Shiro #105
Merged
Shiro #105
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added new application.properties value:
flyway.placeholders.ohdsiSchema=${flyway.placeholders.ohdsiSchema}
spring.jpa.properties.hibernate.default_schema=${datasource.ohdsi.schema}
Manually applying JPA properties in DataAccessConfig.
initial progress on connecting the webapi to the RDF endpoint via sparql
This brings in the ability to make calls to the RDF endpoint to support the drill down use cases
add ? to makefile
- move getCohortSummaryData(), getCohortSummaryAnalyses() and corresponding methods/mapper into CohortResultsService - remove /sourceKey from path and modify service methods in CohortAnalysisService - add getOhdsiSchema() into AbstractDaoService
flyway postgresql and oracle migrations for concept sets
Concept set persistence
This merge brings in the getEvidenceSummaryBySource call
implement getEvidenceDetails
added missing table qualifier
A BETWEEN X and Y becomes A >= X and A <= Y. BETWEEN is not consistent between all db platforms.
Implementation of Incidence Rate web services, tasklets and repositories and IR Analysis Report Generation. Added new dependency: apache commons collections v4.1.
Existing cohorts will have this null, so a null check is required.
Put new permissions for cohort created with 'copy' method.
modified: src/test/java/org/ohdsi/webapi/test/feasibility/StudyInfoTest.java
Conflicts: pom.xml src/main/java/org/ohdsi/webapi/service/CohortDefinitionService.java src/main/java/org/ohdsi/webapi/service/EvidenceService.java src/main/java/org/ohdsi/webapi/service/FeasibilityService.java
…role can change it.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is a naive implementation of role-based access control with Shiro.
Authentication
Currently, user may login by providing user name and password via POST request.
Credentials are validated against windows users and users populated in application database.
Authorization
Every API method checks before execution if user has a required permission. If user does not or isn't authenticated then UnauthorizedException is generated.
To provide flexibility, permission definitions consist of two parts. The first part describes a kind of action the method is supposed to perform, like 'read', 'update', etc. The second part is formed of relative URL path and may contain multiple levels.
For example, call to '/cohortdefinition/111/info' (where '111' is ID) is assigned to permission 'read:cohortdefinition:111:info'. So that to grant access to all methods which are marked with 'read' functionality, we just need to associate a role with permission 'read'. To grant access to all methods of 'cohortdefinition' service, we need to associate a role with permission '*:cohordefinition'. We can even restrict access only to certain IDs by giving permission like 'read:cohortdefinition:110,111:info'.
Here more on wildcard permissions in Shiro.
Here is an example of initial roles and permissions.
Further steps