Revision 61329
Added by Konstantinos Spyrou almost 3 years ago
| modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/RepositoryServiceImpl.java | ||
|---|---|---|
| 13 | 13 |
import eu.dnetlib.repo.manager.domain.dto.Role; |
| 14 | 14 |
import eu.dnetlib.repo.manager.exception.ResourceNotFoundException; |
| 15 | 15 |
import eu.dnetlib.repo.manager.service.aai.registry.AaiRegistryService; |
| 16 |
import eu.dnetlib.repo.manager.service.security.AuthorizationService; |
|
| 16 |
import eu.dnetlib.repo.manager.service.security.AaiUserRoleService; |
|
| 17 |
import eu.dnetlib.repo.manager.service.security.AuthoritiesUpdater; |
|
| 17 | 18 |
import eu.dnetlib.repo.manager.utils.Converter; |
| 18 | 19 |
import gr.uoa.di.driver.enabling.vocabulary.VocabularyLoader; |
| 19 | 20 |
import org.apache.commons.codec.digest.DigestUtils; |
| ... | ... | |
| 24 | 25 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
| 25 | 26 |
import org.springframework.beans.factory.annotation.Autowired; |
| 26 | 27 |
import org.springframework.beans.factory.annotation.Value; |
| 28 |
import org.springframework.context.annotation.Lazy; |
|
| 27 | 29 |
import org.springframework.core.ParameterizedTypeReference; |
| 28 | 30 |
import org.springframework.http.*; |
| 29 | 31 |
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; |
| 30 | 32 |
import org.springframework.security.core.Authentication; |
| 33 |
import org.springframework.security.core.authority.SimpleGrantedAuthority; |
|
| 31 | 34 |
import org.springframework.security.core.context.SecurityContextHolder; |
| 32 | 35 |
import org.springframework.stereotype.Service; |
| 36 |
import org.springframework.web.client.HttpClientErrorException; |
|
| 33 | 37 |
import org.springframework.web.client.RestClientException; |
| 34 | 38 |
import org.springframework.web.client.RestTemplate; |
| 35 | 39 |
import org.springframework.web.util.UriComponents; |
| ... | ... | |
| 45 | 49 |
@Service("repositoryService")
|
| 46 | 50 |
public class RepositoryServiceImpl implements RepositoryService {
|
| 47 | 51 |
|
| 52 |
private static final Logger LOGGER = Logger.getLogger(RepositoryServiceImpl.class); |
|
| 53 |
|
|
| 54 |
private final AaiUserRoleService aaiUserRoleService; |
|
| 55 |
private final AaiRegistryService registryCalls; |
|
| 56 |
private final AuthoritiesUpdater authoritiesUpdater; |
|
| 57 |
private final RestTemplate restTemplate; |
|
| 58 |
private final VocabularyLoader vocabularyLoader; |
|
| 59 |
private final PiWikService piWikService; |
|
| 60 |
private final EmailUtils emailUtils; |
|
| 61 |
private final ValidatorService validatorService; |
|
| 62 |
|
|
| 48 | 63 |
@Value("${api.baseAddress}")
|
| 49 | 64 |
private String baseAddress; |
| 50 | 65 |
|
| 51 | 66 |
@Value("${services.repo-manager.adminEmail}")
|
| 52 | 67 |
private String adminEmail; |
| 53 | 68 |
|
| 54 |
@Autowired |
|
| 55 |
RestTemplate restTemplate; |
|
| 56 |
|
|
| 57 |
private HttpHeaders httpHeaders; |
|
| 58 |
|
|
| 59 |
private final String[] vocabularyNames = {"dnet:countries", "dnet:datasource_typologies", "dnet:compatibilityLevel"};
|
|
| 60 |
|
|
| 61 |
private static final Logger LOGGER = Logger.getLogger(RepositoryServiceImpl.class); |
|
| 62 |
|
|
| 63 | 69 |
@Value("${services.repomanager.usageStatisticsDiagramsBaseURL}")
|
| 64 | 70 |
private String usageStatisticsDiagramsBaseURL; |
| 65 | 71 |
|
| 66 | 72 |
@Value("${services.repomanager.usageStatisticsNumbersBaseURL}")
|
| 67 | 73 |
private String usageStatisticsNumbersBaseURL; |
| 68 | 74 |
|
| 69 |
@Autowired |
|
| 70 |
private VocabularyLoader vocabularyLoader; |
|
| 71 | 75 |
|
| 72 |
@Autowired
|
|
| 73 |
private PiWikService piWikService;
|
|
| 76 |
private static final Map<String, List<String>> dataSourceClass = new HashMap<>();
|
|
| 77 |
private static final Map<String, String> invertedDataSourceClass = new HashMap<>();
|
|
| 74 | 78 |
|
| 75 |
@Autowired |
|
| 76 |
private EmailUtils emailUtils; |
|
| 77 | 79 |
|
| 78 |
@Autowired |
|
| 79 |
ValidatorService validatorService; |
|
| 80 |
private final String[] vocabularyNames = {"dnet:countries", "dnet:datasource_typologies", "dnet:compatibilityLevel"};
|
|
| 81 |
private final Map<String, Vocabulary> vocabularyMap = new ConcurrentHashMap<>(); |
|
| 82 |
private final Map<String, String> countriesMap = new HashMap<>(); |
|
| 83 |
private final Map<String, String> inverseCountriesMap = new HashMap<>(); |
|
| 80 | 84 |
|
| 81 |
@Autowired |
|
| 82 |
private AaiRegistryService registryCalls; |
|
| 85 |
private HttpHeaders httpHeaders; |
|
| 83 | 86 |
|
| 84 |
// TODO: Antonis K. This should be uncommented |
|
| 85 |
// @Autowired |
|
| 86 |
// private AuthoritiesUpdater authoritiesUpdater; |
|
| 87 |
|
|
| 88 | 87 |
@Autowired |
| 89 |
private AuthorizationService authorizationService; |
|
| 88 |
public RepositoryServiceImpl(AaiUserRoleService aaiUserRoleService, |
|
| 89 |
AaiRegistryService registryCalls, |
|
| 90 |
AuthoritiesUpdater authoritiesUpdater, |
|
| 91 |
VocabularyLoader vocabularyLoader, EmailUtils emailUtils, |
|
| 92 |
RestTemplate restTemplate, |
|
| 93 |
@Lazy ValidatorService validatorService, |
|
| 94 |
@Lazy PiWikService piWikService) {
|
|
| 95 |
this.aaiUserRoleService = aaiUserRoleService; |
|
| 96 |
this.registryCalls = registryCalls; |
|
| 97 |
this.authoritiesUpdater = authoritiesUpdater; |
|
| 98 |
this.vocabularyLoader = vocabularyLoader; |
|
| 99 |
this.piWikService = piWikService; |
|
| 100 |
this.emailUtils = emailUtils; |
|
| 101 |
this.validatorService = validatorService; |
|
| 102 |
this.restTemplate = restTemplate; |
|
| 103 |
} |
|
| 90 | 104 |
|
| 91 |
|
|
| 92 |
private Map<String, Vocabulary> vocabularyMap = new ConcurrentHashMap<>(); |
|
| 93 |
|
|
| 94 |
private Map<String, String> countriesMap = new HashMap<>(); |
|
| 95 |
private Map<String, String> inverseCountriesMap = new HashMap<>(); |
|
| 96 |
|
|
| 97 |
private static Map<String, List<String>> dataSourceClass = new HashMap<>(); |
|
| 98 |
|
|
| 99 |
private static Map<String, String> invertedDataSourceClass = new HashMap<>(); |
|
| 100 |
|
|
| 101 | 105 |
private String sendEmail() {
|
| 102 | 106 |
OIDCAuthenticationToken authenticationToken = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); |
| 103 | 107 |
return authenticationToken.getUserInfo().getEmail(); |
| ... | ... | |
| 508 | 512 |
this.latentUpdate(repository, SecurityContextHolder.getContext().getAuthentication()); |
| 509 | 513 |
} |
| 510 | 514 |
|
| 511 |
// TODO: Antonis K. - Create new role ROLE_(datasource.datasourceId) and assign it to the user that created the folder (+ replace :: with $$)
|
|
| 512 |
// Create new role ( careful ... replace :: with $$ )
|
|
| 513 |
String newRoleName = repository.getId().replaceAll(":", "\\$");
|
|
| 514 |
String newRoleDescr = repository.getId().replaceAll(":", "\\$");
|
|
| 515 |
Role newRole = new Role(newRoleName, newRoleDescr);
|
|
| 515 |
// TODO: move the following code elsewhere (creation and assignment of role to user) ??
|
|
| 516 |
// Create new role |
|
| 517 |
String newRoleName = aaiUserRoleService.getRoleIdByRepoId(repository.getId());
|
|
| 518 |
Role newRole = new Role(newRoleName, repository.getOfficialName());
|
|
| 519 |
Integer couId = null;
|
|
| 516 | 520 |
try {
|
| 517 |
registryCalls.createRole(newRole); |
|
| 521 |
couId = registryCalls.createRole(newRole); |
|
| 522 |
} catch (HttpClientErrorException e) {
|
|
| 523 |
couId = registryCalls.getCouId(newRoleName); |
|
| 524 |
if (couId == null) {
|
|
| 525 |
LOGGER.error(String.format("Could not create role '%s'", newRoleName), e);
|
|
| 526 |
} |
|
| 518 | 527 |
} catch (Exception e) {
|
| 519 |
LOGGER.debug("Exception on create role during add repository", e);
|
|
| 528 |
LOGGER.error(String.format("Could not create role '%s'", newRoleName), e);
|
|
| 520 | 529 |
throw e; |
| 521 | 530 |
} |
| 522 | 531 |
|
| 523 | 532 |
// Assign new role to the user that created it |
| 524 | 533 |
Integer coPersonId = registryCalls.getCoPersonIdByIdentifier(); |
| 525 |
Integer couId = registryCalls.getCouId("datasource", newRoleName);
|
|
| 526 | 534 |
if (couId != null) {
|
| 527 | 535 |
Integer role = registryCalls.getRoleId(coPersonId, couId); |
| 528 | 536 |
try {
|
| 529 | 537 |
registryCalls.assignMemberRole(coPersonId, couId, role); |
| 530 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
| 531 |
// authoritiesUpdater.update(sendEmail(), old -> {
|
|
| 532 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
| 533 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member("datasource", newRoleName)));
|
|
| 534 |
// return authorities; |
|
| 535 |
// }); |
|
| 538 |
|
|
| 539 |
// Add role to current user authorities |
|
| 540 |
authoritiesUpdater.addRole(aaiUserRoleService.convertRepoIdToAuthority(repository.getId())); |
|
| 536 | 541 |
} catch (Exception e) {
|
| 537 | 542 |
LOGGER.debug("Exception on assign role to user during add repository", e);
|
| 538 | 543 |
throw e; |
| modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/security/AuthoritiesUpdater.java | ||
|---|---|---|
| 6 | 6 |
import org.springframework.security.core.Authentication; |
| 7 | 7 |
import org.springframework.security.core.GrantedAuthority; |
| 8 | 8 |
import org.springframework.security.core.context.SecurityContext; |
| 9 |
import org.springframework.security.core.context.SecurityContextHolder; |
|
| 10 |
import org.springframework.security.oauth2.common.exceptions.UnauthorizedClientException; |
|
| 9 | 11 |
import org.springframework.security.web.context.HttpSessionSecurityContextRepository; |
| 10 | 12 |
import org.springframework.session.ExpiringSession; |
| 11 | 13 |
import org.springframework.session.FindByIndexNameSessionRepository; |
| 12 | 14 |
import org.springframework.stereotype.Service; |
| 13 | 15 |
|
| 14 | 16 |
import java.util.Collection; |
| 17 |
import java.util.HashSet; |
|
| 15 | 18 |
import java.util.Map; |
| 16 | 19 |
|
| 17 | 20 |
|
| ... | ... | |
| 23 | 26 |
@Autowired |
| 24 | 27 |
FindByIndexNameSessionRepository sessions; |
| 25 | 28 |
|
| 26 |
public void update(String id, Update update) {
|
|
| 29 |
public void update(String id, Collection<? extends GrantedAuthority> authorities) {
|
|
| 27 | 30 |
if (sessions != null) {
|
| 28 | 31 |
Map<String, ExpiringSession> map = sessions. |
| 29 | 32 |
findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, id); |
| ... | ... | |
| 35 | 38 |
Authentication authentication = securityContext.getAuthentication(); |
| 36 | 39 |
if (authentication instanceof OIDCAuthenticationToken) {
|
| 37 | 40 |
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication; |
| 38 |
Collection<? extends GrantedAuthority> authorities = update.authorities(authentication.getAuthorities()); |
|
| 39 | 41 |
logger.debug(authorities); |
| 40 | 42 |
securityContext.setAuthentication(new OIDCAuthenticationToken(authOIDC.getSub(), authOIDC.getIssuer(), |
| 41 | 43 |
authOIDC.getUserInfo(), authorities, authOIDC.getIdToken(), |
| ... | ... | |
| 49 | 51 |
} |
| 50 | 52 |
} |
| 51 | 53 |
|
| 54 |
public void update(String id, Update update) {
|
|
| 55 |
Collection<? extends GrantedAuthority> authorities = update.authorities(SecurityContextHolder.getContext().getAuthentication().getAuthorities()); |
|
| 56 |
this.update(id, authorities); |
|
| 57 |
} |
|
| 58 |
|
|
| 59 |
public void addRole(GrantedAuthority role) {
|
|
| 60 |
Authentication auth = SecurityContextHolder.getContext().getAuthentication(); |
|
| 61 |
if (auth instanceof OIDCAuthenticationToken) {
|
|
| 62 |
OIDCAuthenticationToken oidcAuth = (OIDCAuthenticationToken) auth; |
|
| 63 |
this.update(oidcAuth.getUserInfo().getEmail(), old -> {
|
|
| 64 |
HashSet<GrantedAuthority> authorities = new HashSet<>(old); |
|
| 65 |
authorities.add(role); |
|
| 66 |
return authorities; |
|
| 67 |
}); |
|
| 68 |
} else {
|
|
| 69 |
throw new UnauthorizedClientException("User auth is not instance of OIDCAuthenticationToken");
|
|
| 70 |
} |
|
| 71 |
} |
|
| 72 |
|
|
| 73 |
public void removeRole(GrantedAuthority role) {
|
|
| 74 |
Authentication auth = SecurityContextHolder.getContext().getAuthentication(); |
|
| 75 |
if (auth instanceof OIDCAuthenticationToken) {
|
|
| 76 |
OIDCAuthenticationToken oidcAuth = (OIDCAuthenticationToken) auth; |
|
| 77 |
this.update(oidcAuth.getUserInfo().getEmail(), old -> {
|
|
| 78 |
HashSet<GrantedAuthority> authorities = new HashSet<>(old); |
|
| 79 |
authorities.remove(role); |
|
| 80 |
return authorities; |
|
| 81 |
}); |
|
| 82 |
} else {
|
|
| 83 |
throw new UnauthorizedClientException("User auth is not instance of OIDCAuthenticationToken");
|
|
| 84 |
} |
|
| 85 |
} |
|
| 86 |
|
|
| 52 | 87 |
public interface Update {
|
| 53 | 88 |
Collection<? extends GrantedAuthority> authorities(Collection<? extends GrantedAuthority> old); |
| 54 | 89 |
} |
| modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/security/AaiUserRoleService.java | ||
|---|---|---|
| 12 | 12 |
String getRepoNameWithoutType(String fullName, String prefix); |
| 13 | 13 |
|
| 14 | 14 |
/** |
| 15 |
* @param repoId |
|
| 16 |
* @param prefix |
|
| 17 |
* @return |
|
| 15 |
* @param repoId Repository Id |
|
| 16 |
* @return Converts {@param repoId} to a role Id.
|
|
| 18 | 17 |
*/ |
| 19 |
String getRoleIdByRepoId(String repoId, String prefix);
|
|
| 18 |
String getRoleIdByRepoId(String repoId); |
|
| 20 | 19 |
|
| 21 | 20 |
/** |
| 22 |
* @param repoId |
|
| 21 |
* @param repoId Repository Id
|
|
| 23 | 22 |
* @return |
| 24 | 23 |
*/ |
| 25 | 24 |
String convertRepoIdToAuthorityId(String repoId); |
| 26 | 25 |
|
| 27 | 26 |
/** |
| 28 |
* @param repoId |
|
| 29 |
* @return |
|
| 27 |
* @param repoId Repository Id |
|
| 28 |
* @return Converts {@param repoId} to {@link String} role id url encoded ($ -> %24)
|
|
| 29 |
* // TODO: remove role encoding and perform url decoding when mapping authorities. (Must be performed in all OpenAIRE projects because of Redis) |
|
| 30 | 30 |
*/ |
| 31 | 31 |
String convertRepoIdToEncodedAuthorityId(String repoId); |
| 32 | 32 |
|
| 33 | 33 |
/** |
| 34 |
* @param repoId |
|
| 35 |
* @return |
|
| 34 |
* @param repoId Repository Id |
|
| 35 |
* @return Converts {@param repoId} to {@link SimpleGrantedAuthority} with the role url encoded ($ -> %24)
|
|
| 36 |
* // TODO: remove role encoding and perform url decoding when mapping authorities. (Must be performed in all OpenAIRE projects because of Redis) |
|
| 36 | 37 |
*/ |
| 37 | 38 |
SimpleGrantedAuthority convertRepoIdToAuthority(String repoId); |
| 38 | 39 |
|
| 39 | 40 |
/** |
| 40 |
* @param repoId |
|
| 41 |
* @return |
|
| 41 |
* @param repoId Repository Id to check.
|
|
| 42 |
* @return Checks if a user is a member of a repository or not.
|
|
| 42 | 43 |
*/ |
| 43 | 44 |
boolean isMemberOf(String repoId); |
| 44 | 45 |
|
| modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/security/AaiUserRoleServiceImpl.java | ||
|---|---|---|
| 30 | 30 |
} |
| 31 | 31 |
|
| 32 | 32 |
@Override |
| 33 |
public String getRoleIdByRepoId(String repoId, String prefix) {
|
|
| 33 |
public String getRoleIdByRepoId(String repoId) {
|
|
| 34 | 34 |
String roleId = ""; |
| 35 |
if (repoId != null && prefix != null) {
|
|
| 35 |
String prefix = production ? null : "beta." + "datasource"; |
|
| 36 |
if (repoId != null) {
|
|
| 36 | 37 |
roleId = createRepoRoleName(prefix, repoId); |
| 37 | 38 |
return roleId; |
| 38 | 39 |
} else {
|
| ... | ... | |
| 62 | 63 |
@Override |
| 63 | 64 |
public SimpleGrantedAuthority convertRepoIdToAuthority(String repoId) {
|
| 64 | 65 |
String role = convertRepoIdToEncodedAuthorityId(repoId); |
| 65 |
if (role != null) {
|
|
| 66 |
role = URLEncoder.encode(role); |
|
| 67 |
} |
|
| 68 | 66 |
return new SimpleGrantedAuthority(role); |
| 69 | 67 |
} |
| 70 | 68 |
|
| modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/AaiUserRoleController.java | ||
|---|---|---|
| 4 | 4 |
import com.google.gson.JsonElement; |
| 5 | 5 |
import eu.dnetlib.repo.manager.domain.dto.Role; |
| 6 | 6 |
import eu.dnetlib.repo.manager.service.aai.registry.AaiRegistryService; |
| 7 |
import eu.dnetlib.repo.manager.service.security.AaiUserRoleService; |
|
| 8 |
import eu.dnetlib.repo.manager.service.security.AuthoritiesUpdater; |
|
| 7 | 9 |
import eu.dnetlib.repo.manager.utils.JsonUtils; |
| 8 | 10 |
import io.swagger.annotations.Api; |
| 9 | 11 |
import io.swagger.annotations.ApiOperation; |
| ... | ... | |
| 26 | 28 |
public class AaiUserRoleController {
|
| 27 | 29 |
|
| 28 | 30 |
private final AaiRegistryService aaiRegistryService; |
| 31 |
private final AuthoritiesUpdater authoritiesUpdater; |
|
| 32 |
private final AaiUserRoleService aaiUserRoleService; |
|
| 29 | 33 |
|
| 30 |
// TODO: Antonis K. This should be uncommented |
|
| 31 |
// @Autowired |
|
| 32 |
// private AuthoritiesUpdater authoritiesUpdater; |
|
| 33 |
// |
|
| 34 |
// @Autowired |
|
| 35 |
// private AuthorizationService authorizationService; |
|
| 36 |
|
|
| 37 | 34 |
@Autowired |
| 38 |
AaiUserRoleController(AaiRegistryService aaiRegistryService) {
|
|
| 35 |
AaiUserRoleController(AaiRegistryService aaiRegistryService, |
|
| 36 |
AuthoritiesUpdater authoritiesUpdater, |
|
| 37 |
AaiUserRoleService aaiUserRoleService) {
|
|
| 39 | 38 |
this.aaiRegistryService = aaiRegistryService; |
| 39 |
this.authoritiesUpdater = authoritiesUpdater; |
|
| 40 |
this.aaiUserRoleService = aaiUserRoleService; |
|
| 40 | 41 |
} |
| 41 | 42 |
|
| 42 | 43 |
private String sendEmail() {
|
| ... | ... | |
| 45 | 46 |
} |
| 46 | 47 |
|
| 47 | 48 |
/** |
| 48 |
* Create a new role with the given name and description.
|
|
| 49 |
* Get the role with the given name and description.
|
|
| 49 | 50 |
**/ |
| 50 | 51 |
@RequestMapping(method = RequestMethod.GET, path = "/role/id/get") |
| 51 |
// @PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
| 52 |
// @PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
| 52 | 53 |
public Response getRole(@RequestParam(value = "type", defaultValue = "datasource") String type, @RequestParam("id") String id) {
|
| 53 | 54 |
int roleId = aaiRegistryService.getCouId(type, id); |
| 54 | 55 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role id is: " + roleId).toString()).type(MediaType.APPLICATION_JSON).build();
|
| ... | ... | |
| 58 | 59 |
* Create a new role with the given name and description. |
| 59 | 60 |
**/ |
| 60 | 61 |
@RequestMapping(method = RequestMethod.POST, path = "/createRole") |
| 61 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
| 62 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN')")
|
|
| 62 | 63 |
public Response createRole(@RequestBody Role role) {
|
| 63 | 64 |
aaiRegistryService.createRole(role); |
| 64 | 65 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been created").toString()).type(MediaType.APPLICATION_JSON).build();
|
| ... | ... | |
| 69 | 70 |
*/ |
| 70 | 71 |
@ApiOperation(value = "subscribe") |
| 71 | 72 |
@RequestMapping(method = RequestMethod.POST, path = "/subscribe/{type}/{id}")
|
| 72 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or (hasRole(@Converter.convertRepoIdToRoleId(#repository.id)) or hasRole(@Converter.convertRepoIdToRoleId(returnObject.id)))")
|
|
| 73 |
// TODO: Perhaps less roles here |
|
| 73 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
| 74 | 74 |
public Response subscribe(@PathVariable("type") String type, @PathVariable("id") String id) {
|
| 75 | 75 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByIdentifier(); |
| 76 | 76 |
if (coPersonId == null) {
|
| ... | ... | |
| 80 | 80 |
if (couId != null) {
|
| 81 | 81 |
Integer role = aaiRegistryService.getRoleId(coPersonId, couId); |
| 82 | 82 |
aaiRegistryService.assignMemberRole(coPersonId, couId, role); |
| 83 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
| 84 |
// authoritiesUpdater.update(sendEmail(), old -> {
|
|
| 85 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
| 86 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
|
| 87 |
// return authorities; |
|
| 88 |
// }); |
|
| 83 |
|
|
| 84 |
// Add role to current user authorities |
|
| 85 |
authoritiesUpdater.addRole(aaiUserRoleService.convertRepoIdToAuthority(id)); |
|
| 86 |
|
|
| 89 | 87 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
|
| 90 | 88 |
} else {
|
| 91 | 89 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
| ... | ... | |
| 98 | 96 |
*/ |
| 99 | 97 |
@ApiOperation(value = "Remove role from member") |
| 100 | 98 |
@RequestMapping(method = RequestMethod.DELETE, path = "/{type}/{id}/member/{email}")
|
| 101 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
| 99 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // FIXME: ??
|
|
| 102 | 100 |
public Response removeMemberRole(@PathVariable("type") String type, @PathVariable("id") String
|
| 103 | 101 |
id, @PathVariable("email") String email) {
|
| 104 | 102 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
| ... | ... | |
| 110 | 108 |
} |
| 111 | 109 |
if (couId != null && role != null) {
|
| 112 | 110 |
aaiRegistryService.removeMemberRole(coPersonId, couId, role); |
| 113 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
| 114 |
// authoritiesUpdater.update(email, old -> {
|
|
| 115 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
| 116 |
// authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
|
| 117 |
// return authorities; |
|
| 118 |
// }); |
|
| 111 |
|
|
| 112 |
// Remove role from current user authorities |
|
| 113 |
authoritiesUpdater.removeRole(aaiUserRoleService.convertRepoIdToAuthority(id)); |
|
| 114 |
|
|
| 119 | 115 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build();
|
| 120 | 116 |
} else {
|
| 121 | 117 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
| ... | ... | |
| 130 | 126 |
* Subscribe to role-repo by his email |
| 131 | 127 |
*/ |
| 132 | 128 |
@RequestMapping(method = RequestMethod.POST, path = "/subscribe/repo-role/{id}")
|
| 133 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
| 129 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#id)")
|
|
| 134 | 130 |
public Response subscribeRoleByEmail(@PathVariable("id") String id, @RequestParam("email") String email) {
|
| 135 | 131 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
| 136 | 132 |
if (coPersonId != null) {
|
| ... | ... | |
| 138 | 134 |
if (couId != null) {
|
| 139 | 135 |
Integer role = aaiRegistryService.getRoleId(coPersonId, couId); |
| 140 | 136 |
aaiRegistryService.assignMemberRole(coPersonId, couId, role); |
| 141 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
| 142 |
// authoritiesUpdater.update(sendEmail(), old -> {
|
|
| 143 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
| 144 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member("datasource", id)));
|
|
| 145 |
// return authorities; |
|
| 146 |
// }); |
|
| 137 |
|
|
| 138 |
// Add role to current user authorities |
|
| 139 |
authoritiesUpdater.addRole(aaiUserRoleService.convertRepoIdToAuthority(id)); |
|
| 140 |
|
|
| 147 | 141 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
|
| 148 | 142 |
} else {
|
| 149 | 143 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
| ... | ... | |
| 160 | 154 |
* Get all the users that have the role that is associated with repoId |
| 161 | 155 |
*/ |
| 162 | 156 |
@RequestMapping(method = RequestMethod.GET, path = "/repo/{id}/all-users")
|
| 163 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
| 157 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // FIXME: ??
|
|
| 164 | 158 |
public ResponseEntity<List<String>> getAllUsersOfARepo(@PathVariable("id") String id) {
|
| 165 | 159 |
|
| 166 | 160 |
List<String> userList = new ArrayList<>(); |
| ... | ... | |
| 181 | 175 |
///////////////////////////////////////////////////////////////////////////////////////////// |
| 182 | 176 |
|
| 183 | 177 |
@RequestMapping(method = RequestMethod.GET, path = "/users/couid/{id}")
|
| 184 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
| 178 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
| 185 | 179 |
public ResponseEntity<String> getUsersByCouId(@PathVariable("id") Integer id) {
|
| 186 | 180 |
// calls.getUserByCoId() |
| 187 | 181 |
return ResponseEntity.ok(aaiRegistryService.getUsersByCouId(id).toString()); |
| ... | ... | |
| 189 | 183 |
|
| 190 | 184 |
|
| 191 | 185 |
@RequestMapping(method = RequestMethod.GET, path = "/user/roles") |
| 192 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
| 186 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or hasRole('ROLE_USER') and authentication.userInfo.email==#email")
|
|
| 193 | 187 |
public ResponseEntity<List<String>> getRolesByEmail(@RequestParam("email") String email) {
|
| 194 | 188 |
int coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
| 195 | 189 |
List<String> list = new ArrayList<>(); |
| modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java | ||
|---|---|---|
| 11 | 11 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
| 12 | 12 |
import org.springframework.beans.factory.annotation.Autowired; |
| 13 | 13 |
import org.springframework.http.MediaType; |
| 14 |
import org.springframework.security.access.prepost.PostAuthorize; |
|
| 14 | 15 |
import org.springframework.security.access.prepost.PreAuthorize; |
| 15 | 16 |
import org.springframework.security.core.Authentication; |
| 16 | 17 |
import org.springframework.security.core.context.SecurityContextHolder; |
| ... | ... | |
| 82 | 83 |
return repositoryService.searchRegisteredRepositories(country, typology, englishName, officialName, requestSortBy, order, page, pageSize); |
| 83 | 84 |
} |
| 84 | 85 |
|
| 85 |
// TODO: Antonis K - Replace here the registeredBy |
|
| 86 | 86 |
|
| 87 | 87 |
@RequestMapping(value = "/getRepositoryById/{id}", method = RequestMethod.GET,
|
| 88 | 88 |
produces = MediaType.APPLICATION_JSON_VALUE) |
| 89 | 89 |
@ResponseBody |
| 90 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#id)")
|
|
| 90 |
@PostAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#id) or (returnObject.registeredBy=='null' and hasRole('ROLE_USER'))")
|
|
| 91 | 91 |
public Repository getRepositoryById(@PathVariable("id") String id) throws JSONException, ResourceNotFoundException {
|
| 92 | 92 |
Repository repo = repositoryService.getRepositoryById(id); |
| 93 | 93 |
|
| ... | ... | |
| 137 | 137 |
public Repository addRepository(@RequestParam("datatype") String datatype,
|
| 138 | 138 |
@RequestBody Repository repository) throws Exception {
|
| 139 | 139 |
|
| 140 |
// TODO: |
|
| 141 |
// 1) add repository |
|
| 142 |
// 2) get repository id and create new role |
|
| 143 |
// 3) assign new role to authenticated user |
|
| 144 | 140 |
return repositoryService.addRepository(datatype, repository); |
| 145 | 141 |
} |
| 146 | 142 |
|
| modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/PiWikController.java | ||
|---|---|---|
| 6 | 6 |
import eu.dnetlib.repo.manager.domain.Paging; |
| 7 | 7 |
import eu.dnetlib.repo.manager.domain.RepositoryServiceException; |
| 8 | 8 |
import eu.dnetlib.repo.manager.service.PiWikServiceImpl; |
| 9 |
import eu.dnetlib.repo.manager.service.RepositoryService; |
|
| 10 | 9 |
import io.swagger.annotations.Api; |
| 11 | 10 |
import io.swagger.annotations.ApiImplicitParam; |
| 12 | 11 |
import io.swagger.annotations.ApiImplicitParams; |
| ... | ... | |
| 40 | 39 |
@Autowired |
| 41 | 40 |
private PiWikServiceImpl piWikService; |
| 42 | 41 |
|
| 43 |
@Autowired |
|
| 44 |
private RepositoryService repositoryService; |
|
| 45 | 42 |
|
| 46 |
// TODO: Antonis K. - replace here the registeredBy |
|
| 47 |
|
|
| 48 | 43 |
@RequestMapping(value = "/getPiwikSiteForRepo/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE)
|
| 49 | 44 |
@ResponseBody |
| 50 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repositoryId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repositoryId).registeredBy=='null') and hasRole('ROLE_USER'))")
|
|
| 45 |
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))")
|
|
| 51 | 46 |
public PiwikInfo getPiwikSiteForRepo(@PathVariable("repositoryId") String repositoryId) {
|
| 52 | 47 |
return piWikService.getPiwikSiteForRepo(repositoryId); |
| 53 | 48 |
} |
| 54 | 49 |
|
| 55 | 50 |
@RequestMapping(value = "/savePiwikInfo" , method = RequestMethod.POST,produces = MediaType.APPLICATION_JSON_VALUE) |
| 56 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy=='null') and hasRole('ROLE_USER'))")
|
|
| 51 |
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#piwikInfo.repositoryId) or (@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))")
|
|
| 57 | 52 |
public PiwikInfo savePiwikInfo(@RequestBody PiwikInfo piwikInfo) {
|
| 58 | 53 |
return piWikService.savePiwikInfo(piwikInfo); |
| 59 | 54 |
} |
| ... | ... | |
| 162 | 157 |
|
| 163 | 158 |
@RequestMapping(value = "/getOpenaireId/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE)
|
| 164 | 159 |
@ResponseBody |
| 165 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repositoryId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repositoryId).registeredBy=='null') and hasRole('ROLE_USER'))")
|
|
| 160 |
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))")
|
|
| 166 | 161 |
public String getOpenaireId(@PathVariable("repositoryId") String repositoryId){
|
| 167 | 162 |
return piWikService.getOpenaireId(repositoryId); |
| 168 | 163 |
} |
| modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/webapp/WEB-INF/spring-servlet.xml | ||
|---|---|---|
| 5 | 5 |
xmlns:context="http://www.springframework.org/schema/context" |
| 6 | 6 |
xmlns:security="http://www.springframework.org/schema/security" |
| 7 | 7 |
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd |
| 8 |
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
|
|
| 8 |
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
|
|
| 9 | 9 |
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd |
| 10 | 10 |
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd" |
| 11 | 11 |
> |
Also available in: Unified diff
1. update user authorities when adding/removing repositories
2. fixed some authorization expressions
3. refactoring