add whitlisting concept for A&A, some minor modifications

4 files changed, 59 insertions, 18 deletions

diff --git a/lib/authorization.rb b/lib/authorization.rb
index 5bc690a..c6f39c1 100644
--- a/lib/authorization.rb
+++ b/lib/authorization.rb
@@ -322,7 +322,47 @@ module OpenTox
       alias :token_valid? :is_token_valid
     end
 
-  end 
+    #Check Authorization for URI with method and subjectid. 
+    def self.authorized?(uri, request_method, subjectid)
+      return true if OpenTox::Authorization.whitelisted?(uri, request_method)
+      if CONFIG[:authorization][:authorize_request].include?(request_method)
+        ret = OpenTox::Authorization.authorize(uri, request_method, subjectid)
+        LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request_method} , URI: #{uri}, subjectid: #{subjectid} with return >>#{ret}<<"
+        return ret
+      end
+      if CONFIG[:authorization][:authenticate_request].include?(request_method)
+        return true if OpenTox::Authorization.is_token_valid(subjectid)
+      end
+      LOGGER.debug "Not authorized for: #{uri} with Method: #{request_method} with Token #{subjectid}"
+      return false
+    end
+    
+    @@whitelist = {}
+    
+    private
+    def self.whitelisted?(uri, request_method)
+      return false unless @@whitelist[request_method]
+      @@whitelist[request_method].each do |r|
+        return true if r.match(uri)
+      end
+      return false
+    end
+    
+    public
+    def self.whitelist(uri_match, request_method)
+      if uri_match.is_a?(Regexp)
+        uri_regex = uri_match
+      elsif uri_match.is_a?(String)
+        uri_regex = Regexp.new("^"+uri_match+"$")
+      else
+        raise "uri-match param is neither string(->exact uri match) nor regexp: "+uri_match.class
+      end
+      LOGGER.info("whitelisted "+request_method+" "+uri_regex.to_s)
+      @@whitelist[request_method] = [] unless @@whitelist[request_method]
+      @@whitelist[request_method] << uri_regex
+    end
+    
+  end
 end
 
 
diff --git a/lib/error.rb b/lib/error.rb
index e5c460d..8c666f3 100644
--- a/lib/error.rb
+++ b/lib/error.rb
@@ -39,7 +39,7 @@ module OpenTox
       @actor = actor
       @errorCause = error.errorCause if error.errorCause
       @rest_params = error.rest_params if error.is_a?(OpenTox::RestCallError) and error.rest_params
-      @backtrace = error.backtrace.join("\n") if CONFIG[:backtrace]
+      @backtrace = error.backtrace.short_backtrace if CONFIG[:backtrace]
     end
     
     # overwrite sorting to make easier readable
@@ -72,4 +72,15 @@ module OpenTox
       s.to_rdfxml
     end
   end
+end
+
+class Array
+  def short_backtrace
+    short = []
+    each do |c|
+      break if c =~ /sinatra\/base/
+      short << c
+    end
+    short.join("\n")
+  end
 end
\ No newline at end of file
diff --git a/lib/helper.rb b/lib/helper.rb
index e82c8fb..afeeb43 100644
--- a/lib/helper.rb
+++ b/lib/helper.rb
@@ -16,22 +16,12 @@ helpers do
     end
   end
 
-
   #Check Authorization for URI with method and subjectid. 
   def authorized?(subjectid)
     request_method = request.env['REQUEST_METHOD']
     uri = clean_uri("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}")
     request_method = "GET" if request_method == "POST" &&  uri =~ /\/model\/\d+\/?$/
-    if CONFIG[:authorization][:authorize_request].include?(request_method)
-      ret = OpenTox::Authorization.authorize(uri, request_method, subjectid)
-      LOGGER.debug "OpenTox helpers OpenTox::Authorization authorized? method: #{request_method} , URI: #{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}, subjectid: #{subjectid} with return >>#{ret}<<"
-      return ret
-    end
-    if CONFIG[:authorization][:authenticate_request].include?(request_method)
-      return true if OpenTox::Authorization.is_token_valid(subjectid)
-    end
-    LOGGER.debug "Not authorized for: #{uri} with Method: #{request.env['REQUEST_METHOD']}/#{request_method} with Token #{subjectid}"
-    return false
+    return OpenTox::Authorization.authorized?(uri, request_method, subjectid)
   end
 
   #cleans URI from querystring and file-extension. Sets port 80 to emptystring
diff --git a/lib/model.rb b/lib/model.rb
index 85be1b5..741eea6 100644
--- a/lib/model.rb
+++ b/lib/model.rb
@@ -24,9 +24,9 @@ module OpenTox
       # Find Generic Opentox Model via URI, and loads metadata
       # @param [String] uri Model URI
       # @return [OpenTox::Model::Generic] Model instance, nil if model was not found
-      def self.find(uri)
+      def self.find(uri,subjectid=nil)
         model = Generic.new(uri)
-        model.load_metadata
+        model.load_metadata(subjectid)
         if model.metadata==nil or model.metadata.size==0
           nil
         else
@@ -36,10 +36,10 @@ module OpenTox
     
        # provides feature type, possible types are "regression" or "classification"
        # @return [String] feature type, "unknown" if type could not be estimated
-      def feature_type
+      def feature_type(subjectid=nil)
         # dynamically perform restcalls if necessary
-        load_metadata if @metadata==nil or @metadata.size==0 or (@metadata.size==1 && @metadata.values[0]==@uri)
-        @dependentVariable = OpenTox::Feature.find( @metadata[OT.dependentVariables] ) unless @dependentVariable
+        load_metadata(subjectid) if @metadata==nil or @metadata.size==0 or (@metadata.size==1 && @metadata.values[0]==@uri)
+        @dependentVariable = OpenTox::Feature.find( @metadata[OT.dependentVariables],subjectid ) unless @dependentVariable
         
         [@dependentVariable.feature_type, @metadata[OT.isA], @metadata[DC.title], @uri].each do |type|
           case type