Revision 61329
Added by Konstantinos Spyrou almost 3 years ago
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/RepositoryServiceImpl.java | ||
---|---|---|
13 | 13 |
import eu.dnetlib.repo.manager.domain.dto.Role; |
14 | 14 |
import eu.dnetlib.repo.manager.exception.ResourceNotFoundException; |
15 | 15 |
import eu.dnetlib.repo.manager.service.aai.registry.AaiRegistryService; |
16 |
import eu.dnetlib.repo.manager.service.security.AuthorizationService; |
|
16 |
import eu.dnetlib.repo.manager.service.security.AaiUserRoleService; |
|
17 |
import eu.dnetlib.repo.manager.service.security.AuthoritiesUpdater; |
|
17 | 18 |
import eu.dnetlib.repo.manager.utils.Converter; |
18 | 19 |
import gr.uoa.di.driver.enabling.vocabulary.VocabularyLoader; |
19 | 20 |
import org.apache.commons.codec.digest.DigestUtils; |
... | ... | |
24 | 25 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
25 | 26 |
import org.springframework.beans.factory.annotation.Autowired; |
26 | 27 |
import org.springframework.beans.factory.annotation.Value; |
28 |
import org.springframework.context.annotation.Lazy; |
|
27 | 29 |
import org.springframework.core.ParameterizedTypeReference; |
28 | 30 |
import org.springframework.http.*; |
29 | 31 |
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; |
30 | 32 |
import org.springframework.security.core.Authentication; |
33 |
import org.springframework.security.core.authority.SimpleGrantedAuthority; |
|
31 | 34 |
import org.springframework.security.core.context.SecurityContextHolder; |
32 | 35 |
import org.springframework.stereotype.Service; |
36 |
import org.springframework.web.client.HttpClientErrorException; |
|
33 | 37 |
import org.springframework.web.client.RestClientException; |
34 | 38 |
import org.springframework.web.client.RestTemplate; |
35 | 39 |
import org.springframework.web.util.UriComponents; |
... | ... | |
45 | 49 |
@Service("repositoryService") |
46 | 50 |
public class RepositoryServiceImpl implements RepositoryService { |
47 | 51 |
|
52 |
private static final Logger LOGGER = Logger.getLogger(RepositoryServiceImpl.class); |
|
53 |
|
|
54 |
private final AaiUserRoleService aaiUserRoleService; |
|
55 |
private final AaiRegistryService registryCalls; |
|
56 |
private final AuthoritiesUpdater authoritiesUpdater; |
|
57 |
private final RestTemplate restTemplate; |
|
58 |
private final VocabularyLoader vocabularyLoader; |
|
59 |
private final PiWikService piWikService; |
|
60 |
private final EmailUtils emailUtils; |
|
61 |
private final ValidatorService validatorService; |
|
62 |
|
|
48 | 63 |
@Value("${api.baseAddress}") |
49 | 64 |
private String baseAddress; |
50 | 65 |
|
51 | 66 |
@Value("${services.repo-manager.adminEmail}") |
52 | 67 |
private String adminEmail; |
53 | 68 |
|
54 |
@Autowired |
|
55 |
RestTemplate restTemplate; |
|
56 |
|
|
57 |
private HttpHeaders httpHeaders; |
|
58 |
|
|
59 |
private final String[] vocabularyNames = {"dnet:countries", "dnet:datasource_typologies", "dnet:compatibilityLevel"}; |
|
60 |
|
|
61 |
private static final Logger LOGGER = Logger.getLogger(RepositoryServiceImpl.class); |
|
62 |
|
|
63 | 69 |
@Value("${services.repomanager.usageStatisticsDiagramsBaseURL}") |
64 | 70 |
private String usageStatisticsDiagramsBaseURL; |
65 | 71 |
|
66 | 72 |
@Value("${services.repomanager.usageStatisticsNumbersBaseURL}") |
67 | 73 |
private String usageStatisticsNumbersBaseURL; |
68 | 74 |
|
69 |
@Autowired |
|
70 |
private VocabularyLoader vocabularyLoader; |
|
71 | 75 |
|
72 |
@Autowired
|
|
73 |
private PiWikService piWikService;
|
|
76 |
private static final Map<String, List<String>> dataSourceClass = new HashMap<>();
|
|
77 |
private static final Map<String, String> invertedDataSourceClass = new HashMap<>();
|
|
74 | 78 |
|
75 |
@Autowired |
|
76 |
private EmailUtils emailUtils; |
|
77 | 79 |
|
78 |
@Autowired |
|
79 |
ValidatorService validatorService; |
|
80 |
private final String[] vocabularyNames = {"dnet:countries", "dnet:datasource_typologies", "dnet:compatibilityLevel"}; |
|
81 |
private final Map<String, Vocabulary> vocabularyMap = new ConcurrentHashMap<>(); |
|
82 |
private final Map<String, String> countriesMap = new HashMap<>(); |
|
83 |
private final Map<String, String> inverseCountriesMap = new HashMap<>(); |
|
80 | 84 |
|
81 |
@Autowired |
|
82 |
private AaiRegistryService registryCalls; |
|
85 |
private HttpHeaders httpHeaders; |
|
83 | 86 |
|
84 |
// TODO: Antonis K. This should be uncommented |
|
85 |
// @Autowired |
|
86 |
// private AuthoritiesUpdater authoritiesUpdater; |
|
87 |
|
|
88 | 87 |
@Autowired |
89 |
private AuthorizationService authorizationService; |
|
88 |
public RepositoryServiceImpl(AaiUserRoleService aaiUserRoleService, |
|
89 |
AaiRegistryService registryCalls, |
|
90 |
AuthoritiesUpdater authoritiesUpdater, |
|
91 |
VocabularyLoader vocabularyLoader, EmailUtils emailUtils, |
|
92 |
RestTemplate restTemplate, |
|
93 |
@Lazy ValidatorService validatorService, |
|
94 |
@Lazy PiWikService piWikService) { |
|
95 |
this.aaiUserRoleService = aaiUserRoleService; |
|
96 |
this.registryCalls = registryCalls; |
|
97 |
this.authoritiesUpdater = authoritiesUpdater; |
|
98 |
this.vocabularyLoader = vocabularyLoader; |
|
99 |
this.piWikService = piWikService; |
|
100 |
this.emailUtils = emailUtils; |
|
101 |
this.validatorService = validatorService; |
|
102 |
this.restTemplate = restTemplate; |
|
103 |
} |
|
90 | 104 |
|
91 |
|
|
92 |
private Map<String, Vocabulary> vocabularyMap = new ConcurrentHashMap<>(); |
|
93 |
|
|
94 |
private Map<String, String> countriesMap = new HashMap<>(); |
|
95 |
private Map<String, String> inverseCountriesMap = new HashMap<>(); |
|
96 |
|
|
97 |
private static Map<String, List<String>> dataSourceClass = new HashMap<>(); |
|
98 |
|
|
99 |
private static Map<String, String> invertedDataSourceClass = new HashMap<>(); |
|
100 |
|
|
101 | 105 |
private String sendEmail() { |
102 | 106 |
OIDCAuthenticationToken authenticationToken = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); |
103 | 107 |
return authenticationToken.getUserInfo().getEmail(); |
... | ... | |
508 | 512 |
this.latentUpdate(repository, SecurityContextHolder.getContext().getAuthentication()); |
509 | 513 |
} |
510 | 514 |
|
511 |
// TODO: Antonis K. - Create new role ROLE_(datasource.datasourceId) and assign it to the user that created the folder (+ replace :: with $$)
|
|
512 |
// Create new role ( careful ... replace :: with $$ )
|
|
513 |
String newRoleName = repository.getId().replaceAll(":", "\\$");
|
|
514 |
String newRoleDescr = repository.getId().replaceAll(":", "\\$");
|
|
515 |
Role newRole = new Role(newRoleName, newRoleDescr);
|
|
515 |
// TODO: move the following code elsewhere (creation and assignment of role to user) ??
|
|
516 |
// Create new role |
|
517 |
String newRoleName = aaiUserRoleService.getRoleIdByRepoId(repository.getId());
|
|
518 |
Role newRole = new Role(newRoleName, repository.getOfficialName());
|
|
519 |
Integer couId = null;
|
|
516 | 520 |
try { |
517 |
registryCalls.createRole(newRole); |
|
521 |
couId = registryCalls.createRole(newRole); |
|
522 |
} catch (HttpClientErrorException e) { |
|
523 |
couId = registryCalls.getCouId(newRoleName); |
|
524 |
if (couId == null) { |
|
525 |
LOGGER.error(String.format("Could not create role '%s'", newRoleName), e); |
|
526 |
} |
|
518 | 527 |
} catch (Exception e) { |
519 |
LOGGER.debug("Exception on create role during add repository", e);
|
|
528 |
LOGGER.error(String.format("Could not create role '%s'", newRoleName), e);
|
|
520 | 529 |
throw e; |
521 | 530 |
} |
522 | 531 |
|
523 | 532 |
// Assign new role to the user that created it |
524 | 533 |
Integer coPersonId = registryCalls.getCoPersonIdByIdentifier(); |
525 |
Integer couId = registryCalls.getCouId("datasource", newRoleName); |
|
526 | 534 |
if (couId != null) { |
527 | 535 |
Integer role = registryCalls.getRoleId(coPersonId, couId); |
528 | 536 |
try { |
529 | 537 |
registryCalls.assignMemberRole(coPersonId, couId, role); |
530 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
531 |
// authoritiesUpdater.update(sendEmail(), old -> { |
|
532 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
533 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member("datasource", newRoleName))); |
|
534 |
// return authorities; |
|
535 |
// }); |
|
538 |
|
|
539 |
// Add role to current user authorities |
|
540 |
authoritiesUpdater.addRole(aaiUserRoleService.convertRepoIdToAuthority(repository.getId())); |
|
536 | 541 |
} catch (Exception e) { |
537 | 542 |
LOGGER.debug("Exception on assign role to user during add repository", e); |
538 | 543 |
throw e; |
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/security/AuthoritiesUpdater.java | ||
---|---|---|
6 | 6 |
import org.springframework.security.core.Authentication; |
7 | 7 |
import org.springframework.security.core.GrantedAuthority; |
8 | 8 |
import org.springframework.security.core.context.SecurityContext; |
9 |
import org.springframework.security.core.context.SecurityContextHolder; |
|
10 |
import org.springframework.security.oauth2.common.exceptions.UnauthorizedClientException; |
|
9 | 11 |
import org.springframework.security.web.context.HttpSessionSecurityContextRepository; |
10 | 12 |
import org.springframework.session.ExpiringSession; |
11 | 13 |
import org.springframework.session.FindByIndexNameSessionRepository; |
12 | 14 |
import org.springframework.stereotype.Service; |
13 | 15 |
|
14 | 16 |
import java.util.Collection; |
17 |
import java.util.HashSet; |
|
15 | 18 |
import java.util.Map; |
16 | 19 |
|
17 | 20 |
|
... | ... | |
23 | 26 |
@Autowired |
24 | 27 |
FindByIndexNameSessionRepository sessions; |
25 | 28 |
|
26 |
public void update(String id, Update update) {
|
|
29 |
public void update(String id, Collection<? extends GrantedAuthority> authorities) {
|
|
27 | 30 |
if (sessions != null) { |
28 | 31 |
Map<String, ExpiringSession> map = sessions. |
29 | 32 |
findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, id); |
... | ... | |
35 | 38 |
Authentication authentication = securityContext.getAuthentication(); |
36 | 39 |
if (authentication instanceof OIDCAuthenticationToken) { |
37 | 40 |
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication; |
38 |
Collection<? extends GrantedAuthority> authorities = update.authorities(authentication.getAuthorities()); |
|
39 | 41 |
logger.debug(authorities); |
40 | 42 |
securityContext.setAuthentication(new OIDCAuthenticationToken(authOIDC.getSub(), authOIDC.getIssuer(), |
41 | 43 |
authOIDC.getUserInfo(), authorities, authOIDC.getIdToken(), |
... | ... | |
49 | 51 |
} |
50 | 52 |
} |
51 | 53 |
|
54 |
public void update(String id, Update update) { |
|
55 |
Collection<? extends GrantedAuthority> authorities = update.authorities(SecurityContextHolder.getContext().getAuthentication().getAuthorities()); |
|
56 |
this.update(id, authorities); |
|
57 |
} |
|
58 |
|
|
59 |
public void addRole(GrantedAuthority role) { |
|
60 |
Authentication auth = SecurityContextHolder.getContext().getAuthentication(); |
|
61 |
if (auth instanceof OIDCAuthenticationToken) { |
|
62 |
OIDCAuthenticationToken oidcAuth = (OIDCAuthenticationToken) auth; |
|
63 |
this.update(oidcAuth.getUserInfo().getEmail(), old -> { |
|
64 |
HashSet<GrantedAuthority> authorities = new HashSet<>(old); |
|
65 |
authorities.add(role); |
|
66 |
return authorities; |
|
67 |
}); |
|
68 |
} else { |
|
69 |
throw new UnauthorizedClientException("User auth is not instance of OIDCAuthenticationToken"); |
|
70 |
} |
|
71 |
} |
|
72 |
|
|
73 |
public void removeRole(GrantedAuthority role) { |
|
74 |
Authentication auth = SecurityContextHolder.getContext().getAuthentication(); |
|
75 |
if (auth instanceof OIDCAuthenticationToken) { |
|
76 |
OIDCAuthenticationToken oidcAuth = (OIDCAuthenticationToken) auth; |
|
77 |
this.update(oidcAuth.getUserInfo().getEmail(), old -> { |
|
78 |
HashSet<GrantedAuthority> authorities = new HashSet<>(old); |
|
79 |
authorities.remove(role); |
|
80 |
return authorities; |
|
81 |
}); |
|
82 |
} else { |
|
83 |
throw new UnauthorizedClientException("User auth is not instance of OIDCAuthenticationToken"); |
|
84 |
} |
|
85 |
} |
|
86 |
|
|
52 | 87 |
public interface Update { |
53 | 88 |
Collection<? extends GrantedAuthority> authorities(Collection<? extends GrantedAuthority> old); |
54 | 89 |
} |
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/security/AaiUserRoleService.java | ||
---|---|---|
12 | 12 |
String getRepoNameWithoutType(String fullName, String prefix); |
13 | 13 |
|
14 | 14 |
/** |
15 |
* @param repoId |
|
16 |
* @param prefix |
|
17 |
* @return |
|
15 |
* @param repoId Repository Id |
|
16 |
* @return Converts {@param repoId} to a role Id. |
|
18 | 17 |
*/ |
19 |
String getRoleIdByRepoId(String repoId, String prefix);
|
|
18 |
String getRoleIdByRepoId(String repoId); |
|
20 | 19 |
|
21 | 20 |
/** |
22 |
* @param repoId |
|
21 |
* @param repoId Repository Id
|
|
23 | 22 |
* @return |
24 | 23 |
*/ |
25 | 24 |
String convertRepoIdToAuthorityId(String repoId); |
26 | 25 |
|
27 | 26 |
/** |
28 |
* @param repoId |
|
29 |
* @return |
|
27 |
* @param repoId Repository Id |
|
28 |
* @return Converts {@param repoId} to {@link String} role id url encoded ($ -> %24) |
|
29 |
* // TODO: remove role encoding and perform url decoding when mapping authorities. (Must be performed in all OpenAIRE projects because of Redis) |
|
30 | 30 |
*/ |
31 | 31 |
String convertRepoIdToEncodedAuthorityId(String repoId); |
32 | 32 |
|
33 | 33 |
/** |
34 |
* @param repoId |
|
35 |
* @return |
|
34 |
* @param repoId Repository Id |
|
35 |
* @return Converts {@param repoId} to {@link SimpleGrantedAuthority} with the role url encoded ($ -> %24) |
|
36 |
* // TODO: remove role encoding and perform url decoding when mapping authorities. (Must be performed in all OpenAIRE projects because of Redis) |
|
36 | 37 |
*/ |
37 | 38 |
SimpleGrantedAuthority convertRepoIdToAuthority(String repoId); |
38 | 39 |
|
39 | 40 |
/** |
40 |
* @param repoId |
|
41 |
* @return |
|
41 |
* @param repoId Repository Id to check.
|
|
42 |
* @return Checks if a user is a member of a repository or not.
|
|
42 | 43 |
*/ |
43 | 44 |
boolean isMemberOf(String repoId); |
44 | 45 |
|
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/security/AaiUserRoleServiceImpl.java | ||
---|---|---|
30 | 30 |
} |
31 | 31 |
|
32 | 32 |
@Override |
33 |
public String getRoleIdByRepoId(String repoId, String prefix) {
|
|
33 |
public String getRoleIdByRepoId(String repoId) { |
|
34 | 34 |
String roleId = ""; |
35 |
if (repoId != null && prefix != null) { |
|
35 |
String prefix = production ? null : "beta." + "datasource"; |
|
36 |
if (repoId != null) { |
|
36 | 37 |
roleId = createRepoRoleName(prefix, repoId); |
37 | 38 |
return roleId; |
38 | 39 |
} else { |
... | ... | |
62 | 63 |
@Override |
63 | 64 |
public SimpleGrantedAuthority convertRepoIdToAuthority(String repoId) { |
64 | 65 |
String role = convertRepoIdToEncodedAuthorityId(repoId); |
65 |
if (role != null) { |
|
66 |
role = URLEncoder.encode(role); |
|
67 |
} |
|
68 | 66 |
return new SimpleGrantedAuthority(role); |
69 | 67 |
} |
70 | 68 |
|
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/AaiUserRoleController.java | ||
---|---|---|
4 | 4 |
import com.google.gson.JsonElement; |
5 | 5 |
import eu.dnetlib.repo.manager.domain.dto.Role; |
6 | 6 |
import eu.dnetlib.repo.manager.service.aai.registry.AaiRegistryService; |
7 |
import eu.dnetlib.repo.manager.service.security.AaiUserRoleService; |
|
8 |
import eu.dnetlib.repo.manager.service.security.AuthoritiesUpdater; |
|
7 | 9 |
import eu.dnetlib.repo.manager.utils.JsonUtils; |
8 | 10 |
import io.swagger.annotations.Api; |
9 | 11 |
import io.swagger.annotations.ApiOperation; |
... | ... | |
26 | 28 |
public class AaiUserRoleController { |
27 | 29 |
|
28 | 30 |
private final AaiRegistryService aaiRegistryService; |
31 |
private final AuthoritiesUpdater authoritiesUpdater; |
|
32 |
private final AaiUserRoleService aaiUserRoleService; |
|
29 | 33 |
|
30 |
// TODO: Antonis K. This should be uncommented |
|
31 |
// @Autowired |
|
32 |
// private AuthoritiesUpdater authoritiesUpdater; |
|
33 |
// |
|
34 |
// @Autowired |
|
35 |
// private AuthorizationService authorizationService; |
|
36 |
|
|
37 | 34 |
@Autowired |
38 |
AaiUserRoleController(AaiRegistryService aaiRegistryService) { |
|
35 |
AaiUserRoleController(AaiRegistryService aaiRegistryService, |
|
36 |
AuthoritiesUpdater authoritiesUpdater, |
|
37 |
AaiUserRoleService aaiUserRoleService) { |
|
39 | 38 |
this.aaiRegistryService = aaiRegistryService; |
39 |
this.authoritiesUpdater = authoritiesUpdater; |
|
40 |
this.aaiUserRoleService = aaiUserRoleService; |
|
40 | 41 |
} |
41 | 42 |
|
42 | 43 |
private String sendEmail() { |
... | ... | |
45 | 46 |
} |
46 | 47 |
|
47 | 48 |
/** |
48 |
* Create a new role with the given name and description.
|
|
49 |
* Get the role with the given name and description.
|
|
49 | 50 |
**/ |
50 | 51 |
@RequestMapping(method = RequestMethod.GET, path = "/role/id/get") |
51 |
// @PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
52 |
// @PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") |
|
52 | 53 |
public Response getRole(@RequestParam(value = "type", defaultValue = "datasource") String type, @RequestParam("id") String id) { |
53 | 54 |
int roleId = aaiRegistryService.getCouId(type, id); |
54 | 55 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role id is: " + roleId).toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
58 | 59 |
* Create a new role with the given name and description. |
59 | 60 |
**/ |
60 | 61 |
@RequestMapping(method = RequestMethod.POST, path = "/createRole") |
61 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
62 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN')")
|
|
62 | 63 |
public Response createRole(@RequestBody Role role) { |
63 | 64 |
aaiRegistryService.createRole(role); |
64 | 65 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been created").toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
69 | 70 |
*/ |
70 | 71 |
@ApiOperation(value = "subscribe") |
71 | 72 |
@RequestMapping(method = RequestMethod.POST, path = "/subscribe/{type}/{id}") |
72 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or (hasRole(@Converter.convertRepoIdToRoleId(#repository.id)) or hasRole(@Converter.convertRepoIdToRoleId(returnObject.id)))") |
|
73 |
// TODO: Perhaps less roles here |
|
73 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") |
|
74 | 74 |
public Response subscribe(@PathVariable("type") String type, @PathVariable("id") String id) { |
75 | 75 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByIdentifier(); |
76 | 76 |
if (coPersonId == null) { |
... | ... | |
80 | 80 |
if (couId != null) { |
81 | 81 |
Integer role = aaiRegistryService.getRoleId(coPersonId, couId); |
82 | 82 |
aaiRegistryService.assignMemberRole(coPersonId, couId, role); |
83 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
84 |
// authoritiesUpdater.update(sendEmail(), old -> { |
|
85 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
86 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
|
87 |
// return authorities; |
|
88 |
// }); |
|
83 |
|
|
84 |
// Add role to current user authorities |
|
85 |
authoritiesUpdater.addRole(aaiUserRoleService.convertRepoIdToAuthority(id)); |
|
86 |
|
|
89 | 87 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build(); |
90 | 88 |
} else { |
91 | 89 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
98 | 96 |
*/ |
99 | 97 |
@ApiOperation(value = "Remove role from member") |
100 | 98 |
@RequestMapping(method = RequestMethod.DELETE, path = "/{type}/{id}/member/{email}") |
101 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
99 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // FIXME: ??
|
|
102 | 100 |
public Response removeMemberRole(@PathVariable("type") String type, @PathVariable("id") String |
103 | 101 |
id, @PathVariable("email") String email) { |
104 | 102 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
... | ... | |
110 | 108 |
} |
111 | 109 |
if (couId != null && role != null) { |
112 | 110 |
aaiRegistryService.removeMemberRole(coPersonId, couId, role); |
113 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
114 |
// authoritiesUpdater.update(email, old -> { |
|
115 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
116 |
// authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
|
117 |
// return authorities; |
|
118 |
// }); |
|
111 |
|
|
112 |
// Remove role from current user authorities |
|
113 |
authoritiesUpdater.removeRole(aaiUserRoleService.convertRepoIdToAuthority(id)); |
|
114 |
|
|
119 | 115 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build(); |
120 | 116 |
} else { |
121 | 117 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
130 | 126 |
* Subscribe to role-repo by his email |
131 | 127 |
*/ |
132 | 128 |
@RequestMapping(method = RequestMethod.POST, path = "/subscribe/repo-role/{id}") |
133 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
129 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#id)")
|
|
134 | 130 |
public Response subscribeRoleByEmail(@PathVariable("id") String id, @RequestParam("email") String email) { |
135 | 131 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
136 | 132 |
if (coPersonId != null) { |
... | ... | |
138 | 134 |
if (couId != null) { |
139 | 135 |
Integer role = aaiRegistryService.getRoleId(coPersonId, couId); |
140 | 136 |
aaiRegistryService.assignMemberRole(coPersonId, couId, role); |
141 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
142 |
// authoritiesUpdater.update(sendEmail(), old -> { |
|
143 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
144 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member("datasource", id))); |
|
145 |
// return authorities; |
|
146 |
// }); |
|
137 |
|
|
138 |
// Add role to current user authorities |
|
139 |
authoritiesUpdater.addRole(aaiUserRoleService.convertRepoIdToAuthority(id)); |
|
140 |
|
|
147 | 141 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build(); |
148 | 142 |
} else { |
149 | 143 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
160 | 154 |
* Get all the users that have the role that is associated with repoId |
161 | 155 |
*/ |
162 | 156 |
@RequestMapping(method = RequestMethod.GET, path = "/repo/{id}/all-users") |
163 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
157 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // FIXME: ??
|
|
164 | 158 |
public ResponseEntity<List<String>> getAllUsersOfARepo(@PathVariable("id") String id) { |
165 | 159 |
|
166 | 160 |
List<String> userList = new ArrayList<>(); |
... | ... | |
181 | 175 |
///////////////////////////////////////////////////////////////////////////////////////////// |
182 | 176 |
|
183 | 177 |
@RequestMapping(method = RequestMethod.GET, path = "/users/couid/{id}") |
184 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
178 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") |
|
185 | 179 |
public ResponseEntity<String> getUsersByCouId(@PathVariable("id") Integer id) { |
186 | 180 |
// calls.getUserByCoId() |
187 | 181 |
return ResponseEntity.ok(aaiRegistryService.getUsersByCouId(id).toString()); |
... | ... | |
189 | 183 |
|
190 | 184 |
|
191 | 185 |
@RequestMapping(method = RequestMethod.GET, path = "/user/roles") |
192 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
186 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or hasRole('ROLE_USER') and authentication.userInfo.email==#email")
|
|
193 | 187 |
public ResponseEntity<List<String>> getRolesByEmail(@RequestParam("email") String email) { |
194 | 188 |
int coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
195 | 189 |
List<String> list = new ArrayList<>(); |
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java | ||
---|---|---|
11 | 11 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
12 | 12 |
import org.springframework.beans.factory.annotation.Autowired; |
13 | 13 |
import org.springframework.http.MediaType; |
14 |
import org.springframework.security.access.prepost.PostAuthorize; |
|
14 | 15 |
import org.springframework.security.access.prepost.PreAuthorize; |
15 | 16 |
import org.springframework.security.core.Authentication; |
16 | 17 |
import org.springframework.security.core.context.SecurityContextHolder; |
... | ... | |
82 | 83 |
return repositoryService.searchRegisteredRepositories(country, typology, englishName, officialName, requestSortBy, order, page, pageSize); |
83 | 84 |
} |
84 | 85 |
|
85 |
// TODO: Antonis K - Replace here the registeredBy |
|
86 | 86 |
|
87 | 87 |
@RequestMapping(value = "/getRepositoryById/{id}", method = RequestMethod.GET, |
88 | 88 |
produces = MediaType.APPLICATION_JSON_VALUE) |
89 | 89 |
@ResponseBody |
90 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#id)")
|
|
90 |
@PostAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#id) or (returnObject.registeredBy=='null' and hasRole('ROLE_USER'))")
|
|
91 | 91 |
public Repository getRepositoryById(@PathVariable("id") String id) throws JSONException, ResourceNotFoundException { |
92 | 92 |
Repository repo = repositoryService.getRepositoryById(id); |
93 | 93 |
|
... | ... | |
137 | 137 |
public Repository addRepository(@RequestParam("datatype") String datatype, |
138 | 138 |
@RequestBody Repository repository) throws Exception { |
139 | 139 |
|
140 |
// TODO: |
|
141 |
// 1) add repository |
|
142 |
// 2) get repository id and create new role |
|
143 |
// 3) assign new role to authenticated user |
|
144 | 140 |
return repositoryService.addRepository(datatype, repository); |
145 | 141 |
} |
146 | 142 |
|
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/PiWikController.java | ||
---|---|---|
6 | 6 |
import eu.dnetlib.repo.manager.domain.Paging; |
7 | 7 |
import eu.dnetlib.repo.manager.domain.RepositoryServiceException; |
8 | 8 |
import eu.dnetlib.repo.manager.service.PiWikServiceImpl; |
9 |
import eu.dnetlib.repo.manager.service.RepositoryService; |
|
10 | 9 |
import io.swagger.annotations.Api; |
11 | 10 |
import io.swagger.annotations.ApiImplicitParam; |
12 | 11 |
import io.swagger.annotations.ApiImplicitParams; |
... | ... | |
40 | 39 |
@Autowired |
41 | 40 |
private PiWikServiceImpl piWikService; |
42 | 41 |
|
43 |
@Autowired |
|
44 |
private RepositoryService repositoryService; |
|
45 | 42 |
|
46 |
// TODO: Antonis K. - replace here the registeredBy |
|
47 |
|
|
48 | 43 |
@RequestMapping(value = "/getPiwikSiteForRepo/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE) |
49 | 44 |
@ResponseBody |
50 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repositoryId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repositoryId).registeredBy=='null') and hasRole('ROLE_USER'))")
|
|
45 |
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))")
|
|
51 | 46 |
public PiwikInfo getPiwikSiteForRepo(@PathVariable("repositoryId") String repositoryId) { |
52 | 47 |
return piWikService.getPiwikSiteForRepo(repositoryId); |
53 | 48 |
} |
54 | 49 |
|
55 | 50 |
@RequestMapping(value = "/savePiwikInfo" , method = RequestMethod.POST,produces = MediaType.APPLICATION_JSON_VALUE) |
56 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy=='null') and hasRole('ROLE_USER'))")
|
|
51 |
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#piwikInfo.repositoryId) or (@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))")
|
|
57 | 52 |
public PiwikInfo savePiwikInfo(@RequestBody PiwikInfo piwikInfo) { |
58 | 53 |
return piWikService.savePiwikInfo(piwikInfo); |
59 | 54 |
} |
... | ... | |
162 | 157 |
|
163 | 158 |
@RequestMapping(value = "/getOpenaireId/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE) |
164 | 159 |
@ResponseBody |
165 |
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or ((@repositoryService.getRepositoryById(#repositoryId).registeredBy==authentication.userInfo.email or @repositoryService.getRepositoryById(#repositoryId).registeredBy=='null') and hasRole('ROLE_USER'))")
|
|
160 |
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))")
|
|
166 | 161 |
public String getOpenaireId(@PathVariable("repositoryId") String repositoryId){ |
167 | 162 |
return piWikService.getOpenaireId(repositoryId); |
168 | 163 |
} |
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/webapp/WEB-INF/spring-servlet.xml | ||
---|---|---|
5 | 5 |
xmlns:context="http://www.springframework.org/schema/context" |
6 | 6 |
xmlns:security="http://www.springframework.org/schema/security" |
7 | 7 |
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd |
8 |
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
|
|
8 |
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
|
|
9 | 9 |
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd |
10 | 10 |
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd" |
11 | 11 |
> |
Also available in: Unified diff
1. update user authorities when adding/removing repositories
2. fixed some authorization expressions
3. refactoring