From f29354f7646b6e3c8d6672c6880c066f54ffacd4 Mon Sep 17 00:00:00 2001 From: Ryan Stonebraker Date: Thu, 31 Aug 2023 15:33:34 -0700 Subject: [PATCH 1/3] Allows public users to export data if they have access to the dataset --- api/endpoints/Export.go | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/api/endpoints/Export.go b/api/endpoints/Export.go index d860024a..f794cfcd 100644 --- a/api/endpoints/Export.go +++ b/api/endpoints/Export.go @@ -47,16 +47,33 @@ type exportFilesParams struct { func registerExportHandler(router *apiRouter.ApiObjectRouter) { const pathPrefix = "export" - router.AddGenericHandler(handlers.MakeEndpointPath(pathPrefix+"/files", datasetIdentifier), apiRouter.MakeMethodPermission("POST", permission.PermExportMap), exportFilesPost) + router.AddGenericHandler(handlers.MakeEndpointPath(pathPrefix+"/files", datasetIdentifier), apiRouter.MakeMethodPermission("POST", permission.PermPublic), exportFilesPost) } func exportFilesPost(params handlers.ApiHandlerGenericParams) error { + datasetID := params.PathParams[datasetIdentifier] + // Read in body body, err := ioutil.ReadAll(params.Request.Body) if err != nil { return api.MakeBadRequestError(err) } + isPublicUser := !params.UserInfo.Permissions[permission.PermExportMap] + publicObjectsAuth, err := permission.GetPublicObjectsAuth(params.Svcs.FS, params.Svcs.Config.ConfigBucket, isPublicUser) + if err != nil { + return err + } + + isDatasetPublicWithObjects, err := permission.CheckIsObjectInPublicSet(publicObjectsAuth.Datasets, datasetID) + if err != nil { + return err + } + + if !isDatasetPublicWithObjects { + return api.MakeBadRequestError(fmt.Errorf("Dataset %v is not public", datasetID)) + } + var req exportFilesParams err = json.Unmarshal(body, &req) if err != nil { @@ -78,8 +95,6 @@ func exportFilesPost(params handlers.ApiHandlerGenericParams) error { // We need to export a ZIP file containing what is identified in File IDs - datasetID := params.PathParams[datasetIdentifier] - // Get the quantification file - if it's a shared file, quantUserID should be empty quantPath := filepaths.GetUserQuantPath(params.UserInfo.UserID, datasetID, "") quantID := req.QuantID From 632031dc1818989eb42fb602128d776d705c968e Mon Sep 17 00:00:00 2001 From: Ryan Stonebraker Date: Thu, 31 Aug 2023 16:04:17 -0700 Subject: [PATCH 2/3] Updates export tests --- api/endpoints/Export.go | 22 +++++++++++++--------- api/endpoints/Export_test.go | 11 +++++++++++ 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/api/endpoints/Export.go b/api/endpoints/Export.go index f794cfcd..c56073dc 100644 --- a/api/endpoints/Export.go +++ b/api/endpoints/Export.go @@ -60,17 +60,21 @@ func exportFilesPost(params handlers.ApiHandlerGenericParams) error { } isPublicUser := !params.UserInfo.Permissions[permission.PermExportMap] - publicObjectsAuth, err := permission.GetPublicObjectsAuth(params.Svcs.FS, params.Svcs.Config.ConfigBucket, isPublicUser) - if err != nil { - return err - } - - isDatasetPublicWithObjects, err := permission.CheckIsObjectInPublicSet(publicObjectsAuth.Datasets, datasetID) - if err != nil { - return err + isDatasetViewable := !isPublicUser + + if isPublicUser { + publicObjectsAuth, err := permission.GetPublicObjectsAuth(params.Svcs.FS, params.Svcs.Config.ConfigBucket, isPublicUser) + if err != nil { + return err + } + + isDatasetViewable, err = permission.CheckIsObjectInPublicSet(publicObjectsAuth.Datasets, datasetID) + if err != nil { + return err + } } - if !isDatasetPublicWithObjects { + if !isDatasetViewable { return api.MakeBadRequestError(fmt.Errorf("Dataset %v is not public", datasetID)) } diff --git a/api/endpoints/Export_test.go b/api/endpoints/Export_test.go index 29983ad7..72524640 100644 --- a/api/endpoints/Export_test.go +++ b/api/endpoints/Export_test.go @@ -23,6 +23,7 @@ import ( "net/http" "github.com/pixlise/core/v3/core/awsutil" + "github.com/pixlise/core/v3/core/pixlUser" ) func Example_registerExportHandlerSunny() { @@ -33,6 +34,16 @@ func Example_registerExportHandlerSunny() { svcs := MakeMockSvcs(&mockS3, nil, nil, nil) svcs.Exporter = &exp + + mockUser := pixlUser.UserInfo{ + Name: "Niko Bellic", + UserID: "600f2a0806b6c70071d3d174", + Email: "niko@rockstar.com", + Permissions: map[string]bool{ + "export:map": true, + }, + } + svcs.JWTReader = MockJWTReader{InfoToReturn: &mockUser} apiRouter := MakeRouter(svcs) req, _ := http.NewRequest("POST", "/export/files/983561", bytes.NewReader([]byte(`{ From 5190a0ffd25b4fec4b042fc6678bcf333b788384 Mon Sep 17 00:00:00 2001 From: Ryan Stonebraker Date: Thu, 31 Aug 2023 16:11:57 -0700 Subject: [PATCH 3/3] Updates more export test cases --- api/endpoints/Export_test.go | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/api/endpoints/Export_test.go b/api/endpoints/Export_test.go index 72524640..1b3ecd00 100644 --- a/api/endpoints/Export_test.go +++ b/api/endpoints/Export_test.go @@ -83,6 +83,16 @@ func Example_registerExportHandlerMissingFileName() { svcs := MakeMockSvcs(&mockS3, nil, nil, nil) svcs.Exporter = &exp + mockUser := pixlUser.UserInfo{ + Name: "Niko Bellic", + UserID: "600f2a0806b6c70071d3d174", + Email: "niko@rockstar.com", + Permissions: map[string]bool{ + "export:map": true, + }, + } + svcs.JWTReader = MockJWTReader{InfoToReturn: &mockUser} + apiRouter := MakeRouter(svcs) req, _ := http.NewRequest("POST", "/export/files/983561", bytes.NewReader([]byte(`{ @@ -106,6 +116,16 @@ func Example_registerExportHandlerMissingColumn() { svcs := MakeMockSvcs(&mockS3, nil, nil, nil) svcs.Exporter = &exp + mockUser := pixlUser.UserInfo{ + Name: "Niko Bellic", + UserID: "600f2a0806b6c70071d3d174", + Email: "niko@rockstar.com", + Permissions: map[string]bool{ + "export:map": true, + }, + } + svcs.JWTReader = MockJWTReader{InfoToReturn: &mockUser} + apiRouter := MakeRouter(svcs) req, _ := http.NewRequest("POST", "/export/files/983561", bytes.NewReader([]byte(`{ @@ -130,6 +150,16 @@ func Example_registerExportHandlerBadJSONBody() { svcs := MakeMockSvcs(&mockS3, nil, nil, nil) svcs.Exporter = &exp + mockUser := pixlUser.UserInfo{ + Name: "Niko Bellic", + UserID: "600f2a0806b6c70071d3d174", + Email: "niko@rockstar.com", + Permissions: map[string]bool{ + "export:map": true, + }, + } + svcs.JWTReader = MockJWTReader{InfoToReturn: &mockUser} + apiRouter := MakeRouter(svcs) req, _ := http.NewRequest("POST", "/export/files/983561", bytes.NewReader([]byte(`{