Skip to content
This repository was archived by the owner on Sep 19, 2022. It is now read-only.

Commit 691deff

Browse files
author
Dominik František Bučík
authored
Merge pull request #281 from dBucik/fix_acrs
fix: 🐛 Fix and refactor generating capabilities (resource and facility)
2 parents 627a241 + 009160a commit 691deff

File tree

3 files changed

+188
-50
lines changed

3 files changed

+188
-50
lines changed

lib/Adapter.php

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -265,21 +265,25 @@ abstract public function getMemberStatusByUserAndVo($user, $vo);
265265
abstract public function isUserInVo($user, $voShortName);
266266

267267
/**
268-
* @param int $entityId entityId
269-
* @param array $userGroups of groups where user belongs to
268+
* @param string $spEntityId entityId
269+
* @param array $userGroups of groups where user belongs to
270270
* @param string $entityIdAttr entity id attribute
271271
*
272272
* @return array of resource capabilities
273273
*/
274-
abstract public function getResourceCapabilities($entityId, $userGroups, $entityIdAttr);
274+
abstract public function getResourceCapabilities(
275+
string $spEntityId,
276+
array $userGroups,
277+
string $entityIdAttr
278+
): array;
275279

276280
/**
277-
* @param int $entityId entityId
281+
* @param string $spEntityId entityId
278282
* @param string $entityIdAttr entity id attribute
279283
*
280284
* @return array of facility capabilities
281285
*/
282-
abstract public function getFacilityCapabilities($entityId, $entityIdAttr);
286+
abstract public function getFacilityCapabilities(string $spEntityId, string $entityIdAttr): array;
283287

284288
/**
285289
* @param HasId[] $entities

lib/AdapterLdap.php

Lines changed: 78 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,8 @@ class AdapterLdap extends Adapter
5656

5757
public const TYPE = 'type';
5858

59+
private const DEBUG_PREFIX = 'perun:AdapterLdap - ';
60+
5961
protected $connector;
6062

6163
private $ldapBase;
@@ -563,67 +565,121 @@ public function isUserInVo($user, $voShortName)
563565
return $this->getMemberStatusByUserAndVo($user, $vo) === Member::VALID;
564566
}
565567

566-
public function getResourceCapabilities($entityId, $userGroups, $entityIdAttr = 'perunFacilityAttr_entityID')
568+
public function getResourceCapabilities(string $spEntityId, array $userGroups, string $entityIdAttr): array
567569
{
568-
$facility = $this->getFacilityByEntityId($entityId, $entityIdAttr);
569-
570-
if ($facility === null) {
570+
if (empty($spEntityId)) {
571+
Logger::warning(
572+
self::DEBUG_PREFIX . 'getResourceCapabilities - empty spEntityId provided, returning empty list of resource capabilities.'
573+
);
574+
return [];
575+
} elseif (empty($userGroups)) {
576+
Logger::warning(
577+
self::DEBUG_PREFIX . 'getResourceCapabilities - empty userGroups provided, returning empty list of resource capabilities.'
578+
);
579+
return [];
580+
}
581+
$facility = $this->getFacilityByEntityId($spEntityId, $entityIdAttr);
582+
if ($facility === null || $facility->getId() === null) {
583+
Logger::warning(
584+
self::DEBUG_PREFIX . sprintf(
585+
'getResourceCapabilities - no facility (or facility with null ID) found four EntityID \'%s\', returning empty list of resource capabilities.',
586+
$spEntityId
587+
)
588+
);
571589
return [];
572590
}
573-
574-
$facilityId = $facility->getId();
575591

576592
$resources = $this->connector->searchForEntities(
577593
$this->ldapBase,
578-
'(&(objectClass=perunResource)(perunFacilityDn=perunFacilityId=' . $facilityId . ','
594+
'(&(objectClass=perunResource)(perunFacilityDn=perunFacilityId=' . $facility->getId() . ','
579595
. $this->ldapBase . '))',
580596
[self::CAPABILITIES, self::ASSIGNED_GROUP_ID]
581597
);
598+
if (empty($resources)) {
599+
Logger::debug(
600+
self::DEBUG_PREFIX . sprintf(
601+
'getResourceCapabilities - no resources found for SP with EntityID \'%s\', returning empty list of resource capabilities.',
602+
$spEntityId
603+
)
604+
);
605+
return [];
606+
}
582607

583608
$userGroupsIds = [];
584609
foreach ($userGroups as $userGroup) {
585-
array_push($userGroupsIds, $userGroup->getId());
610+
if ($userGroup === null || $userGroup->getId() === null) {
611+
Logger::debug(
612+
self::DEBUG_PREFIX . 'getResourceCapabilities - skipping user group due to null group or null group ID.'
613+
);
614+
continue;
615+
}
616+
$userGroupsIds[] = $userGroup->getId();
586617
}
587618

588-
$resourceCapabilities = [];
619+
$capabilities = [];
589620
foreach ($resources as $resource) {
590-
if (
591-
!array_key_exists(self::ASSIGNED_GROUP_ID, $resource) ||
592-
!array_key_exists(self::CAPABILITIES, $resource)
593-
) {
621+
if (($resource[self::ASSIGNED_GROUP_ID] ?? null) === null) {
622+
Logger::debug(
623+
self::DEBUG_PREFIX . 'getResourceCapabilities - skipping resource due to null resource or null assigned group ID.'
624+
);
625+
continue;
626+
} elseif (empty($resource[self::CAPABILITIES])) {
627+
Logger::debug(
628+
self::DEBUG_PREFIX . 'getResourceCapabilities - skipping resource due to empty capabilities.'
629+
);
594630
continue;
595631
}
632+
596633
foreach ($resource[self::ASSIGNED_GROUP_ID] as $groupId) {
597634
if (in_array($groupId, $userGroupsIds, true)) {
598-
foreach ($resource[self::CAPABILITIES] as $resourceCapability) {
599-
array_push($resourceCapabilities, $resourceCapability);
600-
}
635+
$capabilities = array_merge($capabilities, $resources[self::CAPABILITIES]);
601636
break;
602637
}
603638
}
604639
}
605640

606-
return $resourceCapabilities;
641+
return array_values(array_unique($capabilities));
607642
}
608643

609-
public function getFacilityCapabilities($entityId, $entityIdAttr = 'perunFacilityAttr_entityID')
644+
public function getFacilityCapabilities(string $spEntityId, string $entityIdAttr): array
610645
{
611-
if (empty($entityId)) {
646+
if (empty($spEntityId)) {
647+
Logger::warning(
648+
self::DEBUG_PREFIX . 'getFacilityCapabilities - empty spEntityId provided, returning empty list of facility capabilities.'
649+
);
612650
return [];
613651
}
652+
614653
$attrName = AttributeUtils::getLdapAttrName($entityIdAttr);
654+
if (empty($attrName)) {
655+
$attrName = 'entityID';
656+
Logger::warning(
657+
self::DEBUG_PREFIX .
658+
sprintf(
659+
'getFacilityCapabilities - no LDAP mapping found for attribute \'%s\', using \'%s\'as fallback value',
660+
$entityIdAttr,
661+
$attrName
662+
)
663+
);
664+
}
615665

616666
$facilityCapabilities = $this->connector->searchForEntity(
617667
$this->ldapBase,
618-
'(&(objectClass=perunFacility)(' . $attrName . '=' . $entityId . '))',
668+
'(&(objectClass=perunFacility)(' . $attrName . '=' . $spEntityId . '))',
619669
[self::CAPABILITIES]
620670
);
621671

622-
if (empty($facilityCapabilities)) {
672+
if (empty($facilityCapabilities[self::CAPABILITIES])) {
673+
Logger::debug(
674+
self::DEBUG_PREFIX . 'getFacilityCapabilities - empty or missing value of facility capabilities attribute detected, returning empty list of facility capabilities.'
675+
);
623676
return [];
624677
}
678+
if (!is_array($facilityCapabilities[self::CAPABILITIES])) {
679+
$facilityCapabilities[self::CAPABILITIES] = [$facilityCapabilities[self::CAPABILITIES]];
680+
}
625681

626-
return $facilityCapabilities['capabilities'];
682+
return array_values(array_unique($facilityCapabilities[self::CAPABILITIES]));
627683
}
628684

629685
private function mapUser($user)

lib/AdapterRpc.php

Lines changed: 101 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,8 @@ class AdapterRpc extends Adapter
4242

4343
public const TYPE_MAP = 'java.util.LinkedHashMap';
4444

45+
private const DEBUG_PREFIX = 'perun:AdapterRpc - ';
46+
4547
protected $connector;
4648

4749
private $rpcUrl;
@@ -649,69 +651,134 @@ public function getMemberStatusByUserAndVo($user, $vo)
649651
return $member->getStatus();
650652
}
651653

652-
public function getResourceCapabilities($entityId, $userGroups, $entityIdAttr = 'perunFacilityAttr_entityID')
654+
public function getResourceCapabilities(string $spEntityId, array $userGroups, string $entityIdAttr): array
653655
{
654-
$facility = $this->getFacilityByEntityId($entityId, $entityIdAttr);
656+
if (empty($spEntityId)) {
657+
Logger::warning(
658+
self::DEBUG_PREFIX . 'getResourceCapabilities - empty spEntityId provided, returning empty list of resource capabilities.'
659+
);
660+
return [];
661+
} elseif (empty($userGroups)) {
662+
Logger::warning(
663+
self::DEBUG_PREFIX . 'getResourceCapabilities - empty userGroups provided, returning empty list of resource capabilities.'
664+
);
665+
return [];
666+
}
655667

656-
if ($facility === null) {
668+
$facility = $this->getFacilityByEntityId($spEntityId, $entityIdAttr);
669+
if ($facility === null || $facility->getId() === null) {
670+
Logger::warning(
671+
self::DEBUG_PREFIX . sprintf(
672+
'getResourceCapabilities - no facility (or facility with null ID) found four EntityID \'%s\', returning empty list of resource capabilities.',
673+
$spEntityId
674+
)
675+
);
657676
return [];
658677
}
659678

660-
$resources = $this->connector->get('facilitiesManager', 'getAssignedResources', [
661-
'facility' => $facility->getId(),
662-
]);
679+
$resources = $this->getAssignedResources($facility->getId());
680+
if (empty($resources)) {
681+
Logger::debug(
682+
self::DEBUG_PREFIX . sprintf(
683+
'getResourceCapabilities - no resources found for SP with EntityID \'%s\', returning empty list of resource capabilities.',
684+
$spEntityId
685+
)
686+
);
687+
return [];
688+
}
663689

664690
$userGroupsIds = [];
665691
foreach ($userGroups as $userGroup) {
666-
array_push($userGroupsIds, $userGroup->getId());
692+
if ($userGroup === null || $userGroup->getId() === null) {
693+
Logger::debug(
694+
self::DEBUG_PREFIX . 'getResourceCapabilities - skipping user group due to null group or null group ID.'
695+
);
696+
continue;
697+
}
698+
$userGroupsIds[] = $userGroup->getId();
667699
}
668700

669701
$capabilities = [];
670702
foreach ($resources as $resource) {
671-
$resourceGroups = $this->connector->get('resourcesManager', 'getAssignedGroups', [
703+
if ($resource === null || $resource->getId() === null) {
704+
Logger::debug(
705+
self::DEBUG_PREFIX . 'getResourceCapabilities - skipping resource due to null resource or null resource ID.'
706+
);
707+
continue;
708+
}
709+
$resourceCapabilities = $this->connector->get('attributesManager', 'getAttribute', [
672710
'resource' => $resource['id'],
711+
'attributeName' => 'urn:perun:resource:attribute-def:def:capabilities',
673712
]);
674713

675-
$resourceCapabilities = $this->connector->get('attributesManager', 'getAttribute', [
714+
if (empty($resourceCapabilities['value'])) {
715+
Logger::debug(
716+
self::DEBUG_PREFIX . 'getResourceCapabilities - skipping resource due to empty capabilities.'
717+
);
718+
continue;
719+
}
720+
$resourceCapabilities = $resourceCapabilities['value'];
721+
722+
$resourceGroups = $this->connector->get('resourcesManager', 'getAssignedGroups', [
676723
'resource' => $resource['id'],
677-
'attributeName' => 'urn:perun:resource:attribute-def:def:capabilities',
678-
])['value'];
724+
]);
679725

680-
if ($resourceCapabilities === null) {
726+
if (empty($resourceGroups)) {
681727
continue;
682728
}
683729

684730
foreach ($resourceGroups as $resourceGroup) {
731+
if (($resourceGroup['id'] ?? null) === null) {
732+
Logger::debug(
733+
self::DEBUG_PREFIX . 'getResourceCapabilities - skipping resource group due to missing group ID.'
734+
);
735+
continue;
736+
}
685737
if (in_array($resourceGroup['id'], $userGroupsIds, true)) {
686-
foreach ($resourceCapabilities as $capability) {
687-
array_push($capabilities, $capability);
688-
}
738+
$capabilities = array_merge($capabilities, $resourceCapabilities);
689739
break;
690740
}
691741
}
692742
}
693743

694-
return $capabilities;
744+
return array_values(array_unique($capabilities));
695745
}
696746

697-
public function getFacilityCapabilities($entityId, $entityIdAttr = 'perunFacilityAttr_entityID')
747+
public function getFacilityCapabilities(string $spEntityId, string $entityIdAttr): array
698748
{
699-
$facility = $this->getFacilityByEntityId($entityId, $entityIdAttr);
749+
if (empty($spEntityId)) {
750+
Logger::warning(
751+
self::DEBUG_PREFIX . 'getFacilityCapabilities - empty spEntityId provided, returning empty list of facility capabilities.'
752+
);
753+
return [];
754+
}
755+
$facility = $this->getFacilityByEntityId($spEntityId, $entityIdAttr);
700756

701757
if ($facility === null) {
758+
Logger::warning(
759+
self::DEBUG_PREFIX . sprintf(
760+
'getFacilityCapabilities - no facility found four EntityID \'%s\', returning empty list of facility capabilities.',
761+
$spEntityId
762+
)
763+
);
702764
return [];
703765
}
704766

705767
$facilityCapabilities = $this->connector->get('attributesManager', 'getAttribute', [
706768
'facility' => $facility->getId(),
707769
'attributeName' => 'urn:perun:facility:attribute-def:def:capabilities',
708-
])['value'];
770+
]);
709771

710-
if (empty($facilityCapabilities)) {
711-
$facilityCapabilities = [];
772+
if (empty($facilityCapabilities['value'])) {
773+
Logger::debug(
774+
self::DEBUG_PREFIX . 'getFacilityCapabilities - empty or missing value of facility capabilities attribute detected, returning empty list of facility capabilities.'
775+
);
776+
return [];
712777
}
713-
714-
return $facilityCapabilities;
778+
if (!is_array($facilityCapabilities['value'])) {
779+
$facilityCapabilities['value'] = [$facilityCapabilities['value']];
780+
}
781+
return array_values(array_unique($facilityCapabilities['value']));
715782
}
716783

717784
public function getAttributesDefinition()
@@ -749,4 +816,15 @@ private function getAttributes($perunAttrs, $attrNamesMap)
749816

750817
return $attributes;
751818
}
819+
820+
private function getAssignedResources(int $facilityId): array
821+
{
822+
$perunResources = $this->connector->get('facilitiesManager', 'getAssignedResources', [
823+
'facility' => $facilityId,
824+
]);
825+
826+
return empty($perunResources) ? [] : array_map(function ($resource) {
827+
return new Resource($resource['id'], $resource['voId'], $resource['facilityId'], $resource['name']);
828+
}, array_filter($perunResources));
829+
}
752830
}

0 commit comments

Comments
 (0)