Skip to content
Snippets Groups Projects
Verified Commit 5e601b14 authored by Martin Weise's avatar Martin Weise
Browse files

Updated credentials and visibility

parent 1698616e
Branches
Tags
1 merge request!387Wrong model
This commit is part of merge request !387. Comments created here will be created in the context of that merge request.
Showing
with 84 additions and 14 deletions
No preview for this file type
...@@ -4,6 +4,5 @@ LABEL org.opencontainers.image.authors="martin.weise@tuwien.ac.at" ...@@ -4,6 +4,5 @@ LABEL org.opencontainers.image.authors="martin.weise@tuwien.ac.at"
WORKDIR /app WORKDIR /app
COPY --chown=grafana:grafana ./dashboards /app/dashboards COPY --chown=grafana:grafana ./dashboards /app/dashboards
COPY --chown=grafana:grafana ./provisioning /etc/grafana/provisioning
COPY --chown=grafana:grafana ./grafana.ini /etc/grafana/grafana.ini COPY --chown=grafana:grafana ./grafana.ini /etc/grafana/grafana.ini
COPY --chown=grafana:grafana ./ldap.toml /etc/grafana/ldap.toml COPY --chown=grafana:grafana ./ldap.toml /etc/grafana/ldap.toml
...@@ -110,7 +110,13 @@ public class SubsetEndpoint extends RestEndpoint { ...@@ -110,7 +110,13 @@ public class SubsetEndpoint extends RestEndpoint {
QueryNotFoundException, NotAllowedException, MetadataServiceException { QueryNotFoundException, NotAllowedException, MetadataServiceException {
log.debug("endpoint find subsets in database, databaseId={}, filterPersisted={}", databaseId, filterPersisted); log.debug("endpoint find subsets in database, databaseId={}, filterPersisted={}", databaseId, filterPersisted);
final DatabaseDto database = cacheService.getDatabase(databaseId); final DatabaseDto database = cacheService.getDatabase(databaseId);
endpointValidator.validateOnlyPrivateSchemaAccess(database, principal); if (!database.getIsPublic()) {
if (principal == null) {
log.error("Failed to list queries: no authentication found");
throw new NotAllowedException("Failed to list queries: no authentication found");
}
endpointValidator.validateOnlyAccess(database, principal, false);
}
final List<QueryDto> queries; final List<QueryDto> queries;
try { try {
queries = subsetService.findAll(database, filterPersisted); queries = subsetService.findAll(database, filterPersisted);
...@@ -171,7 +177,13 @@ public class SubsetEndpoint extends RestEndpoint { ...@@ -171,7 +177,13 @@ public class SubsetEndpoint extends RestEndpoint {
log.debug("endpoint find subset in database, databaseId={}, subsetId={}, accept={}, timestamp={}", databaseId, log.debug("endpoint find subset in database, databaseId={}, subsetId={}, accept={}, timestamp={}", databaseId,
subsetId, accept, timestamp); subsetId, accept, timestamp);
final DatabaseDto database = cacheService.getDatabase(databaseId); final DatabaseDto database = cacheService.getDatabase(databaseId);
endpointValidator.validateOnlyPrivateSchemaAccess(database, principal); if (!database.getIsPublic()) {
if (principal == null) {
log.error("Failed to find query: no authentication found");
throw new NotAllowedException("Failed to find query: no authentication found");
}
endpointValidator.validateOnlyAccess(database, principal, false);
}
final QueryDto subset; final QueryDto subset;
try { try {
subset = subsetService.findById(database, subsetId); subset = subsetService.findById(database, subsetId);
...@@ -205,7 +217,7 @@ public class SubsetEndpoint extends RestEndpoint { ...@@ -205,7 +217,7 @@ public class SubsetEndpoint extends RestEndpoint {
.headers(headers) .headers(headers)
.body(resource.getResource()); .body(resource.getResource());
} }
throw new FormatNotAvailableException("Must provide either application/json or text/csv value for header 'Accept': provided " + accept + " instead"); throw new FormatNotAvailableException("Must provide either application/json or text/csv value for header 'Accept': got " + accept + " instead");
} }
@PostMapping @PostMapping
......
...@@ -5,7 +5,6 @@ import at.tuwien.service.CredentialService; ...@@ -5,7 +5,6 @@ import at.tuwien.service.CredentialService;
import lombok.Getter; import lombok.Getter;
import lombok.extern.log4j.Log4j2; import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
......
package at.tuwien.service;
import at.tuwien.api.keycloak.TokenDto;
public interface CredentialService {
/**
* Gets credentials for a user with given id in a database with given id either from the cache (if not expired) or
* retrieves them from the Metadata Service.
*
* @param username The username.
* @param password The user password.
* @return The credentials.
*/
TokenDto getAccessToken(String username, String password);
}
package at.tuwien.service.impl;
import at.tuwien.api.keycloak.TokenDto;
import at.tuwien.gateway.KeycloakGateway;
import at.tuwien.service.CredentialService;
import com.github.benmanes.caffeine.cache.Cache;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@Log4j2
@Service
public class CredentialServiceImpl implements CredentialService {
private final KeycloakGateway keycloakGateway;
private final Cache<String, TokenDto> tokenCache;
@Autowired
public CredentialServiceImpl(KeycloakGateway keycloakGateway, Cache<String, TokenDto> tokenCache) {
this.tokenCache = tokenCache;
this.keycloakGateway = keycloakGateway;
}
@Override
public TokenDto getAccessToken(String username, String password) {
final TokenDto cacheAccessToken = tokenCache.getIfPresent(username);
if (cacheAccessToken != null) {
log.trace("found access token for user with username {} in cache", username);
return cacheAccessToken;
}
log.debug("access token for user with username {} not it cache (anymore): request new", username);
final TokenDto token = keycloakGateway.obtainUserToken(username, password);
tokenCache.put(username, token);
return token;
}
/**
* Method for test cases to remove all caches.
*/
public void invalidateAll() {
tokenCache.invalidateAll();
}
}
<template> <template>
<div <div
v-if="canViewSchema"> v-if="canView">
<DatabaseToolbar /> <DatabaseToolbar />
<SubsetList /> <SubsetList />
<v-breadcrumbs :items="items" class="pa-0 mt-2" /> <v-breadcrumbs :items="items" class="pa-0 mt-2" />
...@@ -42,11 +42,11 @@ export default { ...@@ -42,11 +42,11 @@ export default {
access () { access () {
return this.cacheStore.getAccess return this.cacheStore.getAccess
}, },
canViewSchema () { canView () {
if (!this.database) { if (!this.database) {
return false return false
} }
if (this.database.is_schema_public) { if (this.database.is_public || this.database.is_schema_public) {
return true return true
} }
if (!this.access) { if (!this.access) {
......
<template> <template>
<div <div
v-if="canViewSchema"> v-if="canView">
<DatabaseToolbar /> <DatabaseToolbar />
<v-window <v-window
v-model="tab"> v-model="tab">
...@@ -51,11 +51,11 @@ export default { ...@@ -51,11 +51,11 @@ export default {
access () { access () {
return this.cacheStore.getAccess return this.cacheStore.getAccess
}, },
canViewSchema () { canView () {
if (!this.database) { if (!this.database) {
return false return false
} }
if (this.database.is_schema_public) { if (this.database.is_public || this.database.is_schema_public) {
return true return true
} }
const userService = useUserService() const userService = useUserService()
......
<template> <template>
<div <div
v-if="canViewSchema"> v-if="canView">
<DatabaseToolbar /> <DatabaseToolbar />
<v-window <v-window
v-model="tab"> v-model="tab">
...@@ -51,11 +51,11 @@ export default { ...@@ -51,11 +51,11 @@ export default {
access () { access () {
return this.cacheStore.getAccess return this.cacheStore.getAccess
}, },
canViewSchema () { canView () {
if (!this.database) { if (!this.database) {
return false return false
} }
if (this.database.is_schema_public) { if (this.database.is_public || this.database.is_schema_public) {
return true return true
} }
const userService = useUserService() const userService = useUserService()
......
No preview for this file type
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment