Merge pull request #281 from dBucik/fix_acrs

fix: Fix and refactor generating capabilities (resource and facility)

Merge pull request #281 from dBucik/fix_acrs
691deff2 · Dominik František Bučík · GitHub · 627a241c · 009160ad · 691deff2
Unverified Commit 691deff2 authored 2 years ago by Dominik František Bučík Committed by GitHub 2 years ago
--- a/lib/Adapter.php
+++ b/lib/Adapter.php
@@ -265,21 +265,25 @@ abstract class Adapter
    abstract public function isUserInVo($user, $voShortName);
    /**
-     * @param int    $entityId     entityId
+     * @param string $spEntityId   entityId
-     * @param array  $userGroups   of groups where user belongs to
+     * @param array $userGroups    of groups where user belongs to
     * @param string $entityIdAttr entity id attribute
     *
     * @return array of resource capabilities
     */
-    abstract public function getResourceCapabilities($entityId, $userGroups, $entityIdAttr);
+    abstract public function getResourceCapabilities(
+        string $spEntityId,
+        array $userGroups,
+        string $entityIdAttr
+    ): array;
    /**
-     * @param int    $entityId     entityId
+     * @param string $spEntityId   entityId
     * @param string $entityIdAttr entity id attribute
     *
     * @return array of facility capabilities
     */
-    abstract public function getFacilityCapabilities($entityId, $entityIdAttr);
+    abstract public function getFacilityCapabilities(string $spEntityId, string $entityIdAttr): array;
    /**
     * @param HasId[] $entities

--- a/lib/AdapterLdap.php
+++ b/lib/AdapterLdap.php
@@ -56,6 +56,8 @@ class AdapterLdap extends Adapter
    public const TYPE = 'type';
+    private const DEBUG_PREFIX = 'perun:AdapterLdap - ';
    protected $connector;
    private $ldapBase;
@@ -563,67 +565,121 @@ class AdapterLdap extends Adapter
        return $this->getMemberStatusByUserAndVo($user, $vo) === Member::VALID;
    }
-    public function getResourceCapabilities($entityId, $userGroups, $entityIdAttr = 'perunFacilityAttr_entityID')
+    public function getResourceCapabilities(string $spEntityId, array $userGroups, string $entityIdAttr): array
    {
-        $facility = $this->getFacilityByEntityId($entityId, $entityIdAttr);
+        if (empty($spEntityId)) {
+            Logger::warning(
-        if ($facility === null) {
+                self::DEBUG_PREFIX . 'getResourceCapabilities - empty spEntityId provided, returning empty list of resource capabilities.'
+            );
+            return [];
+        } elseif (empty($userGroups)) {
+            Logger::warning(
+                self::DEBUG_PREFIX . 'getResourceCapabilities - empty userGroups provided, returning empty list of resource capabilities.'
+            );
+            return [];
+        }
+        $facility = $this->getFacilityByEntityId($spEntityId, $entityIdAttr);
+        if ($facility === null || $facility->getId() === null) {
+            Logger::warning(
+                self::DEBUG_PREFIX . sprintf(
+                    'getResourceCapabilities - no facility (or facility with null ID) found four EntityID \'%s\', returning empty list of resource capabilities.',
+                    $spEntityId
+                )
+            );
            return [];
        }
-        $facilityId = $facility->getId();
        $resources = $this->connector->searchForEntities(
            $this->ldapBase,
-            '(&(objectClass=perunResource)(perunFacilityDn=perunFacilityId=' . $facilityId . ','
+            '(&(objectClass=perunResource)(perunFacilityDn=perunFacilityId=' . $facility->getId() . ','
            . $this->ldapBase . '))',
            [self::CAPABILITIES, self::ASSIGNED_GROUP_ID]
        );
+        if (empty($resources)) {
+            Logger::debug(
+                self::DEBUG_PREFIX . sprintf(
+                    'getResourceCapabilities - no resources found for SP with EntityID \'%s\', returning empty list of resource capabilities.',
+                    $spEntityId
+                )
+            );
+            return [];
+        }
        $userGroupsIds = [];
        foreach ($userGroups as $userGroup) {
-            array_push($userGroupsIds, $userGroup->getId());
+            if ($userGroup === null || $userGroup->getId() === null) {
+                Logger::debug(
+                    self::DEBUG_PREFIX . 'getResourceCapabilities - skipping user group due to null group or null group ID.'
+                );
+                continue;
+            }
+            $userGroupsIds[] = $userGroup->getId();
        }
-        $resourceCapabilities = [];
+        $capabilities = [];
        foreach ($resources as $resource) {
-            if (
+            if (($resource[self::ASSIGNED_GROUP_ID] ?? null) === null) {
-                !array_key_exists(self::ASSIGNED_GROUP_ID, $resource) ||
+                Logger::debug(
-                !array_key_exists(self::CAPABILITIES, $resource)
+                    self::DEBUG_PREFIX . 'getResourceCapabilities - skipping resource due to null resource or null assigned group ID.'
-            ) {
+                );
+                continue;
+            } elseif (empty($resource[self::CAPABILITIES])) {
+                Logger::debug(
+                    self::DEBUG_PREFIX . 'getResourceCapabilities - skipping resource due to empty capabilities.'
+                );
                continue;
            }
            foreach ($resource[self::ASSIGNED_GROUP_ID] as $groupId) {
                if (in_array($groupId, $userGroupsIds, true)) {
-                    foreach ($resource[self::CAPABILITIES] as $resourceCapability) {
+                    $capabilities = array_merge($capabilities, $resources[self::CAPABILITIES]);
-                        array_push($resourceCapabilities, $resourceCapability);
-                    }
                    break;
                }
            }
        }
-        return $resourceCapabilities;
+        return array_values(array_unique($capabilities));
    }
-    public function getFacilityCapabilities($entityId, $entityIdAttr = 'perunFacilityAttr_entityID')
+    public function getFacilityCapabilities(string $spEntityId, string $entityIdAttr): array
    {
-        if (empty($entityId)) {
+        if (empty($spEntityId)) {
+            Logger::warning(
+                self::DEBUG_PREFIX . 'getFacilityCapabilities - empty spEntityId provided, returning empty list of facility capabilities.'
+            );
            return [];
        }
        $attrName = AttributeUtils::getLdapAttrName($entityIdAttr);
+        if (empty($attrName)) {
+            $attrName = 'entityID';
+            Logger::warning(
+                self::DEBUG_PREFIX .
+                sprintf(
+                    'getFacilityCapabilities - no LDAP mapping found for attribute \'%s\', using \'%s\'as fallback value',
+                    $entityIdAttr,
+                    $attrName
+                )
+            );
+        }
        $facilityCapabilities = $this->connector->searchForEntity(
            $this->ldapBase,
-            '(&(objectClass=perunFacility)(' . $attrName . '=' . $entityId . '))',
+            '(&(objectClass=perunFacility)(' . $attrName . '=' . $spEntityId . '))',
            [self::CAPABILITIES]
        );
-        if (empty($facilityCapabilities)) {
+        if (empty($facilityCapabilities[self::CAPABILITIES])) {
+            Logger::debug(
+                self::DEBUG_PREFIX . 'getFacilityCapabilities - empty or missing value of facility capabilities attribute detected, returning empty list of facility capabilities.'
+            );
            return [];
        }
+        if (!is_array($facilityCapabilities[self::CAPABILITIES])) {
+            $facilityCapabilities[self::CAPABILITIES] = [$facilityCapabilities[self::CAPABILITIES]];
+        }
-        return $facilityCapabilities['capabilities'];
+        return array_values(array_unique($facilityCapabilities[self::CAPABILITIES]));
    }
    private function mapUser($user)

--- a/lib/AdapterRpc.php
+++ b/lib/AdapterRpc.php
@@ -42,6 +42,8 @@ class AdapterRpc extends Adapter
    public const TYPE_MAP = 'java.util.LinkedHashMap';
+    private const DEBUG_PREFIX = 'perun:AdapterRpc - ';
    protected $connector;
    private $rpcUrl;
@@ -649,69 +651,134 @@ class AdapterRpc extends Adapter
        return $member->getStatus();
    }
-    public function getResourceCapabilities($entityId, $userGroups, $entityIdAttr = 'perunFacilityAttr_entityID')
+    public function getResourceCapabilities(string $spEntityId, array $userGroups, string $entityIdAttr): array
    {
-        $facility = $this->getFacilityByEntityId($entityId, $entityIdAttr);
+        if (empty($spEntityId)) {
+            Logger::warning(
+                self::DEBUG_PREFIX . 'getResourceCapabilities - empty spEntityId provided, returning empty list of resource capabilities.'
+            );
+            return [];
+        } elseif (empty($userGroups)) {
+            Logger::warning(
+                self::DEBUG_PREFIX . 'getResourceCapabilities - empty userGroups provided, returning empty list of resource capabilities.'
+            );
+            return [];
+        }
-        if ($facility === null) {
+        $facility = $this->getFacilityByEntityId($spEntityId, $entityIdAttr);
+        if ($facility === null || $facility->getId() === null) {
+            Logger::warning(
+                self::DEBUG_PREFIX . sprintf(
+                    'getResourceCapabilities - no facility (or facility with null ID) found four EntityID \'%s\', returning empty list of resource capabilities.',
+                    $spEntityId
+                )
+            );
            return [];
        }
-        $resources = $this->connector->get('facilitiesManager', 'getAssignedResources', [
+        $resources = $this->getAssignedResources($facility->getId());
-            'facility' => $facility->getId(),
+        if (empty($resources)) {
-        ]);
+            Logger::debug(
+                self::DEBUG_PREFIX . sprintf(
+                    'getResourceCapabilities - no resources found for SP with EntityID \'%s\', returning empty list of resource capabilities.',
+                    $spEntityId
+                )
+            );
+            return [];
+        }
        $userGroupsIds = [];
        foreach ($userGroups as $userGroup) {
-            array_push($userGroupsIds, $userGroup->getId());
+            if ($userGroup === null || $userGroup->getId() === null) {
+                Logger::debug(
+                    self::DEBUG_PREFIX . 'getResourceCapabilities - skipping user group due to null group or null group ID.'
+                );
+                continue;
+            }
+            $userGroupsIds[] = $userGroup->getId();
        }
        $capabilities = [];
        foreach ($resources as $resource) {
-            $resourceGroups = $this->connector->get('resourcesManager', 'getAssignedGroups', [
+            if ($resource === null || $resource->getId() === null) {
+                Logger::debug(
+                    self::DEBUG_PREFIX . 'getResourceCapabilities - skipping resource due to null resource or null resource ID.'
+                );
+                continue;
+            }
+            $resourceCapabilities = $this->connector->get('attributesManager', 'getAttribute', [
                'resource' => $resource['id'],
+                'attributeName' => 'urn:perun:resource:attribute-def:def:capabilities',
            ]);
-            $resourceCapabilities = $this->connector->get('attributesManager', 'getAttribute', [
+            if (empty($resourceCapabilities['value'])) {
+                Logger::debug(
+                    self::DEBUG_PREFIX . 'getResourceCapabilities - skipping resource due to empty capabilities.'
+                );
+                continue;
+            }
+            $resourceCapabilities = $resourceCapabilities['value'];
+            $resourceGroups = $this->connector->get('resourcesManager', 'getAssignedGroups', [
                'resource' => $resource['id'],
-                'attributeName' => 'urn:perun:resource:attribute-def:def:capabilities',
+            ]);
-            ])['value'];
-            if ($resourceCapabilities === null) {
+            if (empty($resourceGroups)) {
                continue;
            }
            foreach ($resourceGroups as $resourceGroup) {
+                if (($resourceGroup['id'] ?? null) === null) {
+                    Logger::debug(
+                        self::DEBUG_PREFIX . 'getResourceCapabilities - skipping resource group due to missing group ID.'
+                    );
+                    continue;
+                }
                if (in_array($resourceGroup['id'], $userGroupsIds, true)) {
-                    foreach ($resourceCapabilities as $capability) {
+                    $capabilities = array_merge($capabilities, $resourceCapabilities);
-                        array_push($capabilities, $capability);
-                    }
                    break;
                }
            }
        }
-        return $capabilities;
+        return array_values(array_unique($capabilities));
    }
-    public function getFacilityCapabilities($entityId, $entityIdAttr = 'perunFacilityAttr_entityID')
+    public function getFacilityCapabilities(string $spEntityId, string $entityIdAttr): array
    {
-        $facility = $this->getFacilityByEntityId($entityId, $entityIdAttr);
+        if (empty($spEntityId)) {
+            Logger::warning(
+                self::DEBUG_PREFIX . 'getFacilityCapabilities - empty spEntityId provided, returning empty list of facility capabilities.'
+            );
+            return [];
+        }
+        $facility = $this->getFacilityByEntityId($spEntityId, $entityIdAttr);
        if ($facility === null) {
+            Logger::warning(
+                self::DEBUG_PREFIX . sprintf(
+                    'getFacilityCapabilities - no facility found four EntityID \'%s\', returning empty list of facility capabilities.',
+                    $spEntityId
+                )
+            );
            return [];
        }
        $facilityCapabilities = $this->connector->get('attributesManager', 'getAttribute', [
            'facility' => $facility->getId(),
            'attributeName' => 'urn:perun:facility:attribute-def:def:capabilities',
-        ])['value'];
+        ]);
-        if (empty($facilityCapabilities)) {
+        if (empty($facilityCapabilities['value'])) {
-            $facilityCapabilities = [];
+            Logger::debug(
+                self::DEBUG_PREFIX . 'getFacilityCapabilities - empty or missing value of facility capabilities attribute detected, returning empty list of facility capabilities.'
+            );
+            return [];
        }
+        if (!is_array($facilityCapabilities['value'])) {
-        return $facilityCapabilities;
+            $facilityCapabilities['value'] = [$facilityCapabilities['value']];
+        }
+        return array_values(array_unique($facilityCapabilities['value']));
    }
    public function getAttributesDefinition()
@@ -749,4 +816,15 @@ class AdapterRpc extends Adapter
        return $attributes;
    }
+    private function getAssignedResources(int $facilityId): array
+    {
+        $perunResources = $this->connector->get('facilitiesManager', 'getAssignedResources', [
+            'facility' => $facilityId,
+        ]);
+        return empty($perunResources) ? [] : array_map(function ($resource) {
+            return new Resource($resource['id'], $resource['voId'], $resource['facilityId'], $resource['name']);
+        }, array_filter($perunResources));
+    }
 }