Search in sources :

Example 1 with ForbiddenException

use of bio.terra.common.exception.ForbiddenException in project terra-workspace-manager by DataBiosphere.

the class SamService method checkAuthz.

/**
 * Wrapper around isAuthorized which throws an appropriate exception if a user does not have
 * access to a resource. The wrapped call will perform a check for the appropriate permission in
 * Sam. This call answers the question "does user X have permission to do action Y on resource Z".
 *
 * @param userRequest Credentials of the user whose permissions are being checked
 * @param resourceType The Sam type of the resource being checked
 * @param resourceId The ID of the resource being checked
 * @param action The action being checked on the resource
 */
@Traced
public void checkAuthz(AuthenticatedUserRequest userRequest, String resourceType, String resourceId, String action) throws InterruptedException {
    boolean isAuthorized = isAuthorized(userRequest, resourceType, resourceId, action);
    final String userEmail = getUserEmailFromSam(userRequest);
    if (!isAuthorized)
        throw new ForbiddenException(String.format("User %s is not authorized to %s resource %s of type %s", userEmail, action, resourceId, resourceType));
    else
        logger.info("User {} is authorized to {} resource {} of type {}", userEmail, action, resourceId, resourceType);
}
Also used : ForbiddenException(bio.terra.common.exception.ForbiddenException) Traced(io.opencensus.contrib.spring.aop.Traced)

Example 2 with ForbiddenException

use of bio.terra.common.exception.ForbiddenException in project terra-workspace-manager by DataBiosphere.

the class WorkspaceServiceTest method testGetForbiddenExistingWorkspace.

@Test
void testGetForbiddenExistingWorkspace() throws Exception {
    Workspace request = defaultRequestBuilder(UUID.randomUUID()).build();
    workspaceService.createWorkspace(request, USER_REQUEST);
    doThrow(new ForbiddenException("forbid!")).when(mockSamService).checkAuthz(any(), any(), any(), any());
    assertThrows(ForbiddenException.class, () -> workspaceService.getWorkspace(request.getWorkspaceId(), USER_REQUEST));
}
Also used : ForbiddenException(bio.terra.common.exception.ForbiddenException) Workspace(bio.terra.workspace.service.workspace.model.Workspace) Test(org.junit.jupiter.api.Test) BaseConnectedTest(bio.terra.workspace.common.BaseConnectedTest)

Example 3 with ForbiddenException

use of bio.terra.common.exception.ForbiddenException in project terra-workspace-manager by DataBiosphere.

the class WorkspaceServiceTest method deleteForbiddenExistingWorkspace.

@Test
void deleteForbiddenExistingWorkspace() throws Exception {
    Workspace request = defaultRequestBuilder(UUID.randomUUID()).build();
    workspaceService.createWorkspace(request, USER_REQUEST);
    doThrow(new ForbiddenException("forbid!")).when(mockSamService).checkAuthz(any(), any(), any(), any());
    assertThrows(ForbiddenException.class, () -> workspaceService.deleteWorkspace(request.getWorkspaceId(), USER_REQUEST));
}
Also used : ForbiddenException(bio.terra.common.exception.ForbiddenException) Workspace(bio.terra.workspace.service.workspace.model.Workspace) Test(org.junit.jupiter.api.Test) BaseConnectedTest(bio.terra.workspace.common.BaseConnectedTest)

Example 4 with ForbiddenException

use of bio.terra.common.exception.ForbiddenException in project terra-workspace-manager by DataBiosphere.

the class WorkspaceServiceTest method testGetForbiddenMissingWorkspace.

@Test
void testGetForbiddenMissingWorkspace() throws Exception {
    doThrow(new ForbiddenException("forbid!")).when(mockSamService).checkAuthz(any(), any(), any(), any());
    assertThrows(WorkspaceNotFoundException.class, () -> workspaceService.getWorkspace(UUID.randomUUID(), USER_REQUEST));
}
Also used : ForbiddenException(bio.terra.common.exception.ForbiddenException) Test(org.junit.jupiter.api.Test) BaseConnectedTest(bio.terra.workspace.common.BaseConnectedTest)

Example 5 with ForbiddenException

use of bio.terra.common.exception.ForbiddenException in project terra-workspace-manager by DataBiosphere.

the class WorkspaceServiceTest method deleteForbiddenMissingWorkspace.

@Test
void deleteForbiddenMissingWorkspace() throws Exception {
    doThrow(new ForbiddenException("forbid!")).when(mockSamService).checkAuthz(any(), any(), any(), any());
    assertThrows(WorkspaceNotFoundException.class, () -> workspaceService.deleteWorkspace(UUID.randomUUID(), USER_REQUEST));
}
Also used : ForbiddenException(bio.terra.common.exception.ForbiddenException) Test(org.junit.jupiter.api.Test) BaseConnectedTest(bio.terra.workspace.common.BaseConnectedTest)

Aggregations

ForbiddenException (bio.terra.common.exception.ForbiddenException)5 BaseConnectedTest (bio.terra.workspace.common.BaseConnectedTest)4 Test (org.junit.jupiter.api.Test)4 Workspace (bio.terra.workspace.service.workspace.model.Workspace)2 Traced (io.opencensus.contrib.spring.aop.Traced)1