diff --git a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
index f8ca92efb7becf8d4826e3789829ae6bba5aaef8..0c027d4978eab28fdd61633a8b68c320598c50ec 100644
--- a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
@@ -17,6 +17,7 @@ import eu.hbp.mip.model.galaxy.GalaxyWorkflowResult;
import eu.hbp.mip.model.galaxy.PostWorkflowToGalaxyDtoResponse;
import eu.hbp.mip.repositories.ExperimentRepository;
import eu.hbp.mip.repositories.ModelRepository;
+import eu.hbp.mip.utils.ClaimUtils;
import eu.hbp.mip.utils.HTTPUtil;
import eu.hbp.mip.utils.UserActionLogging;
import io.swagger.annotations.Api;
@@ -110,37 +111,39 @@ public class ExperimentApi {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm", "Running the algorithm...");
// --- Validating proper access rights on the datasets ---
- List<String> userRoles = Arrays.asList(authentication.getAuthorities().toString().toLowerCase()
- .replaceAll("[\\s+\\]\\[]","").split(","));
- UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Authorities", userRoles.toString());
-
- // Getting the dataset from the experiment parameters
- String experimentDatasets = null;
- for (AlgorithmExecutionParamDTO parameter : experimentExecutionDTO.getAlgorithms().get(0).getParameters()) {
- if (parameter.getName().equals("dataset")) {
- experimentDatasets = parameter.getValue();
- UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm", "Found the dataset parameter!");
- break;
+ List<String> userClaims = Arrays.asList(authentication.getAuthorities().toString().toLowerCase()
+ .replaceAll("[\\s+\\]\\[]", "").split(","));
+ UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "User Claims", userClaims.toString());
+
+ // Don't check for dataset claims if "super" claim exists allowing everything
+ if (!userClaims.contains(ClaimUtils.allDatasetsAllowedClaim())) {
+ // Getting the dataset from the experiment parameters
+ String experimentDatasets = null;
+ for (AlgorithmExecutionParamDTO parameter : experimentExecutionDTO.getAlgorithms().get(0).getParameters()) {
+ if (parameter.getName().equals("dataset")) {
+ experimentDatasets = parameter.getValue();
+ UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm", "Found the dataset parameter!");
+ break;
+ }
}
- }
-
- if (experimentDatasets == null || experimentDatasets.equals("")) {
- UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
- "A dataset should be specified when running an algorithm.");
- return ResponseEntity.badRequest().body("A dataset should be specified when running an algorithm.");
- }
- for (String dataset : experimentDatasets.split(",")) {
- String datasetRole = "role_" + dataset;
- if (!userRoles.contains(datasetRole.toLowerCase())) {
+ if (experimentDatasets == null || experimentDatasets.equals("")) {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
- "You are not allowed to use dataset: " + dataset);
- return ResponseEntity.status(403).body("You are not allowed to use dataset: " + dataset);
+ "A dataset should be specified when running an algorithm.");
+ return ResponseEntity.badRequest().body("A dataset should be specified when running an algorithm.");
}
- }
- UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
- "User is authorized to use the datasets: " + experimentDatasets);
+ for (String dataset : experimentDatasets.split(",")) {
+ String datasetRole = ClaimUtils.getDatasetClaim(dataset);
+ if (!userClaims.contains(datasetRole.toLowerCase())) {
+ UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
+ "You are not allowed to use dataset: " + dataset);
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).body("You are not allowed to use dataset: " + dataset);
+ }
+ }
+ UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
+ "User is authorized to use the datasets: " + experimentDatasets);
+ }
// --- Run the experiment ---
diff --git a/src/main/java/eu/hbp/mip/controllers/PathologiesApi.java b/src/main/java/eu/hbp/mip/controllers/PathologiesApi.java
index 48e2a0fa17e251f2e0f9141399fac5666b03128b..d2163e5814b09a2ff4c41a882f5fe79bf33fb411 100644
--- a/src/main/java/eu/hbp/mip/controllers/PathologiesApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/PathologiesApi.java
@@ -9,6 +9,7 @@ import com.google.gson.reflect.TypeToken;
import eu.hbp.mip.model.PathologyDTO;
import eu.hbp.mip.model.PathologyDTO.PathologyDatasetDTO;
import eu.hbp.mip.model.UserInfo;
+import eu.hbp.mip.utils.ClaimUtils;
import eu.hbp.mip.utils.CustomResourceLoader;
import eu.hbp.mip.utils.UserActionLogging;
import io.swagger.annotations.Api;
@@ -47,27 +48,30 @@ public class PathologiesApi {
public ResponseEntity<String> getPathologies(Authentication authentication) {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Load all the pathologies", "");
+ // Load pathologies from file
Resource resource = resourceLoader.getResource("file:/opt/portal/api/pathologies.json");
List<PathologyDTO> allPathologies;
try {
allPathologies = gson.fromJson(convertInputStreamToString(resource.getInputStream()), new TypeToken<List<PathologyDTO>>() {
}.getType());
} catch (IOException e) {
- return ResponseEntity.badRequest().body("{\"error\" : \"The pathologies.json file could not be read.\"}");
+ return ResponseEntity.badRequest().body("The pathologies.json file could not be read.");
}
// --- Providing only the allowed pathologies/datasets to the user ---
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
"Load all the pathologies", "Filter out the unauthorised datasets.");
- List<String> userRoles = Arrays.asList(authentication.getAuthorities().toString().toLowerCase()
- .replaceAll("[\\s+\\]\\[]","").split(","));
+ List<String> userClaims = Arrays.asList(authentication.getAuthorities().toString().toLowerCase()
+ .replaceAll("[\\s+\\]\\[]", "").split(","));
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
- "Load all the pathologies", "Authorities : " + authentication.getAuthorities().toString());
+ "Load all the pathologies", "User Claims: " + userClaims);
- UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
- "Load all the pathologies", "Authorities: " + userRoles);
+ // If the "dataset_all" claim exists then return everything
+ if (userClaims.contains(ClaimUtils.allDatasetsAllowedClaim())) {
+ return ResponseEntity.ok().body(gson.toJson(allPathologies));
+ }
List<PathologyDTO> userPathologies = new ArrayList<>();
for (PathologyDTO curPathology : allPathologies) {
@@ -76,17 +80,14 @@ public class PathologiesApi {
List<PathologyDatasetDTO> userPathologyDatasets = new ArrayList<PathologyDatasetDTO>();
for (PathologyDatasetDTO dataset : curPathology.getDatasets()) {
- if(userRoles.contains("role_" + dataset.getCode())){
+ if (userClaims.contains(ClaimUtils.getDatasetClaim(dataset.getCode()))) {
userPathologyDatasets.add(dataset);
}
}
- UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
- "Load all the pathologies", "User Pathologies size: " + userPathologyDatasets.size());
-
- if(userPathologyDatasets.size() > 0){
- UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
- "Load all the pathologies", "Added the pathology");
+ if (userPathologyDatasets.size() > 0) {
+ UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Load all the pathologies",
+ "Added pathology '" + curPathology.getLabel() + " with datasets: '" + userPathologyDatasets + "'");
PathologyDTO userPathology = new PathologyDTO();
userPathology.setCode(curPathology.getCode());
diff --git a/src/main/java/eu/hbp/mip/utils/ClaimUtils.java b/src/main/java/eu/hbp/mip/utils/ClaimUtils.java
new file mode 100644
index 0000000000000000000000000000000000000000..f9bd98b5886df396f233e95655f3e6240ac63b47
--- /dev/null
+++ b/src/main/java/eu/hbp/mip/utils/ClaimUtils.java
@@ -0,0 +1,11 @@
+package eu.hbp.mip.utils;
+
+public class ClaimUtils {
+ public static String allDatasetsAllowedClaim(){
+ return "dataset_all";
+ }
+
+ public static String getDatasetClaim(String datasetCode){
+ return "dataset_" + datasetCode;
+ }
+}
diff --git a/src/main/java/eu/hbp/mip/utils/JSONUtil.java b/src/main/java/eu/hbp/mip/utils/JSONUtil.java
deleted file mode 100644
index 5822a44053790772138f53a6e388bbfd4e6d888a..0000000000000000000000000000000000000000
--- a/src/main/java/eu/hbp/mip/utils/JSONUtil.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package eu.hbp.mip.utils;
-
-import com.google.gson.JsonParseException;
-import com.google.gson.JsonParser;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Created by mirco on 01.07.16.
- */
-public class JSONUtil {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(JSONUtil.class);
-
- private JSONUtil() {
- /* Hide implicit public constructor */
- throw new IllegalAccessError("JSONUtil class");
- }
-
- public static boolean isJSONValid(String test) {
- try {
- new JsonParser().parse(test);
- } catch (JsonParseException jpe)
- {
- LOGGER.trace("Cannot parse to json", jpe); // This is the normal behavior when the input string is not JSON-ified
- return false;
- }
- return true;
- }
-
-}