Search in sources :

Example 1 with ResourceAccess

use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.

the class JDONodeQueryAuthorizationTest method afterPropertiesSet.

/**
 * The setup for this test is expensive so we only do it once after all of the
 * beans are ready.
 */
@Override
public void afterPropertiesSet() throws Exception {
    Long creatorUserGroupId = Long.parseLong(userGroupDAO.findGroup(AuthorizationConstants.BOOTSTRAP_USER_GROUP_NAME, false).getId());
    if (instance != null) {
        return;
    }
    instance = this;
    // Keeps track of the users to delete
    nodesToDelete = new ArrayList<String>();
    groupsToDelete = new ArrayList<String>();
    // Create some users
    adminUser = createUser("admin@JDONodeQueryAuthorizationTest.org", true);
    // Create two groups
    groupA = createGroup("groupA@JDONodeQueryAuthorizationTest.org");
    groupB = createGroup("groupB@JDONodeQueryAuthorizationTest.org");
    // Create users in each group
    usersInGroupA = new HashMap<String, UserInfo>();
    for (int i = 0; i < 10; i++) {
        // Create all of the users
        String userId = "userInA" + i + "@JDONodeQueryAuthorizationTest.org";
        UserInfo info = createUser(userId, false);
        info.getGroups().add(groupA);
        usersInGroupA.put(userId, info);
    }
    // Create group b users
    usersInGroupB = new HashMap<String, UserInfo>();
    for (int i = 0; i < 7; i++) {
        // Create all of the users
        String userId = "userInB" + i + "@JDONodeQueryAuthorizationTest.org";
        UserInfo info = createUser(userId, false);
        info.getGroups().add(groupB);
        usersInGroupB.put(userId, info);
    }
    // Create users in both groups
    usersInBothGroups = new HashMap<String, UserInfo>();
    for (int i = 0; i < 7; i++) {
        // Create all of the users
        String userId = "userInBothA&B" + i + "@JDONodeQueryAuthorizationTest.org";
        UserInfo info = createUser(userId, false);
        info.getGroups().add(groupB);
        info.getGroups().add(groupA);
        usersInBothGroups.put(userId, info);
    }
    // Now create the two projects
    // Project A
    projectA = NodeTestUtils.createNew("projectA", creatorUserGroupId);
    projectA.setNodeType(EntityType.project.name());
    String id = nodeDao.createNew(projectA);
    nodesToDelete.add(id);
    projectA = nodeDao.getNode(id);
    // Create the ACL for this node.
    AccessControlList acl = AccessControlListUtil.createACLToGrantAll(id, adminUser);
    // Make sure group A can read from this node
    ResourceAccess access = new ResourceAccess();
    access.setPrincipalId(Long.parseLong(groupA.getId()));
    access.setAccessType(new HashSet<ACCESS_TYPE>());
    access.getAccessType().add(ACCESS_TYPE.READ);
    acl.getResourceAccess().add(access);
    accessControlListDAO.create(acl);
    // Project B
    projectB = NodeTestUtils.createNew("projectB", creatorUserGroupId);
    projectB.setNodeType(EntityType.project.name());
    id = nodeDao.createNew(projectB);
    nodesToDelete.add(id);
    projectB = nodeDao.getNode(id);
    // Create the ACL for this node.
    acl = AccessControlListUtil.createACLToGrantAll(id, adminUser);
    // Make sure group B can read from this node
    access = new ResourceAccess();
    access.setPrincipalId(Long.parseLong(groupB.getId()));
    access.setAccessType(new HashSet<ACCESS_TYPE>());
    access.getAccessType().add(ACCESS_TYPE.READ);
    acl.getResourceAccess().add(access);
    accessControlListDAO.create(acl);
    // Now add some nodes to each project.
    nodesInProjectA = new HashMap<String, Node>();
    for (int i = 0; i < 25; i++) {
        Node node = NodeTestUtils.createNew("nodeInProjectA" + i, creatorUserGroupId);
        node.setNodeType(EntityType.dataset.name());
        node.setParentId(projectA.getId());
        id = nodeDao.createNew(node);
        // nodesToDelete.add(id);
        node = nodeDao.getNode(id);
        nodesInProjectA.put(node.getId(), node);
    }
    // Now add some nodes to each project.
    nodesInProjectB = new HashMap<String, Node>();
    for (int i = 0; i < 25; i++) {
        Node node = NodeTestUtils.createNew("nodeInProjectB" + i, creatorUserGroupId);
        node.setNodeType(EntityType.dataset.name());
        node.setParentId(projectB.getId());
        id = nodeDao.createNew(node);
        // nodesToDelete.add(id);
        node = nodeDao.getNode(id);
        nodesInProjectB.put(node.getId(), node);
        // Add an attribute to nodes in group B
        NamedAnnotations annos = nodeDao.getAnnotations(id);
        assertNotNull(annos);
        // fieldTypeDao.addNewType(attributeName, FieldType.LONG_ATTRIBUTE);
        annos.getAdditionalAnnotations().addAnnotation(attributeName, new Long(i));
        nodeDao.updateAnnotations(id, annos);
    }
}
Also used : AccessControlList(org.sagebionetworks.repo.model.AccessControlList) ResourceAccess(org.sagebionetworks.repo.model.ResourceAccess) Node(org.sagebionetworks.repo.model.Node) UserInfo(org.sagebionetworks.repo.model.UserInfo) ACCESS_TYPE(org.sagebionetworks.repo.model.ACCESS_TYPE) NamedAnnotations(org.sagebionetworks.repo.model.NamedAnnotations)

Example 2 with ResourceAccess

use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.

the class EntityBootstrapperImpl method createAcl.

/**
 * Build up an ACL from List<AccessBootstrapData> list.
 * @param nodeId
 * @param list
 * @param groupIdMap
 * @return
 */
public static AccessControlList createAcl(String nodeId, String creatorPrincipalId, List<AccessBootstrapData> list) throws DatastoreException {
    if (nodeId == null)
        throw new IllegalArgumentException("NodeId cannot be null");
    AccessControlList acl = new AccessControlList();
    acl.setCreationDate(new Date(System.currentTimeMillis()));
    acl.setId(nodeId);
    Set<ResourceAccess> set = new HashSet<ResourceAccess>();
    acl.setResourceAccess(set);
    for (AccessBootstrapData data : list) {
        // For each group add the types requested.
        ResourceAccess access = new ResourceAccess();
        set.add(access);
        Set<ACCESS_TYPE> typeSet = new HashSet<ACCESS_TYPE>();
        access.setAccessType(typeSet);
        access.setPrincipalId(data.getGroupId());
        // Add each type to the set
        List<ACCESS_TYPE> types = data.getAccessTypeList();
        for (ACCESS_TYPE type : types) {
            typeSet.add(type);
        }
    }
    return acl;
}
Also used : AccessControlList(org.sagebionetworks.repo.model.AccessControlList) ResourceAccess(org.sagebionetworks.repo.model.ResourceAccess) ACCESS_TYPE(org.sagebionetworks.repo.model.ACCESS_TYPE) Date(java.util.Date) HashSet(java.util.HashSet)

Example 3 with ResourceAccess

use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.

the class PermissionsManagerImpl method validateACLContent.

public static void validateACLContent(AccessControlList acl, UserInfo userInfo, Long ownerId) throws InvalidModelException {
    if (acl.getId() == null)
        throw new InvalidModelException("Resource ID is null");
    if (acl.getResourceAccess() == null)
        acl.setResourceAccess(new HashSet<ResourceAccess>());
    if (acl.getCreationDate() == null)
        acl.setCreationDate(new Date(System.currentTimeMillis()));
    // Verify that the caller maintains permissions access
    String callerPrincipalId = userInfo.getIndividualGroup().getId();
    boolean callerIsOwner = callerPrincipalId.equals(ownerId.toString());
    boolean foundCallerInAcl = false;
    for (ResourceAccess ra : acl.getResourceAccess()) {
        if (ra == null)
            throw new InvalidModelException("ACL row is null.");
        if (ra.getPrincipalId() == null)
            throw new InvalidModelException("Group ID is null");
        if (ra.getAccessType().isEmpty())
            throw new InvalidModelException("No access types specified.");
        if (ra.getPrincipalId().toString().equals(callerPrincipalId)) {
            if (ra.getAccessType().contains(ACCESS_TYPE.CHANGE_PERMISSIONS)) {
                // Found caller in the ACL, with access to change permissions
                foundCallerInAcl = true;
            }
        }
    }
    if (!foundCallerInAcl && !userInfo.isAdmin() && !callerIsOwner) {
        throw new InvalidModelException("Caller is trying to revoke their own ACL editing permissions.");
    }
}
Also used : InvalidModelException(org.sagebionetworks.repo.model.InvalidModelException) ResourceAccess(org.sagebionetworks.repo.model.ResourceAccess) Date(java.util.Date) HashSet(java.util.HashSet)

Example 4 with ResourceAccess

use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.

the class StepControllerTest method testProvenanceSideEffects.

/**
 * @throws Exception
 */
@Test
public void testProvenanceSideEffects() throws Exception {
    Step step = new Step();
    step = testHelper.createEntity(step, null);
    // Our extra parameter used to indicate the provenance record to update
    Map<String, String> extraParams = new HashMap<String, String>();
    extraParams.put(ServiceConstants.STEP_TO_UPDATE_PARAM, step.getId());
    // Get a layer, side effect should add it to input references
    testHelper.getEntity(layer, extraParams);
    // Create a new layer, side effect should be to add it to output
    // references
    Data outputLayer = new Data();
    outputLayer.setParentId(dataset.getId());
    outputLayer.setType(LayerTypeNames.M);
    outputLayer = testHelper.createEntity(outputLayer, extraParams);
    // Create a new code, side effect should be to reference it in the Step
    Code code2 = new Code();
    code2.setParentId(project.getId());
    code2 = testHelper.createEntity(code2, extraParams);
    assertEquals(project.getId(), code2.getParentId());
    // TODO update a layer, version a layer, etc ...
    // Make sure those layers are now referred to by our step
    step = testHelper.getEntity(step, null);
    assertEquals(layer.getId(), step.getInput().iterator().next().getTargetId());
    assertEquals(NodeConstants.DEFAULT_VERSION_NUMBER, step.getInput().iterator().next().getTargetVersionNumber());
    assertEquals(outputLayer.getId(), step.getOutput().iterator().next().getTargetId());
    assertEquals(NodeConstants.DEFAULT_VERSION_NUMBER, step.getOutput().iterator().next().getTargetVersionNumber());
    assertEquals(code2.getId(), step.getCode().iterator().next().getTargetId());
    assertEquals(NodeConstants.DEFAULT_VERSION_NUMBER, step.getCode().iterator().next().getTargetVersionNumber());
    // Create a new analysis, side effect should be to re-parent the referenced step
    Analysis analysis = new Analysis();
    analysis.setParentId(project.getId());
    analysis.setName("test analysis");
    analysis.setDescription("test description");
    analysis = testHelper.createEntity(analysis, extraParams);
    // Make sure the step's parent is now the analysis
    step = testHelper.getEntity(step, null);
    assertEquals(analysis.getId(), step.getParentId());
    // Confirm that another user cannot read the analysis or the step
    testHelper.setTestUser(TEST_USER2);
    try {
        testHelper.getEntity(step, null);
        fail("expected exception");
    } catch (ServletTestHelperException e) {
        assertEquals(TEST_USER2 + " lacks read access to the requested object.", e.getMessage());
        assertEquals(HttpStatus.FORBIDDEN.value(), e.getHttpStatus());
    }
    // Add a public read ACL to the project object
    testHelper.setTestUser(TEST_USER1);
    AccessControlList projectAcl = testHelper.getEntityACL(project);
    ResourceAccess ac = new ResourceAccess();
    UserGroup authenticatedUsers = userGroupDAO.findGroup(AuthorizationConstants.DEFAULT_GROUPS.AUTHENTICATED_USERS.name(), false);
    assertNotNull(authenticatedUsers);
    ac.setPrincipalId(Long.parseLong(authenticatedUsers.getId()));
    ac.setAccessType(new HashSet<ACCESS_TYPE>());
    ac.getAccessType().add(ACCESS_TYPE.READ);
    projectAcl.getResourceAccess().add(ac);
    projectAcl = testHelper.updateEntityAcl(project, projectAcl);
    // Ensure that another user can now read the step
    testHelper.setTestUser(TEST_USER2);
    step = testHelper.getEntity(step, null);
}
Also used : AccessControlList(org.sagebionetworks.repo.model.AccessControlList) ResourceAccess(org.sagebionetworks.repo.model.ResourceAccess) HashMap(java.util.HashMap) Data(org.sagebionetworks.repo.model.Data) Step(org.sagebionetworks.repo.model.Step) Code(org.sagebionetworks.repo.model.Code) UserGroup(org.sagebionetworks.repo.model.UserGroup) Analysis(org.sagebionetworks.repo.model.Analysis) ACCESS_TYPE(org.sagebionetworks.repo.model.ACCESS_TYPE) Test(org.junit.Test)

Example 5 with ResourceAccess

use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.

the class EntityBundleServiceImplTest method setUp.

@Before
public void setUp() {
    // Mocks
    mockServiceProvider = mock(ServiceProvider.class);
    mockEntityService = mock(EntityService.class);
    entityBundleService = new EntityBundleServiceImpl(mockServiceProvider);
    // Entities
    project = new Project();
    project.setName(DUMMY_PROJECT);
    project.setEntityType(project.getClass().getName());
    study = new Study();
    study.setName(DUMMY_STUDY_1);
    study.setEntityType(study.getClass().getName());
    study.setParentId(project.getId());
    studyWithId = new Study();
    studyWithId.setName(DUMMY_STUDY_1);
    studyWithId.setEntityType(study.getClass().getName());
    studyWithId.setParentId(project.getId());
    studyWithId.setId(STUDY_ID);
    // Annotations
    annos = new Annotations();
    annos.addAnnotation("doubleAnno", new Double(45.0001));
    annos.addAnnotation("string", "A string");
    // ACL
    acl = new AccessControlList();
    ResourceAccess ra = new ResourceAccess();
    ra.setPrincipalId(BOOTSTRAP_USER_GROUP_ID);
    Set<ACCESS_TYPE> atypes = new HashSet<ACCESS_TYPE>();
    atypes.add(ACCESS_TYPE.READ);
    ra.setAccessType(atypes);
    Set<ResourceAccess> raSet = new HashSet<ResourceAccess>();
    raSet.add(ra);
    acl.setResourceAccess(raSet);
    // Response bundle
    responseBundle = new EntityBundle();
    responseBundle.setEntity(study);
    responseBundle.setAnnotations(annos);
    responseBundle.setAccessControlList(acl);
}
Also used : AccessControlList(org.sagebionetworks.repo.model.AccessControlList) Study(org.sagebionetworks.repo.model.Study) ResourceAccess(org.sagebionetworks.repo.model.ResourceAccess) Project(org.sagebionetworks.repo.model.Project) Annotations(org.sagebionetworks.repo.model.Annotations) ACCESS_TYPE(org.sagebionetworks.repo.model.ACCESS_TYPE) EntityBundle(org.sagebionetworks.repo.model.EntityBundle) HashSet(java.util.HashSet) Before(org.junit.Before)

Aggregations

ResourceAccess (org.sagebionetworks.repo.model.ResourceAccess)41 AccessControlList (org.sagebionetworks.repo.model.AccessControlList)35 ACCESS_TYPE (org.sagebionetworks.repo.model.ACCESS_TYPE)32 Test (org.junit.Test)22 HashSet (java.util.HashSet)20 Node (org.sagebionetworks.repo.model.Node)11 Date (java.util.Date)10 UserGroup (org.sagebionetworks.repo.model.UserGroup)10 Project (org.sagebionetworks.repo.model.Project)7 UserInfo (org.sagebionetworks.repo.model.UserInfo)7 ArrayList (java.util.ArrayList)6 Before (org.junit.Before)5 Annotations (org.sagebionetworks.repo.model.Annotations)5 Study (org.sagebionetworks.repo.model.Study)5 HashMap (java.util.HashMap)3 Data (org.sagebionetworks.repo.model.Data)3 EntityHeader (org.sagebionetworks.repo.model.EntityHeader)3 EntityPath (org.sagebionetworks.repo.model.EntityPath)3 NamedAnnotations (org.sagebionetworks.repo.model.NamedAnnotations)3 Reference (org.sagebionetworks.repo.model.Reference)3