This is an automated email from the ASF dual-hosted git repository. machristie pushed a commit to branch group-based-auth in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/group-based-auth by this push: new 97f03cc Disable permission to execute application for now 97f03cc is described below commit 97f03cc04c90fb4ef7c2450260e970a22a69761a Author: Marcus Christie <machris...@apache.org> AuthorDate: Thu Feb 22 11:56:08 2018 -0500 Disable permission to execute application for now --- .../api/server/handler/AiravataServerHandler.java | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java index 37cbffc..99b5fa1 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java @@ -1809,14 +1809,15 @@ public class AiravataServerHandler implements Airavata.Iface { SharingRegistryService.Client sharingClient = sharingClientPool.getResource(); try { ExperimentModel experiment = regClient.getExperiment(airavataExperimentId); - String userId = authzToken.getClaimsMap().get(Constants.USER_NAME); - String appInterfaceId = experiment.getExecutionId(); - ApplicationInterfaceDescription applicationInterfaceDescription = regClient.getApplicationInterface(appInterfaceId); - List<String> entityIds = applicationInterfaceDescription.getApplicationModules(); - if (!sharingClient.userHasAccess(gatewayId, userId + "@" + gatewayId, entityIds.get(0),gatewayId + ":READ")) { - logger.error(airavataExperimentId, "User does not have access to application module {}.", entityIds.get(0)); - throw new AuthorizationException("User does not have permission to access this resource"); - } + // TODO: fix checking if the user has access to the deployment of this application, should check for entity type APPLICATION_DEPLOYMENT and permission type EXEC +// String userId = authzToken.getClaimsMap().get(Constants.USER_NAME); +// String appInterfaceId = experiment.getExecutionId(); +// ApplicationInterfaceDescription applicationInterfaceDescription = regClient.getApplicationInterface(appInterfaceId); +// List<String> entityIds = applicationInterfaceDescription.getApplicationModules(); +// if (!sharingClient.userHasAccess(gatewayId, userId + "@" + gatewayId, entityIds.get(0),gatewayId + ":READ")) { +// logger.error(airavataExperimentId, "User does not have access to application module {}.", entityIds.get(0)); +// throw new AuthorizationException("User does not have permission to access this resource"); +// } if (experiment == null) { logger.error(airavataExperimentId, "Error while launching experiment, experiment {} doesn't exist.", airavataExperimentId); throw new ExperimentNotFoundException("Requested experiment id " + airavataExperimentId + " does not exist in the system.."); -- To stop receiving notification emails like this one, please contact machris...@apache.org.