Revision 59851
Added by Konstantinos Triantafyllou over 3 years ago
modules/dnet-openaire-users/trunk/src/main/java/eu/dnetlib/openaire/usermanagement/api/RegistryService.java | ||
---|---|---|
3 | 3 |
import com.google.gson.JsonArray; |
4 | 4 |
import com.google.gson.JsonObject; |
5 | 5 |
import com.google.gson.JsonParser; |
6 |
import eu.dnetlib.openaire.user.login.utils.AuthoritiesUpdater; |
|
6 | 7 |
import eu.dnetlib.openaire.user.pojos.RoleVerification; |
7 | 8 |
import eu.dnetlib.openaire.user.utils.EmailSender; |
8 | 9 |
import eu.dnetlib.openaire.usermanagement.dto.Role; |
10 |
import eu.dnetlib.openaire.usermanagement.utils.AuthorizationService; |
|
9 | 11 |
import eu.dnetlib.openaire.usermanagement.utils.JsonUtils; |
10 | 12 |
import eu.dnetlib.openaire.usermanagement.utils.RegistryCalls; |
11 | 13 |
import eu.dnetlib.openaire.usermanagement.utils.VerificationUtils; |
12 | 14 |
import org.apache.log4j.Logger; |
15 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
|
13 | 16 |
import org.springframework.beans.factory.annotation.Autowired; |
14 | 17 |
import org.springframework.http.HttpStatus; |
15 | 18 |
import org.springframework.security.access.prepost.PreAuthorize; |
19 |
import org.springframework.security.core.GrantedAuthority; |
|
20 |
import org.springframework.security.core.authority.SimpleGrantedAuthority; |
|
21 |
import org.springframework.security.core.context.SecurityContextHolder; |
|
16 | 22 |
import org.springframework.stereotype.Component; |
17 | 23 |
import org.springframework.web.bind.annotation.RequestBody; |
18 | 24 |
|
... | ... | |
20 | 26 |
import javax.ws.rs.*; |
21 | 27 |
import javax.ws.rs.core.MediaType; |
22 | 28 |
import javax.ws.rs.core.Response; |
29 |
import java.util.Collection; |
|
30 |
import java.util.HashSet; |
|
23 | 31 |
|
24 | 32 |
@Component(value = "RegistryService") |
25 | 33 |
@Path("/registry") |
... | ... | |
39 | 47 |
@Autowired |
40 | 48 |
private VerificationUtils verificationUtils; |
41 | 49 |
|
50 |
@Autowired |
|
51 |
private AuthoritiesUpdater authoritiesUpdater; |
|
42 | 52 |
|
53 |
@Autowired |
|
54 |
private AuthorizationService authorizationService; |
|
55 |
|
|
56 |
private String getEmail() { |
|
57 |
OIDCAuthenticationToken authenticationToken = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); |
|
58 |
return authenticationToken.getUserInfo().getEmail(); |
|
59 |
} |
|
60 |
|
|
43 | 61 |
/** |
44 | 62 |
* Subscribe to a type(Community, etc.) with id(ee, egi, etc.) |
45 | 63 |
*/ |
... | ... | |
53 | 71 |
if (couId != null) { |
54 | 72 |
Integer role = calls.getRoleId(coPersonId, couId); |
55 | 73 |
calls.assignMemberRole(coPersonId, couId, role); |
74 |
authoritiesUpdater.update(getEmail(), old -> { |
|
75 |
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
76 |
authorities.add(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
|
77 |
return authorities; |
|
78 |
}); |
|
56 | 79 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build(); |
57 | 80 |
} else { |
58 | 81 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
75 | 98 |
if (role != null) { |
76 | 99 |
calls.removeAdminRole(coPersonId, couId); |
77 | 100 |
calls.removeMemberRole(coPersonId, couId, role); |
101 |
authoritiesUpdater.update(getEmail(), old -> { |
|
102 |
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
103 |
authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id))); |
|
104 |
authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
|
105 |
return authorities; |
|
106 |
}); |
|
78 | 107 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build(); |
79 | 108 |
} else |
80 | 109 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("User does not have this role").toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
309 | 338 |
if (calls.getUserAdminGroup(coPersonId, couId) == null) { |
310 | 339 |
verificationUtils.deleteManagerVerifications(verification.getEmail(), verification.getType(), verification.getEntity()); |
311 | 340 |
calls.assignAdminRole(coPersonId, couId); |
341 |
authoritiesUpdater.update(verification.getEmail(), old -> { |
|
342 |
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
343 |
authorities.add(new SimpleGrantedAuthority(authorizationService.member(verification.getType(), verification.getEntity()))); |
|
344 |
authorities.add(new SimpleGrantedAuthority(authorizationService.manager(verification.getType(), verification.getEntity()))); |
|
345 |
return authorities; |
|
346 |
}); |
|
312 | 347 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Admin role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build(); |
313 | 348 |
} else { |
314 | 349 |
return Response.status(HttpStatus.CONFLICT.value()).entity(jsonUtils.createResponse("User is already admin of this cou").toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
349 | 384 |
if (couId != null) { |
350 | 385 |
Integer role = calls.getRoleId(coPersonId, couId); |
351 | 386 |
calls.assignMemberRole(coPersonId, couId, role); |
387 |
authoritiesUpdater.update(verification.getEmail(), old -> { |
|
388 |
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
389 |
authorities.add(new SimpleGrantedAuthority(authorizationService.member(verification.getType(), verification.getEntity()))); |
|
390 |
return authorities; |
|
391 |
}); |
|
352 | 392 |
verificationUtils.deleteMemberVerifications(verification.getEmail(), verification.getType(), verification.getEntity()); |
353 | 393 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Member role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build(); |
354 | 394 |
} else { |
... | ... | |
384 | 424 |
Integer couId = calls.getCouId(type, id); |
385 | 425 |
if (couId != null) { |
386 | 426 |
calls.removeAdminRole(coPersonId, couId); |
427 |
authoritiesUpdater.update(email, old -> { |
|
428 |
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
429 |
authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id))); |
|
430 |
return authorities; |
|
431 |
}); |
|
387 | 432 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build(); |
388 | 433 |
} else { |
389 | 434 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
414 | 459 |
if (couId != null && role != null) { |
415 | 460 |
calls.removeAdminRole(coPersonId, couId); |
416 | 461 |
calls.removeMemberRole(coPersonId, couId, role); |
462 |
authoritiesUpdater.update(email, old -> { |
|
463 |
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
464 |
authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id))); |
|
465 |
authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
|
466 |
return authorities; |
|
467 |
}); |
|
417 | 468 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build(); |
418 | 469 |
} else { |
419 | 470 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
Also available in: Unified diff
[Users]: Update users' session when roles have been updated