From b83c9eb5c8ce47c0b7f8d1995dffef8c78c73afe Mon Sep 17 00:00:00 2001
From: pkupczyk <pkupczyk>
Date: Sat, 30 Dec 2017 18:14:22 +0000
Subject: [PATCH] SSDM-6019 : Project Authorization - modify @RolesAllowed
annotations at non-entity related methods - make sure old APIs are backward
compatible after the project authorization is introduced
SVN: 39080
---
.../api/v2/impl/AuthorizationService.java | 5 ++-
.../api/v1/GeneralInformationService.java | 32 ++++++++-----------
.../shared/basic/dto/RoleAssignment.java | 12 +++++++
.../translator/RoleAssignmentTranslator.java | 1 +
.../api/v1/GeneralInformationServiceTest.java | 14 +-------
5 files changed, 31 insertions(+), 33 deletions(-)
diff --git a/datastore_server/source/java/ch/systemsx/cisd/etlserver/registrator/api/v2/impl/AuthorizationService.java b/datastore_server/source/java/ch/systemsx/cisd/etlserver/registrator/api/v2/impl/AuthorizationService.java
index bd4d12e46e5..600d2e07ade 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/etlserver/registrator/api/v2/impl/AuthorizationService.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/etlserver/registrator/api/v2/impl/AuthorizationService.java
@@ -153,7 +153,10 @@ public class AuthorizationService implements IAuthorizationService
List<RoleAssignment> roleAssignmentDtos = openBisService.listRoleAssignments();
for (RoleAssignment roleAssignment : roleAssignmentDtos)
{
- roleAssignments.add(new RoleAssignmentImmutable(roleAssignment));
+ if (roleAssignment.getProject() == null)
+ {
+ roleAssignments.add(new RoleAssignmentImmutable(roleAssignment));
+ }
}
return roleAssignments;
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationService.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationService.java
index fbddb097e39..71418c1ea4e 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationService.java
@@ -33,7 +33,6 @@ import javax.annotation.Resource;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.Transformer;
import org.hibernate.SQLQuery;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;
@@ -109,8 +108,6 @@ import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.id.experiment.IExperim
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.id.metaproject.IMetaprojectId;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.id.project.IProjectId;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.id.sample.ISampleId;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.AuthorizationConfigFacade;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.IAuthorizationConfig;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.AbstractExternalData;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ContainerDataSet;
@@ -164,9 +161,6 @@ public class GeneralInformationService extends AbstractServer<IGeneralInformatio
@Resource(name = ComponentNames.MANAGED_PROPERTY_EVALUATOR_FACTORY)
private IManagedPropertyEvaluatorFactory managedPropertyEvaluatorFactory;
- @Autowired
- private IAuthorizationConfig authorizationConfig;
-
// Default constructor needed by Spring
public GeneralInformationService()
{
@@ -174,12 +168,11 @@ public class GeneralInformationService extends AbstractServer<IGeneralInformatio
GeneralInformationService(IOpenBisSessionManager sessionManager, IDAOFactory daoFactory,
ICommonBusinessObjectFactory boFactory, IPropertiesBatchManager propertiesBatchManager,
- ICommonServer commonServer, IAuthorizationConfig authorizationConfig)
+ ICommonServer commonServer)
{
super(sessionManager, daoFactory, propertiesBatchManager);
this.boFactory = boFactory;
this.commonServer = commonServer;
- this.authorizationConfig = authorizationConfig;
}
@Override
@@ -211,20 +204,18 @@ public class GeneralInformationService extends AbstractServer<IGeneralInformatio
{
checkSession(sessionToken);
- AuthorizationConfigFacade configFacade = new AuthorizationConfigFacade(authorizationConfig);
-
Map<String, Set<Role>> namedRoleSets = new LinkedHashMap<String, Set<Role>>();
RoleWithHierarchy[] values = RoleWithHierarchy.values();
for (RoleWithHierarchy roleSet : values)
{
- if (configFacade.isRoleEnabled(roleSet))
+ if (false == roleSet.isProjectLevel())
{
Set<RoleWithHierarchy> roles = roleSet.getRoles();
Set<Role> translatedRoles = new HashSet<Role>();
for (RoleWithHierarchy role : roles)
{
- if (configFacade.isRoleEnabled(role))
+ if (false == roleSet.isProjectLevel())
{
translatedRoles.add(Translator.translate(role));
}
@@ -285,15 +276,18 @@ public class GeneralInformationService extends AbstractServer<IGeneralInformatio
new HashMap<String, List<RoleAssignmentPE>>();
for (RoleAssignmentPE roleAssignment : roleAssignments)
{
- SpacePE space = roleAssignment.getSpace();
- String spaceCode = space == null ? null : space.getCode();
- List<RoleAssignmentPE> list = roleAssignmentsPerSpace.get(spaceCode);
- if (list == null)
+ if (false == roleAssignment.getRoleWithHierarchy().isProjectLevel())
{
- list = new ArrayList<RoleAssignmentPE>();
- roleAssignmentsPerSpace.put(spaceCode, list);
+ SpacePE space = roleAssignment.getSpace();
+ String spaceCode = space == null ? null : space.getCode();
+ List<RoleAssignmentPE> list = roleAssignmentsPerSpace.get(spaceCode);
+ if (list == null)
+ {
+ list = new ArrayList<RoleAssignmentPE>();
+ roleAssignmentsPerSpace.put(spaceCode, list);
+ }
+ list.add(roleAssignment);
}
- list.add(roleAssignment);
}
return roleAssignmentsPerSpace;
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleAssignment.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleAssignment.java
index f10dbd86da8..42b26b5ce6a 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleAssignment.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleAssignment.java
@@ -43,6 +43,8 @@ public final class RoleAssignment extends Code<RoleAssignment>
private Space space;
+ private Project project;
+
private DatabaseInstance instance;
public RoleAssignment()
@@ -70,6 +72,16 @@ public final class RoleAssignment extends Code<RoleAssignment>
this.space = space;
}
+ public Project getProject()
+ {
+ return project;
+ }
+
+ public void setProject(final Project project)
+ {
+ this.project = project;
+ }
+
public Person getPerson()
{
return person;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/translator/RoleAssignmentTranslator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/translator/RoleAssignmentTranslator.java
index b37cc440229..711a16a3a45 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/translator/RoleAssignmentTranslator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/translator/RoleAssignmentTranslator.java
@@ -52,6 +52,7 @@ public final class RoleAssignmentTranslator
}
final RoleAssignment result = new RoleAssignment();
result.setSpace(SpaceTranslator.translate(role.getSpace()));
+ result.setProject(ProjectTranslator.translate(role.getProject()));
result.setPerson(PersonTranslator.translate(role.getPerson()));
result.setAuthorizationGroup(AuthorizationGroupTranslator.translate(role
.getAuthorizationGroup()));
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationServiceTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationServiceTest.java
index e4f897735f4..fa697656272 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationServiceTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/api/v1/GeneralInformationServiceTest.java
@@ -54,7 +54,6 @@ import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.SampleFetchOption;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.SearchCriteria;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.SearchCriteria.MatchClause;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.SearchCriteria.MatchClauseAttribute;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.IAuthorizationConfig;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.SearchSubCriteria;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.SpaceWithProjectsAndRoleAssignments;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
@@ -98,8 +97,6 @@ public class GeneralInformationServiceTest extends AbstractServerTestCase
private ICommonBusinessObjectFactory boFactory;
- private IAuthorizationConfig authorizationConfig;
-
@Override
@BeforeMethod
public final void setUp()
@@ -108,11 +105,10 @@ public class GeneralInformationServiceTest extends AbstractServerTestCase
commonServer = context.mock(ICommonServer.class);
boFactory = context.mock(ICommonBusinessObjectFactory.class);
sampleLister2 = context.mock(ISampleLister.class, "sampleListerForAPI");
- authorizationConfig = context.mock(IAuthorizationConfig.class);
service =
new GeneralInformationService(sessionManager, daoFactory, boFactory,
- propertiesBatchManager, commonServer, authorizationConfig)
+ propertiesBatchManager, commonServer)
{
@Override
protected ISampleLister createSampleLister(PersonPE person)
@@ -128,14 +124,6 @@ public class GeneralInformationServiceTest extends AbstractServerTestCase
{
prepareGetSession();
- context.checking(new Expectations()
- {
- {
- allowing(authorizationConfig).isProjectLevelEnabled();
- will(returnValue(false));
- }
- });
-
Map<String, Set<Role>> namedRoleSets = service.listNamedRoleSets(SESSION_TOKEN);
List<Entry<String, Set<Role>>> entries =
--
GitLab