private static boolean checkAdminPermissions(String studyPermission) { Set<String> adminPermissions = CatalogAuthorizationManager.getSpecialPermissions(ADMIN).getPermissions() .stream() .map(String::valueOf) .collect(Collectors.toSet()); if (adminPermissions.contains(studyPermission)) { return true; } return false; }
private boolean checkUserPermission(String userId, Query query, StudyAclEntry.StudyPermissions studyPermission, DBAdaptor dbAdaptor) throws CatalogDBException, CatalogAuthorizationException { if (userId.equals(ADMIN)) { if (getSpecialPermissions(ADMIN).getPermissions().contains(studyPermission)) { return true; } } else { if ((Long) dbAdaptor.count(query, userId, studyPermission).first() == 1) { return true; } } return false; }
@Override public void checkStudyPermission(long studyId, String userId, StudyAclEntry.StudyPermissions permission, String message) throws CatalogException { if (userId.equals(ADMIN)) { if (getSpecialPermissions(ADMIN).getPermissions().contains(permission)) { return; } } else { if (studyDBAdaptor.hasStudyPermission(studyId, userId, permission)) { return; } } throw CatalogAuthorizationException.deny(userId, message, "Study", studyId, null); }
@Test public void changeUserRole() throws CatalogException { List<QueryResult<StudyAclEntry>> studyAcls = catalogManager.getStudyManager().getAcls(Collections.singletonList(studyFqn), externalUser, false, studyAdmin1SessionId); assertEquals(1, studyAcls.size()); assertEquals(1, studyAcls.get(0).getNumResults()); assertEquals(externalUser, studyAcls.get(0).first().getMember()); // Change role Study.StudyAclParams aclParams1 = new Study.StudyAclParams(null, AclParams.Action.RESET, null); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), externalUser, aclParams1, studyAdmin1SessionId).get(0); Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_ANALYST); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), externalUser, aclParams, studyAdmin1SessionId).get(0); studyAcls = catalogManager.getStudyManager().getAcls(Collections.singletonList(studyFqn), externalUser, false, studyAdmin1SessionId); assertEquals(1, studyAcls.size()); assertEquals(1, studyAcls.get(0).getNumResults()); assertEquals(externalUser, studyAcls.get(0).first().getMember()); assertArrayEquals(AuthorizationManager.getAnalystAcls().toArray(), studyAcls.get(0).first().getPermissions().toArray()); }
@Test public void addExistingGroupToRole() throws CatalogException { String newUser = "newUser"; catalogManager.getUserManager().create(newUser, newUser, "email@ccc.ccc", password, "ASDF", null, Account.FULL, null, null); String group = "@newGroup"; // catalogManager.addUsersToGroup(studyFqn, group, newUser, studyAdmin1SessionId); catalogManager.getStudyManager().createGroup(studyFqn, group, newUser, studyAdmin1SessionId); Study.StudyAclParams aclParams = new Study.StudyAclParams("", AclParams.Action.ADD, AuthorizationManager.ROLE_ANALYST); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), group, aclParams, studyAdmin1SessionId).get(0); QueryResult<StudyAclEntry> studyAcls = catalogManager.getAuthorizationManager().getStudyAcl(studyAdminUser1, studyUid, group); assertEquals(1, studyAcls.getNumResults()); assertEquals(group, studyAcls.first().getMember()); assertArrayEquals(AuthorizationManager.getAnalystAcls().toArray(), studyAcls.first().getPermissions().toArray()); }
@Test public void removeGroupFromRole() throws CatalogException { String group = "@newGroup"; catalogManager.getStudyManager().createGroup(studyFqn, group, studyAdminUser1 + "," + studyAdminUser2, studyAdmin1SessionId); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), group, new Study.StudyAclParams("", AclParams.Action.SET, "admin"), ownerSessionId); Study study = catalogManager.getStudyManager().resolveId(studyFqn, studyAdminUser1); QueryResult<StudyAclEntry> studyAcls = catalogManager.getAuthorizationManager().getStudyAcl(studyAdminUser1, study.getUid(), group); assertEquals(1, studyAcls.getNumResults()); assertEquals(group, studyAcls.first().getMember()); assertArrayEquals(AuthorizationManager.getAdminAcls().toArray(), studyAcls.first().getPermissions().toArray()); Study.StudyAclParams aclParams = new Study.StudyAclParams(null, AclParams.Action.RESET, null); catalogManager.getStudyManager().updateAcl(Arrays.asList(studyFqn), group, aclParams, ownerSessionId).get(0); String userId = catalogManager.getUserManager().getUserId(ownerSessionId); Study studyId = catalogManager.getStudyManager().resolveId(studyFqn, userId); studyAcls = catalogManager.getAuthorizationManager().getStudyAcl(userId, study.getUid(), group); assertEquals(0, studyAcls.getNumResults()); }