You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sc...@apache.org on 2016/10/16 22:26:19 UTC
[37/51] [abbrv] airavata git commit: owner permission is not
revokable or assignable
owner permission is not revokable or assignable
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/4bb7c6de
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/4bb7c6de
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/4bb7c6de
Branch: refs/heads/airavata-gov-registry
Commit: 4bb7c6deec45966f00a4e9676b10d945bcdd8075
Parents: eb62af9
Author: scnakandala <su...@gmail.com>
Authored: Fri Oct 14 11:40:52 2016 -0400
Committer: scnakandala <su...@gmail.com>
Committed: Fri Oct 14 11:40:52 2016 -0400
----------------------------------------------------------------------
.../server/handler/AiravataServerHandler.java | 10 +-
.../repositories/PermissionTypeRepository.java | 4 +-
.../server/SharingRegistryServerHandler.java | 34 +-
.../SharingRegistryServerHandlerTest.java | 4 +-
.../sharing/registry/models/Domain.java | 25 +-
.../airavata/sharing/registry/models/User.java | 26 +-
.../service/cpi/SharingRegistryService.java | 613 ++++++++++++++++---
.../thrift_models/sharing_cpi.thrift | 8 +-
8 files changed, 594 insertions(+), 130 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/4bb7c6de/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
index aba57eb..45ddc3f 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
@@ -3825,11 +3825,12 @@ public class AiravataServerHandler implements Airavata.Iface {
AiravataClientException, AiravataSystemException, AuthorizationException, TException {
try {
for(Map.Entry<String, ResourcePermissionType> userPermission : userPermissionList.entrySet()){
+ String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
if(userPermission.getValue().equals(ResourcePermissionType.WRITE))
- sharingRegistryServerHandler.shareEntityWithUsers(resourceId,
+ sharingRegistryServerHandler.shareEntityWithUsers(gatewayId, resourceId,
Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":" + "WRITE", true);
else
- sharingRegistryServerHandler.shareEntityWithUsers(resourceId,
+ sharingRegistryServerHandler.shareEntityWithUsers(gatewayId, resourceId,
Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":" + "READ", true);
}
return true;
@@ -3848,11 +3849,12 @@ public class AiravataServerHandler implements Airavata.Iface {
Map<String, ResourcePermissionType> userPermissionList) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException {
try {
for(Map.Entry<String, ResourcePermissionType> userPermission : userPermissionList.entrySet()){
+ String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
if(userPermission.getValue().equals(ResourcePermissionType.WRITE))
- sharingRegistryServerHandler.revokeEntitySharingFromUsers(resourceId,
+ sharingRegistryServerHandler.revokeEntitySharingFromUsers(gatewayId, resourceId,
Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":" + "WRITE");
else
- sharingRegistryServerHandler.revokeEntitySharingFromUsers(resourceId,
+ sharingRegistryServerHandler.revokeEntitySharingFromUsers(gatewayId, resourceId,
Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":" + "READ");
}
return true;
http://git-wip-us.apache.org/repos/asf/airavata/blob/4bb7c6de/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java
----------------------------------------------------------------------
diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java
index c5d683c..ac092f1 100644
--- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java
+++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java
@@ -41,11 +41,11 @@ public class PermissionTypeRepository extends AbstractRepository<PermissionType,
public String getGlobalPermissionTypeIdForDomain(String domainId) throws SharingRegistryException {
HashMap<String, String> filters = new HashMap<>();
filters.put(DBConstants.PermissionTypeTable.DOMAIN_ID, domainId);
- filters.put(DBConstants.PermissionTypeTable.NAME, SharingRegistryServerHandler.GLOBAL_PERMISSION_NAME);
+ filters.put(DBConstants.PermissionTypeTable.NAME, SharingRegistryServerHandler.OWNER_PERMISSION_NAME);
List<PermissionType> permissionTypeList = select(filters, 0, -1);
if(permissionTypeList.size() != 1){
throw new SharingRegistryException("GLOBAL Permission inconsistency. Found " + permissionTypeList.size()
- + " records with " + SharingRegistryServerHandler.GLOBAL_PERMISSION_NAME + " name");
+ + " records with " + SharingRegistryServerHandler.OWNER_PERMISSION_NAME + " name");
}
return permissionTypeList.get(0).getPermissionTypeId();
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/4bb7c6de/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java
----------------------------------------------------------------------
diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java
index aa41a56..a123975 100644
--- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java
+++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java
@@ -38,7 +38,7 @@ import java.util.*;
public class SharingRegistryServerHandler implements SharingRegistryService.Iface{
private final static Logger logger = LoggerFactory.getLogger(SharingRegistryServerHandler.class);
- public static String GLOBAL_PERMISSION_NAME = "OWNER";
+ public static String OWNER_PERMISSION_NAME = "OWNER";
private DomainRepository domainRepository;
private UserRepository userRepository;
@@ -77,9 +77,9 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac
//create the global permission for the domain
PermissionType permissionType = new PermissionType();
- permissionType.setPermissionTypeId(domain.domainId+":"+GLOBAL_PERMISSION_NAME);
+ permissionType.setPermissionTypeId(domain.domainId+":"+ OWNER_PERMISSION_NAME);
permissionType.setDomainId(domain.domainId);
- permissionType.setName(GLOBAL_PERMISSION_NAME);
+ permissionType.setName(OWNER_PERMISSION_NAME);
permissionType.setDescription("GLOBAL permission to " + domain.domainId);
permissionType.setCreatedTime(System.currentTimeMillis());
permissionType.setUpdatedTime(System.currentTimeMillis());
@@ -462,16 +462,20 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac
* @param permissionType
*/
@Override
- public boolean shareEntityWithUsers(String entityId, List<String> userList, String permissionTypeId, boolean cascadePermission) throws SharingRegistryException, TException {
- return shareEntity(entityId, userList, permissionTypeId, GroupType.SINGLE_USER, cascadePermission);
+ public boolean shareEntityWithUsers(String domainId, String entityId, List<String> userList, String permissionTypeId, boolean cascadePermission) throws SharingRegistryException, TException {
+ return shareEntity(domainId, entityId, userList, permissionTypeId, GroupType.SINGLE_USER, cascadePermission);
}
@Override
- public boolean shareEntityWithGroups(String entityId, List<String> groupList, String permissionTypeId, boolean cascadePermission) throws SharingRegistryException, TException {
- return shareEntity(entityId, groupList, permissionTypeId, GroupType.MULTI_USER, cascadePermission);
+ public boolean shareEntityWithGroups(String domainId, String entityId, List<String> groupList, String permissionTypeId, boolean cascadePermission) throws SharingRegistryException, TException {
+ return shareEntity(domainId, entityId, groupList, permissionTypeId, GroupType.MULTI_USER, cascadePermission);
}
- private boolean shareEntity(String entityId, List<String> groupOrUserList, String permissionTypeId, GroupType groupType, boolean cascadePermission) throws SharingRegistryException, TException {
+ private boolean shareEntity(String domainId, String entityId, List<String> groupOrUserList, String permissionTypeId, GroupType groupType, boolean cascadePermission) throws SharingRegistryException, TException {
+ if(permissionTypeId.equals(permissionTypeRepository.getGlobalPermissionTypeIdForDomain(domainId))){
+ throw new SharingRegistryException(OWNER_PERMISSION_NAME + " permission cannot be assigned");
+ }
+
//Adding permission for the specified users/groups for the specified entity
LinkedList<Entity> temp = new LinkedList<>();
for(String userId : groupOrUserList){
@@ -516,14 +520,14 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac
}
@Override
- public boolean revokeEntitySharingFromUsers(String entityId, List<String> userList, String permissionTypeId) throws SharingRegistryException, TException {
- return revokeEntitySharing(entityId, userList, permissionTypeId);
+ public boolean revokeEntitySharingFromUsers(String domainId, String entityId, List<String> userList, String permissionTypeId) throws SharingRegistryException, TException {
+ return revokeEntitySharing(domainId, entityId, userList, permissionTypeId);
}
@Override
- public boolean revokeEntitySharingFromGroups(String entityId, List<String> groupList, String permissionTypeId) throws SharingRegistryException, TException {
- return revokeEntitySharing(entityId, groupList, permissionTypeId);
+ public boolean revokeEntitySharingFromGroups(String domainId, String entityId, List<String> groupList, String permissionTypeId) throws SharingRegistryException, TException {
+ return revokeEntitySharing(domainId, entityId, groupList, permissionTypeId);
}
@Override
@@ -537,7 +541,11 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac
permissionTypeRepository.getGlobalPermissionTypeIdForDomain(domainId)));
}
- public boolean revokeEntitySharing(String entityId, List<String> groupOrUserList, String permissionTypeId) throws SharingRegistryException {
+ public boolean revokeEntitySharing(String domainId, String entityId, List<String> groupOrUserList, String permissionTypeId) throws SharingRegistryException {
+ if(permissionTypeId.equals(permissionTypeRepository.getGlobalPermissionTypeIdForDomain(domainId))){
+ throw new SharingRegistryException(OWNER_PERMISSION_NAME + " permission cannot be removed");
+ }
+
//revoking permission for the entity
for(String groupId : groupOrUserList){
SharingEntityPK sharingEntityPK = new SharingEntityPK();
http://git-wip-us.apache.org/repos/asf/airavata/blob/4bb7c6de/modules/sharing-registry/sharing-registry-server/src/test/java/org/apache/airavata/sharing/registry/SharingRegistryServerHandlerTest.java
----------------------------------------------------------------------
diff --git a/modules/sharing-registry/sharing-registry-server/src/test/java/org/apache/airavata/sharing/registry/SharingRegistryServerHandlerTest.java b/modules/sharing-registry/sharing-registry-server/src/test/java/org/apache/airavata/sharing/registry/SharingRegistryServerHandlerTest.java
index cf92856..8a9bcb2 100644
--- a/modules/sharing-registry/sharing-registry-server/src/test/java/org/apache/airavata/sharing/registry/SharingRegistryServerHandlerTest.java
+++ b/modules/sharing-registry/sharing-registry-server/src/test/java/org/apache/airavata/sharing/registry/SharingRegistryServerHandlerTest.java
@@ -247,8 +247,8 @@ public class SharingRegistryServerHandlerTest {
String entityId3 = sharingRegistryServerHandler.createEntity(entity3);
Assert.assertNotNull(entityId3);
- sharingRegistryServerHandler.shareEntityWithUsers(entityId1, Arrays.asList(userId2), permissionTypeId1, true);
- sharingRegistryServerHandler.shareEntityWithGroups(entityId3, Arrays.asList(groupId2), permissionTypeId1, true);
+ sharingRegistryServerHandler.shareEntityWithUsers(domainId, entityId1, Arrays.asList(userId2), permissionTypeId1, true);
+ sharingRegistryServerHandler.shareEntityWithGroups(domainId, entityId3, Arrays.asList(groupId2), permissionTypeId1, true);
Entity entity4 = new Entity();
entity4.setEntityId(domainId+":Entity4");
http://git-wip-us.apache.org/repos/asf/airavata/blob/4bb7c6de/modules/sharing-registry/sharing-registry-stubs/src/main/java/org/apache/airavata/sharing/registry/models/Domain.java
----------------------------------------------------------------------
diff --git a/modules/sharing-registry/sharing-registry-stubs/src/main/java/org/apache/airavata/sharing/registry/models/Domain.java b/modules/sharing-registry/sharing-registry-stubs/src/main/java/org/apache/airavata/sharing/registry/models/Domain.java
index 4604f02..f5d7135 100644
--- a/modules/sharing-registry/sharing-registry-stubs/src/main/java/org/apache/airavata/sharing/registry/models/Domain.java
+++ b/modules/sharing-registry/sharing-registry-stubs/src/main/java/org/apache/airavata/sharing/registry/models/Domain.java
@@ -6,15 +6,32 @@
*/
package org.apache.airavata.sharing.registry.models;
-import org.apache.thrift.EncodingUtils;
-import org.apache.thrift.protocol.TTupleProtocol;
import org.apache.thrift.scheme.IScheme;
import org.apache.thrift.scheme.SchemeFactory;
import org.apache.thrift.scheme.StandardScheme;
-import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import org.apache.thrift.async.AsyncMethodCallback;
+import org.apache.thrift.server.AbstractNonblockingServer.*;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
import javax.annotation.Generated;
-import java.util.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
@SuppressWarnings({"cast", "rawtypes", "serial", "unchecked"})
@Generated(value = "Autogenerated by Thrift Compiler (0.9.3)")
http://git-wip-us.apache.org/repos/asf/airavata/blob/4bb7c6de/modules/sharing-registry/sharing-registry-stubs/src/main/java/org/apache/airavata/sharing/registry/models/User.java
----------------------------------------------------------------------
diff --git a/modules/sharing-registry/sharing-registry-stubs/src/main/java/org/apache/airavata/sharing/registry/models/User.java b/modules/sharing-registry/sharing-registry-stubs/src/main/java/org/apache/airavata/sharing/registry/models/User.java
index 5ae3e73..1ac659a 100644
--- a/modules/sharing-registry/sharing-registry-stubs/src/main/java/org/apache/airavata/sharing/registry/models/User.java
+++ b/modules/sharing-registry/sharing-registry-stubs/src/main/java/org/apache/airavata/sharing/registry/models/User.java
@@ -6,16 +6,32 @@
*/
package org.apache.airavata.sharing.registry.models;
-import org.apache.thrift.EncodingUtils;
-import org.apache.thrift.protocol.TTupleProtocol;
import org.apache.thrift.scheme.IScheme;
import org.apache.thrift.scheme.SchemeFactory;
import org.apache.thrift.scheme.StandardScheme;
-import org.apache.thrift.scheme.TupleScheme;
-import javax.annotation.Generated;
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import org.apache.thrift.async.AsyncMethodCallback;
+import org.apache.thrift.server.AbstractNonblockingServer.*;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
import java.nio.ByteBuffer;
-import java.util.*;
+import java.util.Arrays;
+import javax.annotation.Generated;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
@SuppressWarnings({"cast", "rawtypes", "serial", "unchecked"})
@Generated(value = "Autogenerated by Thrift Compiler (0.9.3)")