private boolean isAdministrativeUser(long studyId, String user) throws CatalogException { QueryResult<Group> groupBelonging = getGroupBelonging(studyId, user); for (Group group : groupBelonging.getResult()) { if (group.getName().equals(ADMINS_GROUP)) { return true; } } return false; }
@Override public QueryResult<Group> createGroup(long studyId, Group group) throws CatalogDBException { long startTime = startQuery(); Document query = new Document() .append(PRIVATE_UID, studyId) .append(QueryParams.GROUP_NAME.key(), new Document("$ne", group.getName())); Document update = new Document("$push", new Document(QueryParams.GROUPS.key(), getMongoDBDocument(group, "Group"))); QueryResult<UpdateResult> queryResult = studyCollection.update(query, update, null); if (queryResult.first().getModifiedCount() != 1) { QueryResult<Group> group1 = getGroup(studyId, group.getName(), Collections.emptyList()); if (group1.getNumResults() > 0) { throw new CatalogDBException("Unable to create the group " + group.getName() + ". Group already existed."); } else { throw new CatalogDBException("Unable to create the group " + group.getName() + "."); } } return endQuery("Create group", startTime, getGroup(studyId, group.getName(), Collections.emptyList())); }
private void checkAskingOwnPermissions(String userId, String member, long studyId) throws CatalogException { if (member.startsWith("@")) { //group // If the userId does not belong to the group... QueryResult<Group> groupBelonging = getGroupBelonging(studyId, userId); if (groupBelonging.getNumResults() != 1 || !groupBelonging.first().getName().equals(member)) { throw new CatalogAuthorizationException("The user " + userId + " does not have permissions to see the ACLs of " + member); } } else { // If the userId asking to see the permissions is not asking to see their own permissions if (!userId.equals(member)) { throw new CatalogAuthorizationException("The user " + userId + " does not have permissions to see the ACLs of " + member); } } }
for (Study study : studyQueryResult.getResult()) { for (Group group : study.getGroups()) { if (group.getName().equalsIgnoreCase("admins") && group.getUserIds().contains(userId)) { studyAliases.add(study.getAlias()); break;
study.getGroups().forEach(group -> { if (group.getUserIds().contains(userId)) { groups.add(group.getName());
new GroupParams("user2,user3", GroupParams.Action.ADD), sessionIdUser); assertEquals(2, groupQueryResult.first().getUserIds().size()); assertEquals("@members", groupQueryResult.first().getName());
new GroupParams("user2,user3", GroupParams.Action.ADD), sessionIdUser); assertEquals(2, groupQueryResult.first().getUserIds().size()); assertEquals("@members", groupQueryResult.first().getName());
@Ignore @Test public void importLdapGroups() throws CatalogException, NamingException, IOException { // Action only for admins ObjectMap params = new ObjectMap() .append("group", "bio") .append("study", "user@1000G:phase1") .append("study-group", "test"); catalogManager.getUserManager().importFromExternalAuthOrigin("ldap", Account.GUEST, params, getAdminToken()); QueryResult<Group> test = catalogManager.getStudyManager().getGroup("user@1000G:phase1", "test", sessionIdUser); assertEquals(1, test.getNumResults()); assertEquals("@test", test.first().getName()); assertTrue(test.first().getUserIds().size() > 0); params.put("study-group", "test1"); try { catalogManager.getUserManager().importFromExternalAuthOrigin("ldap", Account.GUEST, params, getAdminToken()); fail("Should not be possible creating another group containing the same users that belong to a different group"); } catch (CatalogException e) { System.out.println(e.getMessage()); } params = new ObjectMap() .append("group", "bioo") .append("study", "user@1000G:phase1") .append("study-group", "test2"); catalogManager.getUserManager().importFromExternalAuthOrigin("ldap", Account.GUEST, params, getAdminToken()); thrown.expect(CatalogDBException.class); thrown.expectMessage("not exist"); catalogManager.getStudyManager().getGroup("user@1000G:phase1", "test2", sessionIdUser); }