userSessions.get("user1")); catalogManager.getStudyManager().createGroup(studyId, "analyst", "user2,user3,user4", sessionId);
catalogManager.getStudyManager().createGroup(studyStr, studyGroup, StringUtils.join(userSet, ","), token); } catch (CatalogException e) { if (e.getMessage().contains("users already belong to")) {
@Test public void testUpdateGroupInfo() throws CatalogException { StudyManager studyManager = catalogManager.getStudyManager(); studyManager.createGroup(studyFqn, "group1", "", sessionIdUser); studyManager.createGroup(studyFqn, "group2", "", sessionIdUser); Group.Sync syncFrom = new Group.Sync("auth", "aaa"); studyManager.syncGroupWith(studyFqn, "group2", syncFrom, sessionIdUser); thrown.expect(CatalogException.class); thrown.expectMessage("Cannot modify already existing sync information"); studyManager.syncGroupWith(studyFqn, "group2", syncFrom, sessionIdUser); }
@Test public void changeGroupMembership() throws CatalogException { updateGroup(studyFqn, groupAdmin, externalUser, null, null, ownerSessionId); // catalogManager.addUsersToGroup(studyFqn, groupAdmin, externalUser, ownerSessionId); Map<String, Group> groups = getGroupMap(); assertTrue(groups.get(groupAdmin).getUserIds().contains(externalUser)); // thrown.expect(CatalogException.class); // catalogManager.addUsersToGroup(studyFqn, groupMember, externalUser, ownerSessionId); updateGroup(studyFqn, groupAdmin, null, externalUser, null, ownerSessionId); catalogManager.getStudyManager().createGroup(studyFqn, groupMember, externalUser, ownerSessionId); // catalogManager.updateGroup(studyFqn, groupMember, externalUser, null, null, ownerSessionId); groups = getGroupMap(); assertTrue(groups.get(groupMember).getUserIds().contains(externalUser)); assertTrue(!groups.get(groupAdmin).getUserIds().contains(externalUser)); }
@Test public void removeMemberFromGroup() throws CatalogException { // Create new group catalogManager.getStudyManager().createGroup(String.valueOf(studyFqn), groupMember, studyAdminUser1 + "," + studyAdminUser2, ownerSessionId); // Remove one of the users updateGroup(studyFqn, groupMember, null, studyAdminUser1, null, ownerSessionId); assertFalse(getGroupMap().get(groupMember).getUserIds().contains(studyAdminUser1)); // Remove the last user in the admin group updateGroup(studyFqn, groupMember, null, studyAdminUser2, null, ownerSessionId); assertFalse(getGroupMap().get(groupMember).getUserIds().contains(studyAdminUser2)); // // Cannot remove group with defined ACLs // thrown.expect(CatalogDBException.class); // thrown.expectMessage("ACL defined"); catalogManager.getStudyManager().deleteGroup(studyFqn, groupMember, ownerSessionId); assertNull(getGroupMap().get(groupMember)); }
@Test public void searchSamples() throws CatalogException { catalogManager.getStudyManager().createGroup(studyFqn, "myGroup", "user2,user3", sessionIdUser); catalogManager.getStudyManager().createGroup(studyFqn, "myGroup2", "user2,user3", sessionIdUser); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), "@myGroup", new Study.StudyAclParams("", AclParams.Action.SET, null), sessionIdUser); catalogManager.getSampleManager().updateAcl(studyFqn, Arrays.asList("s_1"), "@myGroup", new Sample.SampleAclParams("VIEW", AclParams.Action.SET, null, null, null), sessionIdUser); QueryResult<Sample> search = catalogManager.getSampleManager().search(studyFqn, new Query(), new QueryOptions(), sessionIdUser2); assertEquals(1, search.getNumResults()); }
@Test public void readFileForbiddenForUser() throws CatalogException { // Remove all permissions to the admin group in that folder catalogManager.getStudyManager().createGroup(studyFqn, groupMember, externalUser, ownerSessionId); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), groupMember, new Study.StudyAclParams("", AclParams.Action.SET, "admin"), ownerSessionId); fileManager.updateAcl(studyFqn, Arrays.asList(data_d1_d2), externalUser, new File.FileAclParams(DENY_FILE_PERMISSIONS, AclParams.Action.SET, null), ownerSessionId); thrown.expect(CatalogAuthorizationException.class); catalogManager.getFileManager().get(studyFqn, data_d1_d2, null, externalSessionId); }
@Test public void readFileSharedForGroup() throws CatalogException, IOException { // Add a new user to a new group String newUser = "newUser"; catalogManager.getUserManager().create(newUser, newUser, "asda@mail.com", password, "org", 1000L, Account.FULL, null, null); String sessionId = catalogManager.getUserManager().login(newUser, password); String newGroup = "@external"; // catalogManager.addUsersToGroup(studyFqn, "@external", newUser, ownerSessionId); catalogManager.getStudyManager().createGroup(studyFqn, newGroup, newUser, ownerSessionId); // Add the group to the locked role, so no permissions will be given Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_LOCKED); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), newGroup, aclParams, ownerSessionId).get(0); // Specify all file permissions for that concrete file fileManager.updateAcl(studyFqn, Arrays.asList(data_d1_d2_d3_d4), newGroup, new File.FileAclParams(ALL_FILE_PERMISSIONS, AclParams.Action.SET, null), ownerSessionId); catalogManager.getFileManager().get(studyFqn, data_d1_d2_d3_d4, null, sessionId); }
@Test public void readFileForbiddenForGroupSharedWithUser() throws CatalogException, IOException { // Add a new user to a new group String newUser = "newUser"; catalogManager.getUserManager().create(newUser, newUser, "asda@mail.com", password, "org", 1000L, Account.FULL, null, null); String sessionId = catalogManager.getUserManager().login(ownerUser, password); String newGroup = "@external"; // catalogManager.addUsersToGroup(studyFqn, "@external", newUser, ownerSessionId); catalogManager.getStudyManager().createGroup(studyFqn, newGroup, newUser, ownerSessionId); // Add the group to the locked role, so no permissions will be given Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_LOCKED); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), newGroup, aclParams, ownerSessionId).get(0); fileManager.updateAcl(studyFqn, Arrays.asList(data_d1_d2), newGroup, new File.FileAclParams(ALL_FILE_PERMISSIONS, AclParams.Action.SET, null), ownerSessionId); QueryResult<File> file = catalogManager.getFileManager().get(studyFqn, data_d1_d2, null, sessionId); assertEquals(1, file.getNumResults()); }
@Test public void testAssignPermissions() throws CatalogException, IOException { catalogManager.getUserManager().create("test", "test", "test@mail.com", "test", null, 100L, "guest", null, null); catalogManager.getStudyManager().createGroup("user@1000G:phase1", "group_cancer_some_thing_else", "test", sessionIdUser); List<QueryResult<StudyAclEntry>> permissions = catalogManager.getStudyManager().updateAcl( Collections.singletonList("user@1000G:phase1"), "@group_cancer_some_thing_else", new Study.StudyAclParams("", AclParams.Action.SET, "view_only"), sessionIdUser); assertEquals("@group_cancer_some_thing_else", permissions.get(0).first().getMember()); String token = catalogManager.getUserManager().login("test", "test"); QueryResult<Study> studyQueryResult = catalogManager.getStudyManager().get("user@1000G:phase1", QueryOptions.empty(), token); assertEquals(1, studyQueryResult.getNumResults()); assertTrue(studyQueryResult.first().getAttributes().isEmpty()); studyQueryResult = catalogManager.getStudyManager().get("user@1000G:phase1", new QueryOptions(DBAdaptor.INCLUDE_ACLS, true), token); assertEquals(1, studyQueryResult.getNumResults()); assertTrue(!studyQueryResult.first().getAttributes().isEmpty()); assertTrue(studyQueryResult.first().getAttributes().containsKey("OPENCGA_ACL")); List<Map<String, Object>> acls = (List<Map<String, Object>>) studyQueryResult.first().getAttributes().get("OPENCGA_ACL"); assertEquals(1, acls.size()); assertEquals("@group_cancer_some_thing_else", acls.get(0).get("member")); assertTrue(!((List) acls.get(0).get("permissions")).isEmpty()); }
@Ignore @Test public void loginNotRegisteredUsers() throws CatalogException, NamingException, IOException { // Action only for admins catalogManager.getStudyManager().createGroup(studyFqn, "ldap", "", sessionIdUser); catalogManager.getStudyManager().syncGroupWith(studyFqn, "ldap", new Group.Sync("ldap", "bio"), sessionIdUser); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), "@ldap", new Study.StudyAclParams("", AclParams.Action.SET, "view_only"), sessionIdUser); String token = catalogManager.getUserManager().login("user", "password"); QueryResult<Study> studyQueryResult = catalogManager.getStudyManager().get(String.valueOf((Long) studyUid), QueryOptions.empty(), token); assertEquals(1, studyQueryResult.getNumResults()); // We remove the permissions for group ldap catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), "@ldap", new Study.StudyAclParams("", AclParams.Action.RESET, ""), sessionIdUser); thrown.expect(CatalogAuthorizationException.class); catalogManager.getStudyManager().get(String.valueOf((Long) studyUid), QueryOptions.empty(), token); }
@Test public void readSampleSharedForGroup() throws CatalogException, IOException { // Add a new user to a new group String newUser = "newUser"; catalogManager.getUserManager().create(newUser, newUser, "asda@mail.com", password, "org", 1000L, Account.FULL, null, null); String sessionId = catalogManager.getUserManager().login(ownerUser, password); String newGroup = "@external"; // catalogManager.addUsersToGroup(studyFqn, "@external", newUser, ownerSessionId); catalogManager.getStudyManager().createGroup(studyFqn, newGroup, newUser, ownerSessionId); // Add the group to the locked role, so no permissions will be given Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_LOCKED); catalogManager.getStudyManager().updateAcl(Collections.singletonList(studyFqn), newGroup, aclParams, ownerSessionId); // Share the sample with the group catalogManager.getSampleManager().updateAcl(studyFqn, Collections.singletonList(smp4.getId()), newGroup, allSamplePermissions, ownerSessionId); QueryResult<Sample> sample = catalogManager.getSampleManager().get(studyFqn, smp4.getId(), null, sessionId); assertEquals(1, sample.getNumResults()); }
@Test public void addExistingGroupToRole() throws CatalogException { String newUser = "newUser"; catalogManager.getUserManager().create(newUser, newUser, "email@ccc.ccc", password, "ASDF", null, Account.FULL, null, null); String group = "@newGroup"; // catalogManager.addUsersToGroup(studyFqn, group, newUser, studyAdmin1SessionId); catalogManager.getStudyManager().createGroup(studyFqn, group, newUser, studyAdmin1SessionId); Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_ANALYST); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), group, aclParams, studyAdmin1SessionId).get(0); QueryResult<StudyAclEntry> studyAcls = catalogManager.getAuthorizationManager().getStudyAcl(studyAdminUser1, studyUid, group); assertEquals(1, studyAcls.getNumResults()); assertEquals(group, studyAcls.first().getMember()); assertArrayEquals(AuthorizationManager.getAnalystAcls().toArray(), studyAcls.first().getPermissions().toArray()); }
@Test public void removeGroupFromRole() throws CatalogException { String group = "@newGroup"; catalogManager.getStudyManager().createGroup(studyFqn, group, studyAdminUser1 + "," + studyAdminUser2, studyAdmin1SessionId); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), group, new Study.StudyAclParams("", AclParams.Action.SET, "admin"), ownerSessionId); Study study = catalogManager.getStudyManager().resolveId(studyFqn, studyAdminUser1); QueryResult<StudyAclEntry> studyAcls = catalogManager.getAuthorizationManager().getStudyAcl(studyAdminUser1, study.getUid(), group); assertEquals(1, studyAcls.getNumResults()); assertEquals(group, studyAcls.first().getMember()); assertArrayEquals(AuthorizationManager.getAdminAcls().toArray(), studyAcls.first().getPermissions().toArray()); Study.StudyAclParams aclParams = new Study.StudyAclParams(null, AclParams.Action.RESET, null); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), group, aclParams, ownerSessionId).get(0); String userId = catalogManager.getUserManager().getUserId(ownerSessionId); Study studyId = catalogManager.getStudyManager().resolveId(studyFqn, userId); studyAcls = catalogManager.getAuthorizationManager().getStudyAcl(userId, study.getUid(), group); assertEquals(0, studyAcls.getNumResults()); }
catalogManager.getStudyManager().createGroup(studyId3, "@member", "user", sessionIdUser2);
catalogManager.getStudyManager().createGroup(studyFqn, "@study_allow", "user1", sessionIdAdmin); catalogManager.getStudyManager().createGroup(studyFqn, "@study_deny", "user2", sessionIdAdmin);