Examples with InvalidReferenceException bio.terra.workspace.service.resource.referenced.exception.InvalidReferenceException used on opensource projects

Example 1 with InvalidReferenceException

use of bio.terra.workspace.service.resource.referenced.exception.InvalidReferenceException in project terra-workspace-manager by DataBiosphere.

the class ValidateReferenceStep method doStep.

@Override
public StepResult doStep(FlightContext flightContext) throws InterruptedException, RetryException {
    FlightMap inputMap = flightContext.getInputParameters();
    ReferencedResource referencedResource = inputMap.get(ResourceKeys.RESOURCE, ReferencedResource.class);
    AuthenticatedUserRequest userRequest = inputMap.get(JobMapKeys.AUTH_USER_INFO.getKeyName(), AuthenticatedUserRequest.class);
    if (!referencedResource.checkAccess(beanBag, userRequest)) {
        throw new InvalidReferenceException(String.format("Referenced resource %s was not found or you do not have access. Verify that your reference was correctly defined and that you have access.", referencedResource.getResourceId()));
    }
    return StepResult.getStepResultSuccess();
}

Example 2 with InvalidReferenceException

use of bio.terra.workspace.service.resource.referenced.exception.InvalidReferenceException in project terra-workspace-manager by DataBiosphere.

the class CrlService method canReadGcsObject.

public boolean canReadGcsObject(String bucketName, String objectName, AuthenticatedUserRequest userRequest) {
    try {
        StorageCow storage = createStorageCow(null, userRequest);
        // If successfully get the blob, the user have at least READER access.
        storage.get(BlobId.of(bucketName, objectName));
        return true;
    } catch (StorageException e) {
        if (e.getCode() == HttpStatus.SC_FORBIDDEN) {
            return false;
        }
        throw new InvalidReferenceException(String.format("Error while trying to access GCS blob %s in bucket %s", objectName, bucketName), e);
    }
}

Example 3 with InvalidReferenceException

use of bio.terra.workspace.service.resource.referenced.exception.InvalidReferenceException in project terra-workspace-manager by DataBiosphere.

the class CrlService method canReadGcsBucket.

/**
 * Wrap the GcsBucket read access check in its own method. That allows unit tests to mock this
 * service and generate an answer without actually touching CRL.
 *
 * <p>This checks whether a user has either "storage.objects.get" or "storage.objects.list" on a
 * GCP bucket. Either of these permissions allow a user to read the contents of a bucket.
 *
 * @param bucketName bucket of interest
 * @param userRequest auth info
 * @return true if the user has permission to read the contents of the provided bucket
 */
public boolean canReadGcsBucket(String bucketName, AuthenticatedUserRequest userRequest) {
    // Note that some roles grant "get" permissions but not "list", and vice-versa. Either can be
    // used to read a bucket's contents, so here we only check that the user has at least one.
    final List<String> readPermissions = ImmutableList.of("storage.objects.get", "storage.objects.list");
    try {
        StorageCow storage = createStorageCow(null, userRequest);
        List<Boolean> hasPermissionsList = storage.testIamPermissions(bucketName, readPermissions);
        return hasPermissionsList.contains(true);
    } catch (StorageException e) {
        throw new InvalidReferenceException(String.format("Error while trying to access GCS bucket %s", bucketName), e);
    }
}