Example 1 with ResourceAccess
use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.
the class JDONodeQueryAuthorizationTest method afterPropertiesSet.
/**
* The setup for this test is expensive so we only do it once after all of the
* beans are ready.
*/
@Override
public void afterPropertiesSet() throws Exception {
Long creatorUserGroupId = Long.parseLong(userGroupDAO.findGroup(AuthorizationConstants.BOOTSTRAP_USER_GROUP_NAME, false).getId());
if (instance != null) {
return;
}
instance = this;
// Keeps track of the users to delete
nodesToDelete = new ArrayList<String>();
groupsToDelete = new ArrayList<String>();
// Create some users
adminUser = createUser("admin@JDONodeQueryAuthorizationTest.org", true);
// Create two groups
groupA = createGroup("groupA@JDONodeQueryAuthorizationTest.org");
groupB = createGroup("groupB@JDONodeQueryAuthorizationTest.org");
// Create users in each group
usersInGroupA = new HashMap<String, UserInfo>();
for (int i = 0; i < 10; i++) {
// Create all of the users
String userId = "userInA" + i + "@JDONodeQueryAuthorizationTest.org";
UserInfo info = createUser(userId, false);
info.getGroups().add(groupA);
usersInGroupA.put(userId, info);
}
// Create group b users
usersInGroupB = new HashMap<String, UserInfo>();
for (int i = 0; i < 7; i++) {
// Create all of the users
String userId = "userInB" + i + "@JDONodeQueryAuthorizationTest.org";
UserInfo info = createUser(userId, false);
info.getGroups().add(groupB);
usersInGroupB.put(userId, info);
}
// Create users in both groups
usersInBothGroups = new HashMap<String, UserInfo>();
for (int i = 0; i < 7; i++) {
// Create all of the users
String userId = "userInBothA&B" + i + "@JDONodeQueryAuthorizationTest.org";
UserInfo info = createUser(userId, false);
info.getGroups().add(groupB);
info.getGroups().add(groupA);
usersInBothGroups.put(userId, info);
}
// Now create the two projects
// Project A
projectA = NodeTestUtils.createNew("projectA", creatorUserGroupId);
projectA.setNodeType(EntityType.project.name());
String id = nodeDao.createNew(projectA);
nodesToDelete.add(id);
projectA = nodeDao.getNode(id);
// Create the ACL for this node.
AccessControlList acl = AccessControlListUtil.createACLToGrantAll(id, adminUser);
// Make sure group A can read from this node
ResourceAccess access = new ResourceAccess();
access.setPrincipalId(Long.parseLong(groupA.getId()));
access.setAccessType(new HashSet<ACCESS_TYPE>());
access.getAccessType().add(ACCESS_TYPE.READ);
acl.getResourceAccess().add(access);
accessControlListDAO.create(acl);
// Project B
projectB = NodeTestUtils.createNew("projectB", creatorUserGroupId);
projectB.setNodeType(EntityType.project.name());
id = nodeDao.createNew(projectB);
nodesToDelete.add(id);
projectB = nodeDao.getNode(id);
// Create the ACL for this node.
acl = AccessControlListUtil.createACLToGrantAll(id, adminUser);
// Make sure group B can read from this node
access = new ResourceAccess();
access.setPrincipalId(Long.parseLong(groupB.getId()));
access.setAccessType(new HashSet<ACCESS_TYPE>());
access.getAccessType().add(ACCESS_TYPE.READ);
acl.getResourceAccess().add(access);
accessControlListDAO.create(acl);
// Now add some nodes to each project.
nodesInProjectA = new HashMap<String, Node>();
for (int i = 0; i < 25; i++) {
Node node = NodeTestUtils.createNew("nodeInProjectA" + i, creatorUserGroupId);
node.setNodeType(EntityType.dataset.name());
node.setParentId(projectA.getId());
id = nodeDao.createNew(node);
// nodesToDelete.add(id);
node = nodeDao.getNode(id);
nodesInProjectA.put(node.getId(), node);
}
// Now add some nodes to each project.
nodesInProjectB = new HashMap<String, Node>();
for (int i = 0; i < 25; i++) {
Node node = NodeTestUtils.createNew("nodeInProjectB" + i, creatorUserGroupId);
node.setNodeType(EntityType.dataset.name());
node.setParentId(projectB.getId());
id = nodeDao.createNew(node);
// nodesToDelete.add(id);
node = nodeDao.getNode(id);
nodesInProjectB.put(node.getId(), node);
// Add an attribute to nodes in group B
NamedAnnotations annos = nodeDao.getAnnotations(id);
assertNotNull(annos);
// fieldTypeDao.addNewType(attributeName, FieldType.LONG_ATTRIBUTE);
annos.getAdditionalAnnotations().addAnnotation(attributeName, new Long(i));
nodeDao.updateAnnotations(id, annos);
}
}
Also used :
AccessControlList(org.sagebionetworks.repo.model.AccessControlList)
ResourceAccess(org.sagebionetworks.repo.model.ResourceAccess)
Node(org.sagebionetworks.repo.model.Node)
UserInfo(org.sagebionetworks.repo.model.UserInfo)
ACCESS_TYPE(org.sagebionetworks.repo.model.ACCESS_TYPE)
NamedAnnotations(org.sagebionetworks.repo.model.NamedAnnotations)
Example 2 with ResourceAccess
use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.
the class EntityBootstrapperImpl method createAcl.
/**
* Build up an ACL from List<AccessBootstrapData> list.
* @param nodeId
* @param list
* @param groupIdMap
* @return
*/
public static AccessControlList createAcl(String nodeId, String creatorPrincipalId, List<AccessBootstrapData> list) throws DatastoreException {
if (nodeId == null)
throw new IllegalArgumentException("NodeId cannot be null");
AccessControlList acl = new AccessControlList();
acl.setCreationDate(new Date(System.currentTimeMillis()));
acl.setId(nodeId);
Set<ResourceAccess> set = new HashSet<ResourceAccess>();
acl.setResourceAccess(set);
for (AccessBootstrapData data : list) {
// For each group add the types requested.
ResourceAccess access = new ResourceAccess();
set.add(access);
Set<ACCESS_TYPE> typeSet = new HashSet<ACCESS_TYPE>();
access.setAccessType(typeSet);
access.setPrincipalId(data.getGroupId());
// Add each type to the set
List<ACCESS_TYPE> types = data.getAccessTypeList();
for (ACCESS_TYPE type : types) {
typeSet.add(type);
}
}
return acl;
}
Also used :
AccessControlList(org.sagebionetworks.repo.model.AccessControlList)
ResourceAccess(org.sagebionetworks.repo.model.ResourceAccess)
ACCESS_TYPE(org.sagebionetworks.repo.model.ACCESS_TYPE)
Date(java.util.Date)
HashSet(java.util.HashSet)
Example 3 with ResourceAccess
use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.
the class PermissionsManagerImpl method validateACLContent.
public static void validateACLContent(AccessControlList acl, UserInfo userInfo, Long ownerId) throws InvalidModelException {
if (acl.getId() == null)
throw new InvalidModelException("Resource ID is null");
if (acl.getResourceAccess() == null)
acl.setResourceAccess(new HashSet<ResourceAccess>());
if (acl.getCreationDate() == null)
acl.setCreationDate(new Date(System.currentTimeMillis()));
// Verify that the caller maintains permissions access
String callerPrincipalId = userInfo.getIndividualGroup().getId();
boolean callerIsOwner = callerPrincipalId.equals(ownerId.toString());
boolean foundCallerInAcl = false;
for (ResourceAccess ra : acl.getResourceAccess()) {
if (ra == null)
throw new InvalidModelException("ACL row is null.");
if (ra.getPrincipalId() == null)
throw new InvalidModelException("Group ID is null");
if (ra.getAccessType().isEmpty())
throw new InvalidModelException("No access types specified.");
if (ra.getPrincipalId().toString().equals(callerPrincipalId)) {
if (ra.getAccessType().contains(ACCESS_TYPE.CHANGE_PERMISSIONS)) {
// Found caller in the ACL, with access to change permissions
foundCallerInAcl = true;
}
}
}
if (!foundCallerInAcl && !userInfo.isAdmin() && !callerIsOwner) {
throw new InvalidModelException("Caller is trying to revoke their own ACL editing permissions.");
}
}
Also used :
InvalidModelException(org.sagebionetworks.repo.model.InvalidModelException)
ResourceAccess(org.sagebionetworks.repo.model.ResourceAccess)
Date(java.util.Date)
HashSet(java.util.HashSet)
Example 4 with ResourceAccess
use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.
the class StepControllerTest method testProvenanceSideEffects.
/**
* @throws Exception
*/
@Test
public void testProvenanceSideEffects() throws Exception {
Step step = new Step();
step = testHelper.createEntity(step, null);
// Our extra parameter used to indicate the provenance record to update
Map<String, String> extraParams = new HashMap<String, String>();
extraParams.put(ServiceConstants.STEP_TO_UPDATE_PARAM, step.getId());
// Get a layer, side effect should add it to input references
testHelper.getEntity(layer, extraParams);
// Create a new layer, side effect should be to add it to output
// references
Data outputLayer = new Data();
outputLayer.setParentId(dataset.getId());
outputLayer.setType(LayerTypeNames.M);
outputLayer = testHelper.createEntity(outputLayer, extraParams);
// Create a new code, side effect should be to reference it in the Step
Code code2 = new Code();
code2.setParentId(project.getId());
code2 = testHelper.createEntity(code2, extraParams);
assertEquals(project.getId(), code2.getParentId());
// TODO update a layer, version a layer, etc ...
// Make sure those layers are now referred to by our step
step = testHelper.getEntity(step, null);
assertEquals(layer.getId(), step.getInput().iterator().next().getTargetId());
assertEquals(NodeConstants.DEFAULT_VERSION_NUMBER, step.getInput().iterator().next().getTargetVersionNumber());
assertEquals(outputLayer.getId(), step.getOutput().iterator().next().getTargetId());
assertEquals(NodeConstants.DEFAULT_VERSION_NUMBER, step.getOutput().iterator().next().getTargetVersionNumber());
assertEquals(code2.getId(), step.getCode().iterator().next().getTargetId());
assertEquals(NodeConstants.DEFAULT_VERSION_NUMBER, step.getCode().iterator().next().getTargetVersionNumber());
// Create a new analysis, side effect should be to re-parent the referenced step
Analysis analysis = new Analysis();
analysis.setParentId(project.getId());
analysis.setName("test analysis");
analysis.setDescription("test description");
analysis = testHelper.createEntity(analysis, extraParams);
// Make sure the step's parent is now the analysis
step = testHelper.getEntity(step, null);
assertEquals(analysis.getId(), step.getParentId());
// Confirm that another user cannot read the analysis or the step
testHelper.setTestUser(TEST_USER2);
try {
testHelper.getEntity(step, null);
fail("expected exception");
} catch (ServletTestHelperException e) {
assertEquals(TEST_USER2 + " lacks read access to the requested object.", e.getMessage());
assertEquals(HttpStatus.FORBIDDEN.value(), e.getHttpStatus());
}
// Add a public read ACL to the project object
testHelper.setTestUser(TEST_USER1);
AccessControlList projectAcl = testHelper.getEntityACL(project);
ResourceAccess ac = new ResourceAccess();
UserGroup authenticatedUsers = userGroupDAO.findGroup(AuthorizationConstants.DEFAULT_GROUPS.AUTHENTICATED_USERS.name(), false);
assertNotNull(authenticatedUsers);
ac.setPrincipalId(Long.parseLong(authenticatedUsers.getId()));
ac.setAccessType(new HashSet<ACCESS_TYPE>());
ac.getAccessType().add(ACCESS_TYPE.READ);
projectAcl.getResourceAccess().add(ac);
projectAcl = testHelper.updateEntityAcl(project, projectAcl);
// Ensure that another user can now read the step
testHelper.setTestUser(TEST_USER2);
step = testHelper.getEntity(step, null);
}
Also used :
AccessControlList(org.sagebionetworks.repo.model.AccessControlList)
ResourceAccess(org.sagebionetworks.repo.model.ResourceAccess)
HashMap(java.util.HashMap)
Data(org.sagebionetworks.repo.model.Data)
Step(org.sagebionetworks.repo.model.Step)
Code(org.sagebionetworks.repo.model.Code)
UserGroup(org.sagebionetworks.repo.model.UserGroup)
Analysis(org.sagebionetworks.repo.model.Analysis)
ACCESS_TYPE(org.sagebionetworks.repo.model.ACCESS_TYPE)
Test(org.junit.Test)
Example 5 with ResourceAccess
use of org.sagebionetworks.repo.model.ResourceAccess in project Synapse-Repository-Services by Sage-Bionetworks.
the class EntityBundleServiceImplTest method setUp.
@Before
public void setUp() {
// Mocks
mockServiceProvider = mock(ServiceProvider.class);
mockEntityService = mock(EntityService.class);
entityBundleService = new EntityBundleServiceImpl(mockServiceProvider);
// Entities
project = new Project();
project.setName(DUMMY_PROJECT);
project.setEntityType(project.getClass().getName());
study = new Study();
study.setName(DUMMY_STUDY_1);
study.setEntityType(study.getClass().getName());
study.setParentId(project.getId());
studyWithId = new Study();
studyWithId.setName(DUMMY_STUDY_1);
studyWithId.setEntityType(study.getClass().getName());
studyWithId.setParentId(project.getId());
studyWithId.setId(STUDY_ID);
// Annotations
annos = new Annotations();
annos.addAnnotation("doubleAnno", new Double(45.0001));
annos.addAnnotation("string", "A string");
// ACL
acl = new AccessControlList();
ResourceAccess ra = new ResourceAccess();
ra.setPrincipalId(BOOTSTRAP_USER_GROUP_ID);
Set<ACCESS_TYPE> atypes = new HashSet<ACCESS_TYPE>();
atypes.add(ACCESS_TYPE.READ);
ra.setAccessType(atypes);
Set<ResourceAccess> raSet = new HashSet<ResourceAccess>();
raSet.add(ra);
acl.setResourceAccess(raSet);
// Response bundle
responseBundle = new EntityBundle();
responseBundle.setEntity(study);
responseBundle.setAnnotations(annos);
responseBundle.setAccessControlList(acl);
}
Also used :
AccessControlList(org.sagebionetworks.repo.model.AccessControlList)
Study(org.sagebionetworks.repo.model.Study)
ResourceAccess(org.sagebionetworks.repo.model.ResourceAccess)
Project(org.sagebionetworks.repo.model.Project)
Annotations(org.sagebionetworks.repo.model.Annotations)
ACCESS_TYPE(org.sagebionetworks.repo.model.ACCESS_TYPE)
EntityBundle(org.sagebionetworks.repo.model.EntityBundle)
HashSet(java.util.HashSet)
Before(org.junit.Before)
Aggregations
ResourceAccess (org.sagebionetworks.repo.model.ResourceAccess)41
AccessControlList (org.sagebionetworks.repo.model.AccessControlList)35
ACCESS_TYPE (org.sagebionetworks.repo.model.ACCESS_TYPE)32
Test (org.junit.Test)22
HashSet (java.util.HashSet)20
Node (org.sagebionetworks.repo.model.Node)11
Date (java.util.Date)10
UserGroup (org.sagebionetworks.repo.model.UserGroup)10
Project (org.sagebionetworks.repo.model.Project)7
UserInfo (org.sagebionetworks.repo.model.UserInfo)7
ArrayList (java.util.ArrayList)6
Before (org.junit.Before)5
Annotations (org.sagebionetworks.repo.model.Annotations)5
Study (org.sagebionetworks.repo.model.Study)5
HashMap (java.util.HashMap)3
Data (org.sagebionetworks.repo.model.Data)3
EntityHeader (org.sagebionetworks.repo.model.EntityHeader)3
EntityPath (org.sagebionetworks.repo.model.EntityPath)3
NamedAnnotations (org.sagebionetworks.repo.model.NamedAnnotations)3
Reference (org.sagebionetworks.repo.model.Reference)3
