From e64da72200261190793e5fea05dcc3fdfb3fd79d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=9Cmit=20Seren?= Date: Sun, 21 Jun 2020 18:41:14 +0200 Subject: [PATCH] Added REST endpoint to make studies public Added REST endpoint to make studies public. It uses the PermissionService --- .../controller/RestProviderController.java | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/genophenbrowser-server/src/main/java/com/gmi/nordborglab/browser/server/controller/RestProviderController.java b/src/genophenbrowser-server/src/main/java/com/gmi/nordborglab/browser/server/controller/RestProviderController.java index 035cd707..82834df0 100644 --- a/src/genophenbrowser-server/src/main/java/com/gmi/nordborglab/browser/server/controller/RestProviderController.java +++ b/src/genophenbrowser-server/src/main/java/com/gmi/nordborglab/browser/server/controller/RestProviderController.java @@ -7,6 +7,7 @@ import com.gmi.nordborglab.browser.server.data.annotation.Tracks; import com.gmi.nordborglab.browser.server.data.annotation.TracksData; import com.gmi.nordborglab.browser.server.data.isatab.IsaTabExporter; +import com.gmi.nordborglab.browser.server.domain.acl.PermissionPrincipal; import com.gmi.nordborglab.browser.server.domain.cdv.Study; import com.gmi.nordborglab.browser.server.domain.observation.Experiment; import com.gmi.nordborglab.browser.server.domain.phenotype.Trait; @@ -19,12 +20,16 @@ import com.gmi.nordborglab.browser.server.rest.PhenotypeData; import com.gmi.nordborglab.browser.server.rest.PhenotypeValue; import com.gmi.nordborglab.browser.server.rest.StudyGWASData; +import com.gmi.nordborglab.browser.server.security.CustomAcl; +import com.gmi.nordborglab.browser.server.security.CustomAccessControlEntry; +import com.gmi.nordborglab.browser.server.security.CustomPermission; import com.gmi.nordborglab.browser.server.service.AnnotationDataService; import com.gmi.nordborglab.browser.server.service.CdvService; import com.gmi.nordborglab.browser.server.service.ExperimentService; import com.gmi.nordborglab.browser.server.service.GWASDataService; import com.gmi.nordborglab.browser.server.service.HelperService; import com.gmi.nordborglab.browser.server.service.MetaAnalysisService; +import com.gmi.nordborglab.browser.server.service.PermissionService; import com.gmi.nordborglab.browser.server.service.TraitService; import com.gmi.nordborglab.browser.server.service.TraitUomService; import com.google.common.base.Function; @@ -57,6 +62,7 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseStatus; +import org.springframework.security.acls.domain.GrantedAuthoritySid; import org.springframework.web.multipart.commons.CommonsMultipartFile; import javax.annotation.Nullable; @@ -97,6 +103,9 @@ public class RestProviderController { @Resource private GWASDataService gwasDataService; + @Resource + private PermissionService permissionService; + @Resource private TaxonomyRepository taxonomyRepository; @@ -109,6 +118,25 @@ public class RestProviderController { private static final Logger logger = LoggerFactory.getLogger(RestProviderController.class); + @RequestMapping(method = RequestMethod.POST, value = "/study/{id}/{isPublic}") + public + @ResponseBody + void makeStudyPublic(@PathVariable("id") Long id, @PathVariable("isPublic") Boolean isPublic) { + Experiment experiment = experimentService.findExperiment(id); + CustomAcl customAcl = permissionService.getPermissions(experiment); + List entries = customAcl.getEntries(); + final String annonymousUser = "ROLE_ANONYMOUS"; + final PermissionPrincipal annonymousPrincipal = new PermissionPrincipal(annonymousUser, "", false, false); + if (isPublic) { + entries.add(new CustomAccessControlEntry(null,CustomPermission.READ.getMask(),true,annonymousPrincipal)); + } + else { + entries.removeIf(n -> (!n.getPrincipal().getIsUser() && n.getPrincipal().getId().equals(annonymousUser))); + } + customAcl.setEntries(entries); + permissionService.updatePermissions(experiment, customAcl); + } + @RequestMapping(method = RequestMethod.GET, value = "/study/{id}/pvalues") public