public static StudyAclEntry getSpecialPermissions(String member) { for (StudyAclEntry studyAclEntry : SPECIAL_ACL_LIST) { if (studyAclEntry.getMember().equals(member)) { return studyAclEntry; } } return new StudyAclEntry(member, Collections.emptyList()); }
private static boolean checkAdminPermissions(String studyPermission) { Set<String> adminPermissions = CatalogAuthorizationManager.getSpecialPermissions(ADMIN).getPermissions() .stream() .map(String::valueOf) .collect(Collectors.toSet()); if (adminPermissions.contains(studyPermission)) { return true; } return false; }
@Test public void changeUserRole() throws CatalogException { List<QueryResult<StudyAclEntry>> studyAcls = catalogManager.getStudyManager().getAcls(Collections.singletonList(studyFqn), externalUser, false, studyAdmin1SessionId); assertEquals(1, studyAcls.size()); assertEquals(1, studyAcls.get(0).getNumResults()); assertEquals(externalUser, studyAcls.get(0).first().getMember()); // Change role Study.StudyAclParams aclParams1 = new Study.StudyAclParams(null, AclParams.Action.RESET, null); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), externalUser, aclParams1, studyAdmin1SessionId).get(0); Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_ANALYST); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), externalUser, aclParams, studyAdmin1SessionId).get(0); studyAcls = catalogManager.getStudyManager().getAcls(Collections.singletonList(studyFqn), externalUser, false, studyAdmin1SessionId); assertEquals(1, studyAcls.size()); assertEquals(1, studyAcls.get(0).getNumResults()); assertEquals(externalUser, studyAcls.get(0).first().getMember()); assertArrayEquals(AuthorizationManager.getAnalystAcls().toArray(), studyAcls.get(0).first().getPermissions().toArray()); }
@Test public void testAssignPermissions() throws CatalogException, IOException { catalogManager.getUserManager().create("test", "test", "test@mail.com", "test", null, 100L, "guest", null, null); catalogManager.getStudyManager().createGroup("user@1000G:phase1", "group_cancer_some_thing_else", "test", sessionIdUser); List<QueryResult<StudyAclEntry>> permissions = catalogManager.getStudyManager().updateAcl( Collections.singletonList("user@1000G:phase1"), "@group_cancer_some_thing_else", new Study.StudyAclParams("", AclParams.Action.SET, "view_only"), sessionIdUser); assertEquals("@group_cancer_some_thing_else", permissions.get(0).first().getMember()); String token = catalogManager.getUserManager().login("test", "test"); QueryResult<Study> studyQueryResult = catalogManager.getStudyManager().get("user@1000G:phase1", QueryOptions.empty(), token); assertEquals(1, studyQueryResult.getNumResults()); assertTrue(studyQueryResult.first().getAttributes().isEmpty()); studyQueryResult = catalogManager.getStudyManager().get("user@1000G:phase1", new QueryOptions(DBAdaptor.INCLUDE_ACLS, true), token); assertEquals(1, studyQueryResult.getNumResults()); assertTrue(!studyQueryResult.first().getAttributes().isEmpty()); assertTrue(studyQueryResult.first().getAttributes().containsKey("OPENCGA_ACL")); List<Map<String, Object>> acls = (List<Map<String, Object>>) studyQueryResult.first().getAttributes().get("OPENCGA_ACL"); assertEquals(1, acls.size()); assertEquals("@group_cancer_some_thing_else", acls.get(0).get("member")); assertTrue(!((List) acls.get(0).get("permissions")).isEmpty()); }
retList = new ArrayList<>(myMap.size()); for (Map.Entry<String, List<String>> stringListEntry : myMap.entrySet()) { retList.add((E) new StudyAclEntry(stringListEntry.getKey(), stringListEntry.getValue()));
@Test public void addExistingGroupToRole() throws CatalogException { String newUser = "newUser"; catalogManager.getUserManager().create(newUser, newUser, "email@ccc.ccc", password, "ASDF", null, Account.FULL, null, null); String group = "@newGroup"; // catalogManager.addUsersToGroup(studyFqn, group, newUser, studyAdmin1SessionId); catalogManager.getStudyManager().createGroup(studyFqn, group, newUser, studyAdmin1SessionId); Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_ANALYST); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), group, aclParams, studyAdmin1SessionId).get(0); QueryResult<StudyAclEntry> studyAcls = catalogManager.getAuthorizationManager().getStudyAcl(studyAdminUser1, studyUid, group); assertEquals(1, studyAcls.getNumResults()); assertEquals(group, studyAcls.first().getMember()); assertArrayEquals(AuthorizationManager.getAnalystAcls().toArray(), studyAcls.first().getPermissions().toArray()); }
@Test public void removeGroupFromRole() throws CatalogException { String group = "@newGroup"; catalogManager.getStudyManager().createGroup(studyFqn, group, studyAdminUser1 + "," + studyAdminUser2, studyAdmin1SessionId); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), group, new Study.StudyAclParams("", AclParams.Action.SET, "admin"), ownerSessionId); Study study = catalogManager.getStudyManager().resolveId(studyFqn, studyAdminUser1); QueryResult<StudyAclEntry> studyAcls = catalogManager.getAuthorizationManager().getStudyAcl(studyAdminUser1, study.getUid(), group); assertEquals(1, studyAcls.getNumResults()); assertEquals(group, studyAcls.first().getMember()); assertArrayEquals(AuthorizationManager.getAdminAcls().toArray(), studyAcls.first().getPermissions().toArray()); Study.StudyAclParams aclParams = new Study.StudyAclParams(null, AclParams.Action.RESET, null); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), group, aclParams, ownerSessionId).get(0); String userId = catalogManager.getUserManager().getUserId(ownerSessionId); Study studyId = catalogManager.getStudyManager().resolveId(studyFqn, userId); studyAcls = catalogManager.getAuthorizationManager().getStudyAcl(userId, study.getUid(), group); assertEquals(0, studyAcls.getNumResults()); }
private boolean checkUserPermission(String userId, Query query, StudyAclEntry.StudyPermissions studyPermission, DBAdaptor dbAdaptor) throws CatalogDBException, CatalogAuthorizationException { if (userId.equals(ADMIN)) { if (getSpecialPermissions(ADMIN).getPermissions().contains(studyPermission)) { return true; } } else { if ((Long) dbAdaptor.count(query, userId, studyPermission).first() == 1) { return true; } } return false; }
@Override public void checkStudyPermission(long studyId, String userId, StudyAclEntry.StudyPermissions permission, String message) throws CatalogException { if (userId.equals(ADMIN)) { if (getSpecialPermissions(ADMIN).getPermissions().contains(permission)) { return; } } else { if (studyDBAdaptor.hasStudyPermission(studyId, userId, permission)) { return; } } throw CatalogAuthorizationException.deny(userId, message, "Study", studyId, null); }