Revision 61329
Added by Konstantinos Spyrou almost 3 years ago
AaiUserRoleController.java | ||
---|---|---|
4 | 4 |
import com.google.gson.JsonElement; |
5 | 5 |
import eu.dnetlib.repo.manager.domain.dto.Role; |
6 | 6 |
import eu.dnetlib.repo.manager.service.aai.registry.AaiRegistryService; |
7 |
import eu.dnetlib.repo.manager.service.security.AaiUserRoleService; |
|
8 |
import eu.dnetlib.repo.manager.service.security.AuthoritiesUpdater; |
|
7 | 9 |
import eu.dnetlib.repo.manager.utils.JsonUtils; |
8 | 10 |
import io.swagger.annotations.Api; |
9 | 11 |
import io.swagger.annotations.ApiOperation; |
... | ... | |
26 | 28 |
public class AaiUserRoleController { |
27 | 29 |
|
28 | 30 |
private final AaiRegistryService aaiRegistryService; |
31 |
private final AuthoritiesUpdater authoritiesUpdater; |
|
32 |
private final AaiUserRoleService aaiUserRoleService; |
|
29 | 33 |
|
30 |
// TODO: Antonis K. This should be uncommented |
|
31 |
// @Autowired |
|
32 |
// private AuthoritiesUpdater authoritiesUpdater; |
|
33 |
// |
|
34 |
// @Autowired |
|
35 |
// private AuthorizationService authorizationService; |
|
36 |
|
|
37 | 34 |
@Autowired |
38 |
AaiUserRoleController(AaiRegistryService aaiRegistryService) { |
|
35 |
AaiUserRoleController(AaiRegistryService aaiRegistryService, |
|
36 |
AuthoritiesUpdater authoritiesUpdater, |
|
37 |
AaiUserRoleService aaiUserRoleService) { |
|
39 | 38 |
this.aaiRegistryService = aaiRegistryService; |
39 |
this.authoritiesUpdater = authoritiesUpdater; |
|
40 |
this.aaiUserRoleService = aaiUserRoleService; |
|
40 | 41 |
} |
41 | 42 |
|
42 | 43 |
private String sendEmail() { |
... | ... | |
45 | 46 |
} |
46 | 47 |
|
47 | 48 |
/** |
48 |
* Create a new role with the given name and description.
|
|
49 |
* Get the role with the given name and description.
|
|
49 | 50 |
**/ |
50 | 51 |
@RequestMapping(method = RequestMethod.GET, path = "/role/id/get") |
51 |
// @PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
52 |
// @PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") |
|
52 | 53 |
public Response getRole(@RequestParam(value = "type", defaultValue = "datasource") String type, @RequestParam("id") String id) { |
53 | 54 |
int roleId = aaiRegistryService.getCouId(type, id); |
54 | 55 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role id is: " + roleId).toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
58 | 59 |
* Create a new role with the given name and description. |
59 | 60 |
**/ |
60 | 61 |
@RequestMapping(method = RequestMethod.POST, path = "/createRole") |
61 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
62 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN')")
|
|
62 | 63 |
public Response createRole(@RequestBody Role role) { |
63 | 64 |
aaiRegistryService.createRole(role); |
64 | 65 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been created").toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
69 | 70 |
*/ |
70 | 71 |
@ApiOperation(value = "subscribe") |
71 | 72 |
@RequestMapping(method = RequestMethod.POST, path = "/subscribe/{type}/{id}") |
72 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or (hasRole(@Converter.convertRepoIdToRoleId(#repository.id)) or hasRole(@Converter.convertRepoIdToRoleId(returnObject.id)))") |
|
73 |
// TODO: Perhaps less roles here |
|
73 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") |
|
74 | 74 |
public Response subscribe(@PathVariable("type") String type, @PathVariable("id") String id) { |
75 | 75 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByIdentifier(); |
76 | 76 |
if (coPersonId == null) { |
... | ... | |
80 | 80 |
if (couId != null) { |
81 | 81 |
Integer role = aaiRegistryService.getRoleId(coPersonId, couId); |
82 | 82 |
aaiRegistryService.assignMemberRole(coPersonId, couId, role); |
83 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
84 |
// authoritiesUpdater.update(sendEmail(), old -> { |
|
85 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
86 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
|
87 |
// return authorities; |
|
88 |
// }); |
|
83 |
|
|
84 |
// Add role to current user authorities |
|
85 |
authoritiesUpdater.addRole(aaiUserRoleService.convertRepoIdToAuthority(id)); |
|
86 |
|
|
89 | 87 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build(); |
90 | 88 |
} else { |
91 | 89 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
98 | 96 |
*/ |
99 | 97 |
@ApiOperation(value = "Remove role from member") |
100 | 98 |
@RequestMapping(method = RequestMethod.DELETE, path = "/{type}/{id}/member/{email}") |
101 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
99 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // FIXME: ??
|
|
102 | 100 |
public Response removeMemberRole(@PathVariable("type") String type, @PathVariable("id") String |
103 | 101 |
id, @PathVariable("email") String email) { |
104 | 102 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
... | ... | |
110 | 108 |
} |
111 | 109 |
if (couId != null && role != null) { |
112 | 110 |
aaiRegistryService.removeMemberRole(coPersonId, couId, role); |
113 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
114 |
// authoritiesUpdater.update(email, old -> { |
|
115 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
116 |
// authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id))); |
|
117 |
// return authorities; |
|
118 |
// }); |
|
111 |
|
|
112 |
// Remove role from current user authorities |
|
113 |
authoritiesUpdater.removeRole(aaiUserRoleService.convertRepoIdToAuthority(id)); |
|
114 |
|
|
119 | 115 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build(); |
120 | 116 |
} else { |
121 | 117 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
130 | 126 |
* Subscribe to role-repo by his email |
131 | 127 |
*/ |
132 | 128 |
@RequestMapping(method = RequestMethod.POST, path = "/subscribe/repo-role/{id}") |
133 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
129 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @aaiUserRoleService.isMemberOf(#id)")
|
|
134 | 130 |
public Response subscribeRoleByEmail(@PathVariable("id") String id, @RequestParam("email") String email) { |
135 | 131 |
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
136 | 132 |
if (coPersonId != null) { |
... | ... | |
138 | 134 |
if (couId != null) { |
139 | 135 |
Integer role = aaiRegistryService.getRoleId(coPersonId, couId); |
140 | 136 |
aaiRegistryService.assignMemberRole(coPersonId, couId, role); |
141 |
// TODO: Antonis K. This should be uncommented to make a role DATASOURCE.OP... for every new repo |
|
142 |
// authoritiesUpdater.update(sendEmail(), old -> { |
|
143 |
// HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); |
|
144 |
// authorities.add(new SimpleGrantedAuthority(authorizationService.member("datasource", id))); |
|
145 |
// return authorities; |
|
146 |
// }); |
|
137 |
|
|
138 |
// Add role to current user authorities |
|
139 |
authoritiesUpdater.addRole(aaiUserRoleService.convertRepoIdToAuthority(id)); |
|
140 |
|
|
147 | 141 |
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build(); |
148 | 142 |
} else { |
149 | 143 |
return Response.status(HttpStatus.NOT_FOUND.value()).entity(JsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); |
... | ... | |
160 | 154 |
* Get all the users that have the role that is associated with repoId |
161 | 155 |
*/ |
162 | 156 |
@RequestMapping(method = RequestMethod.GET, path = "/repo/{id}/all-users") |
163 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // TODO: Perhaps less roles here
|
|
157 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") // FIXME: ??
|
|
164 | 158 |
public ResponseEntity<List<String>> getAllUsersOfARepo(@PathVariable("id") String id) { |
165 | 159 |
|
166 | 160 |
List<String> userList = new ArrayList<>(); |
... | ... | |
181 | 175 |
///////////////////////////////////////////////////////////////////////////////////////////// |
182 | 176 |
|
183 | 177 |
@RequestMapping(method = RequestMethod.GET, path = "/users/couid/{id}") |
184 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
178 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") |
|
185 | 179 |
public ResponseEntity<String> getUsersByCouId(@PathVariable("id") Integer id) { |
186 | 180 |
// calls.getUserByCoId() |
187 | 181 |
return ResponseEntity.ok(aaiRegistryService.getUsersByCouId(id).toString()); |
... | ... | |
189 | 183 |
|
190 | 184 |
|
191 | 185 |
@RequestMapping(method = RequestMethod.GET, path = "/user/roles") |
192 |
@PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
|
186 |
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or hasRole('ROLE_USER') and authentication.userInfo.email==#email")
|
|
193 | 187 |
public ResponseEntity<List<String>> getRolesByEmail(@RequestParam("email") String email) { |
194 | 188 |
int coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
195 | 189 |
List<String> list = new ArrayList<>(); |
Also available in: Unified diff
1. update user authorities when adding/removing repositories
2. fixed some authorization expressions
3. refactoring