From 2b124258a8ce5591063ea4dd5b4946b7e5260f26 Mon Sep 17 00:00:00 2001 From: James Date: Fri, 20 Oct 2023 10:23:11 -0400 Subject: [PATCH] [ALS-4926] Update fence PSAMA to use authz --- .../auth/FENCEAuthenticationService.java | 39 ++++++------------- 1 file changed, 11 insertions(+), 28 deletions(-) diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java index 08f40b08d..6d2f1f48e 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java @@ -207,7 +207,7 @@ public Response getFENCEProfile(String callback_url, Map authReq // Update the user's roles (or create them if none exists) //Set actual_user_roles = u.getRoles(); - Iterator project_access_names = fence_user_profile.get("project_access").fieldNames(); + Iterator project_access_names = fence_user_profile.get("authz").fieldNames(); while (project_access_names.hasNext()) { String access_role_name = project_access_names.next(); createAndUpsertRole(access_role_name, current_user); @@ -248,37 +248,20 @@ public Response getFENCEProfile(String callback_url, Map authReq } private void createAndUpsertRole(String access_role_name, User current_user) { - // These two special access does not matter. We are not using it. - if (access_role_name.equals("admin") || access_role_name.equals("parent")) { - logger.info("SKIPPING ACCESS ROLE: " + access_role_name); - return; - } - //topmed ==> access to all studies (not just topmed) - if (access_role_name.equals("topmed") ) { - Map projects = getFENCEMapping(); - for(Map projectMetadata : projects.values()) { - String projectId = (String) projectMetadata.get("study_identifier"); - String consentCode = (String) projectMetadata.get("consent_group_code"); - String newRoleName = (consentCode != null && consentCode != "") ? "FENCE_"+projectId+"_"+consentCode : "FENCE_"+projectId; - - if (upsertRole(current_user, newRoleName, "FENCE role "+newRoleName)) { - logger.info("getFENCEProfile() Updated TOPMED user role. Now it includes `"+newRoleName+"`"); - } else { - logger.error("getFENCEProfile() could not add roles to TOPMED user's profile"); - } - } + logger.debug("createAndUpsertRole() starting..."); + Map projectMetadata = getFENCEMapping().values().stream() + .filter(map -> access_role_name.equals(map.get("authz"))) + .findFirst().orElse(null); + + if (projectMetadata == null) { + logger.error("getFENCEProfile() -> createAndUpsertRole could not find study in FENCE mapping SKIPPING: " + access_role_name); return; } + String projectId = (String) projectMetadata.get("study_identifier"); + String consentCode = (String) projectMetadata.get("consent_group_code"); + String newRoleName = (consentCode != null && consentCode != "") ? "FENCE_"+projectId+"_"+consentCode : "FENCE_"+projectId; - String[] parts = access_role_name.split("\\."); - - String newRoleName; - if (parts.length > 1) { - newRoleName = "FENCE_"+parts[0]+"_"+parts[parts.length-1]; - } else { - newRoleName = "FENCE_"+access_role_name; - } logger.info("getFENCEProfile() New PSAMA role name:"+newRoleName); if (upsertRole(current_user, newRoleName, "FENCE role "+newRoleName)) {