You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2018/02/23 08:51:12 UTC
[airavata] branch group-based-auth updated: GROUP_RESOURCE_PROFILE
ResourceType; only list GroupResourceProfile shared with user
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/group-based-auth by this push:
new e8a299e GROUP_RESOURCE_PROFILE ResourceType; only list GroupResourceProfile shared with user
e8a299e is described below
commit e8a299eb507c0f2f817072641f6ef6c3fefdfa66
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Feb 23 03:50:16 2018 -0500
GROUP_RESOURCE_PROFILE ResourceType; only list GroupResourceProfile shared with user
---
.../api/server/handler/AiravataServerHandler.java | 45 ++++++++++++++++++++--
.../apache/airavata/model/group/ResourceType.java | 9 ++---
.../migrator/airavata/AiravataDataMigrator.java | 8 ++++
.../group_manager_model.thrift | 1 +
4 files changed, 55 insertions(+), 8 deletions(-)
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
index 17245db..b472318 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
@@ -132,6 +132,7 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.UUID;
+import java.util.stream.Collectors;
public class AiravataServerHandler implements Airavata.Iface {
private static final Logger logger = LoggerFactory.getLogger(AiravataServerHandler.class);
@@ -276,6 +277,13 @@ public class AiravataServerHandler implements Airavata.Iface {
entityType.setDescription("Application Deployment entity type");
client.createEntityType(entityType);
+ entityType = new EntityType();
+ entityType.setEntityTypeId(domain.domainId+":"+ResourceType.GROUP_RESOURCE_PROFILE.name());
+ entityType.setDomainId(domain.domainId);
+ entityType.setName(ResourceType.GROUP_RESOURCE_PROFILE.name());
+ entityType.setDescription("Group Resource Profile entity type");
+ client.createEntityType(entityType);
+
//Creating Permission Types for each domain
PermissionType permissionType = new PermissionType();
permissionType.setPermissionTypeId(domain.domainId + ":READ");
@@ -378,6 +386,13 @@ public class AiravataServerHandler implements Airavata.Iface {
entityType.setDescription("Application Deployment entity type");
sharingClient.createEntityType(entityType);
+ entityType = new EntityType();
+ entityType.setEntityTypeId(domain.domainId+":"+ResourceType.GROUP_RESOURCE_PROFILE.name());
+ entityType.setDomainId(domain.domainId);
+ entityType.setName(ResourceType.GROUP_RESOURCE_PROFILE.name());
+ entityType.setDescription("Group Resource Profile entity type");
+ sharingClient.createEntityType(entityType);
+
//Creating Permission Types for each domain
PermissionType permissionType = new PermissionType();
permissionType.setPermissionTypeId(domain.domainId+":READ");
@@ -5073,16 +5088,40 @@ public class AiravataServerHandler implements Airavata.Iface {
@SecurityCheck
public List<GroupResourceProfile> getGroupResourceList(AuthzToken authzToken, String gatewayId) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException {
RegistryService.Client regClient = registryClientPool.getResource();
+ SharingRegistryService.Client sharingClient = sharingClientPool.getResource();
+ String userName = authzToken.getClaimsMap().get(Constants.USER_NAME);
try {
- List<GroupResourceProfile> groupResourceProfileList = regClient.getGroupResourceList(gatewayId);
- registryClientPool.returnResource(regClient);
- return groupResourceProfileList;
+ if (ServerSettings.isEnableSharing()) {
+ List<String> accessibleGroupResProfileIds = new ArrayList<>();
+ List<SearchCriteria> filters = new ArrayList<>();
+ SearchCriteria searchCriteria = new SearchCriteria();
+ searchCriteria.setSearchField(EntitySearchField.ENTITY_TYPE_ID);
+ searchCriteria.setSearchCondition(SearchCondition.EQUAL);
+ searchCriteria.setValue(gatewayId + ":" + ResourceType.GROUP_RESOURCE_PROFILE.name());
+ filters.add(searchCriteria);
+ sharingClient.searchEntities(authzToken.getClaimsMap().get(Constants.GATEWAY_ID),
+ userName + "@" + gatewayId, filters, 0, -1).stream().forEach(p -> accessibleGroupResProfileIds
+ .add(p.entityId));
+ // TODO: push accessibleGroupResProfileIds filtering down
+ List<GroupResourceProfile> groupResourceProfileList = regClient.getGroupResourceList(gatewayId);
+ registryClientPool.returnResource(regClient);
+ sharingClientPool.returnResource(sharingClient);
+ return groupResourceProfileList.stream()
+ .filter(grp -> accessibleGroupResProfileIds.contains(grp.getGroupResourceProfileId()))
+ .collect(Collectors.toList());
+ } else {
+ List<GroupResourceProfile> groupResourceProfileList = regClient.getGroupResourceList(gatewayId);
+ registryClientPool.returnResource(regClient);
+ sharingClientPool.returnResource(sharingClient);
+ return groupResourceProfileList;
+ }
} catch (Exception e) {
String msg = "Error retrieving list group resource profile list. GatewayId: "+ gatewayId;
logger.error(msg, e);
AiravataSystemException exception = new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR);
exception.setMessage(msg+" More info : " + e.getMessage());
registryClientPool.returnBrokenResource(regClient);
+ sharingClientPool.returnBrokenResource(sharingClient);
throw exception;
}
}
diff --git a/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/group/ResourceType.java b/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/group/ResourceType.java
index b2187fb..2790323 100644
--- a/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/group/ResourceType.java
+++ b/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/group/ResourceType.java
@@ -24,16 +24,13 @@
package org.apache.airavata.model.group;
-import java.util.Map;
-import java.util.HashMap;
-import org.apache.thrift.TEnum;
-
public enum ResourceType implements org.apache.thrift.TEnum {
PROJECT(0),
EXPERIMENT(1),
DATA(2),
APPLICATION_DEPLOYMENT(3),
- OTHER(4);
+ GROUP_RESOURCE_PROFILE(4),
+ OTHER(5);
private final int value;
@@ -63,6 +60,8 @@ public enum ResourceType implements org.apache.thrift.TEnum {
case 3:
return APPLICATION_DEPLOYMENT;
case 4:
+ return GROUP_RESOURCE_PROFILE;
+ case 5:
return OTHER;
default:
return null;
diff --git a/modules/sharing-registry/sharing-data-migrator/src/main/java/org/apache/airavata/sharing/registry/migrator/airavata/AiravataDataMigrator.java b/modules/sharing-registry/sharing-data-migrator/src/main/java/org/apache/airavata/sharing/registry/migrator/airavata/AiravataDataMigrator.java
index 9b75cd5..e10c6eb 100644
--- a/modules/sharing-registry/sharing-data-migrator/src/main/java/org/apache/airavata/sharing/registry/migrator/airavata/AiravataDataMigrator.java
+++ b/modules/sharing-registry/sharing-data-migrator/src/main/java/org/apache/airavata/sharing/registry/migrator/airavata/AiravataDataMigrator.java
@@ -94,6 +94,14 @@ public class AiravataDataMigrator {
if (!sharingRegistryServerHandler.isEntityTypeExists(entityType.domainId, entityType.entityTypeId))
sharingRegistryServerHandler.createEntityType(entityType);
+ entityType = new EntityType();
+ entityType.setEntityTypeId(domain.domainId+":"+ResourceType.GROUP_RESOURCE_PROFILE.name());
+ entityType.setDomainId(domain.domainId);
+ entityType.setName(ResourceType.GROUP_RESOURCE_PROFILE.name());
+ entityType.setDescription("Group Resource Profile entity type");
+ if (!sharingRegistryServerHandler.isEntityTypeExists(entityType.domainId, entityType.entityTypeId))
+ sharingRegistryServerHandler.createEntityType(entityType);
+
//Creating Permission Types for each domain
PermissionType permissionType = new PermissionType();
permissionType.setPermissionTypeId(domain.domainId+":READ");
diff --git a/thrift-interface-descriptions/data-models/user-tenant-group-models/group_manager_model.thrift b/thrift-interface-descriptions/data-models/user-tenant-group-models/group_manager_model.thrift
index 263aeb3..adb4285 100644
--- a/thrift-interface-descriptions/data-models/user-tenant-group-models/group_manager_model.thrift
+++ b/thrift-interface-descriptions/data-models/user-tenant-group-models/group_manager_model.thrift
@@ -31,6 +31,7 @@ enum ResourceType {
EXPERIMENT,
DATA,
APPLICATION_DEPLOYMENT,
+ GROUP_RESOURCE_PROFILE,
OTHER
}
--
To stop receiving notification emails like this one, please contact
machristie@apache.org.