Commit 82b7d593 authored by Alok Joshi's avatar Alok Joshi
Browse files

refactoring

parent 331f1772
Pipeline #34057 failed with stage
in 1 minute
......@@ -30,3 +30,4 @@ Here are steps to enable Policy service for a provider:
- This is an experimental feature and at this moment has following limitations
1. If the query has `returnedFields` set, it must contain all `acl, kind, legal` and `id`
2. In the current implementation, totalCount represents the number of records matching user query before the search policy is applied
3. Because the policy auth filter is applied outside of query handles, cursor may not point to the accurate data entry when using `query_with_cursor`
\ No newline at end of file
......@@ -44,7 +44,7 @@
<log4j-core.version>2.13.2</log4j-core.version>
<google-oauth-client.version>1.31.0</google-oauth-client.version>
<commons-compress.version>1.20</commons-compress.version>
<osdu.oscorecommon.version>0.6.10</osdu.oscorecommon.version>
<osdu.oscorecommon.version>0.8.0-SNAPSHOT</osdu.oscorecommon.version>
</properties>
<licenses>
......
......@@ -94,7 +94,6 @@ abstract class QueryBase {
QueryBuilder textQueryBuilder = null;
QueryBuilder spatialQueryBuilder = null;
QueryBuilder authorizationQueryBuilder;
QueryBuilder queryBuilder = null;
if (StringUtils.isNotEmpty(simpleQuery)) {
......@@ -129,23 +128,29 @@ abstract class QueryBase {
queryBuilder = queryBuilder != null ? boolQuery().must(queryBuilder).must(spatialQueryBuilder) : boolQuery().must(spatialQueryBuilder);
}
return modifyQueryIfPolicyEnabled(queryBuilder, asOwner);
}
private QueryBuilder modifyQueryIfPolicyEnabled (QueryBuilder queryBuilder, boolean asOwner) {
if(this.iPolicyService != null && this.statusService.policyEnabled(this.dpsHeaders.getPartitionId())) {
return queryBuilder;
} else {
QueryBuilder authorizationQueryBuilder = null;
// apply authorization filters
//bypass for BYOC implementation only.
String groups = dpsHeaders.getHeaders().get(providerHeaderService.getDataGroupsHeader());
String[] groupArray = groups.trim().split("\\s*,\\s*");
if (asOwner) {
authorizationQueryBuilder = boolQuery().minimumShouldMatch("1").should(termsQuery(
AclRole.OWNERS.getPath(), groupArray));
} else {
authorizationQueryBuilder = boolQuery().minimumShouldMatch("1").should(termsQuery(RecordMetaAttribute.X_ACL.getValue(), groupArray));
if (groups != null) {
String[] groupArray = groups.trim().split("\\s*,\\s*");
if (asOwner) {
authorizationQueryBuilder = boolQuery().minimumShouldMatch("1").should(termsQuery(
AclRole.OWNERS.getPath(), groupArray));
} else {
authorizationQueryBuilder = boolQuery().minimumShouldMatch("1").should(termsQuery(RecordMetaAttribute.X_ACL.getValue(), groupArray));
}
}
if (authorizationQueryBuilder != null) {
queryBuilder = queryBuilder != null ? boolQuery().must(queryBuilder).must(authorizationQueryBuilder) : boolQuery().must(authorizationQueryBuilder);
}
return queryBuilder;
}
}
......
......@@ -94,7 +94,6 @@ abstract class QueryBase {
QueryBuilder textQueryBuilder = null;
QueryBuilder spatialQueryBuilder = null;
QueryBuilder authorizationQueryBuilder = null;
QueryBuilder queryBuilder = null;
if (!Strings.isNullOrEmpty(simpleQuery)) {
......@@ -130,9 +129,14 @@ abstract class QueryBase {
queryBuilder = queryBuilder != null ? boolQuery().must(queryBuilder).must(spatialQueryBuilder) : boolQuery().must(spatialQueryBuilder);
}
return modifyQueryIfPolicyEnabled(queryBuilder, asOwner);
}
private QueryBuilder modifyQueryIfPolicyEnabled (QueryBuilder queryBuilder, boolean asOwner) {
if(this.iPolicyService != null && this.statusService.policyEnabled(this.dpsHeaders.getPartitionId())) {
return queryBuilder;
} else {
QueryBuilder authorizationQueryBuilder = null;
// apply authorization filters
//bypass for BYOC implementation only.
String groups = dpsHeaders.getHeaders().get(providerHeaderService.getDataGroupsHeader());
......
......@@ -83,7 +83,6 @@ abstract class QueryBase {
QueryBuilder textQueryBuilder = null;
QueryBuilder spatialQueryBuilder = null;
QueryBuilder authorizationQueryBuilder = null;
QueryBuilder queryBuilder = null;
if (!Strings.isNullOrEmpty(simpleQuery)) {
......@@ -108,9 +107,14 @@ abstract class QueryBase {
queryBuilder = queryBuilder != null ? boolQuery().must(queryBuilder).must(spatialQueryBuilder) : boolQuery().must(spatialQueryBuilder);
}
return modifyQueryIfPolicyEnabled(queryBuilder, asOwner);
}
private QueryBuilder modifyQueryIfPolicyEnabled(QueryBuilder queryBuilder, boolean asOwner) {
if(this.iPolicyService != null && this.statusService.policyEnabled(this.dpsHeaders.getPartitionId())) {
return queryBuilder;
} else {
QueryBuilder authorizationQueryBuilder = null;
// apply authorization filters
//bypass for BYOC implementation only.
String groups = dpsHeaders.getHeaders().get(providerHeaderService.getDataGroupsHeader());
......
......@@ -99,7 +99,6 @@ abstract class QueryBase {
QueryBuilder textQueryBuilder = null;
QueryBuilder spatialQueryBuilder = null;
QueryBuilder authorizationQueryBuilder;
QueryBuilder queryBuilder = null;
if (!Strings.isNullOrEmpty(simpleQuery)) {
......@@ -134,9 +133,14 @@ abstract class QueryBase {
queryBuilder = queryBuilder != null ? boolQuery().must(queryBuilder).must(spatialQueryBuilder) : boolQuery().must(spatialQueryBuilder);
}
return modifyQueryIfPolicyEnabled(queryBuilder, asOwner);
}
private QueryBuilder modifyQueryIfPolicyEnabled(QueryBuilder queryBuilder, boolean asOwner) {
if(this.iPolicyService != null && this.statusService.policyEnabled(this.dpsHeaders.getPartitionId())) {
return queryBuilder;
} else {
QueryBuilder authorizationQueryBuilder;
// apply authorization filters
String groups = dpsHeaders.getHeaders().get(providerHeaderService.getDataGroupsHeader());
String[] groupArray = groups.trim().split("\\s*,\\s*");
......
......@@ -85,7 +85,6 @@ abstract class QueryBase {
QueryBuilder textQueryBuilder = null;
QueryBuilder spatialQueryBuilder = null;
QueryBuilder authorizationQueryBuilder;
QueryBuilder queryBuilder = null;
if (!Strings.isNullOrEmpty(simpleQuery)) {
......@@ -120,9 +119,14 @@ abstract class QueryBase {
queryBuilder = queryBuilder != null ? boolQuery().must(queryBuilder).must(spatialQueryBuilder) : boolQuery().must(spatialQueryBuilder);
}
return modifyQueryIfPolicyEnabled(queryBuilder, asOwner);
}
private QueryBuilder modifyQueryIfPolicyEnabled(QueryBuilder queryBuilder, boolean asOwner) {
if(this.iPolicyService != null && this.statusService.policyEnabled(this.dpsHeaders.getPartitionId())) {
return queryBuilder;
} else {
QueryBuilder authorizationQueryBuilder;
// apply authorization filters
String groups = dpsHeaders.getHeaders().get(providerHeaderService.getDataGroupsHeader());
String[] groupArray = groups.trim().split("\\s*,\\s*");
......@@ -140,7 +144,6 @@ abstract class QueryBase {
return queryBuilder;
}
}
private QueryBuilder getSimpleQuery(String searchQuery) {
......
......@@ -111,7 +111,6 @@ abstract class QueryBase {
QueryBuilder textQueryBuilder = null;
QueryBuilder spatialQueryBuilder = null;
QueryBuilder authorizationQueryBuilder;
QueryBuilder queryBuilder = null;
if (!(simpleQuery == null || simpleQuery.isEmpty())) {
......@@ -146,9 +145,14 @@ abstract class QueryBase {
queryBuilder = queryBuilder != null ? boolQuery().must(queryBuilder).must(spatialQueryBuilder) : boolQuery().must(spatialQueryBuilder);
}
return modifyQueryIfPolicyEnabled(queryBuilder, asOwner);
}
private QueryBuilder modifyQueryIfPolicyEnabled(QueryBuilder queryBuilder, boolean asOwner) {
if(this.iPolicyService != null && this.statusService.policyEnabled(this.dpsHeaders.getPartitionId())) {
return queryBuilder;
} else {
QueryBuilder authorizationQueryBuilder;
// apply authorization filters
String groups = dpsHeaders.getHeaders().get(providerHeaderService.getDataGroupsHeader());
String[] groupArray = groups.trim().split("\\s*,\\s*");
......
......@@ -16,12 +16,12 @@ package org.opengroup.osdu.search.policy.di;
import lombok.Getter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
@Configuration
@Getter
@Lazy
@ConditionalOnProperty(value = "service.policy.enabled", havingValue = "true", matchIfMissing = false)
public class PolicyServiceConfiguration {
@Value("${POLICY_ID:search}")
......
......@@ -72,8 +72,6 @@ public class PolicyServiceImpl implements IPolicyService{
}
private PolicyRequest getSearchPolicy(List<RecordMetadata> recordMetadataList, OperationType operation) {
//TODO: confirm SearchPolicy structure and search_input.json from Hrvoje
List<Record> records = new ArrayList<>();
for(RecordMetadata recordMetadata : recordMetadataList) {
Record record = new Record();
......
// Copyright 2017-2019, Schlumberger
// Copyright 2017-2021, Schlumberger
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
......
// Copyright 2017-2019, Schlumberger
// Copyright 2017-2021, Schlumberger
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
......@@ -20,6 +20,7 @@ import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.core.common.model.http.DpsHeaders;
import org.opengroup.osdu.core.common.model.indexer.OperationType;
import org.opengroup.osdu.core.common.model.legal.Legal;
import org.opengroup.osdu.core.common.model.search.RecordMetaAttribute;
import org.opengroup.osdu.core.common.model.storage.RecordMetadata;
import org.opengroup.osdu.search.policy.service.IPolicyService;
import org.opengroup.osdu.search.policy.service.PartitionPolicyStatusService;
......@@ -63,7 +64,10 @@ public class QueryResponseUtil {
private boolean requiredFieldsArePresent(List<Map<String, Object>> results) {
for(Map<String, Object> result : results) {
if(!result.containsKey("acl") || !result.containsKey("kind") || !result.containsKey("legal") || !result.containsKey("id"))
if(!result.containsKey(RecordMetaAttribute.ACL.getValue())
|| !result.containsKey(RecordMetaAttribute.KIND.getValue())
|| !result.containsKey(RecordMetaAttribute.LEGAL.getValue())
|| !result.containsKey(RecordMetaAttribute.ID.getValue()))
return false;
}
return true;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment