You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by is...@apache.org on 2021/09/03 01:48:44 UTC
[airavata-data-lake] branch master updated: Fix metadata search
listing unauthorized files
This is an automated email from the ASF dual-hosted git repository.
isjarana pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata-data-lake.git
The following commit(s) were added to refs/heads/master by this push:
new 405d418 Fix metadata search listing unauthorized files
new 92d1a30 Merge pull request #53 from isururanawaka/sharing_service_impl
405d418 is described below
commit 405d418bf3a24f5f71844a51c7027d8b1a9120d8
Author: Isuru Ranawaka <ir...@gmail.com>
AuthorDate: Thu Sep 2 21:47:44 2021 -0400
Fix metadata search listing unauthorized files
---
.../orchestrator/connectors/DRMSConnector.java | 5 +++++
.../drms/api/handlers/ResourceServiceHandler.java | 21 ++++++++++++++++-----
2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/data-orchestrator/data-orchestrator-service/data-orchestrator-api-server/src/main/java/org/apache/airavata/datalake/orchestrator/connectors/DRMSConnector.java b/data-orchestrator/data-orchestrator-service/data-orchestrator-api-server/src/main/java/org/apache/airavata/datalake/orchestrator/connectors/DRMSConnector.java
index 350aee8..fcfdf3c 100644
--- a/data-orchestrator/data-orchestrator-service/data-orchestrator-api-server/src/main/java/org/apache/airavata/datalake/orchestrator/connectors/DRMSConnector.java
+++ b/data-orchestrator/data-orchestrator-service/data-orchestrator-api-server/src/main/java/org/apache/airavata/datalake/orchestrator/connectors/DRMSConnector.java
@@ -12,9 +12,12 @@ import org.apache.airavata.datalake.drms.sharing.ShareEntityWithUserRequest;
import org.apache.airavata.datalake.drms.storage.*;
import org.apache.airavata.datalake.orchestrator.Configuration;
import org.apache.airavata.datalake.orchestrator.core.connector.AbstractConnector;
+import org.bouncycastle.util.encoders.UTF8;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicReference;
@@ -203,4 +206,6 @@ public class DRMSConnector implements AbstractConnector<Configuration> {
return Optional.empty();
}
+
+
}
diff --git a/data-resource-management-service/drms-api/src/main/java/org/apache/airavata/drms/api/handlers/ResourceServiceHandler.java b/data-resource-management-service/drms-api/src/main/java/org/apache/airavata/drms/api/handlers/ResourceServiceHandler.java
index e666afd..8541392 100644
--- a/data-resource-management-service/drms-api/src/main/java/org/apache/airavata/drms/api/handlers/ResourceServiceHandler.java
+++ b/data-resource-management-service/drms-api/src/main/java/org/apache/airavata/drms/api/handlers/ResourceServiceHandler.java
@@ -470,7 +470,7 @@ public class ResourceServiceHandler extends ResourceServiceGrpc.ResourceServiceI
genericResourceList.forEach(res -> {
try {
- if (hasAccessForResource(callUser.getUsername(), callUser.getTenantId(), res.getResourceId(), value)) {
+ if (hasAccessForResource(callUser.getUsername(), callUser.getTenantId(), res.getResourceId(), "COLLECTION")) {
allowedResourceList.add(res);
}
} catch (Exception exception) {
@@ -487,7 +487,7 @@ public class ResourceServiceHandler extends ResourceServiceGrpc.ResourceServiceI
List<GenericResource> genericResources = GenericResourceDeserializer.deserializeList(ownPropertySearchRecords);
genericResources.forEach(res -> {
try {
- if (hasAccessForResource(callUser.getUsername(), callUser.getTenantId(), res.getResourceId(), value)) {
+ if (hasAccessForResource(callUser.getUsername(), callUser.getTenantId(), res.getResourceId(), "COLLECTION")) {
allowedResourceList.add(res);
}
} catch (Exception exception) {
@@ -752,7 +752,6 @@ public class ResourceServiceHandler extends ResourceServiceGrpc.ResourceServiceI
String type = request.getType();
-
Struct struct = request.getMetadata();
String message = JsonFormat.printer().print(struct);
JSONObject json = new JSONObject(message);
@@ -781,7 +780,7 @@ public class ResourceServiceHandler extends ResourceServiceGrpc.ResourceServiceI
String oldJSON = jsonList.get().get(0);
message = mergeJSON(oldJSON, message);
}
- parameters.put("metadata",message);
+ parameters.put("metadata", message);
String query = " MATCH (r" + type + ") where r.entityId= $parentResourceId AND r.tenantId= $tenantId " +
" MERGE (r)-[:HAS_FULL_METADATA]->(cr:FULL_METADATA_NODE{tenantId: $tenantId}) ON CREATE SET cr.metadata= $metadata " +
" ON MATCH SET cr.metadata = $metadata";
@@ -845,13 +844,14 @@ public class ResourceServiceHandler extends ResourceServiceGrpc.ResourceServiceI
}
- private boolean hasAccessForResource(String username, String tenantId, String resourceId, String type) throws
+ private boolean hasAccessForResource(String username, String tenantId, String resourceId, String parentResourceType) throws
Exception {
Map<String, Object> userProps = new HashMap<>();
userProps.put("username", username);
userProps.put("tenantId", tenantId);
userProps.put("entityId", resourceId);
+
String query = " MATCH (u:User), (r) where u.username = $username AND u.tenantId = $tenantId AND " +
" r.entityId = $entityId AND r.tenantId = $tenantId" +
" OPTIONAL MATCH (cg:Group)-[:CHILD_OF*]->(g:Group)<-[:MEMBER_OF]-(u)" +
@@ -859,6 +859,17 @@ public class ResourceServiceHandler extends ResourceServiceGrpc.ResourceServiceI
" return case when exists((u)<-[:SHARED_WITH]-(r)) OR exists((u)<-[:SHARED_WITH]-(l)) OR exists((g)<-[:SHARED_WITH]-(r)) OR " +
" exists((g)<-[:SHARED_WITH]-(l)) OR exists((cg)<-[:SHARED_WITH]-(r)) OR exists((cg)<-[:SHARED_WITH]-(l)) then r else NULL end as value";
+
+ if (parentResourceType != null) {
+ query = " MATCH (u:User), (r) where u.username = $username AND u.tenantId = $tenantId AND " +
+ " r.entityId = $entityId AND r.tenantId = $tenantId" +
+ " OPTIONAL MATCH (cg:Group)-[:CHILD_OF*]->(g:Group)<-[:MEMBER_OF]-(u)" +
+ " OPTIONAL MATCH (l:" + parentResourceType + ")<-[:CHILD_OF*]-(r)" +
+ " return case when exists((u)<-[:SHARED_WITH]-(r)) OR exists((u)<-[:SHARED_WITH]-(l)) OR exists((g)<-[:SHARED_WITH]-(r)) OR " +
+ " exists((g)<-[:SHARED_WITH]-(l)) OR exists((cg)<-[:SHARED_WITH]-(r)) OR exists((cg)<-[:SHARED_WITH]-(l)) then r else NULL end as value";
+ }
+
+
List<Record> records = this.neo4JConnector.searchNodes(userProps, query);
List<GenericResource> genericResourceList = GenericResourceDeserializer.deserializeList(records);