Example 1 with Securable
use of gemma.gsec.model.Securable in project Gemma by PavlidisLab.
the class SecurityControllerImpl method makePublic.
@Override
public boolean makePublic(EntityDelegator ed) {
Securable s = this.getSecurable(ed);
securityService.makePublic(s);
return true;
}
Also used :
Securable(gemma.gsec.model.Securable)
Example 2 with Securable
use of gemma.gsec.model.Securable in project Gemma by PavlidisLab.
the class SecurityControllerImpl method getSecurable.
/**
* @param ed ed
* @return securable
* @throws IllegalArgumentException if the Securable cannot be loaded
*/
private Securable getSecurable(EntityDelegator ed) {
String classDelegatingFor = ed.getClassDelegatingFor();
Class<?> clazz;
Securable s;
try {
clazz = Class.forName(classDelegatingFor);
} catch (ClassNotFoundException e1) {
throw new RuntimeException(e1);
}
if (ExpressionExperiment.class.isAssignableFrom(clazz)) {
s = expressionExperimentService.load(ed.getId());
} else if (GeneSet.class.isAssignableFrom(clazz)) {
s = geneSetService.load(ed.getId());
} else if (ExpressionExperimentSet.class.isAssignableFrom(clazz)) {
s = expressionExperimentSetService.load(ed.getId());
} else if (PhenotypeAssociation.class.isAssignableFrom(clazz)) {
s = phenotypeAssociationService.load(ed.getId());
} else if (GeneDifferentialExpressionMetaAnalysis.class.isAssignableFrom(clazz)) {
s = geneDiffExMetaAnalysisService.load(ed.getId());
} else {
throw new UnsupportedOperationException(clazz + " not supported by security controller yet");
}
if (s == null) {
throw new IllegalArgumentException("Entity does not exist or user does not have access.");
}
return s;
}
Also used :
Securable(gemma.gsec.model.Securable)
PhenotypeAssociation(ubic.gemma.model.association.phenotype.PhenotypeAssociation)
GeneSet(ubic.gemma.model.genome.gene.GeneSet)
Example 3 with Securable
use of gemma.gsec.model.Securable in project Gemma by PavlidisLab.
the class SecurityControllerImpl method updatePermission.
@Override
public SecurityInfoValueObject updatePermission(SecurityInfoValueObject settings) {
EntityDelegator sd = new EntityDelegator();
sd.setId(settings.getEntityId());
sd.setClassDelegatingFor(settings.getEntityClazz());
Securable s = this.getSecurable(sd);
if (settings.isPubliclyReadable()) {
securityService.makePublic(s);
} else {
securityService.makePrivate(s);
}
try {
if (settings.getOwner().isPrincipal()) {
securityService.makeOwnedByUser(s, settings.getOwner().getAuthority());
} else {
// this warning is not even worth issuing if we are not an administrator.
if (SecurityUtil.isUserAdmin())
SecurityControllerImpl.log.warn("Can't make groupauthority " + settings.getOwner().getAuthority() + " owner, not implemented");
}
} catch (AccessDeniedException e) {
SecurityControllerImpl.log.warn("Non-administrators cannot change the owner of an entity");
// okay, only works if you are administrator.
}
/*
* This works in one of two ways. If settings.currentGroup is non-null, we just update the permissions for that
* group - this may leave them unchanged. Otherwise, we update them all based on
* groupsThatCanRead/groupsThatCanWrite
*/
String currentGroupName = settings.getCurrentGroup();
if (StringUtils.isNotBlank(currentGroupName) && !(currentGroupName.equals(AuthorityConstants.ADMIN_GROUP_NAME) || currentGroupName.equals(AuthorityConstants.AGENT_GROUP_NAME))) {
// this test only makes sense for changing the group's name, not for changing the permissions
// of potentially shared entities
// if ( !getGroupsUserCanEdit().contains( currentGroupName ) ) {
// throw new AccessDeniedException( "Access denied to permissions for group=" + currentGroupName );
// }
Boolean readable = settings.isCurrentGroupCanRead();
Boolean writeable = settings.isCurrentGroupCanWrite();
if (readable) {
securityService.makeReadableByGroup(s, currentGroupName);
} else {
securityService.makeUnreadableByGroup(s, currentGroupName);
}
if (writeable) {
// if writable should be readable
securityService.makeReadableByGroup(s, currentGroupName);
securityService.makeWriteableByGroup(s, currentGroupName);
} else {
securityService.makeUnwriteableByGroup(s, currentGroupName);
}
} else {
/*
* Remove all group permissions - we'll set them back to what was requested. Exception: we don't allow
* changes to admin or agent permissions by this route.
*/
for (String groupName : this.getGroupsUserCanEdit()) {
if (groupName.equals(AuthorityConstants.ADMIN_GROUP_NAME) || groupName.equals(AuthorityConstants.AGENT_GROUP_NAME)) {
// never changes this.
continue;
}
securityService.makeUnreadableByGroup(s, groupName);
securityService.makeUnwriteableByGroup(s, groupName);
}
/*
* Add selected ones back
*/
for (String reader : settings.getGroupsThatCanRead()) {
if (reader.equals(AuthorityConstants.ADMIN_GROUP_NAME) || reader.equals(AuthorityConstants.AGENT_GROUP_NAME)) {
// never changes this.
continue;
}
securityService.makeReadableByGroup(s, reader);
}
for (String writer : settings.getGroupsThatCanWrite()) {
if (writer.equals(AuthorityConstants.ADMIN_GROUP_NAME) || writer.equals(AuthorityConstants.AGENT_GROUP_NAME)) {
// never changes this.
continue;
}
// when it is writable it should be readable
securityService.makeReadableByGroup(s, writer);
securityService.makeWriteableByGroup(s, writer);
}
}
// special case for Phenocarta, changing the meta analysis, changes the permissions of all evidence linked
if (s instanceof GeneDifferentialExpressionMetaAnalysis) {
Collection<DifferentialExpressionEvidence> differentialExpressionEvidence = this.phenotypeAssociationService.loadEvidenceWithGeneDifferentialExpressionMetaAnalysis(s.getId(), -1);
for (DifferentialExpressionEvidence d : differentialExpressionEvidence) {
settings.setEntityId(d.getId());
settings.setEntityClazz(d.getClass().getName());
this.updatePermission(settings);
}
}
SecurityControllerImpl.log.info("Updated permissions on " + s);
return this.securable2VO(s);
}
Also used :
DifferentialExpressionEvidence(ubic.gemma.model.association.phenotype.DifferentialExpressionEvidence)
Securable(gemma.gsec.model.Securable)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
GeneDifferentialExpressionMetaAnalysis(ubic.gemma.model.analysis.expression.diff.GeneDifferentialExpressionMetaAnalysis)
EntityDelegator(ubic.gemma.web.remote.EntityDelegator)
Example 4 with Securable
use of gemma.gsec.model.Securable in project Gemma by PavlidisLab.
the class SecurityControllerImpl method makeGroupWriteable.
@Override
public boolean makeGroupWriteable(EntityDelegator ed, String groupName) {
Securable s = this.getSecurable(ed);
securityService.makeWriteableByGroup(s, groupName);
return true;
}
Also used :
Securable(gemma.gsec.model.Securable)
Example 5 with Securable
use of gemma.gsec.model.Securable in project Gemma by PavlidisLab.
the class SecurityControllerImpl method removeGroupReadable.
@Override
public boolean removeGroupReadable(EntityDelegator ed, String groupName) {
Securable s = this.getSecurable(ed);
securityService.makeUnreadableByGroup(s, groupName);
return true;
}
Also used :
Securable(gemma.gsec.model.Securable)
Aggregations
Securable (gemma.gsec.model.Securable)9
AccessDeniedException (org.springframework.security.access.AccessDeniedException)1
Sid (org.springframework.security.acls.model.Sid)1
GeneDifferentialExpressionMetaAnalysis (ubic.gemma.model.analysis.expression.diff.GeneDifferentialExpressionMetaAnalysis)1
DifferentialExpressionEvidence (ubic.gemma.model.association.phenotype.DifferentialExpressionEvidence)1
PhenotypeAssociation (ubic.gemma.model.association.phenotype.PhenotypeAssociation)1
Describable (ubic.gemma.model.common.Describable)1
GeneSet (ubic.gemma.model.genome.gene.GeneSet)1
EntityDelegator (ubic.gemma.web.remote.EntityDelegator)1
