diff --git a/pom.xml b/pom.xml
index 36d94c3..bc07d89 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
openbis-client-lib
jar
- 1.5.0
+ 1.5.1
openBIS client library
diff --git a/src/main/java/life/qbic/openbis/openbisclient/IOpenBisClient.java b/src/main/java/life/qbic/openbis/openbisclient/IOpenBisClient.java
index d284f79..449c150 100644
--- a/src/main/java/life/qbic/openbis/openbisclient/IOpenBisClient.java
+++ b/src/main/java/life/qbic/openbis/openbisclient/IOpenBisClient.java
@@ -8,6 +8,8 @@
import ch.ethz.sis.openbis.generic.asapi.v3.dto.experiment.ExperimentType;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.project.Project;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.property.PropertyType;
+import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.Role;
+import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.RoleLevel;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.Sample;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.SampleType;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.vocabulary.Vocabulary;
@@ -295,12 +297,36 @@ public interface IOpenBisClient {
public List getUserSpaces(String userID);
/**
- * Returns wether a user is instance admin in openBIS
+ * Returns whether a user is instance admin in openBIS. Checks both a user's direct role assignments as well as their groups' assignments
*
+ * @param userID the user's id
* @return true, if user is instance admin, false otherwise
*/
public boolean isUserAdmin(String userID);
+ /**
+ * Returns whether a user with a given user Id is assigned a given role at a given role level.
+ * Does not check user groups of that user!
+ *
+ * @param userID the user's id
+ * @param role the openBIS role
+ * @param level the openBIS role level, denoting if the user has that role for the instance or
+ * just one or more spaces or projects
+ * @return true, if user has that role, false otherwise
+ */
+ public boolean userHasRole(String userID, Role role, RoleLevel level);
+
+ /**
+ * Returns whether a user's user group is assigned a given role at a given role level
+ *
+ * @param userID the user's id
+ * @param role the openBIS role
+ * @param level the openBIS role level, denoting if the user and their group has that role for the
+ * instance or just one or more spaces or projects
+ * @return true, if user has that role through their user group, false otherwise
+ */
+ public boolean usersGroupHasRole(String userID, Role role, RoleLevel level);
+
/**
* Function to retrieve a project from openBIS by the identifier of the project.
*
diff --git a/src/main/java/life/qbic/openbis/openbisclient/OpenBisClient.java b/src/main/java/life/qbic/openbis/openbisclient/OpenBisClient.java
index b87ab2c..ccc9fc0 100644
--- a/src/main/java/life/qbic/openbis/openbisclient/OpenBisClient.java
+++ b/src/main/java/life/qbic/openbis/openbisclient/OpenBisClient.java
@@ -8,6 +8,9 @@
import static life.qbic.openbis.openbisclient.helper.OpenBisClientHelper.fetchSamplesCompletely;
import ch.ethz.sis.openbis.generic.asapi.v3.IApplicationServerApi;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.attachment.Attachment;
+import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.AuthorizationGroup;
+import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.fetchoptions.AuthorizationGroupFetchOptions;
+import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.search.AuthorizationGroupSearchCriteria;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.common.interfaces.IEntityType;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.common.search.SearchResult;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.DataSet;
@@ -35,6 +38,7 @@
import ch.ethz.sis.openbis.generic.asapi.v3.dto.property.fetchoptions.PropertyAssignmentFetchOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.Role;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.RoleAssignment;
+import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.RoleLevel;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.Sample;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.SampleType;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.fetchoptions.SampleFetchOptions;
@@ -570,12 +574,31 @@ public List getUserSpaces(String userID) {
}
/**
- * Returns wether a user is instance admin in openBIS
+ * Returns whether a user is instance admin in openBIS. Checks both a user's direct role
+ * assignments as well as their groups' assignments
*
+ * @param userID the user's id
* @return true, if user is instance admin, false otherwise
*/
@Override
public boolean isUserAdmin(String userID) {
+ Role role = Role.ADMIN;
+ RoleLevel level = RoleLevel.INSTANCE;
+ return userHasRole(userID, role, level) || usersGroupHasRole(userID, role, level);
+ }
+
+ /**
+ * Returns whether a user with a given user Id is assigned a given role at a given role level.
+ * Does not check user groups of that user!
+ *
+ * @param userID the user's id
+ * @param role the openBIS role
+ * @param level the openBIS role level, denoting if the user has that role for the instance or
+ * just one or more spaces or projects
+ * @return true, if user has that role, false otherwise
+ */
+ @Override
+ public boolean userHasRole(String userID, Role role, RoleLevel level) {
ensureLoggedIn();
PersonSearchCriteria criteria = new PersonSearchCriteria();
criteria.withUserId().thatEquals(userID);
@@ -584,7 +607,7 @@ public boolean isUserAdmin(String userID) {
SearchResult res = v3.searchPersons(sessionToken, criteria, options);
for (Person p : res.getObjects()) {
for (RoleAssignment r : p.getRoleAssignments()) {
- if (r.getRole().equals(Role.ADMIN)) {
+ if (r.getRole().equals(role) && r.getRoleLevel().equals(level)) {
return true;
}
}
@@ -592,6 +615,39 @@ public boolean isUserAdmin(String userID) {
return false;
}
+ /**
+ * Returns whether a user's user group is assigned a given role at a given role level
+ *
+ * @param userID the user's id
+ * @param role the openBIS role
+ * @param level the openBIS role level, denoting if the user and their group has that role for the
+ * instance or just one or more spaces or projects
+ * @return true, if user has that role through their user group, false otherwise
+ */
+ @Override
+ public boolean usersGroupHasRole(String userID, Role role, RoleLevel level) {
+ ensureLoggedIn();
+ AuthorizationGroupSearchCriteria criteria = new AuthorizationGroupSearchCriteria();
+ AuthorizationGroupFetchOptions options = new AuthorizationGroupFetchOptions();
+ options.withRoleAssignments().withAuthorizationGroup().withRoleAssignments();
+ options.withUsers();
+ SearchResult searchResult =
+ v3.searchAuthorizationGroups(sessionToken, criteria, options);
+
+ for (AuthorizationGroup group : searchResult.getObjects()) {
+ for (Person person : group.getUsers()) {
+ if (person.getUserId().equals(userID)) {
+ for (RoleAssignment r : group.getRoleAssignments()) {
+ if (r.getRole().equals(role) && r.getRoleLevel().equals(level)) {
+ return true;
+ }
+ }
+ }
+ }
+ }
+ return false;
+ }
+
@Override
public Project getProjectByIdentifier(String projectIdentifier) {
ensureLoggedIn();
diff --git a/src/test/java/life/qbic/openbis/openbisclient/OpenBisClientMock.java b/src/test/java/life/qbic/openbis/openbisclient/OpenBisClientMock.java
index cfda029..2175b82 100644
--- a/src/test/java/life/qbic/openbis/openbisclient/OpenBisClientMock.java
+++ b/src/test/java/life/qbic/openbis/openbisclient/OpenBisClientMock.java
@@ -16,6 +16,8 @@
import ch.ethz.sis.openbis.generic.asapi.v3.dto.experiment.ExperimentType;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.project.Project;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.property.PropertyType;
+import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.Role;
+import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.RoleLevel;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.Sample;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.SampleType;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.vocabulary.Vocabulary;
@@ -472,4 +474,16 @@ public List getPropertiesOfDataSetType(DataSetType type) {
return OpenBisClientHelper.getPropertiesOfEntityType(type);
}
+ @Override
+ public boolean userHasRole(String userID, Role role, RoleLevel level) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean usersGroupHasRole(String userID, Role role, RoleLevel level) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
}