From b3f773b9b188c8689e9e8c6acce86c576921a570 Mon Sep 17 00:00:00 2001
From: pkupczyk <pkupczyk>
Date: Fri, 22 Dec 2017 19:32:03 +0000
Subject: [PATCH] SSDM-6019 : Project Authorization - modify @RolesAllowed
annotations at non-entity related methods
SVN: 39071
---
.../etlserver/api/v1/PutDataSetExecutor.java | 5 ++
.../v1/PutDataSetTopLevelDataSetHandler.java | 6 ++-
.../authorization/NewDataSetPredicate.java | 49 ++++++++++++++++++-
.../PutDataSetTopLevelDataSetHandlerTest.java | 6 +--
.../generic/server/DssServiceRpcV1Test.java | 4 +-
5 files changed, 62 insertions(+), 8 deletions(-)
diff --git a/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetExecutor.java b/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetExecutor.java
index 9c49098797c..14515927b66 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetExecutor.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetExecutor.java
@@ -57,6 +57,7 @@ import ch.systemsx.cisd.etlserver.IStorageProcessorTransactional;
import ch.systemsx.cisd.etlserver.ITypeExtractor;
import ch.systemsx.cisd.etlserver.validation.IDataSetValidator;
import ch.systemsx.cisd.openbis.dss.generic.shared.IEncapsulatedOpenBISService;
+import ch.systemsx.cisd.openbis.dss.generic.shared.api.internal.authorization.NewDataSetPredicate;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.FileInfoDssDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO.DataSetOwner;
@@ -166,6 +167,8 @@ class PutDataSetExecutor implements IDataSetHandlerRpc
*/
public List<DataSetInformation> execute() throws UserFailureException, IOException
{
+ NewDataSetPredicate.evaluate(sessionToken, getOpenBisService(), newDataSet);
+
writeDataSetToTempDirectory();
overrideOrNull = null;
@@ -184,6 +187,8 @@ class PutDataSetExecutor implements IDataSetHandlerRpc
*/
public List<DataSetInformation> executeWithoutWriting() throws UserFailureException
{
+ NewDataSetPredicate.evaluate(sessionToken, getOpenBisService(), newDataSet);
+
overrideOrNull = null;
// Register the data set
diff --git a/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandler.java b/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandler.java
index 8c53db59aa7..dab3e7a6031 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandler.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandler.java
@@ -37,6 +37,7 @@ import ch.systemsx.cisd.etlserver.ITopLevelDataSetRegistrator;
import ch.systemsx.cisd.etlserver.ITopLevelDataSetRegistratorDelegate;
import ch.systemsx.cisd.etlserver.registrator.DataSetRegistrationPreStagingBehavior;
import ch.systemsx.cisd.openbis.dss.generic.shared.IEncapsulatedOpenBISService;
+import ch.systemsx.cisd.openbis.dss.generic.shared.api.internal.authorization.NewDataSetPredicate;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.FileInfoDssDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO.DataSetOwner;
@@ -177,6 +178,8 @@ class PutDataSetTopLevelDataSetHandler
*/
public List<DataSetInformation> execute() throws UserFailureException, IOException
{
+ NewDataSetPredicate.evaluate(sessionToken, getOpenBisService(), newDataSet);
+
writeDataSetToTempDirectory();
// Register the data set
@@ -189,7 +192,6 @@ class PutDataSetTopLevelDataSetHandler
{
deleteDataSetDir();
}
-
}
/**
@@ -197,6 +199,8 @@ class PutDataSetTopLevelDataSetHandler
*/
public List<DataSetInformation> executeWithoutWriting() throws UserFailureException
{
+ NewDataSetPredicate.evaluate(sessionToken, getOpenBisService(), newDataSet);
+
// Register the data set
try
{
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/internal/authorization/NewDataSetPredicate.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/internal/authorization/NewDataSetPredicate.java
index 9ccc324f364..255d3b71c92 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/internal/authorization/NewDataSetPredicate.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/internal/authorization/NewDataSetPredicate.java
@@ -21,6 +21,7 @@ import java.util.List;
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
+import ch.systemsx.cisd.openbis.dss.generic.shared.IEncapsulatedOpenBISService;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.internal.v1.authorization.IAuthorizationGuardPredicate;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.IDssServiceRpcGeneric;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO;
@@ -47,6 +48,8 @@ public class NewDataSetPredicate implements
public Status evaluate(IDssServiceRpcGeneric receiver, String sessionToken,
NewDataSetDTO newDataSet) throws UserFailureException
{
+ checkNewDataSet(newDataSet);
+
DataSetOwner owner = newDataSet.getDataSetOwner();
String ownerIdentifier = owner.getIdentifier();
@@ -60,6 +63,50 @@ public class NewDataSetPredicate implements
return DssSessionAuthorizationHolder.getAuthorizer().checkDatasetAccess(sessionToken, ownerIdentifier);
}
- return null; // impossible!
+ return null;
+ }
+
+ public static void evaluate(String sessionToken, IEncapsulatedOpenBISService service, NewDataSetDTO newDataSet)
+ {
+ checkNewDataSet(newDataSet);
+
+ DataSetOwner owner = newDataSet.getDataSetOwner();
+ String ownerIdentifier = owner.getIdentifier();
+
+ switch (owner.getType())
+ {
+ case EXPERIMENT:
+ service.checkExperimentAccess(sessionToken, ownerIdentifier);
+ break;
+ case SAMPLE:
+ service.checkSampleAccess(sessionToken, ownerIdentifier);
+ break;
+ case DATA_SET:
+ service.checkDataSetAccess(sessionToken, ownerIdentifier);
+ break;
+ }
+ }
+
+ private static void checkNewDataSet(NewDataSetDTO newDataSet)
+ {
+ if (newDataSet == null)
+ {
+ throw new UserFailureException("New data set cannot be null");
+ }
+
+ DataSetOwner owner = newDataSet.getDataSetOwner();
+
+ if (owner == null)
+ {
+ throw new UserFailureException("Owner of a new data set cannot be null");
+ }
+
+ String ownerIdentifier = owner.getIdentifier();
+
+ if (ownerIdentifier == null)
+ {
+ throw new UserFailureException("Owner identifier of a new data set cannot be null");
+ }
}
+
}
diff --git a/datastore_server/sourceTest/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandlerTest.java b/datastore_server/sourceTest/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandlerTest.java
index 3d238b349c1..6966523d5fb 100644
--- a/datastore_server/sourceTest/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandlerTest.java
+++ b/datastore_server/sourceTest/java/ch/systemsx/cisd/etlserver/api/v1/PutDataSetTopLevelDataSetHandlerTest.java
@@ -161,9 +161,7 @@ public class PutDataSetTopLevelDataSetHandlerTest extends AbstractFileSystemTest
one(service).createPermId();
will(returnValue(DATA_SET_CODE));
- one(service).checkSpaceAccess(
- SESSION_TOKEN,
- new SpaceIdentifier(experimentIdentifier.getSpaceCode()));
+ one(service).checkExperimentAccess(SESSION_TOKEN, experimentIdentifier.toString());
}
});
RecordingMatcher<DataSetInformation> dataSetInfoMatcher =
@@ -210,7 +208,7 @@ public class PutDataSetTopLevelDataSetHandlerTest extends AbstractFileSystemTest
one(service).createPermId();
will(returnValue(DATA_SET_CODE));
- one(service).checkSpaceAccess(SESSION_TOKEN, sampleIdentifier.getSpaceLevel());
+ one(service).checkSampleAccess(SESSION_TOKEN, sampleIdentifier.toString());
}
});
RecordingMatcher<DataSetInformation> dataSetInfoMatcher =
diff --git a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcV1Test.java b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcV1Test.java
index 40079c25f08..eed468d64d4 100644
--- a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcV1Test.java
+++ b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/dss/generic/server/DssServiceRpcV1Test.java
@@ -307,8 +307,8 @@ public class DssServiceRpcV1Test extends AbstractFileSystemTestCase
context.checking(new Expectations()
{
{
- atLeast(1).of(openBisService).checkSpaceAccess(with(SESSION_TOKEN),
- with(spaceIdentifier));
+ atLeast(1).of(openBisService).checkSampleAccess(SESSION_TOKEN, NEW_DATA_SET_OWNER_ID);
+
one(dataSetRegistrator).handle(with(fileMatcher), with(SESSION_TOKEN),
with(dataSetInfoMatcher), with(delegateMatcher));
will(new CustomAction("Notify the delegate")
--
GitLab