You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2018/02/22 16:56:39 UTC

[airavata] branch group-based-auth updated: Disable permission to execute application for now

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git


The following commit(s) were added to refs/heads/group-based-auth by this push:
     new 97f03cc  Disable permission to execute application for now
97f03cc is described below

commit 97f03cc04c90fb4ef7c2450260e970a22a69761a
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Thu Feb 22 11:56:08 2018 -0500

    Disable permission to execute application for now
---
 .../api/server/handler/AiravataServerHandler.java       | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
index 37cbffc..99b5fa1 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
@@ -1809,14 +1809,15 @@ public class AiravataServerHandler implements Airavata.Iface {
         SharingRegistryService.Client sharingClient = sharingClientPool.getResource();
         try {
             ExperimentModel experiment = regClient.getExperiment(airavataExperimentId);
-            String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
-            String appInterfaceId = experiment.getExecutionId();
-            ApplicationInterfaceDescription applicationInterfaceDescription = regClient.getApplicationInterface(appInterfaceId);
-            List<String> entityIds = applicationInterfaceDescription.getApplicationModules();
-            if (!sharingClient.userHasAccess(gatewayId, userId + "@" + gatewayId, entityIds.get(0),gatewayId + ":READ")) {
-                logger.error(airavataExperimentId, "User does not have access to application module {}.", entityIds.get(0));
-                throw new AuthorizationException("User does not have permission to access this resource");
-            }
+            // TODO: fix checking if the user has access to the deployment of this application, should check for entity type APPLICATION_DEPLOYMENT and permission type EXEC
+//            String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
+//            String appInterfaceId = experiment.getExecutionId();
+//            ApplicationInterfaceDescription applicationInterfaceDescription = regClient.getApplicationInterface(appInterfaceId);
+//            List<String> entityIds = applicationInterfaceDescription.getApplicationModules();
+//            if (!sharingClient.userHasAccess(gatewayId, userId + "@" + gatewayId, entityIds.get(0),gatewayId + ":READ")) {
+//                logger.error(airavataExperimentId, "User does not have access to application module {}.", entityIds.get(0));
+//                throw new AuthorizationException("User does not have permission to access this resource");
+//            }
             if (experiment == null) {
                 logger.error(airavataExperimentId, "Error while launching experiment, experiment {} doesn't exist.", airavataExperimentId);
                 throw new ExperimentNotFoundException("Requested experiment id " + airavataExperimentId + " does not exist in the system..");

-- 
To stop receiving notification emails like this one, please contact
machristie@apache.org.