You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2018/06/19 16:50:40 UTC
[airavata] 01/02: AIRAVATA-2834 Adds getAllAccessibleGroups API
method
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit d4e0007c65d4f2ede65b53ff79a1a7c276c0a67c
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Tue Jun 19 12:46:47 2018 -0400
AIRAVATA-2834 Adds getAllAccessibleGroups API method
---
.../api/server/handler/AiravataServerHandler.java | 31 ++++++++++++++++++++++
.../airavata-apis/airavata_api.thrift | 7 +++++
2 files changed, 38 insertions(+)
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
index cb26637..4117ef7 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
@@ -5190,6 +5190,37 @@ public class AiravataServerHandler implements Airavata.Iface {
@Override
@SecurityCheck
+ public List<String> getAllAccessibleGroups(AuthzToken authzToken, String resourceId, ResourceType resourceType, ResourcePermissionType permissionType) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException {
+ RegistryService.Client regClient = registryClientPool.getResource();
+ SharingRegistryService.Client sharingClient = sharingClientPool.getResource();
+ try {
+ HashSet<String> accessibleGroups = new HashSet<>();
+ final String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+ if (permissionType.equals(ResourcePermissionType.WRITE)) {
+ sharingClient.getListOfSharedGroups(domainId, resourceId, domainId + ":WRITE")
+ .stream()
+ .forEach(g -> accessibleGroups.add(g.groupId));
+ } else if (permissionType.equals(ResourcePermissionType.READ)) {
+ sharingClient.getListOfSharedGroups(domainId, resourceId, domainId + ":READ")
+ .stream()
+ .forEach(g -> accessibleGroups.add(g.groupId));
+ }
+ registryClientPool.returnResource(regClient);
+ sharingClientPool.returnResource(sharingClient);
+ return new ArrayList<>(accessibleGroups);
+ } catch (Exception e) {
+ String msg = "Error in getting all accessible groups for resource. Resource ID : " + resourceId + " Resource Type : " + resourceType.toString() ;
+ logger.error(msg, e);
+ AiravataSystemException exception = new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR);
+ exception.setMessage(msg + " More info : " + e.getMessage());
+ sharingClientPool.returnBrokenResource(sharingClient);
+ registryClientPool.returnBrokenResource(regClient);
+ throw exception;
+ }
+ }
+
+ @Override
+ @SecurityCheck
public boolean userHasAccess(AuthzToken authzToken, String resourceId, ResourcePermissionType permissionType) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException {
final String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
final String userId = authzToken.getClaimsMap().get(Constants.USER_NAME) + "@" + domainId;
diff --git a/thrift-interface-descriptions/airavata-apis/airavata_api.thrift b/thrift-interface-descriptions/airavata-apis/airavata_api.thrift
index 5568b4c..3d91145 100644
--- a/thrift-interface-descriptions/airavata-apis/airavata_api.thrift
+++ b/thrift-interface-descriptions/airavata-apis/airavata_api.thrift
@@ -3538,6 +3538,13 @@ service Airavata {
3: airavata_errors.AiravataSystemException ase,
4: airavata_errors.AuthorizationException ae)
+ list<string> getAllAccessibleGroups(1: required security_model.AuthzToken authzToken, 2: required string resourceId, 3: required group_manager_model.ResourceType resourceType,
+ 4: required group_manager_model.ResourcePermissionType permissionType)
+ throws (1: airavata_errors.InvalidRequestException ire,
+ 2: airavata_errors.AiravataClientException ace,
+ 3: airavata_errors.AiravataSystemException ase,
+ 4: airavata_errors.AuthorizationException ae)
+
bool userHasAccess(1: required security_model.AuthzToken authzToken, 2: required string resourceId, 3: required group_manager_model.ResourcePermissionType permissionType)
throws (1: airavata_errors.InvalidRequestException ire,
2: airavata_errors.AiravataClientException ace,