diff --git a/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/CloudStorageImpl.java b/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/CloudStorageImpl.java index 2652c0f20264c5e7a30fcce74b20e05fc6abffd6..1cc2e5d2f52be1ab71e392cb98de6e2b72264cc6 100644 --- a/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/CloudStorageImpl.java +++ b/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/CloudStorageImpl.java @@ -93,6 +93,8 @@ public class CloudStorageImpl implements ICloudStorage { @Override public void write(RecordProcessing... recordsProcessing) { + userAccessService.validateRecordAcl(this.queryHelper, recordsProcessing); + // TODO: throughout this class userId isn't used, seems to be something to integrate with entitlements service // TODO: ensure that the threads come from the shared pool manager from the web server // Using threads to write records to S3 to increase efficiency, no impact to cost @@ -139,9 +141,17 @@ public class CloudStorageImpl implements ICloudStorage { @Override public Map getHash(Collection records) { + Collection accessibleRecords = new ArrayList<>(); + + for (RecordMetadata record : records) { + if (userAccessService.userHasAccessToRecord(record.getAcl())) { + accessibleRecords.add(record); + } + } + Gson gson = new Gson(); Map base64Hashes = new HashMap(); - Map recordsMap = recordsUtil.getRecordsValuesById(records); + Map recordsMap = recordsUtil.getRecordsValuesById(accessibleRecords); for (Map.Entry recordObj : recordsMap.entrySet()) { String recordId = recordObj.getKey(); String contents = recordObj.getValue(); diff --git a/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/RecordsMetadataRepositoryImpl.java b/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/RecordsMetadataRepositoryImpl.java index 57597e54fab400b1a7e19ef48309b818659a2353..b81f5ddd331240b8f9ad4c757f189692fbdd3c89 100644 --- a/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/RecordsMetadataRepositoryImpl.java +++ b/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/RecordsMetadataRepositoryImpl.java @@ -85,11 +85,13 @@ public class RecordsMetadataRepositoryImpl implements IRecordsMetadataRepository @Override public void delete(String id) { RecordMetadata rmd = get(id); // needed for authorization check + if(userAccessService.userHasAccessToRecord(rmd.getAcl())) { queryHelper.deleteByPrimaryKey(RecordMetadataDoc.class, id); - for(String legalTag : rmd.getLegal().getLegaltags()){ + for (String legalTag : rmd.getLegal().getLegaltags()) { deleteLegalTagAssociation(id, legalTag); } } + } @Override public RecordMetadata get(String id) { diff --git a/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/di/EntitlementsFactoryImpl.java b/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/di/EntitlementsFactoryImpl.java deleted file mode 100644 index 77815e44c48045bd2ac6d87d83fb3a6fe1152d78..0000000000000000000000000000000000000000 --- a/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/di/EntitlementsFactoryImpl.java +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright © Amazon Web Services -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package org.opengroup.osdu.storage.provider.aws.di; - -import org.opengroup.osdu.core.common.model.http.DpsHeaders; -import org.opengroup.osdu.core.common.entitlements.IEntitlementsFactory; -import org.opengroup.osdu.core.common.entitlements.IEntitlementsService; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Primary; -import org.springframework.stereotype.Component; - -@Component -@Primary -public class EntitlementsFactoryImpl implements IEntitlementsFactory { - @Value("${aws.lambda.get-groups-function-name}") - private String getGroupsFunctionName; - - @Override - public IEntitlementsService create(DpsHeaders headers) { - EntitlementsServiceImpl service = new EntitlementsServiceImpl(headers); - service.setEntitlementsServiceHelper(getGroupsFunctionName); - return service; - } -} diff --git a/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/di/EntitlementsServiceImpl.java b/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/di/EntitlementsServiceImpl.java deleted file mode 100644 index 201a4a80322c596db72e57168506a5860788f3a9..0000000000000000000000000000000000000000 --- a/provider/storage-aws/src/main/java/org/opengroup/osdu/storage/provider/aws/di/EntitlementsServiceImpl.java +++ /dev/null @@ -1,137 +0,0 @@ -// Copyright © Amazon Web Services -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package org.opengroup.osdu.storage.provider.aws.di; - -import com.amazonaws.regions.Regions; -import com.amazonaws.services.lambda.invoke.LambdaFunctionException; -import com.amazonaws.services.lambda.invoke.LambdaSerializationException; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.core.type.TypeReference; -import com.fasterxml.jackson.databind.ObjectMapper; -import org.opengroup.osdu.core.common.model.entitlements.*; -import org.opengroup.osdu.core.aws.entitlements.*; -import org.opengroup.osdu.core.common.model.entitlements.MemberInfo; -import org.opengroup.osdu.core.common.model.entitlements.Members; -import org.opengroup.osdu.core.common.model.http.DpsHeaders; -import org.opengroup.osdu.core.common.entitlements.IEntitlementsService; -import org.opengroup.osdu.core.common.model.http.AppException; -import org.opengroup.osdu.core.common.http.HttpResponse; -import org.springframework.http.HttpStatus; -import sun.reflect.generics.reflectiveObjects.NotImplementedException; - -import java.io.*; -import java.util.ArrayList; -import java.util.List; - -public class EntitlementsServiceImpl implements IEntitlementsService { - private DpsHeaders dpsHeaders; - private EntitlementsServiceHelper entitlementsServiceHelper; - - private final static String ACCESS_DENIED = "Access denied"; - private final static String ACCESS_DENIED_MSG = "The user is not authorized to perform this action"; - - public EntitlementsServiceImpl(DpsHeaders headers){ - this.dpsHeaders = headers; - } - - public void setEntitlementsServiceHelper(String getGroupsFunctionName){ - entitlementsServiceHelper = new EntitlementsServiceHelper(Regions.US_EAST_1, getGroupsFunctionName); - } - - @Override - public MemberInfo addMember(GroupEmail groupEmail, MemberInfo memberInfo) throws EntitlementsException { - // not implemented anywhere in storage - throw new NotImplementedException(); - } - - @Override - public Members getMembers(GroupEmail groupEmail, GetMembers getMembers) throws EntitlementsException { - // not implemented anywhere in storage - throw new NotImplementedException(); - } - - @Override - public Groups getGroups() throws EntitlementsException { - Groups groups; - GroupsRequest request = entitlementsServiceHelper.constructRequest(this.dpsHeaders.getHeaders()); - - try{ - GroupsResult groupsResult = entitlementsServiceHelper.getGroups(request); - groups = getGroupsFromResult(groupsResult); - } catch (JsonProcessingException e) { - throw new EntitlementsException(e.getMessage(), new HttpResponse()); - } catch (LambdaFunctionException e){ - throw new EntitlementsException(e.getMessage(), new HttpResponse()); - } catch (LambdaSerializationException e){ - throw new EntitlementsException(e.getMessage(), new HttpResponse()); - } catch (IOException e){ - throw new EntitlementsException(e.getMessage(), new HttpResponse()); - } - - return groups; - } - - @Override - public GroupInfo createGroup(CreateGroup createGroup) throws EntitlementsException { - // not implemented anywhere in storage - throw new NotImplementedException(); - } - - @Override - public void deleteMember(String s, String s1) throws EntitlementsException { - // not implemented anywhere in storage - throw new NotImplementedException(); - } - - @Override - public Groups authorizeAny(String... strings) throws EntitlementsException { - // not implemented anywhere in storage - throw new NotImplementedException(); - } - - @Override - public void authenticate() throws EntitlementsException { - // not implemented anywhere in storage - throw new NotImplementedException(); - } - - private Groups getGroupsFromResult(GroupsResult result) throws EntitlementsException, IOException { - ObjectMapper mapper = new ObjectMapper(); - Groups groups = new Groups(); - if(result.statusCode == HttpStatus.OK.value()) { - TypeReference> mapType = new TypeReference>() {}; - List groupInfosRaw = mapper.readValue(result.body, mapType); - List groupInfos = new ArrayList<>(); - for(GroupInfoRaw groupInfoRaw : groupInfosRaw){ - GroupInfo groupInfo = new GroupInfo(); - groupInfo.setDescription(groupInfoRaw.groupDescription); - groupInfo.setEmail(groupInfoRaw.groupEmail); - groupInfo.setName(groupInfoRaw.groupName); - groupInfos.add(groupInfo); - } - groups.setDesId(result.headers.get(RequestKeys.USER_HEADER_KEY)); - groups.setMemberEmail(result.headers.get(RequestKeys.USER_HEADER_KEY)); - groups.setGroups(groupInfos); - } else { - if(result.statusCode == HttpStatus.UNAUTHORIZED.value()){ - throw new AppException(HttpStatus.FORBIDDEN.value(), ACCESS_DENIED, ACCESS_DENIED_MSG); - } else { - throw new EntitlementsException(String.format("Getting groups for user returned %s status code", - result.statusCode), new HttpResponse()); - } - } - return groups; - } -} diff --git a/provider/storage-aws/src/test/java/org/opengroup/osdu/storage/provider/aws/api/EntitlementsServiceImplTest.java b/provider/storage-aws/src/test/java/org/opengroup/osdu/storage/provider/aws/api/EntitlementsServiceImplTest.java index 48f79539fb59b1038f6c60e25fee90a514246644..224f138b071c8ecbd3c0d561c2719d55460b94b0 100644 --- a/provider/storage-aws/src/test/java/org/opengroup/osdu/storage/provider/aws/api/EntitlementsServiceImplTest.java +++ b/provider/storage-aws/src/test/java/org/opengroup/osdu/storage/provider/aws/api/EntitlementsServiceImplTest.java @@ -26,6 +26,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mockito; import org.mockito.internal.util.reflection.Whitebox; +import org.opengroup.osdu.core.aws.entitlements.EntitlementsServiceAwsImpl; import org.opengroup.osdu.core.common.model.http.DpsHeaders; import org.opengroup.osdu.core.common.model.entitlements.EntitlementsException; import org.opengroup.osdu.core.common.model.entitlements.GroupInfo; @@ -35,7 +36,6 @@ import org.opengroup.osdu.core.aws.entitlements.GroupsRequest; import org.opengroup.osdu.core.aws.lambda.HttpMethods; import org.opengroup.osdu.core.aws.lambda.LambdaConfig; import org.opengroup.osdu.storage.StorageApplication; -import org.opengroup.osdu.storage.provider.aws.di.EntitlementsServiceImpl; import org.springframework.boot.test.context.SpringBootTest; import org.mockito.runners.MockitoJUnitRunner; @@ -92,7 +92,7 @@ public class EntitlementsServiceImplTest { EntitlementsServiceHelper entitlementsServiceHelper = new EntitlementsServiceHelper(Regions.US_EAST_1, "mocked-group-function"); Whitebox.setInternalState(entitlementsServiceHelper, "lambda", lambda); - EntitlementsServiceImpl service = new EntitlementsServiceImpl(headers); + EntitlementsServiceAwsImpl service = new EntitlementsServiceAwsImpl(headers); Whitebox.setInternalState(service, "entitlementsServiceHelper", entitlementsServiceHelper); Groups expectedGroups = new Groups(); diff --git a/testing/storage-test-aws/pom.xml b/testing/storage-test-aws/pom.xml index 9f698e1e69b7bacef43ec06e571aa148466f5146..87668cb51e8fd0d91e04e58c8497043f39f80134 100644 --- a/testing/storage-test-aws/pom.xml +++ b/testing/storage-test-aws/pom.xml @@ -41,7 +41,7 @@ org.opengroup.osdu.storage storage-test-core - 0.0.2-SNAPSHOT + 0.0.3-SNAPSHOT diff --git a/testing/storage-test-core/pom.xml b/testing/storage-test-core/pom.xml index 3a2ed1ec0a72299be99579d5a590e1e909a1a34a..12945865a6b77f8659a84eb27ceb9c0a329139ab 100644 --- a/testing/storage-test-core/pom.xml +++ b/testing/storage-test-core/pom.xml @@ -20,7 +20,7 @@ 4.0.0 org.opengroup.osdu.storage storage-test-core - 0.0.2-SNAPSHOT + 0.0.3-SNAPSHOT jar 1.8