fix: return permissions in metadata response (#414)

epam · Jul 29, 2024 · 2a9ee6f · 2a9ee6f
1 parent 285123b
commit 2a9ee6f
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 13 deletions.
diff --git a/src/main/java/com/epam/aidial/core/controller/FileMetadataController.java b/src/main/java/com/epam/aidial/core/controller/FileMetadataController.java
@@ -46,7 +46,7 @@ protected Future<?> handle(ResourceDescription resource, boolean hasWriteAccess)
                 if (metadata != null) {
                     accessService.filterForbidden(context, resource, metadata);
                     if (context.getBooleanRequestQueryParam("permissions")) {
-                        accessService.populatePermissions(context, resource.getBucketLocation(), List.of(metadata));
+                        accessService.populatePermissions(context, List.of(metadata));
                     }
                     context.respond(HttpStatus.OK, getContentType(), metadata);
                 } else {

diff --git a/src/main/java/com/epam/aidial/core/controller/PublicationController.java b/src/main/java/com/epam/aidial/core/controller/PublicationController.java
@@ -168,7 +168,7 @@ public Future<?> listPublishedResources() {
                         Collection<MetadataBase> metadata =
                                 publicationService.listPublishedResources(request, bucket, bucketLocation);
                         if (context.getBooleanRequestQueryParam("permissions")) {
-                            accessService.populatePermissions(context, bucketLocation, metadata);
+                            accessService.populatePermissions(context, metadata);
                         }
                         return metadata;
                     }, false);

diff --git a/src/main/java/com/epam/aidial/core/controller/ResourceController.java b/src/main/java/com/epam/aidial/core/controller/ResourceController.java
@@ -98,7 +98,7 @@ private Future<?> getMetadata(ResourceDescription descriptor) {
                     } else {
                         accessService.filterForbidden(context, descriptor, result);
                         if (context.getBooleanRequestQueryParam("permissions")) {
-                            accessService.populatePermissions(context, descriptor.getBucketLocation(), List.of(result));
+                            accessService.populatePermissions(context, List.of(result));
                         }
                         context.respond(HttpStatus.OK, getContentType(), result);
                     }

diff --git a/src/main/java/com/epam/aidial/core/security/AccessService.java b/src/main/java/com/epam/aidial/core/security/AccessService.java
@@ -235,27 +235,22 @@ public void filterForbidden(ProxyContext context, ResourceDescription descriptor
         }
     }
 
-    public void populatePermissions(
-            ProxyContext context,
-            String bucketLocation,
-            Collection<MetadataBase> metadata) {
+    public void populatePermissions(ProxyContext context, Collection<MetadataBase> metadata) {
         Map<ResourceDescription, MetadataBase> allMetadata = new HashMap<>();
         for (MetadataBase meta : metadata) {
-            expandMetadata(meta, bucketLocation, allMetadata);
+            expandMetadata(meta, allMetadata);
         }
 
         Map<ResourceDescription, Set<ResourceAccessType>> permissions = lookupPermissions(allMetadata.keySet(), context);
         allMetadata.forEach((resource, meta) -> meta.setPermissions(permissions.get(resource)));
     }
 
-    private static void expandMetadata(
-            MetadataBase metadata, String bucketLocation, Map<ResourceDescription, MetadataBase> result) {
-        ResourceDescription resource = ResourceDescription.fromDecoded(
-                metadata.getResourceType(), metadata.getBucket(), bucketLocation, metadata.getUrl());
+    private void expandMetadata(MetadataBase metadata, Map<ResourceDescription, MetadataBase> result) {
+        ResourceDescription resource = ResourceDescription.fromAnyUrl(metadata.getUrl(), encryptionService);
         result.put(resource, metadata);
         if (metadata instanceof ResourceFolderMetadata folderMetadata && folderMetadata.getItems() != null) {
             for (MetadataBase item : folderMetadata.getItems()) {
-                expandMetadata(item, bucketLocation, result);
+                expandMetadata(item, result);
             }
         }
     }

diff --git a/src/test/java/com/epam/aidial/core/ShareApiTest.java b/src/test/java/com/epam/aidial/core/ShareApiTest.java
@@ -72,6 +72,11 @@ public void testShareWorkflow() {
         response = resourceRequest(HttpMethod.GET, "/folder/conversation%201%40", null, "Api-key", "proxyKey2");
         verify(response, 200, CONVERSATION_BODY_1);
 
+        // verify user2 has READ permission in metadata
+        response = send(HttpMethod.GET, "/v1/metadata/conversations/3CcedGxCx23EwiVbVmscVktScRyf46KypuBQ65miviST/folder/conversation%201%40",
+                "permissions=true", null, "Api-key", "proxyKey2");
+        verifyNotExact(response, 200, "\"permissions\":[\"READ\"]");
+
         // verify user1 has no shared_with_me resources
         response = operationRequest("/v1/ops/resource/share/list", """
                 {