You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2018/06/05 15:42:15 UTC
[airavata] 02/03: AIRAVATA-2781 Adding userCanAccess to API to test
Admins write access
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 10d4d7fe66273617bc46fff9bb134447b7c7eda4
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Tue Jun 5 11:39:42 2018 -0400
AIRAVATA-2781 Adding userCanAccess to API to test Admins write access
---
.../api/server/handler/AiravataServerHandler.java | 28 ++++++++++++++++++++++
.../airavata-apis/airavata_api.thrift | 6 +++++
2 files changed, 34 insertions(+)
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
index 16f6c23..49c32a6 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
@@ -5115,6 +5115,34 @@ public class AiravataServerHandler implements Airavata.Iface {
@Override
@SecurityCheck
+ public boolean userHasAccess(AuthzToken authzToken, String resourceId, ResourcePermissionType permissionType) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException {
+ final String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+ final String userId = authzToken.getClaimsMap().get(Constants.USER_NAME) + "@" + domainId;
+ SharingRegistryService.Client sharingClient = sharingClientPool.getResource();
+ try {
+ final boolean hasOwnerAccess = sharingClient.userHasAccess(domainId, userId, resourceId, domainId + ":" + ResourcePermissionType.OWNER);
+ boolean hasAccess = false;
+ if (permissionType.equals(ResourcePermissionType.WRITE)) {
+ hasAccess = hasOwnerAccess || sharingClient.userHasAccess(domainId, userId, resourceId, domainId + ":" + ResourcePermissionType.WRITE);
+ } else if (permissionType.equals(ResourcePermissionType.READ)) {
+ hasAccess = hasOwnerAccess || sharingClient.userHasAccess(domainId, userId, resourceId, domainId + ":" + ResourcePermissionType.READ);
+ } else if (permissionType.equals(ResourcePermissionType.OWNER)) {
+ hasAccess = hasOwnerAccess;
+ }
+ sharingClientPool.returnResource(sharingClient);
+ return hasAccess;
+ } catch (Exception e) {
+ String msg = "Error in if user can access resource. User ID : " + userId + ", Resource ID : " + resourceId + ", Resource Permission Type : " + permissionType.toString();
+ logger.error(msg, e);
+ AiravataSystemException exception = new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR);
+ exception.setMessage(msg + " More info : " + e.getMessage());
+ sharingClientPool.returnBrokenResource(sharingClient);
+ throw exception;
+ }
+ }
+
+ @Override
+ @SecurityCheck
public String createGroupResourceProfile(AuthzToken authzToken, GroupResourceProfile groupResourceProfile) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException {
// TODO: verify that gatewayId in groupResourceProfile matches authzToken gatewayId
RegistryService.Client regClient = registryClientPool.getResource();
diff --git a/thrift-interface-descriptions/airavata-apis/airavata_api.thrift b/thrift-interface-descriptions/airavata-apis/airavata_api.thrift
index 8cba91e..0a43ecb 100644
--- a/thrift-interface-descriptions/airavata-apis/airavata_api.thrift
+++ b/thrift-interface-descriptions/airavata-apis/airavata_api.thrift
@@ -3520,6 +3520,12 @@ service Airavata {
3: airavata_errors.AiravataSystemException ase,
4: airavata_errors.AuthorizationException ae)
+ bool userHasAccess(1: required security_model.AuthzToken authzToken, 2: required string resourceId, 3: required group_manager_model.ResourcePermissionType permissionType)
+ throws (1: airavata_errors.InvalidRequestException ire,
+ 2: airavata_errors.AiravataClientException ace,
+ 3: airavata_errors.AiravataSystemException ase,
+ 4: airavata_errors.AuthorizationException ae)
+
string createGroupResourceProfile(1: required security_model.AuthzToken authzToken, 2: required group_resource_profile_model.GroupResourceProfile groupResourceProfile)
throws (1: airavata_errors.InvalidRequestException ire,
--
To stop receiving notification emails like this one, please contact
machristie@apache.org.