fixes #2580 again

GMOD · Feb 18, 2021 · b9c8e2d · b9c8e2d
1 parent b8c2d4b
commit b9c8e2d
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 10 deletions.
diff --git a/grails-app/controllers/org/bbop/apollo/OrganismController.groovy b/grails-app/controllers/org/bbop/apollo/OrganismController.groovy
@@ -1515,7 +1515,7 @@ class OrganismController {
   @RestApiParams(params = [
     @RestApiParam(name = "username", type = "email", paramType = RestApiParamType.QUERY)
     , @RestApiParam(name = "password", type = "password", paramType = RestApiParamType.QUERY)
-      , @RestApiParam(name = "showPublicOnly", type = "boolean", paramType = RestApiParamType.QUERY)
+    , @RestApiParam(name = "showPublicOnly", type = "boolean", paramType = RestApiParamType.QUERY)
     , @RestApiParam(name = "organism", type = "string", paramType = RestApiParamType.QUERY, description = "(optional) ID or commonName that can be used to uniquely identify an organism")
   ])
   @Transactional

diff --git a/grails-app/services/org/bbop/apollo/PermissionService.groovy b/grails-app/services/org/bbop/apollo/PermissionService.groovy
@@ -152,6 +152,16 @@ class PermissionService {
         return permissionEnums
     }
 
+    Set<PermissionEnum> getPermissionsFromString(Set<PermissionEnum> permissionEnums,String permissionsString){
+        JSONArray jsonArray = JSON.parse(permissionsString) as JSONArray
+        for (int i = 0; i < jsonArray.size(); i++) {
+            String permission = jsonArray.getString(i)
+            PermissionEnum permissionEnum = PermissionEnum.getValueForString(permission)
+            permissionEnums.add(permissionEnum)
+        }
+        return permissionEnums
+    }
+
 
     List<PermissionEnum> getOrganismPermissionsForUser(Organism organism, User user) {
         Set<PermissionEnum> permissions = new HashSet<>()
@@ -161,12 +171,7 @@ class PermissionService {
 
         List<UserOrganismPermission> userPermissionList = UserOrganismPermission.findAllByOrganismAndUser(organism, user)
         for (UserOrganismPermission userPermission in userPermissionList) {
-            JSONArray jsonArray = JSON.parse(userPermission.permissions) as JSONArray
-            for (int i = 0; i < jsonArray.size(); i++) {
-                String permission = jsonArray.getString(i)
-                PermissionEnum permissionEnum = PermissionEnum.getValueForString(permission)
-                permissions.add(permissionEnum)
-            }
+            getPermissionsFromString(permissions,userPermission.permissions)
         }
         if (user != null) {
             for (UserGroup group in user.userGroups) {
@@ -181,6 +186,30 @@ class PermissionService {
 
     }
 
+    List<PermissionEnum> getAllPermissionsForUser(User user) {
+        Set<PermissionEnum> permissions = new HashSet<>()
+        if (isUserGlobalAdmin(user)) {
+            permissions.addAll(PermissionEnum.ADMINISTRATE as List)
+        }
+
+        List<UserOrganismPermission> userPermissionList = UserOrganismPermission.findAllByUser(user)
+        for (UserOrganismPermission userPermission in userPermissionList) {
+            getPermissionsFromString(permissions,userPermission.permissions)
+        }
+        if (user != null) {
+            for (UserGroup group in user.userGroups) {
+//                permissions = mergeOrganismPermissions(permissions, getOrganismPermissionsForUserGroup(organism, group))
+                permissions = mergeOrganismPermissions(permissions, getPermissionsForUserGroup(group))
+            }
+        } else {
+            permissions.add(PermissionEnum.NONE)
+        }
+
+        return permissions as List
+
+    }
+
+
     List<PermissionEnum> getOrganismPermissionsForUserGroup(Organism organism, UserGroup userGroup) {
         Set<PermissionEnum> permissions = new HashSet<>()
 
@@ -196,6 +225,21 @@ class PermissionService {
         return permissions as List
     }
 
+    List<PermissionEnum> getPermissionsForUserGroup(UserGroup userGroup) {
+        Set<PermissionEnum> permissions = new HashSet<>()
+
+        List<GroupOrganismPermission> groupPermissionList = GroupOrganismPermission.findAllByGroup(userGroup)
+        for (GroupOrganismPermission groupPermission in groupPermissionList) {
+            JSONArray jsonArray = JSON.parse(groupPermission.permissions) as JSONArray
+            for (int i = 0; i < jsonArray.size(); i++) {
+                String permission = jsonArray.getString(i)
+                PermissionEnum permissionEnum = PermissionEnum.getValueForString(permission)
+                permissions.add(permissionEnum)
+            }
+        }
+        return permissions as List
+    }
+
 
     void setOrganismPermissionsForUser(List<PermissionEnum> permissions, Organism organism, User user, String token) {
 
@@ -397,7 +441,7 @@ class PermissionService {
             log.debug "required permission ${requiredPermissionEnum}"
             log.debug "highest value display ${highestValue.display}"
             log.debug "permission display ${requiredPermissionEnum.display}"
-            throw new AnnotationException("You have insufficient permissions [${highestValue.display} < ${requiredPermissionEnum.display}] to perform this operation")
+            throw new AnnotationException("A You have insufficient permissions ${highestValue.display} < ${requiredPermissionEnum.display} to perform this operation for this organism.")
         }
         return sequence
     }
@@ -447,7 +491,6 @@ class PermissionService {
         //def session = RequestContextHolder.currentRequestAttributes().getSession()
         String username = jsonObject.getString(FeatureStringEnum.USERNAME.value)
 
-
         User user = User.findByUsername(username)
 
         List<PermissionEnum> permissionEnums = getOrganismPermissionsForUser(organism, user)
@@ -589,8 +632,18 @@ class PermissionService {
             if (clientToken != FeatureStringEnum.IGNORE.value) {
                 preferenceService.setCurrentOrganism(getCurrentUser(), organism, clientToken)
             }
+            if(organism){
+                return checkPermissions(jsonObject, organism, permissionEnum)
+            }
+            else{
+                // make sure we have permissionsEnum for at least one organism
+                String username = jsonObject.getString(FeatureStringEnum.USERNAME.value)
+                User user = User.findByUsername(username)
+                List<PermissionEnum> permissionEnums = getAllPermissionsForUser(user)
+                PermissionEnum highestValue = findHighestEnum(permissionEnums)
+                return highestValue.rank >= permissionEnum.rank
+            }
 
-            return checkPermissions(jsonObject, organism, permissionEnum)
         } catch (e) {
             log.warn(e)
             return false