Revision 61318
Added by Konstantinos Spyrou almost 3 years ago
| AaiUserRoleController.java | ||
|---|---|---|
| 1 | 1 |
package eu.dnetlib.repo.manager.controllers; |
| 2 | 2 |
|
| 3 | 3 |
import com.google.gson.JsonArray; |
| 4 |
import com.google.gson.JsonElement; |
|
| 4 | 5 |
import eu.dnetlib.repo.manager.domain.dto.Role; |
| 5 |
import eu.dnetlib.repo.manager.service.AaiUserRoleService; |
|
| 6 |
import eu.dnetlib.repo.manager.utils.AuthorizationService; |
|
| 6 |
import eu.dnetlib.repo.manager.service.aai.registry.AaiRegistryService; |
|
| 7 | 7 |
import eu.dnetlib.repo.manager.utils.JsonUtils; |
| 8 |
import io.swagger.annotations.Api; |
|
| 9 |
import io.swagger.annotations.ApiOperation; |
|
| 8 | 10 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
| 9 | 11 |
import org.springframework.beans.factory.annotation.Autowired; |
| 10 | 12 |
import org.springframework.http.HttpStatus; |
| 13 |
import org.springframework.http.ResponseEntity; |
|
| 11 | 14 |
import org.springframework.security.access.prepost.PreAuthorize; |
| 12 | 15 |
import org.springframework.security.core.context.SecurityContextHolder; |
| 13 |
import org.springframework.web.bind.annotation.RequestBody; |
|
| 14 |
import org.springframework.web.bind.annotation.RequestMapping; |
|
| 15 |
import org.springframework.web.bind.annotation.RestController; |
|
| 16 |
import org.springframework.web.bind.annotation.*; |
|
| 16 | 17 |
|
| 17 |
import javax.ws.rs.*; |
|
| 18 | 18 |
import javax.ws.rs.core.MediaType; |
| 19 | 19 |
import javax.ws.rs.core.Response; |
| 20 |
import java.util.ArrayList; |
|
| 21 |
import java.util.List; |
|
| 20 | 22 |
|
| 21 | 23 |
@RestController |
| 22 |
@RequestMapping("/aai-user-management")
|
|
| 24 |
@RequestMapping(value = "/aai-user-management") |
|
| 25 |
@Api(description = "AAI User Management", value = "aai-user-management") |
|
| 23 | 26 |
public class AaiUserRoleController {
|
| 24 | 27 |
|
| 25 |
@Autowired |
|
| 26 |
private AaiUserRoleService calls; |
|
| 28 |
private final AaiRegistryService aaiRegistryService; |
|
| 27 | 29 |
|
| 28 |
@Autowired |
|
| 29 |
private JsonUtils jsonUtils; |
|
| 30 |
|
|
| 31 | 30 |
// TODO: Antonis K. This should be uncommented |
| 32 | 31 |
// @Autowired |
| 33 | 32 |
// private AuthoritiesUpdater authoritiesUpdater; |
| 33 |
// |
|
| 34 |
// @Autowired |
|
| 35 |
// private AuthorizationService authorizationService; |
|
| 34 | 36 |
|
| 35 | 37 |
@Autowired |
| 36 |
private AuthorizationService authorizationService; |
|
| 38 |
AaiUserRoleController(AaiRegistryService aaiRegistryService) {
|
|
| 39 |
this.aaiRegistryService = aaiRegistryService; |
|
| 40 |
} |
|
| 37 | 41 |
|
| 38 | 42 |
private String sendEmail() {
|
| 39 | 43 |
OIDCAuthenticationToken authenticationToken = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); |
| ... | ... | |
| 43 | 47 |
/** |
| 44 | 48 |
* Create a new role with the given name and description. |
| 45 | 49 |
**/ |
| 46 |
@Path("/createRole")
|
|
| 47 |
@POST |
|
| 48 |
@Produces(MediaType.APPLICATION_JSON) |
|
| 49 |
@Consumes(MediaType.APPLICATION_JSON) |
|
| 50 |
@RequestMapping(method = RequestMethod.GET, path = "/role/id/get") |
|
| 51 |
// @PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
| 52 |
public Response getRole(@RequestParam(value = "type", defaultValue = "datasource") String type, @RequestParam("id") String id) {
|
|
| 53 |
int roleId = aaiRegistryService.getCouId(type, id); |
|
| 54 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role id is: " + roleId).toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 55 |
} |
|
| 56 |
|
|
| 57 |
/** |
|
| 58 |
* Create a new role with the given name and description. |
|
| 59 |
**/ |
|
| 60 |
@RequestMapping(method = RequestMethod.POST, path = "/createRole") |
|
| 50 | 61 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
| 51 | 62 |
public Response createRole(@RequestBody Role role) {
|
| 52 |
calls.createRole(role);
|
|
| 53 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been created").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 63 |
aaiRegistryService.createRole(role);
|
|
| 64 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been created").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 54 | 65 |
} |
| 55 | 66 |
|
| 56 | 67 |
/** |
| 57 | 68 |
* Subscribe to a type(Community, etc.) with id(ee, egi, etc.) |
| 58 | 69 |
*/ |
| 59 |
@Path("/subscribe/{type}/{id}")
|
|
| 60 |
@POST |
|
| 61 |
@Produces(MediaType.APPLICATION_JSON) |
|
| 62 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
| 63 |
public Response subscribe(@PathParam("type") String type, @PathParam("id") String id) {
|
|
| 64 |
Integer coPersonId = calls.getCoPersonIdByIdentifier(); |
|
| 65 |
Integer couId = calls.getCouId(type, id); |
|
| 70 |
@ApiOperation(value = "subscribe") |
|
| 71 |
@RequestMapping(method = RequestMethod.POST, path = "/subscribe/{type}/{id}")
|
|
| 72 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or (hasRole(@Converter.convertRepoIdToRoleId(#repository.id)) or hasRole(@Converter.convertRepoIdToRoleId(returnObject.id)))")
|
|
| 73 |
// TODO: Perhaps less roles here |
|
| 74 |
public Response subscribe(@PathVariable("type") String type, @PathVariable("id") String id) {
|
|
| 75 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByIdentifier(); |
|
| 76 |
if (coPersonId == null) {
|
|
| 77 |
coPersonId = aaiRegistryService.getCoPersonIdByEmail(); |
|
| 78 |
} |
|
| 79 |
Integer couId = aaiRegistryService.getCouId(type, id); |
|
| 66 | 80 |
if (couId != null) {
|
| 67 |
Integer role = calls.getRoleId(coPersonId, couId);
|
|
| 68 |
calls.assignMemberRole(coPersonId, couId, role);
|
|
| 81 |
Integer role = aaiRegistryService.getRoleId(coPersonId, couId);
|
|
| 82 |
aaiRegistryService.assignMemberRole(coPersonId, couId, role);
|
|
| 69 | 83 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
| 70 | 84 |
// authoritiesUpdater.update(sendEmail(), old -> {
|
| 71 | 85 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
| 72 | 86 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
| 73 | 87 |
// return authorities; |
| 74 | 88 |
// }); |
| 75 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 89 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 76 | 90 |
} else {
|
| 77 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 91 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 78 | 92 |
} |
| 79 | 93 |
} |
| 80 | 94 |
|
| ... | ... | |
| 82 | 96 |
/** |
| 83 | 97 |
* Remove the member role from user with email for a type(Community, etc.) with id(ee, egi, etc.) |
| 84 | 98 |
*/ |
| 85 |
@Path("/{type}/{id}/member/{email}")
|
|
| 86 |
@DELETE |
|
| 87 |
@Produces(MediaType.APPLICATION_JSON) |
|
| 88 |
@Consumes(MediaType.APPLICATION_JSON) |
|
| 99 |
@ApiOperation(value = "Remove role from member") |
|
| 100 |
@RequestMapping(method = RequestMethod.DELETE, path = "/{type}/{id}/member/{email}")
|
|
| 89 | 101 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
| 90 |
public Response removeMemberRole(@PathParam("type") String type, @PathParam("id") String
|
|
| 91 |
id, @PathParam("email") String email) {
|
|
| 92 |
Integer coPersonId = calls.getCoPersonIdByEmail(email);
|
|
| 102 |
public Response removeMemberRole(@PathVariable("type") String type, @PathVariable("id") String
|
|
| 103 |
id, @PathVariable("email") String email) {
|
|
| 104 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email);
|
|
| 93 | 105 |
if (coPersonId != null) {
|
| 94 |
Integer couId = calls.getCouId(type, id);
|
|
| 106 |
Integer couId = aaiRegistryService.getCouId(type, id);
|
|
| 95 | 107 |
Integer role = null; |
| 96 | 108 |
if (couId != null) {
|
| 97 |
role = calls.getRoleId(coPersonId, couId);
|
|
| 109 |
role = aaiRegistryService.getRoleId(coPersonId, couId);
|
|
| 98 | 110 |
} |
| 99 | 111 |
if (couId != null && role != null) {
|
| 100 |
calls.removeMemberRole(coPersonId, couId, role);
|
|
| 112 |
aaiRegistryService.removeMemberRole(coPersonId, couId, role);
|
|
| 101 | 113 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
| 102 | 114 |
// authoritiesUpdater.update(email, old -> {
|
| 103 | 115 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
| 104 | 116 |
// authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
| 105 | 117 |
// return authorities; |
| 106 | 118 |
// }); |
| 107 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 119 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 108 | 120 |
} else {
|
| 109 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 121 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 110 | 122 |
} |
| 111 | 123 |
} else {
|
| 112 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("User has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 124 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("User has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 113 | 125 |
} |
| 114 | 126 |
} |
| 115 | 127 |
|
| 128 |
|
|
| 116 | 129 |
/** |
| 117 |
* Get all the users that have the role that is associated with repoId
|
|
| 130 |
* Subscribe to role-repo by his email
|
|
| 118 | 131 |
*/ |
| 119 |
@Path("/repo/{id}/all-users")
|
|
| 120 |
@GET |
|
| 121 |
@Produces(MediaType.APPLICATION_JSON) |
|
| 132 |
@RequestMapping(method = RequestMethod.POST, path = "/subscribe/repo-role/{id}")
|
|
| 122 | 133 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
| 123 |
public Response getAllUserOfARepo(@PathParam("id") String id) {
|
|
| 124 |
|
|
| 125 |
// find roleId by repoId |
|
| 126 |
String roleId = calls.getRoleIdByRepoId(id, "datasource"); |
|
| 127 |
|
|
| 128 |
// find couId by role name |
|
| 129 |
if (roleId != null) {
|
|
| 130 |
Integer couId = calls.getCouId("datasource", roleId);
|
|
| 134 |
public Response subscribeRoleByEmail(@PathVariable("id") String id, @RequestParam("email") String email) {
|
|
| 135 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
|
| 136 |
if (coPersonId != null) {
|
|
| 137 |
Integer couId = aaiRegistryService.getCouId("datasource", id);
|
|
| 131 | 138 |
if (couId != null) {
|
| 132 |
JsonArray users = calls.getUsersByCouId(couId); |
|
| 133 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse(users).toString()).type(MediaType.APPLICATION_JSON).build(); |
|
| 139 |
Integer role = aaiRegistryService.getRoleId(coPersonId, couId); |
|
| 140 |
aaiRegistryService.assignMemberRole(coPersonId, couId, role); |
|
| 141 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
| 142 |
// authoritiesUpdater.update(sendEmail(), old -> {
|
|
| 143 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
| 144 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member("datasource", id)));
|
|
| 145 |
// return authorities; |
|
| 146 |
// }); |
|
| 147 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 134 | 148 |
} else {
|
| 135 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 149 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 136 | 150 |
} |
| 151 |
} else {
|
|
| 152 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("User with this email has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 137 | 153 |
} |
| 138 | 154 |
|
| 139 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 155 |
|
|
| 140 | 156 |
} |
| 141 | 157 |
|
| 142 | 158 |
|
| 143 | 159 |
/** |
| 144 |
* Subscribe to role-repo by his email
|
|
| 160 |
* Get all the users that have the role that is associated with repoId
|
|
| 145 | 161 |
*/ |
| 146 |
@Path("/subscribe/repo-role/{id}/email/{email}")
|
|
| 147 |
@POST |
|
| 148 |
@Produces(MediaType.APPLICATION_JSON) |
|
| 162 |
@RequestMapping(method = RequestMethod.GET, path = "/repo/{id}/all-users")
|
|
| 149 | 163 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
| 150 |
public Response subscribeRoleByEmail(@PathParam("id") String id, @PathParam("email") String email) {
|
|
| 151 |
Integer coPersonId = calls.getCoPersonIdByEmail(email); |
|
| 152 |
if (coPersonId != null) {
|
|
| 153 |
String roleId = calls.getRoleIdByRepoId(id, "datasource"); |
|
| 154 |
if (roleId != null) {
|
|
| 155 |
Integer couId = calls.getCouId("datasource", roleId);
|
|
| 156 |
if (couId != null) {
|
|
| 157 |
Integer role = calls.getRoleId(coPersonId, couId); |
|
| 158 |
calls.assignMemberRole(coPersonId, couId, role); |
|
| 159 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
| 160 |
// authoritiesUpdater.update(sendEmail(), old -> {
|
|
| 161 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
| 162 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member("datasource", id)));
|
|
| 163 |
// return authorities; |
|
| 164 |
// }); |
|
| 165 |
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 166 |
} else {
|
|
| 167 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 168 |
} |
|
| 169 |
} else {
|
|
| 170 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 164 |
public ResponseEntity<List<String>> getAllUsersOfARepo(@PathVariable("id") String id) {
|
|
| 165 |
|
|
| 166 |
List<String> userList = new ArrayList<>(); |
|
| 167 |
|
|
| 168 |
// find couId by role name |
|
| 169 |
Integer couId = aaiRegistryService.getCouId("datasource", id);
|
|
| 170 |
if (couId != null) {
|
|
| 171 |
JsonArray users = aaiRegistryService.getUsersByCouId(couId); |
|
| 172 |
for (JsonElement jsonElement : users) {
|
|
| 173 |
userList.add(jsonElement.toString()); |
|
| 171 | 174 |
} |
| 172 |
} else {
|
|
| 173 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("User with this email has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
|
| 175 |
return ResponseEntity.ok(userList); |
|
| 174 | 176 |
} |
| 175 | 177 |
|
| 178 |
return new ResponseEntity<>(HttpStatus.NOT_FOUND); |
|
| 179 |
} |
|
| 180 |
///////////////////////////////////////////////////////////////////////////////////////////// |
|
| 181 |
///////////////////////////////////////////////////////////////////////////////////////////// |
|
| 176 | 182 |
|
| 183 |
@RequestMapping(method = RequestMethod.GET, path = "/users/couid/{id}")
|
|
| 184 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
| 185 |
public ResponseEntity<String> getUsersByCouId(@PathVariable("id") Integer id) {
|
|
| 186 |
// calls.getUserByCoId() |
|
| 187 |
return ResponseEntity.ok(aaiRegistryService.getUsersByCouId(id).toString()); |
|
| 177 | 188 |
} |
| 178 | 189 |
|
| 179 |
} |
|
| 190 |
|
|
| 191 |
@RequestMapping(method = RequestMethod.GET, path = "/user/roles") |
|
| 192 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
| 193 |
public ResponseEntity<List<String>> getRolesByEmail(@RequestParam("email") String email) {
|
|
| 194 |
int coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
|
| 195 |
List<String> list = new ArrayList<>(); |
|
| 196 |
for (JsonElement element : aaiRegistryService.getRoles(coPersonId)) {
|
|
| 197 |
list.add(element.toString()); |
|
| 198 |
} |
|
| 199 |
return ResponseEntity.ok(list); |
|
| 200 |
} |
|
| 201 |
|
|
| 202 |
} |
|
Also available in: Unified diff
1. fixed authorization in RepositoryController
2. created new methods and classes
3. made authorities mapping the same as with other openaire projects
4. refactoring