1
1
package org .ohdsi .webapi .service ;
2
2
3
+ import com .google .common .collect .ImmutableSet ;
3
4
import com .odysseusinc .arachne .commons .types .DBMSType ;
4
5
import com .odysseusinc .arachne .execution_engine_common .api .v1 .dto .DataSourceUnsecuredDTO ;
5
6
import com .odysseusinc .datasourcemanager .krblogin .KerberosService ;
6
7
import com .odysseusinc .datasourcemanager .krblogin .KrbConfig ;
7
8
import com .odysseusinc .datasourcemanager .krblogin .RuntimeServiceMode ;
9
+ import org .apache .commons .collections4 .CollectionUtils ;
8
10
import org .apache .commons .io .FileUtils ;
9
11
import org .apache .commons .lang3 .StringUtils ;
10
12
import org .apache .shiro .SecurityUtils ;
28
30
import org .ohdsi .webapi .reusable .domain .Reusable ;
29
31
import org .ohdsi .webapi .security .PermissionService ;
30
32
import org .ohdsi .webapi .service .dto .CommonEntityDTO ;
33
+ import org .ohdsi .webapi .service .dto .PermissionCheckType ;
31
34
import org .ohdsi .webapi .shiro .Entities .UserEntity ;
32
35
import org .ohdsi .webapi .shiro .Entities .UserRepository ;
33
36
import org .ohdsi .webapi .shiro .management .DisabledSecurity ;
@@ -364,7 +367,7 @@ protected PermissionService getPermissionService() {
364
367
}
365
368
366
369
protected void assignTag (CommonEntityExt <?> entity , int tagId ) {
367
- checkOwnerOrAdminOrGrantedOrTagManager (entity );
370
+ checkPermissions (entity , ImmutableSet . of ( PermissionCheckType . IS_OWNER , PermissionCheckType . IS_ADMIN , PermissionCheckType . HAS_WRITE_ACCESS , PermissionCheckType . IS_TAG_MANAGER ) );
368
371
if (Objects .nonNull (entity )) {
369
372
Tag tag = tagService .getById (tagId );
370
373
if (Objects .nonNull (tag )) {
@@ -391,7 +394,7 @@ protected void assignTag(CommonEntityExt<?> entity, int tagId) {
391
394
}
392
395
393
396
protected void unassignTag (CommonEntityExt <?> entity , int tagId ) {
394
- checkOwnerOrAdminOrGrantedOrTagManager (entity );
397
+ checkPermissions (entity , ImmutableSet . of ( PermissionCheckType . IS_OWNER , PermissionCheckType . IS_ADMIN , PermissionCheckType . HAS_WRITE_ACCESS , PermissionCheckType . IS_TAG_MANAGER ) );
395
398
if (Objects .nonNull (entity )) {
396
399
Tag tag = tagService .getById (tagId );
397
400
if (Objects .nonNull (tag )) {
@@ -415,56 +418,30 @@ private boolean hasPermissionToAssignProtectedTags(final CommonEntityExt<?> enti
415
418
return TagSecurityUtils .checkPermission (TagSecurityUtils .getAssetName (entity ), method );
416
419
}
417
420
418
- protected void checkOwnerOrAdmin ( UserEntity owner ) {
419
- if ( security instanceof DisabledSecurity ) {
421
+ protected void checkPermissions ( CommonEntity <?> entity , Set < PermissionCheckType > permissionsToCheck ) {
422
+ if ( CollectionUtils . isEmpty ( permissionsToCheck )) {
420
423
return ;
421
424
}
422
425
423
- UserEntity user = getCurrentUser ();
424
- Long ownerId = Objects .nonNull (owner ) ? owner .getId () : null ;
425
-
426
- if (!(user .getId ().equals (ownerId ) || isAdmin ())) {
427
- throw new ForbiddenException ();
428
- }
429
- }
430
-
431
- protected void checkOwnerOrAdminOrModerator (UserEntity owner ) {
432
- if (security instanceof DisabledSecurity ) {
433
- return ;
434
- }
435
-
436
- UserEntity user = getCurrentUser ();
437
- Long ownerId = Objects .nonNull (owner ) ? owner .getId () : null ;
438
-
439
- if (!(user .getId ().equals (ownerId ) || isAdmin () || isModerator ())) {
440
- throw new ForbiddenException ();
441
- }
442
- }
443
-
444
- protected void checkOwnerOrAdminOrGranted (CommonEntity <?> entity ) {
445
426
if (security instanceof DisabledSecurity ) {
446
427
return ;
447
428
}
448
429
449
- UserEntity user = getCurrentUser ();
450
- Long ownerId = Objects .nonNull (entity .getCreatedBy ()) ? entity .getCreatedBy ().getId () : null ;
430
+ boolean isAllowed = (permissionsToCheck .contains (PermissionCheckType .IS_OWNER ) && isEntityOwner (entity )) ||
431
+ (permissionsToCheck .contains (PermissionCheckType .IS_ADMIN ) && isAdmin ()) ||
432
+ (permissionsToCheck .contains (PermissionCheckType .IS_MODERATOR ) && isModerator ()) ||
433
+ (permissionsToCheck .contains (PermissionCheckType .HAS_WRITE_ACCESS ) && permissionService .hasWriteAccess (entity )) ||
434
+ (permissionsToCheck .contains (PermissionCheckType .IS_TAG_MANAGER ) && TagSecurityUtils .canManageTags ());
451
435
452
- if (!( user . getId (). equals ( ownerId ) || isAdmin () || permissionService . hasWriteAccess ( entity )) ) {
436
+ if (! isAllowed ) {
453
437
throw new ForbiddenException ();
454
438
}
455
439
}
456
440
457
- protected void checkOwnerOrAdminOrGrantedOrTagManager (CommonEntity <?> entity ) {
458
- if (security instanceof DisabledSecurity ) {
459
- return ;
460
- }
461
-
441
+ private boolean isEntityOwner (CommonEntity <?> entity ){
462
442
UserEntity user = getCurrentUser ();
463
443
Long ownerId = Objects .nonNull (entity .getCreatedBy ()) ? entity .getCreatedBy ().getId () : null ;
464
-
465
- if (!(user .getId ().equals (ownerId ) || isAdmin () || permissionService .hasWriteAccess (entity ) || TagSecurityUtils .canManageTags ())) {
466
- throw new ForbiddenException ();
467
- }
444
+ return user .getId ().equals (ownerId );
468
445
}
469
446
470
447
protected <T extends CommonEntityDTO > List <T > listByTags (List <? extends CommonEntityExt <? extends Number >> entities ,
0 commit comments