From cca67ca443adf5a553dadc40d01ab16906ab7095 Mon Sep 17 00:00:00 2001
From: felmer <felmer>
Date: Tue, 28 Feb 2017 12:14:51 +0000
Subject: [PATCH] SSDM-4824: simplify authorization

SVN: 37830
---
 .../dataset/CreateDataSetExecutor.java        |  1 -
 .../dataset/DataSetAuthorizationExecutor.java | 33 ++++++++-----------
 .../IDataSetAuthorizationExecutor.java        |  2 --
 3 files changed, 13 insertions(+), 23 deletions(-)

diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/CreateDataSetExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/CreateDataSetExecutor.java
index 5b40feb2f01..e50582d63a1 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/CreateDataSetExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/CreateDataSetExecutor.java
@@ -238,7 +238,6 @@ public class CreateDataSetExecutor extends AbstractCreateEntityExecutor<DataSetC
     @Override
     protected void checkAccess(IOperationContext context)
     {
-        authorizationExecutor.canCreate(context);
     }
 
     @Override
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DataSetAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DataSetAuthorizationExecutor.java
index 919d375111e..05c8b8416e9 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DataSetAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DataSetAuthorizationExecutor.java
@@ -44,11 +44,22 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
 public class DataSetAuthorizationExecutor implements IDataSetAuthorizationExecutor
 {
 
+    private boolean canCreate(PersonPE person)
+    {
+        if (person.isSystemUser())
+        {
+            return true;
+        }
+
+        AuthorizationServiceUtils authorization = new AuthorizationServiceUtils(null, person);
+        return authorization.doesUserHaveRole(RoleWithHierarchy.SPACE_ETL_SERVER);
+    }
+
     @Override
     @RolesAllowed({ RoleWithHierarchy.SPACE_USER, RoleWithHierarchy.SPACE_ETL_SERVER })
     @Capability("CREATE_DATASET")
     @DatabaseCreateOrDeleteModification(value = ObjectKind.DATA_SET)
-    public void canCreate(IOperationContext context)
+    public void canCreate(IOperationContext context, @AuthorizationGuard(guardClass = DataPEPredicate.class) DataPE dataSet)
     {
         boolean isCreatorPersonAllowed = false;
         boolean isPersonAllowed = false;
@@ -69,25 +80,7 @@ public class DataSetAuthorizationExecutor implements IDataSetAuthorizationExecut
                     "Data set creation can be only executed by a system user or a user with at least " + RoleWithHierarchy.SPACE_ETL_SERVER
                             + " role.");
         }
-    }
-
-    private boolean canCreate(PersonPE person)
-    {
-        if (person.isSystemUser())
-        {
-            return true;
-        }
-
-        AuthorizationServiceUtils authorization = new AuthorizationServiceUtils(null, person);
-        return authorization.doesUserHaveRole(RoleWithHierarchy.SPACE_ETL_SERVER);
-    }
-
-    @Override
-    @RolesAllowed({ RoleWithHierarchy.SPACE_USER, RoleWithHierarchy.SPACE_ETL_SERVER })
-    @Capability("CREATE_DATASET")
-    @DatabaseCreateOrDeleteModification(value = ObjectKind.DATA_SET)
-    public void canCreate(IOperationContext context, @AuthorizationGuard(guardClass = DataPEPredicate.class) DataPE dataSet)
-    {
+        
         if (false == new DataSetPEByExperimentOrSampleIdentifierValidator().doValidation(dataSet.getRegistrator(), dataSet))
         {
             throw new UnauthorizedObjectAccessException(new DataSetPermId(dataSet.getPermId()));
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/IDataSetAuthorizationExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/IDataSetAuthorizationExecutor.java
index d40375fc74a..87cb0bebc3f 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/IDataSetAuthorizationExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/IDataSetAuthorizationExecutor.java
@@ -27,8 +27,6 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.DataPE;
 public interface IDataSetAuthorizationExecutor extends IObjectAuthorizationExecutor
 {
 
-    void canCreate(IOperationContext context);
-
     void canCreate(IOperationContext context, DataPE dataSet);
 
     void canUpdate(IOperationContext context, IDataSetId id, DataPE dataSet);
-- 
GitLab