Merge branch 'TASK-5663' of github.com:opencb/opencga into TASK-5663

opencb · Feb 20, 2024 · a9ffa0c · a9ffa0c
2 parents 9bba168 + 6d5ed15
commit a9ffa0c
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 23 deletions.
diff --git a/opencga-analysis/src/test/java/org/opencb/opencga/analysis/family/FamilyAnalysisTest.java b/opencga-analysis/src/test/java/org/opencb/opencga/analysis/family/FamilyAnalysisTest.java
@@ -47,7 +47,6 @@
 
 public class FamilyAnalysisTest extends GenericTest {
 
-    public final static String STUDY = "user@1000G:phase1";
     public static final String USER = "user";
     @Rule
     public ExpectedException thrown = ExpectedException.none();
@@ -61,6 +60,7 @@ public class FamilyAnalysisTest extends GenericTest {
     protected static String sessionIdUser;
 
     private static String ORGANIZATION = "test";
+    public final static String STUDY = ORGANIZATION + "@1000G:phase1";
 
     protected static Family family;
     protected static Family family2;

diff --git a/...atalog/src/test/java/org/opencb/opencga/catalog/managers/AbstractClinicalManagerTest.java b/...atalog/src/test/java/org/opencb/opencga/catalog/managers/AbstractClinicalManagerTest.java
@@ -31,6 +31,8 @@
 import org.opencb.opencga.core.models.family.Family;
 import org.opencb.opencga.core.models.file.File;
 import org.opencb.opencga.core.models.individual.Individual;
+import org.opencb.opencga.core.models.organizations.OrganizationCreateParams;
+import org.opencb.opencga.core.models.organizations.OrganizationUpdateParams;
 import org.opencb.opencga.core.models.sample.Sample;
 import org.opencb.opencga.core.models.study.Study;
 import org.opencb.opencga.core.testclassification.duration.MediumTests;
@@ -64,7 +66,7 @@ public class AbstractClinicalManagerTest extends GenericTest {
     public CatalogManagerExternalResource catalogManagerResource = new CatalogManagerExternalResource();
 
     public CatalogManager catalogManager;
-    protected String organizationId;
+    protected final String organizationId = "test";
     public String token;
     public String studyFqn;
     public Family family;
@@ -81,8 +83,14 @@ public void setUp() throws IOException, CatalogException, URISyntaxException {
     public void setUpCatalogManager() throws IOException, CatalogException, URISyntaxException {
         ClinicalAnalysis auxClinicalAnalysis;
 
+        // Create new organization, owner and admins
+        catalogManager.getOrganizationManager().create(new OrganizationCreateParams().setId(organizationId).setName("Test"), QueryOptions.empty(), catalogManagerResource.getAdminToken());
         catalogManager.getUserManager().create("user", "User Name", "[email protected]", PASSWORD, organizationId, null, catalogManagerResource.getAdminToken());
 
+        catalogManager.getOrganizationManager().update(organizationId,
+                new OrganizationUpdateParams().setOwner("user"),
+                null, catalogManagerResource.getAdminToken());
+
         token = catalogManager.getUserManager().login(organizationId, "user", PASSWORD).getToken();
 
         catalogManager.getProjectManager().create("1000G", "Project about some genomes", "", "Homo sapiens", null, "GRCh38",

diff --git a/opencga-master/src/main/java/org/opencb/opencga/master/monitor/daemons/ExecutionDaemon.java b/opencga-master/src/main/java/org/opencb/opencga/master/monitor/daemons/ExecutionDaemon.java
@@ -611,7 +611,8 @@ protected void checkToolExecutionPermission(String organizationId, Job job) thro
 
         AuthorizationManager authorizationManager = catalogManager.getAuthorizationManager();
         String user = job.getUserId();
-        JwtPayload jwtPayload = catalogManager.getUserManager().validateToken(token);
+        String userToken = catalogManager.getUserManager().getNonExpiringToken(organizationId, user, null, token);
+        JwtPayload jwtPayload = catalogManager.getUserManager().validateToken(userToken);
 
         if (storageConfiguration.getMode() == StorageConfiguration.Mode.READ_ONLY) {
             // Hard check. Within READ_ONLY mode, if the tool is an operation on variant, rga or alignment, we forbid it.
@@ -639,11 +640,8 @@ protected void checkToolExecutionPermission(String organizationId, Job job) thro
             // Only organization owners or administrators can run tools with scope organization
             authorizationManager.checkIsOrganizationOwnerOrAdmin(organizationId, user);
         } else {
-            long studyUid = catalogManager.getStudyManager().get(job.getStudy().getId(), new QueryOptions(QueryOptions.INCLUDE,
-                    StudyDBAdaptor.QueryParams.UID.key()), token).first().getUid();
-            if (authorizationManager.isOrganizationOwnerOrAdmin(organizationId, user)
-                    || authorizationManager.isStudyAdministrator(organizationId, studyUid, user)) {
-                // Study and organization administrators can run tools with scope study or project
+            if (authorizationManager.isOrganizationOwnerOrAdmin(organizationId, user)) {
+                // Organization administrators can run tools with scope study or project
                 return;
             }
 

diff --git a/...a-master/src/test/java/org/opencb/opencga/master/monitor/daemons/ExecutionDaemonTest.java b/...a-master/src/test/java/org/opencb/opencga/master/monitor/daemons/ExecutionDaemonTest.java
@@ -82,11 +82,11 @@ public void setUp() throws Exception {
         super.setUp();
 
         String expiringToken = this.catalogManager.getUserManager().loginAsAdmin(TestParamConstants.ADMIN_PASSWORD).getToken();
-        String nonExpiringToken = this.catalogManager.getUserManager().getNonExpiringToken(ParamConstants.ADMIN_ORGANIZATION, ParamConstants.OPENCGA_USER_ID, Collections.emptyMap(), expiringToken);
         catalogManager.getConfiguration().getAnalysis().getExecution().getMaxConcurrentJobs().put(VariantIndexOperationTool.ID, 1);
 
-        daemon = new ExecutionDaemon(1000, nonExpiringToken, catalogManager,
+        daemon = new ExecutionDaemon(1000, expiringToken, catalogManager,
                 new StorageConfiguration().setMode(StorageConfiguration.Mode.READ_WRITE), catalogManagerResource.getOpencgaHome().toString());
+
         executor = new DummyBatchExecutor();
         daemon.batchExecutor = executor;
 
@@ -216,22 +216,24 @@ public void testNotEmptyOutDir() throws Exception {
     @Test
     public void testProjectScopeTask() throws Exception {
         // User 2 to admins group in study1 but not in study2
-        catalogManager.getStudyManager().updateGroup(studyFqn, "@admins", ParamUtils.BasicUpdateAction.ADD,
-                new GroupUpdateParams(Collections.singletonList("user2")), ownerToken);
+        catalogManager.getStudyManager().updateGroup(studyFqn, ParamConstants.ADMINS_GROUP, ParamUtils.BasicUpdateAction.ADD,
+                new GroupUpdateParams(Collections.singletonList(normalUserId2)), ownerToken);
+//        catalogManager.getStudyManager().updateAcl(studyFqn2, normalUserId2, new StudyAclParams().setTemplate(AuthorizationManager.ROLE_VIEW_ONLY),
+//                ParamUtils.AclAction.SET, ownerToken);
 
         // User 3 to admins group in both study1 and study2
-        catalogManager.getStudyManager().updateGroup(studyFqn, "@admins", ParamUtils.BasicUpdateAction.ADD,
-                new GroupUpdateParams(Collections.singletonList("user3")), ownerToken);
-        catalogManager.getStudyManager().updateGroup(studyFqn2, "@admins", ParamUtils.BasicUpdateAction.ADD,
-                new GroupUpdateParams(Collections.singletonList("user3")), ownerToken);
+        catalogManager.getStudyManager().updateGroup(studyFqn, ParamConstants.ADMINS_GROUP, ParamUtils.BasicUpdateAction.ADD,
+                new GroupUpdateParams(Collections.singletonList(normalUserId3)), ownerToken);
+        catalogManager.getStudyManager().updateGroup(studyFqn2, ParamConstants.ADMINS_GROUP, ParamUtils.BasicUpdateAction.ADD,
+                new GroupUpdateParams(Collections.singletonList(normalUserId3)), ownerToken);
 
         HashMap<String, Object> params = new HashMap<>();
         String jobId = catalogManager.getJobManager().submit(studyFqn, VariantAnnotationIndexOperationTool.ID, Enums.Priority.MEDIUM,
                 params, "job1", "", null, null, ownerToken).first().getId();
         String jobId2 = catalogManager.getJobManager().submit(studyFqn, VariantAnnotationIndexOperationTool.ID, Enums.Priority.MEDIUM,
-                params, "job2", "", null, null, orgAdminToken1).first().getId();
+                params, "job2", "", null, null, normalToken2).first().getId();
         String jobId3 = catalogManager.getJobManager().submit(studyFqn, VariantAnnotationIndexOperationTool.ID, Enums.Priority.MEDIUM,
-                params, "job3", "", null, null, orgAdminToken2).first().getId();
+                params, "job3", "", null, null, normalToken3).first().getId();
 
         daemon.checkPendingJobs(organizationIds);
 
@@ -392,7 +394,7 @@ public void testCheckLogsNoPermissions() throws Exception {
         Job job = catalogManager.getJobManager().submit(studyFqn, "variant-index", Enums.Priority.MEDIUM, params, ownerToken).first();
         String jobId = job.getId();
 
-        catalogManager.getJobManager().updateAcl(studyFqn, Collections.singletonList(jobId), "user2",
+        catalogManager.getJobManager().updateAcl(studyFqn, Collections.singletonList(jobId), normalUserId2,
                 new AclParams(JobPermissions.VIEW.name()), ParamUtils.AclAction.ADD, ownerToken);
 
         daemon.checkJobs();
@@ -415,7 +417,7 @@ public void testCheckLogsNoPermissions() throws Exception {
                 Paths.get(job.getOutDir().getUri()).resolve(job.getId() + ".log").toUri());
 
         thrown.expect(CatalogAuthorizationException.class);
-        catalogManager.getJobManager().log(studyFqn, jobId, 0, 1, "stdout", true, orgAdminToken1);
+        catalogManager.getJobManager().log(studyFqn, jobId, 0, 1, "stdout", true, normalToken2);
     }
 
     @Test
@@ -493,9 +495,9 @@ public void testRegisterFilesSuccessfully() throws Exception {
         }
 
         files = catalogManager.getFileManager().count(studyFqn, new Query(FileDBAdaptor.QueryParams.JOB_ID.key(), ""), ownerToken);
-        assertEquals(10, files.getNumMatches());
+        assertEquals(16, files.getNumMatches());
         files = catalogManager.getFileManager().count(studyFqn, new Query(FileDBAdaptor.QueryParams.JOB_ID.key(), "NonE"), ownerToken);
-        assertEquals(10, files.getNumMatches());
+        assertEquals(16, files.getNumMatches());
     }
 
     @Test

diff --git a/opencga-server/src/test/java/org/opencb/opencga/server/rest/SampleWSServerTest.java b/opencga-server/src/test/java/org/opencb/opencga/server/rest/SampleWSServerTest.java
@@ -36,14 +36,15 @@
 /**
  * Created by jacobo on 25/06/15.
  */
+@Ignore
 @Category(MediumTests.class)
 public class SampleWSServerTest {
 
     private static WSServerTestUtils serverTestUtils;
     private WebTarget webTarget;
     private String sessionId;
     private String organizationId = "test";
-    private String studyId = "user@1000G:phase1";
+    private String studyId = organizationId + "@1000G:phase1";
     private long in1;
     private long s1, s2, s3, s4;