Project

General

Profile

« Previous | Next » 

Revision 60501

Added by Konstantina Galouni about 3 years ago

[Trunk | Admin Tools]:
1. pom.xml: Added dependency for spring security.
2. UoaAdminToolsApplication.java: Import AuthorizationConfiguration.class | Remove SecurityConfig.class from @EnableConfigurationProperties.
3. UoaAdminToolsConfiguration.java: Comment "addInterceptors()" method calling AuthorizationHandler with SecurityConfig.
4. SecurityConfig.java & AuthorizationHandler.java & AuthorizationUtils.java & CommunityInfo.java & UserInfo.java: Commented all contents of these files (files will be deleted in coming commit).
5. PortalSubscribersController.java: Comment imports from commeted files.
6. Notifications.java: Added field "aaiId" get getters and setters.
7. NotificationsController.java:
a. Method "getNotifications()" is replaced by "getNotificationsForUser()" (/community/{pid}/notifications) - returns notification settings only for user who made the request (uoa-authorization-li$
b. Path changed for method "getNotifications()": /community/{pid}/notifications/all
c. Remove "@RequestBody String email" parameter from method "deleteNotification()" - get email from user who made the request (uoa-authorization-library).
d. In method "saveNotification()" get aaiId and email from user who made the request (uoa-authorization-library).
e. Added checks and throw Exceptions in all methods.
f. Added @PreAuthorize
Portal Admins: "getNotifications()" (/community/{pid}/notifications/all)
Portal Admins - Curators - Managers: "getNotificationsForUser()" (/community/{pid}/notifications), "deleteNotification()" (/community/{pid}/notifications), "saveNotification()" (/communit$
8. ExploreController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateExplore()" (/explore/update), "insertExplore()" (/explore/save), "deleteExplore()" (/explore/delete).
9. ConnectController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateConnect()" (/connect/update), "insertConnect()" (/connect/save), "deleteConnect()" (/connect/delete).
c. Commented methods "getLayoutForConnect()" and "updateLayoutForConnect()" (/connect/{pid}/layout).
10. CommunityController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateCommunity()" (/community/update), "insertCommunity()" (/community/save), "deleteCommunity()" (/community/delete).
Portal Admin - Curators - Managers: "updateLayoutForCommunity()" (/community/{pid}/layout).
11. CuratorController.java:
a. In "insertCurator() (/curator) set _id field with aaiId from user who made the request (uoa-authorization-library).
b. Added @PreAuthorize
Authenticated users: "getCuratorById()" (/curator/{id}), "insertCurator()" (/curator).
Portal Admins: "deleteCurators()" (/curator).

View differences:

ConnectController.java
4 4 
import eu.dnetlib.uoaadmintools.services.LayoutService;
5 5 
import eu.dnetlib.uoaadmintoolslibrary.entities.Portal;
6 6 
import eu.dnetlib.uoaadmintoolslibrary.entities.fullEntities.*;
7 
import eu.dnetlib.uoaadmintoolslibrary.handlers.ContentNotFoundException;
8 
import eu.dnetlib.uoaadmintoolslibrary.handlers.MismatchingContentException;
7 9 
import eu.dnetlib.uoaadmintoolslibrary.services.PortalService;
8 10 
import org.apache.log4j.Logger;
11 
import org.springframework.security.access.prepost.PreAuthorize;
9 12 
import org.springframework.web.bind.annotation.*;
10 13 
import org.springframework.beans.factory.annotation.Autowired;
11 14 

  		




  ......




  14
  17
  
    
@RestController


  		




  15
  18
  
    
@RequestMapping("/connect")


  		




  16
  19
  
    
@CrossOrigin(origins = "*")


  		




  
  20
  
    
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")


  		




  17
  21
  
    
public class ConnectController {


  		




  18
  22
  
    
    private final Logger log = Logger.getLogger(this.getClass());


  		




  19
  23
  
    

  		




  ......




  23
  27
  
    
    @Autowired


  		




  24
  28
  
    
    private PortalService portalService;


  		




  25
  29
  
    

  		




  26
  
  
    
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")


  		




  27
  30
  
    
    @RequestMapping(value = "/update", method = RequestMethod.POST)


  		




  28
  
  
    
    public PortalResponse updateCommunity(@RequestBody Portal portal) {


  		




  
  31
  
    
    public PortalResponse updateConnect(@RequestBody Portal portal) {


  		




  
  32
  
    
        if(!portal.getType().equals("connect")) {


  		




  
  33
  
    
            // EXCEPTION - MismatchingContent


  		




  
  34
  
    
            throw new MismatchingContentException("Update Connect: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of connect");


  		




  
  35
  
    
        }


  		




  
  36
  
    

  		




  29
  37
  
    
        PortalResponse portalResponse = portalService.updatePortal(portal);


  		




  30
  38
  
    

  		




  31
  39
  
    
        String old_pid = portalResponse.getPid();


  		




  ......




  37
  45
  
    
        return portalResponse;


  		




  38
  46
  
    
    }


  		




  39
  47
  
    

  		




  40
  
  
    
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")


  		




  41
  48
  
    
    @RequestMapping(value = "/save", method = RequestMethod.POST)


  		




  42
  
  
    
    public PortalResponse insertCommunity(@RequestBody Portal portal) {


  		




  
  49
  
    
    public PortalResponse insertConnect(@RequestBody Portal portal) {


  		




  
  50
  
    
        if(!portal.getType().equals("connect")) {


  		




  
  51
  
    
            // EXCEPTION - MismatchingContent


  		




  
  52
  
    
            throw new MismatchingContentException("Save Connect: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of connect");


  		




  
  53
  
    
        }


  		




  
  54
  
    

  		




  43
  55
  
    
        PortalResponse portalResponse = portalService.insertPortal(portal);


  		




  44
  56
  
    
        return portalResponse;


  		




  45
  57
  
    
    }


  		




  46
  58
  
    

  		




  47
  
  
    
    // cannot handle MismatchingContent


  		




  48
  
  
    
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")


  		




  49
  59
  
    
    @RequestMapping(value = "/delete", method = RequestMethod.POST)


  		




  50
  
  
    
    public Boolean deleteCommunities(@RequestBody List<String> portals) {


  		




  
  60
  
    
    public Boolean deleteConnect(@RequestBody List<String> portals) {


  		




  51
  61
  
    
        for (String id: portals) {


  		




  
  62
  
    
            Portal portal = portalService.getPortalById(id);


  		




  
  63
  
    
            if(portal == null) {


  		




  
  64
  
    
                // EXCEPTION - Entity Not Found


  		




  
  65
  
    
                throw new ContentNotFoundException("Delete connect: Portal with id: " + id + " not found");


  		




  
  66
  
    
            }


  		




  
  67
  
    
            if(!portal.getType().equals("connect")) {


  		




  
  68
  
    
                // EXCEPTION - MismatchingContent


  		




  
  69
  
    
                throw new MismatchingContentException("Delete Connect: Portal with id: "+id+" has type: "+portal.getType()+" instead of connect");


  		




  
  70
  
    
            }


  		




  
  71
  
    

  		




  52
  72
  
    
            String pid = portalService.deletePortal(id);


  		




  53
  73
  
    
            layoutService.deleteByPid(pid);


  		




  54
  74
  
    
        }


  		




  ......




  56
  76
  
    
        return true;


  		




  57
  77
  
    
    }


  		




  58
  78
  
    

  		




  59
  
  
    
    @RequestMapping(value = "/{pid}/layout", method = RequestMethod.GET)


  		




  60
  
  
    
    public Layout getLayoutForCommunity(@PathVariable(value = "pid") String pid) {


  		




  61
  
  
    
        return layoutService.findByPid(pid);


  		




  62
  
  
    
    }


  		




  63
  
  
    

  		




  64
  
  
    
//    @PreAuthorize("hasAnyAuthority(" +


  		




  65
  
  
    
//            "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " +


  		




  66
  
  
    
//            "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))")


  		




  67
  
  
    
    @RequestMapping(value = "/{pid}/layout", method = RequestMethod.POST)


  		




  68
  
  
    
    public Layout updateLayoutForCommunity(@PathVariable(value = "pid") String pid, @RequestBody Layout layout) {


  		




  69
  
  
    
        return layoutService.save(layout);


  		




  70
  
  
    
    }


  		




  
  79
  
    
//    @RequestMapping(value = "/{pid}/layout", method = RequestMethod.GET)


  		




  
  80
  
    
//    public Layout getLayoutForConnect(@PathVariable(value = "pid") String pid) {


  		




  
  81
  
    
//        return layoutService.findByPid(pid);


  		




  
  82
  
    
//    }


  		




  
  83
  
    
//


  		




  
  84
  
    
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")


  		




  
  85
  
    
//    @RequestMapping(value = "/{pid}/layout", method = RequestMethod.POST)


  		




  
  86
  
    
//    public Layout updateLayoutForConnect(@PathVariable(value = "pid") String pid, @RequestBody Layout layout) {


  		




  
  87
  
    
//        return layoutService.save(layout);


  		




  
  88
  
    
//    }


  		




  71
  89
  
    
}


  		




  72
  90
  
    

  		












Also available in:  Unified diff