Commit 1c1d6538 authored by redmitry@list.ru's avatar redmitry@list.ru

Dataset protection based on roles (i.e. "manager:xxx", "owner:yyy")

parent 1b516d19
......@@ -4,7 +4,7 @@
<groupId>es.bsc.inb.elixir</groupId>
<artifactId>openebench-rest-api</artifactId>
<version>0.1.0</version>
<version>0.2.0</version>
<packaging>war</packaging>
<name>OpenEBench Data Access API</name>
......@@ -45,7 +45,7 @@
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-servlet-filter-adapter</artifactId>
<version>10.0.1</version>
<version>11.0.2</version>
</dependency>
<dependency>
......
......@@ -69,7 +69,7 @@ public class OpenEBenchService {
@Inject
private Database dao;
@Path("/{path: .*}")
@OPTIONS
public Response compliance() {
......@@ -115,6 +115,23 @@ public class OpenEBenchService {
return Response.ok(stream).build();
}
@GET
@Path("/Privilege")
@PermitAll
@Produces(MediaType.APPLICATION_JSON)
public Response getPrivileges(@Context SecurityContext sc) {
StreamingOutput stream = (OutputStream out) -> {
try (Writer writer = new BufferedWriter(new OutputStreamWriter(out, "UTF-8"))) {
dao.write(writer, "Privilege");
} catch(Exception ex) {
Logger.getLogger(OpenEBenchService.class.getName()).log(Level.SEVERE, null, ex);
}
};
return Response.ok(stream, MediaType.APPLICATION_JSON).build();
}
@GET
@Path("/{collection}")
@PermitAll
......@@ -126,9 +143,13 @@ public class OpenEBenchService {
@Encoded final String collection) {
switch (collection) {
case "Reference": break;
case "Contact":
case "Community":
case "Tool":
case "Reference": break;
case "Challenge":
case "BenchmarkingEvent": break;
default: return Response.status(Status.FORBIDDEN).build();
}
......@@ -233,12 +254,9 @@ public class OpenEBenchService {
@Produces(MediaType.APPLICATION_JSON)
public Response getDatasets(@Context SecurityContext sc) {
final Principal principal = sc.getUserPrincipal();
final String email = principal != null ? principal.getName() : "";
StreamingOutput stream = (OutputStream out) -> {
try (Writer writer = new BufferedWriter(new OutputStreamWriter(out, "UTF-8"))) {
dao.getDatasets(writer, email);
dao.getDatasets(writer, sc);
} catch(Exception ex) {
Logger.getLogger(OpenEBenchService.class.getName()).log(Level.SEVERE, null, ex);
}
......@@ -256,10 +274,7 @@ public class OpenEBenchService {
example = "OEBD00200001FO")
@Encoded final String id) {
final Principal principal = sc.getUserPrincipal();
final String email = principal != null ? principal.getName() : "";
final String dataset = dao.getDataset(id, email);
final String dataset = dao.getDataset(id, sc);
if (dataset == null) {
return Response.status(Status.NOT_FOUND).build();
......
......@@ -2,9 +2,9 @@
"realm": "openebench",
"auth-server-url": "https://inb.bsc.es/auth",
"ssl-required": "external",
"resource": "oeb-authz",
"resource": "oeb-api-rest",
"public-client": true,
"use-resource-role-mappings": true,
"use-resource-role-mappings": false,
"enable-basic-auth": true,
"principal-attribute": "email"
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment