From 1670a2e18f55098e9c4cc7601934c0cd216e3588 Mon Sep 17 00:00:00 2001
From: kfilippopolitis <kostasfilippop@gmail.com>
Date: Wed, 7 Oct 2020 02:08:51 -0700
Subject: [PATCH 1/3] Updated getExperiment so an experiment can be accessed in
 two cases: 1. If it is shared to everyone 2. If it is not shared only the
 owner can access it. If none of the above is the case it will return a
 UNAUTHORIZED Http Status.

---
 src/main/java/eu/hbp/mip/controllers/ExperimentApi.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
index 0815a448a..aa57b4de1 100644
--- a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
@@ -103,6 +103,11 @@ public class ExperimentApi {
             return new ResponseEntity<>("Not found", HttpStatus.NOT_FOUND);
         }
 
+        if (!experiment.isShared() && experiment.getCreatedBy().getUsername().compareTo(userInfo.getUser().getUsername()) != 0) {
+
+            return new ResponseEntity<>("You have no access to the experiment", HttpStatus.UNAUTHORIZED);
+        }
+
         UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Get an experiment ", " uuid : " + uuid);
 
         return new ResponseEntity<>(gsonOnlyExposed.toJson(experiment.jsonify()), HttpStatus.OK);
-- 
GitLab


From 72589bcf09902f5e75efd36e5e2eefb7de0aab96 Mon Sep 17 00:00:00 2001
From: kfilippopolitis <kostasfilippop@gmail.com>
Date: Wed, 7 Oct 2020 02:10:22 -0700
Subject: [PATCH 2/3] Remove a space

---
 src/main/java/eu/hbp/mip/controllers/ExperimentApi.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
index aa57b4de1..60a66463a 100644
--- a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
@@ -104,7 +104,6 @@ public class ExperimentApi {
         }
 
         if (!experiment.isShared() && experiment.getCreatedBy().getUsername().compareTo(userInfo.getUser().getUsername()) != 0) {
-
             return new ResponseEntity<>("You have no access to the experiment", HttpStatus.UNAUTHORIZED);
         }
 
-- 
GitLab


From f3482cba68bac1352c0cd30c88953c2e9eafcfc1 Mon Sep 17 00:00:00 2001
From: kfilippopolitis <kostasfilippop@gmail.com>
Date: Wed, 7 Oct 2020 03:34:24 -0700
Subject: [PATCH 3/3] Small change.

---
 src/main/java/eu/hbp/mip/controllers/ExperimentApi.java | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
index 60a66463a..a800711b5 100644
--- a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
@@ -100,11 +100,13 @@ public class ExperimentApi {
         experiment = experimentRepository.findOne(experimentUuid);
 
         if (experiment == null) {
+            UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Get Experiment", "Experiment Not found.");
             return new ResponseEntity<>("Not found", HttpStatus.NOT_FOUND);
         }
 
         if (!experiment.isShared() && experiment.getCreatedBy().getUsername().compareTo(userInfo.getUser().getUsername()) != 0) {
-            return new ResponseEntity<>("You have no access to the experiment", HttpStatus.UNAUTHORIZED);
+            UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Get Experiment", "Accessing Experiment is unauthorized.");
+            return new ResponseEntity<>("You don't have access to the experiment.", HttpStatus.UNAUTHORIZED);
         }
 
         UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Get an experiment ", " uuid : " + uuid);
@@ -118,7 +120,7 @@ public class ExperimentApi {
     public ResponseEntity<String> runExperiment(Authentication authentication, @RequestBody ExperimentExecutionDTO experimentExecutionDTO) {
         UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm", "Running the algorithm...");
 
-        if(authenticationIsEnabled) {
+        if (authenticationIsEnabled) {
             // Getting the dataset from the experiment parameters
             String experimentDatasets = null;
             for (ExperimentExecutionDTO.AlgorithmExecutionDTO.AlgorithmExecutionParamDTO parameter : experimentExecutionDTO.getAlgorithms().get(0).getParameters()) {
@@ -136,7 +138,7 @@ public class ExperimentApi {
             }
 
             // --- Validating proper access rights on the datasets  ---
-            if (!ClaimUtils.userHasDatasetsAuthorization(userInfo.getUser().getUsername(), authentication.getAuthorities(), experimentDatasets)){
+            if (!ClaimUtils.userHasDatasetsAuthorization(userInfo.getUser().getUsername(), authentication.getAuthorities(), experimentDatasets)) {
                 return ResponseEntity.badRequest().body("You are not authorized to use these datasets.");
             }
         }
-- 
GitLab