org: include jwtpayload in managers, #TASK-4389

checkstyle.xml

@@ -21,7 +21,7 @@
 
 <module name="Checker">
     <module name="FileLength">
-        <property name="max" value="4100"/>
+        <property name="max" value="4500"/>
     </module>
     <module name="FileTabCharacter"/>
     <module name="NewlineAtEndOfFile"/>

opencga-analysis/src/main/java/org/opencb/opencga/analysis/variant/manager/CatalogUtils.java

@@ -135,7 +135,7 @@ public List<String> getStudies(Query query, String sessionId) throws CatalogExce
     public Project getProjectFromQuery(Query query, String sessionId, QueryOptions options) throws CatalogException {
         if (isValidParam(query, VariantCatalogQueryUtils.PROJECT)) {
             String project = query.getString(VariantCatalogQueryUtils.PROJECT.key());
-            return catalogManager.getProjectManager().get(organizationId, project, options, sessionId).first();
+            return catalogManager.getProjectManager().get(project, options, sessionId).first();
         } else {
             String studyFqn = getAnyStudy(query, sessionId);
             String project = catalogManager.getStudyManager().getProjectFqn(studyFqn);

opencga-analysis/src/main/java/org/opencb/opencga/analysis/variant/manager/VariantStorageManager.java

@@ -485,7 +485,7 @@ public ObjectMap configureProject(String projectStr, ObjectMap params, String to
 
             dataStore.getOptions().putAll(params);
             catalogManager.getProjectManager()
-                    .setDatastoreVariant(organizationId, projectStr, dataStore, token);
+                    .setDatastoreVariant(projectStr, dataStore, token);
             return dataStore.getOptions();
         });
     }
@@ -609,7 +609,7 @@ public OpenCGAResult<Job> setCellbaseConfiguration(String project, CellBaseConfi
                     }
                 }
             }
-            catalogManager.getProjectManager().setCellbaseConfiguration(organizationId, project, validatedCellbaseConfiguration, false, token);
+            catalogManager.getProjectManager().setCellbaseConfiguration(project, validatedCellbaseConfiguration, false, token);
             result.setTime((int) stopwatch.getTime(TimeUnit.MILLISECONDS));
             return result;
         });
@@ -1018,7 +1018,7 @@ protected VariantStorageEngine getVariantStorageEngineByProject(String project,
     private void setCellbaseConfiguration(VariantStorageEngine engine, String project, String token)
             throws CatalogException {
         CellBaseConfiguration cellbase = catalogManager.getProjectManager()
-                .get(organizationId, project, new QueryOptions(INCLUDE, ProjectDBAdaptor.QueryParams.CELLBASE.key()), token)
+                .get(project, new QueryOptions(INCLUDE, ProjectDBAdaptor.QueryParams.CELLBASE.key()), token)
                 .first().getCellbase();
         if (cellbase != null) {
             // To ensure that we use the project API key before using the storage API key
@@ -1680,7 +1680,7 @@ public static DataStore getDataStoreByProjectId(CatalogManager catalogManager, S
         DataStore dataStore = null;
         QueryOptions queryOptions = new QueryOptions(INCLUDE,
                 Arrays.asList(ProjectDBAdaptor.QueryParams.ID.key(), ProjectDBAdaptor.QueryParams.INTERNAL_DATASTORES.key()));
-        Project project = catalogManager.getProjectManager().get(organizationId, projectStr, queryOptions, token).first();
+        Project project = catalogManager.getProjectManager().get(projectStr, queryOptions, token).first();
         if (project.getInternal() != null && project.getInternal().getDatastores() != null) {
             dataStore = project.getInternal().getDatastores().getDataStore(bioformat);
         }

opencga-analysis/src/main/java/org/opencb/opencga/analysis/variant/manager/operations/VariantAnnotationOperationManager.java

@@ -123,7 +123,7 @@ private void annotate(String projectStr, List<String> studies, String loadFileSt
     }
 
     private void synchronizeProjectMetadata(String projectStr, String token) throws CatalogException, StorageEngineException {
-        Project project = catalogManager.getProjectManager().get(organizationId, projectStr, QueryOptions.empty(), token).first();
+        Project project = catalogManager.getProjectManager().get(projectStr, QueryOptions.empty(), token).first();
         ProjectOrganism organism = project.getOrganism();
         int currentRelease = project.getCurrentRelease();
         CatalogStorageMetadataSynchronizer.updateProjectMetadata(variantStorageEngine.getMetadataManager(), organism, currentRelease,

opencga-analysis/src/main/java/org/opencb/opencga/analysis/variant/manager/operations/VariantFileIndexerOperationManager.java

@@ -162,7 +162,7 @@ private void updateProject(String studyFqn, String token) throws CatalogExceptio
         String projectFqn = catalogManager.getStudyManager().getProjectFqn(studyFqn);
         Project project = catalogManager
                 .getProjectManager()
-                .get(organizationId, projectFqn,
+                .get(projectFqn,
                         new QueryOptions(QueryOptions.INCLUDE, Arrays.asList(CURRENT_RELEASE.key(), ORGANISM.key(), CELLBASE.key())),
                         token).first();
         release = project.getCurrentRelease();

opencga-analysis/src/main/java/org/opencb/opencga/analysis/variant/metadata/CatalogStorageMetadataSynchronizer.java

@@ -113,7 +113,7 @@ public CatalogStorageMetadataSynchronizer(CatalogManager catalogManager, Variant
 
     public static void updateProjectMetadata(CatalogManager catalog, VariantStorageMetadataManager scm, String project, String sessionId)
             throws CatalogException, StorageEngineException {
-        final Project p = catalog.getProjectManager().get(organizationId, project,
+        final Project p = catalog.getProjectManager().get(project,
                         new QueryOptions(QueryOptions.INCLUDE, Arrays.asList(
                                 ProjectDBAdaptor.QueryParams.ORGANISM.key(), ProjectDBAdaptor.QueryParams.CURRENT_RELEASE.key(),
                                 ProjectDBAdaptor.QueryParams.CELLBASE.key())),

opencga-analysis/src/main/java/org/opencb/opencga/analysis/variant/operations/OperationTool.java

@@ -68,7 +68,7 @@ protected Path getOutDir(boolean keepIntermediateFiles) {
 
     protected final String getProjectFqn() throws CatalogException {
         try {
-            return catalogManager.getProjectManager().get(organizationId, params.getString(ParamConstants.PROJECT_PARAM),
+            return catalogManager.getProjectManager().get(params.getString(ParamConstants.PROJECT_PARAM),
                     new QueryOptions(QueryOptions.INCLUDE, ProjectDBAdaptor.QueryParams.FQN.key()), token).first().getFqn();
         } catch (CatalogException e) {
             try {

opencga-analysis/src/test/java/org/opencb/opencga/analysis/variant/manager/VariantCatalogQueryUtilsTest.java

@@ -145,7 +145,7 @@ public static void setUp() throws Exception {
         createSample("sample2", "individual2");
         catalog.getCohortManager().create("s1", new Cohort().setId("c1").setSamples(Collections.emptyList()), null, sessionId);
 
-        catalog.getProjectManager().incrementRelease(organizationId, "p1", sessionId);
+        catalog.getProjectManager().incrementRelease("p1", sessionId);
         file3 = createFile("data/file3.vcf");
         file4 = createFile("data/file4.vcf");
         file5 = createFile("data/file5.vcf", false);
@@ -236,7 +236,7 @@ public static File createFile(String path, boolean indexed) throws CatalogExcept
                         .setBioformat(File.Bioformat.VARIANT),
                 true, sessionId).first();
         if (indexed) {
-            int release = catalog.getProjectManager().get(organizationId, "p1", null, sessionId).first().getCurrentRelease();
+            int release = catalog.getProjectManager().get("p1", null, sessionId).first().getCurrentRelease();
             catalog.getFileManager().updateFileInternalVariantIndex(organizationId, file, new FileInternalVariantIndex()
                     .setStatus(new VariantIndexStatus(InternalStatus.READY))
                     .setRelease(release), sessionId);

opencga-analysis/src/test/java/org/opencb/opencga/analysis/variant/manager/operations/PlatinumFileIndexerTest.java

@@ -126,7 +126,7 @@ public void testByStepsMultiRelease() throws Exception {
             transformFile = transformFile(inputFile, new QueryOptions());
             loadFile(transformFile, new QueryOptions(), outputId);
 
-            opencga.getCatalogManager().getProjectManager().incrementRelease(organizationId, projectId, sessionId);
+            opencga.getCatalogManager().getProjectManager().incrementRelease(projectId, sessionId);
         }
 
         int i = 1;

opencga-app/src/main/java/org/opencb/opencga/app/cli/admin/executors/CatalogCommandExecutor.java

@@ -93,10 +93,10 @@ private void export() throws CatalogException {
         String token = catalogManager.getUserManager().loginAsAdmin(adminPassword).getToken();
 
         if (StringUtils.isNotEmpty(commandOptions.project)) {
-            catalogManager.getProjectManager().exportReleases(organizationId, commandOptions.project, commandOptions.release, commandOptions.outputDir,
+            catalogManager.getProjectManager().exportReleases(commandOptions.project, commandOptions.release, commandOptions.outputDir,
                     token);
         } else if (StringUtils.isNotEmpty(commandOptions.study) && StringUtils.isNotEmpty(commandOptions.inputFile)) {
-            catalogManager.getProjectManager().exportByFileNames(organizationId, commandOptions.study, Paths.get(commandOptions.outputDir).toFile(),
+            catalogManager.getProjectManager().exportByFileNames(commandOptions.study, Paths.get(commandOptions.outputDir).toFile(),
                     Paths.get(commandOptions.inputFile).toFile(), token);
         }
     }

opencga-app/src/main/java/org/opencb/opencga/app/cli/admin/executors/StorageCommandExecutor.java

@@ -198,7 +198,7 @@ private void updateDatabasePrefix() throws Exception {
                 }
                 logger.info("New DBName: " + newDataStore.getDbName());
 
-                catalogManager.getProjectManager().setDatastoreVariant(organizationId, project.getUuid(), newDataStore, token);                catalogManager.getProjectManager().setDatastoreVariant(organizationId, project.getUuid(), defaultDataStore, token);
+                catalogManager.getProjectManager().setDatastoreVariant(project.getUuid(), newDataStore, token);                catalogManager.getProjectManager().setDatastoreVariant(project.getUuid(), defaultDataStore, token);
             }
         }
     }

opencga-catalog/src/main/java/org/opencb/opencga/catalog/auth/authentication/azure/AuthenticationFactory.java

@@ -1,9 +1,7 @@
 package org.opencb.opencga.catalog.auth.authentication.azure;
 
 import org.opencb.opencga.catalog.auth.authentication.AuthenticationManager;
-import org.opencb.opencga.catalog.exceptions.CatalogAuthenticationException;
 import org.opencb.opencga.catalog.exceptions.CatalogException;
-import org.opencb.opencga.core.models.JwtPayload;
 import org.opencb.opencga.core.models.organizations.Organization;
 import org.opencb.opencga.core.models.user.AuthenticationResponse;
 
@@ -33,18 +31,11 @@ public void validateToken(String organizationId, String authOriginId, String tok
         getOrganizationAuthenticationManager(organizationId, authOriginId).getUserId(token);
     }
 
-    public AuthenticationResponse authenticate(String organizationId, String userId, String password) throws CatalogException {
-        List<AuthenticationManager> authenticationManagerList = getOrganizationAuthenticationManagers(organizationId);
-        for (AuthenticationManager authenticationManager : authenticationManagerList) {
-            authenticationManager.authenticate(userId, password);
-        }
-    }
-
-    public AuthenticationResponse authenticate(String organizationId, String authenticationOriginId, String userId, String password) throws CatalogException {
-        List<AuthenticationManager> authenticationManagerList = getOrganizationAuthenticationManagers(organizationId);
-        for (AuthenticationManager authenticationManager : authenticationManagerList) {
-            authenticationManager.authenticate(userId, password);
-        }
+    public AuthenticationResponse authenticate(String organizationId, String authenticationOriginId, String userId, String password)
+            throws CatalogException {
+        AuthenticationManager organizationAuthenticationManager = getOrganizationAuthenticationManager(organizationId,
+                authenticationOriginId);
+        return organizationAuthenticationManager.authenticate(userId, password);
     }
 
     private Map<String, AuthenticationManager> getOrganizationAuthenticationManagers(String organizationId) throws CatalogException {

opencga-catalog/src/main/java/org/opencb/opencga/catalog/auth/authorization/AuthorizationManager.java

@@ -16,8 +16,9 @@
 
 package org.opencb.opencga.catalog.auth.authorization;
 
+import org.opencb.opencga.catalog.exceptions.CatalogAuthorizationException;
+import org.opencb.opencga.catalog.exceptions.CatalogDBException;
 import org.opencb.opencga.catalog.exceptions.CatalogException;
-import org.opencb.opencga.catalog.utils.CatalogFqn;
 import org.opencb.opencga.catalog.utils.ParamUtils;
 import org.opencb.opencga.core.models.AclEntryList;
 import org.opencb.opencga.core.models.JwtPayload;
@@ -82,7 +83,12 @@ static EnumSet<StudyPermissions.Permissions> getLockedAcls() {
         return EnumSet.noneOf(StudyPermissions.Permissions.class);
     }
 
-    void checkCanAccessOrganization(CatalogFqn catalogFqn, JwtPayload jwtPayload) throws CatalogException;
+    default void checkIsOrganizationOwnerOrAdmin(String organization, String userId) throws CatalogAuthorizationException {
+        if (!isOrganizationOwnerOrAdmin(organization, userId)) {
+            throw new CatalogAuthorizationException("Permission denied: Only the owner or admins of the organization can perform this "
+                    + "action.");
+        }
+    }
 
     void checkCanViewProject(String organizationId, long projectId, String userId) throws CatalogException;
 
@@ -121,6 +127,8 @@ void checkUpdateGroupPermissions(String organizationId, long studyId, String use
 
     void checkIsOwnerOrAdmin(String organizationId, long studyId, String userId) throws CatalogException;
 
+    boolean isOrganizationOwnerOrAdmin(String organization, String userId) throws CatalogDBException;
+
     boolean isOwnerOrAdmin(String organizationId, long studyId, String userId) throws CatalogException;
 
     void checkFilePermission(String organizationId, long studyId, long fileId, String userId, FilePermissions permission)

opencga-catalog/src/main/java/org/opencb/opencga/catalog/auth/authorization/CatalogAuthorizationManager.java

@@ -17,16 +17,14 @@
 package org.opencb.opencga.catalog.auth.authorization;
 
 import org.apache.commons.collections4.CollectionUtils;
-import org.apache.commons.lang3.StringUtils;
 import org.opencb.commons.datastore.core.Query;
 import org.opencb.opencga.catalog.db.DBAdaptorFactory;
 import org.opencb.opencga.catalog.db.api.*;
 import org.opencb.opencga.catalog.db.mongodb.AuthorizationMongoDBAdaptor;
 import org.opencb.opencga.catalog.exceptions.CatalogAuthorizationException;
 import org.opencb.opencga.catalog.exceptions.CatalogDBException;
 import org.opencb.opencga.catalog.exceptions.CatalogException;
-import org.opencb.opencga.catalog.exceptions.CatalogParameterException;
-import org.opencb.opencga.catalog.utils.CatalogFqn;
+import org.opencb.opencga.catalog.managers.OrganizationManager;
 import org.opencb.opencga.catalog.utils.ParamUtils;
 import org.opencb.opencga.core.api.ParamConstants;
 import org.opencb.opencga.core.config.Configuration;
@@ -39,6 +37,7 @@
 import org.opencb.opencga.core.models.file.FilePermissions;
 import org.opencb.opencga.core.models.individual.IndividualPermissions;
 import org.opencb.opencga.core.models.job.JobPermissions;
+import org.opencb.opencga.core.models.organizations.Organization;
 import org.opencb.opencga.core.models.panel.PanelPermissions;
 import org.opencb.opencga.core.models.sample.SamplePermissions;
 import org.opencb.opencga.core.models.study.Group;
@@ -75,41 +74,17 @@ public CatalogAuthorizationManager(DBAdaptorFactory dbFactory, Configuration con
         this.aclDBAdaptor = new AuthorizationMongoDBAdaptor(dbFactory, configuration);
     }
 
-    @Override
-    void checkCanAccessOrganization(CatalogFqn catalogFqn, JwtPayload jwtPayload) throws CatalogException {
-        ParamUtils.checkParameter(jwtPayload.getOrganization(), "JWT organization");
-        if (StringUtils.isEmpty(catalogFqn.getOrganizationId())) {
-            catalogFqn.setOrganizationId(jwtPayload.getOrganization());
-        } else if (!catalogFqn.getOrganizationId().equals(jwtPayload.getOrganization())) {
-            // If the user is trying to access data from a different organization, we need to check that the user is an administrator,
-            // otherwise, the user should not be able to access it.
-            try {
-                checkIsInstallationAdministrator(jwtPayload.getOrganization(), jwtPayload.getUserId());
-            } catch (CatalogException e) {
-                logger.error("User '{}' belonging to organization '{}' requested access to organization '{}'", jwtPayload.getUserId(),
-                        jwtPayload.getOrganization(), catalogFqn.getOrganizationId());
-                throw new CatalogAuthorizationException("Cannot access data from a different organization.");
-            }
-        }
-    }
-
     @Override
     public void checkCanEditProject(String organizationId, long projectId, String userId) throws CatalogException {
-        if (isInstallationAdministrator(organizationId, userId)) {
-            return;
-        }
-        if (isOrganizationOwnerOrAdmin()) {
+        if (isOrganizationOwnerOrAdmin(organizationId, userId)) {
             return;
         }
         throw new CatalogAuthorizationException("Permission denied: Only the owner of the project can update it.");
     }
 
     @Override
     public void checkCanViewProject(String organizationId, long projectId, String userId) throws CatalogException {
-        if (isInstallationAdministrator(organizationId, userId)) {
-            return;
-        }
-        if (isOrganizationOwnerOrAdmin()) {
+        if (isOrganizationOwnerOrAdmin(organizationId, userId)) {
             return;
         }
 
@@ -312,6 +287,16 @@ public void checkIsOwnerOrAdmin(String organizationId, long studyId, String user
         }
     }
 
+    @Override
+    public boolean isOrganizationOwnerOrAdmin(String organizationId, String userId) throws CatalogDBException {
+        OrganizationDBAdaptor organizationDBAdaptor = dbAdaptorFactory.getCatalogOrganizationDBAdaptor(organizationId);
+        Organization organization = organizationDBAdaptor.get(OrganizationManager.INCLUDE_ORGANIZATION_ADMINS).first();
+        if (organization.getOwner().equals(userId) || organization.getAdmins().contains(userId)) {
+            return true;
+        }
+        return false;
+    }
+
     @Override
     public boolean isOwnerOrAdmin(String organizationId, long studyId, String userId) throws CatalogException {
         String ownerId = dbAdaptorFactory.getCatalogStudyDBAdaptor(organizationId).getOwnerId(studyId);

opencga-catalog/src/main/java/org/opencb/opencga/catalog/db/DBAdaptorFactory.java

@@ -36,6 +36,7 @@ public interface DBAdaptorFactory extends AutoCloseable {
     /**
      * Says if the catalog database is ready to be used. If false, needs to be initialized.
      * @return boolean
+     * @throws CatalogDBException CatalogDBException.
      */
     boolean isCatalogDBReady() throws CatalogDBException;
 

opencga-catalog/src/main/java/org/opencb/opencga/catalog/managers/CatalogManager.java

@@ -241,7 +241,7 @@ private void privateInstall(String secretKey, String password, String email, boo
         organizationManager.update(ADMIN_ORGANIZATION, new OrganizationUpdateParams().setOwner(OPENCGA), QueryOptions.empty(), token);
         projectManager.create(ADMIN_ORGANIZATION, new ProjectCreateParams().setId(ADMIN_PROJECT).setDescription("Default project"), null,
                 token);
-        studyManager.create(ADMIN_ORGANIZATION, ADMIN_PROJECT, new Study().setId(ADMIN_STUDY).setDescription("Default study"),
+        studyManager.create(ADMIN_PROJECT, new Study().setId(ADMIN_STUDY).setDescription("Default study"),
                 QueryOptions.empty(), token);
 
         // Skip old available migrations