Skip to content

Commit

Permalink
Added better logging and messages for auth handling (#2083)
Browse files Browse the repository at this point in the history
* Added better logging and messages for auth handling
* Set maven version for gitlab
  • Loading branch information
ivakegg committed Sep 26, 2023
1 parent e2deec0 commit e808eca
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 2 deletions.
6 changes: 6 additions & 0 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ jobs:
restore-keys: |
${{ runner.os }}-maven-format-
${{ runner.os }}-maven-
maven-version: 3.8.7
cache: 'maven'
- name: Format code
run: |
mvn -V -B -e clean formatter:format sortpom:sort -Pautoformat
Expand All @@ -62,6 +64,8 @@ jobs:
${{ runner.os }}-maven-build-
${{ runner.os }}-maven-format-
${{ runner.os }}-maven-
maven-version: 3.8.7
cache: 'maven'
- name: Build and Run Unit Tests
run: |
RUN_TESTS="mvn -V -B -e -Pdev,examples,assemble,spotbugs -Ddeploy -Ddist -T1C clean verify"
Expand All @@ -79,6 +83,8 @@ jobs:
with:
distribution: ${{env.JAVA_DISTRIBUTION}}
java-version: ${{env.JAVA_VERSION}}
maven-version: 3.8.7
cache: 'maven'
# Allow us to use the "--squash" option below
- name: Turn on Docker experimental features and move Docker data root
run: |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,9 @@ private static Authorizations getUserAuthorizations(String requestedAuths, Dataw

// validate that the query user is actually a subset of the primary user
if (!primaryUser.getAuths().containsAll(queryUser.getAuths())) {
throw new IllegalArgumentException("System Error. Unexpected authorization mismatch. Please try again.");
Set<String> auths = new HashSet<>(queryUser.getAuths());
auths.removeAll(primaryUser.getAuths());
throw new IllegalArgumentException("System Error. Overall primary user missing auths " + auths + ". Please try again.");
}

// validate that the requestedAuths do not include anything outside of the principal's auths
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,14 @@ public Set<Authorizations> updateRuntimeAuthorizationsAndQueryAuths(QueryLogic<?
settings.setQueryAuthorizations(validQueryAuthorizations);

// recalculate the runtime query authorizations (no need to pass in userService as we have already recalculated the principal)
return AuthorizationsUtil.getDowngradedAuthorizations(validQueryAuthorizations, principal, queryPrincipal);
Set<Authorizations> downgradedAuths = AuthorizationsUtil.getDowngradedAuthorizations(validQueryAuthorizations, principal, queryPrincipal);
if (log.isTraceEnabled()) {
log.trace("Principal auths for user " + principal.getPrimaryUser().getCommonName() + " are " + principal.getPrimaryUser().getAuths());
log.trace("Query principal auths for " + logic.getLogicName() + " are " + validAuths);
log.trace("Requested auths were " + requestedAuths + " of which the valid query auths are " + validQueryAuthorizations);
log.trace("Downgraded auths are " + downgradedAuths);
}
return downgradedAuths;
}

@Override
Expand Down

0 comments on commit e808eca

Please sign in to comment.