Updated credentials and visibility

Signed-off-by: Martin Weise <martin.weise@tuwien.ac.at>

dbrepo-dashboard-service/Dockerfile

@@ -4,6 +4,5 @@ LABEL org.opencontainers.image.authors="martin.weise@tuwien.ac.at"
 WORKDIR /app
 
 COPY --chown=grafana:grafana ./dashboards /app/dashboards
-COPY --chown=grafana:grafana ./provisioning /etc/grafana/provisioning
 COPY --chown=grafana:grafana ./grafana.ini /etc/grafana/grafana.ini
 COPY --chown=grafana:grafana ./ldap.toml /etc/grafana/ldap.toml

dbrepo-data-service/rest-service/src/main/java/at/tuwien/endpoints/SubsetEndpoint.java

@@ -110,7 +110,13 @@ public class SubsetEndpoint extends RestEndpoint {
             QueryNotFoundException, NotAllowedException, MetadataServiceException {
         log.debug("endpoint find subsets in database, databaseId={}, filterPersisted={}", databaseId, filterPersisted);
         final DatabaseDto database = cacheService.getDatabase(databaseId);
-        endpointValidator.validateOnlyPrivateSchemaAccess(database, principal);
+        if (!database.getIsPublic()) {
+            if (principal == null) {
+                log.error("Failed to list queries: no authentication found");
+                throw new NotAllowedException("Failed to list queries: no authentication found");
+            }
+            endpointValidator.validateOnlyAccess(database, principal, false);
+        }
         final List<QueryDto> queries;
         try {
             queries = subsetService.findAll(database, filterPersisted);
@@ -171,7 +177,13 @@ public class SubsetEndpoint extends RestEndpoint {
         log.debug("endpoint find subset in database, databaseId={}, subsetId={}, accept={}, timestamp={}", databaseId,
                 subsetId, accept, timestamp);
         final DatabaseDto database = cacheService.getDatabase(databaseId);
-        endpointValidator.validateOnlyPrivateSchemaAccess(database, principal);
+        if (!database.getIsPublic()) {
+            if (principal == null) {
+                log.error("Failed to find query: no authentication found");
+                throw new NotAllowedException("Failed to find query: no authentication found");
+            }
+            endpointValidator.validateOnlyAccess(database, principal, false);
+        }
         final QueryDto subset;
         try {
             subset = subsetService.findById(database, subsetId);
@@ -205,7 +217,7 @@ public class SubsetEndpoint extends RestEndpoint {
                         .headers(headers)
                         .body(resource.getResource());
         }
-        throw new FormatNotAvailableException("Must provide either application/json or text/csv value for header 'Accept': provided " + accept + " instead");
+        throw new FormatNotAvailableException("Must provide either application/json or text/csv value for header 'Accept': got " + accept + " instead");
     }
 
     @PostMapping

dbrepo-data-service/services/src/main/java/at/tuwien/config/GatewayConfig.java

@@ -5,7 +5,6 @@ import at.tuwien.service.CredentialService;
 import lombok.Getter;
 import lombok.extern.log4j.Log4j2;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

dbrepo-data-service/services/src/main/java/at/tuwien/service/CredentialService.java

+package at.tuwien.service;
+
+import at.tuwien.api.keycloak.TokenDto;
+
+public interface CredentialService {
+
+    /**
+     * Gets credentials for a user with given id in a database with given id either from the cache (if not expired) or
+     * retrieves them from the Metadata Service.
+     *
+     * @param username The username.
+     * @param password The user password.
+     * @return The credentials.
+     */
+    TokenDto getAccessToken(String username, String password);
+}

dbrepo-data-service/services/src/main/java/at/tuwien/service/impl/CredentialServiceImpl.java

+package at.tuwien.service.impl;
+
+import at.tuwien.api.keycloak.TokenDto;
+import at.tuwien.gateway.KeycloakGateway;
+import at.tuwien.service.CredentialService;
+import com.github.benmanes.caffeine.cache.Cache;
+import lombok.extern.log4j.Log4j2;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+@Log4j2
+@Service
+public class CredentialServiceImpl implements CredentialService {
+
+    private final KeycloakGateway keycloakGateway;
+    private final Cache<String, TokenDto> tokenCache;
+
+    @Autowired
+    public CredentialServiceImpl(KeycloakGateway keycloakGateway, Cache<String, TokenDto> tokenCache) {
+        this.tokenCache = tokenCache;
+        this.keycloakGateway = keycloakGateway;
+    }
+
+    @Override
+    public TokenDto getAccessToken(String username, String password) {
+        final TokenDto cacheAccessToken = tokenCache.getIfPresent(username);
+        if (cacheAccessToken != null) {
+            log.trace("found access token for user with username {} in cache", username);
+            return cacheAccessToken;
+        }
+        log.debug("access token for user with username {} not it cache (anymore): request new", username);
+        final TokenDto token = keycloakGateway.obtainUserToken(username, password);
+        tokenCache.put(username, token);
+        return token;
+    }
+
+    /**
+     * Method for test cases to remove all caches.
+     */
+    public void invalidateAll() {
+        tokenCache.invalidateAll();
+    }
+
+}

dbrepo-ui/pages/database/[database_id]/subset/index.vue

 <template>
   <div
-    v-if="canViewSchema">
+    v-if="canView">
     <DatabaseToolbar />
     <SubsetList />
     <v-breadcrumbs :items="items" class="pa-0 mt-2" />
@@ -42,11 +42,11 @@ export default {
     access () {
       return this.cacheStore.getAccess
     },
-    canViewSchema () {
+    canView () {
       if (!this.database) {
         return false
       }
-      if (this.database.is_schema_public) {
+      if (this.database.is_public || this.database.is_schema_public) {
         return true
       }
       if (!this.access) {

dbrepo-ui/pages/database/[database_id]/table/index.vue

 <template>
   <div
-    v-if="canViewSchema">
+    v-if="canView">
     <DatabaseToolbar />
     <v-window
       v-model="tab">
@@ -51,11 +51,11 @@ export default {
     access () {
       return this.cacheStore.getAccess
     },
-    canViewSchema () {
+    canView () {
       if (!this.database) {
         return false
       }
-      if (this.database.is_schema_public) {
+      if (this.database.is_public || this.database.is_schema_public) {
         return true
       }
       const userService = useUserService()

dbrepo-ui/pages/database/[database_id]/view/index.vue

 <template>
   <div
-    v-if="canViewSchema">
+    v-if="canView">
     <DatabaseToolbar />
     <v-window
       v-model="tab">
@@ -51,11 +51,11 @@ export default {
     access () {
       return this.cacheStore.getAccess
     },
-    canViewSchema () {
+    canView () {
       if (!this.database) {
         return false
       }
-      if (this.database.is_schema_public) {
+      if (this.database.is_public || this.database.is_schema_public) {
         return true
       }
       const userService = useUserService()