Added DATASET_ALL claim and refactored.

0630a524 · ThanKarab · 0f4d621b · 0630a524 · 0630a524 · 0630a524
Commit 0630a524 authored 4 years ago by ThanKarab
--- a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
@@ -17,6 +17,7 @@ import eu.hbp.mip.model.galaxy.GalaxyWorkflowResult;
 import eu.hbp.mip.model.galaxy.PostWorkflowToGalaxyDtoResponse;
 import eu.hbp.mip.repositories.ExperimentRepository;
 import eu.hbp.mip.repositories.ModelRepository;
+import eu.hbp.mip.utils.ClaimUtils;
 import eu.hbp.mip.utils.HTTPUtil;
 import eu.hbp.mip.utils.UserActionLogging;
 import io.swagger.annotations.Api;
@@ -110,37 +111,39 @@ public class ExperimentApi {
        UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm", "Running the algorithm...");

        // --- Validating proper access rights on the datasets  ---
-        List<String> userRoles = Arrays.asList(authentication.getAuthorities().toString().toLowerCase()
-                .replaceAll("[\\s+\\]\\[]","").split(","));
-        UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Authorities", userRoles.toString());
-
-        // Getting the dataset from the experiment parameters
-        String experimentDatasets = null;
-        for (AlgorithmExecutionParamDTO parameter : experimentExecutionDTO.getAlgorithms().get(0).getParameters()) {
-            if (parameter.getName().equals("dataset")) {
-                experimentDatasets = parameter.getValue();
-                UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm", "Found the dataset parameter!");
-                break;
+        List<String> userClaims = Arrays.asList(authentication.getAuthorities().toString().toLowerCase()
+                .replaceAll("[\\s+\\]\\[]", "").split(","));
+        UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "User Claims", userClaims.toString());
+
+        // Don't check for dataset claims if "super" claim exists allowing everything
+        if (!userClaims.contains(ClaimUtils.allDatasetsAllowedClaim())) {
+            // Getting the dataset from the experiment parameters
+            String experimentDatasets = null;
+            for (AlgorithmExecutionParamDTO parameter : experimentExecutionDTO.getAlgorithms().get(0).getParameters()) {
+                if (parameter.getName().equals("dataset")) {
+                    experimentDatasets = parameter.getValue();
+                    UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm", "Found the dataset parameter!");
+                    break;
+                }
            }
-        }
-
-        if (experimentDatasets == null || experimentDatasets.equals("")) {
-            UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
-                    "A dataset should be specified when running an algorithm.");
-            return ResponseEntity.badRequest().body("A dataset should be specified when running an algorithm.");
-        }

-        for (String dataset : experimentDatasets.split(",")) {
-            String datasetRole = "role_" + dataset;
-            if (!userRoles.contains(datasetRole.toLowerCase())) {
+            if (experimentDatasets == null || experimentDatasets.equals("")) {
                UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
-                        "You are not allowed to use dataset: " + dataset);
-                return ResponseEntity.status(403).body("You are not allowed to use dataset: " + dataset);
+                        "A dataset should be specified when running an algorithm.");
+                return ResponseEntity.badRequest().body("A dataset should be specified when running an algorithm.");
            }
-        }
-        UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
-                "User is authorized to use the datasets: " + experimentDatasets);

+            for (String dataset : experimentDatasets.split(",")) {
+                String datasetRole = ClaimUtils.getDatasetClaim(dataset);
+                if (!userClaims.contains(datasetRole.toLowerCase())) {
+                    UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
+                            "You are not allowed to use dataset: " + dataset);
+                    return ResponseEntity.status(HttpStatus.FORBIDDEN).body("You are not allowed to use dataset: " + dataset);
+                }
+            }
+            UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
+                    "User is authorized to use the datasets: " + experimentDatasets);
+        }

        // --- Run the experiment ---


--- a/src/main/java/eu/hbp/mip/controllers/PathologiesApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/PathologiesApi.java
@@ -9,6 +9,7 @@ import com.google.gson.reflect.TypeToken;
 import eu.hbp.mip.model.PathologyDTO;
 import eu.hbp.mip.model.PathologyDTO.PathologyDatasetDTO;
 import eu.hbp.mip.model.UserInfo;
+import eu.hbp.mip.utils.ClaimUtils;
 import eu.hbp.mip.utils.CustomResourceLoader;
 import eu.hbp.mip.utils.UserActionLogging;
 import io.swagger.annotations.Api;
@@ -47,27 +48,30 @@ public class PathologiesApi {
    public ResponseEntity<String> getPathologies(Authentication authentication) {
        UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Load all the pathologies", "");

+        // Load pathologies from file
        Resource resource = resourceLoader.getResource("file:/opt/portal/api/pathologies.json");
        List<PathologyDTO> allPathologies;
        try {
            allPathologies = gson.fromJson(convertInputStreamToString(resource.getInputStream()), new TypeToken<List<PathologyDTO>>() {
            }.getType());
        } catch (IOException e) {
-            return ResponseEntity.badRequest().body("{\"error\" : \"The pathologies.json file could not be read.\"}");
+            return ResponseEntity.badRequest().body("The pathologies.json file could not be read.");
        }

        // --- Providing only the allowed pathologies/datasets to the user  ---
        UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
                "Load all the pathologies", "Filter out the unauthorised datasets.");

-        List<String> userRoles = Arrays.asList(authentication.getAuthorities().toString().toLowerCase()
-                .replaceAll("[\\s+\\]\\[]","").split(","));
+        List<String> userClaims = Arrays.asList(authentication.getAuthorities().toString().toLowerCase()
+                .replaceAll("[\\s+\\]\\[]", "").split(","));

        UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
-                "Load all the pathologies", "Authorities : " + authentication.getAuthorities().toString());
+                "Load all the pathologies", "User Claims: " + userClaims);

-        UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
-                "Load all the pathologies", "Authorities: " + userRoles);
+        // If the "dataset_all" claim exists then return everything
+        if (userClaims.contains(ClaimUtils.allDatasetsAllowedClaim())) {
+            return ResponseEntity.ok().body(gson.toJson(allPathologies));
+        }

        List<PathologyDTO> userPathologies = new ArrayList<>();
        for (PathologyDTO curPathology : allPathologies) {
@@ -76,17 +80,14 @@ public class PathologiesApi {

            List<PathologyDatasetDTO> userPathologyDatasets = new ArrayList<PathologyDatasetDTO>();
            for (PathologyDatasetDTO dataset : curPathology.getDatasets()) {
-                if(userRoles.contains("role_" + dataset.getCode())){
+                if (userClaims.contains(ClaimUtils.getDatasetClaim(dataset.getCode()))) {
                    userPathologyDatasets.add(dataset);
                }
            }

-            UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
-                    "Load all the pathologies", "User Pathologies size: " + userPathologyDatasets.size());
-
-            if(userPathologyDatasets.size() > 0){
-                UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
-                        "Load all the pathologies", "Added the pathology");
+            if (userPathologyDatasets.size() > 0) {
+                UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Load all the pathologies",
+                        "Added pathology '" + curPathology.getLabel() + " with datasets: '" + userPathologyDatasets + "'");

                PathologyDTO userPathology = new PathologyDTO();
                userPathology.setCode(curPathology.getCode());

--- a/src/main/java/eu/hbp/mip/utils/ClaimUtils.java
+++ b/src/main/java/eu/hbp/mip/utils/ClaimUtils.java
+package eu.hbp.mip.utils;
+
+public class ClaimUtils {
+    public static String allDatasetsAllowedClaim(){
+        return "dataset_all";
+    }
+
+    public static String getDatasetClaim(String datasetCode){
+        return "dataset_" + datasetCode;
+    }
+}
--- a/src/main/java/eu/hbp/mip/utils/JSONUtil.java
+++ b/src/main/java/eu/hbp/mip/utils/JSONUtil.java
-package eu.hbp.mip.utils;
-
-import com.google.gson.JsonParseException;
-import com.google.gson.JsonParser;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Created by mirco on 01.07.16.
- */
-public class JSONUtil {
-
-    private static final Logger LOGGER = LoggerFactory.getLogger(JSONUtil.class);
-
-    private JSONUtil() {
-        /* Hide implicit public constructor */
-        throw new IllegalAccessError("JSONUtil class");
-    }
-
-    public static boolean isJSONValid(String test) {
-        try {
-            new JsonParser().parse(test);
-        } catch (JsonParseException jpe)
-        {
-            LOGGER.trace("Cannot parse to json", jpe); // This is the normal behavior when the input string is not JSON-ified
-            return false;
-        }
-        return true;
-    }
-
-}