code of a sample.
+ *
+ * @author Bernd Rinn
+ */
+public class SampleAugmentedCodePredicate extends DelegatedPredicate<SampleOwnerIdentifier, String>
+{
+ public SampleAugmentedCodePredicate()
+ {
+ this(new SampleOwnerIdentifierPredicate());
+ }
+
+ public SampleAugmentedCodePredicate(SampleOwnerIdentifierPredicate delegate)
+ {
+ super(delegate);
+ }
+
+ @Override
+ public SampleOwnerIdentifier tryConvert(String value)
+ {
+ return new SampleIdentifierFactory(value).createIdentifier();
+ }
+
+ @Override
+ public String getCandidateDescription()
+ {
+ return "sample";
+ }
+
+}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleIdentifierPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleIdentifierPredicate.java
new file mode 100644
index 0000000000000000000000000000000000000000..ba4e7c4ceea0f187be84f149349b9c9102e0c467
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleIdentifierPredicate.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2013 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
+
+import java.util.List;
+
+import ch.systemsx.cisd.common.exceptions.Status;
+import ch.systemsx.cisd.openbis.generic.server.authorization.RoleWithIdentifier;
+import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.ExperimentIdentifier;
+import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.SampleIdentifier;
+import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
+import ch.systemsx.cisd.openbis.generic.shared.dto.PermId;
+import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
+
+/**
+ * An <code>IPredicate</code> implementation based on {@link ExperimentIdentifier}.
+ *
+ * @author Bernd Rinn
+ */
+public class SampleIdentifierPredicate extends
+ AbstractSamplePredicate<SampleIdentifier>
+{
+ @Override
+ public final String getCandidateDescription()
+ {
+ return "sample identifier";
+ }
+
+ @Override
+ protected Status doEvaluation(final PersonPE person,
+ final List<RoleWithIdentifier> allowedRoles,
+ final SampleIdentifier identifier)
+ {
+ assert spacePredicate.initialized : "Predicate has not been initialized";
+ assert sampleTechIdPredicate.initialized : "Predicate has not been initialized";
+ assert samplePermIdPredicate.initialized : "Predicate has not been initialized";
+ assert sampleAugmentedCodePredicate.initialized : "Predicate has not been initialized";
+ Status status = null;
+ if (identifier.getDatabaseId() != null)
+ {
+ status = sampleTechIdPredicate.doEvaluation(person,
+ allowedRoles, new TechId(identifier.getDatabaseId()));
+ if (Status.OK.equals(status) == false)
+ {
+ return status;
+ }
+ }
+ if (identifier.getPermId() != null)
+ {
+ status = samplePermIdPredicate.doEvaluation(person,
+ allowedRoles, new PermId(identifier.getPermId()));
+ if (Status.OK.equals(status) == false)
+ {
+ return status;
+ }
+ }
+ if (identifier.getAugmentedCode() != null)
+ {
+ status = sampleAugmentedCodePredicate.doEvaluation(person,
+ allowedRoles, identifier.getAugmentedCode());
+ if (Status.OK.equals(status) == false)
+ {
+ return status;
+ }
+ }
+ if (status == null)
+ {
+ return Status.createError("No identifier given");
+ }
+ return Status.OK;
+ }
+}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleOwnerIdentifierPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleOwnerIdentifierPredicate.java
index f170ba2085d1a3d3d54140fe35eb7b52ccef3099..bcd6e09abf338b3a92e38fb8db3c552c6a145ae1 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleOwnerIdentifierPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleOwnerIdentifierPredicate.java
@@ -35,6 +35,8 @@ public class SampleOwnerIdentifierPredicate extends AbstractPredicate<SampleOwne
private final DatabaseInstanceIdentifierPredicate databaseInstanceIdentifierPredicate;
+ boolean initialized;
+
public SampleOwnerIdentifierPredicate()
{
this(true, false);
@@ -58,8 +60,10 @@ public class SampleOwnerIdentifierPredicate extends AbstractPredicate<SampleOwne
@Override
public final void init(IAuthorizationDataProvider provider)
{
+ assert initialized == false;
spacePredicate.init(provider);
databaseInstanceIdentifierPredicate.init(provider);
+ initialized = true;
}
@Override
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SamplePEPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SamplePEPredicate.java
index 3404f551b0a7f5032fe3e973f187f0d98fcb319a..77377de4976ab59ed87e6ad5eeb50ee00809cc36 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SamplePEPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SamplePEPredicate.java
@@ -21,11 +21,24 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.SamplePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.SpacePE;
/**
+ * This predicate by default authenticates for write access, i.e. it will allow not access to shared
+ * samples for all users.
+ *
* @author anttil
*/
public class SamplePEPredicate extends PersistentEntityPredicate<SamplePE>
{
+ public SamplePEPredicate()
+ {
+ super();
+ }
+
+ public SamplePEPredicate(boolean isReadAccess)
+ {
+ super(isReadAccess);
+ }
+
@Override
public SpacePE getSpace(SamplePE value)
{
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SamplePermIdPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SamplePermIdPredicate.java
index 93bf3ec20f7a9d942340a478ac7cecd91fd88394..0f6934f4175b66e59707548544ea3c69fadec630 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SamplePermIdPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SamplePermIdPredicate.java
@@ -33,7 +33,7 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.SamplePE;
public class SamplePermIdPredicate extends AbstractDatabaseInstancePredicate<PermId>
{
- private final SampleOwnerIdentifierPredicate sampleOwnerIdentifierPredicate;
+ private final SamplePEPredicate samplePEPredicate;
public SamplePermIdPredicate()
{
@@ -42,7 +42,7 @@ public class SamplePermIdPredicate extends AbstractDatabaseInstancePredicate<Per
public SamplePermIdPredicate(boolean isReadAccess)
{
- sampleOwnerIdentifierPredicate = new SampleOwnerIdentifierPredicate(isReadAccess);
+ samplePEPredicate = new SamplePEPredicate(isReadAccess);
}
//
@@ -53,7 +53,7 @@ public class SamplePermIdPredicate extends AbstractDatabaseInstancePredicate<Per
public final void init(IAuthorizationDataProvider provider)
{
super.init(provider);
- sampleOwnerIdentifierPredicate.init(provider);
+ samplePEPredicate.init(provider);
}
@Override
@@ -66,14 +66,13 @@ public class SamplePermIdPredicate extends AbstractDatabaseInstancePredicate<Per
protected final Status doEvaluation(final PersonPE person,
final List<RoleWithIdentifier> allowedRoles, final PermId id)
{
- SamplePE sample = authorizationDataProvider.tryGetSample(id);
+ SamplePE sample = authorizationDataProvider.tryGetSampleByPermId(id.getId());
if (sample == null)
{
return Status.createError(String.format("User '%s' does not have enough privileges.",
person.getUserId()));
}
- return sampleOwnerIdentifierPredicate.doEvaluation(person, allowedRoles,
- sample.getSampleIdentifier());
+ return samplePEPredicate.evaluate(person, allowedRoles, sample);
}
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleUpdatesPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleUpdatesPredicate.java
index c069a3cccc1f01944db0ab40cc8bd5c209ef6459..3f73b47f44434289746417bd03c5d7516600a451 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleUpdatesPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleUpdatesPredicate.java
@@ -19,7 +19,6 @@ package ch.systemsx.cisd.openbis.generic.server.authorization.predicate;
import java.util.List;
import ch.systemsx.cisd.common.exceptions.Status;
-import ch.systemsx.cisd.openbis.generic.server.authorization.IAuthorizationDataProvider;
import ch.systemsx.cisd.openbis.generic.server.authorization.RoleWithIdentifier;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.SampleUpdatesDTO;
@@ -31,43 +30,27 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.SampleUpdatesDTO;
*
* @author Izabela Adamczyk
*/
-public class SampleUpdatesPredicate extends AbstractPredicate<SampleUpdatesDTO>
+public class SampleUpdatesPredicate extends AbstractSamplePredicate<SampleUpdatesDTO>
{
- private final SampleTechIdPredicate sampleTechIdPredicate;
-
- private final SpaceIdentifierPredicate spacePredicate;
-
- private final SampleOwnerIdentifierPredicate samplePredicate;
-
- public SampleUpdatesPredicate()
- {
- this.sampleTechIdPredicate = new SampleTechIdPredicate();
- this.spacePredicate = new SpaceIdentifierPredicate();
- this.samplePredicate = new SampleOwnerIdentifierPredicate();
- }
-
- @Override
- public final void init(IAuthorizationDataProvider provider)
- {
- sampleTechIdPredicate.init(provider);
- spacePredicate.init(provider);
- samplePredicate.init(provider);
- }
-
@Override
public final String getCandidateDescription()
{
return "sample updates";
}
+ // TODO 2009-07-27, IA: tests needed
@Override
- protected
- Status doEvaluation(final PersonPE person, final List<RoleWithIdentifier> allowedRoles,
+ protected Status doEvaluation(final PersonPE person,
+ final List<RoleWithIdentifier> allowedRoles,
final SampleUpdatesDTO updates)
- {// TODO 2009-07-27, IA: tests needed
+ {
assert sampleTechIdPredicate.initialized : "Predicate has not been initialized";
+ assert spacePredicate.initialized : "Predicate has not been initialized";
+ assert sampleOwnerPredicate.initialized : "Predicate has not been initialized";
Status status;
- status = sampleTechIdPredicate.doEvaluation(person, allowedRoles, updates.getSampleIdOrNull());
+ status =
+ sampleTechIdPredicate.doEvaluation(person, allowedRoles,
+ updates.getSampleIdOrNull());
if (status.equals(Status.OK) == false)
{
return status;
@@ -80,8 +63,9 @@ public class SampleUpdatesPredicate extends AbstractPredicate<SampleUpdatesDTO>
if (status.equals(Status.OK) == false)
return status;
}
- status = samplePredicate.doEvaluation(person, allowedRoles, updates.getSampleIdentifier());
+ status =
+ sampleOwnerPredicate.doEvaluation(person, allowedRoles,
+ updates.getSampleIdentifier());
return status;
-
}
}