use of bio.terra.common.exception.ForbiddenException in project terra-workspace-manager by DataBiosphere.
the class SamService method checkAuthz.
/**
* Wrapper around isAuthorized which throws an appropriate exception if a user does not have
* access to a resource. The wrapped call will perform a check for the appropriate permission in
* Sam. This call answers the question "does user X have permission to do action Y on resource Z".
*
* @param userRequest Credentials of the user whose permissions are being checked
* @param resourceType The Sam type of the resource being checked
* @param resourceId The ID of the resource being checked
* @param action The action being checked on the resource
*/
@Traced
public void checkAuthz(AuthenticatedUserRequest userRequest, String resourceType, String resourceId, String action) throws InterruptedException {
boolean isAuthorized = isAuthorized(userRequest, resourceType, resourceId, action);
final String userEmail = getUserEmailFromSam(userRequest);
if (!isAuthorized)
throw new ForbiddenException(String.format("User %s is not authorized to %s resource %s of type %s", userEmail, action, resourceId, resourceType));
else
logger.info("User {} is authorized to {} resource {} of type {}", userEmail, action, resourceId, resourceType);
}
use of bio.terra.common.exception.ForbiddenException in project terra-workspace-manager by DataBiosphere.
the class WorkspaceServiceTest method testGetForbiddenExistingWorkspace.
@Test
void testGetForbiddenExistingWorkspace() throws Exception {
Workspace request = defaultRequestBuilder(UUID.randomUUID()).build();
workspaceService.createWorkspace(request, USER_REQUEST);
doThrow(new ForbiddenException("forbid!")).when(mockSamService).checkAuthz(any(), any(), any(), any());
assertThrows(ForbiddenException.class, () -> workspaceService.getWorkspace(request.getWorkspaceId(), USER_REQUEST));
}
use of bio.terra.common.exception.ForbiddenException in project terra-workspace-manager by DataBiosphere.
the class WorkspaceServiceTest method deleteForbiddenExistingWorkspace.
@Test
void deleteForbiddenExistingWorkspace() throws Exception {
Workspace request = defaultRequestBuilder(UUID.randomUUID()).build();
workspaceService.createWorkspace(request, USER_REQUEST);
doThrow(new ForbiddenException("forbid!")).when(mockSamService).checkAuthz(any(), any(), any(), any());
assertThrows(ForbiddenException.class, () -> workspaceService.deleteWorkspace(request.getWorkspaceId(), USER_REQUEST));
}
use of bio.terra.common.exception.ForbiddenException in project terra-workspace-manager by DataBiosphere.
the class WorkspaceServiceTest method testGetForbiddenMissingWorkspace.
@Test
void testGetForbiddenMissingWorkspace() throws Exception {
doThrow(new ForbiddenException("forbid!")).when(mockSamService).checkAuthz(any(), any(), any(), any());
assertThrows(WorkspaceNotFoundException.class, () -> workspaceService.getWorkspace(UUID.randomUUID(), USER_REQUEST));
}
use of bio.terra.common.exception.ForbiddenException in project terra-workspace-manager by DataBiosphere.
the class WorkspaceServiceTest method deleteForbiddenMissingWorkspace.
@Test
void deleteForbiddenMissingWorkspace() throws Exception {
doThrow(new ForbiddenException("forbid!")).when(mockSamService).checkAuthz(any(), any(), any(), any());
assertThrows(WorkspaceNotFoundException.class, () -> workspaceService.deleteWorkspace(UUID.randomUUID(), USER_REQUEST));
}
Aggregations