You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2018/02/23 06:23:01 UTC
[airavata] 01/02: Fix construction of userId from AuthzToken
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit b99f51636f691c0016aad3198d007395c0fe3016
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Feb 23 01:19:54 2018 -0500
Fix construction of userId from AuthzToken
---
.../handlers/GroupManagerServiceHandler.java | 67 ++++++++++++----------
1 file changed, 37 insertions(+), 30 deletions(-)
diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/GroupManagerServiceHandler.java b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/GroupManagerServiceHandler.java
index aeca014..101c3df 100644
--- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/GroupManagerServiceHandler.java
+++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/GroupManagerServiceHandler.java
@@ -44,10 +44,9 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
sharingUserGroup.setDescription(groupModel.getDescription());
sharingUserGroup.setGroupType(GroupType.USER_LEVEL_GROUP);
sharingUserGroup.setGroupCardinality(GroupCardinality.MULTI_USER);
- String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+ String gatewayId = getDomainId(authzToken);
sharingUserGroup.setDomainId(gatewayId);
- String username = authzToken.getClaimsMap().get(Constants.USER_NAME);
- sharingUserGroup.setOwnerId(username + "@" + gatewayId);
+ sharingUserGroup.setOwnerId(getUserId(authzToken));
String groupId = sharingClient.createGroup(sharingUserGroup);
sharingClient.addUsersToGroup(gatewayId, groupModel.getMembers(), groupId);
@@ -74,7 +73,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
sharingUserGroup.setName(groupModel.getName());
sharingUserGroup.setDescription(groupModel.getDescription());
sharingUserGroup.setGroupType(GroupType.USER_LEVEL_GROUP);
- sharingUserGroup.setDomainId(authzToken.getClaimsMap().get(Constants.GATEWAY_ID));
+ sharingUserGroup.setDomainId(getDomainId(authzToken));
//adding and removal of users should be handle separately
sharingClient.updateGroup(sharingUserGroup);
@@ -96,7 +95,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
//TODO Validations for authorization (user must be owner or admin)
SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient();
- sharingClient.deleteGroup(authzToken.getClaimsMap().get(Constants.GATEWAY_ID), groupId);
+ sharingClient.deleteGroup(getDomainId(authzToken), groupId);
return true;
}
catch (Exception e) {
@@ -113,7 +112,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
public GroupModel getGroup(AuthzToken authzToken, String groupId) throws GroupManagerServiceException, AuthorizationException, TException {
try {
SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient();
- final String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+ final String domainId = getDomainId(authzToken);
UserGroup userGroup = sharingClient.getGroup(domainId, groupId);
GroupModel groupModel = convertToGroupModel(userGroup, sharingClient);
@@ -132,7 +131,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
@Override
@SecurityCheck
public List<GroupModel> getGroups(AuthzToken authzToken) throws GroupManagerServiceException, AuthorizationException, TException {
- final String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+ final String domainId = getDomainId(authzToken);
SharingRegistryService.Client sharingClient = null;
try {
sharingClient = getSharingRegistryServiceClient();
@@ -157,7 +156,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
try {
SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient();
List<GroupModel> groupModels = new ArrayList<GroupModel>();
- final String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+ final String domainId = getDomainId(authzToken);
List<UserGroup> userGroups = sharingClient.getAllMemberGroupsForUser(domainId, userName);
return convertToGroupModels(userGroups, sharingClient);
@@ -175,10 +174,10 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
public boolean addUsersToGroup(AuthzToken authzToken, List<String> userIds, String groupId) throws GroupManagerServiceException, AuthorizationException, TException {
try {
SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient();
- String username = authzToken.getClaimsMap().get(Constants.USER_NAME);
- String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
- if (!(sharingClient.hasOwnerAccess(domainId, groupId, username)
- || sharingClient.hasAdminAccess(domainId, groupId, username))) {
+ String userId = getUserId(authzToken);
+ String domainId = getDomainId(authzToken);
+ if (!(sharingClient.hasOwnerAccess(domainId, groupId, userId)
+ || sharingClient.hasAdminAccess(domainId, groupId, userId))) {
throw new GroupManagerServiceException("User does not have access to add users to the group");
}
return sharingClient.addUsersToGroup(domainId, userIds, groupId);
@@ -196,10 +195,10 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
public boolean removeUsersFromGroup(AuthzToken authzToken, List<String> userIds, String groupId) throws GroupManagerServiceException, AuthorizationException, TException {
try {
SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient();
- String username = authzToken.getClaimsMap().get(Constants.USER_NAME);
- String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
- if (!(sharingClient.hasOwnerAccess(domainId, groupId, username)
- || sharingClient.hasAdminAccess(domainId, groupId, username))) {
+ String userId = getUserId(authzToken);
+ String domainId = getDomainId(authzToken);
+ if (!(sharingClient.hasOwnerAccess(domainId, groupId, userId)
+ || sharingClient.hasAdminAccess(domainId, groupId, userId))) {
throw new GroupManagerServiceException("User does not have access to remove users to the group");
}
return sharingClient.removeUsersFromGroup(domainId, userIds, groupId);
@@ -217,12 +216,12 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
public boolean transferGroupOwnership(AuthzToken authzToken, String groupId, String newOwnerId) throws GroupManagerServiceException, AuthorizationException, TException {
try{
SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient();
- String username = authzToken.getClaimsMap().get(Constants.USER_NAME);
- String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
- if (!(sharingClient.hasOwnerAccess(domainId, groupId, username))) {
+ String userId = getUserId(authzToken);
+ String domainId = getDomainId(authzToken);
+ if (!(sharingClient.hasOwnerAccess(domainId, groupId, userId))) {
throw new GroupManagerServiceException("User does not have Owner permission to transfer group ownership");
}
- return sharingClient.transferGroupOwnership(authzToken.getClaimsMap().get(Constants.GATEWAY_ID), groupId, newOwnerId);
+ return sharingClient.transferGroupOwnership(getDomainId(authzToken), groupId, newOwnerId);
}
catch (Exception e) {
String msg = "Error Transferring Group Ownership";
@@ -239,12 +238,12 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
public boolean addGroupAdmins(AuthzToken authzToken, String groupId, List<String> adminIds) throws GroupManagerServiceException, AuthorizationException, TException {
try {
SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient();
- String username = authzToken.getClaimsMap().get(Constants.USER_NAME);
- String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
- if (!(sharingClient.hasOwnerAccess(domainId, groupId, username))) {
+ String userId = getUserId(authzToken);
+ String domainId = getDomainId(authzToken);
+ if (!(sharingClient.hasOwnerAccess(domainId, groupId, userId))) {
throw new GroupManagerServiceException("User does not have Owner permission to add group admins");
}
- return sharingClient.addGroupAdmins(authzToken.getClaimsMap().get(Constants.GATEWAY_ID), groupId, adminIds);
+ return sharingClient.addGroupAdmins(getDomainId(authzToken), groupId, adminIds);
}
catch (Exception e) {
String msg = "Error Adding Admins to Group. Group ID: " + groupId;
@@ -260,12 +259,12 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
public boolean removeGroupAdmins(AuthzToken authzToken, String groupId, List<String> adminIds) throws GroupManagerServiceException, AuthorizationException, TException {
try {
SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient();
- String username = authzToken.getClaimsMap().get(Constants.USER_NAME);
- String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
- if (!(sharingClient.hasOwnerAccess(domainId, groupId, username))) {
+ String userId = getUserId(authzToken);
+ String domainId = getDomainId(authzToken);
+ if (!(sharingClient.hasOwnerAccess(domainId, groupId, userId))) {
throw new GroupManagerServiceException("User does not have Owner permission to remove group admins");
}
- return sharingClient.removeGroupAdmins(authzToken.getClaimsMap().get(Constants.GATEWAY_ID), groupId, adminIds);
+ return sharingClient.removeGroupAdmins(getDomainId(authzToken), groupId, adminIds);
}
catch (Exception e) {
String msg = "Error Removing Admins from the Group. Group ID: " + groupId;
@@ -281,7 +280,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
public boolean hasAdminAccess(AuthzToken authzToken, String groupId, String adminId) throws GroupManagerServiceException, AuthorizationException, TException {
try {
SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient();
- return sharingClient.hasAdminAccess(authzToken.getClaimsMap().get(Constants.GATEWAY_ID), groupId, adminId);
+ return sharingClient.hasAdminAccess(getDomainId(authzToken), groupId, adminId);
}
catch (Exception e) {
String msg = "Error Checking Admin Access for the Group. Group ID: " + groupId + " Admin ID: " + adminId;
@@ -297,7 +296,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
public boolean hasOwnerAccess(AuthzToken authzToken, String groupId, String ownerId) throws GroupManagerServiceException, AuthorizationException, TException {
try {
SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient();
- return sharingClient.hasOwnerAccess(authzToken.getClaimsMap().get(Constants.GATEWAY_ID), groupId, ownerId);
+ return sharingClient.hasOwnerAccess(getDomainId(authzToken), groupId, ownerId);
}
catch (Exception e) {
String msg = "Error Checking Owner Access for the Group. Group ID: " + groupId + " Owner ID: " + ownerId;
@@ -319,6 +318,14 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface {
}
}
+ private String getDomainId(AuthzToken authzToken) {
+ return authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+ }
+
+ private String getUserId(AuthzToken authzToken) {
+ return authzToken.getClaimsMap().get(Constants.USER_NAME) + "@" + getDomainId(authzToken);
+ }
+
private List<GroupModel> convertToGroupModels(List<UserGroup> userGroups, SharingRegistryService.Client sharingClient) throws TException {
List<GroupModel> groupModels = new ArrayList<>();
--
To stop receiving notification emails like this one, please contact
machristie@apache.org.