airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scnakand...@apache.org
Subject [3/3] airavata git commit: implementing user has access API method
Date Tue, 04 Oct 2016 20:56:59 GMT
implementing user has access API method


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/3c73df27
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/3c73df27
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/3c73df27

Branch: refs/heads/airavata-gov-registry
Commit: 3c73df27768c32d795ec15a41adee55a8da9d61a
Parents: 244e841
Author: scnakandala <supun.nakandala@gmail.com>
Authored: Tue Oct 4 16:56:53 2016 -0400
Committer: scnakandala <supun.nakandala@gmail.com>
Committed: Tue Oct 4 16:56:53 2016 -0400

----------------------------------------------------------------------
 .../db/repositories/AbstractRepository.java     |    2 +-
 .../repositories/PermissionTypeRepository.java  |   18 +
 .../db/repositories/SharingRepository.java      |   18 +
 .../sharing/registry/db/utils/DBConstants.java  |    1 +
 .../server/GovRegistryServerHandler.java        |   38 +-
 .../registry/GovRegistryServerHandlerTest.java  |    6 +-
 .../service/cpi/GovRegistryService.java         | 3418 ++++++++++++------
 .../thrift_models/sharing_cpi.thrift            |    1 +
 8 files changed, 2432 insertions(+), 1070 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/3c73df27/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java
----------------------------------------------------------------------
diff --git a/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java
b/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java
index 696f725..4a56cc1 100644
--- a/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java
+++ b/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java
@@ -120,7 +120,7 @@ public abstract class AbstractRepository<T, E, Id> {
         if(filters != null && filters.size() != 0){
             query += " WHERE ";
             for(String k : filters.keySet()){
-                query += "p." + k + " LIKE '%" + filters.get(k) + "%' AND ";
+                query += "p." + k + " = '" + filters.get(k) + "' AND ";
             }
             query = query.substring(0, query.length()-5);
         }

http://git-wip-us.apache.org/repos/asf/airavata/blob/3c73df27/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java
----------------------------------------------------------------------
diff --git a/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java
b/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java
index abc290a..03449e8 100644
--- a/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java
+++ b/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java
@@ -21,14 +21,32 @@
 package org.apache.airavata.sharing.registry.db.repositories;
 
 import org.apache.airavata.sharing.registry.db.entities.PermissionTypeEntity;
+import org.apache.airavata.sharing.registry.db.utils.DBConstants;
+import org.apache.airavata.sharing.registry.models.GovRegistryException;
 import org.apache.airavata.sharing.registry.models.PermissionType;
+import org.apache.airavata.sharing.registry.server.GovRegistryServerHandler;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.util.HashMap;
+import java.util.List;
+
 public class PermissionTypeRepository extends AbstractRepository<PermissionType, PermissionTypeEntity,
String> {
     private final static Logger logger = LoggerFactory.getLogger(PermissionTypeRepository.class);
 
     public PermissionTypeRepository() {
         super(PermissionType.class, PermissionTypeEntity.class);
     }
+
+    public String getGlobalPermissionTypeIdForDomain(String domainId) throws GovRegistryException
{
+        HashMap<String, String> filters = new HashMap<>();
+        filters.put(DBConstants.PermissionTypeTable.DOMAIN_ID, domainId);
+        filters.put(DBConstants.PermissionTypeTable.NAME, GovRegistryServerHandler.GLOBAL_PERMISSION_NAME);
+        List<PermissionType> permissionTypeList = select(filters, 0, -1);
+        if(permissionTypeList.size() != 1){
+            throw new GovRegistryException("GLOBAL Permission inconsistency. Found " + permissionTypeList.size()
+                    + " records with " + GovRegistryServerHandler.GLOBAL_PERMISSION_NAME
+ " name");
+        }
+        return permissionTypeList.get(0).getPermissionTypeId();
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/airavata/blob/3c73df27/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java
----------------------------------------------------------------------
diff --git a/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java
b/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java
index f1ad871..27f9e0e 100644
--- a/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java
+++ b/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java
@@ -53,4 +53,22 @@ public class SharingRepository extends AbstractRepository<Sharing, SharingEntity
         filters.put(DBConstants.SharingTable.ENTITY_ID, entityId);
         return select(filters, 0, -1);
     }
+
+    public boolean hasAccess(String entityId, List<String> groupIds, List<String>
permissionTypeIds) throws GovRegistryException {
+        String query = "SELECT p from " + SharingEntity.class.getSimpleName() + " as p";
+        query += " WHERE ";
+        query += "p." + DBConstants.SharingTable.ENTITY_ID + " = '" + entityId + "' AND ";
+        String permissionTypeIdString = "'";
+        for(String permissionId : permissionTypeIds)
+            permissionTypeIdString += permissionId + "','";
+        permissionTypeIdString = permissionTypeIdString.substring(0, permissionTypeIdString.length()-2);
+        query += "p." + DBConstants.SharingTable.PERMISSION_TYPE_ID + " IN(" + permissionTypeIdString
+ ") AND ";
+        String groupIdString = "'";
+        for(String groupId : groupIds)
+            groupIdString += groupId + "','";
+        groupIdString = groupIdString.substring(0, groupIdString.length()-2);
+        query += "p." + DBConstants.SharingTable.GROUP_ID + " IN(" + groupIdString + ") ";
+        query += " ORDER BY p.createdTime DESC";
+        return select(query, 0, -1).size() > 0;
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/airavata/blob/3c73df27/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/utils/DBConstants.java
----------------------------------------------------------------------
diff --git a/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/utils/DBConstants.java
b/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/utils/DBConstants.java
index c8c10b6..1ba558e 100644
--- a/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/utils/DBConstants.java
+++ b/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/db/utils/DBConstants.java
@@ -63,6 +63,7 @@ public class DBConstants {
     public static class PermissionTypeTable {
         public static String ENTITY_TYPE_ID = "permissionTypeId";
         public static String DOMAIN_ID = "domainId";
+        public static String NAME = "name";
     }
 
     public static class EntityTable {

http://git-wip-us.apache.org/repos/asf/airavata/blob/3c73df27/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/server/GovRegistryServerHandler.java
----------------------------------------------------------------------
diff --git a/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/server/GovRegistryServerHandler.java
b/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/server/GovRegistryServerHandler.java
index 41d9f29..eb04938 100644
--- a/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/server/GovRegistryServerHandler.java
+++ b/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/main/java/org/apache/airavata/sharing/registry/server/GovRegistryServerHandler.java
@@ -36,6 +36,8 @@ import java.util.*;
 public class GovRegistryServerHandler implements GovRegistryService.Iface{
     private final static Logger logger = LoggerFactory.getLogger(GovRegistryServerHandler.class);
 
+    public static String GLOBAL_PERMISSION_NAME = "GLOBAL";
+
     private DomainRepository domainRepository;
     private UserRepository userRepository;
     private UserGroupRepository userGroupRepository;
@@ -65,6 +67,17 @@ public class GovRegistryServerHandler implements GovRegistryService.Iface{
         domain.setCreatedTime(System.currentTimeMillis());
         domain.setUpdatedTime(System.currentTimeMillis());
         domainRepository.create(domain);
+
+        //create the global permission for the domain
+        PermissionType permissionType = new PermissionType();
+        permissionType.setPermissionTypeId(domain.domainId+":"+GLOBAL_PERMISSION_NAME);
+        permissionType.setDomainId(domain.domainId);
+        permissionType.setName(GLOBAL_PERMISSION_NAME);
+        permissionType.setDescription("GLOBAL permission to " + domain.domainId);
+        permissionType.setCreatedTime(System.currentTimeMillis());
+        permissionType.setUpdatedTime(System.currentTimeMillis());
+        permissionTypeRepository.create(permissionType);
+
         return domain.domainId;
     }
 
@@ -336,11 +349,23 @@ public class GovRegistryServerHandler implements GovRegistryService.Iface{
         entity.setUpdatedTime(System.currentTimeMillis());
         entityRepository.create(entity);
 
+        //Assigning global permission for the owner
+        Sharing newSharing = new Sharing();
+        newSharing.setPermissionTypeId(permissionTypeRepository.getGlobalPermissionTypeIdForDomain(entity.domainId));
+        newSharing.setEntityId(entity.entityId);
+        newSharing.setGroupId(entity.ownerId);
+        newSharing.setGroupType(GroupType.SINGLE_USER);
+        newSharing.setSharingType(SharingType.DIRECT);
+        newSharing.setCreatedTime(System.currentTimeMillis());
+        newSharing.setUpdatedTime(System.currentTimeMillis());
+
+        sharingRepository.create(newSharing);
+
         //creating records for inherited permissions
         if(entity.getParentEntityId() != null && entity.getParentEntityId() != ""){
             List<Sharing> sharings = sharingRepository.getPermissionsForEntity(entity.parentEntityId);
             for(Sharing sharing : sharings){
-                Sharing newSharing = new Sharing();
+                newSharing = new Sharing();
                 newSharing.setPermissionTypeId(sharing.permissionTypeId);
                 newSharing.setEntityId(entity.entityId);
                 newSharing.setGroupId(sharing.groupId);
@@ -452,6 +477,17 @@ public class GovRegistryServerHandler implements GovRegistryService.Iface{
         return revokeEntitySharing(entityId, groupList, permissionTypeId);
     }
 
+    @Override
+    public boolean userHasAccess(String domainId, String userId, String entityId, String
permissionTypeId) throws GovRegistryException, TException {
+        //check whether the user has permission directly or indirectly
+        List<GroupMembership> parentMemberships = groupMembershipRepository.getAllParentMembershipsForChild(userId);
+        List<String> groupIds = new ArrayList<>();
+        parentMemberships.stream().forEach(pm->groupIds.add(pm.parentId));
+        groupIds.add(userId);
+        return sharingRepository.hasAccess(entityId, groupIds, Arrays.asList(permissionTypeId,
+                permissionTypeRepository.getGlobalPermissionTypeIdForDomain(domainId)));
+    }
+
     public boolean revokeEntitySharing(String entityId, List<String> groupOrUserList,
String permissionTypeId) throws GovRegistryException {
         //revoking permission for the entity
         LinkedList<Sharing> temp = new LinkedList<>();

http://git-wip-us.apache.org/repos/asf/airavata/blob/3c73df27/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/test/java/org/apache/airavata/sharing/registry/GovRegistryServerHandlerTest.java
----------------------------------------------------------------------
diff --git a/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/test/java/org/apache/airavata/sharing/registry/GovRegistryServerHandlerTest.java
b/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/test/java/org/apache/airavata/sharing/registry/GovRegistryServerHandlerTest.java
index 4792619..ff6a08c 100644
--- a/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/test/java/org/apache/airavata/sharing/registry/GovRegistryServerHandlerTest.java
+++ b/modules/airavata-sharing-registry/airavata-sharing-registry-core/src/test/java/org/apache/airavata/sharing/registry/GovRegistryServerHandlerTest.java
@@ -243,7 +243,7 @@ public class GovRegistryServerHandlerTest {
         entity4.setEntityId(domainId+":Entity4");
         entity4.setDomainId(domainId);
         entity4.setEntityTypeId(entityTypeId3);
-        entity4.setOwnerId(userId1);
+        entity4.setOwnerId(userId3);
         entity4.setName("Input name");
         entity4.setDescription("Input file description");
         entity4.setParentEntityId(entityId3);
@@ -257,6 +257,10 @@ public class GovRegistryServerHandlerTest {
         String entityId4 = govRegistryServerHandler.createEntity(entity4);
         Assert.assertNotNull(entityId4);
 
+        Assert.assertTrue(govRegistryServerHandler.userHasAccess(domainId, userId3, entityId4,
permissionTypeId1));
+        Assert.assertTrue(govRegistryServerHandler.userHasAccess(domainId, userId2, entityId4,
permissionTypeId1));
+        Assert.assertTrue(govRegistryServerHandler.userHasAccess(domainId, userId1, entityId4,
permissionTypeId1));
+        Assert.assertFalse(govRegistryServerHandler.userHasAccess(domainId, userId3, entityId1,
permissionTypeId1));
 
 //        govRegistryServerHandler.revokeEntitySharingFromUsers(entityId1, Arrays.asList(userId2),
permissionTypeId1);
 //        govRegistryServerHandler.revokeEntitySharingFromGroups(entityId3, Arrays.asList(groupId2),
permissionTypeId1);


Mime
View raw message