Skip to content
Snippets Groups Projects
Commit 0aa25601 authored by ThanKarab's avatar ThanKarab
Browse files

Dataset level authentication switched through ENV variable.

parent db2b17f4
No related branches found
No related tags found
1 merge request!9Dev dataset authorization
Hide whitespace changes
Inline Side-by-side
src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
+ 34
28
View file @ 0aa25601
......@@ -73,6 +73,10 @@ public class ExperimentApi {
@Value("#{'${services.galaxy.galaxyApiKey}'}")
private String galaxyApiKey;
// Enable HBP collab authentication (1) or disable it (0). Default is 1
@Value("#{'${hbp.authentication.enabled:1}'}")
private boolean authenticationIsEnabled;
@Autowired
private ModelRepository modelRepository;
......@@ -110,39 +114,41 @@ public class ExperimentApi {
public ResponseEntity<String> runExperiment(Authentication authentication, @RequestBody ExperimentExecutionDTO experimentExecutionDTO) {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm", "Running the algorithm...");
// --- Validating proper access rights on the datasets ---
List<String> userClaims = Arrays.asList(authentication.getAuthorities().toString().toLowerCase()
.replaceAll("[\\s+\\]\\[]", "").split(","));
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "User Claims", userClaims.toString());
// Don't check for dataset claims if "super" claim exists allowing everything
if (!userClaims.contains(ClaimUtils.allDatasetsAllowedClaim())) {
// Getting the dataset from the experiment parameters
String experimentDatasets = null;
for (AlgorithmExecutionParamDTO parameter : experimentExecutionDTO.getAlgorithms().get(0).getParameters()) {
if (parameter.getName().equals("dataset")) {
experimentDatasets = parameter.getValue();
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm", "Found the dataset parameter!");
break;
if(authenticationIsEnabled) {
// --- Validating proper access rights on the datasets ---
List<String> userClaims = Arrays.asList(authentication.getAuthorities().toString().toLowerCase()
.replaceAll("[\\s+\\]\\[]", "").split(","));
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "User Claims", userClaims.toString());
// Don't check for dataset claims if "super" claim exists allowing everything
if (!userClaims.contains(ClaimUtils.allDatasetsAllowedClaim())) {
// Getting the dataset from the experiment parameters
String experimentDatasets = null;
for (AlgorithmExecutionParamDTO parameter : experimentExecutionDTO.getAlgorithms().get(0).getParameters()) {
if (parameter.getName().equals("dataset")) {
experimentDatasets = parameter.getValue();
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm", "Found the dataset parameter!");
break;
}
}
}
if (experimentDatasets == null || experimentDatasets.equals("")) {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
"A dataset should be specified when running an algorithm.");
return ResponseEntity.badRequest().body("A dataset should be specified when running an algorithm.");
}
for (String dataset : experimentDatasets.split(",")) {
String datasetRole = ClaimUtils.getDatasetClaim(dataset);
if (!userClaims.contains(datasetRole.toLowerCase())) {
if (experimentDatasets == null || experimentDatasets.equals("")) {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
"You are not allowed to use dataset: " + dataset);
return ResponseEntity.status(HttpStatus.FORBIDDEN).body("You are not allowed to use dataset: " + dataset);
"A dataset should be specified when running an algorithm.");
return ResponseEntity.badRequest().body("A dataset should be specified when running an algorithm.");
}
for (String dataset : experimentDatasets.split(",")) {
String datasetRole = ClaimUtils.getDatasetClaim(dataset);
if (!userClaims.contains(datasetRole.toLowerCase())) {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
"You are not allowed to use dataset: " + dataset);
return ResponseEntity.status(HttpStatus.FORBIDDEN).body("You are not allowed to use dataset: " + dataset);
}
}
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
"User is authorized to use the datasets: " + experimentDatasets);
}
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
"User is authorized to use the datasets: " + experimentDatasets);
}
// --- Run the experiment ---
......
src/main/java/eu/hbp/mip/controllers/PathologiesApi.java
+ 10
0
View file @ 0aa25601
......@@ -14,6 +14,7 @@ import eu.hbp.mip.utils.CustomResourceLoader;
import eu.hbp.mip.utils.UserActionLogging;
import io.swagger.annotations.Api;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.io.Resource;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
......@@ -41,6 +42,10 @@ public class PathologiesApi {
@Autowired
private UserInfo userInfo;
// Enable HBP collab authentication (1) or disable it (0). Default is 1
@Value("#{'${hbp.authentication.enabled:1}'}")
private boolean authenticationIsEnabled;
@Autowired
private CustomResourceLoader resourceLoader;
......@@ -58,6 +63,11 @@ public class PathologiesApi {
return ResponseEntity.badRequest().body("The pathologies.json file could not be read.");
}
// If authentication is disabled return everything
if (!authenticationIsEnabled) {
return ResponseEntity.ok().body(gson.toJson(allPathologies));
}
// --- Providing only the allowed pathologies/datasets to the user ---
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
"Load all the pathologies", "Filter out the unauthorised datasets.");
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment