Revision 61318
Added by Konstantinos Spyrou almost 3 years ago
AaiUserRoleController.java | ||
---|---|---|
1 | 1 |
package eu.dnetlib.repo.manager.controllers; |
2 | 2 |
|
3 | 3 |
import com.google.gson.JsonArray; |
4 |
import com.google.gson.JsonElement; |
|
4 | 5 |
import eu.dnetlib.repo.manager.domain.dto.Role; |
5 |
import eu.dnetlib.repo.manager.service.AaiUserRoleService; |
|
6 |
import eu.dnetlib.repo.manager.utils.AuthorizationService; |
|
6 |
import eu.dnetlib.repo.manager.service.aai.registry.AaiRegistryService; |
|
7 | 7 |
import eu.dnetlib.repo.manager.utils.JsonUtils; |
8 |
import io.swagger.annotations.Api; |
|
9 |
import io.swagger.annotations.ApiOperation; |
|
8 | 10 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
9 | 11 |
import org.springframework.beans.factory.annotation.Autowired; |
10 | 12 |
import org.springframework.http.HttpStatus; |
13 |
import org.springframework.http.ResponseEntity; |
|
11 | 14 |
import org.springframework.security.access.prepost.PreAuthorize; |
12 | 15 |
import org.springframework.security.core.context.SecurityContextHolder; |
13 |
import org.springframework.web.bind.annotation.RequestBody; |
|
14 |
import org.springframework.web.bind.annotation.RequestMapping; |
|
15 |
import org.springframework.web.bind.annotation.RestController; |
|
16 |
import org.springframework.web.bind.annotation.*; |
|
16 | 17 |
|
17 |
import javax.ws.rs.*; |
|
18 | 18 |
import javax.ws.rs.core.MediaType; |
19 | 19 |
import javax.ws.rs.core.Response; |
20 |
import java.util.ArrayList; |
|
21 |
import java.util.List; |
|
20 | 22 |
|
21 | 23 |
@RestController |
22 |
@RequestMapping("/aai-user-management") |
|
24 |
@RequestMapping(value = "/aai-user-management") |
|
25 |
@Api(description = "AAI User Management", value = "aai-user-management") |
|
23 | 26 |
public class AaiUserRoleController { |
24 | 27 |
|
25 |
@Autowired |
|
26 |
private AaiUserRoleService calls; |
|
28 |
private final AaiRegistryService aaiRegistryService; |
|
27 | 29 |
|
28 |
@Autowired |
|
29 |
private JsonUtils jsonUtils; |
|
30 |
|
|
31 | 30 |
// TODO: Antonis K. This should be uncommented |
32 | 31 |
// @Autowired |
33 | 32 |
// private AuthoritiesUpdater authoritiesUpdater; |
33 |
// |
|
34 |
// @Autowired |
|
35 |
// private AuthorizationService authorizationService; |
|
34 | 36 |
|
35 | 37 |
@Autowired |
36 |
private AuthorizationService authorizationService; |
|
38 |
AaiUserRoleController(AaiRegistryService aaiRegistryService) { |
|
39 |
this.aaiRegistryService = aaiRegistryService; |
|
40 |
} |
|
37 | 41 |
|
38 | 42 |
private String sendEmail() { |
39 | 43 |
OIDCAuthenticationToken authenticationToken = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); |
... | ... | |
43 | 47 |
/** |
44 | 48 |
* Create a new role with the given name and description. |
45 | 49 |
**/ |
46 |
@Path("/createRole") |
|
47 |
@POST |
|
48 |
@Produces(MediaType.APPLICATION_JSON) |
|
49 |
@Consumes(MediaType.APPLICATION_JSON) |
|
50 |
@RequestMapping(method = RequestMethod.GET, path = "/role/id/get") |
|
51 |
// @PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here |
|
52 |
public Response getRole(@RequestParam(value = "type", defaultValue = "datasource") String type, @RequestParam("id") String id) { |
|
53 |
int roleId = aaiRegistryService.getCouId(type, id); |
|
54 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role id is: " + roleId).toString()).type(MediaType.APPLICATION_JSON).build(); |
|
55 |
} |
|
56 |
|
|
57 |
/** |
|
58 |
* Create a new role with the given name and description. |
|
59 |
**/ |
|
60 |
@RequestMapping(method = RequestMethod.POST, path = "/createRole") |
|
50 | 61 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here |
51 | 62 |
public Response createRole(@RequestBody Role role) { |
52 |
calls.createRole(role);
|
|
53 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been created").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
63 |
aaiRegistryService.createRole(role);
|
|
64 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been created").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
54 | 65 |
} |
55 | 66 |
|
56 | 67 |
/** |
57 | 68 |
* Subscribe to a type(Community, etc.) with id(ee, egi, etc.) |
58 | 69 |
*/ |
59 |
@Path("/subscribe/{type}/{id}") |
|
60 |
@POST |
|
61 |
@Produces(MediaType.APPLICATION_JSON) |
|
62 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here |
|
63 |
public Response subscribe(@PathParam("type") String type, @PathParam("id") String id) { |
|
64 |
Integer coPersonId = calls.getCoPersonIdByIdentifier(); |
|
65 |
Integer couId = calls.getCouId(type, id); |
|
70 |
@ApiOperation(value = "subscribe") |
|
71 |
@RequestMapping(method = RequestMethod.POST, path = "/subscribe/{type}/{id}") |
|
72 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or (hasRole(@Converter.convertRepoIdToRoleId(#repository.id)) or hasRole(@Converter.convertRepoIdToRoleId(returnObject.id)))") |
|
73 |
// TODO: Perhaps less roles here |
|
74 |
public Response subscribe(@PathVariable("type") String type, @PathVariable("id") String id) { |
|
75 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByIdentifier(); |
|
76 |
if (coPersonId == null) { |
|
77 |
coPersonId = aaiRegistryService.getCoPersonIdByEmail(); |
|
78 |
} |
|
79 |
Integer couId = aaiRegistryService.getCouId(type, id); |
|
66 | 80 |
if (couId != null) { |
67 |
Integer role = calls.getRoleId(coPersonId, couId);
|
|
68 |
calls.assignMemberRole(coPersonId, couId, role);
|
|
81 |
Integer role = aaiRegistryService.getRoleId(coPersonId, couId);
|
|
82 |
aaiRegistryService.assignMemberRole(coPersonId, couId, role);
|
|
69 | 83 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
70 | 84 |
// authoritiesUpdater.update(sendEmail(), old -> { |
71 | 85 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
72 | 86 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
73 | 87 |
// return authorities; |
74 | 88 |
// }); |
75 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
89 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
76 | 90 |
} else { |
77 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
91 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
78 | 92 |
} |
79 | 93 |
} |
80 | 94 |
|
... | ... | |
82 | 96 |
/** |
83 | 97 |
* Remove the member role from user with email for a type(Community, etc.) with id(ee, egi, etc.) |
84 | 98 |
*/ |
85 |
@Path("/{type}/{id}/member/{email}") |
|
86 |
@DELETE |
|
87 |
@Produces(MediaType.APPLICATION_JSON) |
|
88 |
@Consumes(MediaType.APPLICATION_JSON) |
|
99 |
@ApiOperation(value = "Remove role from member") |
|
100 |
@RequestMapping(method = RequestMethod.DELETE, path = "/{type}/{id}/member/{email}") |
|
89 | 101 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here |
90 |
public Response removeMemberRole(@PathParam("type") String type, @PathParam("id") String
|
|
91 |
id, @PathParam("email") String email) {
|
|
92 |
Integer coPersonId = calls.getCoPersonIdByEmail(email);
|
|
102 |
public Response removeMemberRole(@PathVariable("type") String type, @PathVariable("id") String
|
|
103 |
id, @PathVariable("email") String email) {
|
|
104 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email);
|
|
93 | 105 |
if (coPersonId != null) { |
94 |
Integer couId = calls.getCouId(type, id);
|
|
106 |
Integer couId = aaiRegistryService.getCouId(type, id);
|
|
95 | 107 |
Integer role = null; |
96 | 108 |
if (couId != null) { |
97 |
role = calls.getRoleId(coPersonId, couId);
|
|
109 |
role = aaiRegistryService.getRoleId(coPersonId, couId);
|
|
98 | 110 |
} |
99 | 111 |
if (couId != null && role != null) { |
100 |
calls.removeMemberRole(coPersonId, couId, role);
|
|
112 |
aaiRegistryService.removeMemberRole(coPersonId, couId, role);
|
|
101 | 113 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
102 | 114 |
// authoritiesUpdater.update(email, old -> { |
103 | 115 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
104 | 116 |
// authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
105 | 117 |
// return authorities; |
106 | 118 |
// }); |
107 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
119 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
108 | 120 |
} else { |
109 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
121 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
110 | 122 |
} |
111 | 123 |
} else { |
112 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("User has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
124 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("User has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
113 | 125 |
} |
114 | 126 |
} |
115 | 127 |
|
128 |
|
|
116 | 129 |
/** |
117 |
* Get all the users that have the role that is associated with repoId
|
|
130 |
* Subscribe to role-repo by his email
|
|
118 | 131 |
*/ |
119 |
@Path("/repo/{id}/all-users") |
|
120 |
@GET |
|
121 |
@Produces(MediaType.APPLICATION_JSON) |
|
132 |
@RequestMapping(method = RequestMethod.POST, path = "/subscribe/repo-role/{id}") |
|
122 | 133 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here |
123 |
public Response getAllUserOfARepo(@PathParam("id") String id) { |
|
124 |
|
|
125 |
// find roleId by repoId |
|
126 |
String roleId = calls.getRoleIdByRepoId(id, "datasource"); |
|
127 |
|
|
128 |
// find couId by role name |
|
129 |
if (roleId != null) { |
|
130 |
Integer couId = calls.getCouId("datasource", roleId); |
|
134 |
public Response subscribeRoleByEmail(@PathVariable("id") String id, @RequestParam("email") String email) { |
|
135 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
|
136 |
if (coPersonId != null) { |
|
137 |
Integer couId = aaiRegistryService.getCouId("datasource", id); |
|
131 | 138 |
if (couId != null) { |
132 |
JsonArray users = calls.getUsersByCouId(couId); |
|
133 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse(users).toString()).type(MediaType.APPLICATION_JSON).build(); |
|
139 |
Integer role = aaiRegistryService.getRoleId(coPersonId, couId); |
|
140 |
aaiRegistryService.assignMemberRole(coPersonId, couId, role); |
|
141 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
142 |
// authoritiesUpdater.update(sendEmail(), old -> { |
|
143 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
144 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member("datasource", id))); |
|
145 |
// return authorities; |
|
146 |
// }); |
|
147 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build(); |
|
134 | 148 |
} else { |
135 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
149 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
136 | 150 |
} |
151 |
} else { |
|
152 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("User with this email has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
|
137 | 153 |
} |
138 | 154 |
|
139 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
|
155 |
|
|
140 | 156 |
} |
141 | 157 |
|
142 | 158 |
|
143 | 159 |
/** |
144 |
* Subscribe to role-repo by his email
|
|
160 |
* Get all the users that have the role that is associated with repoId
|
|
145 | 161 |
*/ |
146 |
@Path("/subscribe/repo-role/{id}/email/{email}") |
|
147 |
@POST |
|
148 |
@Produces(MediaType.APPLICATION_JSON) |
|
162 |
@RequestMapping(method = RequestMethod.GET, path = "/repo/{id}/all-users") |
|
149 | 163 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here |
150 |
public Response subscribeRoleByEmail(@PathParam("id") String id, @PathParam("email") String email) { |
|
151 |
Integer coPersonId = calls.getCoPersonIdByEmail(email); |
|
152 |
if (coPersonId != null) { |
|
153 |
String roleId = calls.getRoleIdByRepoId(id, "datasource"); |
|
154 |
if (roleId != null) { |
|
155 |
Integer couId = calls.getCouId("datasource", roleId); |
|
156 |
if (couId != null) { |
|
157 |
Integer role = calls.getRoleId(coPersonId, couId); |
|
158 |
calls.assignMemberRole(coPersonId, couId, role); |
|
159 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
160 |
// authoritiesUpdater.update(sendEmail(), old -> { |
|
161 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
162 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member("datasource", id))); |
|
163 |
// return authorities; |
|
164 |
// }); |
|
165 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build(); |
|
166 |
} else { |
|
167 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
|
168 |
} |
|
169 |
} else { |
|
170 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
|
164 |
public ResponseEntity<List<String>> getAllUsersOfARepo(@PathVariable("id") String id) { |
|
165 |
|
|
166 |
List<String> userList = new ArrayList<>(); |
|
167 |
|
|
168 |
// find couId by role name |
|
169 |
Integer couId = aaiRegistryService.getCouId("datasource", id); |
|
170 |
if (couId != null) { |
|
171 |
JsonArray users = aaiRegistryService.getUsersByCouId(couId); |
|
172 |
for (JsonElement jsonElement : users) { |
|
173 |
userList.add(jsonElement.toString()); |
|
171 | 174 |
} |
172 |
} else { |
|
173 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("User with this email has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
|
175 |
return ResponseEntity.ok(userList); |
|
174 | 176 |
} |
175 | 177 |
|
178 |
return new ResponseEntity<>(HttpStatus.NOT_FOUND); |
|
179 |
} |
|
180 |
///////////////////////////////////////////////////////////////////////////////////////////// |
|
181 |
///////////////////////////////////////////////////////////////////////////////////////////// |
|
176 | 182 |
|
183 |
@RequestMapping(method = RequestMethod.GET, path = "/users/couid/{id}") |
|
184 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") |
|
185 |
public ResponseEntity<String> getUsersByCouId(@PathVariable("id") Integer id) { |
|
186 |
// calls.getUserByCoId() |
|
187 |
return ResponseEntity.ok(aaiRegistryService.getUsersByCouId(id).toString()); |
|
177 | 188 |
} |
178 | 189 |
|
179 |
} |
|
190 |
|
|
191 |
@RequestMapping(method = RequestMethod.GET, path = "/user/roles") |
|
192 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") |
|
193 |
public ResponseEntity<List<String>> getRolesByEmail(@RequestParam("email") String email) { |
|
194 |
int coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
|
195 |
List<String> list = new ArrayList<>(); |
|
196 |
for (JsonElement element : aaiRegistryService.getRoles(coPersonId)) { |
|
197 |
list.add(element.toString()); |
|
198 |
} |
|
199 |
return ResponseEntity.ok(list); |
|
200 |
} |
|
201 |
|
|
202 |
} |
Also available in: Unified diff
1. fixed authorization in RepositoryController
2. created new methods and classes
3. made authorities mapping the same as with other openaire projects
4. refactoring