You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sa...@apache.org on 2018/03/11 08:49:11 UTC

[airavata] branch group-based-auth updated: User must be an owner/admin to modify group

This is an automated email from the ASF dual-hosted git repository.

sachinkariyattin pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git


The following commit(s) were added to refs/heads/group-based-auth by this push:
     new 97c6d5c  User must be an owner/admin to modify group
97c6d5c is described below

commit 97c6d5cc818442ad95ddd728899bc2e20f90f9a0
Author: Sachin Kariyattin <sa...@gmail.com>
AuthorDate: Sun Mar 11 14:18:54 2018 +0530

    User must be an owner/admin to modify group
---
 .../profile/handlers/GroupManagerServiceHandler.java        | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/GroupManagerServiceHandler.java b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/GroupManagerServiceHandler.java
index 101c3df..2f73f1a 100644
--- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/GroupManagerServiceHandler.java
+++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/GroupManagerServiceHandler.java
@@ -65,8 +65,13 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
     @SecurityCheck
     public boolean updateGroup(AuthzToken authzToken, GroupModel groupModel) throws GroupManagerServiceException, AuthorizationException, TException {
         try {
-            //TODO Validations for authorization (user must be owner or admin)
             SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient();
+            String userId = getUserId(authzToken);
+            String domainId = getDomainId(authzToken);
+            if (!(sharingClient.hasOwnerAccess(domainId, groupModel.getId(), userId)
+                    || sharingClient.hasAdminAccess(domainId, groupModel.getId(), userId))) {
+                throw new GroupManagerServiceException("User does not have permission to update group");
+            }
 
             UserGroup sharingUserGroup = new UserGroup();
             sharingUserGroup.setGroupId(groupModel.getId());
@@ -92,8 +97,12 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
     @SecurityCheck
     public boolean deleteGroup(AuthzToken authzToken, String groupId, String ownerId) throws GroupManagerServiceException, AuthorizationException, TException {
         try {
-            //TODO Validations for authorization (user must be owner or admin)
             SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient();
+            String userId = getUserId(authzToken);
+            String domainId = getDomainId(authzToken);
+            if (!(sharingClient.hasOwnerAccess(domainId, groupId, userId))) {
+                throw new GroupManagerServiceException("User does not have permission to delete group");
+            }
 
             sharingClient.deleteGroup(getDomainId(authzToken), groupId);
             return true;

-- 
To stop receiving notification emails like this one, please contact
sachinkariyattin@apache.org.