You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/01/09 14:52:34 UTC
airavata-php-gateway git commit: AIRAVATA-2263 Check for unauthorized
experiment access
Repository: airavata-php-gateway
Updated Branches:
refs/heads/develop 84c359279 -> 6d2386250
AIRAVATA-2263 Check for unauthorized experiment access
This handles the case where an experiment is shared with a user, the
user opens the experiment summary page, the experiment is unshared, and
then the user refreshes the experiment summary page.
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/6d238625
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/6d238625
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/6d238625
Branch: refs/heads/develop
Commit: 6d2386250e10c5b8dee9ce92c6e5b46ace0e6f59
Parents: 84c3592
Author: Marcus Christie <ma...@apache.org>
Authored: Mon Jan 9 09:51:32 2017 -0500
Committer: Marcus Christie <ma...@apache.org>
Committed: Mon Jan 9 09:51:32 2017 -0500
----------------------------------------------------------------------
app/controllers/ExperimentController.php | 18 ++++++++++++++----
app/libraries/ExperimentUtilities.php | 3 +++
2 files changed, 17 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/6d238625/app/controllers/ExperimentController.php
----------------------------------------------------------------------
diff --git a/app/controllers/ExperimentController.php b/app/controllers/ExperimentController.php
index 08a267e..5f1533f 100755
--- a/app/controllers/ExperimentController.php
+++ b/app/controllers/ExperimentController.php
@@ -1,5 +1,6 @@
<?php
+use Airavata\API\Error\AuthorizationException;
use Airavata\API\Error\ExperimentNotFoundException;
use Airavata\Model\Status\JobState;
use Airavata\Model\Group\ResourceType;
@@ -121,10 +122,11 @@ class ExperimentController extends BaseController
} catch (ExperimentNotFoundException $enf) {
Log::error("Experiment wasn't found", array("message" => $enf->getMessage(), "username" => Session::get("username"), "gateway_id" => Session::get("gateway_id")));
- if (Input::has("dashboard"))
- return View::make("partials/experiment-info", array("invalidExperimentId" => 1));
- else
- return View::make("experiment/summary", array("invalidExperimentId" => 1));
+ return $this->makeInvalidExperimentView();
+ } catch (AuthorizationException $ae) {
+
+ Log::error("User isn't authorized to see experiment", array("message" => $ae->getMessage(), "username" => Session::get("username"), "gateway_id" => Session::get("gateway_id")));
+ return $this->makeInvalidExperimentView();
}
// Assume that experiment is not null now
@@ -228,6 +230,14 @@ class ExperimentController extends BaseController
}
}
+ private function makeInvalidExperimentView() {
+
+ if (Input::has("dashboard"))
+ return View::make("partials/experiment-info", array("invalidExperimentId" => 1));
+ else
+ return View::make("experiment/summary", array("invalidExperimentId" => 1));
+ }
+
public function expChange()
{
//var_dump( Input::all() ); exit;
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/6d238625/app/libraries/ExperimentUtilities.php
----------------------------------------------------------------------
diff --git a/app/libraries/ExperimentUtilities.php b/app/libraries/ExperimentUtilities.php
index cdbb6c8..92c54e0 100755
--- a/app/libraries/ExperimentUtilities.php
+++ b/app/libraries/ExperimentUtilities.php
@@ -2,6 +2,7 @@
use Airavata\API\Error\AiravataClientException;
use Airavata\API\Error\AiravataSystemException;
+use Airavata\API\Error\AuthorizationException;
use Airavata\API\Error\ExperimentNotFoundException;
use Airavata\API\Error\InvalidRequestException;
use Airavata\Facades\Airavata;
@@ -213,6 +214,8 @@ class ExperimentUtilities
CommonUtilities::print_error_message('<p>InvalidRequestException: ' . $ire->getMessage() . '</p>');
} catch (ExperimentNotFoundException $enf) {
throw $enf; // rethrow
+ } catch (AuthorizationException $ae) {
+ throw $ae; // rethrow
} catch (AiravataClientException $ace) {
CommonUtilities::print_error_message('AiravataClientException: ' . $ace->getMessage() . '</p>');
} catch (AiravataSystemException $ase) {