@Test public void removeUserFromRole2() throws CatalogException { thrown.expect(CatalogAuthorizationException.class); Study.StudyAclParams aclParams = new Study.StudyAclParams(null, AclParams.Action.RESET, null); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), externalUser, aclParams, memberSessionId).get(0); }
public QueryResult<Group> deleteGroup(String studyStr, String groupId, String sessionId) throws CatalogException { String userId = catalogManager.getUserManager().getUserId(sessionId); Study study = resolveId(studyStr, userId); // Fix the groupId if (!groupId.startsWith("@")) { groupId = "@" + groupId; } authorizationManager.checkCreateDeleteGroupPermissions(study.getUid(), userId, groupId); QueryResult<Group> group = studyDBAdaptor.getGroup(study.getUid(), groupId, Collections.emptyList()); group.setId("Delete group"); // Remove the permissions the group might have had Study.StudyAclParams aclParams = new Study.StudyAclParams(null, AclParams.Action.RESET, null); updateAcl(Collections.singletonList(studyStr), groupId, aclParams, sessionId); studyDBAdaptor.deleteGroup(study.getUid(), groupId); return group; }
@Test public void addExistingUserToRole() throws CatalogException { String newUser = "newUser"; catalogManager.getUserManager().create(newUser, newUser, "email@ccc.ccc", password, "ASDF", null, Account.FULL, null, null); Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_ANALYST); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), newUser, aclParams, ownerSessionId).get(0); }
@Test public void removeUserFromRole() throws CatalogException { // catalogManager.unshareStudy(studyFqn, externalUser, studyAdmin1SessionId); Study.StudyAclParams aclParams = new Study.StudyAclParams(null, AclParams.Action.RESET, null); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), externalUser, aclParams, studyAdmin1SessionId).get(0); List<QueryResult<StudyAclEntry>> studyAcls = catalogManager.getStudyManager().getAcls(Collections.singletonList(studyFqn), externalUser, false, studyAdmin1SessionId); assertEquals(1, studyAcls.size()); assertEquals(0, studyAcls.get(0).getNumResults()); }
@Test public void removeNonExistingGroupFromRole() throws CatalogException { String groupNotRegistered = "@groupNotRegistered"; thrown.expect(CatalogException.class); thrown.expectMessage("not found"); Study.StudyAclParams aclParams = new Study.StudyAclParams(null, AclParams.Action.RESET, null); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), groupNotRegistered, aclParams, ownerSessionId).get(0); }
@Test public void addNonExistingUserToRole() throws CatalogException { String userNotRegistered = "userNotRegistered"; thrown.expect(CatalogDBException.class); thrown.expectMessage("does not exist"); Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_ANALYST); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), userNotRegistered, aclParams, studyAdmin1SessionId).get(0); }
@Test public void removeNonExistingUserFromRole() throws CatalogException { String userNotRegistered = "userNotRegistered"; thrown.expect(CatalogException.class); thrown.expectMessage("does not exist"); // catalogManager.unshareStudy(studyFqn, userNotRegistered, ownerSessionId); Study.StudyAclParams aclParams = new Study.StudyAclParams(null, AclParams.Action.RESET, null); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), userNotRegistered, aclParams, ownerSessionId).get(0); }
@Test public void addNonExistingGroupToRole() throws CatalogException { String groupNotRegistered = "@groupNotRegistered"; thrown.expect(CatalogDBException.class); thrown.expectMessage("not found"); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), groupNotRegistered, new Study.StudyAclParams("", AclParams.Action.SET, AuthorizationManager.ROLE_ANALYST), studyAdmin1SessionId); }
@Test public void addExistingUserToRole2() throws CatalogException { String newUser = "newUser"; catalogManager.getUserManager().create(newUser, newUser, "email@ccc.ccc", password, "ASDF", null, Account.FULL, null, null); thrown.expect(CatalogAuthorizationException.class); thrown.expectMessage("Only owners or administrative users"); Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_ANALYST); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), newUser, aclParams, memberSessionId).get(0); }
@Test public void readFileForbiddenForUser() throws CatalogException { // Remove all permissions to the admin group in that folder catalogManager.getStudyManager().createGroup(studyFqn, groupMember, externalUser, ownerSessionId); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), groupMember, new Study.StudyAclParams("", AclParams.Action.SET, "admin"), ownerSessionId); fileManager.updateAcl(studyFqn, Arrays.asList(data_d1_d2), externalUser, new File.FileAclParams(DENY_FILE_PERMISSIONS, AclParams.Action.SET, null), ownerSessionId); thrown.expect(CatalogAuthorizationException.class); catalogManager.getFileManager().get(studyFqn, data_d1_d2, null, externalSessionId); }
@Test public void readFileSharedForGroup() throws CatalogException, IOException { // Add a new user to a new group String newUser = "newUser"; catalogManager.getUserManager().create(newUser, newUser, "asda@mail.com", password, "org", 1000L, Account.FULL, null, null); String sessionId = catalogManager.getUserManager().login(newUser, password); String newGroup = "@external"; // catalogManager.addUsersToGroup(studyFqn, "@external", newUser, ownerSessionId); catalogManager.getStudyManager().createGroup(studyFqn, newGroup, newUser, ownerSessionId); // Add the group to the locked role, so no permissions will be given Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_LOCKED); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), newGroup, aclParams, ownerSessionId).get(0); // Specify all file permissions for that concrete file fileManager.updateAcl(studyFqn, Arrays.asList(data_d1_d2_d3_d4), newGroup, new File.FileAclParams(ALL_FILE_PERMISSIONS, AclParams.Action.SET, null), ownerSessionId); catalogManager.getFileManager().get(studyFqn, data_d1_d2_d3_d4, null, sessionId); }
@Ignore @Test public void loginNotRegisteredUsers() throws CatalogException, NamingException, IOException { // Action only for admins catalogManager.getStudyManager().createGroup(studyFqn, "ldap", "", sessionIdUser); catalogManager.getStudyManager().syncGroupWith(studyFqn, "ldap", new Group.Sync("ldap", "bio"), sessionIdUser); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), "@ldap", new Study.StudyAclParams("", AclParams.Action.SET, "view_only"), sessionIdUser); String token = catalogManager.getUserManager().login("user", "password"); QueryResult<Study> studyQueryResult = catalogManager.getStudyManager().get(String.valueOf((Long) studyUid), QueryOptions.empty(), token); assertEquals(1, studyQueryResult.getNumResults()); // We remove the permissions for group ldap catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), "@ldap", new Study.StudyAclParams("", AclParams.Action.RESET, ""), sessionIdUser); thrown.expect(CatalogAuthorizationException.class); catalogManager.getStudyManager().get(String.valueOf((Long) studyUid), QueryOptions.empty(), token); }
@Test public void testCreateFileFromSharedStudy() throws CatalogException { Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, "analyst"); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), "user2", aclParams, sessionIdUser); catalogManager.getFileManager().create(studyFqn, File.Type.FILE, File.Format.UNKNOWN, File.Bioformat.NONE, "data/test/folder/file.txt", null, "My description", null, 0, -1, null, (long) -1, null, null, true, null, null, sessionIdUser2); assertEquals(1, catalogManager.getFileManager().get(studyFqn, new Query(FileDBAdaptor.QueryParams.PATH.key(), "data/test/folder/file.txt"), null, sessionIdUser).getNumResults()); }
@Test public void readFileForbiddenForGroupSharedWithUser() throws CatalogException, IOException { // Add a new user to a new group String newUser = "newUser"; catalogManager.getUserManager().create(newUser, newUser, "asda@mail.com", password, "org", 1000L, Account.FULL, null, null); String sessionId = catalogManager.getUserManager().login(ownerUser, password); String newGroup = "@external"; // catalogManager.addUsersToGroup(studyFqn, "@external", newUser, ownerSessionId); catalogManager.getStudyManager().createGroup(studyFqn, newGroup, newUser, ownerSessionId); // Add the group to the locked role, so no permissions will be given Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_LOCKED); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), newGroup, aclParams, ownerSessionId).get(0); fileManager.updateAcl(studyFqn, Arrays.asList(data_d1_d2), newGroup, new File.FileAclParams(ALL_FILE_PERMISSIONS, AclParams.Action.SET, null), ownerSessionId); QueryResult<File> file = catalogManager.getFileManager().get(studyFqn, data_d1_d2, null, sessionId); assertEquals(1, file.getNumResults()); }
@Test public void searchSamples() throws CatalogException { catalogManager.getStudyManager().createGroup(studyFqn, "myGroup", "user2,user3", sessionIdUser); catalogManager.getStudyManager().createGroup(studyFqn, "myGroup2", "user2,user3", sessionIdUser); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), "@myGroup", new Study.StudyAclParams("", AclParams.Action.SET, null), sessionIdUser); catalogManager.getSampleManager().updateAcl(studyFqn, Arrays.asList("s_1"), "@myGroup", new Sample.SampleAclParams("VIEW", AclParams.Action.SET, null, null, null), sessionIdUser); QueryResult<Sample> search = catalogManager.getSampleManager().search(studyFqn, new Query(), new QueryOptions(), sessionIdUser2); assertEquals(1, search.getNumResults()); }
@Test public void readSampleSharedForGroup() throws CatalogException, IOException { // Add a new user to a new group String newUser = "newUser"; catalogManager.getUserManager().create(newUser, newUser, "asda@mail.com", password, "org", 1000L, Account.FULL, null, null); String sessionId = catalogManager.getUserManager().login(ownerUser, password); String newGroup = "@external"; // catalogManager.addUsersToGroup(studyFqn, "@external", newUser, ownerSessionId); catalogManager.getStudyManager().createGroup(studyFqn, newGroup, newUser, ownerSessionId); // Add the group to the locked role, so no permissions will be given Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_LOCKED); catalogManager.getStudyManager().updateAcl(Collections.singletonList(studyFqn), newGroup, aclParams, ownerSessionId); // Share the sample with the group catalogManager.getSampleManager().updateAcl(studyFqn, Collections.singletonList(smp4.getId()), newGroup, allSamplePermissions, ownerSessionId); QueryResult<Sample> sample = catalogManager.getSampleManager().get(studyFqn, smp4.getId(), null, sessionId); assertEquals(1, sample.getNumResults()); }
@Test public void getFileIdByString() throws CatalogException { Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, "analyst"); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), "user2", aclParams, sessionIdUser).get(0); File file = catalogManager.getFileManager().create(studyFqn, File.Type.FILE, File.Format.UNKNOWN, File.Bioformat.NONE, "data/test/folder/file.txt", null, "My description", null, 0, -1, null, (long) -1, null, null, true, null, null, sessionIdUser2).first(); long fileId = catalogManager.getFileManager().getUid(file.getPath(), studyFqn, sessionIdUser).getResource().getUid(); assertEquals(file.getUid(), fileId); fileId = catalogManager.getFileManager().getUid(file.getPath(), studyFqn, sessionIdUser).getResource().getUid(); assertEquals(file.getUid(), fileId); fileId = catalogManager.getFileManager().getUid("/", studyFqn, sessionIdUser).getResource().getUid(); System.out.println(fileId); }
@Test public void addExistingGroupToRole() throws CatalogException { String newUser = "newUser"; catalogManager.getUserManager().create(newUser, newUser, "email@ccc.ccc", password, "ASDF", null, Account.FULL, null, null); String group = "@newGroup"; // catalogManager.addUsersToGroup(studyFqn, group, newUser, studyAdmin1SessionId); catalogManager.getStudyManager().createGroup(studyFqn, group, newUser, studyAdmin1SessionId); Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_ANALYST); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), group, aclParams, studyAdmin1SessionId).get(0); QueryResult<StudyAclEntry> studyAcls = catalogManager.getAuthorizationManager().getStudyAcl(studyAdminUser1, studyUid, group); assertEquals(1, studyAcls.getNumResults()); assertEquals(group, studyAcls.first().getMember()); assertArrayEquals(AuthorizationManager.getAnalystAcls().toArray(), studyAcls.first().getPermissions().toArray()); }
@Test public void removeGroupFromRole() throws CatalogException { String group = "@newGroup"; catalogManager.getStudyManager().createGroup(studyFqn, group, studyAdminUser1 + "," + studyAdminUser2, studyAdmin1SessionId); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), group, new Study.StudyAclParams("", AclParams.Action.SET, "admin"), ownerSessionId); Study study = catalogManager.getStudyManager().resolveId(studyFqn, studyAdminUser1); QueryResult<StudyAclEntry> studyAcls = catalogManager.getAuthorizationManager().getStudyAcl(studyAdminUser1, study.getUid(), group); assertEquals(1, studyAcls.getNumResults()); assertEquals(group, studyAcls.first().getMember()); assertArrayEquals(AuthorizationManager.getAdminAcls().toArray(), studyAcls.first().getPermissions().toArray()); Study.StudyAclParams aclParams = new Study.StudyAclParams(null, AclParams.Action.RESET, null); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), group, aclParams, ownerSessionId).get(0); String userId = catalogManager.getUserManager().getUserId(ownerSessionId); Study studyId = catalogManager.getStudyManager().resolveId(studyFqn, userId); studyAcls = catalogManager.getAuthorizationManager().getStudyAcl(userId, study.getUid(), group); assertEquals(0, studyAcls.getNumResults()); }
@Test public void readSampleOwnerUser() throws CatalogException { QueryResult<Sample> sample = catalogManager.getSampleManager().get(studyFqn, smp1.getId(), null, ownerSessionId); assertEquals(1, sample.getNumResults()); sample = catalogManager.getSampleManager().get(studyFqn, smp2.getId(), null, ownerSessionId); assertEquals(1, sample.getNumResults()); sample = catalogManager.getSampleManager().get(studyFqn, smp3.getId(), null, ownerSessionId); assertEquals(1, sample.getNumResults()); // Owner always have access even if he has been removed all the permissions Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, null); catalogManager.getStudyManager().updateAcl(Collections.singletonList(studyFqn), ownerUser, aclParams, ownerSessionId); catalogManager.getSampleManager().updateAcl(studyFqn, Collections.singletonList(smp1.getId()), ownerUser, noSamplePermissions, ownerSessionId); sample = catalogManager.getSampleManager().get(studyFqn, smp1.getId(), null, ownerSessionId); assertEquals(1, sample.getNumResults()); }