use of org.pmiops.workbench.db.model.WorkspaceUserRole in project workbench by all-of-us.
the class WorkspaceServiceImpl method updateUserRoles.
@Override
public Workspace updateUserRoles(Workspace workspace, Set<WorkspaceUserRole> userRoleSet) {
Map<Long, WorkspaceUserRole> userRoleMap = new HashMap<Long, WorkspaceUserRole>();
for (WorkspaceUserRole userRole : userRoleSet) {
userRole.setWorkspace(workspace);
userRoleMap.put(userRole.getUser().getUserId(), userRole);
}
ArrayList<WorkspaceACLUpdate> updateACLRequestList = new ArrayList<WorkspaceACLUpdate>();
Iterator<WorkspaceUserRole> dbUserRoles = workspace.getWorkspaceUserRoles().iterator();
while (dbUserRoles.hasNext()) {
WorkspaceUserRole currentUserRole = dbUserRoles.next();
WorkspaceUserRole mapValue = userRoleMap.get(currentUserRole.getUser().getUserId());
if (mapValue != null) {
currentUserRole.setRole(mapValue.getRole());
userRoleMap.remove(currentUserRole.getUser().getUserId());
} else {
// This is how to remove a user from the FireCloud ACL:
// Pass along an update request with NO ACCESS as the given access level.
WorkspaceACLUpdate removedUser = new WorkspaceACLUpdate();
removedUser.setEmail(currentUserRole.getUser().getEmail());
removedUser.setCanCompute(false);
removedUser.setCanShare(false);
removedUser.setAccessLevel(WorkspaceAccessLevel.NO_ACCESS.toString());
updateACLRequestList.add(removedUser);
dbUserRoles.remove();
}
}
for (Entry<Long, WorkspaceUserRole> remainingRole : userRoleMap.entrySet()) {
workspace.getWorkspaceUserRoles().add(remainingRole.getValue());
}
for (WorkspaceUserRole currentWorkspaceUser : workspace.getWorkspaceUserRoles()) {
WorkspaceACLUpdate currentUpdate = new WorkspaceACLUpdate();
currentUpdate.setEmail(currentWorkspaceUser.getUser().getEmail());
currentUpdate.setCanCompute(false);
if (currentWorkspaceUser.getRole() == WorkspaceAccessLevel.OWNER) {
currentUpdate.setCanShare(true);
currentUpdate.setAccessLevel(WorkspaceAccessLevel.OWNER.toString());
} else if (currentWorkspaceUser.getRole() == WorkspaceAccessLevel.WRITER) {
currentUpdate.setCanShare(false);
currentUpdate.setAccessLevel(WorkspaceAccessLevel.WRITER.toString());
} else {
currentUpdate.setCanShare(false);
currentUpdate.setAccessLevel(WorkspaceAccessLevel.READER.toString());
}
updateACLRequestList.add(currentUpdate);
}
try {
WorkspaceACLUpdateResponseList fireCloudResponse = fireCloudService.updateWorkspaceACL(workspace.getWorkspaceNamespace(), workspace.getFirecloudName(), updateACLRequestList);
if (fireCloudResponse.getUsersNotFound().size() != 0) {
String usersNotFound = "";
for (int i = 0; i < fireCloudResponse.getUsersNotFound().size(); i++) {
if (i > 0) {
usersNotFound += ", ";
}
usersNotFound += fireCloudResponse.getUsersNotFound().get(i).getEmail();
}
throw new BadRequestException(usersNotFound);
}
} catch (ApiException e) {
if (e.getCode() == 400) {
throw new BadRequestException(e.getResponseBody());
} else if (e.getCode() == 404) {
throw new NotFoundException("Workspace not found.");
} else if (e.getCode() == 500) {
throw new ServerErrorException(e);
} else {
throw new ServerUnavailableException(e);
}
}
return this.saveWithLastModified(workspace);
}
use of org.pmiops.workbench.db.model.WorkspaceUserRole in project workbench by all-of-us.
the class WorkspacesController method getWorkspaces.
@Override
public ResponseEntity<WorkspaceResponseListResponse> getWorkspaces() {
// TODO: use FireCloud to determine what workspaces to return, instead of just returning
// workspaces from our database.
User user = userProvider.get();
List<WorkspaceResponse> responseList = new ArrayList<WorkspaceResponse>();
if (user != null) {
for (WorkspaceUserRole userRole : user.getWorkspaceUserRoles()) {
// TODO: Use FireCloud to determine access roles, not our DB
WorkspaceResponse currentWorkspace = new WorkspaceResponse();
currentWorkspace.setWorkspace(TO_CLIENT_WORKSPACE.apply(userRole.getWorkspace()));
currentWorkspace.setAccessLevel(userRole.getRole());
responseList.add(currentWorkspace);
}
}
WorkspaceResponseListResponse response = new WorkspaceResponseListResponse();
response.setItems(responseList);
return ResponseEntity.ok(response);
}
use of org.pmiops.workbench.db.model.WorkspaceUserRole in project workbench by all-of-us.
the class WorkspacesController method shareWorkspace.
@Override
public ResponseEntity<ShareWorkspaceResponse> shareWorkspace(String workspaceNamespace, String workspaceId, ShareWorkspaceRequest request) {
if (Strings.isNullOrEmpty(request.getWorkspaceEtag())) {
throw new BadRequestException("Missing required update field 'workspaceEtag'");
}
org.pmiops.workbench.db.model.Workspace dbWorkspace = workspaceService.getRequired(workspaceNamespace, workspaceId);
int version = Etags.toVersion(request.getWorkspaceEtag());
if (dbWorkspace.getVersion() != version) {
throw new ConflictException("Attempted to modify user roles with outdated workspace etag");
}
Set<WorkspaceUserRole> dbUserRoles = new HashSet<WorkspaceUserRole>();
for (UserRole user : request.getItems()) {
WorkspaceUserRole newUserRole = new WorkspaceUserRole();
User newUser = userDao.findUserByEmail(user.getEmail());
if (newUser == null) {
throw new BadRequestException(String.format("User %s doesn't exist", user.getEmail()));
}
newUserRole.setUser(newUser);
newUserRole.setRole(user.getRole());
dbUserRoles.add(newUserRole);
}
// This automatically enforces owner role.
dbWorkspace = workspaceService.updateUserRoles(dbWorkspace, dbUserRoles);
ShareWorkspaceResponse resp = new ShareWorkspaceResponse();
resp.setWorkspaceEtag(Etags.fromVersion(dbWorkspace.getVersion()));
return ResponseEntity.ok(resp);
}
Aggregations