AIRAVATA-2190 cloneExperiment: check for project write access
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/e275b7bc Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/e275b7bc Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/e275b7bc Branch: refs/heads/develop Commit: e275b7bc55980ee5360a547288eaa7f50664c7dd Parents: a36adaf Author: Marcus Christie <[email protected]> Authored: Fri Nov 4 11:05:42 2016 -0400 Committer: Marcus Christie <[email protected]> Committed: Fri Nov 4 11:05:42 2016 -0400 ---------------------------------------------------------------------- .../api/server/handler/AiravataServerHandler.java | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/e275b7bc/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java index 8bcae6a..6c6c07f 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java @@ -1585,11 +1585,18 @@ public class AiravataServerHandler implements Airavata.Iface { logger.error("Error while cloning experiment {}, project {} doesn't exist.", existingExperimentID, newExperimentProjectId); throw new ProjectNotFoundException("Requested project id " + newExperimentProjectId + " does not exist in the system.."); } - // TODO: make sure user has write access to the project as well existingExperiment.setProjectId(project.getProjectID()); } - String gatewayId = existingExperiment.getGatewayId(); + // make sure user has write access to the project + String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + String userId = authzToken.getClaimsMap().get(Constants.USER_NAME); + if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@" + gatewayId, + existingExperiment.getProjectId(), gatewayId + ":WRITE")){ + logger.error("Error while cloning experiment {}, user doesn't have write access to project {}", existingExperimentID, existingExperiment.getProjectId()); + throw new AuthorizationException("User does not have permission to clone an experiment in this project"); + } + existingExperiment.setCreationTime(AiravataUtils.getCurrentTimestamp().getTime()); if (existingExperiment.getExecutionId() != null){ List<OutputDataObjectType> applicationOutputs = regClient.getApplicationOutputs(existingExperiment.getExecutionId()); @@ -1612,7 +1619,7 @@ public class AiravataServerHandler implements Airavata.Iface { } } logger.debug("Airavata cloned experiment with experiment id : " + existingExperimentID); - existingExperiment.setUserName(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME)); + existingExperiment.setUserName(userId); String expId = regClient.createExperiment(gatewayId, existingExperiment); if(ServerSettings.isEnableSharing()){
