From 5857f600f5e164b4986ddb1708736b5c48bc13d7 Mon Sep 17 00:00:00 2001
From: Syphax Bouazzouni <gs_bouazzouni@esi.dz>
Date: Tue, 28 Nov 2023 05:50:07 +0100
Subject: [PATCH] update slices controller to enforce admin security

---
 .github/workflows/docker-image.yml         |  2 +-
 bin/ontoportal                             |  7 ++++--
 controllers/slices_controller.rb           |  5 ++++-
 test/controllers/test_slices_controller.rb | 26 ++++++++++++++--------
 4 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index 1f82c680..737482f9 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -47,7 +47,7 @@ jobs:
         uses: docker/build-push-action@v4
         with:
           context: .
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           build-args: |
             RUBY_VERSION=2.7.8
           push: true
diff --git a/bin/ontoportal b/bin/ontoportal
index 573b49c7..4168a726 100755
--- a/bin/ontoportal
+++ b/bin/ontoportal
@@ -52,8 +52,7 @@ create_config_files() {
 # Function to handle the "dev" option
 dev() {
   echo "Starting Ontoportal API development server..."
-  
-  create_config_files
+
   local reset_cache=false
   local api_url=""
 
@@ -145,6 +144,10 @@ run() {
   docker compose run --rm -it api bash -c "$*"
 }
 
+
+
+create_config_files
+
 # Main script logic
 case "$1" in
   "run")
diff --git a/controllers/slices_controller.rb b/controllers/slices_controller.rb
index a31f799e..9033222c 100644
--- a/controllers/slices_controller.rb
+++ b/controllers/slices_controller.rb
@@ -41,17 +41,20 @@ class SlicesController < ApplicationController
     ##
     # Create a new slice
     post do
+      error 403, "Access denied" unless current_user && current_user.admin?
       create_slice
     end
 
     # Delete a slice
     delete '/:slice' do
+      error 403, "Access denied" unless current_user && current_user.admin?
       LinkedData::Models::Slice.find(params[:slice]).first.delete
       halt 204
     end
 
     # Update an existing slice
     patch '/:slice' do
+      error 403, "Access denied" unless current_user && current_user.admin?
       slice = LinkedData::Models::Slice.find(params[:slice]).include(LinkedData::Models::Slice.attributes(:all)).first
       populate_from_params(slice, params)
       if slice.valid?
@@ -61,7 +64,7 @@ class SlicesController < ApplicationController
       end
       halt 204
     end
-    
+
     private
 
     def create_slice
diff --git a/test/controllers/test_slices_controller.rb b/test/controllers/test_slices_controller.rb
index 9eb9c404..601b15a7 100644
--- a/test/controllers/test_slices_controller.rb
+++ b/test/controllers/test_slices_controller.rb
@@ -3,11 +3,19 @@
 class TestSlicesController < TestCase
 
   def self.before_suite
-    onts = LinkedData::SampleData::Ontology.create_ontologies_and_submissions(ont_count: 1, submission_count: 0)[2]
+    ont_count, ont_acronyms, @@onts = LinkedData::SampleData::Ontology.create_ontologies_and_submissions(ont_count: 1, submission_count: 0)
 
     @@slice_acronyms = ["tst-a", "tst-b"].sort
-    _create_slice(@@slice_acronyms[0], "Test Slice A", onts)
-    _create_slice(@@slice_acronyms[1], "Test Slice B", onts)
+    _create_slice(@@slice_acronyms[0], "Test Slice A", @@onts)
+    _create_slice(@@slice_acronyms[1], "Test Slice B", @@onts)
+
+    @@user = User.new({
+                        username: "test-slice",
+                        email: "test-slice@example.org",
+                        password: "12345"
+                      }).save
+    @@new_slice_data = { acronym: 'tst-c', name: "Test Slice C", ontologies: ont_acronyms}
+    @@old_security_setting = LinkedData.settings.enable_security
   end
 
   def self.after_suite
@@ -26,7 +34,7 @@ def test_all_slices
     get "/slices"
     assert last_response.ok?
     slices = MultiJson.load(last_response.body)
-    assert_equal @@slice_acronyms, slices.map {|s| s["acronym"]}.sort
+    assert_equal @@slice_acronyms, slices.map { |s| s["acronym"] }.sort
   end
 
   def test_create_slices
@@ -61,11 +69,11 @@ def test_delete_slices
 
   def self._create_slice(acronym, name, ontologies)
     slice = LinkedData::Models::Slice.new({
-      acronym: acronym,
-      name: "Test #{name}",
-      ontologies: ontologies
-    })
+                                            acronym: acronym,
+                                            name: "Test #{name}",
+                                            ontologies: ontologies
+                                          })
     slice.save
   end
 
-end
+end
\ No newline at end of file