diff --git a/src/main/java/DNPM/analyzer/EinzelempfehlungAnalyzer.java b/src/main/java/DNPM/analyzer/EinzelempfehlungAnalyzer.java index efcc0a7..1bf56df 100644 --- a/src/main/java/DNPM/analyzer/EinzelempfehlungAnalyzer.java +++ b/src/main/java/DNPM/analyzer/EinzelempfehlungAnalyzer.java @@ -1,8 +1,8 @@ package DNPM.analyzer; import DNPM.dto.Variant; -import DNPM.security.DelegatingDataBasedPermissionEvaluator; -import DNPM.security.IllegalSecuredObjectAccessException; +import DNPM.security.PermissionType; +import DNPM.security.PersonPoolBasedPermissionEvaluator; import DNPM.services.molekulargenetik.MolekulargenetikFormService; import de.itc.onkostar.api.Disease; import de.itc.onkostar.api.IOnkostarApi; @@ -12,13 +12,14 @@ import de.itc.onkostar.api.analysis.IProcedureAnalyzer; import de.itc.onkostar.api.analysis.OnkostarPluginType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; import java.util.List; import java.util.Map; /** - * Diese Klasse implementiert ein Plugin, welches Funktionen für DNPM UF Einzelempfehlung bereit stellt. + * Diese Klasse implementiert ein Plugin, welches Funktionen für DNPM UF Einzelempfehlung bereitstellt. * * @since 0.2.0 */ @@ -31,12 +32,12 @@ public class EinzelempfehlungAnalyzer implements IProcedureAnalyzer { private final MolekulargenetikFormService molekulargenetikFormService; - private final DelegatingDataBasedPermissionEvaluator permissionEvaluator; + private final PersonPoolBasedPermissionEvaluator permissionEvaluator; public EinzelempfehlungAnalyzer( final IOnkostarApi onkostarApi, final MolekulargenetikFormService molekulargenetikFormService, - final DelegatingDataBasedPermissionEvaluator permissionEvaluator + final PersonPoolBasedPermissionEvaluator permissionEvaluator ) { this.onkostarApi = onkostarApi; this.molekulargenetikFormService = molekulargenetikFormService; @@ -103,10 +104,10 @@ public class EinzelempfehlungAnalyzer implements IProcedureAnalyzer { return List.of(); } - try { + if (permissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), procedure, PermissionType.READ)) { return molekulargenetikFormService.getVariants(procedure); - } catch (IllegalSecuredObjectAccessException e) { - logger.error("Security", e); + } else { + logger.error("Security: No permission to access procedure '{}'", procedure.getId()); return List.of(); } } diff --git a/src/main/java/DNPM/security/FormBasedSecurityAspects.java b/src/main/java/DNPM/security/FormBasedSecurityAspects.java index 3dea944..306c062 100644 --- a/src/main/java/DNPM/security/FormBasedSecurityAspects.java +++ b/src/main/java/DNPM/security/FormBasedSecurityAspects.java @@ -8,11 +8,11 @@ import org.aspectj.lang.annotation.Before; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.stereotype.Component; import java.util.Arrays; -@Component +// TODO Disabled for now - check bytecode reported incompatibility for older OS installations +//@Component @Aspect public class FormBasedSecurityAspects { diff --git a/src/main/java/DNPM/services/molekulargenetik/OsMolekulargenetikFormService.java b/src/main/java/DNPM/services/molekulargenetik/OsMolekulargenetikFormService.java index 06ab9d2..e3d057f 100644 --- a/src/main/java/DNPM/services/molekulargenetik/OsMolekulargenetikFormService.java +++ b/src/main/java/DNPM/services/molekulargenetik/OsMolekulargenetikFormService.java @@ -1,7 +1,6 @@ package DNPM.services.molekulargenetik; import DNPM.dto.Variant; -import DNPM.security.PersonPoolSecured; import de.itc.onkostar.api.Procedure; import java.util.List; @@ -21,7 +20,6 @@ public class OsMolekulargenetikFormService implements MolekulargenetikFormServic * @return Die unterstützten Varianten oder eine leere Liste, wenn keine Varianten gefunden wurden. */ @Override - @PersonPoolSecured public List getVariants(Procedure procedure) { if (! "OS.Molekulargenetik".equals(procedure.getFormName())) { return List.of(); diff --git a/src/test/java/DNPM/analyzer/EinzelempfehlungAnalyzerTest.java b/src/test/java/DNPM/analyzer/EinzelempfehlungAnalyzerTest.java index 337ffdb..f72159d 100644 --- a/src/test/java/DNPM/analyzer/EinzelempfehlungAnalyzerTest.java +++ b/src/test/java/DNPM/analyzer/EinzelempfehlungAnalyzerTest.java @@ -1,6 +1,7 @@ package DNPM.analyzer; -import DNPM.security.DelegatingDataBasedPermissionEvaluator; +import DNPM.security.PermissionType; +import DNPM.security.PersonPoolBasedPermissionEvaluator; import DNPM.services.molekulargenetik.MolekulargenetikFormService; import de.itc.onkostar.api.IOnkostarApi; import de.itc.onkostar.api.Procedure; @@ -22,22 +23,27 @@ class EinzelempfehlungAnalyzerTest { private MolekulargenetikFormService molekulargenetikFormService; + private PersonPoolBasedPermissionEvaluator permissionEvaluator; + private EinzelempfehlungAnalyzer analyzer; @BeforeEach void setup( @Mock IOnkostarApi onkostarApi, @Mock MolekulargenetikFormService molekulargenetikFormService, - @Mock DelegatingDataBasedPermissionEvaluator permissionEvaluator + @Mock PersonPoolBasedPermissionEvaluator permissionEvaluator ) { this.onkostarApi = onkostarApi; this.molekulargenetikFormService = molekulargenetikFormService; + this.permissionEvaluator = permissionEvaluator; this.analyzer = new EinzelempfehlungAnalyzer(onkostarApi, molekulargenetikFormService, permissionEvaluator); } @Test void testShouldRequestVariantsFromMolekulargenetikFormService() { doAnswer(invocationOnMock -> new Procedure(this.onkostarApi)).when(onkostarApi).getProcedure(anyInt()); + when(this.permissionEvaluator.hasPermission(any(), any(Procedure.class), any(PermissionType.class))) + .thenReturn(true); analyzer.getVariants(Map.of("id", 123)); verify(molekulargenetikFormService, times(1)).getVariants(any(Procedure.class));