@Override public void applyPermissionRules(long studyId, PermissionRule permissionRule, Study.Entity entry) throws CatalogException { MongoDBCollection collection = dbCollectionMap.get(entry.getEntity()); // We will apply the permission rules to all the entries matching the query defined in the permission rules that does not have // the permission rules applied yet Document rawQuery = new Document() .append(PRIVATE_STUDY_ID, studyId) .append(PERMISSION_RULES_APPLIED, new Document("$ne", permissionRule.getId())); Bson bson = parseQuery(permissionRule.getQuery(), rawQuery, entry.getEntity()); // We add the NONE permission by default so when a user is removed some permissions (not reset), the NONE permission remains List<String> permissions = new ArrayList<>(permissionRule.getPermissions()); permissions.add("NONE"); List<String> myPermissions = createPermissionArray(permissionRule.getMembers(), permissions); Document update = new Document() .append("$addToSet", new Document() .append(QueryParams.ACL.key(), new Document("$each", myPermissions)) .append(PERMISSION_RULES_APPLIED, permissionRule.getId())); logger.debug("Apply permission rules: Query {}, Update {}", bson.toBsonDocument(Document.class, MongoClient.getDefaultCodecRegistry()), update.toBsonDocument(Document.class, MongoClient.getDefaultCodecRegistry())); collection.update(bson, update, new QueryOptions("multi", true)); }
@Override public void removePermissionRule(long studyId, String permissionRuleToDelete, Study.Entity entry) throws CatalogException { // Remove the __TODELETE tag... String permissionRuleId = permissionRuleToDelete.split(INTERNAL_DELIMITER)[0]; Document query = new Document() .append(PRIVATE_STUDY_ID, studyId) .append(PERMISSION_RULES_APPLIED, permissionRuleId) .append("$isolated", 1); Document update = new Document() .append("$pull", new Document(PERMISSION_RULES_APPLIED, permissionRuleId)); logger.debug("Remove permission rule id from all {} in study {}: Query {}, Update {}", entry, studyId, query.toBsonDocument(Document.class, MongoClient.getDefaultCodecRegistry()), update.toBsonDocument(Document.class, MongoClient.getDefaultCodecRegistry())); MongoDBCollection collection = dbCollectionMap.get(entry.getEntity()); QueryResult<UpdateResult> updateResult = collection.update(query, update, new QueryOptions("multi", true)); if (updateResult.first().getModifiedCount() == 0) { throw new CatalogException("Could not remove permission rule id " + permissionRuleId + " from all " + entry); } // Remove the permission rule from the map in the study removeReferenceToPermissionRuleInStudy(studyId, permissionRuleToDelete, entry); }
.stream().collect(Collectors.toSet()); MongoDBCollection collection = dbCollectionMap.get(entry.getEntity());
.stream().collect(Collectors.toSet()); MongoDBCollection collection = dbCollectionMap.get(entry.getEntity());
private boolean isPermissionRuleEntity(Entity entity) { if (Study.Entity.CLINICAL_ANALYSES.getEntity() == entity || Study.Entity.COHORTS.getEntity() == entity || Study.Entity.FAMILIES.getEntity() == entity || Study.Entity.FILES.getEntity() == entity || Study.Entity.INDIVIDUALS.getEntity() == entity || Study.Entity.JOBS.getEntity() == entity || Study.Entity.SAMPLES.getEntity() == entity) { return true; } return false; }