From fc548d8e7a8fc7931e6abc27e8287af42cd28bdc Mon Sep 17 00:00:00 2001
From: brinn <brinn>
Date: Wed, 25 Jul 2012 09:25:03 +0000
Subject: [PATCH] [BIS-137] Use the correct database id for a space id for the
authorization check.
SVN: 26190
---
.../predicate/SampleListPredicate.java | 3 +-
.../predicate/AbstractSpacePredicate.java | 32 +++++++------------
.../ScreeningPlateListReadOnlyPredicate.java | 5 ++-
3 files changed, 14 insertions(+), 26 deletions(-)
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleListPredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleListPredicate.java
index 69f0d8eeee9..56e3abf9347 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleListPredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/predicate/SampleListPredicate.java
@@ -127,8 +127,7 @@ public class SampleListPredicate extends AbstractSpacePredicate<List<Sample>>
continue; // Shared samples will return a spaceId of null (or 0 in EoDSQL).
}
final Status status =
- evaluate(person, allowedRoles, authorizationDataProvider
- .getHomeDatabaseInstance(), spaceId);
+ evaluate(person, allowedRoles, spaceId);
if (Status.OK.equals(status) == false)
{
return status;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractSpacePredicate.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractSpacePredicate.java
index 947924f1cf2..ef665d7e172 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractSpacePredicate.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractSpacePredicate.java
@@ -89,18 +89,10 @@ public abstract class AbstractSpacePredicate<T> extends AbstractDatabaseInstance
}
protected Status evaluate(final PersonPE person, final List<RoleWithIdentifier> allowedRoles,
- final DatabaseInstancePE databaseInstance, final long spaceTechId)
- {
- final String databaseInstanceUUID = databaseInstance.getUuid();
- return evaluate(person, allowedRoles, databaseInstanceUUID, databaseInstance.getCode(),
- spaceTechId);
- }
-
- protected Status evaluate(final PersonPE person, final List<RoleWithIdentifier> allowedRoles,
- final String databaseInstanceUUID, final String databaseInstanceCode,
final long spaceTechId)
{
- if (tryFindSpace(databaseInstanceUUID, spaceTechId) == null)
+ final SpacePE space = tryFindSpace(spaceTechId);
+ if (space == null)
{
if (okForNonExistentSpaces)
{
@@ -111,7 +103,8 @@ public abstract class AbstractSpacePredicate<T> extends AbstractDatabaseInstance
}
}
- final boolean matching = isMatching(allowedRoles, databaseInstanceUUID, spaceTechId);
+ final boolean matching =
+ isMatching(allowedRoles, space.getDatabaseInstance().getId(), spaceTechId);
if (matching)
{
return Status.OK;
@@ -137,11 +130,11 @@ public abstract class AbstractSpacePredicate<T> extends AbstractDatabaseInstance
return null;
}
- private SpacePE tryFindSpace(final String databaseInstanceUUID, final long spaceTechId)
+ private SpacePE tryFindSpace(final long spaceTechId)
{
for (final SpacePE space : spaces)
{
- if (equalIdentifier(space, databaseInstanceUUID, spaceTechId))
+ if (equalIdentifier(space, spaceTechId))
{
return space;
}
@@ -172,18 +165,17 @@ public abstract class AbstractSpacePredicate<T> extends AbstractDatabaseInstance
}
private boolean isMatching(final List<RoleWithIdentifier> allowedRoles,
- final String databaseInstanceUUID, final long spaceTechId)
+ final long databaseTechId, final long spaceTechId)
{
for (final RoleWithIdentifier role : allowedRoles)
{
final RoleLevel roleLevel = role.getRoleLevel();
if (roleLevel.equals(RoleLevel.SPACE)
- && equalIdentifier(role.getAssignedSpace(), databaseInstanceUUID,
- spaceTechId))
+ && equalIdentifier(role.getAssignedSpace(), spaceTechId))
{
return true;
} else if (roleLevel.equals(RoleLevel.INSTANCE)
- && role.getAssignedDatabaseInstance().getUuid().equals(databaseInstanceUUID))
+ && role.getAssignedDatabaseInstance().getId() == databaseTechId)
{
// permissions on the database instance level allow to access all spaces in this
// instance
@@ -200,11 +192,9 @@ public abstract class AbstractSpacePredicate<T> extends AbstractDatabaseInstance
&& space.getDatabaseInstance().getUuid().equals(databaseInstanceUUID);
}
- private boolean equalIdentifier(final SpacePE space, final String databaseInstanceUUID,
- final long spaceTechId)
+ private boolean equalIdentifier(final SpacePE space, final long spaceTechId)
{
- return (space.getId() == spaceTechId)
- && space.getDatabaseInstance().getUuid().equals(databaseInstanceUUID);
+ return (space.getId() == spaceTechId);
}
protected Status evaluateSpace(final PersonPE person,
diff --git a/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/internal/authorization/ScreeningPlateListReadOnlyPredicate.java b/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/internal/authorization/ScreeningPlateListReadOnlyPredicate.java
index 263a3421cf5..e72ee957c54 100644
--- a/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/internal/authorization/ScreeningPlateListReadOnlyPredicate.java
+++ b/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/internal/authorization/ScreeningPlateListReadOnlyPredicate.java
@@ -69,7 +69,7 @@ public class ScreeningPlateListReadOnlyPredicate extends
permIds.add(plate.getPermId());
hasPermId = true;
}
-
+
final String spaceCodeOrNull =
SpaceCodeHelper.tryGetSpaceCode(person, plate.tryGetSpaceCode());
if (spaceCodeOrNull == null && hasPermId == false)
@@ -96,8 +96,7 @@ public class ScreeningPlateListReadOnlyPredicate extends
continue; // Shared samples will return a spaceId of null (or 0 in EoDSQL).
}
final Status status =
- evaluate(person, allowedRoles, authorizationDataProvider
- .getHomeDatabaseInstance(), spaceId);
+ evaluate(person, allowedRoles, spaceId);
if (Status.OK.equals(status) == false)
{
return status;
--
GitLab