diff --git a/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetExecutor.java b/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetExecutor.java
index 9c49098797c392a49d8fc47868b18fb1bf622ccb..14515927b662529d6db8147e1b8ec1fc1295f1d8 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetExecutor.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetExecutor.java
@@ -57,6 +57,7 @@ import ch.systemsx.cisd.etlserver.IStorageProcessorTransactional;
import ch.systemsx.cisd.etlserver.ITypeExtractor;
import ch.systemsx.cisd.etlserver.validation.IDataSetValidator;
import ch.systemsx.cisd.openbis.dss.generic.shared.IEncapsulatedOpenBISService;
+import ch.systemsx.cisd.openbis.dss.generic.shared.api.internal.authorization.NewDataSetPredicate;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.FileInfoDssDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO.DataSetOwner;
@@ -166,6 +167,8 @@ class PutDataSetExecutor implements IDataSetHandlerRpc
*/
public List<DataSetInformation> execute() throws UserFailureException, IOException
{
+ NewDataSetPredicate.evaluate(sessionToken, getOpenBisService(), newDataSet);
+
writeDataSetToTempDirectory();
overrideOrNull = null;
@@ -184,6 +187,8 @@ class PutDataSetExecutor implements IDataSetHandlerRpc
*/
public List<DataSetInformation> executeWithoutWriting() throws UserFailureException
{
+ NewDataSetPredicate.evaluate(sessionToken, getOpenBisService(), newDataSet);
+
overrideOrNull = null;
// Register the data set
diff --git a/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandler.java b/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandler.java
index 8c53db59aa7b51ee4c09a5d2ab86d8533b4f2acf..dab3e7a6031258677c75e8a3f3351bc9ea6e44a0 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandler.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandler.java
@@ -37,6 +37,7 @@ import ch.systemsx.cisd.etlserver.ITopLevelDataSetRegistrator;
import ch.systemsx.cisd.etlserver.ITopLevelDataSetRegistratorDelegate;
import ch.systemsx.cisd.etlserver.registrator.DataSetRegistrationPreStagingBehavior;
import ch.systemsx.cisd.openbis.dss.generic.shared.IEncapsulatedOpenBISService;
+import ch.systemsx.cisd.openbis.dss.generic.shared.api.internal.authorization.NewDataSetPredicate;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.FileInfoDssDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO.DataSetOwner;
@@ -177,6 +178,8 @@ class PutDataSetTopLevelDataSetHandler
*/
public List<DataSetInformation> execute() throws UserFailureException, IOException
{
+ NewDataSetPredicate.evaluate(sessionToken, getOpenBisService(), newDataSet);
+
writeDataSetToTempDirectory();
// Register the data set
@@ -189,7 +192,6 @@ class PutDataSetTopLevelDataSetHandler
{
deleteDataSetDir();
}
-
}
/**
@@ -197,6 +199,8 @@ class PutDataSetTopLevelDataSetHandler
*/
public List<DataSetInformation> executeWithoutWriting() throws UserFailureException
{
+ NewDataSetPredicate.evaluate(sessionToken, getOpenBisService(), newDataSet);
+
// Register the data set
try
{
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/internal/authorization/NewDataSetPredicate.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/internal/authorization/NewDataSetPredicate.java
index 9ccc324f3643d2a472896d4454d1cc648adefbc8..255d3b71c924114de79b97fd003ef6a96d1538c0 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/internal/authorization/NewDataSetPredicate.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/internal/authorization/NewDataSetPredicate.java
@@ -21,6 +21,7 @@ import java.util.List;
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
+import ch.systemsx.cisd.openbis.dss.generic.shared.IEncapsulatedOpenBISService;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.internal.v1.authorization.IAuthorizationGuardPredicate;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.IDssServiceRpcGeneric;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO;
@@ -47,6 +48,8 @@ public class NewDataSetPredicate implements
public Status evaluate(IDssServiceRpcGeneric receiver, String sessionToken,
NewDataSetDTO newDataSet) throws UserFailureException
{
+ checkNewDataSet(newDataSet);
+
DataSetOwner owner = newDataSet.getDataSetOwner();
String ownerIdentifier = owner.getIdentifier();
@@ -60,6 +63,50 @@ public class NewDataSetPredicate implements
return DssSessionAuthorizationHolder.getAuthorizer().checkDatasetAccess(sessionToken, ownerIdentifier);
}
- return null; // impossible!
+ return null;
+ }
+
+ public static void evaluate(String sessionToken, IEncapsulatedOpenBISService service, NewDataSetDTO newDataSet)
+ {
+ checkNewDataSet(newDataSet);
+
+ DataSetOwner owner = newDataSet.getDataSetOwner();
+ String ownerIdentifier = owner.getIdentifier();
+
+ switch (owner.getType())
+ {
+ case EXPERIMENT:
+ service.checkExperimentAccess(sessionToken, ownerIdentifier);
+ break;
+ case SAMPLE:
+ service.checkSampleAccess(sessionToken, ownerIdentifier);
+ break;
+ case DATA_SET:
+ service.checkDataSetAccess(sessionToken, ownerIdentifier);
+ break;
+ }
+ }
+
+ private static void checkNewDataSet(NewDataSetDTO newDataSet)
+ {
+ if (newDataSet == null)
+ {
+ throw new UserFailureException("New data set cannot be null");
+ }
+
+ DataSetOwner owner = newDataSet.getDataSetOwner();
+
+ if (owner == null)
+ {
+ throw new UserFailureException("Owner of a new data set cannot be null");
+ }
+
+ String ownerIdentifier = owner.getIdentifier();
+
+ if (ownerIdentifier == null)
+ {
+ throw new UserFailureException("Owner identifier of a new data set cannot be null");
+ }
}
+
}
diff --git a/datastore_server/sourceTest/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandlerTest.java b/datastore_server/sourceTest/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandlerTest.java
index 3d238b349c15cb4dd4f4adca27067a3280007254..6966523d5fb0f3ce87d9ebc6ab8c94a0504309d1 100644
--- a/datastore_server/sourceTest/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandlerTest.java
+++ b/datastore_server/sourceTest/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandlerTest.java
@@ -161,9 +161,7 @@ public class PutDataSetTopLevelDataSetHandlerTest extends AbstractFileSystemTest
one(service).createPermId();
will(returnValue(DATA_SET_CODE));
- one(service).checkSpaceAccess(
- SESSION_TOKEN,
- new SpaceIdentifier(experimentIdentifier.getSpaceCode()));
+ one(service).checkExperimentAccess(SESSION_TOKEN, experimentIdentifier.toString());
}
});
RecordingMatcher<DataSetInformation> dataSetInfoMatcher =
@@ -210,7 +208,7 @@ public class PutDataSetTopLevelDataSetHandlerTest extends AbstractFileSystemTest
one(service).createPermId();
will(returnValue(DATA_SET_CODE));
- one(service).checkSpaceAccess(SESSION_TOKEN, sampleIdentifier.getSpaceLevel());
+ one(service).checkSampleAccess(SESSION_TOKEN, sampleIdentifier.toString());
}
});
RecordingMatcher<DataSetInformation> dataSetInfoMatcher =
diff --git a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcV1Test.java b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcV1Test.java
index 40079c25f0836c8d2e6cbfd8d804bd8c2f085c09..eed468d64d4c18d27937d6c63641832322d5468a 100644
--- a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcV1Test.java
+++ b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcV1Test.java
@@ -307,8 +307,8 @@ public class DssServiceRpcV1Test extends AbstractFileSystemTestCase
context.checking(new Expectations()
{
{
- atLeast(1).of(openBisService).checkSpaceAccess(with(SESSION_TOKEN),
- with(spaceIdentifier));
+ atLeast(1).of(openBisService).checkSampleAccess(SESSION_TOKEN, NEW_DATA_SET_OWNER_ID);
+
one(dataSetRegistrator).handle(with(fileMatcher), with(SESSION_TOKEN),
with(dataSetInfoMatcher), with(delegateMatcher));
will(new CustomAction("Notify the delegate")