use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.
the class JDONodeQueryAuthorizationTest method afterPropertiesSet.
/**
* The setup for this test is expensive so we only do it once after all of the
* beans are ready.
*/
@Override
public void afterPropertiesSet() throws Exception {
Long creatorUserGroupId = Long.parseLong(userGroupDAO.findGroup(AuthorizationConstants.BOOTSTRAP_USER_GROUP_NAME, false).getId());
if (instance != null) {
return;
}
instance = this;
// Keeps track of the users to delete
nodesToDelete = new ArrayList<String>();
groupsToDelete = new ArrayList<String>();
// Create some users
adminUser = createUser("admin@JDONodeQueryAuthorizationTest.org", true);
// Create two groups
groupA = createGroup("groupA@JDONodeQueryAuthorizationTest.org");
groupB = createGroup("groupB@JDONodeQueryAuthorizationTest.org");
// Create users in each group
usersInGroupA = new HashMap<String, UserInfo>();
for (int i = 0; i < 10; i++) {
// Create all of the users
String userId = "userInA" + i + "@JDONodeQueryAuthorizationTest.org";
UserInfo info = createUser(userId, false);
info.getGroups().add(groupA);
usersInGroupA.put(userId, info);
}
// Create group b users
usersInGroupB = new HashMap<String, UserInfo>();
for (int i = 0; i < 7; i++) {
// Create all of the users
String userId = "userInB" + i + "@JDONodeQueryAuthorizationTest.org";
UserInfo info = createUser(userId, false);
info.getGroups().add(groupB);
usersInGroupB.put(userId, info);
}
// Create users in both groups
usersInBothGroups = new HashMap<String, UserInfo>();
for (int i = 0; i < 7; i++) {
// Create all of the users
String userId = "userInBothA&B" + i + "@JDONodeQueryAuthorizationTest.org";
UserInfo info = createUser(userId, false);
info.getGroups().add(groupB);
info.getGroups().add(groupA);
usersInBothGroups.put(userId, info);
}
// Now create the two projects
// Project A
projectA = NodeTestUtils.createNew("projectA", creatorUserGroupId);
projectA.setNodeType(EntityType.project.name());
String id = nodeDao.createNew(projectA);
nodesToDelete.add(id);
projectA = nodeDao.getNode(id);
// Create the ACL for this node.
AccessControlList acl = AccessControlListUtil.createACLToGrantAll(id, adminUser);
// Make sure group A can read from this node
ResourceAccess access = new ResourceAccess();
access.setPrincipalId(Long.parseLong(groupA.getId()));
access.setAccessType(new HashSet<ACCESS_TYPE>());
access.getAccessType().add(ACCESS_TYPE.READ);
acl.getResourceAccess().add(access);
accessControlListDAO.create(acl);
// Project B
projectB = NodeTestUtils.createNew("projectB", creatorUserGroupId);
projectB.setNodeType(EntityType.project.name());
id = nodeDao.createNew(projectB);
nodesToDelete.add(id);
projectB = nodeDao.getNode(id);
// Create the ACL for this node.
acl = AccessControlListUtil.createACLToGrantAll(id, adminUser);
// Make sure group B can read from this node
access = new ResourceAccess();
access.setPrincipalId(Long.parseLong(groupB.getId()));
access.setAccessType(new HashSet<ACCESS_TYPE>());
access.getAccessType().add(ACCESS_TYPE.READ);
acl.getResourceAccess().add(access);
accessControlListDAO.create(acl);
// Now add some nodes to each project.
nodesInProjectA = new HashMap<String, Node>();
for (int i = 0; i < 25; i++) {
Node node = NodeTestUtils.createNew("nodeInProjectA" + i, creatorUserGroupId);
node.setNodeType(EntityType.dataset.name());
node.setParentId(projectA.getId());
id = nodeDao.createNew(node);
// nodesToDelete.add(id);
node = nodeDao.getNode(id);
nodesInProjectA.put(node.getId(), node);
}
// Now add some nodes to each project.
nodesInProjectB = new HashMap<String, Node>();
for (int i = 0; i < 25; i++) {
Node node = NodeTestUtils.createNew("nodeInProjectB" + i, creatorUserGroupId);
node.setNodeType(EntityType.dataset.name());
node.setParentId(projectB.getId());
id = nodeDao.createNew(node);
// nodesToDelete.add(id);
node = nodeDao.getNode(id);
nodesInProjectB.put(node.getId(), node);
// Add an attribute to nodes in group B
NamedAnnotations annos = nodeDao.getAnnotations(id);
assertNotNull(annos);
// fieldTypeDao.addNewType(attributeName, FieldType.LONG_ATTRIBUTE);
annos.getAdditionalAnnotations().addAnnotation(attributeName, new Long(i));
nodeDao.updateAnnotations(id, annos);
}
}
use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.
the class EntityBootstrapperImpl method createAcl.
/**
* Build up an ACL from List<AccessBootstrapData> list.
* @param nodeId
* @param list
* @param groupIdMap
* @return
*/
public static AccessControlList createAcl(String nodeId, String creatorPrincipalId, List<AccessBootstrapData> list) throws DatastoreException {
if (nodeId == null)
throw new IllegalArgumentException("NodeId cannot be null");
AccessControlList acl = new AccessControlList();
acl.setCreationDate(new Date(System.currentTimeMillis()));
acl.setId(nodeId);
Set<ResourceAccess> set = new HashSet<ResourceAccess>();
acl.setResourceAccess(set);
for (AccessBootstrapData data : list) {
// For each group add the types requested.
ResourceAccess access = new ResourceAccess();
set.add(access);
Set<ACCESS_TYPE> typeSet = new HashSet<ACCESS_TYPE>();
access.setAccessType(typeSet);
access.setPrincipalId(data.getGroupId());
// Add each type to the set
List<ACCESS_TYPE> types = data.getAccessTypeList();
for (ACCESS_TYPE type : types) {
typeSet.add(type);
}
}
return acl;
}
use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.
the class PermissionsManagerImpl method validateACLContent.
public static void validateACLContent(AccessControlList acl, UserInfo userInfo, Long ownerId) throws InvalidModelException {
if (acl.getId() == null)
throw new InvalidModelException("Resource ID is null");
if (acl.getResourceAccess() == null)
acl.setResourceAccess(new HashSet<ResourceAccess>());
if (acl.getCreationDate() == null)
acl.setCreationDate(new Date(System.currentTimeMillis()));
// Verify that the caller maintains permissions access
String callerPrincipalId = userInfo.getIndividualGroup().getId();
boolean callerIsOwner = callerPrincipalId.equals(ownerId.toString());
boolean foundCallerInAcl = false;
for (ResourceAccess ra : acl.getResourceAccess()) {
if (ra == null)
throw new InvalidModelException("ACL row is null.");
if (ra.getPrincipalId() == null)
throw new InvalidModelException("Group ID is null");
if (ra.getAccessType().isEmpty())
throw new InvalidModelException("No access types specified.");
if (ra.getPrincipalId().toString().equals(callerPrincipalId)) {
if (ra.getAccessType().contains(ACCESS_TYPE.CHANGE_PERMISSIONS)) {
// Found caller in the ACL, with access to change permissions
foundCallerInAcl = true;
}
}
}
if (!foundCallerInAcl && !userInfo.isAdmin() && !callerIsOwner) {
throw new InvalidModelException("Caller is trying to revoke their own ACL editing permissions.");
}
}
use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.
the class StepControllerTest method testProvenanceSideEffects.
/**
* @throws Exception
*/
@Test
public void testProvenanceSideEffects() throws Exception {
Step step = new Step();
step = testHelper.createEntity(step, null);
// Our extra parameter used to indicate the provenance record to update
Map<String, String> extraParams = new HashMap<String, String>();
extraParams.put(ServiceConstants.STEP_TO_UPDATE_PARAM, step.getId());
// Get a layer, side effect should add it to input references
testHelper.getEntity(layer, extraParams);
// Create a new layer, side effect should be to add it to output
// references
Data outputLayer = new Data();
outputLayer.setParentId(dataset.getId());
outputLayer.setType(LayerTypeNames.M);
outputLayer = testHelper.createEntity(outputLayer, extraParams);
// Create a new code, side effect should be to reference it in the Step
Code code2 = new Code();
code2.setParentId(project.getId());
code2 = testHelper.createEntity(code2, extraParams);
assertEquals(project.getId(), code2.getParentId());
// TODO update a layer, version a layer, etc ...
// Make sure those layers are now referred to by our step
step = testHelper.getEntity(step, null);
assertEquals(layer.getId(), step.getInput().iterator().next().getTargetId());
assertEquals(NodeConstants.DEFAULT_VERSION_NUMBER, step.getInput().iterator().next().getTargetVersionNumber());
assertEquals(outputLayer.getId(), step.getOutput().iterator().next().getTargetId());
assertEquals(NodeConstants.DEFAULT_VERSION_NUMBER, step.getOutput().iterator().next().getTargetVersionNumber());
assertEquals(code2.getId(), step.getCode().iterator().next().getTargetId());
assertEquals(NodeConstants.DEFAULT_VERSION_NUMBER, step.getCode().iterator().next().getTargetVersionNumber());
// Create a new analysis, side effect should be to re-parent the referenced step
Analysis analysis = new Analysis();
analysis.setParentId(project.getId());
analysis.setName("test analysis");
analysis.setDescription("test description");
analysis = testHelper.createEntity(analysis, extraParams);
// Make sure the step's parent is now the analysis
step = testHelper.getEntity(step, null);
assertEquals(analysis.getId(), step.getParentId());
// Confirm that another user cannot read the analysis or the step
testHelper.setTestUser(TEST_USER2);
try {
testHelper.getEntity(step, null);
fail("expected exception");
} catch (ServletTestHelperException e) {
assertEquals(TEST_USER2 + " lacks read access to the requested object.", e.getMessage());
assertEquals(HttpStatus.FORBIDDEN.value(), e.getHttpStatus());
}
// Add a public read ACL to the project object
testHelper.setTestUser(TEST_USER1);
AccessControlList projectAcl = testHelper.getEntityACL(project);
ResourceAccess ac = new ResourceAccess();
UserGroup authenticatedUsers = userGroupDAO.findGroup(AuthorizationConstants.DEFAULT_GROUPS.AUTHENTICATED_USERS.name(), false);
assertNotNull(authenticatedUsers);
ac.setPrincipalId(Long.parseLong(authenticatedUsers.getId()));
ac.setAccessType(new HashSet<ACCESS_TYPE>());
ac.getAccessType().add(ACCESS_TYPE.READ);
projectAcl.getResourceAccess().add(ac);
projectAcl = testHelper.updateEntityAcl(project, projectAcl);
// Ensure that another user can now read the step
testHelper.setTestUser(TEST_USER2);
step = testHelper.getEntity(step, null);
}
use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.
the class EntityBundleServiceImplTest method setUp.
@Before
public void setUp() {
// Mocks
mockServiceProvider = mock(ServiceProvider.class);
mockEntityService = mock(EntityService.class);
entityBundleService = new EntityBundleServiceImpl(mockServiceProvider);
// Entities
project = new Project();
project.setName(DUMMY_PROJECT);
project.setEntityType(project.getClass().getName());
study = new Study();
study.setName(DUMMY_STUDY_1);
study.setEntityType(study.getClass().getName());
study.setParentId(project.getId());
studyWithId = new Study();
studyWithId.setName(DUMMY_STUDY_1);
studyWithId.setEntityType(study.getClass().getName());
studyWithId.setParentId(project.getId());
studyWithId.setId(STUDY_ID);
// Annotations
annos = new Annotations();
annos.addAnnotation("doubleAnno", new Double(45.0001));
annos.addAnnotation("string", "A string");
// ACL
acl = new AccessControlList();
ResourceAccess ra = new ResourceAccess();
ra.setPrincipalId(BOOTSTRAP_USER_GROUP_ID);
Set<ACCESS_TYPE> atypes = new HashSet<ACCESS_TYPE>();
atypes.add(ACCESS_TYPE.READ);
ra.setAccessType(atypes);
Set<ResourceAccess> raSet = new HashSet<ResourceAccess>();
raSet.add(ra);
acl.setResourceAccess(raSet);
// Response bundle
responseBundle = new EntityBundle();
responseBundle.setEntity(study);
responseBundle.setAnnotations(annos);
responseBundle.setAccessControlList(acl);
}
Aggregations