diff --git a/opencga-catalog/src/main/java/org/opencb/opencga/catalog/managers/UserManager.java b/opencga-catalog/src/main/java/org/opencb/opencga/catalog/managers/UserManager.java index 7e8e8cdffe..c5f35a3afa 100644 --- a/opencga-catalog/src/main/java/org/opencb/opencga/catalog/managers/UserManager.java +++ b/opencga-catalog/src/main/java/org/opencb/opencga/catalog/managers/UserManager.java @@ -303,9 +303,8 @@ public JwtPayload validateToken(String token) throws CatalogException { } public void syncAllUsersOfExternalGroup(String organizationId, String study, String authOrigin, String token) throws CatalogException { - if (!OPENCGA.equals(authenticationFactory.getUserId(organizationId, authOrigin, token))) { - throw new CatalogAuthorizationException("Only the root user can perform this action"); - } + JwtPayload payload = validateToken(token); + authorizationManager.checkIsOpencgaAdministrator(payload); OpenCGAResult allGroups = catalogManager.getStudyManager().getGroup(study, null, token); @@ -392,9 +391,7 @@ public void importRemoteGroupOfUsers(String organizationId, String authOrigin, S .append("sync", sync) .append("token", token); try { - if (!OPENCGA.equals(authenticationFactory.getUserId(organizationId, authOrigin, token))) { - throw new CatalogAuthorizationException("Only the root user can perform this action"); - } + authorizationManager.checkIsOpencgaAdministrator(payload); ParamUtils.checkParameter(authOrigin, "Authentication origin"); ParamUtils.checkParameter(remoteGroup, "Remote group"); diff --git a/opencga-catalog/src/test/java/org/opencb/opencga/catalog/managers/UserManagerTest.java b/opencga-catalog/src/test/java/org/opencb/opencga/catalog/managers/UserManagerTest.java index f23295fbd6..acd1fdaf5c 100644 --- a/opencga-catalog/src/test/java/org/opencb/opencga/catalog/managers/UserManagerTest.java +++ b/opencga-catalog/src/test/java/org/opencb/opencga/catalog/managers/UserManagerTest.java @@ -13,13 +13,17 @@ import org.opencb.commons.datastore.core.Query; import org.opencb.commons.datastore.core.QueryOptions; import org.opencb.opencga.TestParamConstants; +import org.opencb.opencga.catalog.db.api.OrganizationDBAdaptor; import org.opencb.opencga.catalog.db.api.UserDBAdaptor; import org.opencb.opencga.catalog.exceptions.*; +import org.opencb.opencga.catalog.utils.Constants; import org.opencb.opencga.catalog.utils.ParamUtils; import org.opencb.opencga.core.api.ParamConstants; import org.opencb.opencga.core.common.PasswordUtils; import org.opencb.opencga.core.common.TimeUtils; +import org.opencb.opencga.core.config.AuthenticationOrigin; import org.opencb.opencga.core.models.JwtPayload; +import org.opencb.opencga.core.models.organizations.OrganizationConfiguration; import org.opencb.opencga.core.models.organizations.OrganizationCreateParams; import org.opencb.opencga.core.models.organizations.OrganizationUpdateParams; import org.opencb.opencga.core.models.project.Project; @@ -660,5 +664,22 @@ public void importLdapGroups() throws CatalogException, IOException { catalogManager.getUserManager().importRemoteGroupOfUsers(organizationId, "ldap", remoteGroup, internalGroup, studyFqn, true, getAdminToken()); } + @Test + public void syncUsersTest() throws CatalogException { + Map actionMap = new HashMap<>(); + actionMap.put(OrganizationDBAdaptor.AUTH_ORIGINS_FIELD, ParamUtils.UpdateAction.ADD); + QueryOptions queryOptions = new QueryOptions(Constants.ACTIONS, actionMap); + + List authenticationOrigins = Collections.singletonList(new AuthenticationOrigin("CAS", + AuthenticationOrigin.AuthenticationType.SSO, null, null)); + OrganizationConfiguration organizationConfiguration = new OrganizationConfiguration() + .setAuthenticationOrigins(authenticationOrigins); + catalogManager.getOrganizationManager().updateConfiguration(organizationId, organizationConfiguration, queryOptions, orgAdminToken1); + + catalogManager.getUserManager().importRemoteGroupOfUsers(organizationId, "CAS", "opencb", "opencb", studyFqn, true, opencgaToken); + OpenCGAResult opencb = catalogManager.getStudyManager().getGroup(studyFqn, "opencb", studyAdminToken1); + assertEquals(1, opencb.getNumResults()); + assertEquals("@opencb", opencb.first().getId()); + } }