You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2018/02/22 16:56:39 UTC
[airavata] branch group-based-auth updated: Disable permission to
execute application for now
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/group-based-auth by this push:
new 97f03cc Disable permission to execute application for now
97f03cc is described below
commit 97f03cc04c90fb4ef7c2450260e970a22a69761a
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Thu Feb 22 11:56:08 2018 -0500
Disable permission to execute application for now
---
.../api/server/handler/AiravataServerHandler.java | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
index 37cbffc..99b5fa1 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
@@ -1809,14 +1809,15 @@ public class AiravataServerHandler implements Airavata.Iface {
SharingRegistryService.Client sharingClient = sharingClientPool.getResource();
try {
ExperimentModel experiment = regClient.getExperiment(airavataExperimentId);
- String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
- String appInterfaceId = experiment.getExecutionId();
- ApplicationInterfaceDescription applicationInterfaceDescription = regClient.getApplicationInterface(appInterfaceId);
- List<String> entityIds = applicationInterfaceDescription.getApplicationModules();
- if (!sharingClient.userHasAccess(gatewayId, userId + "@" + gatewayId, entityIds.get(0),gatewayId + ":READ")) {
- logger.error(airavataExperimentId, "User does not have access to application module {}.", entityIds.get(0));
- throw new AuthorizationException("User does not have permission to access this resource");
- }
+ // TODO: fix checking if the user has access to the deployment of this application, should check for entity type APPLICATION_DEPLOYMENT and permission type EXEC
+// String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
+// String appInterfaceId = experiment.getExecutionId();
+// ApplicationInterfaceDescription applicationInterfaceDescription = regClient.getApplicationInterface(appInterfaceId);
+// List<String> entityIds = applicationInterfaceDescription.getApplicationModules();
+// if (!sharingClient.userHasAccess(gatewayId, userId + "@" + gatewayId, entityIds.get(0),gatewayId + ":READ")) {
+// logger.error(airavataExperimentId, "User does not have access to application module {}.", entityIds.get(0));
+// throw new AuthorizationException("User does not have permission to access this resource");
+// }
if (experiment == null) {
logger.error(airavataExperimentId, "Error while launching experiment, experiment {} doesn't exist.", airavataExperimentId);
throw new ExperimentNotFoundException("Requested experiment id " + airavataExperimentId + " does not exist in the system..");
--
To stop receiving notification emails like this one, please contact
machristie@apache.org.