From c5c25c5a659497533c555d92e09a15ded04c1297 Mon Sep 17 00:00:00 2001
From: felmer <felmer>
Date: Tue, 23 Nov 2010 13:51:16 +0000
Subject: [PATCH] LMS-1888 IETLLIMSSerivce extended for checking INSTANCE_ADMIN
 rights

SVN: 18881
---
 .../systemsx/cisd/openbis/generic/server/ETLService.java   | 6 ++++++
 .../cisd/openbis/generic/server/ETLServiceLogger.java      | 5 +++++
 .../cisd/openbis/generic/shared/IETLLIMSService.java       | 7 +++++++
 .../openbis/generic/shared/IETLLIMSService.java.expected   | 7 +++++++
 4 files changed, 25 insertions(+)

diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLService.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLService.java
index 397039f29b0..f2536d19ab7 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLService.java
@@ -644,6 +644,12 @@ public class ETLService extends AbstractCommonServer<IETLService> implements IET
         return ExternalDataTranslator.translate(externalDataPE, session.getBaseIndexURL());
     }
 
+    public void checkInstanceAdminAuthorization(String sessionToken) throws UserFailureException
+    {
+        checkSession(sessionToken);
+        // do nothing, the access rights specified in method annotations are checked by a proxy
+    }
+
     public void checkDataSetAccess(String sessionToken, String dataSetCode)
             throws UserFailureException
     {
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLServiceLogger.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLServiceLogger.java
index eca56b6a310..f2550a91547 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLServiceLogger.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLServiceLogger.java
@@ -208,6 +208,11 @@ public class ETLServiceLogger extends AbstractServerLogger implements IETLServic
         return null;
     }
 
+    public void checkInstanceAdminAuthorization(String sessionToken) throws UserFailureException
+    {
+        logAccess(sessionToken, "checkInstanceAdminAuthorization");
+    }
+
     public void checkDataSetAccess(String sessionToken, String dataSetCode)
             throws UserFailureException
     {
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java
index 8a2aa0ae7ce..9998fe19789 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java
@@ -295,6 +295,13 @@ public interface IETLLIMSService extends IServer, ISessionProvider
     public void deleteDataSet(String sessionToken,
             @AuthorizationGuard(guardClass = DataSetCodePredicate.class) String dataSetCode,
             String reason) throws UserFailureException;
+    
+    /**
+     * Checks that the user of specified session has INSTANCE_ADMIN access rights.
+     */
+    @Transactional(readOnly = true)
+    @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
+    public void checkInstanceAdminAuthorization(String sessionToken) throws UserFailureException;
 
     /**
      * Does nothing besides checking that the current user has rights to access the content of the
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java.expected b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java.expected
index 8a2aa0ae7ce..9998fe19789 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java.expected
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/IETLLIMSService.java.expected
@@ -295,6 +295,13 @@ public interface IETLLIMSService extends IServer, ISessionProvider
     public void deleteDataSet(String sessionToken,
             @AuthorizationGuard(guardClass = DataSetCodePredicate.class) String dataSetCode,
             String reason) throws UserFailureException;
+    
+    /**
+     * Checks that the user of specified session has INSTANCE_ADMIN access rights.
+     */
+    @Transactional(readOnly = true)
+    @RolesAllowed(RoleWithHierarchy.INSTANCE_ADMIN)
+    public void checkInstanceAdminAuthorization(String sessionToken) throws UserFailureException;
 
     /**
      * Does nothing besides checking that the current user has rights to access the content of the
-- 
GitLab