Merge branch 'release-3.x.x' into TASK-6219

opencga-catalog/src/main/java/org/opencb/opencga/catalog/managers/UserManager.java

@@ -303,9 +303,8 @@ public JwtPayload validateToken(String token) throws CatalogException {
     }
 
     public void syncAllUsersOfExternalGroup(String organizationId, String study, String authOrigin, String token) throws CatalogException {
-        if (!OPENCGA.equals(authenticationFactory.getUserId(organizationId, authOrigin, token))) {
-            throw new CatalogAuthorizationException("Only the root user can perform this action");
-        }
+        JwtPayload payload = validateToken(token);
+        authorizationManager.checkIsOpencgaAdministrator(payload);
 
         OpenCGAResult<Group> allGroups = catalogManager.getStudyManager().getGroup(study, null, token);
 
@@ -392,9 +391,7 @@ public void importRemoteGroupOfUsers(String organizationId, String authOrigin, S
                 .append("sync", sync)
                 .append("token", token);
         try {
-            if (!OPENCGA.equals(authenticationFactory.getUserId(organizationId, authOrigin, token))) {
-                throw new CatalogAuthorizationException("Only the root user can perform this action");
-            }
+            authorizationManager.checkIsOpencgaAdministrator(payload);
 
             ParamUtils.checkParameter(authOrigin, "Authentication origin");
             ParamUtils.checkParameter(remoteGroup, "Remote group");

opencga-catalog/src/test/java/org/opencb/opencga/catalog/managers/UserManagerTest.java

@@ -13,13 +13,17 @@
 import org.opencb.commons.datastore.core.Query;
 import org.opencb.commons.datastore.core.QueryOptions;
 import org.opencb.opencga.TestParamConstants;
+import org.opencb.opencga.catalog.db.api.OrganizationDBAdaptor;
 import org.opencb.opencga.catalog.db.api.UserDBAdaptor;
 import org.opencb.opencga.catalog.exceptions.*;
+import org.opencb.opencga.catalog.utils.Constants;
 import org.opencb.opencga.catalog.utils.ParamUtils;
 import org.opencb.opencga.core.api.ParamConstants;
 import org.opencb.opencga.core.common.PasswordUtils;
 import org.opencb.opencga.core.common.TimeUtils;
+import org.opencb.opencga.core.config.AuthenticationOrigin;
 import org.opencb.opencga.core.models.JwtPayload;
+import org.opencb.opencga.core.models.organizations.OrganizationConfiguration;
 import org.opencb.opencga.core.models.organizations.OrganizationCreateParams;
 import org.opencb.opencga.core.models.organizations.OrganizationUpdateParams;
 import org.opencb.opencga.core.models.project.Project;
@@ -660,5 +664,22 @@ public void importLdapGroups() throws CatalogException, IOException {
         catalogManager.getUserManager().importRemoteGroupOfUsers(organizationId, "ldap", remoteGroup, internalGroup, studyFqn, true, getAdminToken());
     }
 
+    @Test
+    public void syncUsersTest() throws CatalogException {
+        Map<String, Object> actionMap = new HashMap<>();
+        actionMap.put(OrganizationDBAdaptor.AUTH_ORIGINS_FIELD, ParamUtils.UpdateAction.ADD);
+        QueryOptions queryOptions = new QueryOptions(Constants.ACTIONS, actionMap);
+
+        List<AuthenticationOrigin> authenticationOrigins = Collections.singletonList(new AuthenticationOrigin("CAS",
+                AuthenticationOrigin.AuthenticationType.SSO, null, null));
+        OrganizationConfiguration organizationConfiguration = new OrganizationConfiguration()
+                .setAuthenticationOrigins(authenticationOrigins);
+        catalogManager.getOrganizationManager().updateConfiguration(organizationId, organizationConfiguration, queryOptions, orgAdminToken1);
+
+        catalogManager.getUserManager().importRemoteGroupOfUsers(organizationId, "CAS", "opencb", "opencb", studyFqn, true, opencgaToken);
+        OpenCGAResult<Group> opencb = catalogManager.getStudyManager().getGroup(studyFqn, "opencb", studyAdminToken1);
+        assertEquals(1, opencb.getNumResults());
+        assertEquals("@opencb", opencb.first().getId());
+    }
 
 }