From 610af404b4ef390532b44d74d1fe1f85c07d81af Mon Sep 17 00:00:00 2001 From: rkboyce Date: Mon, 13 Feb 2023 14:44:19 +0000 Subject: [PATCH 01/17] helpful build steps --- Makefile | 55 ++++++++++--------------------------------------------- 1 file changed, 10 insertions(+), 45 deletions(-) diff --git a/Makefile b/Makefile index adb76d0ea7..b697bf96da 100644 --- a/Makefile +++ b/Makefile @@ -1,56 +1,21 @@ compile: - mvn clean - mvn compile -Pwebapi-postgresql-laertes + mvn clean build -DskipUnitTests -DskipITtests -s WebAPIConfig/settings.xml -P webapi-postgresql package: compile - mvn package -Pwebapi-postgresql-laertes + mvn clean package -DskipUnitTests -DskipITtests -s WebAPIConfig/settings.xml -P webapi-postgresql -deploy: package - sudo service tomcat7 stop - sleep 4 - sudo rm -rf /var/lib/tomcat7/webapps/WebAPI* - sudo cp -r target/WebAPI.war /var/lib/tomcat7/webapps/ - sudo chown tomcat7 /var/lib/tomcat7/webapps/WebAPI.war - sudo chgrp tomcat7 /var/lib/tomcat7/webapps/WebAPI.war - sudo service tomcat7 start +deploy: package + sudo /home/ubuntu/Downloads/apache-tomcat-8.5.84/bin/shutdown.sh + sudo mv /home/ubuntu/Downloads/apache-tomcat-8.5.84/webapps/WebAPI /tmp/WebAPI-FOLDER-`date +%m%d%H%S` + sudo mv /home/ubuntu/Downloads/apache-tomcat-8.5.84/webapps/WebAPI.war /tmp/WebAPI.war-`date +%m%d%H%S` + mv target/WebAPI.war /home/ubuntu/Downloads/apache-tomcat-8.5.84/webapps/ + sudo /home/ubuntu/Downloads/apache-tomcat-8.5.84/bin/startup.sh git-push: - git push myfork master + git push test: - wget -O tests/test-general-evidence.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/752061" - wget -O tests/test-drug-hoi.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/drughoi/752061-374013" - wget -O tests/test-drug.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/drug/752061" - wget -O tests/test-hoi.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/hoi/320073" - wget -O tests/test-info.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/info" - wget -O tests/test-drug-hoi-eu-spc.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/drughoi/904351-4190045" - wget -O tests/test-drug-hoi-splicer.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/drughoi/19133853-195588" - wget -O tests/test-drug-hoi-faers-counts-and-signals.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/drughoi/1154343-433031" - wget -O tests/test-drug-hoi-pubmed-mesh-cr.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/drughoi/1154343-433031" - wget -O tests/test-drug-hoi-pubmed-mesh-clin-trial.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/drughoi/789578-378144" - wget -O tests/test-drug-hoi-pubmed-mesh-other.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/drughoi/19010482-316866" - wget -O tests/test-drug-hoi-semmed-cr.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/drughoi/1112807-441202" - wget -O tests/test-drug-hoi-semmed-clin-trial.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/drughoi/19059744-381591" - wget -O tests/test-drug-rollup-ingredient.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/drugrollup/ingredient/1000632" - wget -O tests/test-drug-rollup-clin-drug.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/drugrollup/clinicaldrug/19074181" - wget -O tests/test-drug-rollup-branded-drug.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/drugrollup/brandeddrug/1000640" - wget -O tests/test-rdf-evidencesummary.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/evidencesummary?conditionID=139900&drugID=1115008&evidenceGroup=Literature" - wget -O tests/test-rdf-evidencedetails.json "http://localhost:8080/WebAPI/LAERTES_CDM/evidence/evidencedetails?conditionID=24134&drugID=1115008&evidenceType=SPL_SPLICER_ADR" + wget -O /tmp/tests/test-drug-rollup-branded-drug.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drugrollup/brandeddrug/1000640" test-public: - wget -O tests/test-general-evidence.json "http://api.ohdsi.org/WebAPI/CS1/evidence/1000640" - wget -O /tmp/tests/test-drug-hoi.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drughoi/1000640-137682" - wget -O /tmp/tests/test-drug.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drug/1000640" - wget -O /tmp/tests/test-hoi.json "http://api.ohdsi.org/WebAPI/CS1/evidence/hoi/320073" - wget -O /tmp/tests/test-info.json "http://api.ohdsi.org/WebAPI/CS1/evidence/info" - wget -O /tmp/tests/test-drug-hoi-eu-spc.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drughoi/40239056-75053" - wget -O /tmp/tests/test-drug-hoi-splicer.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drughoi/19133853-195588" - wget -O /tmp/tests/test-drug-hoi-faers-counts-and-signals.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drughoi/1154343-433031" - wget -O /tmp/tests/test-drug-hoi-pubmed-mesh-cr.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drughoi/1154343-433031" - wget -O /tmp/tests/test-drug-hoi-pubmed-mesh-clin-trial.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drughoi/789578-378144" - wget -O /tmp/tests/test-drug-hoi-pubmed-mesh-other.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drughoi/19010482-316866" - wget -O /tmp/tests/test-drug-hoi-semmed-cr.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drughoi/1782521-45612000" - wget -O /tmp/tests/test-drug-hoi-semmed-clin-trial.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drughoi/1303425-45616736" - wget -O /tmp/tests/test-drug-rollup-ingredient.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drugrollup/ingredient/1000632" - wget -O /tmp/tests/test-drug-rollup-clin-drug.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drugrollup/clinicaldrug/19074181" wget -O /tmp/tests/test-drug-rollup-branded-drug.json "http://api.ohdsi.org/WebAPI/CS1/evidence/drugrollup/brandeddrug/1000640" From b792094288c0434f6a9aabb0a5c41af59609649c Mon Sep 17 00:00:00 2001 From: rkboyce Date: Sun, 5 Mar 2023 08:04:35 +0000 Subject: [PATCH 02/17] This is the first working filtration of the conceptset lists so that a user only sees what their role has permission to read. This initial commit has a big issue in that a person who authors a conceptset cannot see the concept set unless a new permission is added. To be fixed. --- .gitignore | 1 + Makefile | 14 ++--- .../webapi/security/PermissionService.java | 52 +++++++++++++++++++ .../model/ConceptSetPermissionSchema.java | 8 ++- .../webapi/service/ConceptSetService.java | 35 +++++++++---- .../webapi/service/dto/CommonEntityDTO.java | 10 ++++ src/main/resources/application.properties | 1 + 7 files changed, 104 insertions(+), 17 deletions(-) diff --git a/.gitignore b/.gitignore index fb437d4ca8..05185b5352 100644 --- a/.gitignore +++ b/.gitignore @@ -12,6 +12,7 @@ sandbox/ /nbactions*.xml *~ .DS_Store +.factorypath ### Developer's personal properties ### **/resources/config/application*-dev-*.properties diff --git a/Makefile b/Makefile index b697bf96da..57acfc00e3 100644 --- a/Makefile +++ b/Makefile @@ -1,15 +1,15 @@ compile: - mvn clean build -DskipUnitTests -DskipITtests -s WebAPIConfig/settings.xml -P webapi-postgresql + mvn clean compile -DskipUnitTests -DskipITtests -s WebAPIConfig/settings.xml -P webapi-postgresql package: compile - mvn clean package -DskipUnitTests -DskipITtests -s WebAPIConfig/settings.xml -P webapi-postgresql + mvn package -DskipUnitTests -DskipITtests -s WebAPIConfig/settings.xml -P webapi-postgresql deploy: package - sudo /home/ubuntu/Downloads/apache-tomcat-8.5.84/bin/shutdown.sh - sudo mv /home/ubuntu/Downloads/apache-tomcat-8.5.84/webapps/WebAPI /tmp/WebAPI-FOLDER-`date +%m%d%H%S` - sudo mv /home/ubuntu/Downloads/apache-tomcat-8.5.84/webapps/WebAPI.war /tmp/WebAPI.war-`date +%m%d%H%S` - mv target/WebAPI.war /home/ubuntu/Downloads/apache-tomcat-8.5.84/webapps/ - sudo /home/ubuntu/Downloads/apache-tomcat-8.5.84/bin/startup.sh + /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/bin/shutdown.sh + mv /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/webapps/WebAPI /tmp/WebAPI-FOLDER-`date +%m%d%H%S` + mv /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/webapps/WebAPI.war /tmp/WebAPI.war-`date +%m%d%H%S` + mv target/WebAPI.war /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/webapps/ + /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/bin/startup.sh git-push: git push diff --git a/src/main/java/org/ohdsi/webapi/security/PermissionService.java b/src/main/java/org/ohdsi/webapi/security/PermissionService.java index b3ec2f7e5c..e2cb4c1ca4 100644 --- a/src/main/java/org/ohdsi/webapi/security/PermissionService.java +++ b/src/main/java/org/ohdsi/webapi/security/PermissionService.java @@ -136,6 +136,8 @@ public Map getPermissionTemplates(EntityPermissionSchema permiss switch (accessType) { case WRITE: return permissionSchema.getWritePermissions(); + case READ: + return permissionSchema.getReadPermissions(); default: throw new UnsupportedOperationException(); } @@ -227,6 +229,25 @@ public List getRolesHavingPermissions(EntityType entityType, Number id) return roles; } + public List getRolesHavingReadPermissions(EntityType entityType, Number id) { + Set permissionTemplates = getTemplatesForType(entityType, AccessType.READ).keySet(); + preparePermissionCache(entityType, permissionTemplates); + + List permissions = permissionTemplates.stream() + .map(pt -> getPermission(pt, id)) + .collect(Collectors.toList()); + int fitCount = permissions.size(); + Map roleMap = permissions.stream() + .filter(p -> permissionCache.get().get(entityType).get(p) != null) + .flatMap(p -> permissionCache.get().get(entityType).get(p).stream()) + .collect(Collectors.groupingBy(Function.identity(), Collectors.counting())); + List roles = roleMap.entrySet().stream() + .filter(es -> es.getValue() == fitCount) + .map(es -> es.getKey()) + .collect(Collectors.toList()); + return roles; + } + public void clearPermissionCache() { this.permissionCache.set(new ConcurrentHashMap<>()); } @@ -255,11 +276,42 @@ public boolean hasWriteAccess(CommonEntity entity) { return hasAccess; } + + public boolean hasReadAccess(CommonEntity entity) { + boolean hasAccess = false; + if (securityEnabled && entity.getCreatedBy() != null) { + try { + String login = this.permissionManager.getSubjectName(); + UserSimpleAuthorizationInfo authorizationInfo = this.permissionManager.getAuthorizationInfo(login); + if (!Objects.equals(authorizationInfo.getUserId(), entity.getCreatedBy().getId())) { + EntityType entityType = entityPermissionSchemaResolver.getEntityType(entity.getClass()); + + List roles = getRolesHavingReadPermissions(entityType, entity.getId()); + + Collection userRoles = authorizationInfo.getRoles(); + hasAccess = roles.stream() + .anyMatch(r -> userRoles.stream() + .anyMatch(re -> re.equals(r.getName()))); + } + } catch (Exception e) { + logger.error("Error getting user roles and permissions", e); + throw new RuntimeException(e); + } + } + return hasAccess; + } + public void fillWriteAccess(CommonEntity entity, CommonEntityDTO entityDTO) { if (securityEnabled && entity.getCreatedBy() != null) { entityDTO.setHasWriteAccess(hasWriteAccess(entity)); } } + + public void fillReadAccess(CommonEntity entity, CommonEntityDTO entityDTO) { + if (securityEnabled && entity.getCreatedBy() != null) { + entityDTO.setHasReadAccess(hasReadAccess(entity)); + } + } public boolean isSecurityEnabled() { return this.securityEnabled; diff --git a/src/main/java/org/ohdsi/webapi/security/model/ConceptSetPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/ConceptSetPermissionSchema.java index 846cbc9b0c..9a5122d964 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/ConceptSetPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/ConceptSetPermissionSchema.java @@ -14,8 +14,14 @@ public class ConceptSetPermissionSchema extends EntityPermissionSchema { put("conceptset:%s:delete", "Delete Concept Set with ID = %s"); }}; + private static Map readPermissions = new HashMap() {{ + put("conceptset:%s:get", "view cohort definition with id %s"); + put("conceptset:%s:expression:get", "Resolve concept set %s expression"); + put("conceptset:%s:version:*:expression:get", "Get expression for concept set %s items for default source"); + }}; + public ConceptSetPermissionSchema() { - super(EntityType.CONCEPT_SET, new HashMap<>(), writePermissions); + super(EntityType.CONCEPT_SET, readPermissions, writePermissions); } } diff --git a/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java b/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java index 1186a22445..cd4e3d06cb 100644 --- a/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java +++ b/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java @@ -58,6 +58,7 @@ import org.ohdsi.webapi.versioning.service.VersionService; import org.ohdsi.webapi.vocabulary.Concept; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.core.convert.support.GenericConversionService; import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.stereotype.Component; @@ -103,6 +104,9 @@ public class ConceptSetService extends AbstractDaoService implements HasTags versionService; + @Value("#{'${security.conceptsetsauthview}'.equals('True')}") + private boolean conceptsetsauthview; + public static final String COPY_NAME = "copyName"; /** @@ -131,15 +135,28 @@ public ConceptSetDTO getConceptSet(@PathParam("id") final int id) { @Path("/") @Produces(MediaType.APPLICATION_JSON) public Collection getConceptSets() { - return getTransactionTemplate().execute(transactionStatus -> - StreamSupport.stream(getConceptSetRepository().findAll().spliterator(), false) - .map(conceptSet -> { - ConceptSetDTO dto = conversionService.convert(conceptSet, ConceptSetDTO.class); - permissionService.fillWriteAccess(conceptSet, dto); - return dto; - }) - .collect(Collectors.toList()) - ); + if (conceptsetsauthview == false) { // don't filter based on read permissions + return getTransactionTemplate().execute( + transactionStatus -> StreamSupport.stream(getConceptSetRepository().findAll().spliterator(), false) + .map(conceptSet -> { + ConceptSetDTO dto = conversionService.convert(conceptSet, ConceptSetDTO.class); + permissionService.fillWriteAccess(conceptSet, dto); + permissionService.fillReadAccess(conceptSet, dto); + return dto; + }) + .collect(Collectors.toList())); + } else { // filter out conceptsets that the user does not have read access to + return getTransactionTemplate().execute( + transactionStatus -> StreamSupport.stream(getConceptSetRepository().findAll().spliterator(), false) + .filter(candidateConceptSet -> permissionService.hasReadAccess(candidateConceptSet)) + .map(conceptSet -> { + ConceptSetDTO dto = conversionService.convert(conceptSet, ConceptSetDTO.class); + permissionService.fillWriteAccess(conceptSet, dto); + permissionService.fillReadAccess(conceptSet, dto); + return dto; + }) + .collect(Collectors.toList())); + } } /** diff --git a/src/main/java/org/ohdsi/webapi/service/dto/CommonEntityDTO.java b/src/main/java/org/ohdsi/webapi/service/dto/CommonEntityDTO.java index 5a33780593..287894aef9 100644 --- a/src/main/java/org/ohdsi/webapi/service/dto/CommonEntityDTO.java +++ b/src/main/java/org/ohdsi/webapi/service/dto/CommonEntityDTO.java @@ -17,7 +17,9 @@ public abstract class CommonEntityDTO implements CommonDTO { private Date createdDate; @JsonProperty(access = JsonProperty.Access.READ_ONLY) private Date modifiedDate; + private boolean hasWriteAccess; + private boolean hasReadAccess; public UserDTO getCreatedBy() { return createdBy; @@ -58,4 +60,12 @@ public boolean isHasWriteAccess() { public void setHasWriteAccess(boolean hasWriteAccess) { this.hasWriteAccess = hasWriteAccess; } + + public boolean isHasReadAccess() { + return hasReadAccess; + } + + public void setHasReadAccess(boolean hasReadAccess) { + this.hasReadAccess = hasReadAccess; + } } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 8143a3b9f9..72b31b3039 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -107,6 +107,7 @@ csrf.disable=true sparql.endpoint=http://virtuoso.ohdsi.org:8890/sparql?default-graph-uri=&query= +security.conceptsetsauthview=${security.conceptsetsauthview} security.provider=${security.provider} security.cors.enabled=${security.cors.enabled} security.token.expiration=${security.token.expiration} From 1762c703b2e376aae6ef697ebb1a5c7160381e7f Mon Sep 17 00:00:00 2001 From: rkboyce Date: Fri, 24 Mar 2023 19:52:21 +0000 Subject: [PATCH 03/17] fixed issue where the creator of an artifact was skipped as having READ access --- Makefile | 4 ++-- .../ohdsi/webapi/security/PermissionController.java | 13 +++++++++---- .../ohdsi/webapi/security/PermissionService.java | 8 ++++++-- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 57acfc00e3..a84f1c571b 100644 --- a/Makefile +++ b/Makefile @@ -6,8 +6,8 @@ package: compile deploy: package /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/bin/shutdown.sh - mv /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/webapps/WebAPI /tmp/WebAPI-FOLDER-`date +%m%d%H%S` - mv /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/webapps/WebAPI.war /tmp/WebAPI.war-`date +%m%d%H%S` + mv /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/webapps/WebAPI /mnt/disk1/webapi-dev-tmp/WebAPI-FOLDER-`date +%m%d%H%S` + mv /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/webapps/WebAPI.war /mnt/disk1/webapi-dev-tmp/WebAPI.war-`date +%m%d%H%S` mv target/WebAPI.war /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/webapps/ /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/bin/startup.sh diff --git a/src/main/java/org/ohdsi/webapi/security/PermissionController.java b/src/main/java/org/ohdsi/webapi/security/PermissionController.java index 7a1bd26c4c..8054288e69 100644 --- a/src/main/java/org/ohdsi/webapi/security/PermissionController.java +++ b/src/main/java/org/ohdsi/webapi/security/PermissionController.java @@ -92,17 +92,22 @@ public List listAccessesForEntity(@QueryParam("roleSearch") String role * @throws Exception */ @GET - @Path("/access/{entityType}/{entityId}") + @Path("/access/{entityType}/{entityId}/{role}") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) public List listAccessesForEntity( @PathParam("entityType") EntityType entityType, - @PathParam("entityId") Integer entityId + @PathParam("entityId") Integer entityId, + @PathParam("role") String role ) throws Exception { permissionService.checkCommonEntityOwnership(entityType, entityId); - - Set permissionTemplates = permissionService.getTemplatesForType(entityType, AccessType.WRITE).keySet(); + Set permissionTemplates = null; + if (role == "WRITE") { + permissionTemplates = permissionService.getTemplatesForType(entityType, AccessType.WRITE).keySet(); + } else { + permissionTemplates = permissionService.getTemplatesForType(entityType, AccessType.READ).keySet(); + } List permissions = permissionTemplates .stream() diff --git a/src/main/java/org/ohdsi/webapi/security/PermissionService.java b/src/main/java/org/ohdsi/webapi/security/PermissionService.java index e2cb4c1ca4..3f11454db6 100644 --- a/src/main/java/org/ohdsi/webapi/security/PermissionService.java +++ b/src/main/java/org/ohdsi/webapi/security/PermissionService.java @@ -258,7 +258,9 @@ public boolean hasWriteAccess(CommonEntity entity) { try { String login = this.permissionManager.getSubjectName(); UserSimpleAuthorizationInfo authorizationInfo = this.permissionManager.getAuthorizationInfo(login); - if (!Objects.equals(authorizationInfo.getUserId(), entity.getCreatedBy().getId())) { + if (Objects.equals(authorizationInfo.getUserId(), entity.getCreatedBy().getId())) { + hasAccess = true; // the role is the one that created the artifact + } else { EntityType entityType = entityPermissionSchemaResolver.getEntityType(entity.getClass()); List roles = getRolesHavingPermissions(entityType, entity.getId()); @@ -283,7 +285,9 @@ public boolean hasReadAccess(CommonEntity entity) { try { String login = this.permissionManager.getSubjectName(); UserSimpleAuthorizationInfo authorizationInfo = this.permissionManager.getAuthorizationInfo(login); - if (!Objects.equals(authorizationInfo.getUserId(), entity.getCreatedBy().getId())) { + if (Objects.equals(authorizationInfo.getUserId(), entity.getCreatedBy().getId())){ + hasAccess = true; // the role is the one that created the artifact + } else { EntityType entityType = entityPermissionSchemaResolver.getEntityType(entity.getClass()); List roles = getRolesHavingReadPermissions(entityType, entity.getId()); From b8f522002af6e48d2ceba260421f0c2eb4d4415a Mon Sep 17 00:00:00 2001 From: rkboyce Date: Tue, 20 Jun 2023 18:21:37 +0000 Subject: [PATCH 04/17] changed the name, data type, and location for the configuration option used to tell the WebAPI to do filtering based on READ permissions. The new property is called security.defaultGlobalReadPermissions --- pom.xml | 6 ++++++ .../java/org/ohdsi/webapi/service/ConceptSetService.java | 8 +++++--- src/main/resources/application.properties | 3 ++- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index b4ef035fea..af7a6c5fdb 100644 --- a/pom.xml +++ b/pom.xml @@ -192,6 +192,12 @@ true authDataSource + + + + + false + 8080 diff --git a/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java b/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java index cd4e3d06cb..9ef2b7771e 100644 --- a/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java +++ b/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java @@ -104,8 +104,10 @@ public class ConceptSetService extends AbstractDaoService implements HasTags versionService; - @Value("#{'${security.conceptsetsauthview}'.equals('True')}") - private boolean conceptsetsauthview; + // @Value("#{'${security.conceptsetsauthview}'.equals('True')}") + @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") + // private boolean conceptsetsauthview; + private boolean defaultglobalreadpermissions; public static final String COPY_NAME = "copyName"; @@ -135,7 +137,7 @@ public ConceptSetDTO getConceptSet(@PathParam("id") final int id) { @Path("/") @Produces(MediaType.APPLICATION_JSON) public Collection getConceptSets() { - if (conceptsetsauthview == false) { // don't filter based on read permissions + if (defaultglobalreadpermissions == true) { // don't filter based on read permissions return getTransactionTemplate().execute( transactionStatus -> StreamSupport.stream(getConceptSetRepository().findAll().spliterator(), false) .map(conceptSet -> { diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 4891308c74..946f762193 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -107,7 +107,8 @@ csrf.disable=true sparql.endpoint=http://virtuoso.ohdsi.org:8890/sparql?default-graph-uri=&query= -security.conceptsetsauthview=${security.conceptsetsauthview} +#security.conceptsetsauthview=${security.conceptsetsauthview} +security.defaultglobalreadpermissions=${security.defaultGlobalReadPermissions} security.provider=${security.provider} security.cors.enabled=${security.cors.enabled} security.token.expiration=${security.token.expiration} From c9b63ead3f24e932f7a441b1a5b2f4acb24c5860 Mon Sep 17 00:00:00 2001 From: rkboyce Date: Tue, 20 Jun 2023 18:23:07 +0000 Subject: [PATCH 05/17] changed the name, data type, and location for the configuration option used to tell the WebAPI to do filtering based on READ permissions. The new property is called security.defaultGlobalReadPermissions --- pom.xml | 1 - src/main/java/org/ohdsi/webapi/service/ConceptSetService.java | 2 -- src/main/resources/application.properties | 1 - 3 files changed, 4 deletions(-) diff --git a/pom.xml b/pom.xml index af7a6c5fdb..f1bdb2d371 100644 --- a/pom.xml +++ b/pom.xml @@ -195,7 +195,6 @@ - false diff --git a/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java b/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java index 9ef2b7771e..0b0e0d0f00 100644 --- a/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java +++ b/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java @@ -104,9 +104,7 @@ public class ConceptSetService extends AbstractDaoService implements HasTags versionService; - // @Value("#{'${security.conceptsetsauthview}'.equals('True')}") @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") - // private boolean conceptsetsauthview; private boolean defaultglobalreadpermissions; public static final String COPY_NAME = "copyName"; diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 946f762193..8187ba3e67 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -107,7 +107,6 @@ csrf.disable=true sparql.endpoint=http://virtuoso.ohdsi.org:8890/sparql?default-graph-uri=&query= -#security.conceptsetsauthview=${security.conceptsetsauthview} security.defaultglobalreadpermissions=${security.defaultGlobalReadPermissions} security.provider=${security.provider} security.cors.enabled=${security.cors.enabled} From 477c46c5706a413e5fb401ed157c671c9845dde4 Mon Sep 17 00:00:00 2001 From: rkboyce Date: Sun, 25 Jun 2023 05:47:20 +0000 Subject: [PATCH 06/17] added draft READ permissions to the schemas and made partial progress on getting the cohortdefinition filtering to work. Still need to fix the case where another user grants read permission to a single cohort definition to another user and then that definition is visible. Currently, somehow, all definitions authored by the granting user are showing in the grantee's Atlas. Once worked out, the task will be to repeat the steps for every one of the following files: src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/ConceptSetPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/FeatureAnalysisPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/ReusablePermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/TagPermissionSchema.java --- ...ohortCharacterizationPermissionSchema.java | 9 ++++++ .../CohortDefinitionPermissionSchema.java | 8 ++++- .../model/ConceptSetPermissionSchema.java | 2 +- .../model/EstimationPermissionSchema.java | 6 ++++ .../FeatureAnalysisPermissionSchema.java | 7 ++++ .../model/IncidenceRatePermissionSchema.java | 8 +++++ .../PathwayAnalysisPermissionSchema.java | 16 ++++++++++ .../model/PredictionPermissionSchema.java | 6 ++++ .../model/ReusablePermissionSchema.java | 7 ++++ .../security/model/TagPermissionSchema.java | 6 ++++ .../service/CohortDefinitionService.java | 32 ++++++++++++++----- 11 files changed, 97 insertions(+), 10 deletions(-) diff --git a/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java index 7768187da0..79f1b5e8e3 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java @@ -13,6 +13,15 @@ public class CohortCharacterizationPermissionSchema extends EntityPermissionSche put("cohort-characterization:%s:delete", "Delete Cohort Characterization with ID = %s"); }}; + private static Map readPermissions = new HashMap() {{ + put("cohort-characterization:get", "view cohort characterization list"); + put("cohort-characterization:%s:get", "view cohort characterization with id %s"); + put("cohort-characterization:generation:get", "view cohort characterization generation list"); + put("cohort-characterization:generation:%s:get", "view cohort characterization geneartion with id %s"); + put("cohort-characterization:design:get", "view cohort characterization design"); + put("cohort-characterization:design:%s:get", "view cohort characterization with id %s"); + }}; + public CohortCharacterizationPermissionSchema() { super(EntityType.COHORT_CHARACTERIZATION, new HashMap<>(), writePermissions); diff --git a/src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java index 5c7f87c50a..3dbb4b0a84 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java @@ -14,8 +14,14 @@ public class CohortDefinitionPermissionSchema extends EntityPermissionSchema { put("cohortdefinition:%s:check:post", "Fix Cohort Definition with ID = %s"); }}; + private static Map readPermissions = new HashMap() {{ + put("cohortdefinition:get", "Get list of Cohort Definitions"); + put("cohortdefinition:%s:get", "Get Cohort Definition by ID"); + } + }; + public CohortDefinitionPermissionSchema() { - super(EntityType.COHORT_DEFINITION, new HashMap<>(), writePermissions); + super(EntityType.COHORT_DEFINITION, readPermissions, writePermissions); } } diff --git a/src/main/java/org/ohdsi/webapi/security/model/ConceptSetPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/ConceptSetPermissionSchema.java index 9a5122d964..66b4b1a4b2 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/ConceptSetPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/ConceptSetPermissionSchema.java @@ -15,7 +15,7 @@ public class ConceptSetPermissionSchema extends EntityPermissionSchema { }}; private static Map readPermissions = new HashMap() {{ - put("conceptset:%s:get", "view cohort definition with id %s"); + put("conceptset:%s:get", "view conceptset definition with id %s"); put("conceptset:%s:expression:get", "Resolve concept set %s expression"); put("conceptset:%s:version:*:expression:get", "Get expression for concept set %s items for default source"); }}; diff --git a/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java index 416b049fa6..e5dd05cbc1 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java @@ -13,6 +13,12 @@ public class EstimationPermissionSchema extends EntityPermissionSchema { put("estimation:%s:delete", "Delete Estimation with ID=%s"); }}; + private static Map readPermissions = new HashMap() {{ + put("estimation:get", "get list of estimations"); + put("estimation:%s:get", "get estimation with id %s"); + } + }; + public EstimationPermissionSchema() { super(EntityType.ESTIMATION, new HashMap<>(), writePermissions); diff --git a/src/main/java/org/ohdsi/webapi/security/model/FeatureAnalysisPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/FeatureAnalysisPermissionSchema.java index 0090a45b3b..4ef8b07ede 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/FeatureAnalysisPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/FeatureAnalysisPermissionSchema.java @@ -13,6 +13,13 @@ public class FeatureAnalysisPermissionSchema extends EntityPermissionSchema { put("feature-analysis:%s:delete", "Delete Feature Analysis with ID = %s"); }}; + private static Map readPermissions = new HashMap() {{ + put("feature-analysis:get", "get feature analysis list "); + put("feature-analysis:*:get", "get feature analysis"); + put("feature-analysis:aggregates:get", "feature-analysis:aggregates:get"); + } + }; + public FeatureAnalysisPermissionSchema() { super(EntityType.FE_ANALYSIS, new HashMap<>(), writePermissions); diff --git a/src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java index 1c336a3ff2..1550c2b284 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java @@ -15,6 +15,14 @@ public class IncidenceRatePermissionSchema extends EntityPermissionSchema { put("ir:%s:delete", "Delete Incidence Rate with ID=%s"); }}; + private static Map readPermissions = new HashMap() {{ + put("ir:*:get", "view list of incident rates"); + put("ir:get", "view list of incident rates"); + put("ir:*:version:get", "Get list of IR analsis versions"); + put("ir:*:version:*:get", "Get IR analysis version"); + } + }; + public IncidenceRatePermissionSchema() { super(EntityType.INCIDENCE_RATE, new HashMap<>(), writePermissions); diff --git a/src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java index 6c19b76c09..f4d5a4539f 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java @@ -14,6 +14,22 @@ public class PathwayAnalysisPermissionSchema extends EntityPermissionSchema { put("pathway-analysis:%s:delete", "Delete Pathway Analysis with ID = %s"); }}; + private static Map readPermissions = new HashMap() {{ + put("pathway-analysis:%s:get", "view pathway analysis with id %s"); + put("pathway-analysis:get", "view pathway analysis"); + put("pathway-analysis:%s:expression:get", "Resolve pathway analysis %s expression"); + put("pathway-analysis:version:*:expression:get", "Get list of pathway analysis versions"); + put("pathway-analysis:%s:version:*:expression:get", "Get expression for pathway analysis %s items for default source"); + put("pathway-analysis:*:generation:get", ""); + put("pathway-analysis:generation:*:get", ""); + put("pathway-analysis:generation:*:get", ""); + put("pathway-analysis:generation:*:design:get", ""); + put("pathway-analysis:*:export:get", ""); + put("pathway-analysis:*:exists:get", ""); + + } + }; + public PathwayAnalysisPermissionSchema() { super(EntityType.PATHWAY_ANALYSIS, new HashMap<>(), writePermissions); diff --git a/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java index ad34f12425..0404f3f52d 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java @@ -13,6 +13,12 @@ public class PredictionPermissionSchema extends EntityPermissionSchema { put("prediction:%s:delete", "Delete Estimation with ID=%s"); }}; + private static Map readPermissions = new HashMap() {{ + put("prediction:get", "view prediction"); + put("prediction:prediction:generation:*:result:get", "Resolve prediction %s expression"); + } + }; + public PredictionPermissionSchema() { super(EntityType.PREDICTION, new HashMap<>(), writePermissions); diff --git a/src/main/java/org/ohdsi/webapi/security/model/ReusablePermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/ReusablePermissionSchema.java index 78803dc01e..6ee5a940a6 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/ReusablePermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/ReusablePermissionSchema.java @@ -13,6 +13,13 @@ public class ReusablePermissionSchema extends EntityPermissionSchema { put("reusable:%s:put", "Update reusable"); }}; + private static Map readPermissions = new HashMap() {{ + put("reusable:%s:get", "view reusable with id %s"); + put("reusable:%s:expression:get", "Resolve reusable %s expression"); + put("reusable:%s:version:*:get", "Get expression for reusable %s items for default source"); + } + }; + public ReusablePermissionSchema() { super(EntityType.REUSABLE, new HashMap<>(), writePermissions); diff --git a/src/main/java/org/ohdsi/webapi/security/model/TagPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/TagPermissionSchema.java index e68747570b..58476a4fe9 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/TagPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/TagPermissionSchema.java @@ -13,6 +13,12 @@ public class TagPermissionSchema extends EntityPermissionSchema { put("tag:%s:put", "Update tag"); }}; + private static Map readPermissions = new HashMap() {{ + put("tag:get", "view tag with id %s"); + put("tag:search:get", "Resolve tag %s expression"); + } + }; + public TagPermissionSchema() { super(EntityType.TAG, new HashMap<>(), writePermissions); diff --git a/src/main/java/org/ohdsi/webapi/service/CohortDefinitionService.java b/src/main/java/org/ohdsi/webapi/service/CohortDefinitionService.java index 976389eb54..43124062f2 100644 --- a/src/main/java/org/ohdsi/webapi/service/CohortDefinitionService.java +++ b/src/main/java/org/ohdsi/webapi/service/CohortDefinitionService.java @@ -86,6 +86,7 @@ import org.springframework.batch.core.configuration.annotation.StepBuilderFactory; import org.springframework.batch.core.job.builder.SimpleJobBuilder; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.ApplicationEventPublisher; import org.springframework.core.convert.ConversionService; import org.springframework.jdbc.core.RowMapper; @@ -204,6 +205,9 @@ public class CohortDefinitionService extends AbstractDaoService implements HasTa @Autowired private VersionService versionService; + @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") + private boolean defaultglobalreadpermissions; + private final MarkdownRender markdownPF = new MarkdownRender(); private final List extensions = Arrays.asList(TablesExtension.create()); @@ -406,14 +410,26 @@ public GenerateSqlResult generateSql(GenerateSqlRequest request) { @Transactional public List getCohortDefinitionList() { List definitions = cohortDefinitionRepository.list(); - - return definitions.stream() - .map(def -> { - CohortMetadataDTO dto = conversionService.convert(def, CohortMetadataImplDTO.class); - permissionService.fillWriteAccess(def, dto); - return dto; - }) - .collect(Collectors.toList()); + if (defaultglobalreadpermissions == true) { // don't filter based on read permissions + return definitions.stream() + .map(def -> { + CohortMetadataDTO dto = conversionService.convert(def, CohortMetadataImplDTO.class); + permissionService.fillWriteAccess(def, dto); + permissionService.fillReadAccess(def, dto); + return dto; + }) + .collect(Collectors.toList()); + } else { // filter out cohortdefinitions that the user does not have read access to + return definitions.stream() + .filter(candidateCohortDef -> permissionService.hasReadAccess(candidateCohortDef)) + .map(def -> { + CohortMetadataDTO dto = conversionService.convert(def, CohortMetadataImplDTO.class); + permissionService.fillWriteAccess(def, dto); + permissionService.fillReadAccess(def, dto); + return dto; + }) + .collect(Collectors.toList()); + } } /** From 317cf3ef1f4bac352f3797064aefa772bfaaf962 Mon Sep 17 00:00:00 2001 From: rkboyce Date: Sun, 25 Jun 2023 08:18:24 +0000 Subject: [PATCH 07/17] partial progress through the list of schema files that need edited to apply the concept filtering to other artifact types --- .../CohortCharacterizationPermissionSchema.java | 14 ++++++++------ .../security/model/EstimationPermissionSchema.java | 11 ++++++----- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java index 79f1b5e8e3..7f8fe42b4b 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java @@ -14,16 +14,18 @@ public class CohortCharacterizationPermissionSchema extends EntityPermissionSche }}; private static Map readPermissions = new HashMap() {{ - put("cohort-characterization:get", "view cohort characterization list"); - put("cohort-characterization:%s:get", "view cohort characterization with id %s"); - put("cohort-characterization:generation:get", "view cohort characterization generation list"); - put("cohort-characterization:generation:%s:get", "view cohort characterization geneartion with id %s"); - put("cohort-characterization:design:get", "view cohort characterization design"); + put("cohort-characterization:get", "Get cohort characterizations list"); + put("cohort-characterization:*:get", "Get cohort characterization"); + put("cohort-characterization:*:generation:get", "Get cohort characterization generations"); + put("cohort-characterization:generation:*:get", "Get cohort characterization generation"); + put("cohort-characterization:*design:get", "Get cohort characterization design"); put("cohort-characterization:design:%s:get", "view cohort characterization with id %s"); + put("cohort-characterization:*:version:get", "Get list of characterization versions"); + put("cohort-characterization:*:version:*:get", "Get list of characterization version"); }}; public CohortCharacterizationPermissionSchema() { - super(EntityType.COHORT_CHARACTERIZATION, new HashMap<>(), writePermissions); + super(EntityType.COHORT_CHARACTERIZATION, readPermissions, writePermissions); } } diff --git a/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java index e5dd05cbc1..0b53ae0114 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java @@ -13,14 +13,15 @@ public class EstimationPermissionSchema extends EntityPermissionSchema { put("estimation:%s:delete", "Delete Estimation with ID=%s"); }}; - private static Map readPermissions = new HashMap() {{ - put("estimation:get", "get list of estimations"); - put("estimation:%s:get", "get estimation with id %s"); + private static Map readPermissions = new HashMap() {{ + put("estimation:get", "Get Estimation list"); + put("estimation:*:get", "Get Estimation instance"); + put("estimation:*:generation:get", "View Estimation Generations"); + put("estimation:generation:*:result:get", "View Estimation Generation Results"); } }; public EstimationPermissionSchema() { - - super(EntityType.ESTIMATION, new HashMap<>(), writePermissions); + super(EntityType.ESTIMATION, readPermissions, writePermissions); } } From e26efbafd7d5962b283e547be6f4d7cecd63c7d4 Mon Sep 17 00:00:00 2001 From: rkboyce Date: Sun, 9 Jul 2023 05:44:36 +0000 Subject: [PATCH 08/17] what appears to be the appropriate READ permission schema for cohortdefinitions. Tests OK --- .../security/model/CohortDefinitionPermissionSchema.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java index 3dbb4b0a84..a937847035 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java @@ -16,8 +16,12 @@ public class CohortDefinitionPermissionSchema extends EntityPermissionSchema { private static Map readPermissions = new HashMap() {{ put("cohortdefinition:get", "Get list of Cohort Definitions"); - put("cohortdefinition:%s:get", "Get Cohort Definition by ID"); - } + put("cohortdefinition:%s:get", "Get Cohort Definition by ID"); + put("cohortdefinition:%s:info:get",""); + + put("cohortdefinition:%s:version:get", "Get list of cohort versions"); + put("cohortdefinition:%s:version:*:get", "Get cohort version"); + } }; public CohortDefinitionPermissionSchema() { From 83befff06b54f9f1e9f411e2cd615efc3a6e1f4e Mon Sep 17 00:00:00 2001 From: rkboyce Date: Mon, 10 Jul 2023 21:10:09 +0000 Subject: [PATCH 09/17] the appropriate READ permission schema for cohortdefinitions. Tests OK --- .../model/CohortCharacterizationPermissionSchema.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java index 7f8fe42b4b..d6fcdef7da 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java @@ -15,13 +15,13 @@ public class CohortCharacterizationPermissionSchema extends EntityPermissionSche private static Map readPermissions = new HashMap() {{ put("cohort-characterization:get", "Get cohort characterizations list"); - put("cohort-characterization:*:get", "Get cohort characterization"); - put("cohort-characterization:*:generation:get", "Get cohort characterization generations"); + put("cohort-characterization:%s:get", "Get cohort characterization"); + put("cohort-characterization:%s:generation:get", "Get cohort characterization generations"); put("cohort-characterization:generation:*:get", "Get cohort characterization generation"); - put("cohort-characterization:*design:get", "Get cohort characterization design"); + put("cohort-characterization:%s:design:get", "Get cohort characterization design"); put("cohort-characterization:design:%s:get", "view cohort characterization with id %s"); - put("cohort-characterization:*:version:get", "Get list of characterization versions"); - put("cohort-characterization:*:version:*:get", "Get list of characterization version"); + put("cohort-characterization:%s:version:get", "Get list of characterization versions"); + put("cohort-characterization:%s:version:*:get", "Get list of characterization version"); }}; public CohortCharacterizationPermissionSchema() { From 3d80d5cbac478846e24e84fff3f10d44076a6c09 Mon Sep 17 00:00:00 2001 From: rkboyce Date: Sat, 15 Jul 2023 19:42:33 +0000 Subject: [PATCH 10/17] added necessary code to filter cohort-characterizations based on read permissions --- .../cohortcharacterization/CcController.java | 33 ++++++++++++++++--- ...ohortCharacterizationPermissionSchema.java | 3 +- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/ohdsi/webapi/cohortcharacterization/CcController.java b/src/main/java/org/ohdsi/webapi/cohortcharacterization/CcController.java index af2aa3a3f3..8ec520addf 100644 --- a/src/main/java/org/ohdsi/webapi/cohortcharacterization/CcController.java +++ b/src/main/java/org/ohdsi/webapi/cohortcharacterization/CcController.java @@ -42,9 +42,11 @@ import org.ohdsi.webapi.versioning.dto.VersionUpdateDTO; import org.springframework.core.convert.ConversionService; import org.springframework.data.domain.Page; +import org.springframework.data.domain.PageImpl; import org.springframework.data.domain.Pageable; import org.springframework.stereotype.Controller; import org.springframework.transaction.annotation.Transactional; +import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.RequestBody; import javax.ws.rs.Consumes; @@ -63,6 +65,7 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.StringWriter; +import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Map; @@ -86,6 +89,9 @@ public class CcController { private CharacterizationChecker checker; private PermissionService permissionService; + @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") + private boolean defaultglobalreadpermissions; + public CcController( final CcService service, final FeAnalysisService feAnalysisService, @@ -151,11 +157,28 @@ public CohortCharacterizationDTO copy(@PathParam("id") final Long id) { @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) public Page list(@Pagination Pageable pageable) { - return service.getPage(pageable).map(entity -> { - CcShortDTO dto = convertCcToShortDto(entity); - permissionService.fillWriteAccess(entity, dto); - return dto; - }); + if (defaultglobalreadpermissions == true) { // don't filter based on read permissions + return service.getPage(pageable).map(entity -> { + CcShortDTO dto = convertCcToShortDto(entity); + permissionService.fillWriteAccess(entity, dto); + permissionService.fillReadAccess(entity, dto); + return dto; + }); + } else { // filter out what the user does not have read access to + List dtolist = new ArrayList(); + + Page newpage = service.getPage(pageable); + + for (CohortCharacterizationEntity entity : newpage) { + if(permissionService.hasReadAccess(entity)){ + CcShortDTO dto = convertCcToShortDto(entity); + permissionService.fillWriteAccess(entity, dto); + permissionService.fillReadAccess(entity, dto); + dtolist.add(dto); + } + } + return new PageImpl(dtolist, pageable, dtolist.size()); + } } /** diff --git a/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java index d6fcdef7da..4da9a267e3 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java @@ -17,7 +17,8 @@ public class CohortCharacterizationPermissionSchema extends EntityPermissionSche put("cohort-characterization:get", "Get cohort characterizations list"); put("cohort-characterization:%s:get", "Get cohort characterization"); put("cohort-characterization:%s:generation:get", "Get cohort characterization generations"); - put("cohort-characterization:generation:*:get", "Get cohort characterization generation"); + put("cohort-characterization:generation:*:get", "Get cohort characterization generation"); + put("cohort-characterization:design:get", "cohort-characterization:design:get"); put("cohort-characterization:%s:design:get", "Get cohort characterization design"); put("cohort-characterization:design:%s:get", "view cohort characterization with id %s"); put("cohort-characterization:%s:version:get", "Get list of characterization versions"); From 0d0690f366c7cd0086521a069ad7c13e23418469 Mon Sep 17 00:00:00 2001 From: rkboyce Date: Sun, 16 Jul 2023 01:04:09 +0000 Subject: [PATCH 11/17] added filtering of cohort pathway analyses based on READ permissions --- .../webapi/pathway/PathwayController.java | 34 +++++++++++++++---- .../PathwayAnalysisPermissionSchema.java | 24 ++++++------- 2 files changed, 38 insertions(+), 20 deletions(-) diff --git a/src/main/java/org/ohdsi/webapi/pathway/PathwayController.java b/src/main/java/org/ohdsi/webapi/pathway/PathwayController.java index 04c50a1434..db9b52e17e 100644 --- a/src/main/java/org/ohdsi/webapi/pathway/PathwayController.java +++ b/src/main/java/org/ohdsi/webapi/pathway/PathwayController.java @@ -25,8 +25,10 @@ import org.ohdsi.webapi.versioning.dto.VersionDTO; import org.ohdsi.webapi.versioning.dto.VersionUpdateDTO; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.core.convert.ConversionService; import org.springframework.data.domain.Page; +import org.springframework.data.domain.PageImpl; import org.springframework.data.domain.Pageable; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestBody; @@ -34,6 +36,7 @@ import javax.transaction.Transactional; import javax.ws.rs.*; import javax.ws.rs.core.MediaType; +import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Map; @@ -53,6 +56,9 @@ public class PathwayController { private PathwayChecker checker; private PermissionService permissionService; + @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") + private boolean defaultglobalreadpermissions; + @Autowired public PathwayController(ConversionService conversionService, ConverterUtils converterUtils, PathwayService pathwayService, SourceService sourceService, CommonGenerationSensitiveInfoService sensitiveInfoService, PathwayChecker checker, PermissionService permissionService, I18nService i18nService) { @@ -156,13 +162,29 @@ public PathwayAnalysisDTO importAnalysis(final PathwayAnalysisExportDTO dto) { @Consumes(MediaType.APPLICATION_JSON) @Transactional public Page list(@Pagination Pageable pageable) { - - return pathwayService.getPage(pageable).map(pa -> { - PathwayAnalysisDTO dto = conversionService.convert(pa, PathwayAnalysisDTO.class); - permissionService.fillWriteAccess(pa, dto); - return dto; - }); + if (defaultglobalreadpermissions == true) { // don't filter based on read permissions + return pathwayService.getPage(pageable).map(pa -> { + PathwayAnalysisDTO dto = conversionService.convert(pa, PathwayAnalysisDTO.class); + permissionService.fillWriteAccess(pa, dto); + permissionService.fillReadAccess(pa, dto); + return dto; + }); + } else { // filter out entities the the user does not have read permissions to view + List dtolist = new ArrayList(); + + Page newpage = pathwayService.getPage(pageable); + for (PathwayAnalysisEntity pa : newpage) { + if (permissionService.hasReadAccess(pa)) { + PathwayAnalysisDTO dto = conversionService.convert(pa, PathwayAnalysisDTO.class); + permissionService.fillWriteAccess(pa, dto); + permissionService.fillReadAccess(pa, dto); + dtolist.add(dto); + } + } + return new PageImpl(dtolist, pageable, dtolist.size()); + } } + /** * Check that a pathway analysis name exists. diff --git a/src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java index f4d5a4539f..d2b1977808 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java @@ -15,23 +15,19 @@ public class PathwayAnalysisPermissionSchema extends EntityPermissionSchema { }}; private static Map readPermissions = new HashMap() {{ - put("pathway-analysis:%s:get", "view pathway analysis with id %s"); put("pathway-analysis:get", "view pathway analysis"); - put("pathway-analysis:%s:expression:get", "Resolve pathway analysis %s expression"); - put("pathway-analysis:version:*:expression:get", "Get list of pathway analysis versions"); - put("pathway-analysis:%s:version:*:expression:get", "Get expression for pathway analysis %s items for default source"); - put("pathway-analysis:*:generation:get", ""); - put("pathway-analysis:generation:*:get", ""); - put("pathway-analysis:generation:*:get", ""); - put("pathway-analysis:generation:*:design:get", ""); - put("pathway-analysis:*:export:get", ""); - put("pathway-analysis:*:exists:get", ""); - - } - }; + put("pathway-analysis:%s:get", "Get Pathways Analysis instance"); + put("pathway-analysis:%s:generation:get", "Get Pathways Analysis generations list"); + put("pathway-analysis:generation:*:get", "Get Pathways Analysis generation instance"); + put("pathway-analysis:generation:*:result:get", "Get Pathways Analysis generation results"); + put("pathway-analysis:generation:*:design:get", "Get Pathways Analysis generation design"); + put("pathway-analysis:%s:version:get", "Get list of pathway analysis versions"); + put("pathway-analysis:%s:version:*:get", "Get pathway analysis version"); + } + }; public PathwayAnalysisPermissionSchema() { - super(EntityType.PATHWAY_ANALYSIS, new HashMap<>(), writePermissions); + super(EntityType.PATHWAY_ANALYSIS, readPermissions, writePermissions); } } From 247effd50b12b29d33ebf6d0f3508e124825960f Mon Sep 17 00:00:00 2001 From: rkboyce Date: Sun, 16 Jul 2023 01:43:47 +0000 Subject: [PATCH 12/17] added filtering of IR analyses returned from Atlas based on READ permissions --- .../webapi/pathway/PathwayController.java | 2 +- .../model/EstimationPermissionSchema.java | 4 +-- .../model/IncidenceRatePermissionSchema.java | 11 ++++--- .../model/PredictionPermissionSchema.java | 2 +- .../webapi/service/IRAnalysisService.java | 33 +++++++++++++++---- 5 files changed, 37 insertions(+), 15 deletions(-) diff --git a/src/main/java/org/ohdsi/webapi/pathway/PathwayController.java b/src/main/java/org/ohdsi/webapi/pathway/PathwayController.java index db9b52e17e..f72183c898 100644 --- a/src/main/java/org/ohdsi/webapi/pathway/PathwayController.java +++ b/src/main/java/org/ohdsi/webapi/pathway/PathwayController.java @@ -169,7 +169,7 @@ public Page list(@Pagination Pageable pageable) { permissionService.fillReadAccess(pa, dto); return dto; }); - } else { // filter out entities the the user does not have read permissions to view + } else { // filter out entities that the user does not have read permissions to view List dtolist = new ArrayList(); Page newpage = pathwayService.getPage(pageable); diff --git a/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java index 0b53ae0114..201e4df88c 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java @@ -15,8 +15,8 @@ public class EstimationPermissionSchema extends EntityPermissionSchema { private static Map readPermissions = new HashMap() {{ put("estimation:get", "Get Estimation list"); - put("estimation:*:get", "Get Estimation instance"); - put("estimation:*:generation:get", "View Estimation Generations"); + put("estimation:%s:get", "Get Estimation instance"); + put("estimation:%s:generation:get", "View Estimation Generations"); put("estimation:generation:*:result:get", "View Estimation Generation Results"); } }; diff --git a/src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java index 1550c2b284..61f27b9b37 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java @@ -16,15 +16,18 @@ public class IncidenceRatePermissionSchema extends EntityPermissionSchema { }}; private static Map readPermissions = new HashMap() {{ - put("ir:*:get", "view list of incident rates"); put("ir:get", "view list of incident rates"); - put("ir:*:version:get", "Get list of IR analsis versions"); - put("ir:*:version:*:get", "Get IR analysis version"); + put("ir:%s:get", "view list of incident rates"); + put("ir:%s:version:get", "Get list of IR analsis versions"); + put("ir:%s:version:*:get", "Get IR analysis version"); + put("ir:%s:copy:get","Copy incidence rate"); + put("ir:%s:info:get","Get IR info"); + put("ir:%s:design:get","Export Incidence Rates design"); } }; public IncidenceRatePermissionSchema() { - super(EntityType.INCIDENCE_RATE, new HashMap<>(), writePermissions); + super(EntityType.INCIDENCE_RATE, readPermissions, writePermissions); } } diff --git a/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java index 0404f3f52d..ae2bff7088 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java @@ -21,6 +21,6 @@ public class PredictionPermissionSchema extends EntityPermissionSchema { public PredictionPermissionSchema() { - super(EntityType.PREDICTION, new HashMap<>(), writePermissions); + super(EntityType.PREDICTION, readPermissions, writePermissions); } } diff --git a/src/main/java/org/ohdsi/webapi/service/IRAnalysisService.java b/src/main/java/org/ohdsi/webapi/service/IRAnalysisService.java index ea66cdce4c..fc61f61aed 100644 --- a/src/main/java/org/ohdsi/webapi/service/IRAnalysisService.java +++ b/src/main/java/org/ohdsi/webapi/service/IRAnalysisService.java @@ -85,6 +85,7 @@ import org.springframework.batch.core.JobParametersBuilder; import org.springframework.batch.core.job.builder.SimpleJobBuilder; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.core.convert.ConversionService; import org.springframework.jdbc.core.RowMapper; import org.springframework.stereotype.Component; @@ -141,6 +142,9 @@ public class IRAnalysisService extends AbstractDaoService implements private final IRAnalysisQueryBuilder queryBuilder; + @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") + private boolean defaultglobalreadpermissions; + @Autowired private IncidenceRateAnalysisRepository irAnalysisRepository; @@ -341,17 +345,32 @@ private String getStrataTreemapData(int analysisId, int targetId, int outcomeId, @Override public List getIRAnalysisList() { - - return getTransactionTemplate().execute(transactionStatus -> { - Iterable analysisList = this.irAnalysisRepository.findAll(); - return StreamSupport.stream(analysisList.spliterator(), false) - .map(analysis -> { + if (defaultglobalreadpermissions == true) { // don't filter based on read permissions + return getTransactionTemplate().execute(transactionStatus -> { + Iterable analysisList = this.irAnalysisRepository.findAll(); + return StreamSupport.stream(analysisList.spliterator(), false) + .map(analysis -> { IRAnalysisShortDTO dto = conversionService.convert(analysis, IRAnalysisShortDTO.class); permissionService.fillWriteAccess(analysis, dto); + permissionService.fillReadAccess(analysis, dto); return dto; }) - .collect(Collectors.toList()); - }); + .collect(Collectors.toList()); + }); + } else { // filter out entities that the user does not have read permissions to view + return getTransactionTemplate().execute(transactionStatus -> { + Iterable analysisList = this.irAnalysisRepository.findAll(); + return StreamSupport.stream(analysisList.spliterator(), false) + .filter(candidateIRAnalysis -> permissionService.hasReadAccess(candidateIRAnalysis)) + .map(analysis -> { + IRAnalysisShortDTO dto = conversionService.convert(analysis, IRAnalysisShortDTO.class); + permissionService.fillWriteAccess(analysis, dto); + permissionService.fillReadAccess(analysis, dto); + return dto; + }) + .collect(Collectors.toList()); + }); + } } @Override From efa35572b11b98cbf4cdd6af38bd17f60202e15d Mon Sep 17 00:00:00 2001 From: rkboyce Date: Sun, 16 Jul 2023 04:39:49 +0000 Subject: [PATCH 13/17] Implemented filtering of prediction entities depending on a users READ permissions - tested and not working completely. Strange permissions issue that appears to be entirely client-side. --- .../estimation/EstimationController.java | 34 ++++++++--- .../prediction/PredictionController.java | 58 ++++++++++++------- ...ohortCharacterizationPermissionSchema.java | 1 - .../CohortDefinitionPermissionSchema.java | 1 - .../model/EstimationPermissionSchema.java | 7 ++- .../FeatureAnalysisPermissionSchema.java | 5 +- .../model/IncidenceRatePermissionSchema.java | 1 - .../PathwayAnalysisPermissionSchema.java | 1 - .../model/PredictionPermissionSchema.java | 10 +++- 9 files changed, 77 insertions(+), 41 deletions(-) diff --git a/src/main/java/org/ohdsi/webapi/estimation/EstimationController.java b/src/main/java/org/ohdsi/webapi/estimation/EstimationController.java index 90c7b7fa33..a932c154a7 100644 --- a/src/main/java/org/ohdsi/webapi/estimation/EstimationController.java +++ b/src/main/java/org/ohdsi/webapi/estimation/EstimationController.java @@ -22,6 +22,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.core.convert.support.GenericConversionService; import org.springframework.stereotype.Controller; @@ -70,7 +71,10 @@ public class EstimationController { private final ScriptExecutionService executionService; private EstimationChecker checker; private PermissionService permissionService; - + + @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") + private boolean defaultglobalreadpermissions; + public EstimationController(EstimationService service, GenericConversionService conversionService, CommonGenerationSensitiveInfoService sensitiveInfoService, @@ -97,14 +101,26 @@ public EstimationController(EstimationService service, @Path("/") @Produces(MediaType.APPLICATION_JSON) public List getAnalysisList() { - - return StreamSupport.stream(service.getAnalysisList().spliterator(), false) - .map(analysis -> { - EstimationShortDTO dto = conversionService.convert(analysis, EstimationShortDTO.class); - permissionService.fillWriteAccess(analysis, dto); - return dto; - }) - .collect(Collectors.toList()); + if (defaultglobalreadpermissions == true) { // don't filter based on read permissions + return StreamSupport.stream(service.getAnalysisList().spliterator(), false) + .map(analysis -> { + EstimationShortDTO dto = conversionService.convert(analysis, EstimationShortDTO.class); + permissionService.fillWriteAccess(analysis, dto); + permissionService.fillReadAccess(analysis, dto); + return dto; + }) + .collect(Collectors.toList()); + } else { + return StreamSupport.stream(service.getAnalysisList().spliterator(), false) + .filter(candidateEstimation -> permissionService.hasReadAccess(candidateEstimation)) + .map(analysis -> { + EstimationShortDTO dto = conversionService.convert(analysis, EstimationShortDTO.class); + permissionService.fillWriteAccess(analysis, dto); + permissionService.fillReadAccess(analysis, dto); + return dto; + }) + .collect(Collectors.toList()); + } } /** diff --git a/src/main/java/org/ohdsi/webapi/prediction/PredictionController.java b/src/main/java/org/ohdsi/webapi/prediction/PredictionController.java index 67a35b7b55..52ad361c09 100644 --- a/src/main/java/org/ohdsi/webapi/prediction/PredictionController.java +++ b/src/main/java/org/ohdsi/webapi/prediction/PredictionController.java @@ -21,6 +21,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.core.convert.support.GenericConversionService; import org.springframework.stereotype.Controller; @@ -67,6 +68,9 @@ public class PredictionController { private PermissionService permissionService; + @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") + private boolean defaultglobalreadpermissions; + @Autowired public PredictionController(PredictionService service, GenericConversionService conversionService, @@ -93,26 +97,40 @@ public PredictionController(PredictionService service, @GET @Path("/") @Produces(MediaType.APPLICATION_JSON) - public List getAnalysisList() { - - return StreamSupport - .stream(service.getAnalysisList().spliterator(), false) - .map(analysis -> { - CommonAnalysisDTO dto = conversionService.convert(analysis, CommonAnalysisDTO.class); - permissionService.fillWriteAccess(analysis, dto); - return dto; - }) - .collect(Collectors.toList()); - } - - /** - * Check to see if a prediction design exists by name - * - * @summary Prediction design exists by name - * @param id The prediction design id - * @param name The prediction design name - * @return 1 if a prediction design with the given name and id exist in WebAPI and 0 otherwise - */ + public List getAnalysisList() { + if (defaultglobalreadpermissions == true) { // don't filter based on read permissions + return StreamSupport + .stream(service.getAnalysisList().spliterator(), false) + .map(analysis -> { + CommonAnalysisDTO dto = conversionService.convert(analysis, CommonAnalysisDTO.class); + permissionService.fillWriteAccess(analysis, dto); + permissionService.fillReadAccess(analysis, dto); + return dto; + }) + .collect(Collectors.toList()); + } else { + return StreamSupport + .stream(service.getAnalysisList().spliterator(), false) + .filter(candidateAnalysis -> permissionService.hasReadAccess(candidateAnalysis)) + .map(analysis -> { + CommonAnalysisDTO dto = conversionService.convert(analysis, CommonAnalysisDTO.class); + permissionService.fillWriteAccess(analysis, dto); + permissionService.fillReadAccess(analysis, dto); + return dto; + }) + .collect(Collectors.toList()); + } + } + + + /** + * Check to see if a prediction design exists by name + * + * @summary Prediction design exists by name + * @param id The prediction design id + * @param name The prediction design name + * @return 1 if a prediction design with the given name and id exist in WebAPI and 0 otherwise + */ @GET @Path("/{id}/exists") @Produces(MediaType.APPLICATION_JSON) diff --git a/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java index 4da9a267e3..f6ea10012a 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java @@ -14,7 +14,6 @@ public class CohortCharacterizationPermissionSchema extends EntityPermissionSche }}; private static Map readPermissions = new HashMap() {{ - put("cohort-characterization:get", "Get cohort characterizations list"); put("cohort-characterization:%s:get", "Get cohort characterization"); put("cohort-characterization:%s:generation:get", "Get cohort characterization generations"); put("cohort-characterization:generation:*:get", "Get cohort characterization generation"); diff --git a/src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java index a937847035..bb6781ae0a 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java @@ -15,7 +15,6 @@ public class CohortDefinitionPermissionSchema extends EntityPermissionSchema { }}; private static Map readPermissions = new HashMap() {{ - put("cohortdefinition:get", "Get list of Cohort Definitions"); put("cohortdefinition:%s:get", "Get Cohort Definition by ID"); put("cohortdefinition:%s:info:get",""); diff --git a/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java index 201e4df88c..607bb6bd4e 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java @@ -14,12 +14,15 @@ public class EstimationPermissionSchema extends EntityPermissionSchema { }}; private static Map readPermissions = new HashMap() {{ - put("estimation:get", "Get Estimation list"); put("estimation:%s:get", "Get Estimation instance"); put("estimation:%s:generation:get", "View Estimation Generations"); - put("estimation:generation:*:result:get", "View Estimation Generation Results"); + put("estimation:%s:copy:get", "Copy Estimation instance"); + put("estimation:%s:download:get", "Download Estimation package"); + put("estimation:%s:export:get", "Export Estimation"); + put("estimation:%s:generation:get", "View Estimation Generations"); } }; + public EstimationPermissionSchema() { super(EntityType.ESTIMATION, readPermissions, writePermissions); diff --git a/src/main/java/org/ohdsi/webapi/security/model/FeatureAnalysisPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/FeatureAnalysisPermissionSchema.java index 4ef8b07ede..b36ea20b64 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/FeatureAnalysisPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/FeatureAnalysisPermissionSchema.java @@ -14,14 +14,13 @@ public class FeatureAnalysisPermissionSchema extends EntityPermissionSchema { }}; private static Map readPermissions = new HashMap() {{ - put("feature-analysis:get", "get feature analysis list "); - put("feature-analysis:*:get", "get feature analysis"); + put("feature-analysis:%s:get", "get feature analysis"); put("feature-analysis:aggregates:get", "feature-analysis:aggregates:get"); } }; public FeatureAnalysisPermissionSchema() { - super(EntityType.FE_ANALYSIS, new HashMap<>(), writePermissions); + super(EntityType.FE_ANALYSIS, readPermissions, writePermissions); } } diff --git a/src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java index 61f27b9b37..57441e5edf 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java @@ -16,7 +16,6 @@ public class IncidenceRatePermissionSchema extends EntityPermissionSchema { }}; private static Map readPermissions = new HashMap() {{ - put("ir:get", "view list of incident rates"); put("ir:%s:get", "view list of incident rates"); put("ir:%s:version:get", "Get list of IR analsis versions"); put("ir:%s:version:*:get", "Get IR analysis version"); diff --git a/src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java index d2b1977808..2f6f30ec63 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java @@ -15,7 +15,6 @@ public class PathwayAnalysisPermissionSchema extends EntityPermissionSchema { }}; private static Map readPermissions = new HashMap() {{ - put("pathway-analysis:get", "view pathway analysis"); put("pathway-analysis:%s:get", "Get Pathways Analysis instance"); put("pathway-analysis:%s:generation:get", "Get Pathways Analysis generations list"); put("pathway-analysis:generation:*:get", "Get Pathways Analysis generation instance"); diff --git a/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java index ae2bff7088..2f6f7c919e 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java @@ -14,11 +14,15 @@ public class PredictionPermissionSchema extends EntityPermissionSchema { }}; private static Map readPermissions = new HashMap() {{ - put("prediction:get", "view prediction"); - put("prediction:prediction:generation:*:result:get", "Resolve prediction %s expression"); + put("prediction:%s:get", "Get Prediction instance"); + put("prediction:%s:copy:get", "Copy Prediction instance"); + put("prediction:%s:download:get", "Download Prediction package"); + put("prediction:%s:export:get", "Export Prediction"); + put("prediction:%s:generation:get", "View Prediction Generations"); + put("prediction:%s:exists:get", "Check name uniqueness of prediction"); } }; - + public PredictionPermissionSchema() { super(EntityType.PREDICTION, readPermissions, writePermissions); From 28d648028d1a449304600c7e90c7a76057cdc272 Mon Sep 17 00:00:00 2001 From: rkboyce Date: Sun, 23 Jul 2023 01:47:11 +0000 Subject: [PATCH 14/17] slight change to add permissions that Atlas checks for for PLP and Estimation but that were not obvious previously --- .../ohdsi/webapi/security/model/EstimationPermissionSchema.java | 1 + .../ohdsi/webapi/security/model/PredictionPermissionSchema.java | 1 + 2 files changed, 2 insertions(+) diff --git a/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java index 607bb6bd4e..0df160ee52 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java @@ -20,6 +20,7 @@ public class EstimationPermissionSchema extends EntityPermissionSchema { put("estimation:%s:download:get", "Download Estimation package"); put("estimation:%s:export:get", "Export Estimation"); put("estimation:%s:generation:get", "View Estimation Generations"); + put("comparativecohortanalysis:%s:get","Get estimation"); } }; diff --git a/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java b/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java index 2f6f7c919e..d2e3cc458d 100644 --- a/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java +++ b/src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java @@ -20,6 +20,7 @@ public class PredictionPermissionSchema extends EntityPermissionSchema { put("prediction:%s:export:get", "Export Prediction"); put("prediction:%s:generation:get", "View Prediction Generations"); put("prediction:%s:exists:get", "Check name uniqueness of prediction"); + put("plp:%s:get", "Get population level prediction"); } }; From 23a86bcfb585e90d8eb47a2928c7e69c93cc5c6b Mon Sep 17 00:00:00 2001 From: rkboyce Date: Sun, 23 Jul 2023 02:07:46 +0000 Subject: [PATCH 15/17] changed parameter for listAccessesForEntity from the overloaded 'role' string to a more clear 'permType --- .../ohdsi/webapi/security/PermissionController.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/ohdsi/webapi/security/PermissionController.java b/src/main/java/org/ohdsi/webapi/security/PermissionController.java index 8054288e69..aa601e1af0 100644 --- a/src/main/java/org/ohdsi/webapi/security/PermissionController.java +++ b/src/main/java/org/ohdsi/webapi/security/PermissionController.java @@ -83,27 +83,27 @@ public List listAccessesForEntity(@QueryParam("roleSearch") String role } /** - * Get entity role access information + * Get roles that have a permission type (READ/WRITE) to entity * - * @summary Get entity role information + * @summary Get roles that have a specific permission (READ/WRITE) for the entity * @param entityType The entity type * @param entityId The entity ID - * @return The list of roles + * @return The list of permissions for the permission type * @throws Exception */ @GET - @Path("/access/{entityType}/{entityId}/{role}") + @Path("/access/{entityType}/{entityId}/{permType}") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) public List listAccessesForEntity( @PathParam("entityType") EntityType entityType, @PathParam("entityId") Integer entityId, - @PathParam("role") String role + @PathParam("permType") String permType ) throws Exception { permissionService.checkCommonEntityOwnership(entityType, entityId); Set permissionTemplates = null; - if (role == "WRITE") { + if (permType == "WRITE") { permissionTemplates = permissionService.getTemplatesForType(entityType, AccessType.WRITE).keySet(); } else { permissionTemplates = permissionService.getTemplatesForType(entityType, AccessType.READ).keySet(); From 8c7a54fc1a6e7e3e18a5ca4da5f6f99018cb5fe1 Mon Sep 17 00:00:00 2001 From: rkboyce Date: Sun, 23 Jul 2023 02:16:26 +0000 Subject: [PATCH 16/17] changed parameter for listAccessesForEntity from the overloaded 'role' string to a more clear 'permType --- .../java/org/ohdsi/webapi/security/PermissionController.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/ohdsi/webapi/security/PermissionController.java b/src/main/java/org/ohdsi/webapi/security/PermissionController.java index aa601e1af0..25ae6cedcb 100644 --- a/src/main/java/org/ohdsi/webapi/security/PermissionController.java +++ b/src/main/java/org/ohdsi/webapi/security/PermissionController.java @@ -95,7 +95,7 @@ public List listAccessesForEntity(@QueryParam("roleSearch") String role @Path("/access/{entityType}/{entityId}/{permType}") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - public List listAccessesForEntity( + public List listAccessesForEntityByPermType( @PathParam("entityType") EntityType entityType, @PathParam("entityId") Integer entityId, @PathParam("permType") String permType From 04ac2c8d0d40145b03911181a80439162583679f Mon Sep 17 00:00:00 2001 From: rkboyce Date: Tue, 25 Jul 2023 23:25:54 +0000 Subject: [PATCH 17/17] Added the Makefile to the .gitignore Fixed the default value of DefaultGlobalReadPermissions to be true in pom.xm and to be camel case formatted throughout the code --- .gitignore | 1 + Makefile | 2 +- pom.xml | 2 +- .../ohdsi/webapi/cohortcharacterization/CcController.java | 6 +++--- .../org/ohdsi/webapi/estimation/EstimationController.java | 6 +++--- .../java/org/ohdsi/webapi/pathway/PathwayController.java | 6 +++--- .../org/ohdsi/webapi/prediction/PredictionController.java | 6 +++--- .../org/ohdsi/webapi/service/CohortDefinitionService.java | 6 +++--- .../java/org/ohdsi/webapi/service/ConceptSetService.java | 6 +++--- .../java/org/ohdsi/webapi/service/IRAnalysisService.java | 6 +++--- src/main/resources/application.properties | 2 +- 11 files changed, 25 insertions(+), 24 deletions(-) diff --git a/.gitignore b/.gitignore index 05185b5352..c770a83d86 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +Makefile WebAPIConfig/ *application.properties .idea/ diff --git a/Makefile b/Makefile index a84f1c571b..84b1aaac79 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ deploy: package mv /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/webapps/WebAPI /mnt/disk1/webapi-dev-tmp/WebAPI-FOLDER-`date +%m%d%H%S` mv /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/webapps/WebAPI.war /mnt/disk1/webapi-dev-tmp/WebAPI.war-`date +%m%d%H%S` mv target/WebAPI.war /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/webapps/ - /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/bin/startup.sh + echo "Now run /home/ubuntu/Downloads/apache-tomcat-8.5.84-DEV/bin/startup.sh" git-push: git push diff --git a/pom.xml b/pom.xml index f1bdb2d371..6b1bd807c4 100644 --- a/pom.xml +++ b/pom.xml @@ -195,7 +195,7 @@ - false + true 8080 diff --git a/src/main/java/org/ohdsi/webapi/cohortcharacterization/CcController.java b/src/main/java/org/ohdsi/webapi/cohortcharacterization/CcController.java index 8ec520addf..13aaff54b6 100644 --- a/src/main/java/org/ohdsi/webapi/cohortcharacterization/CcController.java +++ b/src/main/java/org/ohdsi/webapi/cohortcharacterization/CcController.java @@ -89,8 +89,8 @@ public class CcController { private CharacterizationChecker checker; private PermissionService permissionService; - @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") - private boolean defaultglobalreadpermissions; + @Value("#{'${security.defaultGlobalReadPermissions}'.equals(false)}") + private boolean defaultGlobalReadPermissions; public CcController( final CcService service, @@ -157,7 +157,7 @@ public CohortCharacterizationDTO copy(@PathParam("id") final Long id) { @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) public Page list(@Pagination Pageable pageable) { - if (defaultglobalreadpermissions == true) { // don't filter based on read permissions + if (defaultGlobalReadPermissions == true) { // don't filter based on read permissions return service.getPage(pageable).map(entity -> { CcShortDTO dto = convertCcToShortDto(entity); permissionService.fillWriteAccess(entity, dto); diff --git a/src/main/java/org/ohdsi/webapi/estimation/EstimationController.java b/src/main/java/org/ohdsi/webapi/estimation/EstimationController.java index a932c154a7..9875bc8e5e 100644 --- a/src/main/java/org/ohdsi/webapi/estimation/EstimationController.java +++ b/src/main/java/org/ohdsi/webapi/estimation/EstimationController.java @@ -72,8 +72,8 @@ public class EstimationController { private EstimationChecker checker; private PermissionService permissionService; - @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") - private boolean defaultglobalreadpermissions; + @Value("#{'${security.defaultGlobalReadPermissions}'.equals(false)}") + private boolean defaultGlobalReadPermissions; public EstimationController(EstimationService service, GenericConversionService conversionService, @@ -101,7 +101,7 @@ public EstimationController(EstimationService service, @Path("/") @Produces(MediaType.APPLICATION_JSON) public List getAnalysisList() { - if (defaultglobalreadpermissions == true) { // don't filter based on read permissions + if (defaultGlobalReadPermissions == true) { // don't filter based on read permissions return StreamSupport.stream(service.getAnalysisList().spliterator(), false) .map(analysis -> { EstimationShortDTO dto = conversionService.convert(analysis, EstimationShortDTO.class); diff --git a/src/main/java/org/ohdsi/webapi/pathway/PathwayController.java b/src/main/java/org/ohdsi/webapi/pathway/PathwayController.java index f72183c898..671e6119b5 100644 --- a/src/main/java/org/ohdsi/webapi/pathway/PathwayController.java +++ b/src/main/java/org/ohdsi/webapi/pathway/PathwayController.java @@ -56,8 +56,8 @@ public class PathwayController { private PathwayChecker checker; private PermissionService permissionService; - @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") - private boolean defaultglobalreadpermissions; + @Value("#{'${security.defaultGlobalReadPermissions}'.equals(false)}") + private boolean defaultGlobalReadPermissions; @Autowired public PathwayController(ConversionService conversionService, ConverterUtils converterUtils, PathwayService pathwayService, SourceService sourceService, CommonGenerationSensitiveInfoService sensitiveInfoService, PathwayChecker checker, PermissionService permissionService, I18nService i18nService) { @@ -162,7 +162,7 @@ public PathwayAnalysisDTO importAnalysis(final PathwayAnalysisExportDTO dto) { @Consumes(MediaType.APPLICATION_JSON) @Transactional public Page list(@Pagination Pageable pageable) { - if (defaultglobalreadpermissions == true) { // don't filter based on read permissions + if (defaultGlobalReadPermissions == true) { // don't filter based on read permissions return pathwayService.getPage(pageable).map(pa -> { PathwayAnalysisDTO dto = conversionService.convert(pa, PathwayAnalysisDTO.class); permissionService.fillWriteAccess(pa, dto); diff --git a/src/main/java/org/ohdsi/webapi/prediction/PredictionController.java b/src/main/java/org/ohdsi/webapi/prediction/PredictionController.java index 52ad361c09..0838f2363a 100644 --- a/src/main/java/org/ohdsi/webapi/prediction/PredictionController.java +++ b/src/main/java/org/ohdsi/webapi/prediction/PredictionController.java @@ -68,8 +68,8 @@ public class PredictionController { private PermissionService permissionService; - @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") - private boolean defaultglobalreadpermissions; + @Value("#{'${security.defaultGlobalReadPermissions}'.equals(false)}") + private boolean defaultGlobalReadPermissions; @Autowired public PredictionController(PredictionService service, @@ -98,7 +98,7 @@ public PredictionController(PredictionService service, @Path("/") @Produces(MediaType.APPLICATION_JSON) public List getAnalysisList() { - if (defaultglobalreadpermissions == true) { // don't filter based on read permissions + if (defaultGlobalReadPermissions == true) { // don't filter based on read permissions return StreamSupport .stream(service.getAnalysisList().spliterator(), false) .map(analysis -> { diff --git a/src/main/java/org/ohdsi/webapi/service/CohortDefinitionService.java b/src/main/java/org/ohdsi/webapi/service/CohortDefinitionService.java index 43124062f2..e580a3eb56 100644 --- a/src/main/java/org/ohdsi/webapi/service/CohortDefinitionService.java +++ b/src/main/java/org/ohdsi/webapi/service/CohortDefinitionService.java @@ -205,8 +205,8 @@ public class CohortDefinitionService extends AbstractDaoService implements HasTa @Autowired private VersionService versionService; - @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") - private boolean defaultglobalreadpermissions; + @Value("#{'${security.defaultGlobalReadPermissions}'.equals(false)}") + private boolean defaultGlobalReadPermissions; private final MarkdownRender markdownPF = new MarkdownRender(); @@ -410,7 +410,7 @@ public GenerateSqlResult generateSql(GenerateSqlRequest request) { @Transactional public List getCohortDefinitionList() { List definitions = cohortDefinitionRepository.list(); - if (defaultglobalreadpermissions == true) { // don't filter based on read permissions + if (defaultGlobalReadPermissions == true) { // don't filter based on read permissions return definitions.stream() .map(def -> { CohortMetadataDTO dto = conversionService.convert(def, CohortMetadataImplDTO.class); diff --git a/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java b/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java index 0b0e0d0f00..76aceb5a10 100644 --- a/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java +++ b/src/main/java/org/ohdsi/webapi/service/ConceptSetService.java @@ -104,8 +104,8 @@ public class ConceptSetService extends AbstractDaoService implements HasTags versionService; - @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") - private boolean defaultglobalreadpermissions; + @Value("#{'${security.defaultGlobalReadPermissions}'.equals(false)}") + private boolean defaultGlobalReadPermissions; public static final String COPY_NAME = "copyName"; @@ -135,7 +135,7 @@ public ConceptSetDTO getConceptSet(@PathParam("id") final int id) { @Path("/") @Produces(MediaType.APPLICATION_JSON) public Collection getConceptSets() { - if (defaultglobalreadpermissions == true) { // don't filter based on read permissions + if (defaultGlobalReadPermissions == true) { // don't filter based on read permissions return getTransactionTemplate().execute( transactionStatus -> StreamSupport.stream(getConceptSetRepository().findAll().spliterator(), false) .map(conceptSet -> { diff --git a/src/main/java/org/ohdsi/webapi/service/IRAnalysisService.java b/src/main/java/org/ohdsi/webapi/service/IRAnalysisService.java index fc61f61aed..9ef34897f6 100644 --- a/src/main/java/org/ohdsi/webapi/service/IRAnalysisService.java +++ b/src/main/java/org/ohdsi/webapi/service/IRAnalysisService.java @@ -142,8 +142,8 @@ public class IRAnalysisService extends AbstractDaoService implements private final IRAnalysisQueryBuilder queryBuilder; - @Value("#{'${security.defaultglobalreadpermissions}'.equals(false)}") - private boolean defaultglobalreadpermissions; + @Value("#{'${security.defaultGlobalReadPermissions}'.equals(false)}") + private boolean defaultGlobalReadPermissions; @Autowired private IncidenceRateAnalysisRepository irAnalysisRepository; @@ -345,7 +345,7 @@ private String getStrataTreemapData(int analysisId, int targetId, int outcomeId, @Override public List getIRAnalysisList() { - if (defaultglobalreadpermissions == true) { // don't filter based on read permissions + if (defaultGlobalReadPermissions == true) { // don't filter based on read permissions return getTransactionTemplate().execute(transactionStatus -> { Iterable analysisList = this.irAnalysisRepository.findAll(); return StreamSupport.stream(analysisList.spliterator(), false) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 8187ba3e67..cd1afb2013 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -107,7 +107,7 @@ csrf.disable=true sparql.endpoint=http://virtuoso.ohdsi.org:8890/sparql?default-graph-uri=&query= -security.defaultglobalreadpermissions=${security.defaultGlobalReadPermissions} +security.defaultGlobalReadPermissions=${security.defaultGlobalReadPermissions} security.provider=${security.provider} security.cors.enabled=${security.cors.enabled} security.token.expiration=${security.token.expiration}