Example 1 with Roles
use of org.sagebionetworks.bridge.Roles in project BridgeServer2 by Sage-Bionetworks.
the class ParticipantService method updateRoles.
/**
* For each role added, the caller must have the right to add the role. Then for every role currently assigned, we
* check and if the caller doesn't have the right to remove that role, we'll add it back. Then we save those
* results.
*/
private void updateRoles(RequestContext requestContext, StudyParticipant participant, Account account) {
Set<Roles> newRoleSet = Sets.newHashSet();
// Caller can only add roles they have the rights to edit
for (Roles role : participant.getRoles()) {
if (callerCanEditRole(requestContext, role)) {
newRoleSet.add(role);
}
}
// Callers also can't remove roles they don't have the rights to edit
for (Roles role : account.getRoles()) {
if (!callerCanEditRole(requestContext, role)) {
newRoleSet.add(role);
}
}
account.setRoles(newRoleSet);
}
Also used :
Roles(org.sagebionetworks.bridge.Roles)
Example 2 with Roles
use of org.sagebionetworks.bridge.Roles in project BridgeServer2 by Sage-Bionetworks.
the class JsonUtilsTest method asRolesSet.
@Test
public void asRolesSet() throws Exception {
Set<Roles> set = Sets.newHashSet(ADMIN, RESEARCHER);
JsonNode node = mapper.readTree(esc("{'key':['admin','researcher']}"));
assertEquals(JsonUtils.asRolesSet(node, null), Sets.newHashSet());
assertEquals(JsonUtils.asRolesSet(node, "badProp"), Sets.newHashSet());
assertEquals(JsonUtils.asRolesSet(node, "key"), set);
}Example 3 with Roles
use of org.sagebionetworks.bridge.Roles in project BridgeServer2 by Sage-Bionetworks.
the class BaseController method getAuthenticatedSession.
/**
* This method centralizes session checking. If consent is required, user must be consented, if roles are supplied,
* the user must have one of the roles, and if both are provided, the user must be EITHER consented OR in one of the
* given roles. If neither is supplied (<code>getAuthenticatedSession(false)</code>), than you just need to be
* authenticated. This method also ensures that the user's app version is up-to-date if consent is required.
*/
UserSession getAuthenticatedSession(boolean consentRequired, Roles... roles) {
final UserSession session = getSessionIfItExists();
if (session == null || !session.isAuthenticated()) {
throw new NotAuthenticatedException();
}
getLanguages(session);
// Sessions are locked to an IP address if (a) it is enabled in the app for unprivileged participant accounts
// or (b) always for privileged accounts.
App app = appService.getApp(session.getAppId());
Set<Roles> userRoles = session.getParticipant().getRoles();
boolean userHasRoles = !userRoles.isEmpty();
if (app.isParticipantIpLockingEnabled() || userHasRoles) {
String sessionIpAddress = session.getIpAddress();
String requestIpAddress = RequestContext.get().getCallerIpAddress();
if (!Objects.equals(sessionIpAddress, requestIpAddress)) {
throw new NotAuthenticatedException();
}
}
// Any method that can throw a 412 can also throw a 410 (min app version not met).
if (consentRequired) {
verifySupportedVersionOrThrowException(app);
}
// if there are roles, they are required
boolean rolesRequired = (roles != null && roles.length > 0);
boolean isInRole = (rolesRequired) ? session.isInRole(ImmutableSet.copyOf(roles)) : false;
if ((consentRequired && session.doesConsent()) || (rolesRequired && isInRole)) {
return session;
}
// and the ConsentRequiredException first for users without any roles.
if (userHasRoles && rolesRequired && !isInRole) {
throw new UnauthorizedException();
}
if (consentRequired && !session.doesConsent()) {
throw new ConsentRequiredException(session);
}
if (rolesRequired && !isInRole) {
throw new UnauthorizedException();
}
// user doesn't need to be consented or to possess any specific role.
return session;
}
Also used :
App(org.sagebionetworks.bridge.models.apps.App)
NotAuthenticatedException(org.sagebionetworks.bridge.exceptions.NotAuthenticatedException)
ConsentRequiredException(org.sagebionetworks.bridge.exceptions.ConsentRequiredException)
UserSession(org.sagebionetworks.bridge.models.accounts.UserSession)
UnauthorizedException(org.sagebionetworks.bridge.exceptions.UnauthorizedException)
Roles(org.sagebionetworks.bridge.Roles)
Example 4 with Roles
use of org.sagebionetworks.bridge.Roles in project BridgeServer2 by Sage-Bionetworks.
the class JsonUtils method asRolesSet.
public static Set<Roles> asRolesSet(JsonNode parent, String property) {
Set<Roles> results = new HashSet<>();
if (parent != null && parent.hasNonNull(property)) {
ArrayNode array = (ArrayNode) parent.get(property);
for (int i = 0; i < array.size(); i++) {
String name = array.get(i).asText().toUpperCase();
results.add(Roles.valueOf(name));
}
}
return results;
}Example 5 with Roles
use of org.sagebionetworks.bridge.Roles in project BridgeServer2 by Sage-Bionetworks.
the class AppAndUsersTest method deserializeCorrectly.
private void deserializeCorrectly(String appFieldName) throws Exception {
// mock
String json = "{" + " \"adminIds\": [\"3346407\", \"3348228\"]," + " \"" + appFieldName + "\": {" + " \"identifier\": \"" + TEST_APP_ID + "\"," + " \"supportEmail\": \"test+user@email.com\"," + " \"name\": \"test=app-name\"," + " \"active\": \"true\"" + " }," + " \"users\": [" + " {" + " \"firstName\": \"test_user_first_name\"," + " \"lastName\": \"test_user_last_name\"," + " \"email\": \"test+user@email.com\"," + " \"password\": \"test_user_password\"," + " \"roles\": [\"developer\",\"researcher\"]" + " }," + " {" + " \"firstName\": \"test_user_first_name\"," + " \"lastName\": \"test_user_last_name\"," + " \"email\": \"test+user+2@email.com\"," + " \"password\": \"test_user_password\"," + " \"roles\": [\"researcher\"]" + " }" + " ]" + "}";
App app = new DynamoApp();
app.setActive(true);
app.setIdentifier(TEST_APP_ID);
app.setName(TEST_APP_NAME);
app.setSupportEmail(TEST_USER_EMAIL);
// make it ordered
LinkedHashSet<Roles> user1Roles = new LinkedHashSet<>();
user1Roles.add(Roles.RESEARCHER);
user1Roles.add(Roles.DEVELOPER);
StudyParticipant mockUser1 = new StudyParticipant.Builder().withEmail(TEST_USER_EMAIL).withFirstName(TEST_USER_FIRST_NAME).withLastName(TEST_USER_LAST_NAME).withRoles(ImmutableSet.copyOf(user1Roles)).withPassword(TEST_USER_PASSWORD).build();
StudyParticipant mockUser2 = new StudyParticipant.Builder().withEmail(TEST_USER_EMAIL_2).withFirstName(TEST_USER_FIRST_NAME).withLastName(TEST_USER_LAST_NAME).withRoles(ImmutableSet.of(Roles.RESEARCHER)).withPassword(TEST_USER_PASSWORD).build();
List<StudyParticipant> mockUsers = ImmutableList.of(mockUser1, mockUser2);
List<String> adminIds = ImmutableList.of(TEST_ADMIN_ID_1, TEST_ADMIN_ID_2);
AppAndUsers retAppAndUsers = BridgeObjectMapper.get().readValue(json, AppAndUsers.class);
List<String> retAdminIds = retAppAndUsers.getAdminIds();
App retApp = retAppAndUsers.getApp();
List<StudyParticipant> userList = retAppAndUsers.getUsers();
// verify
assertEquals(retAdminIds, adminIds);
assertEquals(retApp, app);
assertEquals(userList, mockUsers);
}
Also used :
DynamoApp(org.sagebionetworks.bridge.dynamodb.DynamoApp)
LinkedHashSet(java.util.LinkedHashSet)
DynamoApp(org.sagebionetworks.bridge.dynamodb.DynamoApp)
Roles(org.sagebionetworks.bridge.Roles)
StudyParticipant(org.sagebionetworks.bridge.models.accounts.StudyParticipant)
Aggregations
Roles (org.sagebionetworks.bridge.Roles)5
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
ArrayNode (com.fasterxml.jackson.databind.node.ArrayNode)1
HashSet (java.util.HashSet)1
LinkedHashSet (java.util.LinkedHashSet)1
DynamoApp (org.sagebionetworks.bridge.dynamodb.DynamoApp)1
ConsentRequiredException (org.sagebionetworks.bridge.exceptions.ConsentRequiredException)1
NotAuthenticatedException (org.sagebionetworks.bridge.exceptions.NotAuthenticatedException)1
UnauthorizedException (org.sagebionetworks.bridge.exceptions.UnauthorizedException)1
StudyParticipant (org.sagebionetworks.bridge.models.accounts.StudyParticipant)1
UserSession (org.sagebionetworks.bridge.models.accounts.UserSession)1
App (org.sagebionetworks.bridge.models.apps.App)1
Test (org.testng.annotations.Test)1
