airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scnakand...@apache.org
Subject [2/3] airavata git commit: AIRAVATA-2190 cloneExperiment: check for project write access
Date Fri, 04 Nov 2016 15:25:38 GMT
AIRAVATA-2190 cloneExperiment: check for project write access


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/e275b7bc
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/e275b7bc
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/e275b7bc

Branch: refs/heads/develop
Commit: e275b7bc55980ee5360a547288eaa7f50664c7dd
Parents: a36adaf
Author: Marcus Christie <machrist@iu.edu>
Authored: Fri Nov 4 11:05:42 2016 -0400
Committer: Marcus Christie <machrist@iu.edu>
Committed: Fri Nov 4 11:05:42 2016 -0400

----------------------------------------------------------------------
 .../api/server/handler/AiravataServerHandler.java      | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/e275b7bc/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
index 8bcae6a..6c6c07f 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
@@ -1585,11 +1585,18 @@ public class AiravataServerHandler implements Airavata.Iface {
                     logger.error("Error while cloning experiment {}, project {} doesn't exist.",
existingExperimentID, newExperimentProjectId);
                     throw new ProjectNotFoundException("Requested project id " + newExperimentProjectId
+ " does not exist in the system..");
                 }
-                // TODO: make sure user has write access to the project as well
                 existingExperiment.setProjectId(project.getProjectID());
             }
 
-            String gatewayId = existingExperiment.getGatewayId();
+            // make sure user has write access to the project
+            String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+            String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
+            if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@" + gatewayId,
+                    existingExperiment.getProjectId(), gatewayId + ":WRITE")){
+                logger.error("Error while cloning experiment {}, user doesn't have write
access to project {}", existingExperimentID, existingExperiment.getProjectId());
+                throw new AuthorizationException("User does not have permission to clone
an experiment in this project");
+            }
+
             existingExperiment.setCreationTime(AiravataUtils.getCurrentTimestamp().getTime());
             if (existingExperiment.getExecutionId() != null){
                 List<OutputDataObjectType> applicationOutputs = regClient.getApplicationOutputs(existingExperiment.getExecutionId());
@@ -1612,7 +1619,7 @@ public class AiravataServerHandler implements Airavata.Iface {
                 }
             }
             logger.debug("Airavata cloned experiment with experiment id : " + existingExperimentID);
-            existingExperiment.setUserName(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME));
+            existingExperiment.setUserName(userId);
             String expId = regClient.createExperiment(gatewayId, existingExperiment);
 
             if(ServerSettings.isEnableSharing()){


Mime
View raw message