StudyAclEntry.StudyPermissions.VIEW_SAMPLES.name(), SampleAclEntry.SamplePermissions.VIEW.name(), Entity.SAMPLE.name());
.map(JobAclEntry.JobPermissions::toString) .collect(Collectors.toList())); this.fullPermissionsMap.put(Entity.SAMPLE, Arrays.stream(SampleAclEntry.SamplePermissions.values()) .map(SampleAclEntry.SamplePermissions::toString) .collect(Collectors.toList()));
assertEquals(2, sampleAcl.getNumResults()); for (SampleAclEntry sampleAclEntry : sampleAcl.getResult()) { assertTrue(sampleAclEntry.getPermissions().contains(SampleAclEntry.SamplePermissions.valueOf("VIEW"))); assertTrue(sampleAclEntry.getPermissions().contains(SampleAclEntry.SamplePermissions.valueOf("UPDATE"))); for (SampleAclEntry sampleAclEntry : sampleAcl.getResult()) { if (sampleAclEntry.getMember().equals("user1")) { assertTrue(sampleAclEntry.getPermissions().contains(SampleAclEntry.SamplePermissions.valueOf("DELETE"))); } else { assertEquals("user2", sampleAclEntry.getMember()); assertTrue(sampleAclEntry.getPermissions().contains(SampleAclEntry.SamplePermissions.valueOf("VIEW"))); assertTrue(sampleAclEntry.getPermissions().contains(SampleAclEntry.SamplePermissions.valueOf("UPDATE"))); for (SampleAclEntry sampleAclEntry : sampleAcl.getResult()) { if (sampleAclEntry.getMember().equals("user2")) { assertTrue(sampleAclEntry.getPermissions().contains(SampleAclEntry.SamplePermissions.valueOf("VIEW"))); assertTrue(sampleAclEntry.getPermissions().contains(SampleAclEntry.SamplePermissions.valueOf("UPDATE"))); } else { assertEquals("user4", sampleAclEntry.getMember()); assertEquals(1, sampleAcl.getNumResults()); assertEquals("user2", sampleAcl.first().getMember()); assertTrue(sampleAcl.first().getPermissions().contains(SampleAclEntry.SamplePermissions.valueOf("VIEW"))); assertTrue(sampleAcl.first().getPermissions().contains(SampleAclEntry.SamplePermissions.valueOf("UPDATE")));
studyPermission.name(), studyPermission.getSamplePermission().name(), Entity.SAMPLE.name()); Bson bson = parseQuery(finalQuery, false, queryForAuthorisedEntries);
@Test public void testGetSampleAndIndividualWithPermissionsChecked() throws CatalogException { String sampleId1 = catalogManager.getSampleManager() .create(studyFqn, new Sample().setId("SAMPLE_1"), new QueryOptions(), sessionIdUser).first().getId(); String individualId = catalogManager.getIndividualManager().create(studyFqn, new Individual().setId("Individual1"), new QueryOptions(), sessionIdUser).first().getId(); Sample sample = catalogManager.getSampleManager() .update(studyFqn, sampleId1, new ObjectMap(SampleDBAdaptor.QueryParams.INDIVIDUAL.key(), individualId), new QueryOptions("lazy", false), sessionIdUser).first(); assertEquals(individualId, ((Individual) sample.getAttributes().get("individual")).getId()); assertEquals(sampleId1, sample.getId()); catalogManager.getSampleManager().updateAcl(studyFqn, Collections.singletonList("SAMPLE_1"), "user2", new Sample.SampleAclParams(SampleAclEntry.SamplePermissions.VIEW.name(), AclParams.Action.SET, null, null, null), sessionIdUser); sample = catalogManager.getSampleManager().get(studyFqn, "SAMPLE_1", new QueryOptions("lazy", false), sessionIdUser2).first(); assertEquals(null, sample.getAttributes().get("individual")); assertEquals(sampleId1, sample.getId()); catalogManager.getSampleManager().updateAcl(studyFqn, Collections.singletonList("SAMPLE_1"), "user2", new Sample.SampleAclParams(SampleAclEntry.SamplePermissions.VIEW.name(), AclParams.Action.SET, null, null, null, true), sessionIdUser); sample = catalogManager.getSampleManager().get(studyFqn, "SAMPLE_1", new QueryOptions("lazy", false), sessionIdUser2).first(); assertEquals(individualId, ((Individual) sample.getAttributes().get("individual")).getId()); assertEquals(sampleId1, sample.getId()); sample = catalogManager.getSampleManager().get(studyFqn, new Query("individual", "Individual1"), new QueryOptions("lazy", false), sessionIdUser2).first(); assertEquals(individualId, ((Individual) sample.getAttributes().get("individual")).getId()); assertEquals(sampleId1, sample.getId()); }
@Test public void testPermissionRulesPlusManualPermissions() throws CatalogException { // We create a new sample s2 Sample s2 = dbAdaptorFactory.getCatalogSampleDBAdaptor().insert(studyId, new Sample("s2", "", new Individual(), null, null, 1, 1, "", "", false, Collections.emptyList(), new ArrayList<>(), Collections.emptyMap()), QueryOptions.empty()).first(); // We create a new permission rule PermissionRule pr = new PermissionRule("myPermissionRule", new Query(), Arrays.asList(user3.getId()), Arrays.asList(SampleAclEntry.SamplePermissions.VIEW.name())); dbAdaptorFactory.getCatalogStudyDBAdaptor().createPermissionRule(studyId, Study.Entity.SAMPLES, pr); // Apply the permission rule aclDBAdaptor.applyPermissionRules(studyId, pr, Study.Entity.SAMPLES); // All the samples should have view permissions for user user2 List<QueryResult<AbstractAclEntry>> queryResults = aclDBAdaptor.get(Arrays.asList(s1.getUid(), s2.getUid()), Arrays.asList(user3.getId()), Entity.SAMPLE); for (QueryResult<AbstractAclEntry> queryResult : queryResults) { assertEquals(1, queryResult.first().getPermissions().size()); assertTrue(queryResult.first().getPermissions().contains(SampleAclEntry.SamplePermissions.VIEW)); } // Assign a manual permission to s2 aclDBAdaptor.addToMembers(Arrays.asList(s2.getUid()), Arrays.asList(user3.getId()), Arrays.asList(SampleAclEntry.SamplePermissions.DELETE.name()), Entity.SAMPLE); }
@Before public void before() throws IOException, CatalogException { MongoDBAdaptorTest dbAdaptorTest = new MongoDBAdaptorTest(); dbAdaptorTest.before(); Configuration configuration = Configuration.load(getClass().getResource("/configuration-test.yml").openStream()); user1 = MongoDBAdaptorTest.user1; user2 = MongoDBAdaptorTest.user2; user3 = MongoDBAdaptorTest.user3; dbAdaptorFactory = MongoDBAdaptorTest.catalogDBAdaptor; aclDBAdaptor = new AuthorizationMongoDBAdaptor(configuration); studyId = user3.getProjects().get(0).getStudies().get(0).getUid(); s1 = dbAdaptorFactory.getCatalogSampleDBAdaptor().insert(studyId, new Sample("s1", "", new Individual(), null, null, 1, 1, "", "", false, Collections.emptyList(), new ArrayList<>(), Collections.emptyMap()), QueryOptions.empty()).first(); acl_s1_user1 = new SampleAclEntry(user1.getId(), Arrays.asList()); acl_s1_user2 = new SampleAclEntry(user2.getId(), Arrays.asList( SampleAclEntry.SamplePermissions.VIEW.name(), SampleAclEntry.SamplePermissions.VIEW_ANNOTATIONS.name(), SampleAclEntry.SamplePermissions.UPDATE.name() )); aclDBAdaptor.setAcls(Arrays.asList(s1.getUid()), Arrays.asList(acl_s1_user1, acl_s1_user2), Entity.SAMPLE); }
@Test public void setSampleAclOverride() throws Exception { assertEquals(acl_s1_user2.getPermissions(), aclDBAdaptor.get(s1.getUid(), Arrays.asList(user2.getId()), Entity.SAMPLE).first().getPermissions()); SampleAclEntry newAcl = new SampleAclEntry(user2.getId(), Arrays.asList(SampleAclEntry.SamplePermissions.DELETE.name())); assertTrue(!acl_s1_user2.getPermissions().equals(newAcl.getPermissions())); // Todo: Remove this in 1.4 List<String> allSamplePermissions = EnumSet.allOf(SampleAclEntry.SamplePermissions.class) .stream() .map(String::valueOf) .collect(Collectors.toList()); aclDBAdaptor.setToMembers(Arrays.asList(s1.getUid()), Arrays.asList(user2.getId()), Arrays.asList(SampleAclEntry.SamplePermissions.DELETE.name()), allSamplePermissions, Entity.SAMPLE); // sampleDBAdaptor.setSampleAcl(s1.getId(), newAcl, true); assertEquals(newAcl.getPermissions(), aclDBAdaptor.get(s1.getUid(), Arrays.asList(user2.getId()), Entity.SAMPLE).first().getPermissions()); }
@Override public QueryResult groupBy(Query query, List<String> fields, QueryOptions options, String user) throws CatalogDBException, CatalogAuthorizationException { Document studyDocument = getStudyDocument(query); Document queryForAuthorisedEntries; if (containsAnnotationQuery(query)) { queryForAuthorisedEntries = getQueryForAuthorisedEntries(studyDocument, user, StudyAclEntry.StudyPermissions.VIEW_SAMPLE_ANNOTATIONS.name(), SampleAclEntry.SamplePermissions.VIEW_ANNOTATIONS.name(), Entity.SAMPLE.name()); } else { queryForAuthorisedEntries = getQueryForAuthorisedEntries(studyDocument, user, StudyAclEntry.StudyPermissions.VIEW_SAMPLES.name(), SampleAclEntry.SamplePermissions.VIEW.name(), Entity.SAMPLE.name()); } filterOutDeleted(query); Bson bsonQuery = parseQuery(query, false, queryForAuthorisedEntries); return groupBy(sampleCollection, bsonQuery, fields, QueryParams.ID.key(), options); }
@Override public QueryResult groupBy(Query query, String field, QueryOptions options, String user) throws CatalogDBException, CatalogAuthorizationException { Document studyDocument = getStudyDocument(query); Document queryForAuthorisedEntries; if (containsAnnotationQuery(query)) { queryForAuthorisedEntries = getQueryForAuthorisedEntries(studyDocument, user, StudyAclEntry.StudyPermissions.VIEW_SAMPLE_ANNOTATIONS.name(), SampleAclEntry.SamplePermissions.VIEW_ANNOTATIONS.name(), Entity.SAMPLE.name()); } else { queryForAuthorisedEntries = getQueryForAuthorisedEntries(studyDocument, user, StudyAclEntry.StudyPermissions.VIEW_SAMPLES.name(), SampleAclEntry.SamplePermissions.VIEW.name(), Entity.SAMPLE.name()); } filterOutDeleted(query); Bson bsonQuery = parseQuery(query, false, queryForAuthorisedEntries); return groupBy(sampleCollection, bsonQuery, field, QueryParams.ID.key(), options); }
@Override public DBIterator nativeIterator(Query query, QueryOptions options, String user) throws CatalogDBException, CatalogAuthorizationException { QueryOptions queryOptions = options != null ? new QueryOptions(options) : new QueryOptions(); queryOptions.put(NATIVE_QUERY, true); Document studyDocument = getStudyDocument(query); MongoCursor<Document> mongoCursor = getMongoCursor(query, queryOptions, studyDocument, user); Function<Document, Document> iteratorFilter = (d) -> filterAnnotationSets(studyDocument, d, user, StudyAclEntry.StudyPermissions.VIEW_SAMPLE_ANNOTATIONS.name(), SampleAclEntry.SamplePermissions.VIEW_ANNOTATIONS.name()); return new SampleMongoDBIterator<>(mongoCursor, null, iteratorFilter, dbAdaptorFactory.getCatalogIndividualDBAdaptor(), query.getLong(PRIVATE_STUDY_ID), user, options); }
public SampleAclEntry(String member, ObjectMap permissions) { super(member, EnumSet.noneOf(SamplePermissions.class)); EnumSet<SamplePermissions> aux = EnumSet.allOf(SamplePermissions.class); for (SamplePermissions permission : aux) { if (permissions.containsKey(permission.name()) && permissions.getBoolean(permission.name())) { this.permissions.add(permission); } } }
public SampleAclEntry.SamplePermissions getSamplePermission() { if (this.type == SAMPLE) { return SampleAclEntry.SamplePermissions.valueOf(this.permission); } return null; }
@Override public DBIterator<Sample> iterator(Query query, QueryOptions options, String user) throws CatalogDBException, CatalogAuthorizationException { Document studyDocument = getStudyDocument(query); MongoCursor<Document> mongoCursor = getMongoCursor(query, options, studyDocument, user); Function<Document, Document> iteratorFilter = (d) -> filterAnnotationSets(studyDocument, d, user, StudyAclEntry.StudyPermissions.VIEW_SAMPLE_ANNOTATIONS.name(), SampleAclEntry.SamplePermissions.VIEW_ANNOTATIONS.name()); return new SampleMongoDBIterator<>(mongoCursor, sampleConverter, iteratorFilter, dbAdaptorFactory.getCatalogIndividualDBAdaptor(), query.getLong(PRIVATE_STUDY_ID), user, options); }