From 4f157b92c8a085fffa3937adb665451f81df667e Mon Sep 17 00:00:00 2001 From: wow-such-code Date: Mon, 21 Dec 2020 14:05:37 +0100 Subject: [PATCH 1/4] fix method to determine if user is admin, add two new convenience methods --- .../openbis/openbisclient/OpenBisClient.java | 60 ++++++++++++++++++- 1 file changed, 58 insertions(+), 2 deletions(-) diff --git a/src/main/java/life/qbic/openbis/openbisclient/OpenBisClient.java b/src/main/java/life/qbic/openbis/openbisclient/OpenBisClient.java index b87ab2c..ccc9fc0 100644 --- a/src/main/java/life/qbic/openbis/openbisclient/OpenBisClient.java +++ b/src/main/java/life/qbic/openbis/openbisclient/OpenBisClient.java @@ -8,6 +8,9 @@ import static life.qbic.openbis.openbisclient.helper.OpenBisClientHelper.fetchSamplesCompletely; import ch.ethz.sis.openbis.generic.asapi.v3.IApplicationServerApi; import ch.ethz.sis.openbis.generic.asapi.v3.dto.attachment.Attachment; +import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.AuthorizationGroup; +import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.fetchoptions.AuthorizationGroupFetchOptions; +import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.search.AuthorizationGroupSearchCriteria; import ch.ethz.sis.openbis.generic.asapi.v3.dto.common.interfaces.IEntityType; import ch.ethz.sis.openbis.generic.asapi.v3.dto.common.search.SearchResult; import ch.ethz.sis.openbis.generic.asapi.v3.dto.dataset.DataSet; @@ -35,6 +38,7 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.property.fetchoptions.PropertyAssignmentFetchOptions; import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.Role; import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.RoleAssignment; +import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.RoleLevel; import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.Sample; import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.SampleType; import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.fetchoptions.SampleFetchOptions; @@ -570,12 +574,31 @@ public List getUserSpaces(String userID) { } /** - * Returns wether a user is instance admin in openBIS + * Returns whether a user is instance admin in openBIS. Checks both a user's direct role + * assignments as well as their groups' assignments * + * @param userID the user's id * @return true, if user is instance admin, false otherwise */ @Override public boolean isUserAdmin(String userID) { + Role role = Role.ADMIN; + RoleLevel level = RoleLevel.INSTANCE; + return userHasRole(userID, role, level) || usersGroupHasRole(userID, role, level); + } + + /** + * Returns whether a user with a given user Id is assigned a given role at a given role level. + * Does not check user groups of that user! + * + * @param userID the user's id + * @param role the openBIS role + * @param level the openBIS role level, denoting if the user has that role for the instance or + * just one or more spaces or projects + * @return true, if user has that role, false otherwise + */ + @Override + public boolean userHasRole(String userID, Role role, RoleLevel level) { ensureLoggedIn(); PersonSearchCriteria criteria = new PersonSearchCriteria(); criteria.withUserId().thatEquals(userID); @@ -584,7 +607,7 @@ public boolean isUserAdmin(String userID) { SearchResult res = v3.searchPersons(sessionToken, criteria, options); for (Person p : res.getObjects()) { for (RoleAssignment r : p.getRoleAssignments()) { - if (r.getRole().equals(Role.ADMIN)) { + if (r.getRole().equals(role) && r.getRoleLevel().equals(level)) { return true; } } @@ -592,6 +615,39 @@ public boolean isUserAdmin(String userID) { return false; } + /** + * Returns whether a user's user group is assigned a given role at a given role level + * + * @param userID the user's id + * @param role the openBIS role + * @param level the openBIS role level, denoting if the user and their group has that role for the + * instance or just one or more spaces or projects + * @return true, if user has that role through their user group, false otherwise + */ + @Override + public boolean usersGroupHasRole(String userID, Role role, RoleLevel level) { + ensureLoggedIn(); + AuthorizationGroupSearchCriteria criteria = new AuthorizationGroupSearchCriteria(); + AuthorizationGroupFetchOptions options = new AuthorizationGroupFetchOptions(); + options.withRoleAssignments().withAuthorizationGroup().withRoleAssignments(); + options.withUsers(); + SearchResult searchResult = + v3.searchAuthorizationGroups(sessionToken, criteria, options); + + for (AuthorizationGroup group : searchResult.getObjects()) { + for (Person person : group.getUsers()) { + if (person.getUserId().equals(userID)) { + for (RoleAssignment r : group.getRoleAssignments()) { + if (r.getRole().equals(role) && r.getRoleLevel().equals(level)) { + return true; + } + } + } + } + } + return false; + } + @Override public Project getProjectByIdentifier(String projectIdentifier) { ensureLoggedIn(); From 4d48850e854cda0934903161074ced7f8e92c3b6 Mon Sep 17 00:00:00 2001 From: wow-such-code Date: Mon, 21 Dec 2020 14:08:53 +0100 Subject: [PATCH 2/4] update interface --- .../openbis/openbisclient/IOpenBisClient.java | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/src/main/java/life/qbic/openbis/openbisclient/IOpenBisClient.java b/src/main/java/life/qbic/openbis/openbisclient/IOpenBisClient.java index d284f79..449c150 100644 --- a/src/main/java/life/qbic/openbis/openbisclient/IOpenBisClient.java +++ b/src/main/java/life/qbic/openbis/openbisclient/IOpenBisClient.java @@ -8,6 +8,8 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.experiment.ExperimentType; import ch.ethz.sis.openbis.generic.asapi.v3.dto.project.Project; import ch.ethz.sis.openbis.generic.asapi.v3.dto.property.PropertyType; +import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.Role; +import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.RoleLevel; import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.Sample; import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.SampleType; import ch.ethz.sis.openbis.generic.asapi.v3.dto.vocabulary.Vocabulary; @@ -295,12 +297,36 @@ public interface IOpenBisClient { public List getUserSpaces(String userID); /** - * Returns wether a user is instance admin in openBIS + * Returns whether a user is instance admin in openBIS. Checks both a user's direct role assignments as well as their groups' assignments * + * @param userID the user's id * @return true, if user is instance admin, false otherwise */ public boolean isUserAdmin(String userID); + /** + * Returns whether a user with a given user Id is assigned a given role at a given role level. + * Does not check user groups of that user! + * + * @param userID the user's id + * @param role the openBIS role + * @param level the openBIS role level, denoting if the user has that role for the instance or + * just one or more spaces or projects + * @return true, if user has that role, false otherwise + */ + public boolean userHasRole(String userID, Role role, RoleLevel level); + + /** + * Returns whether a user's user group is assigned a given role at a given role level + * + * @param userID the user's id + * @param role the openBIS role + * @param level the openBIS role level, denoting if the user and their group has that role for the + * instance or just one or more spaces or projects + * @return true, if user has that role through their user group, false otherwise + */ + public boolean usersGroupHasRole(String userID, Role role, RoleLevel level); + /** * Function to retrieve a project from openBIS by the identifier of the project. * From 9d17f7888ecc99157320e3d99ba05fd7c5340dcd Mon Sep 17 00:00:00 2001 From: wow-such-code Date: Mon, 21 Dec 2020 14:10:48 +0100 Subject: [PATCH 3/4] prepare hotfix version 1.5.1 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 36d94c3..bc07d89 100644 --- a/pom.xml +++ b/pom.xml @@ -10,7 +10,7 @@ openbis-client-lib jar - 1.5.0 + 1.5.1 openBIS client library From 40aa0d135556347dbbff9c5e62ac6e1e95ddc87e Mon Sep 17 00:00:00 2001 From: wow-such-code Date: Mon, 21 Dec 2020 14:26:39 +0100 Subject: [PATCH 4/4] add interface methods to mock --- .../openbis/openbisclient/OpenBisClientMock.java | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/test/java/life/qbic/openbis/openbisclient/OpenBisClientMock.java b/src/test/java/life/qbic/openbis/openbisclient/OpenBisClientMock.java index cfda029..2175b82 100644 --- a/src/test/java/life/qbic/openbis/openbisclient/OpenBisClientMock.java +++ b/src/test/java/life/qbic/openbis/openbisclient/OpenBisClientMock.java @@ -16,6 +16,8 @@ import ch.ethz.sis.openbis.generic.asapi.v3.dto.experiment.ExperimentType; import ch.ethz.sis.openbis.generic.asapi.v3.dto.project.Project; import ch.ethz.sis.openbis.generic.asapi.v3.dto.property.PropertyType; +import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.Role; +import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.RoleLevel; import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.Sample; import ch.ethz.sis.openbis.generic.asapi.v3.dto.sample.SampleType; import ch.ethz.sis.openbis.generic.asapi.v3.dto.vocabulary.Vocabulary; @@ -472,4 +474,16 @@ public List getPropertiesOfDataSetType(DataSetType type) { return OpenBisClientHelper.getPropertiesOfEntityType(type); } + @Override + public boolean userHasRole(String userID, Role role, RoleLevel level) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean usersGroupHasRole(String userID, Role role, RoleLevel level) { + // TODO Auto-generated method stub + return false; + } + }