[airavata] 01/02: AIRAVATA-2834 Adds getAllAccessibleGroups API method

Tue, 19 Jun 2018 09:52:41 -0700 

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git

commit d4e0007c65d4f2ede65b53ff79a1a7c276c0a67c
Author: Marcus Christie <[email protected]>
AuthorDate: Tue Jun 19 12:46:47 2018 -0400

    AIRAVATA-2834 Adds getAllAccessibleGroups API method
---
 .../api/server/handler/AiravataServerHandler.java  | 31 ++++++++++++++++++++++
 .../airavata-apis/airavata_api.thrift              |  7 +++++
 2 files changed, 38 insertions(+)

diff --git 
a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
 
b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
index cb26637..4117ef7 100644
--- 
a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
+++ 
b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
@@ -5190,6 +5190,37 @@ public class AiravataServerHandler implements 
Airavata.Iface {
 
     @Override
     @SecurityCheck
+    public List<String> getAllAccessibleGroups(AuthzToken authzToken, String 
resourceId, ResourceType resourceType, ResourcePermissionType permissionType) 
throws InvalidRequestException, AiravataClientException, 
AiravataSystemException, AuthorizationException, TException {
+        RegistryService.Client regClient = registryClientPool.getResource();
+        SharingRegistryService.Client sharingClient = 
sharingClientPool.getResource();
+        try {
+            HashSet<String> accessibleGroups = new HashSet<>();
+            final String domainId = 
authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+            if (permissionType.equals(ResourcePermissionType.WRITE)) {
+                sharingClient.getListOfSharedGroups(domainId, resourceId, 
domainId + ":WRITE")
+                        .stream()
+                        .forEach(g -> accessibleGroups.add(g.groupId));
+            } else if (permissionType.equals(ResourcePermissionType.READ)) {
+                sharingClient.getListOfSharedGroups(domainId, resourceId, 
domainId + ":READ")
+                        .stream()
+                        .forEach(g -> accessibleGroups.add(g.groupId));
+            }
+            registryClientPool.returnResource(regClient);
+            sharingClientPool.returnResource(sharingClient);
+            return new ArrayList<>(accessibleGroups);
+        } catch (Exception e) {
+            String msg = "Error in getting all accessible groups for resource. 
Resource ID : " + resourceId + " Resource Type : " + resourceType.toString() ;
+            logger.error(msg, e);
+            AiravataSystemException exception = new 
AiravataSystemException(AiravataErrorType.INTERNAL_ERROR);
+            exception.setMessage(msg + " More info : " + e.getMessage());
+            sharingClientPool.returnBrokenResource(sharingClient);
+            registryClientPool.returnBrokenResource(regClient);
+            throw exception;
+        }
+    }
+
+    @Override
+    @SecurityCheck
     public boolean userHasAccess(AuthzToken authzToken, String resourceId, 
ResourcePermissionType permissionType) throws InvalidRequestException, 
AiravataClientException, AiravataSystemException, AuthorizationException, 
TException {
         final String domainId = 
authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
         final String userId = 
authzToken.getClaimsMap().get(Constants.USER_NAME) + "@" + domainId;
diff --git a/thrift-interface-descriptions/airavata-apis/airavata_api.thrift 
b/thrift-interface-descriptions/airavata-apis/airavata_api.thrift
index 5568b4c..3d91145 100644
--- a/thrift-interface-descriptions/airavata-apis/airavata_api.thrift
+++ b/thrift-interface-descriptions/airavata-apis/airavata_api.thrift
@@ -3538,6 +3538,13 @@ service Airavata {
                                                  3: 
airavata_errors.AiravataSystemException ase,
                                                  4: 
airavata_errors.AuthorizationException ae)
 
+ list<string> getAllAccessibleGroups(1: required security_model.AuthzToken 
authzToken, 2: required string resourceId, 3: required 
group_manager_model.ResourceType resourceType,
+                                  4: required 
group_manager_model.ResourcePermissionType permissionType)
+                throws (1: airavata_errors.InvalidRequestException ire,
+                                                 2: 
airavata_errors.AiravataClientException ace,
+                                                 3: 
airavata_errors.AiravataSystemException ase,
+                                                 4: 
airavata_errors.AuthorizationException ae)
+
  bool userHasAccess(1: required security_model.AuthzToken authzToken, 2: 
required string resourceId, 3: required 
group_manager_model.ResourcePermissionType permissionType)
                 throws (1: airavata_errors.InvalidRequestException ire,
                                                  2: 
airavata_errors.AiravataClientException ace,

Reply via email to