implementing airavata sharing manager
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/82e57526 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/82e57526 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/82e57526 Branch: refs/heads/develop Commit: 82e57526cdd975381c30f2f4853b2a91101833d7 Parents: 50cf71e Author: scnakandala <[email protected]> Authored: Sun Oct 9 01:45:41 2016 -0400 Committer: scnakandala <[email protected]> Committed: Sun Oct 9 01:45:41 2016 -0400 ---------------------------------------------------------------------- airavata-api/airavata-api-server/pom.xml | 12 +- .../server/handler/AiravataServerHandler.java | 370 +- .../java/org/apache/airavata/api/Airavata.java | 47252 ++++++++--------- .../main/resources/lib/airavata/Airavata.cpp | 3593 +- .../src/main/resources/lib/airavata/Airavata.h | 1143 +- .../lib/airavata/Airavata_server.skeleton.cpp | 158 +- .../user_resource_profile_model_types.cpp | 165 +- .../user_resource_profile_model_types.h | 89 +- .../resources/lib/Airavata/API/Airavata.php | 9181 ++-- .../lib/apache/airavata/api/Airavata-remote | 107 +- .../lib/apache/airavata/api/Airavata.py | 2753 +- .../airavata/model/workspace/Gateway.java | 25 +- dev-tools/ansible/README.md | 2 +- dev-tools/ansible/group_vars/all.yml | 8 +- dev-tools/ansible/hosts | 2 +- .../templates/airavata-server.properties.j2 | 13 + .../templates/airavata-server.properties.j2 | 13 + .../roles/pga/templates/pga_config.php.j2 | 2 +- .../templates/airavata-server.properties.j2 | 13 + .../main/resources/airavata-server.properties | 13 + .../src/main/assembly/bin-assembly.xml | 9 + modules/group-manager/pom.xml | 58 - .../internal/dao/PermissionEntryDAO.java | 286 - .../dao/hib3/Hib3PermissionEntryDAO.java | 1123 - .../grouper/permissions/PermissionFinder.java | 770 - .../airavata/grouper/AiravataGrouperUtil.java | 35 - .../airavata/grouper/GroupManagerCPI.java | 35 - .../airavata/grouper/GroupManagerException.java | 36 - .../airavata/grouper/GroupManagerFactory.java | 42 - .../airavata/grouper/GroupManagerImpl.java | 118 - .../apache/airavata/grouper/SubjectType.java | 14 - .../apache/airavata/grouper/group/Group.java | 108 - .../airavata/grouper/group/GroupMembership.java | 88 - .../grouper/group/GroupMembershipType.java | 12 - .../airavata/grouper/group/GroupService.java | 39 - .../grouper/group/GroupServiceImpl.java | 412 - .../grouper/permission/PermissionAction.java | 15 - .../permission/PermissionServiceImpl.java | 86 - .../airavata/grouper/resource/Resource.java | 145 - .../resource/ResourceNotFoundException.java | 35 - .../grouper/resource/ResourceServiceImpl.java | 343 - .../airavata/grouper/resource/ResourceType.java | 51 - .../airavata/grouper/role/RoleServiceImpl.java | 112 - .../Owasp.CsrfGuard.overlay.properties | 78 - .../main/resources/Owasp.CsrfGuard.properties | 403 - .../group-manager/src/main/resources/README.txt | 21 - .../src/main/resources/ehcache.xml | 1517 - .../resources/grouper-loader.base.properties | 351 - .../main/resources/grouper-loader.properties | 25 - .../src/main/resources/grouper.base.properties | 1017 - .../resources/grouper.client.base.properties | 552 - .../main/resources/grouper.client.properties | 552 - .../resources/grouper.hibernate.base.properties | 120 - .../main/resources/grouper.hibernate.properties | 10 - .../src/main/resources/grouper.properties | 1017 - .../src/main/resources/grouperUtf8.txt | 1 - .../src/main/resources/log4j.properties | 154 - .../src/main/resources/morphString.properties | 21 - .../src/main/resources/server.properties | 26 - .../src/main/resources/sources.xml | 875 - .../src/main/resources/spy.properties | 54 - .../group-manager/src/main/resources/sqltool.rc | 6 - .../src/main/resources/subject.base.properties | 46 - .../src/main/resources/subject.properties | 27 - modules/sharing-registry/README.md | 3 + modules/sharing-registry/pom.xml | 28 + .../sharing-data-migrator/pom.xml | 21 + .../sharing/registry/ConnectionFactory.java | 59 + .../airavata/sharing/registry/DataMigrator.java | 166 + .../sharing-registry-core/pom.xml | 98 + .../registry/db/entities/DomainEntity.java | 113 + .../registry/db/entities/EntityEntity.java | 192 + .../registry/db/entities/EntityTypeEntity.java | 125 + .../db/entities/GroupMembershipEntity.java | 112 + .../db/entities/GroupMembershipEntityPK.java | 74 + .../db/entities/PermissionTypeEntity.java | 125 + .../registry/db/entities/SharingEntity.java | 136 + .../registry/db/entities/SharingEntityPK.java | 99 + .../registry/db/entities/SharingUserEntity.java | 112 + .../registry/db/entities/UserGroupEntity.java | 150 + .../db/repositories/AbstractRepository.java | 138 + .../db/repositories/DomainRepository.java | 34 + .../db/repositories/EntityRepository.java | 75 + .../db/repositories/EntityTypeRepository.java | 34 + .../repositories/GroupMembershipRepository.java | 98 + .../repositories/PermissionTypeRepository.java | 52 + .../db/repositories/SharingRepository.java | 80 + .../db/repositories/UserGroupRepository.java | 34 + .../db/repositories/UserRepository.java | 35 + .../sharing/registry/db/utils/Committer.java | 27 + .../registry/db/utils/ConnectionPool.java | 382 + .../sharing/registry/db/utils/DBConstants.java | 85 + .../registry/db/utils/DatabaseCreator.java | 353 + .../sharing/registry/db/utils/JPAUtils.java | 230 + .../sharing/registry/db/utils/JdbcStorage.java | 175 + .../db/utils/ObjectMapperSingleton.java | 39 + .../registry/server/SharingRegistryServer.java | 28 + .../server/SharingRegistryServerHandler.java | 676 + .../src/main/resources/META-INF/persistence.xml | 15 + .../main/resources/sharing-registry-derby.sql | 138 + .../main/resources/sharing-registry-mysql.sql | 138 + .../SharingRegistryServerHandlerTest.java | 282 + .../sharing/registry/util/Initialize.java | 298 + .../sharing-registry-stubs/pom.xml | 23 + .../sharing/registry/models/Domain.java | 817 + .../sharing/registry/models/Entity.java | 1511 + .../registry/models/EntitySearchFields.java | 48 + .../sharing/registry/models/EntityType.java | 924 + .../sharing/registry/models/GroupChildType.java | 45 + .../registry/models/GroupMembership.java | 830 + .../sharing/registry/models/GroupType.java | 45 + .../sharing/registry/models/PermissionType.java | 924 + .../sharing/registry/models/Sharing.java | 1044 + .../models/SharingRegistryException.java | 381 + .../sharing/registry/models/SharingType.java | 48 + .../airavata/sharing/registry/models/User.java | 817 + .../sharing/registry/models/UserGroup.java | 1154 + .../models/sharing_modelsConstants.java | 41 + .../service/cpi/GovRegistryService.java | 45165 ++++++++++++++++ .../thrift_models/sharing_cpi.thrift | 98 + .../thrift_models/sharing_models.thrift | 129 + .../thrift_models/thrift-gen.sh | 16 + pom.xml | 2 +- .../airavata-apis/airavata_api.thrift | 5 - 124 files changed, 92295 insertions(+), 42590 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/airavata-api/airavata-api-server/pom.xml ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/pom.xml b/airavata-api/airavata-api-server/pom.xml index e5b549c..3ceb494 100644 --- a/airavata-api/airavata-api-server/pom.xml +++ b/airavata-api/airavata-api-server/pom.xml @@ -73,9 +73,14 @@ </dependency> <dependency> <groupId>org.apache.airavata</groupId> - <artifactId>group-manager</artifactId> + <artifactId>airavata-sharing-registry-core</artifactId> <version>${project.version}</version> </dependency> + <!--<dependency>--> + <!--<groupId>org.apache.airavata</groupId>--> + <!--<artifactId>group-manager</artifactId>--> + <!--<version>${project.version}</version>--> + <!--</dependency>--> <dependency> <groupId>org.apache.thrift</groupId> <artifactId>libthrift</artifactId> @@ -141,6 +146,11 @@ <artifactId>jackson-mapper-asl</artifactId> <version>1.9.13</version> </dependency> + <dependency> + <groupId>org.apache.airavata</groupId> + <artifactId>registry-api-stubs</artifactId> + <version>${project.version}</version> + </dependency> </dependencies> </project> http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java index 2f2e559..98211c0 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java @@ -27,19 +27,13 @@ import org.apache.airavata.api.server.security.interceptor.SecurityCheck; import org.apache.airavata.common.exception.AiravataException; import org.apache.airavata.common.exception.ApplicationSettingsException; import org.apache.airavata.common.utils.AiravataUtils; +import org.apache.airavata.common.utils.Constants; import org.apache.airavata.common.utils.ServerSettings; import org.apache.airavata.credential.store.client.CredentialStoreClientFactory; import org.apache.airavata.credential.store.cpi.CredentialStoreService; import org.apache.airavata.credential.store.datamodel.PasswordCredential; import org.apache.airavata.credential.store.datamodel.SSHCredential; import org.apache.airavata.credential.store.exception.CredentialStoreException; -import org.apache.airavata.grouper.GroupManagerCPI; -import org.apache.airavata.grouper.GroupManagerException; -import org.apache.airavata.grouper.GroupManagerFactory; -import org.apache.airavata.grouper.SubjectType; -import org.apache.airavata.grouper.group.Group; -import org.apache.airavata.grouper.permission.PermissionAction; -import org.apache.airavata.grouper.resource.Resource; import org.apache.airavata.messaging.core.MessageContext; import org.apache.airavata.messaging.core.MessagingFactory; import org.apache.airavata.messaging.core.Publisher; @@ -83,6 +77,8 @@ import org.apache.airavata.model.workspace.Project; import org.apache.airavata.registry.api.RegistryService; import org.apache.airavata.registry.api.client.RegistryServiceClientFactory; import org.apache.airavata.registry.api.exception.RegistryServiceException; +import org.apache.airavata.sharing.registry.models.Entity; +import org.apache.airavata.sharing.registry.server.SharingRegistryServerHandler; import org.apache.thrift.TException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -95,14 +91,20 @@ public class AiravataServerHandler implements Airavata.Iface { private Publisher experimentPublisher; private CredentialStoreService.Client csClient; + private SharingRegistryServerHandler sharingRegistryServerHandler; + public AiravataServerHandler() { try { statusPublisher = MessagingFactory.getPublisher(Type.STATUS); experimentPublisher = MessagingFactory.getPublisher(Type.EXPERIMENT_LAUNCH); + + sharingRegistryServerHandler = new SharingRegistryServerHandler(); } catch (ApplicationSettingsException e) { logger.error("Error occured while reading airavata-server properties..", e); } catch (AiravataException e) { logger.error("Error occured while reading airavata-server properties..", e); + } catch (TException e) { + logger.error("Error occured while reading airavata-server properties..", e); } } @@ -502,14 +504,17 @@ public class AiravataServerHandler implements Airavata.Iface { try { String projectId = getRegistryServiceClient().createProject(gatewayId, project); - Resource projResource = new Resource(projectId, org.apache.airavata.grouper.resource.ResourceType.PROJECT); - projResource.setOwnerId(project.getOwner() + "@" + project.getGatewayId()); - projResource.setName(project.getName()); - projResource.setDescription(project.getDescription()); if(ServerSettings.isEnableSharing()){ - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - groupManager.createResource(projResource); + Entity entity = new Entity(); + entity.setEntityId(projectId); + entity.setDomainId(project.getGatewayId()); + entity.setEntityTypeId(project.getGatewayId()+":"+"PROJECT"); + entity.setOwnerId(project.getOwner() + "@" + project.getGatewayId()); + entity.setName(project.getName()); + entity.setDescription(project.getDescription()); + + sharingRegistryServerHandler.createEntity(entity); } logger.debug("Airavata created project with project Id : " + projectId + " for gateway Id : " + gatewayId); @@ -533,9 +538,10 @@ public class AiravataServerHandler implements Airavata.Iface { if(ServerSettings.isEnableSharing() && !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME).equals(existingProject.getOwner()) || !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID).equals(existingProject.getGatewayId())){ try { - if(!hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME) - +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID), - existingProject.getProjectID(), ResourceType.PROJECT, ResourcePermissionType.WRITE)){ + String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + String userId = authzToken.getClaimsMap().get(Constants.USER_NAME); + if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@" + gatewayId, + projectId, gatewayId + ":WRITE")){ throw new AuthorizationException("User does not have permission to access this resource"); } } catch (Exception e) { @@ -563,9 +569,10 @@ public class AiravataServerHandler implements Airavata.Iface { if(ServerSettings.isEnableSharing() && !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME).equals(existingProject.getOwner()) || !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID).equals(existingProject.getGatewayId())){ try { - if(!hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME) - +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID), - existingProject.getProjectID(), ResourceType.PROJECT, ResourcePermissionType.WRITE)){ + String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + String userId = authzToken.getClaimsMap().get(Constants.USER_NAME); + if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@" + gatewayId, + projectId, gatewayId + ":WRITE")){ throw new AuthorizationException("User does not have permission to access this resource"); } } catch (Exception e) { @@ -607,13 +614,13 @@ public class AiravataServerHandler implements Airavata.Iface { return project; }else if (ServerSettings.isEnableSharing()){ try { - if(hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME) - +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID), - project.getProjectID(), ResourceType.PROJECT, ResourcePermissionType.READ)){ - return project; - }else { + String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + String userId = authzToken.getClaimsMap().get(Constants.USER_NAME); + if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@" + gatewayId, + projectId, gatewayId + ":READ")){ throw new AuthorizationException("User does not have permission to access this resource"); } + return project; } catch (Exception e) { throw new AuthorizationException("User does not have permission to access this resource"); } @@ -686,7 +693,8 @@ public class AiravataServerHandler implements Airavata.Iface { List<String> accessibleProjIds = new ArrayList<>(); if(ServerSettings.isEnableSharing()) - accessibleProjIds.addAll(getAllAccessibleResourcesForUser(userName+"@"+gatewayId, ResourceType.PROJECT, ResourcePermissionType.READ)); + sharingRegistryServerHandler.searchEntities(userName+"@"+gatewayId, gatewayId+":PROJECT", + new HashMap<>(), 0, -1).stream().forEach(e->accessibleProjIds.add(e.entityId)); return getRegistryServiceClient().searchProjects(gatewayId, userName, accessibleProjIds, filters, limit, offset); }catch (Exception e) { @@ -722,7 +730,8 @@ public class AiravataServerHandler implements Airavata.Iface { try { List<String> accessibleExpIds = new ArrayList<>(); if(ServerSettings.isEnableSharing()) - accessibleExpIds.addAll(getAllAccessibleResourcesForUser(userName + "@" + gatewayId, ResourceType.EXPERIMENT, ResourcePermissionType.READ)); + sharingRegistryServerHandler.searchEntities(userName+"@"+gatewayId, gatewayId+":EXPERIMENT", + new HashMap<>(), 0, -1).forEach(e->accessibleExpIds.add(e.entityId)); return getRegistryServiceClient().searchExperiments(gatewayId, userName, accessibleExpIds, filters, limit, offset); }catch (Exception e) { logger.error("Error while retrieving experiments", e); @@ -784,9 +793,10 @@ public class AiravataServerHandler implements Airavata.Iface { if(ServerSettings.isEnableSharing() && !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME).equals(project.getOwner()) || !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID).equals(project.getGatewayId())){ try { - if(!hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME) - +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID), - project.getProjectID(), ResourceType.PROJECT, ResourcePermissionType.READ)){ + String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + String userId = authzToken.getClaimsMap().get(Constants.USER_NAME); + if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@" + gatewayId, + projectId, gatewayId + ":READ")){ throw new AuthorizationException("User does not have permission to access this resource"); } } catch (Exception e) { @@ -860,15 +870,17 @@ public class AiravataServerHandler implements Airavata.Iface { AiravataClientException, AiravataSystemException, AuthorizationException, TException { try { String experimentId = getRegistryServiceClient().createExperiment(gatewayId, experiment); - Resource expResource = new Resource(experimentId, org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT); - expResource.setOwnerId(experiment.getUserName()+"@"+experiment.getGatewayId()); - expResource.setParentResourceId(experiment.getProjectId()); - expResource.setName(experiment.getExperimentName()); - expResource.setDescription(experiment.getDescription()); if(ServerSettings.isEnableSharing()) { - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - groupManager.createResource(expResource); + Entity entity = new Entity(); + entity.setEntityId(experimentId); + entity.setDomainId(experiment.getGatewayId()); + entity.setEntityTypeId(experiment.getGatewayId()+":"+"EXPERIMENT"); + entity.setOwnerId(experiment.getUserName() + "@" + experiment.getGatewayId()); + entity.setName(experiment.getExperimentName()); + entity.setDescription(experiment.getDescription()); + + sharingRegistryServerHandler.createEntity(entity); } ExperimentStatusChangeEvent event = new ExperimentStatusChangeEvent(ExperimentState.CREATED, @@ -912,9 +924,10 @@ public class AiravataServerHandler implements Airavata.Iface { if(ServerSettings.isEnableSharing() && !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME).equals(experimentModel.getUserName()) || !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID).equals(experimentModel.getGatewayId())){ try { - if(! hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME) - +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID), - experimentModel.getExperimentId(), ResourceType.EXPERIMENT, ResourcePermissionType.WRITE)){ + String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + String userId = authzToken.getClaimsMap().get(Constants.USER_NAME); + if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@" + gatewayId, + experimentId, gatewayId + ":WRITE")){ throw new AuthorizationException("User does not have permission to access this resource"); } } catch (Exception e) { @@ -970,13 +983,13 @@ public class AiravataServerHandler implements Airavata.Iface { return experimentModel; }else if(ServerSettings.isEnableSharing()){ try { - if(hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME) - +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID), - experimentModel.getExperimentId(), ResourceType.EXPERIMENT, ResourcePermissionType.READ)){ - return experimentModel; - }else { + String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + String userId = authzToken.getClaimsMap().get(Constants.USER_NAME); + if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@" + gatewayId, + airavataExperimentId, gatewayId + ":READ")){ throw new AuthorizationException("User does not have permission to access this resource"); } + return experimentModel; } catch (Exception e) { throw new AuthorizationException("User does not have permission to access this resource"); } @@ -1065,9 +1078,10 @@ public class AiravataServerHandler implements Airavata.Iface { if(ServerSettings.isEnableSharing() && !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME).equals(experimentModel.getUserName()) || !authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID).equals(experimentModel.getGatewayId())){ try { - if(! hasPermission(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME) - +"@"+authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.GATEWAY_ID), - experimentModel.getExperimentId(), ResourceType.EXPERIMENT, ResourcePermissionType.WRITE)){ + String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + String userId = authzToken.getClaimsMap().get(Constants.USER_NAME); + if(!sharingRegistryServerHandler.userHasAccess(gatewayId, userId + "@" + gatewayId, + airavataExperimentId, gatewayId + ":WRITE")){ throw new AuthorizationException("User does not have permission to access this resource"); } } catch (Exception e) { @@ -1397,13 +1411,16 @@ public class AiravataServerHandler implements Airavata.Iface { existingExperiment.setUserName(authzToken.getClaimsMap().get(org.apache.airavata.common.utils.Constants.USER_NAME)); String expId = regClient.createExperiment(gatewayId, existingExperiment); - String projectId = existingExperiment.getProjectId(); - if(ServerSettings.isEnableSharing()){ - if(!isResourceExistsInGrouper(projectId, ResourceType.PROJECT)){ - initializeResourceWithGrouper(projectId, ResourceType.PROJECT); - } - initializeResourceWithGrouper(expId, ResourceType.EXPERIMENT); + Entity entity = new Entity(); + entity.setEntityId(expId); + entity.setDomainId(existingExperiment.getGatewayId()); + entity.setEntityTypeId(existingExperiment.getGatewayId()+":"+"EXPERIMENT"); + entity.setOwnerId(existingExperiment.getUserName() + "@" + existingExperiment.getGatewayId()); + entity.setName(existingExperiment.getExperimentName()); + entity.setDescription(existingExperiment.getDescription()); + + sharingRegistryServerHandler.createEntity(entity); } return expId; @@ -3641,29 +3658,13 @@ public class AiravataServerHandler implements Airavata.Iface { Map<String, ResourcePermissionType> userPermissionList) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException { try { - if(!isResourceExistsInGrouper(resourceId, resourceType)){ - initializeResourceWithGrouper(resourceId, resourceType); - } - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - for(Map.Entry<String, ResourcePermissionType> entry : userPermissionList.entrySet()){ - org.apache.airavata.grouper.resource.ResourceType gResouceType; - if(resourceType.equals(ResourceType.EXPERIMENT)){ - gResouceType = org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT; - }else if(resourceType.equals(ResourceType.PROJECT)){ - gResouceType = org.apache.airavata.grouper.resource.ResourceType.PROJECT; - }else{ - //Unsupported data type - continue; - } - - if(entry.getValue().equals(ResourcePermissionType.READ)){ - groupManager.grantPermission(entry.getKey(), SubjectType.PERSON, resourceId, gResouceType, PermissionAction.READ); - }else if(entry.getValue().equals(ResourcePermissionType.WRITE)){ - groupManager.grantPermission(entry.getKey(), SubjectType.PERSON, resourceId, gResouceType, PermissionAction.WRITE); - }else{ - //Unsupported permission type - continue; - } + for(Map.Entry<String, ResourcePermissionType> userPermission : userPermissionList.entrySet()){ + if(userPermission.getValue().equals(ResourcePermissionType.WRITE)) + sharingRegistryServerHandler.shareEntityWithUsers(resourceId, + Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":" + "WRITE", true); + else + sharingRegistryServerHandler.shareEntityWithUsers(resourceId, + Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get("GatewatId") + ":" + "READ", true); } return true; } catch (Exception e) { @@ -3680,29 +3681,13 @@ public class AiravataServerHandler implements Airavata.Iface { public boolean revokeSharingOfResourceFromUsers(AuthzToken authzToken, String resourceId, ResourceType resourceType, Map<String, ResourcePermissionType> userPermissionList) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException { try { - if(!isResourceExistsInGrouper(resourceId, resourceType)){ - initializeResourceWithGrouper(resourceId, resourceType); - } - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - for(Map.Entry<String, ResourcePermissionType> entry : userPermissionList.entrySet()){ - org.apache.airavata.grouper.resource.ResourceType gResouceType; - if(resourceType.equals(ResourceType.EXPERIMENT)){ - gResouceType = org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT; - }else if(resourceType.equals(ResourceType.PROJECT)){ - gResouceType = org.apache.airavata.grouper.resource.ResourceType.PROJECT; - }else{ - //Unsupported data type - continue; - } - - if(entry.getValue().equals(ResourcePermissionType.READ)){ - groupManager.revokePermission(entry.getKey(), SubjectType.PERSON, resourceId, gResouceType, PermissionAction.READ); - }else if(entry.getValue().equals(ResourcePermissionType.WRITE)){ - groupManager.revokePermission(entry.getKey(), SubjectType.PERSON, resourceId, gResouceType, PermissionAction.WRITE); - }else{ - //Unsupported permission type - continue; - } + for(Map.Entry<String, ResourcePermissionType> userPermission : userPermissionList.entrySet()){ + if(userPermission.getValue().equals(ResourcePermissionType.WRITE)) + sharingRegistryServerHandler.revokeEntitySharingFromUsers(resourceId, + Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":" + "WRITE"); + else + sharingRegistryServerHandler.revokeEntitySharingFromUsers(resourceId, + Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":" + "READ"); } return true; } catch (Exception e) { @@ -3718,26 +3703,9 @@ public class AiravataServerHandler implements Airavata.Iface { @SecurityCheck public List<String> getAllAccessibleUsers(AuthzToken authzToken, String resourceId, ResourceType resourceType, ResourcePermissionType permissionType) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException { try { - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - org.apache.airavata.grouper.resource.ResourceType gResourceType; - if(resourceType.equals(ResourceType.PROJECT)){ - gResourceType = org.apache.airavata.grouper.resource.ResourceType.PROJECT; - }else if(resourceType.equals(ResourceType.EXPERIMENT)){ - gResourceType = org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT; - }else{ - throw new GroupManagerException("Unsupported Resource Type"); - } - - org.apache.airavata.grouper.permission.PermissionAction gPermissionType; - if(permissionType.equals(ResourcePermissionType.READ)){ - gPermissionType = PermissionAction.READ; - } else if (permissionType.equals(ResourcePermissionType.WRITE)){ - gPermissionType = PermissionAction.WRITE; - }else{ - throw new GroupManagerException("Unsupported Permission Type"); - } List<String> accessibleUsers = new ArrayList<>(); - accessibleUsers.addAll(groupManager.getAllAccessibleUsers(resourceId, gResourceType, gPermissionType)); + if(permissionType.equals(ResourcePermissionType.WRITE)) + sharingRegistryServerHandler.getListOfSharedUsers(resourceId, authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":WRITE").stream().forEach(u->accessibleUsers.add(u.userId)); return accessibleUsers; } catch (Exception e) { String msg = "Error in getting all accessible users for resource. Resource ID : " + resourceId + " Resource Type : " + resourceType.toString() ; @@ -3752,12 +3720,7 @@ public class AiravataServerHandler implements Airavata.Iface { @SecurityCheck public boolean createGroup(AuthzToken authzToken, GroupModel groupModel) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException { try { - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - Group group = new Group(); - group.setName(groupModel.getName()); - group.setDescription(groupModel.getDescription()); - group.setMembers(groupModel.getMembers()); - groupManager.createGroup(group); + throw new UnsupportedOperationException("Method not supported yet"); } catch (Exception e) { String msg = "Error Creating Group" ; logger.error(msg, e); @@ -3765,20 +3728,14 @@ public class AiravataServerHandler implements Airavata.Iface { exception.setMessage(msg + " More info : " + e.getMessage()); throw exception; } - return true; } @Override @SecurityCheck - public boolean updateGroup(AuthzToken authzToken, GroupModel groupModel) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException { + public boolean updateGroup(AuthzToken authzToken, GroupModel groupModel) throws InvalidRequestException, + AiravataClientException, AiravataSystemException, AuthorizationException, TException { try { - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - Group group = new Group(); - group.setId(groupModel.getId()); - group.setName(groupModel.getName()); - group.setDescription(groupModel.getDescription()); - group.setMembers(groupModel.getMembers()); - groupManager.updateGroup(group); + throw new UnsupportedOperationException("Method not supported yet"); } catch (Exception e) { String msg = "Error Updating Group" ; logger.error(msg, e); @@ -3786,15 +3743,14 @@ public class AiravataServerHandler implements Airavata.Iface { exception.setMessage(msg + " More info : " + e.getMessage()); throw exception; } - return true; } @Override @SecurityCheck - public boolean deleteGroup(AuthzToken authzToken, String groupId, String ownerId, String gatewayId) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException { + public boolean deleteGroup(AuthzToken authzToken, String groupId, String ownerId, String gatewayId) throws + InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException { try { - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - groupManager.deleteGroup(groupId, ownerId + "@" + gatewayId); + throw new UnsupportedOperationException("Method not supported yet"); } catch (Exception e) { String msg = "Error Deleting Group. Group ID: " + groupId ; logger.error(msg, e); @@ -3802,22 +3758,14 @@ public class AiravataServerHandler implements Airavata.Iface { exception.setMessage(msg + " More info : " + e.getMessage()); throw exception; } - return true; } @Override @SecurityCheck - public GroupModel getGroup(AuthzToken authzToken, String groupId) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException { + public GroupModel getGroup(AuthzToken authzToken, String groupId) throws InvalidRequestException, + AiravataClientException, AiravataSystemException, AuthorizationException, TException { try { - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - Group group = groupManager.getGroup(groupId); - GroupModel groupModel = new GroupModel(); - groupModel.setId(group.getId()); - groupModel.setName(group.getName()); - groupModel.setDescription(group.getDescription()); - groupModel.setMembers(group.getMembers()); - - return groupModel; + throw new UnsupportedOperationException("Method not supported yet"); } catch (Exception e) { String msg = "Error Retreiving Group. Group ID: " + groupId ; logger.error(msg, e); @@ -3829,21 +3777,10 @@ public class AiravataServerHandler implements Airavata.Iface { @Override @SecurityCheck - public List<GroupModel> getAllGroupsUserBelongs(AuthzToken authzToken, String userName, String gatewayId) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException { + public List<GroupModel> getAllGroupsUserBelongs(AuthzToken authzToken, String userName, String gatewayId) + throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException { try { - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - List<Group> userGroups = groupManager.getAllGroupsUserBelongs(userName+"@"+gatewayId); - List<GroupModel> groupModels = new ArrayList<>(); - userGroups.stream().forEach(group->{ - GroupModel groupModel = new GroupModel(); - groupModel.setId(group.getId()); - groupModel.setName(group.getName()); - groupModel.setDescription(group.getDescription()); - groupModel.setMembers(group.getMembers()); - - groupModels.add(groupModel); - }); - return groupModels; + throw new UnsupportedOperationException("Method not supported yet"); } catch (Exception e) { String msg = "Error Retreiving All Groups for User. User ID: " + userName ; logger.error(msg, e); @@ -3853,115 +3790,6 @@ public class AiravataServerHandler implements Airavata.Iface { } } - @Override - public boolean isDataSharingEnabled() throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException { - try { - return ServerSettings.isEnableSharing(); - } catch (ApplicationSettingsException e) { - AiravataSystemException exception = new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR); - exception.setMessage( e.getMessage()); - throw exception; - } - } - - private void initializeResourceWithGrouper(String resourceId, ResourceType resourceType) throws RegistryServiceException, GroupManagerException, TException, ApplicationSettingsException { - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - if(resourceType.equals(ResourceType.PROJECT)){ - Project project = (Project) getRegistryServiceClient().getProject(resourceId); - - Resource projectResource = new Resource(project.getProjectID(), org.apache.airavata.grouper.resource.ResourceType.PROJECT); - projectResource.setName(project.getName()); - projectResource.setDescription(project.getDescription()); - projectResource.setOwnerId(project.getOwner()+"@"+project.getGatewayId()); - groupManager.createResource(projectResource); - - }else if(resourceType.equals(ResourceType.EXPERIMENT)){ - ExperimentModel experiment = getRegistryServiceClient().getExperiment(resourceId); - if(!isResourceExistsInGrouper(experiment.getProjectId(), ResourceType.PROJECT)){ - initializeResourceWithGrouper(experiment.getProjectId(), ResourceType.PROJECT); - } - Resource experimentResource = new Resource(experiment.getExperimentId(), org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT); - experimentResource.setName(experiment.getExperimentName()); - experimentResource.setDescription(experiment.getDescription()); - experimentResource.setParentResourceId(experiment.getProjectId()); - experimentResource.setOwnerId(experiment.getUserName()+"@"+experiment.getGatewayId()); - groupManager.createResource(experimentResource); - }else{ - throw new GroupManagerException("Unsupported Resource Type"); - } - - } - - private boolean isResourceExistsInGrouper(String resourceId, ResourceType resourceType) throws GroupManagerException { - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - if(resourceType.equals(ResourceType.PROJECT)){ - return groupManager.isResourceRegistered(resourceId, org.apache.airavata.grouper.resource.ResourceType.PROJECT); - }else if(resourceType.equals(ResourceType.EXPERIMENT)){ - return groupManager.isResourceRegistered(resourceId, org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT); - }else{ - throw new GroupManagerException("Unsupported Resource Type"); - } - - } - - private boolean hasPermission(String userId, String resourceId, ResourceType resourceType, ResourcePermissionType permissionType) - throws GroupManagerException, TException, ApplicationSettingsException { - if(!isResourceExistsInGrouper(resourceId, resourceType)){ - initializeResourceWithGrouper(resourceId, resourceType); - } - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - org.apache.airavata.grouper.resource.ResourceType gResourceType; - if(resourceType.equals(ResourceType.PROJECT)){ - gResourceType = org.apache.airavata.grouper.resource.ResourceType.PROJECT; - }else if(resourceType.equals(ResourceType.EXPERIMENT)){ - gResourceType = org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT; - }else{ - throw new GroupManagerException("Unsupported Resource Type"); - } - - org.apache.airavata.grouper.permission.PermissionAction gPermissionType; - if(permissionType.equals(ResourcePermissionType.READ)){ - gPermissionType = PermissionAction.READ; - } else if (permissionType.equals(ResourcePermissionType.WRITE)){ - gPermissionType = PermissionAction.WRITE; - }else{ - throw new GroupManagerException("Unsupported Permission Type"); - } - Set<String> accessibleUsers = groupManager.getAllAccessibleUsers(resourceId, gResourceType, gPermissionType); - return accessibleUsers.contains(userId); - } - - private List<String> getAllAccessibleResourcesForUser(String userId, ResourceType resourceType, ResourcePermissionType permissionType) - throws GroupManagerException, TException, ApplicationSettingsException { - if(!getRegistryServiceClient().isUserExists(userId.split("@")[1], userId.split("@")[0])){ - //user is still not initialized in the sistem - return new ArrayList<>(); - } - - GroupManagerCPI groupManager = GroupManagerFactory.getGroupManager(); - org.apache.airavata.grouper.resource.ResourceType gResourceType; - if(resourceType.equals(ResourceType.PROJECT)){ - gResourceType = org.apache.airavata.grouper.resource.ResourceType.PROJECT; - }else if(resourceType.equals(ResourceType.EXPERIMENT)){ - gResourceType = org.apache.airavata.grouper.resource.ResourceType.EXPERIMENT; - }else{ - throw new GroupManagerException("Unsupported Resource Type"); - } - - org.apache.airavata.grouper.permission.PermissionAction gPermissionType; - if(permissionType.equals(ResourcePermissionType.READ)){ - gPermissionType = PermissionAction.READ; - } else if (permissionType.equals(ResourcePermissionType.WRITE)){ - gPermissionType = PermissionAction.WRITE; - }else{ - throw new GroupManagerException("Unsupported Permission Type"); - } - - List<String> allAccessibleResources = groupManager.getAccessibleResourcesForUser(userId, gResourceType, gPermissionType); - return allAccessibleResources; - } - - private void submitExperiment(String gatewayId,String experimentId) throws AiravataException { ExperimentSubmitEvent event = new ExperimentSubmitEvent(experimentId, gatewayId); MessageContext messageContext = new MessageContext(event, MessageType.EXPERIMENT, "LAUNCH.EXP-" + UUID.randomUUID().toString(), gatewayId);
