Revision 60501
Added by Konstantina Galouni about 3 years ago
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/handlers/utils/CommunityInfo.java | ||
---|---|---|
1 |
package eu.dnetlib.uoaadmintools.handlers.utils; |
|
2 |
|
|
3 |
import com.google.gson.Gson; |
|
4 |
import org.apache.log4j.Logger; |
|
5 |
|
|
6 |
import java.io.BufferedReader; |
|
7 |
import java.io.InputStreamReader; |
|
8 |
import java.io.StringReader; |
|
9 |
import java.net.HttpURLConnection; |
|
10 |
import java.net.URL; |
|
11 |
import java.util.ArrayList; |
|
12 |
import java.util.List; |
|
13 |
|
|
14 |
/** |
|
15 |
* Created by argirok on 27/2/2018. |
|
16 |
*/ |
|
17 |
public class CommunityInfo { |
|
18 |
|
|
19 |
List<String> managers = new ArrayList<String>(); |
|
20 |
private final Logger log = Logger.getLogger(this.getClass()); |
|
21 |
|
|
22 |
public List<String> getManagers() { |
|
23 |
return managers; |
|
24 |
} |
|
25 |
|
|
26 |
public void setManagers(List<String> managers) { |
|
27 |
this.managers = managers; |
|
28 |
} |
|
29 |
|
|
30 |
private CommunityInfo getCommunityInfo(String communityAPI, String community) { |
|
31 |
String url = communityAPI + community; |
|
32 |
URL obj = null; |
|
33 |
String responseStr = null; |
|
34 |
log.debug("Community info url is " + url); |
|
35 |
|
|
36 |
try { |
|
37 |
obj = new URL(url); |
|
38 |
HttpURLConnection con = (HttpURLConnection) obj.openConnection(); |
|
39 |
log.debug("User info response code is: " + con.getResponseCode()); |
|
40 |
if (con.getResponseCode() != 200) { |
|
41 |
return null; |
|
42 |
} |
|
43 |
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream())); |
|
44 |
StringBuffer response = new StringBuffer(); |
|
45 |
String inputLine; |
|
46 |
while ((inputLine = in.readLine()) != null) { |
|
47 |
response.append(inputLine).append("\n"); |
|
48 |
} |
|
49 |
in.close(); |
|
50 |
responseStr = response.toString(); |
|
51 |
} catch (Exception e) { |
|
52 |
log.error("An error occured while trying to fetch user info ", e); |
|
53 |
return null; |
|
54 |
} |
|
55 |
return json2CommunityInfo(community); |
|
56 |
} |
|
57 |
private CommunityInfo json2CommunityInfo(String json){ |
|
58 |
|
|
59 |
log.debug("Try to create CommunityInfo class from json: "+json); |
|
60 |
if (json == null){ |
|
61 |
return null; |
|
62 |
} |
|
63 |
|
|
64 |
BufferedReader br = new BufferedReader(new StringReader(json)); |
|
65 |
//convert the json string back to object |
|
66 |
Gson gson = new Gson(); |
|
67 |
CommunityInfo communityInfo = null; |
|
68 |
try { |
|
69 |
communityInfo = gson.fromJson(br, CommunityInfo.class); |
|
70 |
}catch(Exception e){ |
|
71 |
log.debug("Error in parsing json response. Given json is : "+json, e); |
|
72 |
return null; |
|
73 |
} |
|
74 |
|
|
75 |
log.debug("Original response.........: "+communityInfo.toString()); |
|
76 |
|
|
77 |
|
|
78 |
|
|
79 |
return communityInfo; |
|
80 |
} |
|
81 |
} |
|
1 |
//package eu.dnetlib.uoaadmintools.handlers.utils; |
|
2 |
// |
|
3 |
//import com.google.gson.Gson; |
|
4 |
//import org.apache.log4j.Logger; |
|
5 |
// |
|
6 |
//import java.io.BufferedReader; |
|
7 |
//import java.io.InputStreamReader; |
|
8 |
//import java.io.StringReader; |
|
9 |
//import java.net.HttpURLConnection; |
|
10 |
//import java.net.URL; |
|
11 |
//import java.util.ArrayList; |
|
12 |
//import java.util.List; |
|
13 |
// |
|
14 |
///** |
|
15 |
// * Created by argirok on 27/2/2018. |
|
16 |
// */ |
|
17 |
//public class CommunityInfo { |
|
18 |
// |
|
19 |
// List<String> managers = new ArrayList<String>(); |
|
20 |
// private final Logger log = Logger.getLogger(this.getClass()); |
|
21 |
// |
|
22 |
// public List<String> getManagers() { |
|
23 |
// return managers; |
|
24 |
// } |
|
25 |
// |
|
26 |
// public void setManagers(List<String> managers) { |
|
27 |
// this.managers = managers; |
|
28 |
// } |
|
29 |
// |
|
30 |
// private CommunityInfo getCommunityInfo(String communityAPI, String community) { |
|
31 |
// String url = communityAPI + community; |
|
32 |
// URL obj = null; |
|
33 |
// String responseStr = null; |
|
34 |
// log.debug("Community info url is " + url); |
|
35 |
// |
|
36 |
// try { |
|
37 |
// obj = new URL(url); |
|
38 |
// HttpURLConnection con = (HttpURLConnection) obj.openConnection(); |
|
39 |
// log.debug("User info response code is: " + con.getResponseCode()); |
|
40 |
// if (con.getResponseCode() != 200) { |
|
41 |
// return null; |
|
42 |
// } |
|
43 |
// BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream())); |
|
44 |
// StringBuffer response = new StringBuffer(); |
|
45 |
// String inputLine; |
|
46 |
// while ((inputLine = in.readLine()) != null) { |
|
47 |
// response.append(inputLine).append("\n"); |
|
48 |
// } |
|
49 |
// in.close(); |
|
50 |
// responseStr = response.toString(); |
|
51 |
// } catch (Exception e) { |
|
52 |
// log.error("An error occured while trying to fetch user info ", e); |
|
53 |
// return null; |
|
54 |
// } |
|
55 |
// return json2CommunityInfo(community); |
|
56 |
// } |
|
57 |
// private CommunityInfo json2CommunityInfo(String json){ |
|
58 |
// |
|
59 |
// log.debug("Try to create CommunityInfo class from json: "+json); |
|
60 |
// if (json == null){ |
|
61 |
// return null; |
|
62 |
// } |
|
63 |
// |
|
64 |
// BufferedReader br = new BufferedReader(new StringReader(json)); |
|
65 |
// //convert the json string back to object |
|
66 |
// Gson gson = new Gson(); |
|
67 |
// CommunityInfo communityInfo = null; |
|
68 |
// try { |
|
69 |
// communityInfo = gson.fromJson(br, CommunityInfo.class); |
|
70 |
// }catch(Exception e){ |
|
71 |
// log.debug("Error in parsing json response. Given json is : "+json, e); |
|
72 |
// return null; |
|
73 |
// } |
|
74 |
// |
|
75 |
// log.debug("Original response.........: "+communityInfo.toString()); |
|
76 |
// |
|
77 |
// |
|
78 |
// |
|
79 |
// return communityInfo; |
|
80 |
// } |
|
81 |
//} |
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/handlers/utils/AuthorizationUtils.java | ||
---|---|---|
1 |
package eu.dnetlib.uoaadmintools.handlers.utils; |
|
2 |
|
|
3 |
import org.apache.log4j.Logger; |
|
4 |
|
|
5 |
import javax.servlet.http.Cookie; |
|
6 |
import javax.servlet.http.HttpServletRequest; |
|
7 |
import java.io.BufferedReader; |
|
8 |
import java.io.InputStreamReader; |
|
9 |
import java.io.StringReader; |
|
10 |
import java.net.HttpURLConnection; |
|
11 |
import java.net.URL; |
|
12 |
import java.util.Enumeration; |
|
13 |
|
|
14 |
import com.google.gson.Gson; |
|
15 |
|
|
16 |
/** |
|
17 |
* Created by argirok on 27/2/2018. |
|
18 |
*/ |
|
19 |
public class AuthorizationUtils { |
|
20 |
private final Logger log = Logger.getLogger(this.getClass()); |
|
21 |
private String userInfoUrl = null; |
|
22 |
// private String communityAPI =""; |
|
23 |
// List<String> adminRoles = new ArrayList<String>(Arrays.asList("Super Administrator", "Portal Administrator")); |
|
24 |
private String originServer= null; |
|
25 |
public Boolean checkCookies(HttpServletRequest request){ |
|
26 |
Boolean valid = true; |
|
27 |
String cookieValue = this.getCookie(request,"AccessToken"); |
|
28 |
if(cookieValue == null || cookieValue.isEmpty()){ |
|
29 |
log.info("no cookie available "); |
|
30 |
valid = false; |
|
31 |
}else { |
|
32 |
String headerValue = this.getHeadersInfo(request, "x-xsrf-token"); |
|
33 |
if(headerValue == null || headerValue.isEmpty()){ |
|
34 |
log.info("no header available "); |
|
35 |
valid = false; |
|
36 |
}else{ |
|
37 |
if(!cookieValue.equals(headerValue)){ |
|
38 |
log.info("no proper header or cookie "); |
|
39 |
valid = false; |
|
40 |
}else if(!hasValidOrigin(this.getHeadersInfo(request, "origin"))){ |
|
41 |
log.info("no proper origin "); |
|
42 |
valid = false; |
|
43 |
} |
|
44 |
} |
|
45 |
} |
|
46 |
return valid; |
|
47 |
} |
|
48 |
public String getToken(HttpServletRequest request){ |
|
49 |
return this.getHeadersInfo(request, "x-xsrf-token"); |
|
50 |
} |
|
51 |
private String getCookie(HttpServletRequest request, String cookieName){ |
|
52 |
if(request.getCookies() == null){ |
|
53 |
return null; |
|
54 |
} |
|
55 |
for(Cookie c: request.getCookies()){ |
|
56 |
// log.debug("cookie "+ c.getName()+ " "+ c.getValue()); |
|
57 |
if(c.getName().equals(cookieName)){ |
|
58 |
return c.getValue(); |
|
59 |
} |
|
60 |
|
|
61 |
} |
|
62 |
return null; |
|
63 |
} |
|
64 |
private String getHeadersInfo(HttpServletRequest request, String name) { |
|
65 |
|
|
66 |
Enumeration headerNames = request.getHeaderNames(); |
|
67 |
while (headerNames.hasMoreElements()) { |
|
68 |
String key = (String) headerNames.nextElement(); |
|
69 |
String value = request.getHeader(key); |
|
70 |
// log.debug(" key: "+ key+" value: "+ value); |
|
71 |
if(name.equals(key)){ |
|
72 |
return value; |
|
73 |
} |
|
74 |
} |
|
75 |
return null; |
|
76 |
} |
|
77 |
public boolean hasValidOrigin(String origin) { |
|
78 |
if (origin != null && origin.indexOf(originServer)!=-1) { |
|
79 |
return true; |
|
80 |
} |
|
81 |
log.debug("Not valid origin. Origin server is \"" + origin + "\", but expected value is \"" + originServer + "\". If the expec cted value is not right, check properties file. "); |
|
82 |
return false; |
|
83 |
} |
|
84 |
public UserInfo getUserInfo(String accessToken){ |
|
85 |
String url=userInfoUrl+accessToken; |
|
86 |
URL obj = null; |
|
87 |
String responseStr=null; |
|
88 |
// log.debug("User info url is "+url); |
|
89 |
|
|
90 |
try { |
|
91 |
obj = new URL(url); |
|
92 |
HttpURLConnection con = (HttpURLConnection) obj.openConnection(); |
|
93 |
if (con.getResponseCode() != 200) { |
|
94 |
log.debug("User info response code is: " + con.getResponseCode()); |
|
95 |
return null; |
|
96 |
} |
|
97 |
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream())); |
|
98 |
StringBuffer response = new StringBuffer(); |
|
99 |
String inputLine; |
|
100 |
while ((inputLine = in.readLine()) != null) { |
|
101 |
response.append(inputLine).append("\n"); |
|
102 |
} |
|
103 |
in.close(); |
|
104 |
responseStr = response.toString(); |
|
105 |
}catch(Exception e){ |
|
106 |
log.error("An error occured while trying to fetch user info ",e); |
|
107 |
return null; |
|
108 |
} |
|
109 |
return json2UserInfo(responseStr); |
|
110 |
} |
|
111 |
private UserInfo json2UserInfo(String json) { |
|
112 |
|
|
113 |
// log.debug("Try to create userInfo class from json: "+json); |
|
114 |
if (json == null){ |
|
115 |
return null; |
|
116 |
} |
|
117 |
|
|
118 |
BufferedReader br = new BufferedReader(new StringReader(json)); |
|
119 |
//convert the json string back to object |
|
120 |
Gson gson = new Gson(); |
|
121 |
UserInfo userInfo = null; |
|
122 |
try { |
|
123 |
userInfo = gson.fromJson(br, UserInfo.class); |
|
124 |
}catch(Exception e){ |
|
125 |
log.debug("Error in parsing json response. Given json is : "+json, e); |
|
126 |
return null; |
|
127 |
} |
|
128 |
|
|
129 |
// log.debug("Original response.........: "+userInfo.toString()); |
|
130 |
try { |
|
131 |
if(userInfo != null && userInfo.getEdu_person_entitlements() != null ) { |
|
132 |
|
|
133 |
for (int i = 0; i < userInfo.getEdu_person_entitlements().size(); i++) { |
|
134 |
String role = userInfo.getEdu_person_entitlements().get(i); |
|
135 |
// log.debug("AAI role: "+role); |
|
136 |
role = role.split(":")[role.split(":").length-1]; |
|
137 |
role = role.replace("+"," "); |
|
138 |
// log.debug("Adding parsed role : "+role); |
|
139 |
userInfo.getEdu_person_entitlements().set(i,role); |
|
140 |
} |
|
141 |
} |
|
142 |
}catch(Exception e){ |
|
143 |
log.debug("Error in parsing Edu_person_entitlements : ",e); |
|
144 |
return null; |
|
145 |
} |
|
146 |
// log.debug("After handling roles : "+userInfo.toString()); |
|
147 |
|
|
148 |
|
|
149 |
return userInfo; |
|
150 |
} |
|
151 |
public boolean isAuthorized(String token) { |
|
152 |
UserInfo userInfo = getUserInfo(token); |
|
153 |
if (userInfo != null ) { |
|
154 |
return true; |
|
155 |
} else { |
|
156 |
log.debug(" User has no Valid UserInfo"); |
|
157 |
return false; |
|
158 |
} |
|
159 |
|
|
160 |
} |
|
161 |
|
|
162 |
public String getUserInfoUrl() { |
|
163 |
return userInfoUrl; |
|
164 |
} |
|
165 |
|
|
166 |
public String getOriginServer() { |
|
167 |
return originServer; |
|
168 |
} |
|
169 |
|
|
170 |
public void setUserInfoUrl(String userInfoUrl) { |
|
171 |
this.userInfoUrl = userInfoUrl; |
|
172 |
} |
|
173 |
|
|
174 |
public void setOriginServer(String originServer) { |
|
175 |
this.originServer = originServer; |
|
176 |
} |
|
177 |
// private boolean hasRole(List<String> givenRoles, List<String> authorizedRoles) { |
|
178 |
// log.debug("It's registered with role " + givenRoles); |
|
179 |
// for (String gRole : givenRoles) { |
|
180 |
// if (authorizedRoles.indexOf(gRole) != -1) { |
|
181 |
// return true; |
|
1 |
//package eu.dnetlib.uoaadmintools.handlers.utils; |
|
2 |
// |
|
3 |
//import org.apache.log4j.Logger; |
|
4 |
// |
|
5 |
//import javax.servlet.http.Cookie; |
|
6 |
//import javax.servlet.http.HttpServletRequest; |
|
7 |
//import java.io.BufferedReader; |
|
8 |
//import java.io.InputStreamReader; |
|
9 |
//import java.io.StringReader; |
|
10 |
//import java.net.HttpURLConnection; |
|
11 |
//import java.net.URL; |
|
12 |
//import java.util.Enumeration; |
|
13 |
// |
|
14 |
//import com.google.gson.Gson; |
|
15 |
// |
|
16 |
///** |
|
17 |
// * Created by argirok on 27/2/2018. |
|
18 |
// */ |
|
19 |
//public class AuthorizationUtils { |
|
20 |
// private final Logger log = Logger.getLogger(this.getClass()); |
|
21 |
// private String userInfoUrl = null; |
|
22 |
//// private String communityAPI =""; |
|
23 |
//// List<String> adminRoles = new ArrayList<String>(Arrays.asList("Super Administrator", "Portal Administrator")); |
|
24 |
// private String originServer= null; |
|
25 |
// public Boolean checkCookies(HttpServletRequest request){ |
|
26 |
// Boolean valid = true; |
|
27 |
// String cookieValue = this.getCookie(request,"AccessToken"); |
|
28 |
// if(cookieValue == null || cookieValue.isEmpty()){ |
|
29 |
// log.info("no cookie available "); |
|
30 |
// valid = false; |
|
31 |
// }else { |
|
32 |
// String headerValue = this.getHeadersInfo(request, "x-xsrf-token"); |
|
33 |
// if(headerValue == null || headerValue.isEmpty()){ |
|
34 |
// log.info("no header available "); |
|
35 |
// valid = false; |
|
36 |
// }else{ |
|
37 |
// if(!cookieValue.equals(headerValue)){ |
|
38 |
// log.info("no proper header or cookie "); |
|
39 |
// valid = false; |
|
40 |
// }else if(!hasValidOrigin(this.getHeadersInfo(request, "origin"))){ |
|
41 |
// log.info("no proper origin "); |
|
42 |
// valid = false; |
|
43 |
// } |
|
182 | 44 |
// } |
183 | 45 |
// } |
184 |
// log.debug("Not Authorized. Authorized roles are" + authorizedRoles); |
|
185 |
// return false; |
|
46 |
// return valid; |
|
47 |
// } |
|
48 |
// public String getToken(HttpServletRequest request){ |
|
49 |
// return this.getHeadersInfo(request, "x-xsrf-token"); |
|
50 |
// } |
|
51 |
// private String getCookie(HttpServletRequest request, String cookieName){ |
|
52 |
// if(request.getCookies() == null){ |
|
53 |
// return null; |
|
54 |
// } |
|
55 |
// for(Cookie c: request.getCookies()){ |
|
56 |
//// log.debug("cookie "+ c.getName()+ " "+ c.getValue()); |
|
57 |
// if(c.getName().equals(cookieName)){ |
|
58 |
// return c.getValue(); |
|
59 |
// } |
|
186 | 60 |
// |
61 |
// } |
|
62 |
// return null; |
|
187 | 63 |
// } |
188 |
// private boolean isCommunityManager(String community, String email) {
|
|
64 |
// private String getHeadersInfo(HttpServletRequest request, String name) {
|
|
189 | 65 |
// |
190 |
// CommunityInfo communityInfo = getCommunityInfo(community);
|
|
191 |
// if(communityInfo != null && communityInfo.getManagers() != null ) {
|
|
192 |
// |
|
193 |
// for (int i = 0; i < communityInfo.getManagers().size(); i++) {
|
|
194 |
// String manager = communityInfo.getManagers().get(i);
|
|
195 |
// log.debug("Community manager: "+manager);
|
|
196 |
// |
|
66 |
// Enumeration headerNames = request.getHeaderNames();
|
|
67 |
// while (headerNames.hasMoreElements()) {
|
|
68 |
// String key = (String) headerNames.nextElement();
|
|
69 |
// String value = request.getHeader(key);
|
|
70 |
//// log.debug(" key: "+ key+" value: "+ value);
|
|
71 |
// if(name.equals(key)){
|
|
72 |
// return value;
|
|
197 | 73 |
// } |
198 | 74 |
// } |
75 |
// return null; |
|
76 |
// } |
|
77 |
// public boolean hasValidOrigin(String origin) { |
|
78 |
// if (origin != null && origin.indexOf(originServer)!=-1) { |
|
79 |
// return true; |
|
80 |
// } |
|
81 |
// log.debug("Not valid origin. Origin server is \"" + origin + "\", but expected value is \"" + originServer + "\". If the expec cted value is not right, check properties file. "); |
|
199 | 82 |
// return false; |
200 |
// |
|
201 | 83 |
// } |
202 |
// private CommunityInfo getCommunityInfo(String community) {
|
|
203 |
// String url = userInfoUrl + community;
|
|
84 |
// public UserInfo getUserInfo(String accessToken){
|
|
85 |
// String url=userInfoUrl+accessToken;
|
|
204 | 86 |
// URL obj = null; |
205 |
// String responseStr = null;
|
|
206 |
// log.debug("Community info url is " + url);
|
|
87 |
// String responseStr=null;
|
|
88 |
//// log.debug("User info url is "+url);
|
|
207 | 89 |
// |
208 | 90 |
// try { |
209 | 91 |
// obj = new URL(url); |
210 | 92 |
// HttpURLConnection con = (HttpURLConnection) obj.openConnection(); |
211 |
// log.debug("User info response code is: " + con.getResponseCode()); |
|
212 | 93 |
// if (con.getResponseCode() != 200) { |
94 |
// log.debug("User info response code is: " + con.getResponseCode()); |
|
213 | 95 |
// return null; |
214 | 96 |
// } |
215 | 97 |
// BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream())); |
... | ... | |
220 | 102 |
// } |
221 | 103 |
// in.close(); |
222 | 104 |
// responseStr = response.toString(); |
223 |
// } catch (Exception e) {
|
|
224 |
// log.error("An error occured while trying to fetch user info ", e);
|
|
105 |
// }catch(Exception e){
|
|
106 |
// log.error("An error occured while trying to fetch user info ",e); |
|
225 | 107 |
// return null; |
226 | 108 |
// } |
227 |
// return json2CommunityInfo(community);
|
|
109 |
// return json2UserInfo(responseStr);
|
|
228 | 110 |
// } |
229 |
// private CommunityInfo json2CommunityInfo(String json){
|
|
111 |
// private UserInfo json2UserInfo(String json) {
|
|
230 | 112 |
// |
231 |
// log.debug("Try to create CommunityInfo class from json: "+json);
|
|
113 |
//// log.debug("Try to create userInfo class from json: "+json);
|
|
232 | 114 |
// if (json == null){ |
233 | 115 |
// return null; |
234 | 116 |
// } |
... | ... | |
236 | 118 |
// BufferedReader br = new BufferedReader(new StringReader(json)); |
237 | 119 |
// //convert the json string back to object |
238 | 120 |
// Gson gson = new Gson(); |
239 |
// CommunityInfo communityInfo = null;
|
|
121 |
// UserInfo userInfo = null;
|
|
240 | 122 |
// try { |
241 |
// communityInfo = gson.fromJson(br, CommunityInfo.class);
|
|
123 |
// userInfo = gson.fromJson(br, UserInfo.class);
|
|
242 | 124 |
// }catch(Exception e){ |
243 | 125 |
// log.debug("Error in parsing json response. Given json is : "+json, e); |
244 | 126 |
// return null; |
245 | 127 |
// } |
246 | 128 |
// |
247 |
// log.debug("Original response.........: "+communityInfo.toString()); |
|
129 |
//// log.debug("Original response.........: "+userInfo.toString()); |
|
130 |
// try { |
|
131 |
// if(userInfo != null && userInfo.getEdu_person_entitlements() != null ) { |
|
248 | 132 |
// |
133 |
// for (int i = 0; i < userInfo.getEdu_person_entitlements().size(); i++) { |
|
134 |
// String role = userInfo.getEdu_person_entitlements().get(i); |
|
135 |
//// log.debug("AAI role: "+role); |
|
136 |
// role = role.split(":")[role.split(":").length-1]; |
|
137 |
// role = role.replace("+"," "); |
|
138 |
//// log.debug("Adding parsed role : "+role); |
|
139 |
// userInfo.getEdu_person_entitlements().set(i,role); |
|
140 |
// } |
|
141 |
// } |
|
142 |
// }catch(Exception e){ |
|
143 |
// log.debug("Error in parsing Edu_person_entitlements : ",e); |
|
144 |
// return null; |
|
145 |
// } |
|
146 |
//// log.debug("After handling roles : "+userInfo.toString()); |
|
249 | 147 |
// |
250 | 148 |
// |
251 |
// return communityInfo;
|
|
149 |
// return userInfo;
|
|
252 | 150 |
// } |
253 |
} |
|
151 |
// public boolean isAuthorized(String token) { |
|
152 |
// UserInfo userInfo = getUserInfo(token); |
|
153 |
// if (userInfo != null ) { |
|
154 |
// return true; |
|
155 |
// } else { |
|
156 |
// log.debug(" User has no Valid UserInfo"); |
|
157 |
// return false; |
|
158 |
// } |
|
159 |
// |
|
160 |
// } |
|
161 |
// |
|
162 |
// public String getUserInfoUrl() { |
|
163 |
// return userInfoUrl; |
|
164 |
// } |
|
165 |
// |
|
166 |
// public String getOriginServer() { |
|
167 |
// return originServer; |
|
168 |
// } |
|
169 |
// |
|
170 |
// public void setUserInfoUrl(String userInfoUrl) { |
|
171 |
// this.userInfoUrl = userInfoUrl; |
|
172 |
// } |
|
173 |
// |
|
174 |
// public void setOriginServer(String originServer) { |
|
175 |
// this.originServer = originServer; |
|
176 |
// } |
|
177 |
// // private boolean hasRole(List<String> givenRoles, List<String> authorizedRoles) { |
|
178 |
//// log.debug("It's registered with role " + givenRoles); |
|
179 |
//// for (String gRole : givenRoles) { |
|
180 |
//// if (authorizedRoles.indexOf(gRole) != -1) { |
|
181 |
//// return true; |
|
182 |
//// } |
|
183 |
//// } |
|
184 |
//// log.debug("Not Authorized. Authorized roles are" + authorizedRoles); |
|
185 |
//// return false; |
|
186 |
//// |
|
187 |
//// } |
|
188 |
//// private boolean isCommunityManager(String community, String email) { |
|
189 |
//// |
|
190 |
//// CommunityInfo communityInfo = getCommunityInfo(community); |
|
191 |
//// if(communityInfo != null && communityInfo.getManagers() != null ) { |
|
192 |
//// |
|
193 |
//// for (int i = 0; i < communityInfo.getManagers().size(); i++) { |
|
194 |
//// String manager = communityInfo.getManagers().get(i); |
|
195 |
//// log.debug("Community manager: "+manager); |
|
196 |
//// |
|
197 |
//// } |
|
198 |
//// } |
|
199 |
//// return false; |
|
200 |
//// |
|
201 |
//// } |
|
202 |
//// private CommunityInfo getCommunityInfo(String community) { |
|
203 |
//// String url = userInfoUrl + community; |
|
204 |
//// URL obj = null; |
|
205 |
//// String responseStr = null; |
|
206 |
//// log.debug("Community info url is " + url); |
|
207 |
//// |
|
208 |
//// try { |
|
209 |
//// obj = new URL(url); |
|
210 |
//// HttpURLConnection con = (HttpURLConnection) obj.openConnection(); |
|
211 |
//// log.debug("User info response code is: " + con.getResponseCode()); |
|
212 |
//// if (con.getResponseCode() != 200) { |
|
213 |
//// return null; |
|
214 |
//// } |
|
215 |
//// BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream())); |
|
216 |
//// StringBuffer response = new StringBuffer(); |
|
217 |
//// String inputLine; |
|
218 |
//// while ((inputLine = in.readLine()) != null) { |
|
219 |
//// response.append(inputLine).append("\n"); |
|
220 |
//// } |
|
221 |
//// in.close(); |
|
222 |
//// responseStr = response.toString(); |
|
223 |
//// } catch (Exception e) { |
|
224 |
//// log.error("An error occured while trying to fetch user info ", e); |
|
225 |
//// return null; |
|
226 |
//// } |
|
227 |
//// return json2CommunityInfo(community); |
|
228 |
//// } |
|
229 |
//// private CommunityInfo json2CommunityInfo(String json){ |
|
230 |
//// |
|
231 |
//// log.debug("Try to create CommunityInfo class from json: "+json); |
|
232 |
//// if (json == null){ |
|
233 |
//// return null; |
|
234 |
//// } |
|
235 |
//// |
|
236 |
//// BufferedReader br = new BufferedReader(new StringReader(json)); |
|
237 |
//// //convert the json string back to object |
|
238 |
//// Gson gson = new Gson(); |
|
239 |
//// CommunityInfo communityInfo = null; |
|
240 |
//// try { |
|
241 |
//// communityInfo = gson.fromJson(br, CommunityInfo.class); |
|
242 |
//// }catch(Exception e){ |
|
243 |
//// log.debug("Error in parsing json response. Given json is : "+json, e); |
|
244 |
//// return null; |
|
245 |
//// } |
|
246 |
//// |
|
247 |
//// log.debug("Original response.........: "+communityInfo.toString()); |
|
248 |
//// |
|
249 |
//// |
|
250 |
//// |
|
251 |
//// return communityInfo; |
|
252 |
//// } |
|
253 |
//} |
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/handlers/utils/UserInfo.java | ||
---|---|---|
1 |
package eu.dnetlib.uoaadmintools.handlers.utils; |
|
2 |
|
|
3 |
import java.util.ArrayList; |
|
4 |
import java.util.List; |
|
5 |
|
|
6 |
/** |
|
7 |
* Created by argirok on 23/6/2017. |
|
8 |
*/ |
|
9 |
public class UserInfo { |
|
10 |
String name; |
|
11 |
String email; |
|
12 |
List<String> edu_person_entitlements = new ArrayList<String>(); |
|
13 |
|
|
14 |
@Override |
|
15 |
public String toString() { |
|
16 |
return "UserInfo{" + |
|
17 |
"name='" + name + '\'' + |
|
18 |
", email='" + email + '\'' + |
|
19 |
", edu_person_entitlements=" + edu_person_entitlements + |
|
20 |
'}'; |
|
21 |
} |
|
22 |
|
|
23 |
public String getName() { |
|
24 |
return name; |
|
25 |
} |
|
26 |
|
|
27 |
public void setName(String name) { |
|
28 |
this.name = name; |
|
29 |
} |
|
30 |
|
|
31 |
public String getEmail() { |
|
32 |
return email; |
|
33 |
} |
|
34 |
|
|
35 |
public void setEmail(String email) { |
|
36 |
this.email = email; |
|
37 |
} |
|
38 |
|
|
39 |
public List<String> getEdu_person_entitlements() { |
|
40 |
return edu_person_entitlements; |
|
41 |
} |
|
42 |
|
|
43 |
public void setEdu_person_entitlements(List<String> edu_person_entitlements) { |
|
44 |
this.edu_person_entitlements = edu_person_entitlements; |
|
45 |
} |
|
46 |
} |
|
1 |
//package eu.dnetlib.uoaadmintools.handlers.utils; |
|
2 |
// |
|
3 |
//import java.util.ArrayList; |
|
4 |
//import java.util.List; |
|
5 |
// |
|
6 |
///** |
|
7 |
// * Created by argirok on 23/6/2017. |
|
8 |
// */ |
|
9 |
//public class UserInfo { |
|
10 |
// String name; |
|
11 |
// String email; |
|
12 |
// List<String> edu_person_entitlements = new ArrayList<String>(); |
|
13 |
// |
|
14 |
// @Override |
|
15 |
// public String toString() { |
|
16 |
// return "UserInfo{" + |
|
17 |
// "name='" + name + '\'' + |
|
18 |
// ", email='" + email + '\'' + |
|
19 |
// ", edu_person_entitlements=" + edu_person_entitlements + |
|
20 |
// '}'; |
|
21 |
// } |
|
22 |
// |
|
23 |
// public String getName() { |
|
24 |
// return name; |
|
25 |
// } |
|
26 |
// |
|
27 |
// public void setName(String name) { |
|
28 |
// this.name = name; |
|
29 |
// } |
|
30 |
// |
|
31 |
// public String getEmail() { |
|
32 |
// return email; |
|
33 |
// } |
|
34 |
// |
|
35 |
// public void setEmail(String email) { |
|
36 |
// this.email = email; |
|
37 |
// } |
|
38 |
// |
|
39 |
// public List<String> getEdu_person_entitlements() { |
|
40 |
// return edu_person_entitlements; |
|
41 |
// } |
|
42 |
// |
|
43 |
// public void setEdu_person_entitlements(List<String> edu_person_entitlements) { |
|
44 |
// this.edu_person_entitlements = edu_person_entitlements; |
|
45 |
// } |
|
46 |
//} |
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/handlers/AuthorizationHandler.java | ||
---|---|---|
1 |
package eu.dnetlib.uoaadmintools.handlers; |
|
2 |
|
|
3 |
import eu.dnetlib.uoaadmintools.handlers.utils.AuthorizationUtils; |
|
4 |
import org.apache.log4j.Logger; |
|
5 |
import org.springframework.beans.factory.annotation.Value; |
|
6 |
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; |
|
7 |
|
|
8 |
import javax.servlet.http.HttpServletRequest; |
|
9 |
import javax.servlet.http.HttpServletResponse; |
|
10 |
import java.util.List; |
|
11 |
|
|
12 |
/** |
|
13 |
* Created by argirok on 23/2/2018. |
|
14 |
*/ |
|
15 |
public class AuthorizationHandler extends HandlerInterceptorAdapter { |
|
16 |
private final Logger log = Logger.getLogger(this.getClass()); |
|
17 |
private AuthorizationUtils helper = new AuthorizationUtils(); |
|
18 |
private List<String> allowedPostRequests; |
|
19 |
|
|
20 |
public AuthorizationHandler(String userInfoUrl, String originServer, List<String> allowedPostRequests){ |
|
21 |
helper.setOriginServer(originServer); |
|
22 |
helper.setUserInfoUrl(userInfoUrl); |
|
23 |
this.allowedPostRequests = allowedPostRequests; |
|
24 |
} |
|
25 |
@Override |
|
26 |
public boolean preHandle( |
|
27 |
HttpServletRequest request, |
|
28 |
HttpServletResponse response, |
|
29 |
Object handler) throws Exception { |
|
30 |
// log.debug("request method " + request.getRemoteHost()); |
|
31 |
// log.debug("properties: " + helper.getOriginServer() + " "+ helper.getUserInfoUrl()); |
|
32 |
// log.debug(allowedPostRequests); |
|
33 |
// log.debug(allowedPostRequests.contains(request.getServletPath())); |
|
34 |
// log.debug(request.getServletPath()); |
|
35 |
if((request.getMethod().equals("POST") || request.getMethod().equals("DELETE")) && |
|
36 |
!allowedPostRequests.contains(request.getServletPath())) { |
|
37 |
//TODO check domain & check user info |
|
38 |
if(!this.helper.checkCookies(request) || !helper.isAuthorized(helper.getToken(request))){ |
|
39 |
|
|
40 |
response.setHeader("Access-Control-Allow-Credentials","true"); |
|
41 |
response.setHeader("Access-Control-Allow-Origin","*"); |
|
42 |
response.setHeader("Vary","Origin"); |
|
43 |
|
|
44 |
response.setStatus(403); |
|
45 |
response.sendError(403, "Forbidden: You don't have permission to access. Maybe you are not registered."); |
|
46 |
return false; |
|
47 |
} |
|
48 |
|
|
49 |
} |
|
50 |
return true; |
|
51 |
} |
|
52 |
|
|
53 |
|
|
1 |
//package eu.dnetlib.uoaadmintools.handlers; |
|
2 |
// |
|
3 |
//import eu.dnetlib.uoaadmintools.handlers.utils.AuthorizationUtils; |
|
4 |
//import org.apache.log4j.Logger; |
|
5 |
//import org.springframework.beans.factory.annotation.Value; |
|
6 |
//import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; |
|
7 |
// |
|
8 |
//import javax.servlet.http.HttpServletRequest; |
|
9 |
//import javax.servlet.http.HttpServletResponse; |
|
10 |
//import java.util.List; |
|
11 |
// |
|
12 |
///** |
|
13 |
// * Created by argirok on 23/2/2018. |
|
14 |
// */ |
|
15 |
//public class AuthorizationHandler extends HandlerInterceptorAdapter { |
|
16 |
// private final Logger log = Logger.getLogger(this.getClass()); |
|
17 |
// private AuthorizationUtils helper = new AuthorizationUtils(); |
|
18 |
// private List<String> allowedPostRequests; |
|
19 |
// |
|
20 |
// public AuthorizationHandler(String userInfoUrl, String originServer, List<String> allowedPostRequests){ |
|
21 |
// helper.setOriginServer(originServer); |
|
22 |
// helper.setUserInfoUrl(userInfoUrl); |
|
23 |
// this.allowedPostRequests = allowedPostRequests; |
|
24 |
// } |
|
54 | 25 |
// @Override |
55 |
// public void postHandle(
|
|
26 |
// public boolean preHandle(
|
|
56 | 27 |
// HttpServletRequest request, |
57 | 28 |
// HttpServletResponse response, |
58 |
// Object handler, |
|
59 |
// ModelAndView modelAndView) throws Exception { |
|
60 |
// log.info("I am here - postHandle "); |
|
29 |
// Object handler) throws Exception { |
|
30 |
//// log.debug("request method " + request.getRemoteHost()); |
|
31 |
//// log.debug("properties: " + helper.getOriginServer() + " "+ helper.getUserInfoUrl()); |
|
32 |
//// log.debug(allowedPostRequests); |
|
33 |
//// log.debug(allowedPostRequests.contains(request.getServletPath())); |
|
34 |
//// log.debug(request.getServletPath()); |
|
35 |
// if((request.getMethod().equals("POST") || request.getMethod().equals("DELETE")) && |
|
36 |
// !allowedPostRequests.contains(request.getServletPath())) { |
|
37 |
// //TODO check domain & check user info |
|
38 |
// if(!this.helper.checkCookies(request) || !helper.isAuthorized(helper.getToken(request))){ |
|
39 |
// |
|
40 |
// response.setHeader("Access-Control-Allow-Credentials","true"); |
|
41 |
// response.setHeader("Access-Control-Allow-Origin","*"); |
|
42 |
// response.setHeader("Vary","Origin"); |
|
43 |
// |
|
44 |
// response.setStatus(403); |
|
45 |
// response.sendError(403, "Forbidden: You don't have permission to access. Maybe you are not registered."); |
|
46 |
// return false; |
|
47 |
// } |
|
48 |
// |
|
49 |
// } |
|
50 |
// return true; |
|
61 | 51 |
// } |
62 | 52 |
// |
63 |
// @Override |
|
64 |
// public void afterCompletion( |
|
65 |
// HttpServletRequest request, |
|
66 |
// HttpServletResponse response, |
|
67 |
// Object handler, Exception ex) { |
|
68 |
// log.info("I am here - afterCompletion "); |
|
69 |
// } |
|
70 |
|
|
71 |
} |
|
53 |
// |
|
54 |
//// @Override |
|
55 |
//// public void postHandle( |
|
56 |
//// HttpServletRequest request, |
|
57 |
//// HttpServletResponse response, |
|
58 |
//// Object handler, |
|
59 |
//// ModelAndView modelAndView) throws Exception { |
|
60 |
//// log.info("I am here - postHandle "); |
|
61 |
//// } |
|
62 |
//// |
|
63 |
//// @Override |
|
64 |
//// public void afterCompletion( |
|
65 |
//// HttpServletRequest request, |
|
66 |
//// HttpServletResponse response, |
|
67 |
//// Object handler, Exception ex) { |
|
68 |
//// log.info("I am here - afterCompletion "); |
|
69 |
//// } |
|
70 |
// |
|
71 |
//} |
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/UoaAdminToolsApplication.java | ||
---|---|---|
1 | 1 |
package eu.dnetlib.uoaadmintools; |
2 | 2 |
|
3 | 3 |
import eu.dnetlib.uoaadmintools.configuration.properties.MongoConfig; |
4 |
import eu.dnetlib.uoaadmintools.configuration.properties.SecurityConfig; |
|
4 |
//import eu.dnetlib.uoaadmintools.configuration.properties.SecurityConfig;
|
|
5 | 5 |
//import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration; |
6 |
import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration; |
|
6 | 7 |
import org.springframework.boot.SpringApplication; |
7 | 8 |
import org.springframework.boot.autoconfigure.SpringBootApplication; |
8 | 9 |
import org.springframework.boot.context.properties.EnableConfigurationProperties; |
... | ... | |
15 | 16 |
@PropertySource("classpath:admintools.properties"), |
16 | 17 |
@PropertySource(value = "classpath:dnet-override.properties", ignoreResourceNotFound = true) |
17 | 18 |
}) |
18 |
@EnableConfigurationProperties({SecurityConfig.class, MongoConfig.class}) |
|
19 |
//@Import(AuthorizationConfiguration.class) |
|
19 |
//SecurityConfig.class, |
|
20 |
@EnableConfigurationProperties({MongoConfig.class}) |
|
21 |
@Import(AuthorizationConfiguration.class) |
|
20 | 22 |
public class UoaAdminToolsApplication { |
21 | 23 |
|
22 | 24 |
public static void main(String[] args) { |
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/entities/Notifications.java | ||
---|---|---|
14 | 14 |
Boolean notifyForNewSubscribers = true; |
15 | 15 |
String managerEmail; |
16 | 16 |
String portalPid; |
17 |
String aaiId; |
|
18 |
|
|
17 | 19 |
public Notifications(){ |
18 | 20 |
|
19 | 21 |
} |
... | ... | |
62 | 64 |
this.portalPid = portalPid; |
63 | 65 |
} |
64 | 66 |
|
67 |
public String getAaiId() { |
|
68 |
return aaiId; |
|
69 |
} |
|
70 |
|
|
71 |
public void setAaiId(String aaiId) { |
|
72 |
this.aaiId = aaiId; |
|
73 |
} |
|
74 |
|
|
65 | 75 |
@Override |
66 | 76 |
public String toString() { |
67 | 77 |
return "Notifications{" + |
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/UoaAdminToolsConfiguration.java | ||
---|---|---|
1 | 1 |
package eu.dnetlib.uoaadmintools; |
2 | 2 |
|
3 |
import eu.dnetlib.uoaadmintools.configuration.properties.SecurityConfig; |
|
4 |
import eu.dnetlib.uoaadmintools.handlers.AuthorizationHandler; |
|
3 |
//import eu.dnetlib.uoaadmintools.configuration.properties.SecurityConfig;
|
|
4 |
//import eu.dnetlib.uoaadmintools.handlers.AuthorizationHandler;
|
|
5 | 5 |
import org.apache.log4j.Logger; |
6 | 6 |
import org.springframework.beans.factory.annotation.Autowired; |
7 | 7 |
import org.springframework.context.annotation.Bean; |
... | ... | |
18 | 18 |
public class UoaAdminToolsConfiguration extends WebMvcConfigurerAdapter { |
19 | 19 |
private final Logger log = Logger.getLogger(this.getClass()); |
20 | 20 |
|
21 |
@Autowired |
|
22 |
private SecurityConfig securityConfig; |
|
21 |
// @Autowired
|
|
22 |
// private SecurityConfig securityConfig;
|
|
23 | 23 |
|
24 | 24 |
|
25 | 25 |
@Bean |
... | ... | |
27 | 27 |
return new PropertySourcesPlaceholderConfigurer(); |
28 | 28 |
} |
29 | 29 |
|
30 |
@Override |
|
31 |
public void addInterceptors(InterceptorRegistry registry) { |
|
32 |
registry.addInterceptor(new AuthorizationHandler(securityConfig.getUserInfoUrl(), securityConfig.getOriginServer(), securityConfig.getPostsAllowed())) |
|
33 |
.addPathPatterns("/**"); |
|
30 |
// @Override |
|
31 |
// public void addInterceptors(InterceptorRegistry registry) { |
|
32 |
// registry.addInterceptor(new AuthorizationHandler(securityConfig.getUserInfoUrl(), securityConfig.getOriginServer(), securityConfig.getPostsAllowed())) |
|
33 |
// .addPathPatterns("/**"); |
|
34 |
// |
|
35 |
// } |
|
34 | 36 |
|
35 |
} |
|
36 |
|
|
37 | 37 |
} |
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/controllers/ExploreController.java | ||
---|---|---|
2 | 2 |
|
3 | 3 |
import eu.dnetlib.uoaadmintoolslibrary.entities.Portal; |
4 | 4 |
import eu.dnetlib.uoaadmintoolslibrary.entities.fullEntities.*; |
5 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.ContentNotFoundException; |
|
6 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.MismatchingContentException; |
|
5 | 7 |
import eu.dnetlib.uoaadmintoolslibrary.services.PortalService; |
6 | 8 |
import org.apache.log4j.Logger; |
9 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
7 | 10 |
import org.springframework.web.bind.annotation.*; |
8 | 11 |
import org.springframework.beans.factory.annotation.Autowired; |
9 | 12 |
|
... | ... | |
12 | 15 |
@RestController |
13 | 16 |
@RequestMapping("/explore") |
14 | 17 |
@CrossOrigin(origins = "*") |
15 |
//@PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
|
|
18 |
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
|
|
16 | 19 |
public class ExploreController { |
17 | 20 |
private final Logger log = Logger.getLogger(this.getClass()); |
18 | 21 |
|
19 | 22 |
@Autowired |
20 | 23 |
private PortalService portalService; |
21 | 24 |
|
22 |
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)") |
|
23 | 25 |
@RequestMapping(value = "/update", method = RequestMethod.POST) |
24 | 26 |
public PortalResponse updateExplore(@RequestBody Portal portal) { |
27 |
if(!portal.getType().equals("explore")) { |
|
28 |
// EXCEPTION - MismatchingContent |
|
29 |
throw new MismatchingContentException("Update Explore: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of explore"); |
|
30 |
} |
|
25 | 31 |
PortalResponse portalResponse = portalService.updatePortal(portal); |
26 | 32 |
return portalResponse; |
27 | 33 |
} |
28 | 34 |
|
29 |
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)") |
|
30 | 35 |
@RequestMapping(value = "/save", method = RequestMethod.POST) |
31 | 36 |
public PortalResponse insertExplore(@RequestBody Portal portal) { |
37 |
if(!portal.getType().equals("explore")) { |
|
38 |
// EXCEPTION - MismatchingContent |
|
39 |
throw new MismatchingContentException("Save Explore: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of explore"); |
|
40 |
} |
|
32 | 41 |
PortalResponse portalResponse = portalService.insertPortal(portal); |
33 | 42 |
return portalResponse; |
34 | 43 |
} |
35 | 44 |
|
36 | 45 |
// cannot handle MismatchingContent |
37 |
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)") |
|
38 | 46 |
@RequestMapping(value = "/delete", method = RequestMethod.POST) |
39 | 47 |
public Boolean deleteExplore(@RequestBody List<String> portals) throws Exception { |
40 | 48 |
for (String id : portals) { |
49 |
Portal portal = portalService.getPortalById(id); |
|
50 |
if(portal == null) { |
|
51 |
// EXCEPTION - Entity Not Found |
|
52 |
throw new ContentNotFoundException("Delete Explore: Portal with id: " + id + " not found"); |
|
53 |
} |
|
54 |
if(!portal.getType().equals("explore")) { |
|
55 |
// EXCEPTION - MismatchingContent |
|
56 |
throw new MismatchingContentException("Delete Explore: Portal with id: "+id+" has type: "+portal.getType()+" instead of explore"); |
|
57 |
} |
|
41 | 58 |
portalService.deletePortal(id); |
42 | 59 |
} |
43 | 60 |
|
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/controllers/CuratorController.java | ||
---|---|---|
3 | 3 |
import eu.dnetlib.uoaadmintools.dao.CuratorDAO; |
4 | 4 |
import eu.dnetlib.uoaadmintools.entities.curator.Curator; |
5 | 5 |
import eu.dnetlib.uoaadmintools.entities.curator.CuratorResponse; |
6 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.utils.RolesUtils; |
|
6 | 7 |
import org.apache.log4j.Logger; |
7 | 8 |
import org.springframework.beans.factory.annotation.Autowired; |
9 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
8 | 10 |
import org.springframework.web.bind.annotation.*; |
9 | 11 |
|
10 | 12 |
import java.util.ArrayList; |
... | ... | |
19 | 21 |
@Autowired |
20 | 22 |
private CuratorDAO curatorDAO; |
21 | 23 |
|
24 |
@Autowired |
|
25 |
private RolesUtils rolesUtils; |
|
22 | 26 |
|
23 | 27 |
/** |
24 | 28 |
* Return a list with curator. If list of emails does not existed return all curators, else return |
... | ... | |
51 | 55 |
* @param id |
52 | 56 |
* @return |
53 | 57 |
*/ |
58 |
@PreAuthorize("isAuthenticated()") |
|
54 | 59 |
@RequestMapping(value = "/curator/{id}", method = RequestMethod.GET) |
55 | 60 |
public Curator getCuratorById(@PathVariable String id) { |
56 | 61 |
return curatorDAO.findById(id); |
... | ... | |
62 | 67 |
* @param curator |
63 | 68 |
* @return |
64 | 69 |
*/ |
70 |
@PreAuthorize("isAuthenticated()") |
|
65 | 71 |
@RequestMapping(value = "/curator", method = RequestMethod.POST) |
66 | 72 |
public Curator insertCurator(@RequestBody Curator curator) { |
73 |
String aaiId = rolesUtils.getAaiId(); |
|
74 |
curator.setId(aaiId); |
|
67 | 75 |
return curatorDAO.save(curator); |
68 | 76 |
} |
69 | 77 |
|
... | ... | |
73 | 81 |
* |
74 | 82 |
* @param emails |
75 | 83 |
*/ |
84 |
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)") |
|
76 | 85 |
@RequestMapping(value = "/curator", method = RequestMethod.DELETE) |
77 | 86 |
public void deleteCurators(@RequestBody(required = false) Optional<List<String>> emails) { |
78 | 87 |
if(emails.isPresent()) { |
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/controllers/CommunityController.java | ||
---|---|---|
7 | 7 |
import eu.dnetlib.uoaadmintools.services.SubscriberService; |
8 | 8 |
import eu.dnetlib.uoaadmintoolslibrary.entities.Portal; |
9 | 9 |
import eu.dnetlib.uoaadmintoolslibrary.entities.fullEntities.*; |
10 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.ContentNotFoundException; |
|
11 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; |
|
12 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.MismatchingContentException; |
|
13 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.utils.RolesUtils; |
|
10 | 14 |
import eu.dnetlib.uoaadmintoolslibrary.services.PortalService; |
11 | 15 |
import org.apache.log4j.Logger; |
12 | 16 |
import org.springframework.web.bind.annotation.*; |
13 | 17 |
import org.springframework.beans.factory.annotation.Autowired; |
14 | 18 |
|
15 | 19 |
import java.util.*; |
20 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
16 | 21 |
|
17 | 22 |
@RestController |
18 | 23 |
@RequestMapping("/community") |
... | ... | |
21 | 26 |
private final Logger log = Logger.getLogger(this.getClass()); |
22 | 27 |
|
23 | 28 |
@Autowired |
29 |
private RolesUtils rolesUtils; |
|
30 |
|
|
31 |
@Autowired |
|
24 | 32 |
private LayoutService layoutService; |
25 | 33 |
|
26 | 34 |
@Autowired |
... | ... | |
45 | 53 |
return portalService.getAllPortalsFullByType("community"); |
46 | 54 |
} |
47 | 55 |
|
48 |
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
|
|
56 |
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
|
|
49 | 57 |
@RequestMapping(value = "/update", method = RequestMethod.POST) |
50 | 58 |
public PortalResponse updateCommunity(@RequestBody Portal portal) { |
59 |
if(!portal.getType().equals("community")) { |
|
60 |
// EXCEPTION - MismatchingContent |
|
61 |
throw new MismatchingContentException("Update Community: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of community"); |
|
62 |
} |
|
63 |
|
|
51 | 64 |
String old_pid = portalService.getPortalById(portal.getId()).getPid(); |
52 | 65 |
String new_pid = portal.getPid(); |
53 | 66 |
|
... | ... | |
64 | 77 |
return portalResponse; |
65 | 78 |
} |
66 | 79 |
|
67 |
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
|
|
80 |
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
|
|
68 | 81 |
@RequestMapping(value = "/save", method = RequestMethod.POST) |
69 | 82 |
public PortalResponse insertCommunity(@RequestBody Portal portal) { |
83 |
if(!portal.getType().equals("community")) { |
|
84 |
// EXCEPTION - MismatchingContent |
|
85 |
throw new MismatchingContentException("Save Community: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of community"); |
|
86 |
} |
|
87 |
|
|
70 | 88 |
PortalResponse portalResponse = portalService.insertPortal(portal); |
71 | 89 |
|
72 | 90 |
statisticsService.createPortalStatistics(portal.getPid()); |
... | ... | |
75 | 93 |
return portalResponse; |
76 | 94 |
} |
77 | 95 |
|
78 |
// cannot handle MismatchingContent |
|
79 |
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)") |
|
96 |
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)") |
|
80 | 97 |
@RequestMapping(value = "/delete", method = RequestMethod.POST) |
81 | 98 |
public Boolean deleteCommunities(@RequestBody List<String> portals) { |
99 |
List<String> roles = rolesUtils.getRoles(); |
|
100 |
|
|
82 | 101 |
for (String id: portals) { |
102 |
Portal portal = portalService.getPortalById(id); |
|
103 |
if(portal == null) { |
|
104 |
// EXCEPTION - Entity Not Found |
|
105 |
throw new ContentNotFoundException("Delete community: Portal with id: " + id + " not found"); |
|
106 |
} |
|
107 |
if(!portal.getType().equals("community")) { |
|
108 |
// EXCEPTION - MismatchingContent |
|
109 |
throw new MismatchingContentException("Delete Community: Portal with id: "+id+" has type: "+portal.getType()+" instead of community"); |
|
110 |
} |
|
111 |
|
|
83 | 112 |
String pid = portalService.deletePortal(id); |
84 | 113 |
|
85 | 114 |
statisticsService.deleteByPid(pid); |
... | ... | |
93 | 122 |
|
94 | 123 |
@RequestMapping(value = "/{pid}/layout", method = RequestMethod.GET) |
95 | 124 |
public Layout getLayoutForCommunity(@PathVariable(value = "pid") String pid) { |
125 |
Portal portal = portalService.getPortal(pid); |
|
126 |
if(portal == null) { |
|
127 |
// EXCEPTION - Entity Not Found |
|
128 |
throw new ContentNotFoundException("CommunityController - Get layout: Portal with pid: " + pid + " not found"); |
|
129 |
} |
|
130 |
if(!portal.getType().equals("community")) { |
|
131 |
// EXCEPTION - MismatchingContent |
|
132 |
throw new MismatchingContentException("CommunityController - Get layout: Portal with pid: "+pid+" has type: "+portal.getType()+" instead of community"); |
|
133 |
} |
|
96 | 134 |
return layoutService.findByPid(pid); |
97 | 135 |
} |
98 | 136 |
|
99 |
// @PreAuthorize("hasAnyAuthority(" +
|
|
100 |
// "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " +
|
|
101 |
// "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))")
|
|
137 |
@PreAuthorize("hasAnyAuthority(" + |
|
138 |
"@AuthorizationService.PORTAL_ADMIN, " +
|
|
139 |
"@AuthorizationService.curator('community'), @AuthorizationService.manager('community', #pid))")
|
|
102 | 140 |
@RequestMapping(value = "/{pid}/layout", method = RequestMethod.POST) |
103 | 141 |
public Layout updateLayoutForCommunity(@PathVariable(value = "pid") String pid, @RequestBody Layout layout) { |
142 |
Portal portal = portalService.getPortal(pid); |
|
143 |
if(portal == null) { |
|
144 |
// EXCEPTION - Entity Not Found |
|
145 |
throw new ContentNotFoundException("CommunityController - Update layout: Portal with pid: " + pid + " not found"); |
|
146 |
} |
|
147 |
if(!portal.getType().equals("community")) { |
|
148 |
// EXCEPTION - MismatchingContent |
|
149 |
throw new MismatchingContentException("CommunityController - Update layout: Portal with pid: "+pid+" has type: "+portal.getType()+" instead of community"); |
|
150 |
} |
|
151 |
if(!pid.equals(layout.getPortalPid())) { |
|
152 |
// EXCEPTION - MismatchingContent |
|
153 |
throw new MismatchingContentException("CommunityController - Update layout: Portal has pid: "+pid+" while layout has portalPid: "+layout.getPortalPid()); |
|
154 |
} |
|
104 | 155 |
return layoutService.save(layout); |
105 | 156 |
} |
106 | 157 |
} |
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/controllers/PortalSubscribersController.java | ||
---|---|---|
6 | 6 |
import eu.dnetlib.uoaadmintools.entities.subscriber.PortalSubscribers; |
7 | 7 |
import eu.dnetlib.uoaadmintools.entities.subscriber.Subscriber; |
8 | 8 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.ContentNotFoundException; |
9 |
import eu.dnetlib.uoaadmintools.handlers.utils.AuthorizationUtils; |
|
10 |
import eu.dnetlib.uoaadmintools.handlers.utils.UserInfo; |
|
9 |
//import eu.dnetlib.uoaadmintools.handlers.utils.AuthorizationUtils;
|
|
10 |
//import eu.dnetlib.uoaadmintools.handlers.utils.UserInfo;
|
|
11 | 11 |
import eu.dnetlib.uoaadmintoolslibrary.responses.SingleValueWrapperResponse; |
12 | 12 |
import eu.dnetlib.uoaadmintoolslibrary.dao.PortalDAO; |
13 | 13 |
import org.apache.log4j.Logger; |
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/controllers/ConnectController.java | ||
---|---|---|
4 | 4 |
import eu.dnetlib.uoaadmintools.services.LayoutService; |
5 | 5 |
import eu.dnetlib.uoaadmintoolslibrary.entities.Portal; |
6 | 6 |
import eu.dnetlib.uoaadmintoolslibrary.entities.fullEntities.*; |
7 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.ContentNotFoundException; |
|
8 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.MismatchingContentException; |
|
7 | 9 |
import eu.dnetlib.uoaadmintoolslibrary.services.PortalService; |
8 | 10 |
import org.apache.log4j.Logger; |
11 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
9 | 12 |
import org.springframework.web.bind.annotation.*; |
10 | 13 |
import org.springframework.beans.factory.annotation.Autowired; |
11 | 14 |
|
... | ... | |
14 | 17 |
@RestController |
15 | 18 |
@RequestMapping("/connect") |
16 | 19 |
@CrossOrigin(origins = "*") |
20 |
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)") |
|
17 | 21 |
public class ConnectController { |
18 | 22 |
private final Logger log = Logger.getLogger(this.getClass()); |
19 | 23 |
|
... | ... | |
23 | 27 |
@Autowired |
24 | 28 |
private PortalService portalService; |
25 | 29 |
|
26 |
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)") |
|
27 | 30 |
@RequestMapping(value = "/update", method = RequestMethod.POST) |
28 |
public PortalResponse updateCommunity(@RequestBody Portal portal) { |
|
31 |
public PortalResponse updateConnect(@RequestBody Portal portal) { |
|
32 |
if(!portal.getType().equals("connect")) { |
|
33 |
// EXCEPTION - MismatchingContent |
|
34 |
throw new MismatchingContentException("Update Connect: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of connect"); |
|
35 |
} |
|
36 |
|
|
29 | 37 |
PortalResponse portalResponse = portalService.updatePortal(portal); |
30 | 38 |
|
31 | 39 |
String old_pid = portalResponse.getPid(); |
... | ... | |
37 | 45 |
return portalResponse; |
38 | 46 |
} |
39 | 47 |
|
40 |
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)") |
|
41 | 48 |
@RequestMapping(value = "/save", method = RequestMethod.POST) |
42 |
public PortalResponse insertCommunity(@RequestBody Portal portal) { |
|
49 |
public PortalResponse insertConnect(@RequestBody Portal portal) { |
|
50 |
if(!portal.getType().equals("connect")) { |
|
51 |
// EXCEPTION - MismatchingContent |
|
52 |
throw new MismatchingContentException("Save Connect: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of connect"); |
|
53 |
} |
|
54 |
|
|
43 | 55 |
PortalResponse portalResponse = portalService.insertPortal(portal); |
44 | 56 |
return portalResponse; |
45 | 57 |
} |
46 | 58 |
|
47 |
// cannot handle MismatchingContent |
|
48 |
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)") |
|
49 | 59 |
@RequestMapping(value = "/delete", method = RequestMethod.POST) |
50 |
public Boolean deleteCommunities(@RequestBody List<String> portals) {
|
|
60 |
public Boolean deleteConnect(@RequestBody List<String> portals) {
|
|
51 | 61 |
for (String id: portals) { |
62 |
Portal portal = portalService.getPortalById(id); |
|
63 |
if(portal == null) { |
|
64 |
// EXCEPTION - Entity Not Found |
|
65 |
throw new ContentNotFoundException("Delete connect: Portal with id: " + id + " not found"); |
|
66 |
} |
|
67 |
if(!portal.getType().equals("connect")) { |
|
68 |
// EXCEPTION - MismatchingContent |
|
69 |
throw new MismatchingContentException("Delete Connect: Portal with id: "+id+" has type: "+portal.getType()+" instead of connect"); |
|
70 |
} |
|
71 |
|
|
52 | 72 |
String pid = portalService.deletePortal(id); |
53 | 73 |
layoutService.deleteByPid(pid); |
54 | 74 |
} |
... | ... | |
56 | 76 |
return true; |
57 | 77 |
} |
58 | 78 |
|
59 |
@RequestMapping(value = "/{pid}/layout", method = RequestMethod.GET) |
|
60 |
public Layout getLayoutForCommunity(@PathVariable(value = "pid") String pid) { |
|
61 |
return layoutService.findByPid(pid); |
|
62 |
} |
|
63 |
|
|
64 |
// @PreAuthorize("hasAnyAuthority(" + |
|
65 |
// "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " + |
|
66 |
// "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))") |
|
67 |
@RequestMapping(value = "/{pid}/layout", method = RequestMethod.POST) |
|
68 |
public Layout updateLayoutForCommunity(@PathVariable(value = "pid") String pid, @RequestBody Layout layout) { |
|
69 |
return layoutService.save(layout); |
|
70 |
} |
|
79 |
// @RequestMapping(value = "/{pid}/layout", method = RequestMethod.GET) |
|
80 |
// public Layout getLayoutForConnect(@PathVariable(value = "pid") String pid) { |
|
81 |
// return layoutService.findByPid(pid); |
|
82 |
// } |
|
83 |
// |
|
84 |
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)") |
|
85 |
// @RequestMapping(value = "/{pid}/layout", method = RequestMethod.POST) |
|
86 |
// public Layout updateLayoutForConnect(@PathVariable(value = "pid") String pid, @RequestBody Layout layout) { |
|
87 |
// return layoutService.save(layout); |
|
88 |
// } |
|
71 | 89 |
} |
72 | 90 |
|
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/controllers/NotificationsController.java | ||
---|---|---|
2 | 2 |
|
3 | 3 |
import eu.dnetlib.uoaadmintools.dao.NotificationsDAO; |
4 | 4 |
import eu.dnetlib.uoaadmintools.entities.Notifications; |
5 |
import eu.dnetlib.uoaadmintoolslibrary.entities.Portal; |
|
6 |
import eu.dnetlib.uoaadmintoolslibrary.entities.PortalType; |
|
5 | 7 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.ContentNotFoundException; |
6 | 8 |
import eu.dnetlib.uoaadmintoolslibrary.dao.PortalDAO; |
9 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.MismatchingContentException; |
|
10 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.utils.RolesUtils; |
|
7 | 11 |
import org.apache.log4j.Logger; |
8 | 12 |
import org.springframework.beans.factory.annotation.Autowired; |
13 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
9 | 14 |
import org.springframework.web.bind.annotation.*; |
10 | 15 |
|
11 | 16 |
import java.util.List; |
... | ... | |
22 | 27 |
private NotificationsDAO notificationsDAO; |
23 | 28 |
@Autowired |
24 | 29 |
private PortalDAO portalDAO; |
30 |
@Autowired |
|
31 |
private RolesUtils rolesUtils; |
|
25 | 32 |
|
26 |
@RequestMapping(value = "/community/{pid}/notifications", method = RequestMethod.GET) |
|
33 |
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)") |
|
34 |
@RequestMapping(value = "/community/{pid}/notifications/all", method = RequestMethod.GET) |
|
27 | 35 |
public List<Notifications> getNotifications(@PathVariable(value = "pid") String pid ) throws ContentNotFoundException { |
28 |
if(portalDAO.findByPid(pid) == null){ |
|
29 |
throw new ContentNotFoundException("Portal not found"); |
|
36 |
Portal portal = portalDAO.findByPid(pid); |
|
37 |
if(portal == null){ |
|
38 |
throw new ContentNotFoundException("Portal with pid: "+pid+" not found"); |
|
30 | 39 |
} |
40 |
if(!portal.getType().equals("community")) { |
|
41 |
// EXCEPTION - MismatchingContent |
|
42 |
throw new MismatchingContentException("Get Notifications: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of community"); |
|
43 |
} |
|
44 |
|
|
31 | 45 |
List<Notifications> notifications = notificationsDAO.findByPortalPid(pid); |
32 | 46 |
if(notifications == null || notifications.size() == 0){ |
33 |
throw new ContentNotFoundException("Notifications settings not found"); |
|
47 |
throw new ContentNotFoundException("Notifications settings for community with pid: "+pid+" not found");
|
|
34 | 48 |
} |
35 | 49 |
return notifications; |
36 | 50 |
} |
51 |
|
|
52 |
@PreAuthorize("hasAnyAuthority(" + |
|
53 |
"@AuthorizationService.PORTAL_ADMIN, " + |
|
54 |
"@AuthorizationService.curator('community'), @AuthorizationService.manager('community', #pid))") |
|
55 |
@RequestMapping(value = "/community/{pid}/notifications", method = RequestMethod.GET) |
|
56 |
public Notifications getNotificationsForUser(@PathVariable(value = "pid") String pid) throws ContentNotFoundException { |
|
57 |
Portal portal = portalDAO.findByPid(pid); |
|
58 |
if(portal == null){ |
|
59 |
throw new ContentNotFoundException("Portal with pid: "+pid+" not found"); |
|
60 |
} |
|
61 |
if(!portal.getType().equals("community")) { |
|
62 |
// EXCEPTION - MismatchingContent |
|
63 |
throw new MismatchingContentException("Get Notifications: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of community"); |
|
64 |
} |
|
65 |
|
|
66 |
String email = rolesUtils.getEmail(); |
|
67 |
|
|
68 |
Notifications notifications = notificationsDAO.findByManagerEmailAndPortalPid(email, pid); |
|
69 |
if(notifications == null){ |
|
70 |
throw new ContentNotFoundException("Notifications settings for community with pid: "+pid+" and user email: "+email+" not found"); |
|
71 |
} |
|
72 |
return notifications; |
|
73 |
} |
|
74 |
|
|
75 |
@PreAuthorize("hasAnyAuthority(" + |
|
76 |
"@AuthorizationService.PORTAL_ADMIN, " + |
|
77 |
"@AuthorizationService.curator('community'), @AuthorizationService.manager('community', #pid))") |
|
37 | 78 |
@RequestMapping(value = "/community/{pid}/notifications", method = RequestMethod.DELETE) |
38 |
public void deleteEntity(@PathVariable(value = "pid") String pid, @RequestBody String email) throws ContentNotFoundException { |
|
79 |
public void deleteNotification(@PathVariable(value = "pid") String pid) throws ContentNotFoundException { |
|
80 |
Portal portal = portalDAO.findByPid(pid); |
|
81 |
if(portal == null){ |
|
82 |
throw new ContentNotFoundException("Portal with pid: "+pid+" not found"); |
|
83 |
} |
|
84 |
if(!portal.getType().equals("community")) { |
|
85 |
// EXCEPTION - MismatchingContent |
|
86 |
throw new MismatchingContentException("Delete Notifications: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of community"); |
|
87 |
} |
|
88 |
String email = rolesUtils.getEmail(); |
|
39 | 89 |
Notifications notifications = notificationsDAO.findByManagerEmailAndPortalPid(email,pid); |
40 | 90 |
if(notifications!= null){ |
41 | 91 |
notificationsDAO.delete(notifications.getId()); |
42 | 92 |
}else{ |
43 |
throw new ContentNotFoundException("Notifications not found"); |
|
93 |
throw new ContentNotFoundException("Notifications settings for community with pid: "+pid+" and user email: "+email+" not found");
|
|
44 | 94 |
} |
45 | 95 |
|
46 | 96 |
} |
47 | 97 |
|
98 |
@PreAuthorize("hasAnyAuthority(" + |
|
99 |
"@AuthorizationService.PORTAL_ADMIN, " + |
|
100 |
"@AuthorizationService.curator('community'), @AuthorizationService.manager('community', #pid))") |
|
48 | 101 |
@RequestMapping(value = "/community/{pid}/notifications", method = RequestMethod.POST) |
49 |
public Notifications saveEntity(@PathVariable(value = "pid") String pid, @RequestBody Notifications notifications) throws ContentNotFoundException { |
|
50 |
if(portalDAO.findByPid(pid) == null){ |
|
51 |
throw new ContentNotFoundException("Portal not found"); |
|
102 |
public Notifications saveNotification(@PathVariable(value = "pid") String pid, @RequestBody Notifications notifications) throws ContentNotFoundException { |
|
103 |
Portal portal = portalDAO.findByPid(pid); |
|
104 |
if(portal == null){ |
|
105 |
throw new ContentNotFoundException("Portal with pid: "+pid+" not found"); |
|
52 | 106 |
} |
107 |
if(!portal.getType().equals("community")) { |
|
108 |
// EXCEPTION - MismatchingContent |
|
109 |
throw new MismatchingContentException("Save Notifications: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of community"); |
|
110 |
} |
|
53 | 111 |
|
54 |
if(notifications.getManagerEmail() != null && !notifications.getManagerEmail().isEmpty()){ |
|
112 |
notifications.setManagerEmail(rolesUtils.getEmail()); |
|
113 |
notifications.setAaiId(rolesUtils.getAaiId()); |
|
114 |
|
|
115 |
// if(notifications.getManagerEmail() != null && !notifications.getManagerEmail().isEmpty()){ |
|
55 | 116 |
Notifications saved = notificationsDAO.findByManagerEmailAndPortalPid(notifications.getManagerEmail(),pid); |
56 | 117 |
log.debug(saved); |
57 | 118 |
if(saved!= null){ |
... | ... | |
62 | 123 |
log.debug(notifications); |
63 | 124 |
Notifications savedNotifications = notificationsDAO.save(notifications); |
64 | 125 |
return savedNotifications; |
65 |
}else{
|
|
66 |
log.error("No user e-mail specified");
|
|
67 |
return null; |
|
68 |
} |
|
126 |
// } else{
|
|
127 |
// log.error("Save notifications: No user e-mail specified");
|
|
128 |
// return null;
|
|
129 |
// }
|
|
69 | 130 |
|
70 | 131 |
|
71 | 132 |
} |
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/configuration/properties/SecurityConfig.java | ||
---|---|---|
1 |
package eu.dnetlib.uoaadmintools.configuration.properties; |
|
2 |
|
|
3 |
import org.springframework.boot.context.properties.ConfigurationProperties; |
|
4 |
|
|
5 |
import java.util.ArrayList; |
|
6 |
import java.util.List; |
|
7 |
|
|
8 |
@ConfigurationProperties("admintool.security") |
|
9 |
public class SecurityConfig { |
|
10 |
|
|
11 |
private String userInfoUrl; |
|
12 |
private String originServer; |
|
13 |
private List<String> postsAllowed = new ArrayList<>(); |
|
14 |
|
|
15 |
public void setUserInfoUrl(String userInfoUrl) { |
|
16 |
this.userInfoUrl = userInfoUrl; |
|
17 |
} |
|
18 |
|
|
19 |
public void setOriginServer(String originServer) { |
|
20 |
this.originServer = originServer; |
|
21 |
} |
|
22 |
|
|
23 |
|
Also available in: Unified diff
[Trunk | Admin Tools]:
1. pom.xml: Added dependency for spring security.
2. UoaAdminToolsApplication.java: Import AuthorizationConfiguration.class | Remove SecurityConfig.class from @EnableConfigurationProperties.
3. UoaAdminToolsConfiguration.java: Comment "addInterceptors()" method calling AuthorizationHandler with SecurityConfig.
4. SecurityConfig.java & AuthorizationHandler.java & AuthorizationUtils.java & CommunityInfo.java & UserInfo.java: Commented all contents of these files (files will be deleted in coming commit).
5. PortalSubscribersController.java: Comment imports from commeted files.
6. Notifications.java: Added field "aaiId" get getters and setters.
7. NotificationsController.java:
a. Method "getNotifications()" is replaced by "getNotificationsForUser()" (/community/{pid}/notifications) - returns notification settings only for user who made the request (uoa-authorization-li$
b. Path changed for method "getNotifications()": /community/{pid}/notifications/all
c. Remove "@RequestBody String email" parameter from method "deleteNotification()" - get email from user who made the request (uoa-authorization-library).
d. In method "saveNotification()" get aaiId and email from user who made the request (uoa-authorization-library).
e. Added checks and throw Exceptions in all methods.
f. Added @PreAuthorize
Portal Admins: "getNotifications()" (/community/{pid}/notifications/all)
Portal Admins - Curators - Managers: "getNotificationsForUser()" (/community/{pid}/notifications), "deleteNotification()" (/community/{pid}/notifications), "saveNotification()" (/communit$
8. ExploreController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateExplore()" (/explore/update), "insertExplore()" (/explore/save), "deleteExplore()" (/explore/delete).
9. ConnectController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateConnect()" (/connect/update), "insertConnect()" (/connect/save), "deleteConnect()" (/connect/delete).
c. Commented methods "getLayoutForConnect()" and "updateLayoutForConnect()" (/connect/{pid}/layout).
10. CommunityController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateCommunity()" (/community/update), "insertCommunity()" (/community/save), "deleteCommunity()" (/community/delete).
Portal Admin - Curators - Managers: "updateLayoutForCommunity()" (/community/{pid}/layout).
11. CuratorController.java:
a. In "insertCurator() (/curator) set _id field with aaiId from user who made the request (uoa-authorization-library).
b. Added @PreAuthorize
Authenticated users: "getCuratorById()" (/curator/{id}), "insertCurator()" (/curator).
Portal Admins: "deleteCurators()" (/curator).