A&A for validations

author: mr <mr@mrautenberg.de> 2011-02-01 16:34:20 +0100
committer: mr <mr@mrautenberg.de> 2011-02-01 16:34:20 +0100
commit: 26c0b93a02fddb60175747f7733d13e973257cd8 (patch)
tree: b90b7354ff413bd30ec6e1bb902caf39a89e5928
parent: 3aaae5a3fe341073fc0537606aababe387d830e0 (diff)
4 files changed, 56 insertions, 59 deletions
diff --git a/lib/authorization.rb b/lib/authorization.rb
index b4c1ee5..12be037 100644
--- a/lib/authorization.rb
+++ b/lib/authorization.rb
@@ -328,55 +328,60 @@ module OpenTox
     # @param [String] subjectid
     # @return [Boolean] true if access granted, else otherwise
     def self.authorized?(uri, request_method, subjectid)
-      if OpenTox::Authorization.whitelisted?(uri, request_method)
-        LOGGER.debug "authorized? >>true<< (uris is whitelisted), method: #{request_method}, URI: #{uri}, subjectid: #{subjectid}"
-        true 
-      elsif CONFIG[:authorization][:authorize_request].include?(request_method)
-        ret = OpenTox::Authorization.authorize(uri, request_method, subjectid)
-        LOGGER.debug "authorized? >>#{ret}<< (uri authorized), method: #{request_method}, URI: #{uri}, subjectid: #{subjectid}"
-        ret
+      if CONFIG[:authorization][:free_request].include?(request_method)  
+        #LOGGER.debug "authorized? >>true<< (request is free), method: #{request_method}, URI: #{uri}, subjectid: #{subjectid}"
+        true
+      elsif OpenTox::Authorization.free_uri?(uri, request_method)
+        #LOGGER.debug "authorized? >>true<< (uris is free_uri), method: #{request_method}, URI: #{uri}, subjectid: #{subjectid}"
+        true
       elsif CONFIG[:authorization][:authenticate_request].include?(request_method)
         ret = OpenTox::Authorization.is_token_valid(subjectid)
-        LOGGER.debug "authorized? >>#{ret}<< (token is valid), method: #{request_method}, URI: #{uri}, subjectid: #{subjectid}"
+        #LOGGER.debug "authorized? >>#{ret}<< (token is in/valid), method: #{request_method}, URI: #{uri}, subjectid: #{subjectid}"
+        ret
+      elsif OpenTox::Authorization.authorize_exception?(uri, request_method)
+        ret = OpenTox::Authorization.is_token_valid(subjectid)
+        #LOGGER.debug "authorized? >>#{ret}<< (uris is authorize exception, token is in/valid), method: #{request_method}, URI: #{uri}, subjectid: #{subjectid}"
+        ret
+      elsif CONFIG[:authorization][:authorize_request].include?(request_method)
+        ret = OpenTox::Authorization.authorize(uri, request_method, subjectid)
+        LOGGER.debug "authorized? >>#{ret}<< (uri (not) authorized), method: #{request_method}, URI: #{uri}, subjectid: #{subjectid}"
         ret
       else 
-        LOGGER.debug "authorized? >>true<< (request is free), method: #{request_method}, URI: #{uri}, subjectid: #{subjectid}"
-        true
+        LOGGER.error "invalid request/uri method: #{request_method}, URI: #{uri}, subjectid: #{subjectid}"
+        false
       end
     end
     
-    @@whitelist = {}
-    
     private
-    def self.whitelisted?(uri, request_method)
-      return false unless @@whitelist[request_method]
-      @@whitelist[request_method].each do |regexp,invert|
-        if invert
-          return true if !regexp.match(uri) 
-        else
-          return true if regexp.match(uri)
+    def self.free_uri?(uri, request_method)
+      if CONFIG[:authorization][:free_uris]
+        CONFIG[:authorization][:free_uris].each do |request_methods,uris|
+          LOGGER.info "free uris "+request_methods.inspect+" -> "+uris.inspect
+          if request_methods and uris and request_methods.include?(request_method.to_sym) 
+            uris.each do |u|
+              return true if u.match uri
+            end
+          end
         end
-      end
+      end    
       return false
     end
     
-    public
-    # adds uri/regexp-for-matching-uri to the whitelist for a request-method (i.e. access will be granted without cheking the A&A service)
-    # @param [String or Regexp] uri_match if string match must be ecaxt
-    # @param [String] request_method, must be GET, POST, PUT, DELETE
-    # @param [Boolean,optional] invert, set to true if you want to whitelist everything that does not match (careful!)
-    def self.whitelist(uri_match, request_method, invert=false)
-      if uri_match.is_a?(Regexp)
-        uri_regex = uri_match
-      elsif uri_match.is_a?(String)
-        uri_regex = Regexp.new("^"+uri_match+"$")
-      else
-        raise "uri-match param is neither string(->exact uri match) nor regexp: "+uri_match.class.to_s
-      end
-      LOGGER.info("whitelisted "+request_method.to_s+" "+uri_regex.to_s)
-      @@whitelist[request_method] = [] unless @@whitelist[request_method]
-      @@whitelist[request_method] << [ uri_regex, invert ]
-    end
+    def self.authorize_exception?(uri, request_method)
+      if CONFIG[:authorization][:authorize_exceptions]
+        CONFIG[:authorization][:authorize_exceptions].each do |request_methods,uris|
+          if request_methods and uris and request_methods.include?(request_method.to_sym) 
+            uris.each do |u|
+              return true if u.match uri
+            end
+          end
+        end
+      end    
+      return false
+    end    
+    
+    
+
     
   end
 end
diff --git a/lib/helper.rb b/lib/helper.rb
index afeeb43..0bb489c 100644
--- a/lib/helper.rb
+++ b/lib/helper.rb
@@ -9,6 +9,7 @@ helpers do
       end
     elsif !env["session"] && subjectid
       unless authorized?(subjectid)
+        LOGGER.debug "URI not authorized: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']} with request: #{request.env['REQUEST_METHOD']}"
         raise OpenTox::NotAuthorizedError.new "Not authorized" 
       end
     else
@@ -29,27 +30,18 @@ helpers do
   def clean_uri(uri)
     out = URI.parse(uri)
     out.path = out.path[0, out.path.rindex(/[0-9]/) + 1] if out.path.rindex(/[0-9]/) #cuts after id for a&a
-    "#{out.scheme}:" + (out.port != 80 ? out.port : "") + "//#{out.host}#{out.path}"
+    "#{out.scheme}:" + (out.port != 80 ? out.port : "") + "//#{out.host}#{out.path.chomp('/')}"
   end
 
-  #unprotected uris for login/logout, webapplication ...
-  def unprotected_requests
-    case  env['REQUEST_URI']
-    when /\/login$|\/logout$|\/predict$|\/toxcreate\/models$/
-      return true
-    when /\/features/
-      return false
-    when /\/compound|\/feature|\/task|\/toxcreate/   #to fix: read from config | validation should be protected
-      return true
-    else
-      return false
-    end
+  #unprotected uri for login
+  def login_requests
+    return env['REQUEST_URI'] =~ /\/login$/ 
    end
 
 end
 
 before do
-  unless !AA_SERVER or unprotected_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) 
+  unless !AA_SERVER or login_requests or CONFIG[:authorization][:free_request].include?(env['REQUEST_METHOD']) 
     begin
       subjectid = nil
       subjectid = session[:subjectid] if session[:subjectid]
diff --git a/lib/model.rb b/lib/model.rb
index 80d7ec4..0073ea4 100644
--- a/lib/model.rb
+++ b/lib/model.rb
@@ -46,7 +46,7 @@ module OpenTox
         
         @algorithm = OpenTox::Algorithm::Generic.find(@metadata[OT.algorithm], subjectid) unless @algorithm
         algorithm_title = @algorithm ? @algorithm.metadata[DC.title] : nil
-        @dependentVariable = OpenTox::Feature.find( @metadata[OT.dependentVariables],subjectid ) unless @dependentVariable
+        @dependentVariable = OpenTox::Feature.find( @metadata[OT.dependentVariables], subjectid) unless @dependentVariable
         
         [@dependentVariable.feature_type, @metadata[OT.isA], @metadata[DC.title], @uri, algorithm_title].each do |type|
           case type
@@ -137,7 +137,7 @@ module OpenTox
           OT.parameters => [{DC.title => "dataset_uri", OT.paramValue => dataset_uri}]
         })
         d = Dataset.new(dataset_uri,subjectid)
-        d.load_compounds
+        d.load_compounds(subjectid)
         count = 0
         d.compounds.each do |compound_uri|
           begin
diff --git a/lib/validation.rb b/lib/validation.rb
index 76c4529..23b246b 100644
--- a/lib/validation.rb
+++ b/lib/validation.rb
@@ -13,18 +13,18 @@ module OpenTox
 			OpenTox::Validation.new(uri)
 		end
 
-    def create_report
-			@report_uri = RestClientWrapper.post(File.join(CONFIG[:services]["opentox-validation"],"/report/crossvalidation"), :validation_uris => @uri).to_s
+    def create_report(subjectid=nil)
+			@report_uri = OpenTox::RestClientWrapper.post(File.join(CONFIG[:services]["opentox-validation"],"/report/crossvalidation"), {:validation_uris => @uri, :subjectid => subjectid}).to_s
       @report_uri
     end
 
-    def create_qmrf_report
-      @qmrf_report_uri = RestClientWrapper.post(File.join(CONFIG[:services]["opentox-validation"],"/reach_report/qmrf"), :model_uri => @uri).to_s
+    def create_qmrf_report(subjectid=nil)
+      @qmrf_report_uri = OpenTox::RestClientWrapper.post(File.join(CONFIG[:services]["opentox-validation"],"/reach_report/qmrf"), {:model_uri => @uri, :subjectid => subjectid}).to_s
       @qmrf_report_uri
     end
 
-    def summary(type)
-      v = YAML.load RestClientWrappper.get(File.join(@uri, 'statistics'),:accept => "application/x-yaml").to_s
+    def summary(type, subjectid=nil)
+      v = YAML.load OpenTox::RestClientWrapper.get(File.join(@uri, 'statistics'),{:accept => "application/x-yaml", :subjectid => subjectid}).to_s
 
       case type
       when "classification"
author	mr <mr@mrautenberg.de>	2011-02-01 16:34:20 +0100
committer	mr <mr@mrautenberg.de>	2011-02-01 16:34:20 +0100
commit	26c0b93a02fddb60175747f7733d13e973257cd8 (patch)
tree	b90b7354ff413bd30ec6e1bb902caf39a89e5928
parent	3aaae5a3fe341073fc0537606aababe387d830e0 (diff)