diff --git a/src/main/java/org/cbioportal/security/VirtualStudyPermissionService.java b/src/main/java/org/cbioportal/security/VirtualStudyPermissionService.java index c8860af4e75..40183545102 100644 --- a/src/main/java/org/cbioportal/security/VirtualStudyPermissionService.java +++ b/src/main/java/org/cbioportal/security/VirtualStudyPermissionService.java @@ -5,24 +5,28 @@ import org.cbioportal.web.parameter.VirtualStudy; import org.cbioportal.web.parameter.VirtualStudyData; import org.cbioportal.web.parameter.VirtualStudySamples; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.stereotype.Component; +import org.springframework.stereotype.Service; import java.util.Iterator; import java.util.List; +import java.util.Optional; import java.util.Set; import java.util.stream.Collectors; -@Component +@Service public class VirtualStudyPermissionService { - @Autowired(required = false) - private CancerStudyPermissionEvaluator cancerStudyPermissionEvaluator; + + private final Optional cancerStudyPermissionEvaluator; + + public VirtualStudyPermissionService(Optional cancerStudyPermissionEvaluator) { + this.cancerStudyPermissionEvaluator = cancerStudyPermissionEvaluator; + } public void filterOutForbiddenStudies(List virtualStudies) { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - if (authentication == null || cancerStudyPermissionEvaluator == null) { + if (authentication == null || cancerStudyPermissionEvaluator.isEmpty()) { return; } Iterator virtualStudyIterator = virtualStudies.iterator(); @@ -32,7 +36,7 @@ public void filterOutForbiddenStudies(List virtualStudies) { Set filteredStudies = virtualStudyData.getStudies().stream() .filter(study -> - cancerStudyPermissionEvaluator.hasPermission(authentication, study.getId(), "CancerStudyId", AccessLevel.READ)) + cancerStudyPermissionEvaluator.get().hasPermission(authentication, study.getId(), "CancerStudyId", AccessLevel.READ)) .collect(Collectors.toSet()); if (filteredStudies.isEmpty()) { virtualStudyIterator.remove(); @@ -43,7 +47,7 @@ public void filterOutForbiddenStudies(List virtualStudies) { StudyViewFilter studyViewFilter = virtualStudyData.getStudyViewFilter(); List filteredStudyIds = studyViewFilter.getStudyIds().stream() .filter(studyId -> - cancerStudyPermissionEvaluator.hasPermission(authentication, studyId, "CancerStudyId", AccessLevel.READ)) + cancerStudyPermissionEvaluator.get().hasPermission(authentication, studyId, "CancerStudyId", AccessLevel.READ)) .toList(); virtualStudyData.getStudyViewFilter().setStudyIds(filteredStudyIds); } diff --git a/src/main/java/org/cbioportal/web/PublicVirtualStudiesController.java b/src/main/java/org/cbioportal/web/PublicVirtualStudiesController.java index e6c26515c42..04caf520aee 100644 --- a/src/main/java/org/cbioportal/web/PublicVirtualStudiesController.java +++ b/src/main/java/org/cbioportal/web/PublicVirtualStudiesController.java @@ -4,19 +4,14 @@ import io.swagger.v3.oas.annotations.media.Content; import io.swagger.v3.oas.annotations.media.Schema; import io.swagger.v3.oas.annotations.responses.ApiResponse; -import org.cbioportal.security.CancerStudyPermissionEvaluator; import org.cbioportal.security.VirtualStudyPermissionService; import org.cbioportal.service.CancerTypeService; import org.cbioportal.service.exception.CancerTypeNotFoundException; import org.cbioportal.service.util.SessionServiceRequestHandler; -import org.cbioportal.utils.security.AccessLevel; -import org.cbioportal.web.parameter.StudyViewFilter; import org.cbioportal.web.parameter.VirtualStudy; import org.cbioportal.web.parameter.VirtualStudyData; -import org.cbioportal.web.parameter.VirtualStudySamples; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.core.ParameterizedTypeReference; import org.springframework.http.HttpEntity; @@ -24,7 +19,6 @@ import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatusCode; import org.springframework.http.ResponseEntity; -import org.springframework.security.core.Authentication; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; @@ -36,34 +30,41 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.client.RestTemplate; -import java.util.ArrayList; import java.util.Collections; -import java.util.Iterator; import java.util.List; import java.util.Set; -import java.util.stream.Collectors; @Controller @RequestMapping("/api/public_virtual_studies") public class PublicVirtualStudiesController { private static final Logger LOG = LoggerFactory.getLogger(PublicVirtualStudiesController.class); - - @Value("${session.endpoint.publisher-api-key:}") - private String requiredPublisherApiKey; - + public static final String ALL_USERS = "*"; - @Autowired - SessionServiceRequestHandler sessionServiceRequestHandler; - - @Value("${session.service.url:}") - private String sessionServiceURL; - - @Autowired - private CancerTypeService cancerTypeService; - - @Autowired - private VirtualStudyPermissionService virtualStudyPermissionService; + + private final String requiredPublisherApiKey; + + private final SessionServiceRequestHandler sessionServiceRequestHandler; + + private final String sessionServiceURL; + + private final CancerTypeService cancerTypeService; + + private final VirtualStudyPermissionService virtualStudyPermissionService; + + public PublicVirtualStudiesController( + @Value("${session.endpoint.publisher-api-key:}") String requiredPublisherApiKey, + SessionServiceRequestHandler sessionServiceRequestHandler, + @Value("${session.service.url:}") String sessionServiceURL, + CancerTypeService cancerTypeService, + VirtualStudyPermissionService virtualStudyPermissionService + ) { + this.requiredPublisherApiKey = requiredPublisherApiKey; + this.sessionServiceRequestHandler = sessionServiceRequestHandler; + this.sessionServiceURL = sessionServiceURL; + this.cancerTypeService = cancerTypeService; + this.virtualStudyPermissionService = virtualStudyPermissionService; + } @GetMapping @ApiResponse(responseCode = "200", description = "OK", content = @Content(schema = @Schema(implementation = VirtualStudy.class))) @@ -183,7 +184,7 @@ public ResponseEntity retractVirtualStudy( " Replying with internal server error status code to the client.", statusCode); return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); - } + } VirtualStudy virtualStudy = responseEntity.getBody(); VirtualStudyData data = virtualStudy.getData(); data.setUsers(Collections.emptySet());