Skip to content
Snippets Groups Projects
Commit 776fdc07 authored by ThanKarab's avatar ThanKarab
Browse files

User specific pathologies.json based on roles.

parent d233f477
No related branches found
No related tags found
1 merge request!9Dev dataset authorization
Hide whitespace changes
Inline Side-by-side
src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
+ 3
3
View file @ 776fdc07
......@@ -110,8 +110,8 @@ public class ExperimentApi {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm", "Running the algorithm...");
// --- Validating proper access rights on the datasets ---
String allowedDatasets = authentication.getAuthorities().toString();
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Authorities", allowedDatasets.toString());
String userRoles = authentication.getAuthorities().toString();
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Authorities", userRoles);
// Getting the dataset from the experiment parameters
String experimentDatasets = null;
......@@ -131,7 +131,7 @@ public class ExperimentApi {
for (String dataset : experimentDatasets.split(",")) {
String datasetRole = "role_" + dataset;
if (!allowedDatasets.toLowerCase().contains(datasetRole.toLowerCase())) {
if (!userRoles.toLowerCase().contains(datasetRole.toLowerCase())) {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
"You are not allowed to use dataset: " + dataset);
return ResponseEntity.status(403).body("You are not allowed to use dataset: " + dataset);
......
src/main/java/eu/hbp/mip/controllers/PathologiesApi.java
+ 64
16
View file @ 776fdc07
......@@ -4,13 +4,18 @@
package eu.hbp.mip.controllers;
import com.fasterxml.jackson.core.type.TypeReference;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import eu.hbp.mip.model.PathologyDTO;
import eu.hbp.mip.model.PathologyDTO.PathologyDatasetDTO;
import eu.hbp.mip.model.UserInfo;
import eu.hbp.mip.utils.CustomResourceLoader;
import eu.hbp.mip.utils.UserActionLogging;
import io.swagger.annotations.Api;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
......@@ -19,7 +24,9 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import eu.hbp.mip.utils.UserActionLogging;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
......@@ -28,28 +35,69 @@ import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
@Api(value = "/pathologies")
public class PathologiesApi {
private static final Gson gson = new Gson();
@Autowired
private UserInfo userInfo;
@RequestMapping(name = "/pathologies", method = RequestMethod.GET)
public String getPathologies() {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "load the pathologies", "");
return loadPathologies();
}
@Autowired
private CustomResourceLoader resourceLoader;
private String loadPathologies() {
Resource resource = resourceLoader.getResource("file:/opt/portal/api/pathologies.json");
String result;
@RequestMapping(name = "/pathologies", method = RequestMethod.GET)
public ResponseEntity<String> getPathologies(Authentication authentication) {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Load all the pathologies", "");
Resource resource = resourceLoader.getResource("file:/opt/portal/api/pathologies.json");
List<PathologyDTO> allPathologies;
try {
result = convertInputStreamToString(resource.getInputStream());
allPathologies = gson.fromJson(convertInputStreamToString(resource.getInputStream()), new TypeToken<List<PathologyDTO>>() {
}.getType());
} catch (IOException e) {
result = "{\"error\" : \"The pathologies.json file could not be read.\"}";
return ResponseEntity.badRequest().body("{\"error\" : \"The pathologies.json file could not be read.\"}");
}
return result;
// --- Providing only the allowed pathologies/datasets to the user ---
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
"Load all the pathologies", "Filter out the unauthorised datasets.");
List<String> userRoles = Arrays.asList(authentication.getAuthorities().toString().toLowerCase()
.replaceAll("[\\s+\\]\\[]","").split(","));
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
"Load all the pathologies", "Authorities : " + authentication.getAuthorities().toString());
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
"Load all the pathologies", "Authorities: " + userRoles);
List<PathologyDTO> userPathologies = new ArrayList<>();
for (PathologyDTO curPathology : allPathologies) {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
"Load all the pathologies", "Pathology: " + curPathology);
List<PathologyDatasetDTO> userPathologyDatasets = new ArrayList<PathologyDatasetDTO>();
for (PathologyDatasetDTO dataset : curPathology.getDatasets()) {
if(userRoles.contains("role_" + dataset.getCode())){
userPathologyDatasets.add(dataset);
}
}
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
"Load all the pathologies", "User Pathologies size: " + userPathologyDatasets.size());
if(userPathologyDatasets.size() > 0){
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
"Load all the pathologies", "Added the pathology");
PathologyDTO userPathology = new PathologyDTO();
userPathology.setCode(curPathology.getCode());
userPathology.setLabel(curPathology.getLabel());
userPathology.setMetadataHierarchy(curPathology.getMetadataHierarchy());
userPathology.setDatasets(userPathologyDatasets);
userPathologies.add(userPathology);
}
}
return ResponseEntity.ok().body(gson.toJson(userPathologies));
}
// Pure Java
......
src/main/java/eu/hbp/mip/model/PathologyDTO.java 0 → 100644
+ 77
0
View file @ 776fdc07
package eu.hbp.mip.model;
import com.google.gson.annotations.SerializedName;
import java.util.List;
public class PathologyDTO {
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
public String getLabel() {
return label;
}
public void setLabel(String label) {
this.label = label;
}
public Object getMetadataHierarchy() {
return metadataHierarchy;
}
public void setMetadataHierarchy(Object metadataHierarchy) {
this.metadataHierarchy = metadataHierarchy;
}
public List<PathologyDatasetDTO> getDatasets() {
return datasets;
}
public void setDatasets(List<PathologyDatasetDTO> datasets) {
this.datasets = datasets;
}
@SerializedName("code")
private String code;
@SerializedName("label")
private String label;
@SerializedName("metadataHierarchy")
private Object metadataHierarchy;
@SerializedName("datasets")
private List<PathologyDatasetDTO> datasets;
public static class PathologyDatasetDTO {
@SerializedName("code")
private String code;
@SerializedName("label")
private String label;
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
public String getLabel() {
return label;
}
public void setLabel(String label) {
this.label = label;
}
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment