pcvolkmer/onkostar-plugin-dnpm
1
0
Fork 0
mirror of https://github.com/pcvolkmer/onkostar-plugin-dnpm.git synced 2025-07-03 01:32:55 +00:00
Code Issues Activity

Verwende programmatische Berechtigungsprüfung

Browse Source 
Bei Verwendung des Plugins in einer alten Onkostar-Installation kam es bei
verwendung von AOP zu Problemen, daher wird die verwendung von AOP vorerst
deaktiviert und grundsätzlich eine programmatische Berechtigungsprüfung
durchgeführt.
This commit is contained in:
Paul-Christian Volkmer
2023-05-26 11:49:56 +02:00
parent 98f7edac9c
commit 4380e77309
4 changed files with 19 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/main/java/DNPM/analyzer/EinzelempfehlungAnalyzer.java
View File

@ -1,8 +1,8 @@
package DNPM.analyzer; package DNPM.analyzer;
import DNPM.dto.Variant; import DNPM.dto.Variant;
import DNPM.security.DelegatingDataBasedPermissionEvaluator; import DNPM.security.PermissionType;
import DNPM.security.IllegalSecuredObjectAccessException; import DNPM.security.PersonPoolBasedPermissionEvaluator;
import DNPM.services.molekulargenetik.MolekulargenetikFormService; import DNPM.services.molekulargenetik.MolekulargenetikFormService;
import de.itc.onkostar.api.Disease; import de.itc.onkostar.api.Disease;
import de.itc.onkostar.api.IOnkostarApi; import de.itc.onkostar.api.IOnkostarApi;
@ -12,6 +12,7 @@ import de.itc.onkostar.api.analysis.IProcedureAnalyzer;
import de.itc.onkostar.api.analysis.OnkostarPluginType; import de.itc.onkostar.api.analysis.OnkostarPluginType;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List; import java.util.List;
@ -31,12 +32,12 @@ public class EinzelempfehlungAnalyzer implements IProcedureAnalyzer {
private final MolekulargenetikFormService molekulargenetikFormService; private final MolekulargenetikFormService molekulargenetikFormService;
private final DelegatingDataBasedPermissionEvaluator permissionEvaluator; private final PersonPoolBasedPermissionEvaluator permissionEvaluator;
public EinzelempfehlungAnalyzer( public EinzelempfehlungAnalyzer(
final IOnkostarApi onkostarApi, final IOnkostarApi onkostarApi,
final MolekulargenetikFormService molekulargenetikFormService, final MolekulargenetikFormService molekulargenetikFormService,
final DelegatingDataBasedPermissionEvaluator permissionEvaluator final PersonPoolBasedPermissionEvaluator permissionEvaluator
) { ) {
this.onkostarApi = onkostarApi; this.onkostarApi = onkostarApi;
this.molekulargenetikFormService = molekulargenetikFormService; this.molekulargenetikFormService = molekulargenetikFormService;
@ -103,10 +104,10 @@ public class EinzelempfehlungAnalyzer implements IProcedureAnalyzer {
return List.of(); return List.of();
} }
try { if (permissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), procedure, PermissionType.READ)) {
return molekulargenetikFormService.getVariants(procedure); return molekulargenetikFormService.getVariants(procedure);
} catch (IllegalSecuredObjectAccessException e) { } else {
logger.error("Security", e); logger.error("Security: No permission to access procedure '{}'", procedure.getId());
return List.of(); return List.of();
} }
} }

4
src/main/java/DNPM/security/FormBasedSecurityAspects.java
View File

@ -8,11 +8,11 @@ import org.aspectj.lang.annotation.Before;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import java.util.Arrays; import java.util.Arrays;
@Component // TODO Disabled for now - check bytecode reported incompatibility for older OS installations
//@Component
@Aspect @Aspect
public class FormBasedSecurityAspects { public class FormBasedSecurityAspects {

2
src/main/java/DNPM/services/molekulargenetik/OsMolekulargenetikFormService.java
View File

@ -1,7 +1,6 @@
package DNPM.services.molekulargenetik; package DNPM.services.molekulargenetik;
import DNPM.dto.Variant; import DNPM.dto.Variant;
import DNPM.security.PersonPoolSecured;
import de.itc.onkostar.api.Procedure; import de.itc.onkostar.api.Procedure;
import java.util.List; import java.util.List;
@ -21,7 +20,6 @@ public class OsMolekulargenetikFormService implements MolekulargenetikFormServic
* @return Die unterstützten Varianten oder eine leere Liste, wenn keine Varianten gefunden wurden. * @return Die unterstützten Varianten oder eine leere Liste, wenn keine Varianten gefunden wurden.
*/ */
@Override @Override
@PersonPoolSecured
public List<Variant> getVariants(Procedure procedure) { public List<Variant> getVariants(Procedure procedure) {
if (! "OS.Molekulargenetik".equals(procedure.getFormName())) { if (! "OS.Molekulargenetik".equals(procedure.getFormName())) {
return List.of(); return List.of();

10
src/test/java/DNPM/analyzer/EinzelempfehlungAnalyzerTest.java
View File

@ -1,6 +1,7 @@
package DNPM.analyzer; package DNPM.analyzer;
import DNPM.security.DelegatingDataBasedPermissionEvaluator; import DNPM.security.PermissionType;
import DNPM.security.PersonPoolBasedPermissionEvaluator;
import DNPM.services.molekulargenetik.MolekulargenetikFormService; import DNPM.services.molekulargenetik.MolekulargenetikFormService;
import de.itc.onkostar.api.IOnkostarApi; import de.itc.onkostar.api.IOnkostarApi;
import de.itc.onkostar.api.Procedure; import de.itc.onkostar.api.Procedure;
@ -22,22 +23,27 @@ class EinzelempfehlungAnalyzerTest {
private MolekulargenetikFormService molekulargenetikFormService; private MolekulargenetikFormService molekulargenetikFormService;
private PersonPoolBasedPermissionEvaluator permissionEvaluator;
private EinzelempfehlungAnalyzer analyzer; private EinzelempfehlungAnalyzer analyzer;
@BeforeEach @BeforeEach
void setup( void setup(
@Mock IOnkostarApi onkostarApi, @Mock IOnkostarApi onkostarApi,
@Mock MolekulargenetikFormService molekulargenetikFormService, @Mock MolekulargenetikFormService molekulargenetikFormService,
@Mock DelegatingDataBasedPermissionEvaluator permissionEvaluator @Mock PersonPoolBasedPermissionEvaluator permissionEvaluator
) { ) {
this.onkostarApi = onkostarApi; this.onkostarApi = onkostarApi;
this.molekulargenetikFormService = molekulargenetikFormService; this.molekulargenetikFormService = molekulargenetikFormService;
this.permissionEvaluator = permissionEvaluator;
this.analyzer = new EinzelempfehlungAnalyzer(onkostarApi, molekulargenetikFormService, permissionEvaluator); this.analyzer = new EinzelempfehlungAnalyzer(onkostarApi, molekulargenetikFormService, permissionEvaluator);
} }
@Test @Test
void testShouldRequestVariantsFromMolekulargenetikFormService() { void testShouldRequestVariantsFromMolekulargenetikFormService() {
doAnswer(invocationOnMock -> new Procedure(this.onkostarApi)).when(onkostarApi).getProcedure(anyInt()); doAnswer(invocationOnMock -> new Procedure(this.onkostarApi)).when(onkostarApi).getProcedure(anyInt());
when(this.permissionEvaluator.hasPermission(any(), any(Procedure.class), any(PermissionType.class)))
.thenReturn(true);
analyzer.getVariants(Map.of("id", 123)); analyzer.getVariants(Map.of("id", 123));
verify(molekulargenetikFormService, times(1)).getVariants(any(Procedure.class)); verify(molekulargenetikFormService, times(1)).getVariants(any(Procedure.class));