Revision 51938
Added by Argiro Kokogiannaki almost 6 years ago
| modules/uoa-claims-api/trunk/src/main/java/eu/dnetlib/openaire/rest/Authorization.java | ||
|---|---|---|
| 15 | 15 |
private static Logger logger = Logger.getLogger(Authorization.class); |
| 16 | 16 |
List<String> registeredRoles = new ArrayList<String>(Arrays.asList("Super Administrator", "Portal Administrator", "Expert - Community",
|
| 17 | 17 |
"Expert - Funder", "Curator - Claim", "Curator - Project", "Curator - Community", "Curator - Institution", "Cuthor", "Registered", "User Manager")); |
| 18 |
List<String> adminRoles = new ArrayList<String>(Arrays.asList("Super Administrator", "Curator - Claim", "Portal Administrator"));
|
|
| 18 |
List<String> claimCuratorRoles = new ArrayList<String>(Arrays.asList("Super Administrator", "Curator - Claim", "Portal Administrator"));
|
|
| 19 | 19 |
List<String> projectCuratorRoles = new ArrayList<String>(Arrays.asList("Curator - Project"));
|
| 20 |
List<String> communityCuratorRoles = new ArrayList<String>(Arrays.asList("Curator - Community"));
|
|
| 20 | 21 |
UserHandler userHandler = null; |
| 21 | 22 |
String originServer = null; |
| 22 | 23 |
|
| ... | ... | |
| 36 | 37 |
// } |
| 37 | 38 |
// } |
| 38 | 39 |
// |
| 39 |
// public static boolean isAdmin(String token) {
|
|
| 40 |
// public static boolean isClaimCurator(String token) {
|
|
| 40 | 41 |
// Claims claims = Jwts.parser() |
| 41 | 42 |
// .setSigningKey(DatatypeConverter.parseBase64Binary("my-very-secret"))
|
| 42 | 43 |
// .parseClaimsJws(token).getBody(); |
| ... | ... | |
| 74 | 75 |
|
| 75 | 76 |
} |
| 76 | 77 |
|
| 77 |
public boolean isAdmin(String token) {
|
|
| 78 |
public boolean isClaimCurator(String token) {
|
|
| 78 | 79 |
UserInfo userInfo = userHandler.getUserInfo(token); |
| 79 |
return isAdmin(userInfo);
|
|
| 80 |
return isClaimCurator(userInfo);
|
|
| 80 | 81 |
|
| 81 | 82 |
} |
| 82 | 83 |
|
| 83 |
public boolean isAdmin(UserInfo userInfo) {
|
|
| 84 |
public boolean isClaimCurator(UserInfo userInfo) {
|
|
| 84 | 85 |
if (userInfo != null && userInfo.getEdu_person_entitlements() != null) {
|
| 85 | 86 |
|
| 86 |
return hasRole(userInfo.getEdu_person_entitlements(), adminRoles);
|
|
| 87 |
return hasRole(userInfo.getEdu_person_entitlements(), claimCuratorRoles);
|
|
| 87 | 88 |
} else {
|
| 88 | 89 |
logger.debug(" User has no Valid UserInfo");
|
| 89 | 90 |
return false; |
| ... | ... | |
| 91 | 92 |
|
| 92 | 93 |
} |
| 93 | 94 |
|
| 95 |
public boolean isCommunityCurator(String token) {
|
|
| 96 |
UserInfo userInfo = userHandler.getUserInfo(token); |
|
| 97 |
return isCommunityCurator(userInfo); |
|
| 98 |
|
|
| 99 |
} |
|
| 100 |
|
|
| 101 |
public boolean isCommunityCurator(UserInfo userInfo) {
|
|
| 102 |
if (userInfo != null && userInfo.getEdu_person_entitlements() != null) {
|
|
| 103 |
|
|
| 104 |
return hasRole(userInfo.getEdu_person_entitlements(), communityCuratorRoles); |
|
| 105 |
} else {
|
|
| 106 |
logger.debug(" User has no Valid UserInfo");
|
|
| 107 |
return false; |
|
| 108 |
} |
|
| 109 |
|
|
| 110 |
} |
|
| 94 | 111 |
public boolean isProjectCurator(String token) {
|
| 95 | 112 |
UserInfo userInfo = userHandler.getUserInfo(token); |
| 96 | 113 |
return isProjectCurator(userInfo); |
| ... | ... | |
| 121 | 138 |
} |
| 122 | 139 |
|
| 123 | 140 |
public boolean hasValidOrigin(String origin) {
|
| 124 |
if (origin != null && originServer.equals(origin)) {
|
|
| 141 |
logger.debug("Origin is "+origin +" originServer: "+originServer);
|
|
| 142 |
if (origin != null && origin.indexOf(originServer)!=-1) {
|
|
| 125 | 143 |
return true; |
| 126 | 144 |
} |
| 127 | 145 |
logger.debug("Not valid origin. Origin server is \"" + origin + "\", but expected value is \"" + originServer + "\". If the expec cted value is not right, check properties file. ");
|
| ... | ... | |
| 136 | 154 |
this.registeredRoles = registeredRoles; |
| 137 | 155 |
} |
| 138 | 156 |
|
| 139 |
public List<String> getAdminRoles() {
|
|
| 140 |
return adminRoles;
|
|
| 157 |
public List<String> getClaimCuratorRoles() {
|
|
| 158 |
return claimCuratorRoles;
|
|
| 141 | 159 |
} |
| 142 | 160 |
|
| 143 |
public void setAdminRoles(List<String> adminRoles) {
|
|
| 144 |
this.adminRoles = adminRoles;
|
|
| 161 |
public void setClaimCuratorRoles(List<String> claimCuratorRoles) {
|
|
| 162 |
this.claimCuratorRoles = claimCuratorRoles;
|
|
| 145 | 163 |
} |
| 146 | 164 |
|
| 165 |
public List<String> getCommunityCuratorRoles() {
|
|
| 166 |
return communityCuratorRoles; |
|
| 167 |
} |
|
| 168 |
|
|
| 169 |
public void setCommunityCuratorRoles(List<String> communityCuratorRoles) {
|
|
| 170 |
this.communityCuratorRoles = communityCuratorRoles; |
|
| 171 |
} |
|
| 172 |
|
|
| 147 | 173 |
public List<String> getProjectCuratorRoles() {
|
| 148 | 174 |
return projectCuratorRoles; |
| 149 | 175 |
} |
| modules/uoa-claims-api/trunk/src/main/java/eu/dnetlib/openaire/rest/HelloWorldService.java | ||
|---|---|---|
| 75 | 75 |
.build(); |
| 76 | 76 |
} |
| 77 | 77 |
|
| 78 |
if(authorization.isAdmin(token)) {
|
|
| 78 |
if(authorization.isClaimCurator(token)) {
|
|
| 79 | 79 |
|
| 80 | 80 |
int total = -1; |
| 81 | 81 |
|
| ... | ... | |
| 117 | 117 |
@HeaderParam("X-XSRF-TOKEN") String token,
|
| 118 | 118 |
@CookieParam("AccessToken") String cookie,
|
| 119 | 119 |
@Context HttpServletRequest request) {
|
| 120 |
|
|
| 121 | 120 |
|
| 121 |
|
|
| 122 | 122 |
if(token == null || token.isEmpty() || cookie == null || cookie.isEmpty() || !cookie.equals(token)){
|
| 123 | 123 |
authorization.logStatus(token,cookie); |
| 124 | 124 |
return Response.status(Response.Status.FORBIDDEN).entity(compose403Message("Forbidden: You don't have permission to access. Maybe you are not registered."))
|
| ... | ... | |
| 127 | 127 |
} |
| 128 | 128 |
|
| 129 | 129 |
UserInfo userInfo = authorization.getUserHandler().getUserInfo(token); |
| 130 |
if(authorization.isProjectCurator(userInfo)) {
|
|
| 130 |
if(authorization.isProjectCurator(userInfo)|| authorization.isClaimCurator(userInfo)) {
|
|
| 131 | 131 |
String userMail = userInfo.getEmail(); |
| 132 | 132 |
|
| 133 | 133 |
int total = -1; |
| ... | ... | |
| 190 | 190 |
} |
| 191 | 191 |
// logger.debug("Calling API for context with token " + token);
|
| 192 | 192 |
|
| 193 |
if(authorization.isAdmin(token)) {
|
|
| 193 |
if(authorization.isCommunityCurator(token) || authorization.isClaimCurator(token)) {
|
|
| 194 | 194 |
|
| 195 | 195 |
int total = -1; |
| 196 | 196 |
if (contextId == null || contextId.isEmpty()) {
|
| ... | ... | |
| 232 | 232 |
@HeaderParam("X-XSRF-TOKEN") String token,
|
| 233 | 233 |
@CookieParam("AccessToken") String cookie,
|
| 234 | 234 |
@Context HttpServletRequest request) {
|
| 235 |
|
|
| 236 | 235 |
|
| 236 |
|
|
| 237 | 237 |
if(token == null || token.isEmpty() || cookie == null || cookie.isEmpty() || !cookie.equals(token)){
|
| 238 | 238 |
authorization.logStatus(token,cookie); |
| 239 | 239 |
return Response.status(Response.Status.FORBIDDEN).entity(compose403Message("Forbidden: You don't have permission to access. Maybe you are not registered."))
|
| ... | ... | |
| 241 | 241 |
.build(); |
| 242 | 242 |
} |
| 243 | 243 |
|
| 244 |
if(authorization.isAdmin(token)) {
|
|
| 244 |
if(authorization.isClaimCurator(token)) {
|
|
| 245 | 245 |
|
| 246 | 246 |
int total = -1; |
| 247 | 247 |
if (resultId == null || resultId.isEmpty()) {
|
| ... | ... | |
| 281 | 281 |
@HeaderParam("X-XSRF-TOKEN") String token,
|
| 282 | 282 |
@CookieParam("AccessToken") String cookie,
|
| 283 | 283 |
@Context HttpServletRequest request) {
|
| 284 |
|
|
| 285 | 284 |
|
| 285 |
|
|
| 286 | 286 |
if(token == null || token.isEmpty() || cookie == null || cookie.isEmpty() || !cookie.equals(token)){
|
| 287 | 287 |
return Response.status(Response.Status.FORBIDDEN).entity(compose403Message("Forbidden: You don't have permission to access. Maybe you are not registered."))
|
| 288 | 288 |
.type(MediaType.APPLICATION_JSON) |
| ... | ... | |
| 335 | 335 |
@HeaderParam("X-XSRF-TOKEN") String token,
|
| 336 | 336 |
@CookieParam("AccessToken") String cookie,
|
| 337 | 337 |
@Context HttpServletRequest request) {
|
| 338 |
|
|
| 339 | 338 |
|
| 339 |
|
|
| 340 | 340 |
if(token == null || token.isEmpty() || cookie == null || cookie.isEmpty() || !cookie.equals(token)){
|
| 341 | 341 |
return Response.status(Response.Status.FORBIDDEN).entity(compose403Message("Forbidden: You don't have permission to access. Maybe you are not registered."))
|
| 342 | 342 |
.type(MediaType.APPLICATION_JSON) |
| ... | ... | |
| 395 | 395 |
@CookieParam("AccessToken") String cookie,
|
| 396 | 396 |
@Context HttpServletRequest request) {
|
| 397 | 397 |
|
| 398 |
|
|
| 398 |
|
|
| 399 | 399 |
logger.debug("Header \"Origin\" has value " + origin);
|
| 400 |
|
|
| 401 | 400 |
|
| 402 | 401 |
|
| 402 |
|
|
| 403 | 403 |
if(token == null || token.isEmpty() || cookie == null || cookie.isEmpty() || !cookie.equals(token)){
|
| 404 | 404 |
logger.debug("User is not authorized - Eroor 403");
|
| 405 | 405 |
|
| ... | ... | |
| 408 | 408 |
.build(); |
| 409 | 409 |
} |
| 410 | 410 |
|
| 411 |
if(authorization.isAdmin(token)) {
|
|
| 411 |
if(authorization.isClaimCurator(token)) {
|
|
| 412 | 412 |
logger.debug("User is authorized ! !");
|
| 413 | 413 |
List<Claim> claims = null; |
| 414 |
|
|
| 414 |
|
|
| 415 | 415 |
int total = -1; |
| 416 | 416 |
try {
|
| 417 | 417 |
claims = fetchClaimHandler.fetchAllClaims(limit, offset, keyword, orderby, descending, types,false); |
| ... | ... | |
| 517 | 517 |
@HeaderParam("Origin") String origin,
|
| 518 | 518 |
@CookieParam("AccessToken") String cookie){
|
| 519 | 519 |
|
| 520 |
|
|
| 521 | 520 |
|
| 521 |
|
|
| 522 | 522 |
if(token == null || token.isEmpty() || cookie == null || cookie.isEmpty() || !cookie.equals(token)|| !authorization.hasValidOrigin(origin)){
|
| 523 | 523 |
return Response.status(Response.Status.FORBIDDEN).entity(compose403Message("Forbidden: You don't have permission to access. Maybe you are not registered."))
|
| 524 | 524 |
.type(MediaType.APPLICATION_JSON) |
| ... | ... | |
| 540 | 540 |
try {
|
| 541 | 541 |
|
| 542 | 542 |
if (authorization.isRegistered(userInfo)) {
|
| 543 |
if (authorization.isAdmin(userInfo) || userInfo.getEmail().equals(fetchClaimHandler.fetchClaimById(claimId,false).getUserMail())) {
|
|
| 543 |
if (authorization.isClaimCurator(userInfo) || authorization.isCommunityCurator(userInfo) || userInfo.getEmail().equals(fetchClaimHandler.fetchClaimById(claimId,false).getUserMail())) {
|
|
| 544 | 544 |
if (claimHandler.deleteClaim(claimId)) {
|
| 545 | 545 |
deletedIds.add(claimId); |
| 546 | 546 |
} else {
|
| ... | ... | |
| 580 | 580 |
@HeaderParam("X-XSRF-TOKEN") String token,
|
| 581 | 581 |
@HeaderParam("Origin") String origin,
|
| 582 | 582 |
@CookieParam("AccessToken") String cookie) {
|
| 583 |
|
|
| 584 | 583 |
|
| 584 |
|
|
| 585 | 585 |
if(token == null || token.isEmpty() || cookie == null || cookie.isEmpty() || !cookie.equals(token) || !authorization.hasValidOrigin(origin)){
|
| 586 | 586 |
return Response.status(Response.Status.FORBIDDEN).entity(compose403Message("Forbidden: You don't have permission to access. Maybe you are not registered."))
|
| 587 | 587 |
.type(MediaType.APPLICATION_JSON) |
| ... | ... | |
| 653 | 653 |
@HeaderParam("X-XSRF-TOKEN") String token,
|
| 654 | 654 |
@HeaderParam("Origin") String origin,
|
| 655 | 655 |
@CookieParam("AccessToken") String cookie) {
|
| 656 |
|
|
| 657 | 656 |
|
| 657 |
|
|
| 658 | 658 |
if(token == null || token.isEmpty() || cookie == null || cookie.isEmpty() || !cookie.equals(token)|| !authorization.hasValidOrigin(origin)){
|
| 659 | 659 |
return Response.status(Response.Status.FORBIDDEN).entity(compose403Message("Forbidden: You don't have permission to access. Maybe you are not registered."))
|
| 660 | 660 |
.type(MediaType.APPLICATION_JSON) |
| ... | ... | |
| 757 | 757 |
@HeaderParam("X-XSRF-TOKEN") String token,
|
| 758 | 758 |
@HeaderParam("Origin") String origin,
|
| 759 | 759 |
@CookieParam("AccessToken") String cookie) {
|
| 760 |
|
|
| 761 | 760 |
|
| 761 |
|
|
| 762 | 762 |
if(token == null || token.isEmpty() || cookie == null || cookie.isEmpty() || !cookie.equals(token)|| !authorization.hasValidOrigin(origin)){
|
| 763 | 763 |
return Response.status(Response.Status.FORBIDDEN).entity(compose403Message("Forbidden: You don't have permission to access. Maybe you are not registered."))
|
| 764 | 764 |
.type(MediaType.APPLICATION_JSON) |
| ... | ... | |
| 828 | 828 |
|
| 829 | 829 |
|
| 830 | 830 |
if(token == null || token.isEmpty() || cookie == null || cookie.isEmpty() || !cookie.equals(token)|| !authorization.hasValidOrigin(origin)){
|
| 831 |
|
|
| 831 |
|
|
| 832 | 832 |
return Response.status(Response.Status.FORBIDDEN).entity(compose403Message("Forbidden: You don't have permission to access. Maybe you are not registered."))
|
| 833 | 833 |
.type(MediaType.APPLICATION_JSON) |
| 834 | 834 |
.build(); |
| ... | ... | |
| 875 | 875 |
@Produces(MediaType.APPLICATION_JSON) |
| 876 | 876 |
public Response fetchCommunities(@HeaderParam("X-XSRF-TOKEN") String token,
|
| 877 | 877 |
@CookieParam("AccessToken") String cookie) throws ISLookUpServiceException {
|
| 878 |
|
|
| 879 | 878 |
|
| 879 |
|
|
| 880 | 880 |
if(token == null || token.isEmpty() || cookie == null || cookie.isEmpty() || !cookie.equals(token)){
|
| 881 | 881 |
return Response.status(Response.Status.FORBIDDEN).entity(compose403Message("Forbidden: You don't have permission to access. Maybe you are not registered."))
|
| 882 | 882 |
.type(MediaType.APPLICATION_JSON) |
| ... | ... | |
| 903 | 903 |
public Response fetchCommunityCategories(@PathParam("communityid") String communityid,
|
| 904 | 904 |
@HeaderParam("X-XSRF-TOKEN") String token,
|
| 905 | 905 |
@CookieParam("AccessToken") String cookie) throws ISLookUpServiceException {
|
| 906 |
|
|
| 907 | 906 |
|
| 907 |
|
|
| 908 | 908 |
if(token == null || token.isEmpty() || cookie == null || cookie.isEmpty() || !cookie.equals(token)){
|
| 909 | 909 |
return Response.status(Response.Status.FORBIDDEN).entity(compose403Message("Forbidden: You don't have permission to access. Maybe you are not registered."))
|
| 910 | 910 |
.type(MediaType.APPLICATION_JSON) |
| ... | ... | |
| 938 | 938 |
public Response fetchCategoryConcepts(@PathParam("categoryid") String categoryid,
|
| 939 | 939 |
@HeaderParam("X-XSRF-TOKEN") String token,
|
| 940 | 940 |
@CookieParam("AccessToken") String cookie) throws ISLookUpServiceException {
|
| 941 |
|
|
| 942 | 941 |
|
| 942 |
|
|
| 943 | 943 |
if(token == null || token.isEmpty() || cookie == null || cookie.isEmpty() || !cookie.equals(token)){
|
| 944 | 944 |
return Response.status(Response.Status.FORBIDDEN).entity(compose403Message("Forbidden: You don't have permission to access. Maybe you are not registered."))
|
| 945 | 945 |
.type(MediaType.APPLICATION_JSON) |
| ... | ... | |
| 1131 | 1131 |
// Authorization authorization = context.getBean(Authorization.class); |
| 1132 | 1132 |
// UserHandler userHandler = context.getBean(UserHandler.class); |
| 1133 | 1133 |
// System.out.println(authorization.getAdminRoles()); |
| 1134 |
// authorization.isAdmin("eyJraWQiOiJvaWRjIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwOTMxNzMwMTMyODMzNjMyQG9wZW5taW50ZWQuZXUiLCJhenAiOiIyNGU4MzE3Ni0xMzEyLTRiYTMtYmMwYi1mZmVlYmVhMTYwM2UiLCJpc3MiOiJodHRwczpcL1wvYWFpLm9wZW5taW50ZWQuZXVcL29pZGNcLyIsImV4cCI6MTQ5ODQ4NTk3NiwiaWF0IjoxNDk4NDcxNTc2LCJqdGkiOiJkMWRlZjc1Yi00MTEyLTRiZDktYTIyNi0wZThhOWI2M2Y3MWQifQ.WVYOb_yO8OaxIIt2jRYEDQBhGGFRDTBw3DgtVV_smuN5yx1ScCj6aehLu3JKPSArme4m2SGF4TEGhpwNJkwhM2WapGtxmtuCmCzYIo_QlC1Yki9hr2OT2rXMcQsJCiKaBSf6pLue6Sn78GMB5yaUTvOQHRgidXGiZXH5lsuZUx15Q6Equ_wzond_rgP9mRheRkTyIFuvvg4PuzmudBc11Ty863vIIQtoWF7_p98zTbHxiNF9lLPwzPZKxDoQ8JeayQEC-jsWVLgxmp-h0jG_Ko5jFVVJeeosqMMucOrs2FT_NKHVYVqB6VVh0C6nOufeiLrNDeMUlDT4dAvKD2zE9w");
|
|
| 1134 |
// authorization.isClaimCurator("eyJraWQiOiJvaWRjIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwOTMxNzMwMTMyODMzNjMyQG9wZW5taW50ZWQuZXUiLCJhenAiOiIyNGU4MzE3Ni0xMzEyLTRiYTMtYmMwYi1mZmVlYmVhMTYwM2UiLCJpc3MiOiJodHRwczpcL1wvYWFpLm9wZW5taW50ZWQuZXVcL29pZGNcLyIsImV4cCI6MTQ5ODQ4NTk3NiwiaWF0IjoxNDk4NDcxNTc2LCJqdGkiOiJkMWRlZjc1Yi00MTEyLTRiZDktYTIyNi0wZThhOWI2M2Y3MWQifQ.WVYOb_yO8OaxIIt2jRYEDQBhGGFRDTBw3DgtVV_smuN5yx1ScCj6aehLu3JKPSArme4m2SGF4TEGhpwNJkwhM2WapGtxmtuCmCzYIo_QlC1Yki9hr2OT2rXMcQsJCiKaBSf6pLue6Sn78GMB5yaUTvOQHRgidXGiZXH5lsuZUx15Q6Equ_wzond_rgP9mRheRkTyIFuvvg4PuzmudBc11Ty863vIIQtoWF7_p98zTbHxiNF9lLPwzPZKxDoQ8JeayQEC-jsWVLgxmp-h0jG_Ko5jFVVJeeosqMMucOrs2FT_NKHVYVqB6VVh0C6nOufeiLrNDeMUlDT4dAvKD2zE9w");
|
|
| 1135 | 1135 |
|
| 1136 | 1136 |
} |
| 1137 | 1137 |
|
| modules/uoa-claims-api/trunk/src/main/java/eu/dnetlib/openaire/rest/inputHandler/UserHandler.java | ||
|---|---|---|
| 89 | 89 |
String role = userInfo.getEdu_person_entitlements().get(i); |
| 90 | 90 |
logger.debug("AAI role: "+role);
|
| 91 | 91 |
role = role.split(":")[role.split(":").length-1];
|
| 92 |
role = role.split("#")[0];
|
|
| 92 | 93 |
role = role.replace("+"," ");
|
| 93 | 94 |
logger.debug("Adding parsed role : "+role);
|
| 94 | 95 |
userInfo.getEdu_person_entitlements().set(i,role); |
| modules/uoa-claims-api/trunk/src/main/resources/eu/dnetlib/openaire/rest/springContext-claims-authorization.properties | ||
|---|---|---|
| 1 | 1 |
|
| 2 |
services.claims.authorization.userInfoUrl = http://mpagasas.di.uoa.gr:8080/uoa-user-management-1.0.0-SNAPSHOT/api/users/getUserInfo?accessToken= |
|
| 3 |
services.claims.authorization.originServer = http://scoobydoo.di.uoa.gr:5000 |
|
| 4 |
services.claims.authorization.registeredRoles = OpenAIRE Super Administrator,OpenAIRE Portal Administrator,OpenAIRE Expert - Community,OpenAIRE Expert - Funder,OpenAIRE Curator - Claim,OpenAIRE Curator - Project,OpenAIRE Curator - Community,OpenAIRE Curator - Institution,OpenAIRE Author,Registered User,User Manager |
|
| 5 |
services.claims.authorization.adminRoles = OpenAIRE Super Administrator,OpenAIRE Curator - Claim,OpenAIRE Portal Administrator |
|
| 6 |
services.claims.authorization.projectCuratorRoles = OpenAIRE Curator - Project,OpenAIRE Super Administrator,OpenAIRE Curator - Claim,OpenAIRE Portal Administrator |
|
| 2 |
services.claims.authorization.userInfoUrl = http://mpagasas.di.uoa.gr:8080/dnet-user-management-1.0.0-SNAPSHOT/api/users/getUserInfo?accessToken= |
|
| 3 |
services.claims.authorization.originServer = .di.uoa.gr |
|
| 4 |
services.claims.authorization.registeredRoles = Super Administrator,Portal Administrator,Expert - Community,Expert - Funder,Curator - Claim,Curator - Project,Curator - Community,Curator - Institution,Author,Registered User,User Manager |
|
| 5 |
services.claims.authorization.claimCuratorRoles = Super Administrator,Curator - Claim,Portal Administrator |
|
| 6 |
services.claims.authorization.projectCuratorRoles = Curator - Project,Super Administrator,Curator - Claim,Portal Administrator |
|
| 7 |
services.claims.authorization.communityCuratorRoles = Curator - Community,Expert - Community,Portal Administrator,Registered User |
|
| modules/uoa-claims-api/trunk/src/main/resources/eu/dnetlib/openaire/rest/springContext-claims-authorization.xml | ||
|---|---|---|
| 25 | 25 |
|
| 26 | 26 |
<bean id="authorization" class="eu.dnetlib.openaire.rest.Authorization" > |
| 27 | 27 |
<property name="registeredRoles" value="#{'${services.claims.authorization.registeredRoles}'.split(',')}"/>
|
| 28 |
<property name="adminRoles" value="#{'${services.claims.authorization.adminRoles}'.split(',')}"/>
|
|
| 28 |
<property name="claimCuratorRoles" value="#{'${services.claims.authorization.claimCuratorRoles}'.split(',')}"/>
|
|
| 29 | 29 |
<property name="projectCuratorRoles" value="#{'${services.claims.authorization.projectCuratorRoles}'.split(',')}"/>
|
| 30 |
<property name="communityCuratorRoles" value="#{'${services.claims.authorization.communityCuratorRoles}'.split(',')}"/>
|
|
| 30 | 31 |
<property name="userHandler" ref="userHandler"/> |
| 31 | 32 |
<property name="originServer" value="${services.claims.authorization.originServer}"/>
|
| 32 | 33 |
|
Also available in: Unified diff
add more roles for community curators | distinct admin and claim curators