You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/01/09 14:52:34 UTC

airavata-php-gateway git commit: AIRAVATA-2263 Check for unauthorized experiment access

Repository: airavata-php-gateway
Updated Branches:
  refs/heads/develop 84c359279 -> 6d2386250


AIRAVATA-2263 Check for unauthorized experiment access

This handles the case where an experiment is shared with a user, the
user opens the experiment summary page, the experiment is unshared, and
then the user refreshes the experiment summary page.


Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/6d238625
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/6d238625
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/6d238625

Branch: refs/heads/develop
Commit: 6d2386250e10c5b8dee9ce92c6e5b46ace0e6f59
Parents: 84c3592
Author: Marcus Christie <ma...@apache.org>
Authored: Mon Jan 9 09:51:32 2017 -0500
Committer: Marcus Christie <ma...@apache.org>
Committed: Mon Jan 9 09:51:32 2017 -0500

----------------------------------------------------------------------
 app/controllers/ExperimentController.php | 18 ++++++++++++++----
 app/libraries/ExperimentUtilities.php    |  3 +++
 2 files changed, 17 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/6d238625/app/controllers/ExperimentController.php
----------------------------------------------------------------------
diff --git a/app/controllers/ExperimentController.php b/app/controllers/ExperimentController.php
index 08a267e..5f1533f 100755
--- a/app/controllers/ExperimentController.php
+++ b/app/controllers/ExperimentController.php
@@ -1,5 +1,6 @@
 <?php
 
+use Airavata\API\Error\AuthorizationException;
 use Airavata\API\Error\ExperimentNotFoundException;
 use Airavata\Model\Status\JobState;
 use Airavata\Model\Group\ResourceType;
@@ -121,10 +122,11 @@ class ExperimentController extends BaseController
         } catch (ExperimentNotFoundException $enf) {
 
             Log::error("Experiment wasn't found", array("message" => $enf->getMessage(), "username" => Session::get("username"), "gateway_id" => Session::get("gateway_id")));
-            if (Input::has("dashboard"))
-                return View::make("partials/experiment-info", array("invalidExperimentId" => 1));
-            else
-                return View::make("experiment/summary", array("invalidExperimentId" => 1));
+            return $this->makeInvalidExperimentView();
+        } catch (AuthorizationException $ae) {
+
+            Log::error("User isn't authorized to see experiment", array("message" => $ae->getMessage(), "username" => Session::get("username"), "gateway_id" => Session::get("gateway_id")));
+            return $this->makeInvalidExperimentView();
         }
         // Assume that experiment is not null now
 
@@ -228,6 +230,14 @@ class ExperimentController extends BaseController
         }
     }
 
+    private function makeInvalidExperimentView() {
+
+        if (Input::has("dashboard"))
+            return View::make("partials/experiment-info", array("invalidExperimentId" => 1));
+        else
+            return View::make("experiment/summary", array("invalidExperimentId" => 1));
+    }
+
     public function expChange()
     {
         //var_dump( Input::all() ); exit;

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/6d238625/app/libraries/ExperimentUtilities.php
----------------------------------------------------------------------
diff --git a/app/libraries/ExperimentUtilities.php b/app/libraries/ExperimentUtilities.php
index cdbb6c8..92c54e0 100755
--- a/app/libraries/ExperimentUtilities.php
+++ b/app/libraries/ExperimentUtilities.php
@@ -2,6 +2,7 @@
 
 use Airavata\API\Error\AiravataClientException;
 use Airavata\API\Error\AiravataSystemException;
+use Airavata\API\Error\AuthorizationException;
 use Airavata\API\Error\ExperimentNotFoundException;
 use Airavata\API\Error\InvalidRequestException;
 use Airavata\Facades\Airavata;
@@ -213,6 +214,8 @@ class ExperimentUtilities
             CommonUtilities::print_error_message('<p>InvalidRequestException: ' . $ire->getMessage() . '</p>');
         } catch (ExperimentNotFoundException $enf) {
             throw $enf; // rethrow
+        } catch (AuthorizationException $ae) {
+            throw $ae; // rethrow
         } catch (AiravataClientException $ace) {
             CommonUtilities::print_error_message('AiravataClientException: ' . $ace->getMessage() . '</p>');
         } catch (AiravataSystemException $ase) {