Commit 6941dc9c authored by Diego Molteni's avatar Diego Molteni
Browse files

Arch Diagram Updated + Auth on user roles

parent a2142e49
......@@ -8,7 +8,7 @@ Seismic Store is a cloud-based solution composed by restful micro-services, clie
Seismic Store manages data authorization at service level by protecting access to storage bucket resources. Only service authorized users are enabled to directly access a storage resource. The service implements a mechanism that generates an “impersonation token” by authorizing long running/background production jobs to access data without requiring further user interactions.
![service architecture diagram](docs/seistore-service-architecture.png "Service Architecture Diagram")
![service architecture diagram](docs/sdms-architecture-diagram-plain.png "Service Architecture Diagram")
```python
# build the service
......
......@@ -18,7 +18,7 @@
# Endpoints Description
# ===========================================================================
swagger: "2.0.0"
swagger: "2.0"
info:
title: "Seismic DMS Service"
......
......@@ -310,9 +310,12 @@ export class UserHandler {
// parse user request
const sdPath = UserParser.rolesUser(req);
// retrieve the tenant informations
// retrieve the tenant information
const tenant = await TenantDAO.get(sdPath.tenant);
// Check if user has read access
await Auth.isUserRegistered(req.headers.authorization, tenant.esd, req[Config.DE_FORWARD_APPKEY]);
// get the groups of the user
const groups = await AuthGroups.getUserGroups(req.headers.authorization,
tenant.esd, req[Config.DE_FORWARD_APPKEY]);
......@@ -330,12 +333,14 @@ export class UserHandler {
const registeredSubprojects = (await SubProjectDAO.list(journalClient, sdPath.tenant));
// Concatenate all valid subproject admin groups
const registeredSubprojectAdminGrps = registeredSubprojects.map(subproject => subproject.acls.admins).flat(1);
const registeredSubprojectViewerGrps = registeredSubprojects.map(subproject => subproject.acls.viewers).flat(1);
const registeredSubprojectAdminGroups = registeredSubprojects.map(subproject => subproject.acls.admins).flat(1);
const registeredSubprojectViewerGroups = registeredSubprojects.map(
subproject => subproject.acls.viewers).flat(1);
// Find intersection of admin groups of all registered subprojects and the usergroup emails
const validAdminGroupsForUser = registeredSubprojectAdminGrps.filter(grp => groupEmailsOfUser.includes(grp));
const validViewerGroupsForUser = registeredSubprojectViewerGrps.filter(grp => groupEmailsOfUser.includes(grp));
// Find intersection of admin groups of all registered subprojects and the user group emails
const validAdminGroupsForUser = registeredSubprojectAdminGroups.filter(grp => groupEmailsOfUser.includes(grp));
const validViewerGroupsForUser = registeredSubprojectViewerGroups.filter(
grp => groupEmailsOfUser.includes(grp));
let roles = [];
for (const validAdminGroup of validAdminGroupsForUser) {
......@@ -358,7 +363,7 @@ export class UserHandler {
}
}
// Remove duplicates from roles array where each element is array byitself
// Remove duplicates from roles array where each element is array by itself
const stringRolesArray = roles.map(role => JSON.stringify(role));
const uniqueRolesStringArray = new Set(stringRolesArray);
roles = Array.from(uniqueRolesStringArray, (ele) => JSON.parse(ele));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment