You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2019/05/06 20:54:04 UTC
[airavata] branch develop updated: AIRAVATA-3030 Reapply inherited
permissions when parent changes
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/develop by this push:
new 08b4586 AIRAVATA-3030 Reapply inherited permissions when parent changes
08b4586 is described below
commit 08b45863393d1184935d18a83a8596af5d5c3b05
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Mon May 6 16:53:02 2019 -0400
AIRAVATA-3030 Reapply inherited permissions when parent changes
---
.../db/repositories/SharingRepository.java | 20 ++++++++++-
.../server/SharingRegistryServerHandler.java | 41 ++++++++++++++++------
.../registry/SharingRegistryServerHandlerTest.java | 35 ++++++++++++++++++
.../src/test/resources/logback.xml | 31 ++++++++++++++++
4 files changed, 115 insertions(+), 12 deletions(-)
diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java
index cfe0bf0..63340af 100644
--- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java
+++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java
@@ -32,6 +32,8 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import javax.persistence.Query;
+
public class SharingRepository extends AbstractRepository<Sharing, SharingEntity, SharingPK> {
private final static Logger logger = LoggerFactory.getLogger(SharingRepository.class);
@@ -94,4 +96,20 @@ public class SharingRepository extends AbstractRepository<Sharing, SharingEntity
queryParameters.put(DBConstants.SharingTable.SHARING_TYPE, SharingType.INDIRECT_CASCADING.toString());
return select(query, queryParameters, 0, -1).size();
}
-}
\ No newline at end of file
+
+ public void removeAllIndirectCascadingPermissionsForEntity(String domainId, String entityId) throws SharingRegistryException {
+ String query = "DELETE from " + SharingEntity.class.getSimpleName() + " as p";
+ query += " WHERE ";
+ query += "p." + DBConstants.SharingTable.DOMAIN_ID + " = :" + DBConstants.SharingTable.DOMAIN_ID + " AND ";
+ query += "p." + DBConstants.SharingTable.ENTITY_ID + " = :" + DBConstants.SharingTable.ENTITY_ID + " AND ";
+ query += "p." + DBConstants.SharingTable.SHARING_TYPE + " = '" + SharingType.INDIRECT_CASCADING.toString() + "' ";
+ final String finalQuery = query;
+ execute(em -> {
+ Query q = em.createQuery(finalQuery);
+ q.setParameter(DBConstants.SharingTable.DOMAIN_ID, domainId);
+ q.setParameter(DBConstants.SharingTable.ENTITY_ID, entityId);
+ q.executeUpdate();
+ return true;
+ });
+ }
+}
diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java
index 20ba2de..8479b35 100644
--- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java
+++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java
@@ -863,10 +863,23 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac
(new SharingRepository()).create(newSharing);
- //creating records for inherited permissions
- if(entity.getParentEntityId() != null && entity.getParentEntityId() != ""){
- List<Sharing> sharings = (new SharingRepository()).getCascadingPermissionsForEntity(entity.domainId, entity.parentEntityId);
- for(Sharing sharing : sharings){
+ // creating records for inherited permissions
+ if (entity.getParentEntityId() != null && entity.getParentEntityId() != "") {
+ addCascadingPermissionsForEntity(entity);
+ }
+
+ return entity.entityId;
+ }catch (Throwable ex) {
+ logger.error(ex.getMessage(), ex);
+ throw new SharingRegistryException().setMessage(ex.getMessage() + " Stack trace:" + ExceptionUtils.getStackTrace(ex));
+ }
+ }
+
+ private void addCascadingPermissionsForEntity(Entity entity) throws SharingRegistryException {
+ Sharing newSharing;
+ List<Sharing> sharings = (new SharingRepository()).getCascadingPermissionsForEntity(entity.domainId,
+ entity.parentEntityId);
+ for (Sharing sharing : sharings) {
newSharing = new Sharing();
newSharing.setPermissionTypeId(sharing.permissionTypeId);
newSharing.setEntityId(entity.entityId);
@@ -881,13 +894,6 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac
}
}
- return entity.entityId;
- }catch (Throwable ex) {
- logger.error(ex.getMessage(), ex);
- throw new SharingRegistryException().setMessage(ex.getMessage() + " Stack trace:" + ExceptionUtils.getStackTrace(ex));
- }
- }
-
@Override
public boolean updateEntity(Entity entity) throws SharingRegistryException, TException {
try{
@@ -898,6 +904,19 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac
entityPK.setEntityId(entity.entityId);
Entity oldEntity = (new EntityRepository()).get(entityPK);
entity.setCreatedTime(oldEntity.createdTime);
+ // check if parent entity changed and re-add inherited permissions
+ if (!Objects.equals(oldEntity.getParentEntityId(), entity.getParentEntityId())) {
+ logger.debug("Parent entity changed for {}, updating inherited permissions", entity.entityId);
+ if (oldEntity.getParentEntityId() != null && oldEntity.getParentEntityId() != "") {
+ logger.debug("Removing inherited permissions from {} that were inherited from parent {}", entity.entityId, oldEntity.getParentEntityId());
+ (new SharingRepository()).removeAllIndirectCascadingPermissionsForEntity(entity.domainId, entity.entityId);
+ }
+ if (entity.getParentEntityId() != null && entity.getParentEntityId() != "") {
+ // re-add INDIRECT_CASCADING permissions
+ logger.debug("Adding inherited permissions to {} that are inherited from parent {}", entity.entityId, entity.getParentEntityId());
+ addCascadingPermissionsForEntity(entity);
+ }
+ }
entity = getUpdatedObject(oldEntity, entity);
entity.setSharedCount((new SharingRepository()).getSharedCount(entity.domainId, entity.entityId));
(new EntityRepository()).update(entity);
diff --git a/modules/sharing-registry/sharing-registry-server/src/test/java/org/apache/airavata/sharing/registry/SharingRegistryServerHandlerTest.java b/modules/sharing-registry/sharing-registry-server/src/test/java/org/apache/airavata/sharing/registry/SharingRegistryServerHandlerTest.java
index 4804a39..56da678 100644
--- a/modules/sharing-registry/sharing-registry-server/src/test/java/org/apache/airavata/sharing/registry/SharingRegistryServerHandlerTest.java
+++ b/modules/sharing-registry/sharing-registry-server/src/test/java/org/apache/airavata/sharing/registry/SharingRegistryServerHandlerTest.java
@@ -338,5 +338,40 @@ public class SharingRegistryServerHandlerTest {
Assert.assertTrue(sharingRegistryServerHandler.getListOfSharedUsers(domainId, entityId1, domainId + ":OWNER").size()==1);
+ // test changing parent - old INDIRECT_CASCADING permissions removed, new is added
+ // entityId2's parent is entityId1. entityId1 is shared with userId2
+ Assert.assertTrue(sharingRegistryServerHandler.userHasAccess(domainId, userId2, entityId1, permissionTypeId1));
+ Assert.assertTrue(sharingRegistryServerHandler.userHasAccess(domainId, userId2, entityId2, permissionTypeId1));
+ Assert.assertFalse(sharingRegistryServerHandler.userHasAccess(domainId, userId3, entityId2, permissionTypeId1));
+ // create a different parent entity
+ Entity entity6 = new Entity();
+ entity6.setEntityId(domainId+":Entity6");
+ entity6.setDomainId(domainId);
+ entity6.setEntityTypeId(entityTypeId1);
+ entity6.setOwnerId(userId1);
+ entity6.setName("Project name 2");
+ entity6.setDescription("Project description");
+ entity6.setFullText("Project name project description");
+ entity6.setCreatedTime(System.currentTimeMillis());
+ entity6.setUpdatedTime(System.currentTimeMillis());
+ String entityId6 = sharingRegistryServerHandler.createEntity(entity6);
+ Assert.assertNotNull(entityId6);
+
+ sharingRegistryServerHandler.shareEntityWithUsers(domainId, entityId6, Arrays.asList(userId3), permissionTypeId1, true);
+ Assert.assertTrue(sharingRegistryServerHandler.userHasAccess(domainId, userId3, entityId6, permissionTypeId1));
+ // Make sure entityId2 isn't shared with userId7 and then share it directly
+ Assert.assertFalse(sharingRegistryServerHandler.userHasAccess(domainId, userId7, entityId2, permissionTypeId1));
+ sharingRegistryServerHandler.shareEntityWithUsers(domainId, entityId2, Arrays.asList(userId7), permissionTypeId1, true);
+ Assert.assertTrue(sharingRegistryServerHandler.userHasAccess(domainId, userId7, entityId2, permissionTypeId1));
+ entity2.setParentEntityId(entityId6);
+ logger.debug("Updating entity2");
+ Assert.assertTrue(sharingRegistryServerHandler.updateEntity(entity2));
+ Entity entity2Updated = sharingRegistryServerHandler.getEntity(domainId, entityId2);
+ Assert.assertEquals(entityId6, entity2Updated.getParentEntityId());
+ // parent changed so entityId2 should now be shared with entityId6's shared users (userId3)
+ Assert.assertFalse(sharingRegistryServerHandler.userHasAccess(domainId, userId2, entityId2, permissionTypeId1));
+ Assert.assertTrue(sharingRegistryServerHandler.userHasAccess(domainId, userId3, entityId2, permissionTypeId1));
+ // entityId2 should still be shared with userId7 since that was directly shared
+ Assert.assertTrue(sharingRegistryServerHandler.userHasAccess(domainId, userId7, entityId2, permissionTypeId1));
}
}
diff --git a/modules/sharing-registry/sharing-registry-server/src/test/resources/logback.xml b/modules/sharing-registry/sharing-registry-server/src/test/resources/logback.xml
new file mode 100644
index 0000000..88937d3
--- /dev/null
+++ b/modules/sharing-registry/sharing-registry-server/src/test/resources/logback.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ ~
+ -->
+<configuration>
+ <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>[%p] %m%n</pattern>
+ </encoder>
+ </appender>
+ <!-- <logger name="org.apache.airavata.sharing.registry" level="DEBUG"/> -->
+ <root level="INFO">
+ <appender-ref ref="CONSOLE"/>
+ </root>
+</configuration>