Revision 61329
Added by Konstantinos Spyrou almost 3 years ago
| AaiUserRoleController.java | ||
|---|---|---|
| 4 | 4 |
import com.google.gson.JsonElement; |
| 5 | 5 |
import eu.dnetlib.repo.manager.domain.dto.Role; |
| 6 | 6 |
import eu.dnetlib.repo.manager.service.aai.registry.AaiRegistryService; |
| 7 |
import eu.dnetlib.repo.manager.service.security.AaiUserRoleService; |
|
| 8 |
import eu.dnetlib.repo.manager.service.security.AuthoritiesUpdater; |
|
| 7 | 9 |
import eu.dnetlib.repo.manager.utils.JsonUtils; |
| 8 | 10 |
import io.swagger.annotations.Api; |
| 9 | 11 |
import io.swagger.annotations.ApiOperation; |
| ... | ... | |
| 26 | 28 |
public class AaiUserRoleController {
|
| 27 | 29 |
|
| 28 | 30 |
private final AaiRegistryService aaiRegistryService; |
| 31 |
private final AuthoritiesUpdater authoritiesUpdater; |
|
| 32 |
private final AaiUserRoleService aaiUserRoleService; |
|
| 29 | 33 |
|
| 30 |
// TODO: Antonis K. This should be uncommented |
|
| 31 |
// @Autowired |
|
| 32 |
// private AuthoritiesUpdater authoritiesUpdater; |
|
| 33 |
// |
|
| 34 |
// @Autowired |
|
| 35 |
// private AuthorizationService authorizationService; |
|
| 36 |
|
|
| 37 | 34 |
@Autowired |
| 38 |
AaiUserRoleController(AaiRegistryService aaiRegistryService) {
|
|
| 35 |
AaiUserRoleController(AaiRegistryService aaiRegistryService, |
|
| 36 |
AuthoritiesUpdater authoritiesUpdater, |
|
| 37 |
AaiUserRoleService aaiUserRoleService) {
|
|
| 39 | 38 |
this.aaiRegistryService = aaiRegistryService; |
| 39 |
this.authoritiesUpdater = authoritiesUpdater; |
|
| 40 |
this.aaiUserRoleService = aaiUserRoleService; |
|
| 40 | 41 |
} |
| 41 | 42 |
|
| 42 | 43 |
private String sendEmail() {
|
| ... | ... | |
| 45 | 46 |
} |
| 46 | 47 |
|
| 47 | 48 |
/** |
| 48 |
* Create a new role with the given name and description.
|
|
| 49 |
* Get the role with the given name and description.
|
|
| 49 | 50 |
**/ |
| 50 | 51 |
@RequestMapping(method = RequestMethod.GET, path = "/role/id/get") |
| 51 |
// @PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
| 52 |
// @PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
| 52 | 53 |
public Response getRole(@RequestParam(value = "type", defaultValue = "datasource") String type, @RequestParam("id") String id) {
|
| 53 | 54 |
int roleId = aaiRegistryService.getCouId(type, id); |
| 54 | 55 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role id is: " + roleId).toString()).type(MediaType.APPLICATION_JSON).build();
|
| ... | ... | |
| 58 | 59 |
* Create a new role with the given name and description. |
| 59 | 60 |
**/ |
| 60 | 61 |
@RequestMapping(method = RequestMethod.POST, path = "/createRole") |
| 61 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
| 62 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN')")
|
|
| 62 | 63 |
public Response createRole(@RequestBody Role role) {
|
| 63 | 64 |
aaiRegistryService.createRole(role); |
| 64 | 65 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been created").toString()).type(MediaType.APPLICATION_JSON).build();
|
| ... | ... | |
| 69 | 70 |
*/ |
| 70 | 71 |
@ApiOperation(value = "subscribe") |
| 71 | 72 |
@RequestMapping(method = RequestMethod.POST, path = "/subscribe/{type}/{id}")
|
| 72 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or (hasRole(@Converter.convertRepoIdToRoleId(#repository.id)) or hasRole(@Converter.convertRepoIdToRoleId(returnObject.id)))")
|
|
| 73 |
// TODO: Perhaps less roles here |
|
| 73 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
| 74 | 74 |
public Response subscribe(@PathVariable("type") String type, @PathVariable("id") String id) {
|
| 75 | 75 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByIdentifier(); |
| 76 | 76 |
if (coPersonId == null) {
|
| ... | ... | |
| 80 | 80 |
if (couId != null) {
|
| 81 | 81 |
Integer role = aaiRegistryService.getRoleId(coPersonId, couId); |
| 82 | 82 |
aaiRegistryService.assignMemberRole(coPersonId, couId, role); |
| 83 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
| 84 |
// authoritiesUpdater.update(sendEmail(), old -> {
|
|
| 85 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
| 86 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
|
| 87 |
// return authorities; |
|
| 88 |
// }); |
|
| 83 |
|
|
| 84 |
// Add role to current user authorities |
|
| 85 |
authoritiesUpdater.addRole(aaiUserRoleService.convertRepoIdToAuthority(id)); |
|
| 86 |
|
|
| 89 | 87 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
|
| 90 | 88 |
} else {
|
| 91 | 89 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
| ... | ... | |
| 98 | 96 |
*/ |
| 99 | 97 |
@ApiOperation(value = "Remove role from member") |
| 100 | 98 |
@RequestMapping(method = RequestMethod.DELETE, path = "/{type}/{id}/member/{email}")
|
| 101 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
| 99 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // FIXME: ??
|
|
| 102 | 100 |
public Response removeMemberRole(@PathVariable("type") String type, @PathVariable("id") String
|
| 103 | 101 |
id, @PathVariable("email") String email) {
|
| 104 | 102 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
| ... | ... | |
| 110 | 108 |
} |
| 111 | 109 |
if (couId != null && role != null) {
|
| 112 | 110 |
aaiRegistryService.removeMemberRole(coPersonId, couId, role); |
| 113 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
| 114 |
// authoritiesUpdater.update(email, old -> {
|
|
| 115 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
| 116 |
// authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
|
| 117 |
// return authorities; |
|
| 118 |
// }); |
|
| 111 |
|
|
| 112 |
// Remove role from current user authorities |
|
| 113 |
authoritiesUpdater.removeRole(aaiUserRoleService.convertRepoIdToAuthority(id)); |
|
| 114 |
|
|
| 119 | 115 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build();
|
| 120 | 116 |
} else {
|
| 121 | 117 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
| ... | ... | |
| 130 | 126 |
* Subscribe to role-repo by his email |
| 131 | 127 |
*/ |
| 132 | 128 |
@RequestMapping(method = RequestMethod.POST, path = "/subscribe/repo-role/{id}")
|
| 133 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
| 129 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#id)")
|
|
| 134 | 130 |
public Response subscribeRoleByEmail(@PathVariable("id") String id, @RequestParam("email") String email) {
|
| 135 | 131 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
| 136 | 132 |
if (coPersonId != null) {
|
| ... | ... | |
| 138 | 134 |
if (couId != null) {
|
| 139 | 135 |
Integer role = aaiRegistryService.getRoleId(coPersonId, couId); |
| 140 | 136 |
aaiRegistryService.assignMemberRole(coPersonId, couId, role); |
| 141 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
| 142 |
// authoritiesUpdater.update(sendEmail(), old -> {
|
|
| 143 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
| 144 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member("datasource", id)));
|
|
| 145 |
// return authorities; |
|
| 146 |
// }); |
|
| 137 |
|
|
| 138 |
// Add role to current user authorities |
|
| 139 |
authoritiesUpdater.addRole(aaiUserRoleService.convertRepoIdToAuthority(id)); |
|
| 140 |
|
|
| 147 | 141 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
|
| 148 | 142 |
} else {
|
| 149 | 143 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
| ... | ... | |
| 160 | 154 |
* Get all the users that have the role that is associated with repoId |
| 161 | 155 |
*/ |
| 162 | 156 |
@RequestMapping(method = RequestMethod.GET, path = "/repo/{id}/all-users")
|
| 163 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
| 157 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // FIXME: ??
|
|
| 164 | 158 |
public ResponseEntity<List<String>> getAllUsersOfARepo(@PathVariable("id") String id) {
|
| 165 | 159 |
|
| 166 | 160 |
List<String> userList = new ArrayList<>(); |
| ... | ... | |
| 181 | 175 |
///////////////////////////////////////////////////////////////////////////////////////////// |
| 182 | 176 |
|
| 183 | 177 |
@RequestMapping(method = RequestMethod.GET, path = "/users/couid/{id}")
|
| 184 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
| 178 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
| 185 | 179 |
public ResponseEntity<String> getUsersByCouId(@PathVariable("id") Integer id) {
|
| 186 | 180 |
// calls.getUserByCoId() |
| 187 | 181 |
return ResponseEntity.ok(aaiRegistryService.getUsersByCouId(id).toString()); |
| ... | ... | |
| 189 | 183 |
|
| 190 | 184 |
|
| 191 | 185 |
@RequestMapping(method = RequestMethod.GET, path = "/user/roles") |
| 192 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
| 186 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or hasRole('ROLE_USER') and authentication.userInfo.email==#email")
|
|
| 193 | 187 |
public ResponseEntity<List<String>> getRolesByEmail(@RequestParam("email") String email) {
|
| 194 | 188 |
int coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
| 195 | 189 |
List<String> list = new ArrayList<>(); |
Also available in: Unified diff
1. update user authorities when adding/removing repositories
2. fixed some authorization expressions
3. refactoring