Skip to content
Permalink
Browse files
Merge pull request #53 from isururanawaka/sharing_service_impl
Fix metadata search listing unauthorized files
  • Loading branch information
isururanawaka committed Sep 3, 2021
2 parents 2dce31d + 405d418 commit 92d1a301a61c1fe3a2dae91d6523f29d5e44e959
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 5 deletions.
@@ -12,9 +12,12 @@
import org.apache.airavata.datalake.drms.storage.*;
import org.apache.airavata.datalake.orchestrator.Configuration;
import org.apache.airavata.datalake.orchestrator.core.connector.AbstractConnector;
import org.bouncycastle.util.encoders.UTF8;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicReference;
@@ -203,4 +206,6 @@ public Optional<AnyStoragePreference> getStoragePreference(String authToken, Str
return Optional.empty();
}



}
@@ -470,7 +470,7 @@ public void searchResource(ResourceSearchRequest

genericResourceList.forEach(res -> {
try {
if (hasAccessForResource(callUser.getUsername(), callUser.getTenantId(), res.getResourceId(), value)) {
if (hasAccessForResource(callUser.getUsername(), callUser.getTenantId(), res.getResourceId(), "COLLECTION")) {
allowedResourceList.add(res);
}
} catch (Exception exception) {
@@ -487,7 +487,7 @@ public void searchResource(ResourceSearchRequest
List<GenericResource> genericResources = GenericResourceDeserializer.deserializeList(ownPropertySearchRecords);
genericResources.forEach(res -> {
try {
if (hasAccessForResource(callUser.getUsername(), callUser.getTenantId(), res.getResourceId(), value)) {
if (hasAccessForResource(callUser.getUsername(), callUser.getTenantId(), res.getResourceId(), "COLLECTION")) {
allowedResourceList.add(res);
}
} catch (Exception exception) {
@@ -752,7 +752,6 @@ public void addResourceMetadata(AddResourceMetadataRequest request, StreamObserv
String type = request.getType();



Struct struct = request.getMetadata();
String message = JsonFormat.printer().print(struct);
JSONObject json = new JSONObject(message);
@@ -781,7 +780,7 @@ public void addResourceMetadata(AddResourceMetadataRequest request, StreamObserv
String oldJSON = jsonList.get().get(0);
message = mergeJSON(oldJSON, message);
}
parameters.put("metadata",message);
parameters.put("metadata", message);
String query = " MATCH (r" + type + ") where r.entityId= $parentResourceId AND r.tenantId= $tenantId " +
" MERGE (r)-[:HAS_FULL_METADATA]->(cr:FULL_METADATA_NODE{tenantId: $tenantId}) ON CREATE SET cr.metadata= $metadata " +
" ON MATCH SET cr.metadata = $metadata";
@@ -845,20 +844,32 @@ public void fetchResourceMetadata(FetchResourceMetadataRequest
}


private boolean hasAccessForResource(String username, String tenantId, String resourceId, String type) throws
private boolean hasAccessForResource(String username, String tenantId, String resourceId, String parentResourceType) throws
Exception {
Map<String, Object> userProps = new HashMap<>();
userProps.put("username", username);
userProps.put("tenantId", tenantId);
userProps.put("entityId", resourceId);


String query = " MATCH (u:User), (r) where u.username = $username AND u.tenantId = $tenantId AND " +
" r.entityId = $entityId AND r.tenantId = $tenantId" +
" OPTIONAL MATCH (cg:Group)-[:CHILD_OF*]->(g:Group)<-[:MEMBER_OF]-(u)" +
" OPTIONAL MATCH (l)<-[:CHILD_OF*]-(r)" +
" return case when exists((u)<-[:SHARED_WITH]-(r)) OR exists((u)<-[:SHARED_WITH]-(l)) OR exists((g)<-[:SHARED_WITH]-(r)) OR " +
" exists((g)<-[:SHARED_WITH]-(l)) OR exists((cg)<-[:SHARED_WITH]-(r)) OR exists((cg)<-[:SHARED_WITH]-(l)) then r else NULL end as value";


if (parentResourceType != null) {
query = " MATCH (u:User), (r) where u.username = $username AND u.tenantId = $tenantId AND " +
" r.entityId = $entityId AND r.tenantId = $tenantId" +
" OPTIONAL MATCH (cg:Group)-[:CHILD_OF*]->(g:Group)<-[:MEMBER_OF]-(u)" +
" OPTIONAL MATCH (l:" + parentResourceType + ")<-[:CHILD_OF*]-(r)" +
" return case when exists((u)<-[:SHARED_WITH]-(r)) OR exists((u)<-[:SHARED_WITH]-(l)) OR exists((g)<-[:SHARED_WITH]-(r)) OR " +
" exists((g)<-[:SHARED_WITH]-(l)) OR exists((cg)<-[:SHARED_WITH]-(r)) OR exists((cg)<-[:SHARED_WITH]-(l)) then r else NULL end as value";
}


List<Record> records = this.neo4JConnector.searchNodes(userProps, query);

List<GenericResource> genericResourceList = GenericResourceDeserializer.deserializeList(records);

0 comments on commit 92d1a30

Please sign in to comment.