Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add publicProject and userPermission to Project #1966

Merged
merged 4 commits into from
Oct 10, 2023
Merged

add publicProject and userPermission to Project #1966

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d61de8b
add publicProject and userPermission to Project
bigglesandginger Oct 6, 2023
864c579
use enums
bigglesandginger Oct 6, 2023
7631f4f
Merge remote-tracking branch 'origin/main' into 1963-feat-add-project…
bigglesandginger Oct 10, 2023
bef8cc0
refactor names for "clarity"
bigglesandginger Oct 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 12 additions & 6 deletions .../java/software/uncharted/terarium/hmiserver/controller/dataservice/ProjectController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,15 +48,14 @@ public ResponseEntity<List<Project>> getProjects(
if (projects == null) {
return ResponseEntity.noContent().build();
}

RebacUser rebacUser = new RebacUser(currentUserService.getToken().getSubject(), reBACService);
// Remove non-active (soft-deleted) projects

projects = projects
.stream()
.filter(Project::getActive)
.filter(project -> {
try {
return new RebacUser(currentUserService.getToken().getSubject(), reBACService).canRead(new RebacProject(project.getProjectID(), reBACService));
return rebacUser.canRead(new RebacProject(project.getProjectID(), reBACService));
} catch (Exception e) {
log.error("Error getting user's permissions for project", e);
return false;
Expand All @@ -68,6 +67,10 @@ public ResponseEntity<List<Project>> getProjects(
try {
List<AssetType> assetTypes = Arrays.asList(AssetType.datasets, AssetType.models, AssetType.publications);

RebacProject rebacProject = new RebacProject(project.getProjectID(), reBACService);
project.setPublicProject(rebacProject.isPublic());
project.setUserPermission(rebacUser.getPermissionFor(rebacProject));

Assets assets = proxy.getAssets(project.getProjectID(), assetTypes).getBody();
Map<String, String> metadata = new HashMap<>();
metadata.put("datasets-count", assets.getDatasets() == null ? "0" : String.valueOf(assets.getDatasets().size()));
Expand All @@ -90,11 +93,14 @@ public ResponseEntity<List<Project>> getProjects(
public ResponseEntity<Project> getProject(
@PathVariable("id") final String id
) {

try {
RebacUser rebacUser = new RebacUser(currentUserService.getToken().getSubject(), reBACService);
RebacProject rebacProject = new RebacProject(id, reBACService);
if (new RebacUser(currentUserService.getToken().getSubject(), reBACService).canRead(rebacProject)) {
return ResponseEntity.ok(proxy.getProject(id).getBody());
if (rebacUser.canRead(rebacProject)) {
Project project = proxy.getProject(id).getBody();
project.setPublicProject(rebacProject.isPublic());
project.setUserPermission(rebacUser.getPermissionFor(rebacProject));
return ResponseEntity.ok(project);
}
return ResponseEntity.notFound().build();
} catch (Exception e) {
Expand Down
4 changes: 3 additions & 1 deletion ...n/java/software/uncharted/terarium/hmiserver/controller/permissions/GroupsController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,6 @@ public ResponseEntity<PermissionGroup> getGroup(
) {
try {
RebacGroup rebacGroup = new RebacGroup(groupId, reBACService);
PermissionGroup permissionGroup = reBACService.getGroup(groupId);
if (new RebacUser(currentUserService.getToken().getSubject(), reBACService).canRead(rebacGroup)) {
List<RebacPermissionRelationship> relationships = reBACService.getRelationships(rebacGroup.getSchemaObject());

Expand All @@ -53,9 +52,12 @@ public ResponseEntity<PermissionGroup> getGroup(
permissions.addUser(permissionRelationship.getSubjectId(), permissionRelationship.getRelationship());
} else if (permissionRelationship.getSubjectType().equals(Schema.Type.GROUP)) {
permissions.addGroup(permissionRelationship.getSubjectId(), permissionRelationship.getRelationship());
} else if (permissionRelationship.getSubjectType().equals(Schema.Type.PROJECT)) {
permissions.addProject(permissionRelationship.getSubjectId(), permissionRelationship.getRelationship());
}
}

PermissionGroup permissionGroup = reBACService.getGroup(groupId);
return ResponseEntity.ok(permissionGroup);
}
return ResponseEntity.notFound().build();
Expand Down
6 changes: 6 additions & 0 deletions ...erver/src/main/java/software/uncharted/terarium/hmiserver/models/dataservice/Project.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,12 @@ public class Project implements Serializable {
@TSOptional
private List<Document> relatedDocuments;

@TSOptional
private Boolean publicProject;

@TSOptional
private String userPermission;

@Override
public String toString() {
return "Project: { id: " + this.projectID +
Expand Down
9 changes: 9 additions & 0 deletions ...e/uncharted/terarium/hmiserver/models/dataservice/permission/PermissionRelationships.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
public class PermissionRelationships {
private List<Group> groups = new ArrayList<>();
private List<User> users = new ArrayList<>();
private List<Project>projects = new ArrayList<>();

public void addUser(String id, Schema.Relationship relationship) {
users.add(new User(id, relationship.toString()));
Expand All @@ -17,11 +18,19 @@ public void addGroup(String id, Schema.Relationship relationship) {
groups.add(new Group(id, relationship.toString()));
}

public void addProject(String id, Schema.Relationship relationship) {
projects.add(new Project(id, relationship.toString()));
}

public List<Group> getGroups() {
return groups;
}

public List<User> getUsers() {
return users;
}

public List<Project> getProjects() {
return projects;
}
}
20 changes: 20 additions & 0 deletions ...ain/java/software/uncharted/terarium/hmiserver/models/dataservice/permission/Project.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package software.uncharted.terarium.hmiserver.models.dataservice.permission;

public class Project {
bigglesandginger marked this conversation as resolved.
Show resolved Hide resolved
private String id;
private String relationship;

public Project(String id, String relationship) {
this.id = id;
this.relationship = relationship;
}

public String getId() {
return id;
}

public String getRelationship() {
return relationship;
}

}
32 changes: 25 additions & 7 deletions ...erver/src/main/java/software/uncharted/terarium/hmiserver/utils/rebac/ReBACFunctions.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,18 +119,18 @@ public String removeRelationship(String subjectType, String subjectId, String re
}

public List<RebacPermissionRelationship> getRelationship(SchemaObject resource, Consistency consistency) throws Exception {
return getRelationship(resource.type.toString(), resource.id, consistency);
}

public List<RebacPermissionRelationship> getRelationship(String resourceType, String resourceId, Consistency consistency) throws Exception {
List<RebacPermissionRelationship> relationships = new ArrayList<>();
PermissionService.ReadRelationshipsRequest request = PermissionService.ReadRelationshipsRequest.newBuilder()
.setConsistency(consistency)
.setRelationshipFilter(
RelationshipFilter.newBuilder()
.setResourceType(resourceType)
.setOptionalResourceId(resourceId))
.setResourceType(resource.type.toString())
bigglesandginger marked this conversation as resolved.
Show resolved Hide resolved
.setOptionalResourceId(resource.id))
.build();
return getRelationship(request);
}

public List<RebacPermissionRelationship> getRelationship(PermissionService.ReadRelationshipsRequest request) throws Exception {
List<RebacPermissionRelationship> relationships = new ArrayList<>();

Iterator<ReadRelationshipsResponse> iter = permissionsService.readRelationships(request);

Expand All @@ -143,4 +143,22 @@ public List<RebacPermissionRelationship> getRelationship(String resourceType, St
}
return relationships;
}

public boolean hasRelationship(SchemaObject who, Schema.Relationship relationship, SchemaObject what, Consistency consistency) throws Exception {
PermissionService.ReadRelationshipsRequest request = PermissionService.ReadRelationshipsRequest.newBuilder()
.setConsistency(consistency)
.setRelationshipFilter(
RelationshipFilter.newBuilder()
.setResourceType(what.type.toString())
.setOptionalResourceId(what.id)
.setOptionalRelation(relationship.toString()))
.build();
List<RebacPermissionRelationship> relationships = getRelationship(request);
for (RebacPermissionRelationship permissionRelationship: relationships) {
if (Schema.Type.USER.equals(permissionRelationship.getSubjectType()) && who.id.equals(permissionRelationship.getSubjectId())) {
return true;
}
}
return false;
}
}
12 changes: 9 additions & 3 deletions .../server/src/main/java/software/uncharted/terarium/hmiserver/utils/rebac/ReBACService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,9 @@ public class ReBACService {
private final SchemaManager schemaManager = new SchemaManager();

public static final String PUBLIC_GROUP_NAME = "Public";
public static String PUBLIC_GROUP_ID;
public String PUBLIC_GROUP_ID;
public static final String ASKEM_ADMIN_GROUP_NAME = "ASKEM Admins";
public static String ASKEM_ADMIN_GROUP_ID;
public String ASKEM_ADMIN_GROUP_ID;


@PostConstruct
Expand Down Expand Up @@ -142,7 +142,7 @@ void startup() throws Exception {
private String getGroupId(String name) {
List<GroupRepresentation> groups = keycloak.realm(REALM_NAME).groups().groups(name, true, 0, Integer.MAX_VALUE, true);
for (GroupRepresentation group : groups) {
if (group.getName().equals(group.getPath())) {
if (group.getPath().equals("/" + name)) {
return group.getId();
}
}
Expand Down Expand Up @@ -262,6 +262,12 @@ public boolean canAdministrate(SchemaObject who, SchemaObject what) throws Excep
return rebac.checkPermission(who, Schema.Permission.ADMINISTRATE, what, full);
}

public boolean isCreator(SchemaObject who, SchemaObject what) throws Exception {
Consistency full = Consistency.newBuilder().setFullyConsistent(true).build();
ReBACFunctions rebac = new ReBACFunctions(channel, spiceDbBearerToken);
return rebac.hasRelationship(who, Schema.Relationship.CREATOR, what, full);
}

public void createRelationship(SchemaObject who, SchemaObject what, Schema.Relationship relationship) throws Exception, RelationshipAlreadyExistsException {
ReBACFunctions rebac = new ReBACFunctions(channel, spiceDbBearerToken);
rebac.createRelationship(who, relationship, what);
Expand Down
12 changes: 12 additions & 0 deletions ...r/src/main/java/software/uncharted/terarium/hmiserver/utils/rebac/askem/RebacProject.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,16 @@ public void removePermissionRelationships(RebacObject who, String relationship)
Schema.Relationship relationshipEnum = Schema.Relationship.valueOf(relationship.toUpperCase());
reBACService.removeRelationship(who.getSchemaObject(), getSchemaObject(), relationshipEnum);
}

public boolean isPublic() throws Exception {
List<RebacPermissionRelationship> relationships = reBACService.getRelationships(getSchemaObject());
for (RebacPermissionRelationship relationship : relationships) {
if (relationship.getSubjectType().equals(Schema.Type.GROUP) && relationship.getSubjectId().equals(reBACService.PUBLIC_GROUP_ID)) {
if (relationship.getRelationship().equals(Schema.Relationship.READER) || relationship.getRelationship().equals(Schema.Relationship.WRITER)) {
return true;
}
}
}
return false;
}
}
13 changes: 13 additions & 0 deletions ...rver/src/main/java/software/uncharted/terarium/hmiserver/utils/rebac/askem/RebacUser.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,17 @@ public PermissionGroup addGroup(String name) throws Exception, RelationshipAlrea
reBACService.createRelationship(getSchemaObject(), new SchemaObject(Schema.Type.GROUP, group.getId()), Schema.Relationship.CREATOR);
return group;
}

public String getPermissionFor(RebacObject rebacObject) throws Exception {
if (reBACService.isCreator(getSchemaObject(), rebacObject.getSchemaObject())) {
return Schema.Relationship.CREATOR.toString();
} else if (canAdministrate(rebacObject)) {
return Schema.Relationship.ADMIN.toString();
} else if (canWrite(rebacObject)) {
return Schema.Relationship.WRITER.toString();
} else if (canRead(rebacObject)) {
return Schema.Relationship.READER.toString();
}
return "none";
}
}