SSDM-4686 : v3 canDelete roles bug - translating AuthorizationFailure into...

SSDM-4686 : v3 canDelete roles bug - translating AuthorizationFailure into UnauthorizedObject exception

SVN: 37681

openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/entity/AbstractDeleteEntityExecutor.java

@@ -25,8 +25,11 @@ import javax.annotation.Resource;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
+import ch.ethz.sis.openbis.generic.asapi.v3.dto.common.id.IObjectId;
 import ch.ethz.sis.openbis.generic.asapi.v3.dto.deletion.AbstractObjectDeletionOptions;
+import ch.ethz.sis.openbis.generic.asapi.v3.exceptions.UnauthorizedObjectAccessException;
 import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.IOperationContext;
+import ch.systemsx.cisd.common.exceptions.AuthorizationFailureException;
 import ch.systemsx.cisd.openbis.generic.server.ComponentNames;
 import ch.systemsx.cisd.openbis.generic.server.business.bo.ICommonBusinessObjectFactory;
 import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDAOFactory;
@@ -79,7 +82,14 @@ public abstract class AbstractDeleteEntityExecutor<DELETION_ID, ENTITY_ID, ENTIT
             ENTITY_ID entityId = entry.getKey();
             ENTITY_PE entity = entry.getValue();
 
-            checkAccess(context, entityId, entity);
+            try
+            {
+                checkAccess(context, entityId, entity);
+            } catch (AuthorizationFailureException ex)
+            {
+                throw new UnauthorizedObjectAccessException((IObjectId) entityId);
+            }
+
             updateModificationDateAndModifier(context, entity);
         }
 
@@ -98,8 +108,6 @@ public abstract class AbstractDeleteEntityExecutor<DELETION_ID, ENTITY_ID, ENTIT
 
     protected abstract Map<ENTITY_ID, ENTITY_PE> map(IOperationContext context, List<? extends ENTITY_ID> entityIds);
 
-    // protected abstract void checkAccess(IOperationContext context);
-
     protected abstract void checkAccess(IOperationContext context, ENTITY_ID entityId, ENTITY_PE entity);
 
     protected abstract void updateModificationDateAndModifier(IOperationContext context, ENTITY_PE entity);

openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteDataSetTest.java

@@ -19,14 +19,13 @@ package ch.ethz.sis.openbis.systemtest.asapi.v3;
 import java.util.ArrayList;
 import java.util.Collections;
 
-import junit.framework.Assert;
-
 import org.testng.annotations.Test;
 
 import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.delete.DataSetDeletionOptions;
 import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.id.DataSetPermId;
 import ch.ethz.sis.openbis.generic.asapi.v3.dto.deletion.id.IDeletionId;
 import ch.systemsx.cisd.common.action.IDelegatedAction;
+import junit.framework.Assert;
 
 /**
  * @author pkupczyk
@@ -124,7 +123,7 @@ public class DeleteDataSetTest extends AbstractDeletionTest
     {
         final DataSetPermId permId = new DataSetPermId("20120619092259000-22");
 
-        assertAuthorizationFailureException(new IDelegatedAction()
+        assertUnauthorizedObjectAccessException(new IDelegatedAction()
             {
                 @Override
                 public void execute()
@@ -136,7 +135,7 @@ public class DeleteDataSetTest extends AbstractDeletionTest
 
                     v3api.deleteDataSets(sessionToken, Collections.singletonList(permId), options);
                 }
-            });
+            }, permId);
     }
     // waiting for better times
     // @Test

openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteExperimentTest.java

@@ -23,8 +23,6 @@ import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
-import junit.framework.Assert;
-
 import org.springframework.test.context.transaction.TestTransaction;
 import org.testng.annotations.Test;
 
@@ -37,6 +35,7 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.id.SamplePermId;
 import ch.ethz.sis.openbis.systemtest.asapi.v3.index.RemoveFromIndexState;
 import ch.systemsx.cisd.common.action.IDelegatedAction;
 import ch.systemsx.cisd.openbis.generic.shared.dto.ExperimentPE;
+import junit.framework.Assert;
 
 /**
  * @author pkupczyk
@@ -150,7 +149,7 @@ public class DeleteExperimentTest extends AbstractDeletionTest
     {
         final ExperimentPermId permId = createCisdExperiment();
 
-        assertAuthorizationFailureException(new IDelegatedAction()
+        assertUnauthorizedObjectAccessException(new IDelegatedAction()
             {
                 @Override
                 public void execute()
@@ -162,7 +161,7 @@ public class DeleteExperimentTest extends AbstractDeletionTest
 
                     v3api.deleteExperiments(sessionToken, Collections.singletonList(permId), options);
                 }
-            });
+            }, permId);
     }
 
     @Test
@@ -170,7 +169,7 @@ public class DeleteExperimentTest extends AbstractDeletionTest
     {
         final ExperimentPermId permId = new ExperimentPermId("200902091255058-1037");
 
-        assertAuthorizationFailureException(new IDelegatedAction()
+        assertUnauthorizedObjectAccessException(new IDelegatedAction()
             {
                 @Override
                 public void execute()
@@ -182,7 +181,7 @@ public class DeleteExperimentTest extends AbstractDeletionTest
 
                     v3api.deleteExperiments(sessionToken, Collections.singletonList(permId), options);
                 }
-            });
+            }, permId);
     }
 
 }

openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteProjectTest.java

@@ -88,7 +88,7 @@ public class DeleteProjectTest extends AbstractDeletionTest
     {
         final ProjectPermId permId = createCisdProject();
 
-        assertAuthorizationFailureException(new IDelegatedAction()
+        assertUnauthorizedObjectAccessException(new IDelegatedAction()
             {
                 @Override
                 public void execute()
@@ -100,7 +100,7 @@ public class DeleteProjectTest extends AbstractDeletionTest
 
                     v3api.deleteProjects(sessionToken, Collections.singletonList(permId), options);
                 }
-            });
+            }, permId);
     }
 
     @Test
@@ -108,7 +108,7 @@ public class DeleteProjectTest extends AbstractDeletionTest
     {
         final ProjectPermId permId = new ProjectPermId("20120814110011738-105");
 
-        assertAuthorizationFailureException(new IDelegatedAction()
+        assertUnauthorizedObjectAccessException(new IDelegatedAction()
             {
                 @Override
                 public void execute()
@@ -120,6 +120,6 @@ public class DeleteProjectTest extends AbstractDeletionTest
 
                     v3api.deleteProjects(sessionToken, Collections.singletonList(permId), options);
                 }
-            });
+            }, permId);
     }
 }

openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteSampleTest.java

@@ -23,8 +23,6 @@ import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
-import junit.framework.Assert;
-
 import org.springframework.test.context.transaction.TestTransaction;
 import org.testng.annotations.Test;
 
@@ -38,6 +36,7 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.id.SamplePermId;
 import ch.ethz.sis.openbis.systemtest.asapi.v3.index.RemoveFromIndexState;
 import ch.systemsx.cisd.common.action.IDelegatedAction;
 import ch.systemsx.cisd.openbis.generic.shared.dto.SamplePE;
+import junit.framework.Assert;
 
 /**
  * @author pkupczyk
@@ -62,7 +61,7 @@ public class DeleteSampleTest extends AbstractDeletionTest
     {
         final SamplePermId permId = new SamplePermId("200902091250077-1060");
 
-        assertAuthorizationFailureException(new IDelegatedAction()
+        assertUnauthorizedObjectAccessException(new IDelegatedAction()
             {
                 @Override
                 public void execute()
@@ -74,7 +73,7 @@ public class DeleteSampleTest extends AbstractDeletionTest
 
                     v3api.deleteSamples(sessionToken, Collections.singletonList(permId), options);
                 }
-            });
+            }, permId);
     }
 
     @Test
@@ -184,7 +183,7 @@ public class DeleteSampleTest extends AbstractDeletionTest
     {
         final SamplePermId permId = createCisdSample(null);
 
-        assertAuthorizationFailureException(new IDelegatedAction()
+        assertUnauthorizedObjectAccessException(new IDelegatedAction()
             {
                 @Override
                 public void execute()
@@ -196,7 +195,7 @@ public class DeleteSampleTest extends AbstractDeletionTest
 
                     v3api.deleteSamples(sessionToken, Collections.singletonList(permId), options);
                 }
-            });
+            }, permId);
     }
 
 }

openbis/sourceTest/java/ch/ethz/sis/openbis/systemtest/asapi/v3/DeleteVocabularyTermTest.java

@@ -35,6 +35,7 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.vocabulary.id.IVocabularyTermId;
 import ch.ethz.sis.openbis.generic.asapi.v3.dto.vocabulary.id.VocabularyPermId;
 import ch.ethz.sis.openbis.generic.asapi.v3.dto.vocabulary.id.VocabularyTermPermId;
 import ch.ethz.sis.openbis.systemtest.asapi.v3.index.ReindexingState;
+import ch.systemsx.cisd.common.action.IDelegatedAction;
 import ch.systemsx.cisd.common.exceptions.UserFailureException;
 
 /**
@@ -44,15 +45,23 @@ import ch.systemsx.cisd.common.exceptions.UserFailureException;
 public class DeleteVocabularyTermTest extends AbstractVocabularyTermTest
 {
 
-    @Test(expectedExceptions = UserFailureException.class, expectedExceptionsMessageRegExp = ".*None of method roles '\\[SPACE_POWER_USER, SPACE_ADMIN, INSTANCE_ADMIN, SPACE_ETL_SERVER, INSTANCE_ETL_SERVER\\]' could be found in roles of user 'observer'.*")
+    @Test
     public void testDeleteTermUnauthorized()
     {
-        String sessionToken = v3api.login(TEST_GROUP_OBSERVER, PASSWORD);
-
-        VocabularyTermDeletionOptions options = new VocabularyTermDeletionOptions();
-        options.setReason("Just for testing");
-
-        v3api.deleteVocabularyTerms(sessionToken, Arrays.asList(new VocabularyTermPermId("HUMAN", "ORGANISM")), options);
+        final VocabularyTermPermId permId = new VocabularyTermPermId("HUMAN", "ORGANISM");
+        assertUnauthorizedObjectAccessException(new IDelegatedAction()
+            {
+                @Override
+                public void execute()
+                {
+                    String sessionToken = v3api.login(TEST_GROUP_OBSERVER, PASSWORD);
+
+                    VocabularyTermDeletionOptions options = new VocabularyTermDeletionOptions();
+                    options.setReason("Just for testing");
+
+                    v3api.deleteVocabularyTerms(sessionToken, Arrays.asList(permId), options);
+                }
+            }, permId);
     }
 
     @Test
@@ -179,19 +188,27 @@ public class DeleteVocabularyTermTest extends AbstractVocabularyTermTest
         v3api.deleteVocabularyTerms(sessionToken, Arrays.asList(termIdFly), options);
     }
 
-    @Test(expectedExceptions = UserFailureException.class, expectedExceptionsMessageRegExp = ".*None of method roles '\\[SPACE_POWER_USER, SPACE_ADMIN, INSTANCE_ADMIN, SPACE_ETL_SERVER, INSTANCE_ETL_SERVER\\]' could be found in roles of user 'observer'.*")
+    @Test
     public void testReplaceTermUnauthorized()
     {
-        String sessionToken = v3api.login(TEST_GROUP_OBSERVER, PASSWORD);
+        final VocabularyTermPermId termIdReplaced = new VocabularyTermPermId("HUMAN", "ORGANISM");
+        assertUnauthorizedObjectAccessException(new IDelegatedAction()
+            {
+                @Override
+                public void execute()
+                {
+                    String sessionToken = v3api.login(TEST_GROUP_OBSERVER, PASSWORD);
 
-        VocabularyTermPermId termIdReplaced = new VocabularyTermPermId("HUMAN", "ORGANISM");
-        VocabularyTermPermId termIdReplacement = new VocabularyTermPermId("FLY", "ORGANISM");
+                    VocabularyTermPermId termIdReplacement = new VocabularyTermPermId("FLY", "ORGANISM");
 
-        VocabularyTermDeletionOptions options = new VocabularyTermDeletionOptions();
-        options.setReason("Just for testing");
-        options.replace(termIdReplaced, termIdReplacement);
+                    VocabularyTermDeletionOptions options = new VocabularyTermDeletionOptions();
+                    options.setReason("Just for testing");
+                    options.replace(termIdReplaced, termIdReplacement);
+
+                    v3api.deleteVocabularyTerms(sessionToken, Arrays.asList(termIdReplaced), options);
+                }
 
-        v3api.deleteVocabularyTerms(sessionToken, Arrays.asList(termIdReplaced), options);
+            }, termIdReplaced);
     }
 
     @Test(expectedExceptions = UserFailureException.class, expectedExceptionsMessageRegExp = ".*The following terms where not chosen to be deleted but had replacements specified: \\[VocabularyTermPE\\{code=HUMAN,label=<null>\\}\\].*")