This is an automated email from the ASF dual-hosted git repository. machristie pushed a commit to branch group-based-auth in repository https://gitbox.apache.org/repos/asf/airavata.git
commit b99f51636f691c0016aad3198d007395c0fe3016 Author: Marcus Christie <machris...@apache.org> AuthorDate: Fri Feb 23 01:19:54 2018 -0500 Fix construction of userId from AuthzToken --- .../handlers/GroupManagerServiceHandler.java | 67 ++++++++++++---------- 1 file changed, 37 insertions(+), 30 deletions(-) diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/GroupManagerServiceHandler.java b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/GroupManagerServiceHandler.java index aeca014..101c3df 100644 --- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/GroupManagerServiceHandler.java +++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/GroupManagerServiceHandler.java @@ -44,10 +44,9 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { sharingUserGroup.setDescription(groupModel.getDescription()); sharingUserGroup.setGroupType(GroupType.USER_LEVEL_GROUP); sharingUserGroup.setGroupCardinality(GroupCardinality.MULTI_USER); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + String gatewayId = getDomainId(authzToken); sharingUserGroup.setDomainId(gatewayId); - String username = authzToken.getClaimsMap().get(Constants.USER_NAME); - sharingUserGroup.setOwnerId(username + "@" + gatewayId); + sharingUserGroup.setOwnerId(getUserId(authzToken)); String groupId = sharingClient.createGroup(sharingUserGroup); sharingClient.addUsersToGroup(gatewayId, groupModel.getMembers(), groupId); @@ -74,7 +73,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { sharingUserGroup.setName(groupModel.getName()); sharingUserGroup.setDescription(groupModel.getDescription()); sharingUserGroup.setGroupType(GroupType.USER_LEVEL_GROUP); - sharingUserGroup.setDomainId(authzToken.getClaimsMap().get(Constants.GATEWAY_ID)); + sharingUserGroup.setDomainId(getDomainId(authzToken)); //adding and removal of users should be handle separately sharingClient.updateGroup(sharingUserGroup); @@ -96,7 +95,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { //TODO Validations for authorization (user must be owner or admin) SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient(); - sharingClient.deleteGroup(authzToken.getClaimsMap().get(Constants.GATEWAY_ID), groupId); + sharingClient.deleteGroup(getDomainId(authzToken), groupId); return true; } catch (Exception e) { @@ -113,7 +112,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { public GroupModel getGroup(AuthzToken authzToken, String groupId) throws GroupManagerServiceException, AuthorizationException, TException { try { SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient(); - final String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + final String domainId = getDomainId(authzToken); UserGroup userGroup = sharingClient.getGroup(domainId, groupId); GroupModel groupModel = convertToGroupModel(userGroup, sharingClient); @@ -132,7 +131,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { @Override @SecurityCheck public List<GroupModel> getGroups(AuthzToken authzToken) throws GroupManagerServiceException, AuthorizationException, TException { - final String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + final String domainId = getDomainId(authzToken); SharingRegistryService.Client sharingClient = null; try { sharingClient = getSharingRegistryServiceClient(); @@ -157,7 +156,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { try { SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient(); List<GroupModel> groupModels = new ArrayList<GroupModel>(); - final String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + final String domainId = getDomainId(authzToken); List<UserGroup> userGroups = sharingClient.getAllMemberGroupsForUser(domainId, userName); return convertToGroupModels(userGroups, sharingClient); @@ -175,10 +174,10 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { public boolean addUsersToGroup(AuthzToken authzToken, List<String> userIds, String groupId) throws GroupManagerServiceException, AuthorizationException, TException { try { SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient(); - String username = authzToken.getClaimsMap().get(Constants.USER_NAME); - String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - if (!(sharingClient.hasOwnerAccess(domainId, groupId, username) - || sharingClient.hasAdminAccess(domainId, groupId, username))) { + String userId = getUserId(authzToken); + String domainId = getDomainId(authzToken); + if (!(sharingClient.hasOwnerAccess(domainId, groupId, userId) + || sharingClient.hasAdminAccess(domainId, groupId, userId))) { throw new GroupManagerServiceException("User does not have access to add users to the group"); } return sharingClient.addUsersToGroup(domainId, userIds, groupId); @@ -196,10 +195,10 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { public boolean removeUsersFromGroup(AuthzToken authzToken, List<String> userIds, String groupId) throws GroupManagerServiceException, AuthorizationException, TException { try { SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient(); - String username = authzToken.getClaimsMap().get(Constants.USER_NAME); - String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - if (!(sharingClient.hasOwnerAccess(domainId, groupId, username) - || sharingClient.hasAdminAccess(domainId, groupId, username))) { + String userId = getUserId(authzToken); + String domainId = getDomainId(authzToken); + if (!(sharingClient.hasOwnerAccess(domainId, groupId, userId) + || sharingClient.hasAdminAccess(domainId, groupId, userId))) { throw new GroupManagerServiceException("User does not have access to remove users to the group"); } return sharingClient.removeUsersFromGroup(domainId, userIds, groupId); @@ -217,12 +216,12 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { public boolean transferGroupOwnership(AuthzToken authzToken, String groupId, String newOwnerId) throws GroupManagerServiceException, AuthorizationException, TException { try{ SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient(); - String username = authzToken.getClaimsMap().get(Constants.USER_NAME); - String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - if (!(sharingClient.hasOwnerAccess(domainId, groupId, username))) { + String userId = getUserId(authzToken); + String domainId = getDomainId(authzToken); + if (!(sharingClient.hasOwnerAccess(domainId, groupId, userId))) { throw new GroupManagerServiceException("User does not have Owner permission to transfer group ownership"); } - return sharingClient.transferGroupOwnership(authzToken.getClaimsMap().get(Constants.GATEWAY_ID), groupId, newOwnerId); + return sharingClient.transferGroupOwnership(getDomainId(authzToken), groupId, newOwnerId); } catch (Exception e) { String msg = "Error Transferring Group Ownership"; @@ -239,12 +238,12 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { public boolean addGroupAdmins(AuthzToken authzToken, String groupId, List<String> adminIds) throws GroupManagerServiceException, AuthorizationException, TException { try { SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient(); - String username = authzToken.getClaimsMap().get(Constants.USER_NAME); - String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - if (!(sharingClient.hasOwnerAccess(domainId, groupId, username))) { + String userId = getUserId(authzToken); + String domainId = getDomainId(authzToken); + if (!(sharingClient.hasOwnerAccess(domainId, groupId, userId))) { throw new GroupManagerServiceException("User does not have Owner permission to add group admins"); } - return sharingClient.addGroupAdmins(authzToken.getClaimsMap().get(Constants.GATEWAY_ID), groupId, adminIds); + return sharingClient.addGroupAdmins(getDomainId(authzToken), groupId, adminIds); } catch (Exception e) { String msg = "Error Adding Admins to Group. Group ID: " + groupId; @@ -260,12 +259,12 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { public boolean removeGroupAdmins(AuthzToken authzToken, String groupId, List<String> adminIds) throws GroupManagerServiceException, AuthorizationException, TException { try { SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient(); - String username = authzToken.getClaimsMap().get(Constants.USER_NAME); - String domainId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - if (!(sharingClient.hasOwnerAccess(domainId, groupId, username))) { + String userId = getUserId(authzToken); + String domainId = getDomainId(authzToken); + if (!(sharingClient.hasOwnerAccess(domainId, groupId, userId))) { throw new GroupManagerServiceException("User does not have Owner permission to remove group admins"); } - return sharingClient.removeGroupAdmins(authzToken.getClaimsMap().get(Constants.GATEWAY_ID), groupId, adminIds); + return sharingClient.removeGroupAdmins(getDomainId(authzToken), groupId, adminIds); } catch (Exception e) { String msg = "Error Removing Admins from the Group. Group ID: " + groupId; @@ -281,7 +280,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { public boolean hasAdminAccess(AuthzToken authzToken, String groupId, String adminId) throws GroupManagerServiceException, AuthorizationException, TException { try { SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient(); - return sharingClient.hasAdminAccess(authzToken.getClaimsMap().get(Constants.GATEWAY_ID), groupId, adminId); + return sharingClient.hasAdminAccess(getDomainId(authzToken), groupId, adminId); } catch (Exception e) { String msg = "Error Checking Admin Access for the Group. Group ID: " + groupId + " Admin ID: " + adminId; @@ -297,7 +296,7 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { public boolean hasOwnerAccess(AuthzToken authzToken, String groupId, String ownerId) throws GroupManagerServiceException, AuthorizationException, TException { try { SharingRegistryService.Client sharingClient = getSharingRegistryServiceClient(); - return sharingClient.hasOwnerAccess(authzToken.getClaimsMap().get(Constants.GATEWAY_ID), groupId, ownerId); + return sharingClient.hasOwnerAccess(getDomainId(authzToken), groupId, ownerId); } catch (Exception e) { String msg = "Error Checking Owner Access for the Group. Group ID: " + groupId + " Owner ID: " + ownerId; @@ -319,6 +318,14 @@ public class GroupManagerServiceHandler implements GroupManagerService.Iface { } } + private String getDomainId(AuthzToken authzToken) { + return authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + } + + private String getUserId(AuthzToken authzToken) { + return authzToken.getClaimsMap().get(Constants.USER_NAME) + "@" + getDomainId(authzToken); + } + private List<GroupModel> convertToGroupModels(List<UserGroup> userGroups, SharingRegistryService.Client sharingClient) throws TException { List<GroupModel> groupModels = new ArrayList<>(); -- To stop receiving notification emails like this one, please contact machris...@apache.org.