Repository: airavata Updated Branches: refs/heads/develop 073e45698 -> 32e0b8b1b
fixing AIRAVATA-2217 : Sharing service should prevent removing sharing of experiments from the project's owner Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/32e0b8b1 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/32e0b8b1 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/32e0b8b1 Branch: refs/heads/develop Commit: 32e0b8b1bdf26b3ee31bdd6cc8f09416a24b12d0 Parents: 073e456 Author: scnakandala <[email protected]> Authored: Thu Nov 10 13:21:44 2016 -0500 Committer: scnakandala <[email protected]> Committed: Thu Nov 10 13:21:44 2016 -0500 ---------------------------------------------------------------------- .../db/repositories/PermissionTypeRepository.java | 2 +- .../server/SharingRegistryServerHandler.java | 16 +++++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/32e0b8b1/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java ---------------------------------------------------------------------- diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java index 62a725e..b89fdf3 100644 --- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java +++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/PermissionTypeRepository.java @@ -39,7 +39,7 @@ public class PermissionTypeRepository extends AbstractRepository<PermissionType, super(PermissionType.class, PermissionTypeEntity.class); } - public String getGlobalPermissionTypeIdForDomain(String domainId) throws SharingRegistryException { + public String getOwnerPermissionTypeIdForDomain(String domainId) throws SharingRegistryException { HashMap<String, String> filters = new HashMap<>(); filters.put(DBConstants.PermissionTypeTable.DOMAIN_ID, domainId); filters.put(DBConstants.PermissionTypeTable.NAME, SharingRegistryServerHandler.OWNER_PERMISSION_NAME); http://git-wip-us.apache.org/repos/asf/airavata/blob/32e0b8b1/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java ---------------------------------------------------------------------- diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java index 97a7142..38bcde1 100644 --- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java +++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java @@ -622,7 +622,7 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac //Assigning global permission for the owner Sharing newSharing = new Sharing(); - newSharing.setPermissionTypeId(permissionTypeRepository.getGlobalPermissionTypeIdForDomain(entity.domainId)); + newSharing.setPermissionTypeId(permissionTypeRepository.getOwnerPermissionTypeIdForDomain(entity.domainId)); newSharing.setEntityId(entity.entityId); newSharing.setGroupId(entity.ownerId); newSharing.setSharingType(SharingType.DIRECT_CASCADING); @@ -769,8 +769,8 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac private boolean shareEntity(String domainId, String entityId, List<String> groupOrUserList, String permissionTypeId, boolean cascadePermission) throws SharingRegistryException, TException { try{ - if(permissionTypeId.equals(permissionTypeRepository.getGlobalPermissionTypeIdForDomain(domainId))){ - throw new SharingRegistryException(OWNER_PERMISSION_NAME + " permission cannot be assigned"); + if(permissionTypeId.equals(permissionTypeRepository.getOwnerPermissionTypeIdForDomain(domainId))){ + throw new SharingRegistryException(OWNER_PERMISSION_NAME + " permission cannot be assigned or removed"); } //Adding permission for the specified users/groups for the specified entity @@ -825,6 +825,9 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac @Override public boolean revokeEntitySharingFromUsers(String domainId, String entityId, List<String> userList, String permissionTypeId) throws SharingRegistryException, TException { try{ + if(permissionTypeId.equals(permissionTypeRepository.getOwnerPermissionTypeIdForDomain(domainId))){ + throw new SharingRegistryException(OWNER_PERMISSION_NAME + " permission cannot be assigned or removed"); + } return revokeEntitySharing(domainId, entityId, userList, permissionTypeId); }catch (SharingRegistryException ex) { logger.error(ex.getMessage(), ex); @@ -836,6 +839,9 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac @Override public boolean revokeEntitySharingFromGroups(String domainId, String entityId, List<String> groupList, String permissionTypeId) throws SharingRegistryException, TException { try{ + if(permissionTypeId.equals(permissionTypeRepository.getOwnerPermissionTypeIdForDomain(domainId))){ + throw new SharingRegistryException(OWNER_PERMISSION_NAME + " permission cannot be assigned or removed"); + } return revokeEntitySharing(domainId, entityId, groupList, permissionTypeId); }catch (SharingRegistryException ex) { logger.error(ex.getMessage(), ex); @@ -852,7 +858,7 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac parentMemberships.stream().forEach(pm->groupIds.add(pm.parentId)); groupIds.add(userId); return sharingRepository.hasAccess(domainId, entityId, groupIds, Arrays.asList(permissionTypeId, - permissionTypeRepository.getGlobalPermissionTypeIdForDomain(domainId))); + permissionTypeRepository.getOwnerPermissionTypeIdForDomain(domainId))); }catch (SharingRegistryException ex) { logger.error(ex.getMessage(), ex); throw ex; @@ -861,7 +867,7 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac public boolean revokeEntitySharing(String domainId, String entityId, List<String> groupOrUserList, String permissionTypeId) throws SharingRegistryException { try{ - if(permissionTypeId.equals(permissionTypeRepository.getGlobalPermissionTypeIdForDomain(domainId))){ + if(permissionTypeId.equals(permissionTypeRepository.getOwnerPermissionTypeIdForDomain(domainId))){ throw new SharingRegistryException(OWNER_PERMISSION_NAME + " permission cannot be removed"); }
