Merge pull request #1200 from jpwhite4/enforce_rawdata_acl

Enforce realm acls for show raw data endpoints.
ubccr · Jan 14, 2020 · b018eca · b018eca
2 parents 3defcae + 0943e10
commit b018eca
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 38 deletions.
diff --git a/classes/DataWarehouse/Access/RawData.php b/classes/DataWarehouse/Access/RawData.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace DataWarehouse\Access;
+
+use Configuration\XdmodConfiguration;
+use XDUser;
+use Models\Services\Realms;
+
+/*
+ * Data access for raw data from the fact tables
+ */
+class RawData
+{
+    public static function getRawDataRealms(XDUser $user)
+    {
+        $realms = array();
+
+        $raw = XdmodConfiguration::factory('rawstatistics.json', CONFIG_DIR)->toStdClass();
+
+        if (!property_exists($raw, 'realms')) {
+            return $realms;
+        }
+
+        $allowedRealms = Realms::getRealmsForUser($user);
+
+        foreach($raw->realms as $realmConfig)
+        {
+            if (property_exists($realmConfig, 'raw_data') && $realmConfig->raw_data === false) {
+                continue;
+            }
+
+            if (in_array($realmConfig->name, $allowedRealms)) {
+                $realms[] = $realmConfig;
+            }
+        }
+
+        return $realms;
+    }
+
+    public static function realmExists(XDUser $user, $realm)
+    {
+        $realmlist = self::getRawDataRealms($user);
+
+        foreach ($realmlist as $realmConfig) {
+            if ($realm == $realmConfig->name) {
+                return true;
+            }
+        }
+        return false;
+    }
+}
diff --git a/classes/Rest/Controllers/WarehouseControllerProvider.php b/classes/Rest/Controllers/WarehouseControllerProvider.php
@@ -367,7 +367,7 @@ public function searchHistory(Request $request, Application $app)
         } elseif ($realm !== null) {
             $result = $this->processHistoryRequest($app, $user, $realm, $action);
         } else {
-            $result = $this->processHistoryDefaultRealmRequest($app, $action);
+            $result = $this->processHistoryDefaultRealmRequest($app, $user, $action);
         }
 
         return $result;
@@ -1472,17 +1472,7 @@ private function getJobData(Application $app, XDUser $user, $realm, $jobId, $act
      */
     private function getJobDataSet(XDUser $user, $realm, $jobId, $action)
     {
-        $rawstats = XdmodConfiguration::assocArrayFactory('rawstatistics.json', CONFIG_DIR);
-
-        $realmExists = false;
-        foreach ($rawstats['realms'] as $item) {
-            if ($item['name'] === $realm) {
-                $realmExists = true;
-                break;
-            }
-        }
-
-        if (!$realmExists) {
+        if (!\DataWarehouse\Access\RawData::realmExists($user, $realm)) {
             throw new \DataWarehouse\Query\Exceptions\AccessDeniedException;
         }
 
@@ -1760,20 +1750,16 @@ private function processHistoryRequest(Application $app, XDUser $user, $realm, $
      * @param $action
      * @return \Symfony\Component\HttpFoundation\JsonResponse
      */
-    private function processHistoryDefaultRealmRequest(Application $app, $action)
+    private function processHistoryDefaultRealmRequest(Application $app, XDUser $user, $action)
     {
-        $rawstats = XdmodConfiguration::assocArrayFactory('rawstatistics.json', CONFIG_DIR);
-
         $results = array();
 
-        if (isset($rawstats['realms'])) {
-            foreach($rawstats['realms'] as $realmconfig) {
-                $results[] = array(
-                    'dtype' => 'realm',
-                    'realm' => $realmconfig['name'],
-                    'text' => $realmconfig['display']
-                );
-            }
+        foreach(\DataWarehouse\Access\RawData::getRawDataRealms($user) as $realmconfig) {
+            $results[] = array(
+                'dtype' => 'realm',
+                'realm' => $realmconfig->name,
+                'text' => $realmconfig->display
+            );
         }
 
         return $app->json(
@@ -2071,18 +2057,7 @@ private function getJobTimeSeriesData(Application $app, Request $request, \XDUse
      */
     private function getJobByPrimaryKey(Application $app, \XDUser $user, $realm, $searchparams)
     {
-        $rawstats = XdmodConfiguration::assocArrayFactory('rawstatistics.json', CONFIG_DIR);
-
-        $realmExists = count(
-            array_filter(
-                $rawstats['realms'],
-                function ($item) use ($realm) {
-                    return $item['name'] === $realm;
-                }
-            )
-        ) > 0;
-
-        if (!$realmExists) {
+        if (!\DataWarehouse\Access\RawData::realmExists($user, $realm)) {
             throw new \DataWarehouse\Query\Exceptions\AccessDeniedException;
         }
 

diff --git a/html/index.php b/html/index.php
@@ -271,13 +271,13 @@ function isReferrer($referrer)
             print "CCR.xdmod.ui.isCenterDirector = " . json_encode($user->hasAcl(ROLE_ID_CENTER_DIRECTOR)) . ";\n";
         }
 
-        $config = \Configuration\XdmodConfiguration::assocArrayFactory('rawstatistics.json', CONFIG_DIR);
+        $rawRealmConfig = \DataWarehouse\Access\RawData::getRawDataRealms($user);
 
         $rawDataRealms = array_map(
             function ($item) {
-                return $item['name'];
+                return $item->name;
             },
-            $config['realms']
+            $rawRealmConfig
         );
 
         print "CCR.xdmod.ui.rawDataAllowedRealms = " . json_encode($rawDataRealms) . ";\n";