private boolean isAdministrativeUser(long studyId, String user) throws CatalogException { QueryResult<Group> groupBelonging = getGroupBelonging(studyId, user); for (Group group : groupBelonging.getResult()) { if (group.getName().equals(ADMINS_GROUP)) { return true; } } return false; }
@Test public void changeGroupMembership() throws CatalogException { updateGroup(studyFqn, groupAdmin, externalUser, null, null, ownerSessionId); // catalogManager.addUsersToGroup(studyFqn, groupAdmin, externalUser, ownerSessionId); Map<String, Group> groups = getGroupMap(); assertTrue(groups.get(groupAdmin).getUserIds().contains(externalUser)); // thrown.expect(CatalogException.class); // catalogManager.addUsersToGroup(studyFqn, groupMember, externalUser, ownerSessionId); updateGroup(studyFqn, groupAdmin, null, externalUser, null, ownerSessionId); catalogManager.getStudyManager().createGroup(studyFqn, groupMember, externalUser, ownerSessionId); // catalogManager.updateGroup(studyFqn, groupMember, externalUser, null, null, ownerSessionId); groups = getGroupMap(); assertTrue(groups.get(groupMember).getUserIds().contains(externalUser)); assertTrue(!groups.get(groupAdmin).getUserIds().contains(externalUser)); }
@Test public void createGroup() throws CatalogDBException { catalogStudyDBAdaptor.createGroup(5L, new Group("name", Arrays.asList("user1", "user2"))); thrown.expect(CatalogDBException.class); thrown.expectMessage("Group already existed"); catalogStudyDBAdaptor.createGroup(5L, new Group("name", Arrays.asList("user1", "user2"))); }
for (Study study : studyQueryResult.getResult()) { for (Group group : study.getGroups()) { if (group.getName().equalsIgnoreCase("admins") && group.getUserIds().contains(userId)) { studyAliases.add(study.getAlias()); break;
if (group.first().getSyncedFrom() != null && StringUtils.isNotEmpty(group.first().getSyncedFrom().getAuthOrigin()) && StringUtils.isNotEmpty(group.first().getSyncedFrom().getRemoteGroup())) { if (authenticationOriginId.equals(group.first().getSyncedFrom().getAuthOrigin()) && externalGroup.equals(group.first().getSyncedFrom().getRemoteGroup())) { studyDBAdaptor.removeUsersFromGroup(study.getUid(), catalogGroup, group.first().getUserIds()); studyDBAdaptor.syncGroup(study.getUid(), catalogGroup, new Group.Sync(authenticationOriginId, externalGroup)); } else { Group newGroup = new Group(catalogGroup, Collections.emptyList(), new Group.Sync(authenticationOriginId, externalGroup)); studyDBAdaptor.createGroup(study.getUid(), newGroup);
Group group = new Group("@notSyncedGroup", Arrays.asList("user1", "user2", "user3")); catalogStudyDBAdaptor.createGroup(5L, group); group.setName("@syncedGroup1"); group.setSyncedFrom(new Group.Sync("origin1", "@syncedGroup1")); catalogStudyDBAdaptor.createGroup(5L, group); group.setName("@syncedGroup2"); group.setSyncedFrom(new Group.Sync("origin1", "@syncedGroup2")); catalogStudyDBAdaptor.createGroup(5L, group); group.setName("@syncedGroup3"); group.setSyncedFrom(new Group.Sync("otherOrigin", "@syncedGroup3")); catalogStudyDBAdaptor.createGroup(5L, group); group = new Group("@otherNotSyncedGroup", Arrays.asList("user1", "user3")); catalogStudyDBAdaptor.createGroup(5L, group); group = new Group("@notSyncedGroup", Arrays.asList("user1", "user2", "user3")); catalogStudyDBAdaptor.createGroup(9L, group); group.setName("@syncedGroup1"); group.setSyncedFrom(new Group.Sync("origin1", "@syncedGroup1")); catalogStudyDBAdaptor.createGroup(9L, group); group.setName("@syncedGroup2"); group.setSyncedFrom(new Group.Sync("origin1", "@syncedGroup2")); catalogStudyDBAdaptor.createGroup(9L, group); group.setName("@syncedGroup3"); group.setSyncedFrom(new Group.Sync("otherOrigin", "@syncedGroup3")); catalogStudyDBAdaptor.createGroup(9L, group); group = new Group("@otherNotSyncedGroup", Arrays.asList("user1", "user3")); catalogStudyDBAdaptor.createGroup(9L, group);
public QueryResult<Group> syncGroupWith(String studyStr, String groupId, Group.Sync syncedFrom, String sessionId) throws CatalogException { ParamUtils.checkObj(syncedFrom, "sync"); String userId = catalogManager.getUserManager().getUserId(sessionId); Study study = resolveId(studyStr, userId); if (StringUtils.isEmpty(groupId)) { throw new CatalogException("Missing group name parameter"); } // Fix the groupId if (!groupId.startsWith("@")) { groupId = "@" + groupId; } authorizationManager.checkSyncGroupPermissions(study.getUid(), userId, groupId); QueryResult<Group> group = studyDBAdaptor.getGroup(study.getUid(), groupId, Collections.emptyList()); if (group.first().getSyncedFrom() != null && StringUtils.isNotEmpty(group.first().getSyncedFrom().getAuthOrigin()) && StringUtils.isNotEmpty(group.first().getSyncedFrom().getRemoteGroup())) { throw new CatalogException("Cannot modify already existing sync information."); } // Check the group exists Query query = new Query() .append(StudyDBAdaptor.QueryParams.UID.key(), study.getUid()) .append(StudyDBAdaptor.QueryParams.GROUP_NAME.key(), groupId); if (studyDBAdaptor.count(query).first() == 0) { throw new CatalogException("The group " + groupId + " does not exist."); } studyDBAdaptor.syncGroup(study.getUid(), groupId, syncedFrom); return studyDBAdaptor.getGroup(study.getUid(), groupId, Collections.emptyList()); }
if (group.getUserIds().contains(userId)) { groups.add(group.getName());
assertEquals(2, groupQueryResult.first().getUserIds().size()); assertEquals("@members", groupQueryResult.first().getName()); assertEquals(0, groupQueryResult.first().getUserIds().size());
@Test public void addMemberToGroup() throws CatalogException { updateGroup(studyFqn, groupAdmin, externalUser, null, null, ownerSessionId); Map<String, Group> groups = getGroupMap(); assertTrue(groups.get(groupAdmin).getUserIds().contains(externalUser)); }
@Override public QueryResult<Group> createGroup(long studyId, Group group) throws CatalogDBException { long startTime = startQuery(); Document query = new Document() .append(PRIVATE_UID, studyId) .append(QueryParams.GROUP_NAME.key(), new Document("$ne", group.getName())); Document update = new Document("$push", new Document(QueryParams.GROUPS.key(), getMongoDBDocument(group, "Group"))); QueryResult<UpdateResult> queryResult = studyCollection.update(query, update, null); if (queryResult.first().getModifiedCount() != 1) { QueryResult<Group> group1 = getGroup(studyId, group.getName(), Collections.emptyList()); if (group1.getNumResults() > 0) { throw new CatalogDBException("Unable to create the group " + group.getName() + ". Group already existed."); } else { throw new CatalogDBException("Unable to create the group " + group.getName() + "."); } } return endQuery("Create group", startTime, getGroup(studyId, group.getName(), Collections.emptyList())); }
@Test public void removeUsersFromAllGroups() throws CatalogDBException { catalogStudyDBAdaptor.createGroup(5L, new Group("name1", Arrays.asList("user1", "user2"))); catalogStudyDBAdaptor.createGroup(5L, new Group("name2", Arrays.asList("user1", "user2", "user3"))); catalogStudyDBAdaptor.createGroup(5L, new Group("name3", Arrays.asList("user1", "user3"))); QueryResult<Group> group = catalogStudyDBAdaptor.getGroup(5L, null, Arrays.asList("user1", "user3")); assertEquals(3, group.getNumResults()); catalogStudyDBAdaptor.removeUsersFromAllGroups(5L, Arrays.asList("user1", "user3")); group = catalogStudyDBAdaptor.getGroup(5L, null, Arrays.asList("user1", "user3")); assertEquals(0, group.getNumResults()); }
assertEquals(2, groupQueryResult.first().getUserIds().size()); assertEquals("@members", groupQueryResult.first().getName()); assertTrue(!group.getUserIds().contains("user2")); assertTrue(!group.getUserIds().contains("user3"));
if (!group.first().getUserIds().isEmpty()) { retResult.setWarningMsg(retResult.getWarningMsg() + "Users registered in group " + studyGroup + " in study " + studyStr + ": " + String.join(", ", group.first().getUserIds()));
private void checkAskingOwnPermissions(String userId, String member, long studyId) throws CatalogException { if (member.startsWith("@")) { //group // If the userId does not belong to the group... QueryResult<Group> groupBelonging = getGroupBelonging(studyId, userId); if (groupBelonging.getNumResults() != 1 || !groupBelonging.first().getName().equals(member)) { throw new CatalogAuthorizationException("The user " + userId + " does not have permissions to see the ACLs of " + member); } } else { // If the userId asking to see the permissions is not asking to see their own permissions if (!userId.equals(member)) { throw new CatalogAuthorizationException("The user " + userId + " does not have permissions to see the ACLs of " + member); } } }
public QueryResult<Group> createGroup(String studyStr, String groupId, String users, String sessionId) throws CatalogException { ParamUtils.checkParameter(groupId, "group name"); String userId = catalogManager.getUserManager().getUserId(sessionId); Study study = resolveId(studyStr, userId); // Fix the groupId if (!groupId.startsWith("@")) { groupId = "@" + groupId; } authorizationManager.checkCreateDeleteGroupPermissions(study.getUid(), userId, groupId); // Create the list of users List<String> userList; if (StringUtils.isNotEmpty(users)) { userList = Arrays.asList(users.split(",")); } else { userList = Collections.emptyList(); } // Check group exists if (existsGroup(study.getUid(), groupId)) { throw new CatalogException("The group " + groupId + " already exists."); } // Check the list of users is ok if (userList.size() > 0) { userDBAdaptor.checkIds(userList); } // Add those users to the members group studyDBAdaptor.addUsersToGroup(study.getUid(), MEMBERS, userList); // Create the group return studyDBAdaptor.createGroup(study.getUid(), new Group(groupId, userList)); }
@Ignore @Test public void importLdapGroups() throws CatalogException, NamingException, IOException { // Action only for admins ObjectMap params = new ObjectMap() .append("group", "bio") .append("study", "user@1000G:phase1") .append("study-group", "test"); catalogManager.getUserManager().importFromExternalAuthOrigin("ldap", Account.GUEST, params, getAdminToken()); QueryResult<Group> test = catalogManager.getStudyManager().getGroup("user@1000G:phase1", "test", sessionIdUser); assertEquals(1, test.getNumResults()); assertEquals("@test", test.first().getName()); assertTrue(test.first().getUserIds().size() > 0); params.put("study-group", "test1"); try { catalogManager.getUserManager().importFromExternalAuthOrigin("ldap", Account.GUEST, params, getAdminToken()); fail("Should not be possible creating another group containing the same users that belong to a different group"); } catch (CatalogException e) { System.out.println(e.getMessage()); } params = new ObjectMap() .append("group", "bioo") .append("study", "user@1000G:phase1") .append("study-group", "test2"); catalogManager.getUserManager().importFromExternalAuthOrigin("ldap", Account.GUEST, params, getAdminToken()); thrown.expect(CatalogDBException.class); thrown.expectMessage("not exist"); catalogManager.getStudyManager().getGroup("user@1000G:phase1", "test2", sessionIdUser); }
@Test public void removeMemberFromGroup() throws CatalogException { // Create new group catalogManager.getStudyManager().createGroup(String.valueOf(studyFqn), groupMember, studyAdminUser1 + "," + studyAdminUser2, ownerSessionId); // Remove one of the users updateGroup(studyFqn, groupMember, null, studyAdminUser1, null, ownerSessionId); assertFalse(getGroupMap().get(groupMember).getUserIds().contains(studyAdminUser1)); // Remove the last user in the admin group updateGroup(studyFqn, groupMember, null, studyAdminUser2, null, ownerSessionId); assertFalse(getGroupMap().get(groupMember).getUserIds().contains(studyAdminUser2)); // // Cannot remove group with defined ACLs // thrown.expect(CatalogDBException.class); // thrown.expectMessage("ACL defined"); catalogManager.getStudyManager().deleteGroup(studyFqn, groupMember, ownerSessionId); assertNull(getGroupMap().get(groupMember)); }
0, cipher, Arrays.asList(new Group(MEMBERS, Collections.emptyList()), new Group(ADMINS, Collections.emptyList())), experiments, files, jobs, new LinkedList<>(), new LinkedList<>(), new LinkedList<>(), new LinkedList<>(), Collections.emptyList(), new LinkedList<>(), null, null, datastores, project.getCurrentRelease(), stats,
Arrays.asList(new Project("pr1", "90 GigaGenomes", null, "very long description", "Spain", null, new Status(), "", 0, Arrays.asList(new Study("name", "Study name", "ph1", Study.Type.CONTROL_SET, "", "", new Status(), "", 0, "", Arrays.asList(new Group("@members", Collections.emptyList())), Collections.<Experiment>emptyList(), Arrays.asList( new File("data/", File.Type.DIRECTORY, File.Format.PLAIN, File.Bioformat.NONE, "data/", "", Arrays.asList( new Study("spongeScan", "spongeScan", "sponges", Study.Type.COLLECTION, "", "", new Status(), "", 0, "", Arrays.asList(new Group("@members", Collections.emptyList())), null, Arrays.asList( new File("data/", File.Type.DIRECTORY, File.Format.UNKNOWN, File.Bioformat.NONE, "data/", "Description", new File.FileStatus(File.FileStatus.READY), 10, 1), ), new Study("mineco", "MINECO", "mineco", Study.Type.COLLECTION, "", "", new Status(), "", 0, "", Arrays.asList(new Group("@members", Collections.emptyList())), null, Arrays.asList( new File("data/", File.Type.DIRECTORY, File.Format.UNKNOWN, File.Bioformat.NONE, "data/",