[airavata] branch group-based-auth updated: Disable permission to execute application for now

Thu, 22 Feb 2018 08:56:58 -0800 

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git


The following commit(s) were added to refs/heads/group-based-auth by this push:
     new 97f03cc  Disable permission to execute application for now
97f03cc is described below

commit 97f03cc04c90fb4ef7c2450260e970a22a69761a
Author: Marcus Christie <machris...@apache.org>
AuthorDate: Thu Feb 22 11:56:08 2018 -0500

    Disable permission to execute application for now
---
 .../api/server/handler/AiravataServerHandler.java       | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git 
a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
 
b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
index 37cbffc..99b5fa1 100644
--- 
a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
+++ 
b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
@@ -1809,14 +1809,15 @@ public class AiravataServerHandler implements 
Airavata.Iface {
         SharingRegistryService.Client sharingClient = 
sharingClientPool.getResource();
         try {
             ExperimentModel experiment = 
regClient.getExperiment(airavataExperimentId);
-            String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
-            String appInterfaceId = experiment.getExecutionId();
-            ApplicationInterfaceDescription applicationInterfaceDescription = 
regClient.getApplicationInterface(appInterfaceId);
-            List<String> entityIds = 
applicationInterfaceDescription.getApplicationModules();
-            if (!sharingClient.userHasAccess(gatewayId, userId + "@" + 
gatewayId, entityIds.get(0),gatewayId + ":READ")) {
-                logger.error(airavataExperimentId, "User does not have access 
to application module {}.", entityIds.get(0));
-                throw new AuthorizationException("User does not have 
permission to access this resource");
-            }
+            // TODO: fix checking if the user has access to the deployment of 
this application, should check for entity type APPLICATION_DEPLOYMENT and 
permission type EXEC
+//            String userId = 
authzToken.getClaimsMap().get(Constants.USER_NAME);
+//            String appInterfaceId = experiment.getExecutionId();
+//            ApplicationInterfaceDescription applicationInterfaceDescription 
= regClient.getApplicationInterface(appInterfaceId);
+//            List<String> entityIds = 
applicationInterfaceDescription.getApplicationModules();
+//            if (!sharingClient.userHasAccess(gatewayId, userId + "@" + 
gatewayId, entityIds.get(0),gatewayId + ":READ")) {
+//                logger.error(airavataExperimentId, "User does not have 
access to application module {}.", entityIds.get(0));
+//                throw new AuthorizationException("User does not have 
permission to access this resource");
+//            }
             if (experiment == null) {
                 logger.error(airavataExperimentId, "Error while launching 
experiment, experiment {} doesn't exist.", airavataExperimentId);
                 throw new ExperimentNotFoundException("Requested experiment id 
" + airavataExperimentId + " does not exist in the system..");

-- 
To stop receiving notification emails like this one, please contact
machris...@apache.org.

Reply via email to