airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scnakand...@apache.org
Subject [24/24] airavata git commit: implementing airavata sharing manager
Date Sun, 09 Oct 2016 05:47:50 GMT
implementing airavata sharing manager


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/82e57526
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/82e57526
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/82e57526

Branch: refs/heads/develop
Commit: 82e57526cdd975381c30f2f4853b2a91101833d7
Parents: 50cf71e
Author: scnakandala <supun.nakandala@gmail.com>
Authored: Sun Oct 9 01:45:41 2016 -0400
Committer: scnakandala <supun.nakandala@gmail.com>
Committed: Sun Oct 9 01:45:41 2016 -0400

----------------------------------------------------------------------
 airavata-api/airavata-api-server/pom.xml        |    12 +-
 .../server/handler/AiravataServerHandler.java   |   370 +-
 .../java/org/apache/airavata/api/Airavata.java  | 47252 ++++++++---------
 .../main/resources/lib/airavata/Airavata.cpp    |  3593 +-
 .../src/main/resources/lib/airavata/Airavata.h  |  1143 +-
 .../lib/airavata/Airavata_server.skeleton.cpp   |   158 +-
 .../user_resource_profile_model_types.cpp       |   165 +-
 .../user_resource_profile_model_types.h         |    89 +-
 .../resources/lib/Airavata/API/Airavata.php     |  9181 ++--
 .../lib/apache/airavata/api/Airavata-remote     |   107 +-
 .../lib/apache/airavata/api/Airavata.py         |  2753 +-
 .../airavata/model/workspace/Gateway.java       |    25 +-
 dev-tools/ansible/README.md                     |     2 +-
 dev-tools/ansible/group_vars/all.yml            |     8 +-
 dev-tools/ansible/hosts                         |     2 +-
 .../templates/airavata-server.properties.j2     |    13 +
 .../templates/airavata-server.properties.j2     |    13 +
 .../roles/pga/templates/pga_config.php.j2       |     2 +-
 .../templates/airavata-server.properties.j2     |    13 +
 .../main/resources/airavata-server.properties   |    13 +
 .../src/main/assembly/bin-assembly.xml          |     9 +
 modules/group-manager/pom.xml                   |    58 -
 .../internal/dao/PermissionEntryDAO.java        |   286 -
 .../dao/hib3/Hib3PermissionEntryDAO.java        |  1123 -
 .../grouper/permissions/PermissionFinder.java   |   770 -
 .../airavata/grouper/AiravataGrouperUtil.java   |    35 -
 .../airavata/grouper/GroupManagerCPI.java       |    35 -
 .../airavata/grouper/GroupManagerException.java |    36 -
 .../airavata/grouper/GroupManagerFactory.java   |    42 -
 .../airavata/grouper/GroupManagerImpl.java      |   118 -
 .../apache/airavata/grouper/SubjectType.java    |    14 -
 .../apache/airavata/grouper/group/Group.java    |   108 -
 .../airavata/grouper/group/GroupMembership.java |    88 -
 .../grouper/group/GroupMembershipType.java      |    12 -
 .../airavata/grouper/group/GroupService.java    |    39 -
 .../grouper/group/GroupServiceImpl.java         |   412 -
 .../grouper/permission/PermissionAction.java    |    15 -
 .../permission/PermissionServiceImpl.java       |    86 -
 .../airavata/grouper/resource/Resource.java     |   145 -
 .../resource/ResourceNotFoundException.java     |    35 -
 .../grouper/resource/ResourceServiceImpl.java   |   343 -
 .../airavata/grouper/resource/ResourceType.java |    51 -
 .../airavata/grouper/role/RoleServiceImpl.java  |   112 -
 .../Owasp.CsrfGuard.overlay.properties          |    78 -
 .../main/resources/Owasp.CsrfGuard.properties   |   403 -
 .../group-manager/src/main/resources/README.txt |    21 -
 .../src/main/resources/ehcache.xml              |  1517 -
 .../resources/grouper-loader.base.properties    |   351 -
 .../main/resources/grouper-loader.properties    |    25 -
 .../src/main/resources/grouper.base.properties  |  1017 -
 .../resources/grouper.client.base.properties    |   552 -
 .../main/resources/grouper.client.properties    |   552 -
 .../resources/grouper.hibernate.base.properties |   120 -
 .../main/resources/grouper.hibernate.properties |    10 -
 .../src/main/resources/grouper.properties       |  1017 -
 .../src/main/resources/grouperUtf8.txt          |     1 -
 .../src/main/resources/log4j.properties         |   154 -
 .../src/main/resources/morphString.properties   |    21 -
 .../src/main/resources/server.properties        |    26 -
 .../src/main/resources/sources.xml              |   875 -
 .../src/main/resources/spy.properties           |    54 -
 .../group-manager/src/main/resources/sqltool.rc |     6 -
 .../src/main/resources/subject.base.properties  |    46 -
 .../src/main/resources/subject.properties       |    27 -
 modules/sharing-registry/README.md              |     3 +
 modules/sharing-registry/pom.xml                |    28 +
 .../sharing-data-migrator/pom.xml               |    21 +
 .../sharing/registry/ConnectionFactory.java     |    59 +
 .../airavata/sharing/registry/DataMigrator.java |   166 +
 .../sharing-registry-core/pom.xml               |    98 +
 .../registry/db/entities/DomainEntity.java      |   113 +
 .../registry/db/entities/EntityEntity.java      |   192 +
 .../registry/db/entities/EntityTypeEntity.java  |   125 +
 .../db/entities/GroupMembershipEntity.java      |   112 +
 .../db/entities/GroupMembershipEntityPK.java    |    74 +
 .../db/entities/PermissionTypeEntity.java       |   125 +
 .../registry/db/entities/SharingEntity.java     |   136 +
 .../registry/db/entities/SharingEntityPK.java   |    99 +
 .../registry/db/entities/SharingUserEntity.java |   112 +
 .../registry/db/entities/UserGroupEntity.java   |   150 +
 .../db/repositories/AbstractRepository.java     |   138 +
 .../db/repositories/DomainRepository.java       |    34 +
 .../db/repositories/EntityRepository.java       |    75 +
 .../db/repositories/EntityTypeRepository.java   |    34 +
 .../repositories/GroupMembershipRepository.java |    98 +
 .../repositories/PermissionTypeRepository.java  |    52 +
 .../db/repositories/SharingRepository.java      |    80 +
 .../db/repositories/UserGroupRepository.java    |    34 +
 .../db/repositories/UserRepository.java         |    35 +
 .../sharing/registry/db/utils/Committer.java    |    27 +
 .../registry/db/utils/ConnectionPool.java       |   382 +
 .../sharing/registry/db/utils/DBConstants.java  |    85 +
 .../registry/db/utils/DatabaseCreator.java      |   353 +
 .../sharing/registry/db/utils/JPAUtils.java     |   230 +
 .../sharing/registry/db/utils/JdbcStorage.java  |   175 +
 .../db/utils/ObjectMapperSingleton.java         |    39 +
 .../registry/server/SharingRegistryServer.java  |    28 +
 .../server/SharingRegistryServerHandler.java    |   676 +
 .../src/main/resources/META-INF/persistence.xml |    15 +
 .../main/resources/sharing-registry-derby.sql   |   138 +
 .../main/resources/sharing-registry-mysql.sql   |   138 +
 .../SharingRegistryServerHandlerTest.java       |   282 +
 .../sharing/registry/util/Initialize.java       |   298 +
 .../sharing-registry-stubs/pom.xml              |    23 +
 .../sharing/registry/models/Domain.java         |   817 +
 .../sharing/registry/models/Entity.java         |  1511 +
 .../registry/models/EntitySearchFields.java     |    48 +
 .../sharing/registry/models/EntityType.java     |   924 +
 .../sharing/registry/models/GroupChildType.java |    45 +
 .../registry/models/GroupMembership.java        |   830 +
 .../sharing/registry/models/GroupType.java      |    45 +
 .../sharing/registry/models/PermissionType.java |   924 +
 .../sharing/registry/models/Sharing.java        |  1044 +
 .../models/SharingRegistryException.java        |   381 +
 .../sharing/registry/models/SharingType.java    |    48 +
 .../airavata/sharing/registry/models/User.java  |   817 +
 .../sharing/registry/models/UserGroup.java      |  1154 +
 .../models/sharing_modelsConstants.java         |    41 +
 .../service/cpi/GovRegistryService.java         | 45165 ++++++++++++++++
 .../thrift_models/sharing_cpi.thrift            |    98 +
 .../thrift_models/sharing_models.thrift         |   129 +
 .../thrift_models/thrift-gen.sh                 |    16 +
 pom.xml                                         |     2 +-
 .../airavata-apis/airavata_api.thrift           |     5 -
 124 files changed, 92295 insertions(+), 42590 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/airavata-api/airavata-api-server/pom.xml
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/pom.xml b/airavata-api/airavata-api-server/pom.xml
index e5b549c..3ceb494 100644
--- a/airavata-api/airavata-api-server/pom.xml
+++ b/airavata-api/airavata-api-server/pom.xml
@@ -73,9 +73,14 @@
         </dependency>
         <dependency>
             <groupId>org.apache.airavata</groupId>
-            <artifactId>group-manager</artifactId>
+            <artifactId>airavata-sharing-registry-core</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <!--<dependency>-->
+            <!--<groupId>org.apache.airavata</groupId>-->
+            <!--<artifactId>group-manager</artifactId>-->
+            <!--<version>${project.version}</version>-->
+        <!--</dependency>-->
         <dependency>
             <groupId>org.apache.thrift</groupId>
             <artifactId>libthrift</artifactId>
@@ -141,6 +146,11 @@
             <artifactId>jackson-mapper-asl</artifactId>
             <version>1.9.13</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.airavata</groupId>
+            <artifactId>registry-api-stubs</artifactId>
+            <version>${project.version}</version>
+        </dependency>
     </dependencies>
 
 </project>

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
index 2f2e559..98211c0 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
@@ -27,19 +27,13 @@ import org.apache.airavata.api.server.security.interceptor.SecurityCheck;
 import org.apache.airavata.common.exception.AiravataException;
 import org.apache.airavata.common.exception.ApplicationSettingsException;
 import org.apache.airavata.common.utils.AiravataUtils;
+import org.apache.airavata.common.utils.Constants;
 import org.apache.airavata.common.utils.ServerSettings;
 import org.apache.airavata.credential.store.client.CredentialStoreClientFactory;
 import org.apache.airavata.credential.store.cpi.CredentialStoreService;
 import org.apache.airavata.credential.store.datamodel.PasswordCredential;
 import org.apache.airavata.credential.store.datamodel.SSHCredential;
 import org.apache.airavata.credential.store.exception.CredentialStoreException;
-import org.apache.airavata.grouper.GroupManagerCPI;
-import org.apache.airavata.grouper.GroupManagerException;
-import org.apache.airavata.grouper.GroupManagerFactory;
-import org.apache.airavata.grouper.SubjectType;
-import org.apache.airavata.grouper.group.Group;
-import org.apache.airavata.grouper.permission.PermissionAction;
-import org.apache.airavata.grouper.resource.Resource;
 import org.apache.airavata.messaging.core.MessageContext;
 import org.apache.airavata.messaging.core.MessagingFactory;
 import org.apache.airavata.messaging.core.Publisher;
@@ -83,6 +77,8 @@ import org.apache.airavata.model.workspace.Project;
 import org.apache.airavata.registry.api.RegistryService;
 import org.apache.airavata.registry.api.client.RegistryServiceClientFactory;
 import org.apache.airavata.registry.api.exception.RegistryServiceException;
+import org.apache.airavata.sharing.registry.models.Entity;
+import org.apache.airavata.sharing.registry.server.SharingRegistryServerHandler;
 import org.apache.thrift.TException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -95,14 +91,20 @@ public class AiravataServerHandler implements Airavata.Iface {
     private Publisher experimentPublisher;
     private CredentialStoreService.Client csClient;
 
+    private SharingRegistryServerHandler sharingRegistryServerHandler;
+
     public AiravataServerHandler() {
         try {
             statusPublisher = MessagingFactory.getPublisher(Type.STATUS);
             experimentPublisher = MessagingFactory.getPublisher(Type.EXPERIMENT_LAUNCH);
+
+            sharingRegistryServerHandler = new SharingRegistryServerHandler();
         } catch (ApplicationSettingsException e) {
             logger.error("Error occured while reading airavata-server properties..", e);
         } catch (AiravataException e) {
             logger.error("Error occured while reading airavata-server properties..", e);
+        } catch (TException e) {
+            logger.error("Error occured while reading airavata-server properties..", e);
         }
     }
 
@@ -502,14 +504,17 @@ public class AiravataServerHandler implements Airavata.Iface {
 
         try {
             String projectId = getRegistryServiceClient().createProject(gatewayId, project);
-            Resource projResource = new Resource(projectId, org.apache.airavata.grouper.resource.ResourceType.PROJECT);
-            projResource.setOwnerId(project.getOwner() + "@" + project.getGatewayId());
-            projResource.setName(project.getName());
-            projResource.setDescription(project.getDescription());
 
             if(ServerSettings.isEnableSharing()){
-                GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-                groupManager.createResource(projResource);
+                Entity entity = new Entity();
+                entity.setEntityId(projectId);
+                entity.setDomainId(project.getGatewayId());
+                entity.setEntityTypeId(project.getGatewayId()+":"+"PROJECT");
+                entity.setOwnerId(project.getOwner() + "@" + project.getGatewayId());
+                entity.setName(project.getName());
+                entity.setDescription(project.getDescription());
+
+                sharingRegistryServerHandler.createEntity(entity);
             }
 
             logger.debug("Airavata created project with project Id : " + projectId + " for
gateway Id : " + gatewayId);
@@ -533,9 +538,10 @@ public class AiravataServerHandler implements Airavata.Iface {
             if(ServerSettings.isEnableSharing() && !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME).equals(existingProject.getOwner())
                     || !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID).equals(existingProject.getGatewayId())){
                 try {
-                    if(!hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME)
-                                    +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID),
-                            existingProject.getProjectID(), ResourceType.PROJECT, ResourcePermissionType.WRITE)){
+                    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+                    String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
+                    if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@"
+ gatewayId,
+                            projectId, gatewayId + ":WRITE")){
                         throw new AuthorizationException("User does not have permission to
access this resource");
                     }
                 } catch (Exception e) {
@@ -563,9 +569,10 @@ public class AiravataServerHandler implements Airavata.Iface {
             if(ServerSettings.isEnableSharing() && !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME).equals(existingProject.getOwner())
                     || !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID).equals(existingProject.getGatewayId())){
                 try {
-                    if(!hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME)
-                                    +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID),
-                            existingProject.getProjectID(), ResourceType.PROJECT, ResourcePermissionType.WRITE)){
+                    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+                    String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
+                    if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@"
+ gatewayId,
+                            projectId, gatewayId + ":WRITE")){
                         throw new AuthorizationException("User does not have permission to
access this resource");
                     }
                 } catch (Exception e) {
@@ -607,13 +614,13 @@ public class AiravataServerHandler implements Airavata.Iface {
                 return project;
             }else if (ServerSettings.isEnableSharing()){
                 try {
-                    if(hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME)
-                                    +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID),
-                            project.getProjectID(), ResourceType.PROJECT, ResourcePermissionType.READ)){
-                        return project;
-                    }else {
+                    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+                    String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
+                    if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@"
+ gatewayId,
+                            projectId, gatewayId + ":READ")){
                         throw new AuthorizationException("User does not have permission to
access this resource");
                     }
+                    return project;
                 } catch (Exception e) {
                     throw new AuthorizationException("User does not have permission to access
this resource");
                 }
@@ -686,7 +693,8 @@ public class AiravataServerHandler implements Airavata.Iface {
             List<String> accessibleProjIds  = new ArrayList<>();
 
             if(ServerSettings.isEnableSharing())
-                accessibleProjIds.addAll(getAllAccessibleResourcesForUser(userName+"@"+gatewayId,
ResourceType.PROJECT, ResourcePermissionType.READ));
+                sharingRegistryServerHandler.searchEntities(userName+"@"+gatewayId, gatewayId+":PROJECT",
+                        new HashMap<>(), 0, -1).stream().forEach(e->accessibleProjIds.add(e.entityId));
 
             return getRegistryServiceClient().searchProjects(gatewayId, userName, accessibleProjIds,
filters, limit, offset);
         }catch (Exception e) {
@@ -722,7 +730,8 @@ public class AiravataServerHandler implements Airavata.Iface {
         try {
             List<String> accessibleExpIds = new ArrayList<>();
             if(ServerSettings.isEnableSharing())
-                accessibleExpIds.addAll(getAllAccessibleResourcesForUser(userName + "@" +
gatewayId, ResourceType.EXPERIMENT, ResourcePermissionType.READ));
+                sharingRegistryServerHandler.searchEntities(userName+"@"+gatewayId, gatewayId+":EXPERIMENT",
+                        new HashMap<>(), 0, -1).forEach(e->accessibleExpIds.add(e.entityId));
             return getRegistryServiceClient().searchExperiments(gatewayId, userName, accessibleExpIds,
filters, limit, offset);
         }catch (Exception e) {
             logger.error("Error while retrieving experiments", e);
@@ -784,9 +793,10 @@ public class AiravataServerHandler implements Airavata.Iface {
             if(ServerSettings.isEnableSharing() && !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME).equals(project.getOwner())
                     || !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID).equals(project.getGatewayId())){
                 try {
-                    if(!hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME)
-                                    +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID),
-                            project.getProjectID(), ResourceType.PROJECT, ResourcePermissionType.READ)){
+                    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+                    String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
+                    if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@"
+ gatewayId,
+                            projectId, gatewayId + ":READ")){
                         throw new AuthorizationException("User does not have permission to
access this resource");
                     }
                 } catch (Exception e) {
@@ -860,15 +870,17 @@ public class AiravataServerHandler implements Airavata.Iface {
             AiravataClientException, AiravataSystemException, AuthorizationException, TException
{
         try {
             String experimentId = getRegistryServiceClient().createExperiment(gatewayId,
experiment);
-            Resource expResource = new Resource(experimentId, org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT);
-            expResource.setOwnerId(experiment.getUserName()+"@"+experiment.getGatewayId());
-            expResource.setParentResourceId(experiment.getProjectId());
-            expResource.setName(experiment.getExperimentName());
-            expResource.setDescription(experiment.getDescription());
 
             if(ServerSettings.isEnableSharing()) {
-                GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-                groupManager.createResource(expResource);
+                Entity entity = new Entity();
+                entity.setEntityId(experimentId);
+                entity.setDomainId(experiment.getGatewayId());
+                entity.setEntityTypeId(experiment.getGatewayId()+":"+"EXPERIMENT");
+                entity.setOwnerId(experiment.getUserName() + "@" + experiment.getGatewayId());
+                entity.setName(experiment.getExperimentName());
+                entity.setDescription(experiment.getDescription());
+
+                sharingRegistryServerHandler.createEntity(entity);
             }
 
             ExperimentStatusChangeEvent event = new ExperimentStatusChangeEvent(ExperimentState.CREATED,
@@ -912,9 +924,10 @@ public class AiravataServerHandler implements Airavata.Iface {
             if(ServerSettings.isEnableSharing() && !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME).equals(experimentModel.getUserName())
                     || !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID).equals(experimentModel.getGatewayId())){
                 try {
-                    if(! hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME)
-                                    +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID),
-                            experimentModel.getExperimentId(), ResourceType.EXPERIMENT, ResourcePermissionType.WRITE)){
+                    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+                    String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
+                    if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@"
+ gatewayId,
+                            experimentId, gatewayId + ":WRITE")){
                         throw new AuthorizationException("User does not have permission to
access this resource");
                     }
                 } catch (Exception e) {
@@ -970,13 +983,13 @@ public class AiravataServerHandler implements Airavata.Iface {
                 return experimentModel;
             }else if(ServerSettings.isEnableSharing()){
                 try {
-                    if(hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME)
-                                    +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID),
-                            experimentModel.getExperimentId(), ResourceType.EXPERIMENT, ResourcePermissionType.READ)){
-                        return experimentModel;
-                    }else {
+                    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+                    String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
+                    if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@"
+ gatewayId,
+                            airavataExperimentId, gatewayId + ":READ")){
                         throw new AuthorizationException("User does not have permission to
access this resource");
                     }
+                    return experimentModel;
                 } catch (Exception e) {
                     throw new AuthorizationException("User does not have permission to access
this resource");
                 }
@@ -1065,9 +1078,10 @@ public class AiravataServerHandler implements Airavata.Iface {
             if(ServerSettings.isEnableSharing() && !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME).equals(experimentModel.getUserName())
                 || !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID).equals(experimentModel.getGatewayId())){
                 try {
-                    if(! hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME)
-                                    +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID),
-                            experimentModel.getExperimentId(), ResourceType.EXPERIMENT, ResourcePermissionType.WRITE)){
+                    String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+                    String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
+                    if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@"
+ gatewayId,
+                            airavataExperimentId, gatewayId + ":WRITE")){
                         throw new AuthorizationException("User does not have permission to
access this resource");
                     }
                 } catch (Exception e) {
@@ -1397,13 +1411,16 @@ public class AiravataServerHandler implements Airavata.Iface {
             existingExperiment.setUserName(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME));
             String expId = regClient.createExperiment(gatewayId, existingExperiment);
 
-            String projectId = existingExperiment.getProjectId();
-
             if(ServerSettings.isEnableSharing()){
-                if(!isResourceExistsInGrouper(projectId, ResourceType.PROJECT)){
-                    initializeResourceWithGrouper(projectId, ResourceType.PROJECT);
-                }
-                initializeResourceWithGrouper(expId, ResourceType.EXPERIMENT);
+                Entity entity = new Entity();
+                entity.setEntityId(expId);
+                entity.setDomainId(existingExperiment.getGatewayId());
+                entity.setEntityTypeId(existingExperiment.getGatewayId()+":"+"EXPERIMENT");
+                entity.setOwnerId(existingExperiment.getUserName() + "@" + existingExperiment.getGatewayId());
+                entity.setName(existingExperiment.getExperimentName());
+                entity.setDescription(existingExperiment.getDescription());
+
+                sharingRegistryServerHandler.createEntity(entity);
             }
 
             return expId;
@@ -3641,29 +3658,13 @@ public class AiravataServerHandler implements Airavata.Iface {
                                           Map<String, ResourcePermissionType> userPermissionList)
throws InvalidRequestException,
             AiravataClientException, AiravataSystemException, AuthorizationException, TException
{
         try {
-            if(!isResourceExistsInGrouper(resourceId, resourceType)){
-                initializeResourceWithGrouper(resourceId, resourceType);
-            }
-            GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-            for(Map.Entry<String, ResourcePermissionType> entry : userPermissionList.entrySet()){
-                org.apache.airavata.grouper.resource.ResourceType gResouceType;
-                if(resourceType.equals(ResourceType.EXPERIMENT)){
-                    gResouceType = org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT;
-                }else if(resourceType.equals(ResourceType.PROJECT)){
-                    gResouceType = org.apache.airavata.grouper.resource.ResourceType.PROJECT;
-                }else{
-                    //Unsupported data type
-                    continue;
-                }
-
-                if(entry.getValue().equals(ResourcePermissionType.READ)){
-                    groupManager.grantPermission(entry.getKey(), SubjectType.PERSON, resourceId,
gResouceType, PermissionAction.READ);
-                }else if(entry.getValue().equals(ResourcePermissionType.WRITE)){
-                    groupManager.grantPermission(entry.getKey(), SubjectType.PERSON, resourceId,
gResouceType, PermissionAction.WRITE);
-                }else{
-                    //Unsupported permission type
-                    continue;
-                }
+            for(Map.Entry<String, ResourcePermissionType> userPermission : userPermissionList.entrySet()){
+                if(userPermission.getValue().equals(ResourcePermissionType.WRITE))
+                    sharingRegistryServerHandler.shareEntityWithUsers(resourceId,
+                            Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID)
+ ":" + "WRITE", true);
+                else
+                    sharingRegistryServerHandler.shareEntityWithUsers(resourceId,
+                            Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get("GatewatId")
+ ":" + "READ", true);
             }
             return true;
         } catch (Exception e) {
@@ -3680,29 +3681,13 @@ public class AiravataServerHandler implements Airavata.Iface {
     public boolean revokeSharingOfResourceFromUsers(AuthzToken authzToken, String resourceId,
ResourceType resourceType,
                                                     Map<String, ResourcePermissionType>
userPermissionList) throws InvalidRequestException, AiravataClientException, AiravataSystemException,
AuthorizationException, TException {
         try {
-            if(!isResourceExistsInGrouper(resourceId, resourceType)){
-                initializeResourceWithGrouper(resourceId, resourceType);
-            }
-            GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-            for(Map.Entry<String, ResourcePermissionType> entry : userPermissionList.entrySet()){
-                org.apache.airavata.grouper.resource.ResourceType gResouceType;
-                if(resourceType.equals(ResourceType.EXPERIMENT)){
-                    gResouceType = org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT;
-                }else if(resourceType.equals(ResourceType.PROJECT)){
-                    gResouceType = org.apache.airavata.grouper.resource.ResourceType.PROJECT;
-                }else{
-                    //Unsupported data type
-                    continue;
-                }
-
-                if(entry.getValue().equals(ResourcePermissionType.READ)){
-                    groupManager.revokePermission(entry.getKey(), SubjectType.PERSON, resourceId,
gResouceType, PermissionAction.READ);
-                }else if(entry.getValue().equals(ResourcePermissionType.WRITE)){
-                    groupManager.revokePermission(entry.getKey(), SubjectType.PERSON, resourceId,
gResouceType, PermissionAction.WRITE);
-                }else{
-                    //Unsupported permission type
-                    continue;
-                }
+            for(Map.Entry<String, ResourcePermissionType> userPermission : userPermissionList.entrySet()){
+                if(userPermission.getValue().equals(ResourcePermissionType.WRITE))
+                    sharingRegistryServerHandler.revokeEntitySharingFromUsers(resourceId,
+                            Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID)
+ ":" + "WRITE");
+                else
+                    sharingRegistryServerHandler.revokeEntitySharingFromUsers(resourceId,
+                            Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID)
+ ":" + "READ");
             }
             return true;
         } catch (Exception e) {
@@ -3718,26 +3703,9 @@ public class AiravataServerHandler implements Airavata.Iface {
     @SecurityCheck
     public List<String> getAllAccessibleUsers(AuthzToken authzToken, String resourceId,
ResourceType resourceType, ResourcePermissionType permissionType) throws InvalidRequestException,
AiravataClientException, AiravataSystemException, AuthorizationException, TException {
         try {
-            GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-            org.apache.airavata.grouper.resource.ResourceType gResourceType;
-            if(resourceType.equals(ResourceType.PROJECT)){
-                gResourceType = org.apache.airavata.grouper.resource.ResourceType.PROJECT;
-            }else if(resourceType.equals(ResourceType.EXPERIMENT)){
-                gResourceType = org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT;
-            }else{
-                throw new GroupManagerException("Unsupported Resource Type");
-            }
-
-            org.apache.airavata.grouper.permission.PermissionAction gPermissionType;
-            if(permissionType.equals(ResourcePermissionType.READ)){
-                gPermissionType = PermissionAction.READ;
-            } else if (permissionType.equals(ResourcePermissionType.WRITE)){
-                gPermissionType = PermissionAction.WRITE;
-            }else{
-                throw new GroupManagerException("Unsupported Permission Type");
-            }
             List<String> accessibleUsers = new ArrayList<>();
-            accessibleUsers.addAll(groupManager.getAllAccessibleUsers(resourceId, gResourceType,
gPermissionType));
+            if(permissionType.equals(ResourcePermissionType.WRITE))
+            sharingRegistryServerHandler.getListOfSharedUsers(resourceId, authzToken.getClaimsMap().get(Constants.GATEWAY_ID)
+ ":WRITE").stream().forEach(u->accessibleUsers.add(u.userId));
             return accessibleUsers;
         } catch (Exception e) {
             String msg = "Error in getting all accessible users for resource. Resource ID
: " + resourceId + " Resource Type : " + resourceType.toString() ;
@@ -3752,12 +3720,7 @@ public class AiravataServerHandler implements Airavata.Iface {
     @SecurityCheck
     public boolean createGroup(AuthzToken authzToken, GroupModel groupModel) throws InvalidRequestException,
AiravataClientException, AiravataSystemException, AuthorizationException, TException {
         try {
-            GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-            Group group = new Group();
-            group.setName(groupModel.getName());
-            group.setDescription(groupModel.getDescription());
-            group.setMembers(groupModel.getMembers());
-            groupManager.createGroup(group);
+            throw new UnsupportedOperationException("Method not supported yet");
         } catch (Exception e) {
             String msg = "Error Creating Group" ;
             logger.error(msg, e);
@@ -3765,20 +3728,14 @@ public class AiravataServerHandler implements Airavata.Iface {
             exception.setMessage(msg + " More info : " + e.getMessage());
             throw exception;
         }
-        return true;
     }
 
     @Override
     @SecurityCheck
-    public boolean updateGroup(AuthzToken authzToken, GroupModel groupModel) throws InvalidRequestException,
AiravataClientException, AiravataSystemException, AuthorizationException, TException {
+    public boolean updateGroup(AuthzToken authzToken, GroupModel groupModel) throws InvalidRequestException,
+            AiravataClientException, AiravataSystemException, AuthorizationException, TException
{
         try {
-            GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-            Group group = new Group();
-            group.setId(groupModel.getId());
-            group.setName(groupModel.getName());
-            group.setDescription(groupModel.getDescription());
-            group.setMembers(groupModel.getMembers());
-            groupManager.updateGroup(group);
+            throw new UnsupportedOperationException("Method not supported yet");
         } catch (Exception e) {
             String msg = "Error Updating Group" ;
             logger.error(msg, e);
@@ -3786,15 +3743,14 @@ public class AiravataServerHandler implements Airavata.Iface {
             exception.setMessage(msg + " More info : " + e.getMessage());
             throw exception;
         }
-        return true;
     }
 
     @Override
     @SecurityCheck
-    public boolean deleteGroup(AuthzToken authzToken, String groupId, String ownerId, String
gatewayId) throws InvalidRequestException, AiravataClientException, AiravataSystemException,
AuthorizationException, TException {
+    public boolean deleteGroup(AuthzToken authzToken, String groupId, String ownerId, String
gatewayId) throws
+            InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException,
TException {
         try {
-            GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-            groupManager.deleteGroup(groupId, ownerId + "@" + gatewayId);
+            throw new UnsupportedOperationException("Method not supported yet");
         } catch (Exception e) {
             String msg = "Error Deleting Group. Group ID: " + groupId ;
             logger.error(msg, e);
@@ -3802,22 +3758,14 @@ public class AiravataServerHandler implements Airavata.Iface {
             exception.setMessage(msg + " More info : " + e.getMessage());
             throw exception;
         }
-        return true;
     }
 
     @Override
     @SecurityCheck
-    public GroupModel getGroup(AuthzToken authzToken, String groupId) throws InvalidRequestException,
AiravataClientException, AiravataSystemException, AuthorizationException, TException {
+    public GroupModel getGroup(AuthzToken authzToken, String groupId) throws InvalidRequestException,
+            AiravataClientException, AiravataSystemException, AuthorizationException, TException
{
         try {
-            GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-            Group group = groupManager.getGroup(groupId);
-            GroupModel groupModel = new GroupModel();
-            groupModel.setId(group.getId());
-            groupModel.setName(group.getName());
-            groupModel.setDescription(group.getDescription());
-            groupModel.setMembers(group.getMembers());
-
-            return  groupModel;
+            throw new UnsupportedOperationException("Method not supported yet");
         } catch (Exception e) {
             String msg = "Error Retreiving Group. Group ID: " + groupId ;
             logger.error(msg, e);
@@ -3829,21 +3777,10 @@ public class AiravataServerHandler implements Airavata.Iface {
 
     @Override
     @SecurityCheck
-    public List<GroupModel> getAllGroupsUserBelongs(AuthzToken authzToken, String userName,
String gatewayId) throws InvalidRequestException, AiravataClientException, AiravataSystemException,
AuthorizationException, TException {
+    public List<GroupModel> getAllGroupsUserBelongs(AuthzToken authzToken, String userName,
String gatewayId)
+            throws InvalidRequestException, AiravataClientException, AiravataSystemException,
AuthorizationException, TException {
         try {
-            GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-            List<Group> userGroups = groupManager.getAllGroupsUserBelongs(userName+"@"+gatewayId);
-            List<GroupModel> groupModels = new ArrayList<>();
-            userGroups.stream().forEach(group->{
-                GroupModel groupModel = new GroupModel();
-                groupModel.setId(group.getId());
-                groupModel.setName(group.getName());
-                groupModel.setDescription(group.getDescription());
-                groupModel.setMembers(group.getMembers());
-
-                groupModels.add(groupModel);
-            });
-            return groupModels;
+            throw new UnsupportedOperationException("Method not supported yet");
         } catch (Exception e) {
             String msg = "Error Retreiving All Groups for User. User ID: " + userName ;
             logger.error(msg, e);
@@ -3853,115 +3790,6 @@ public class AiravataServerHandler implements Airavata.Iface {
         }
     }
 
-    @Override
-    public boolean isDataSharingEnabled() throws InvalidRequestException, AiravataClientException,
AiravataSystemException, AuthorizationException, TException {
-        try {
-            return ServerSettings.isEnableSharing();
-        } catch (ApplicationSettingsException e) {
-            AiravataSystemException exception = new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR);
-            exception.setMessage( e.getMessage());
-            throw exception;
-        }
-    }
-
-    private void initializeResourceWithGrouper(String resourceId, ResourceType resourceType)
throws RegistryServiceException, GroupManagerException, TException, ApplicationSettingsException
{
-        GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-        if(resourceType.equals(ResourceType.PROJECT)){
-            Project project = (Project) getRegistryServiceClient().getProject(resourceId);
-
-            Resource projectResource = new Resource(project.getProjectID(), org.apache.airavata.grouper.resource.ResourceType.PROJECT);
-            projectResource.setName(project.getName());
-            projectResource.setDescription(project.getDescription());
-            projectResource.setOwnerId(project.getOwner()+"@"+project.getGatewayId());
-            groupManager.createResource(projectResource);
-
-        }else if(resourceType.equals(ResourceType.EXPERIMENT)){
-            ExperimentModel experiment = getRegistryServiceClient().getExperiment(resourceId);
-            if(!isResourceExistsInGrouper(experiment.getProjectId(), ResourceType.PROJECT)){
-                initializeResourceWithGrouper(experiment.getProjectId(), ResourceType.PROJECT);
-            }
-            Resource experimentResource = new Resource(experiment.getExperimentId(), org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT);
-            experimentResource.setName(experiment.getExperimentName());
-            experimentResource.setDescription(experiment.getDescription());
-            experimentResource.setParentResourceId(experiment.getProjectId());
-            experimentResource.setOwnerId(experiment.getUserName()+"@"+experiment.getGatewayId());
-            groupManager.createResource(experimentResource);
-        }else{
-            throw new GroupManagerException("Unsupported Resource Type");
-        }
-
-    }
-
-    private boolean isResourceExistsInGrouper(String resourceId, ResourceType resourceType)
throws GroupManagerException {
-        GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-        if(resourceType.equals(ResourceType.PROJECT)){
-            return groupManager.isResourceRegistered(resourceId, org.apache.airavata.grouper.resource.ResourceType.PROJECT);
-        }else if(resourceType.equals(ResourceType.EXPERIMENT)){
-            return groupManager.isResourceRegistered(resourceId, org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT);
-        }else{
-            throw new GroupManagerException("Unsupported Resource Type");
-        }
-
-    }
-
-    private boolean hasPermission(String userId, String resourceId, ResourceType resourceType,
ResourcePermissionType permissionType)
-            throws GroupManagerException, TException, ApplicationSettingsException {
-        if(!isResourceExistsInGrouper(resourceId, resourceType)){
-            initializeResourceWithGrouper(resourceId, resourceType);
-        }
-        GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-        org.apache.airavata.grouper.resource.ResourceType gResourceType;
-        if(resourceType.equals(ResourceType.PROJECT)){
-            gResourceType = org.apache.airavata.grouper.resource.ResourceType.PROJECT;
-        }else if(resourceType.equals(ResourceType.EXPERIMENT)){
-            gResourceType = org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT;
-        }else{
-            throw new GroupManagerException("Unsupported Resource Type");
-        }
-
-        org.apache.airavata.grouper.permission.PermissionAction gPermissionType;
-        if(permissionType.equals(ResourcePermissionType.READ)){
-            gPermissionType = PermissionAction.READ;
-        } else if (permissionType.equals(ResourcePermissionType.WRITE)){
-            gPermissionType = PermissionAction.WRITE;
-        }else{
-            throw new GroupManagerException("Unsupported Permission Type");
-        }
-        Set<String> accessibleUsers = groupManager.getAllAccessibleUsers(resourceId,
gResourceType, gPermissionType);
-        return accessibleUsers.contains(userId);
-    }
-
-    private List<String> getAllAccessibleResourcesForUser(String userId, ResourceType
resourceType, ResourcePermissionType permissionType)
-            throws GroupManagerException, TException, ApplicationSettingsException {
-        if(!getRegistryServiceClient().isUserExists(userId.split("@")[1], userId.split("@")[0])){
-            //user is still not initialized in the sistem
-            return new ArrayList<>();
-        }
-
-        GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager();
-        org.apache.airavata.grouper.resource.ResourceType gResourceType;
-        if(resourceType.equals(ResourceType.PROJECT)){
-            gResourceType = org.apache.airavata.grouper.resource.ResourceType.PROJECT;
-        }else if(resourceType.equals(ResourceType.EXPERIMENT)){
-            gResourceType = org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT;
-        }else{
-            throw new GroupManagerException("Unsupported Resource Type");
-        }
-
-        org.apache.airavata.grouper.permission.PermissionAction gPermissionType;
-        if(permissionType.equals(ResourcePermissionType.READ)){
-            gPermissionType = PermissionAction.READ;
-        } else if (permissionType.equals(ResourcePermissionType.WRITE)){
-            gPermissionType = PermissionAction.WRITE;
-        }else{
-            throw new GroupManagerException("Unsupported Permission Type");
-        }
-
-        List<String> allAccessibleResources = groupManager.getAccessibleResourcesForUser(userId,
gResourceType, gPermissionType);
-        return allAccessibleResources;
-    }
-
-
     private void submitExperiment(String gatewayId,String experimentId) throws AiravataException
{
         ExperimentSubmitEvent event = new ExperimentSubmitEvent(experimentId, gatewayId);
         MessageContext messageContext = new MessageContext(event, MessageType.EXPERIMENT,
"LAUNCH.EXP-" + UUID.randomUUID().toString(), gatewayId);


Mime
View raw message