Project

General

Profile

« Previous | Next » 

Revision 61371

1. changed user roles defined in the project to authorities given by the aai.
2. created method returning user roles with desired status (active, deleted).

View differences:

modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/AaiRegistryService.java
90 90
    JsonArray getRoles(Integer coPersonId);
91 91

  
92 92
    /**
93
     * 5.2 Get User non admin active roles
94
     *
95
     * @param coPersonId
96
     * @return
97
     */
98
    JsonArray getRolesWithStatus(Integer coPersonId, RoleStatus status);
99

  
100
    /**
93 101
     * 6. Get Role id of User base on couId.
94 102
     *
95 103
     * @param coPersonId
......
251 259

  
252 260
    // TODO: add description
253 261
    List<User> getUsers(Integer couId);
262

  
263
    enum RoleStatus {
264
        ACTIVE("Active"),
265
        DELETED("Deleted");
266

  
267
        public final String status;
268

  
269
        RoleStatus(String status) {
270
            this.status = status;
271
        }
272
    }
254 273
}
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/RegistryCalls.java
162 162
    }
163 163

  
164 164
    @Override
165
    public JsonArray getRolesWithStatus(Integer coPersonId, RoleStatus status) {
166
        JsonArray roles = getRoles(coPersonId);
167
        if (status == null) {
168
            return roles;
169
        }
170
        JsonArray activeRoles = new JsonArray();
171
        for (JsonElement role : roles) {
172
            if (role.getAsJsonObject().get("Status").getAsString().equalsIgnoreCase(status.toString())) {
173
                activeRoles.add(role);
174
            }
175
        }
176
        return activeRoles;
177
    }
178

  
179
    @Override
165 180
    public Integer getRoleId(Integer coPersonId, Integer couId) {
166 181
        JsonArray roles = getRoles(coPersonId);
167 182
        for (JsonElement role : roles) {
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/SushiliteServiceImpl.java
31 31

  
32 32

  
33 33
    @Override
34
    @PreAuthorize("hasRole('ROLE_USER')")
34
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
35 35
    public ReportResponseWrapper getReportResults(String page,
36 36
                                                  String pageSize,
37 37
                                                  String Report,
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/RepositoryServiceImpl.java
1027 1027
        ArrayList<String> roleIds = new ArrayList<>();
1028 1028
        ArrayList<Integer> couIds = new ArrayList<>();
1029 1029
        if (coPersonId != null) {
1030
            roles = registryCalls.getRoles(coPersonId);
1030
            roles = registryCalls.getRolesWithStatus(coPersonId, AaiRegistryService.RoleStatus.ACTIVE);
1031 1031
            for (JsonElement role : roles) {
1032 1032
                JsonObject object = role.getAsJsonObject();
1033 1033
                if (object.get("CouId") == null) {
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/PiWikServiceImpl.java
75 75
    }
76 76

  
77 77
    @Override
78
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (hasRole('ROLE_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)")
78
    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or (hasAuthority('REGISTERED_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)")
79 79
    public PiwikInfo savePiwikInfo(PiwikInfo piwikInfo) {
80 80
        JdbcTemplate jdbcTemplate = new JdbcTemplate(dataSource);
81 81
        jdbcTemplate.update(INSERT_PIWIK_INFO, new Object[]{piwikInfo.getRepositoryId(), piwikInfo.getSiteId(), piwikInfo.getRequestorName(),
......
144 144
    }
145 145

  
146 146
    @Override
147
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')")
147
    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
148 148
    public ResponseEntity<Object> approvePiwikSite(String repositoryId) {
149 149
        new JdbcTemplate(dataSource).update(APPROVE_PIWIK_SITE, new Object[] {repositoryId}, new int[] {Types.VARCHAR});
150 150
        return new ResponseEntity<>("OK",HttpStatus.OK);
......
158 158
    }
159 159

  
160 160
    @Override
161
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')")
161
    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
162 162
    public ResponseEntity<Object> markPiwikSiteAsValidated(String repositoryId) throws RepositoryServiceException {
163 163
        try {
164 164
            approvePiwikSite(repositoryId);
......
179 179
    }
180 180

  
181 181
    @Override
182
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (hasRole('ROLE_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)")
182
    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or (hasAuthority('REGISTERED_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)")
183 183
    public PiwikInfo enableMetricsForRepository(String officialName,
184 184
                                                String repoWebsite,
185 185
                                                PiwikInfo piwikInfo) throws RepositoryServiceException {
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationServiceImpl.java
15 15
@Service("authorizationService")
16 16
public class AuthorizationServiceImpl implements AuthorizationService {
17 17

  
18
    public final String ROLE_ADMIN = "ROLE_ADMIN";
19
    public final String ROLE_PROVIDE_ADMIN = "ROLE_PROVIDE_ADMIN";
20
    public final String ROLE_USER = "ROLE_USER";
18
    public static final String SUPER_ADMINISTRATOR = "SUPER_ADMINISTRATOR";
19
    public static final String CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR = "CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR";
20
    public static final String REGISTERED_USER = "REGISTERED_USER";
21 21

  
22 22
    private final RoleMappingService roleMappingService;
23 23
    private final AaiRegistryService aaiRegistryService;
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/security/AuthoritiesMapper.java
21 21

  
22 22
    public static Collection<GrantedAuthority> map(JsonArray entitlements) {
23 23
        HashSet<GrantedAuthority> authorities = new HashSet<>();
24
        provideRoles(entitlements, authorities);
25 24
        entityRoles(entitlements, authorities);
26 25
        return authorities;
27 26
    }
......
71 70
        }
72 71
    }
73 72

  
74
    // TODO: remove when ROLE_ADMIN and ROLE_PROVIDE_ADMIN are removed from project
75
    private static void provideRoles(JsonArray entitlements, Set<GrantedAuthority> authorities) {
76
        Map<String, String> userRoles = new HashMap() {{
77
            put("urn:geant:openaire.eu:group:Super+Administrator:role=member#aai.openaire.eu", "ROLE_ADMIN");
78
            put("urn:geant:openaire.eu:group:Content+Provider+Dashboard+Administrator:role=member#aai.openaire.eu", "ROLE_PROVIDE_ADMIN");
79
        }};
80
        Map<String, SimpleGrantedAuthority> userRolesMap = new HashMap<>();
81
        userRoles.forEach((openaireRole, appRole) -> userRolesMap.put(openaireRole, new SimpleGrantedAuthority(appRole)));
82
        authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
83
        if (entitlements != null) {
84
            entitlements.forEach(role -> {
85
                SimpleGrantedAuthority authority = userRolesMap.get(role.getAsString());
86
                if (authority != null) {
87
                    authorities.add(authority);
88
                }
89
            });
90
        }
91
    }
92

  
93 73
}
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/service/ValidatorServiceImpl.java
125 125
    }
126 126

  
127 127
    @Override
128
    @PreAuthorize("hasRole('ROLE_USER') and #jobForValidation.userEmail == authentication.userInfo.email")
128
    @PreAuthorize("hasAuthority('REGISTERED_USER') and #jobForValidation.userEmail == authentication.userInfo.email")
129 129
    public JobForValidation submitJobForValidation(JobForValidation jobForValidation) throws ValidatorServiceException {
130 130
        LOGGER.debug("Submit job for validation with id : " + jobForValidation.getDatasourceId());
131 131
        try {
......
153 153
    }
154 154

  
155 155
    @Override
156
    @PreAuthorize("hasRole('ROLE_USER') and #email == authentication.userInfo.email")
156
    @PreAuthorize("hasAuthority('REGISTERED_USER') and #email == authentication.userInfo.email")
157 157
    public ResponseEntity<Object> reSubmitJobForValidation(String email,
158 158
                                                           String jobId) throws JSONException, ValidatorServiceException {
159 159
        LOGGER.debug("Resubmit validation job with id : " + jobId);
......
240 240
    }
241 241

  
242 242
    @Override
243
    @PreAuthorize("hasRole('ROLE_USER')")
243
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
244 244
    public List<StoredJob> getStoredJobsNew(String user,
245 245
                                            String jobType,
246 246
                                            String offset,
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/config/OpenAIREAuthoritiesMapper.java
12 12
import org.springframework.security.core.authority.SimpleGrantedAuthority;
13 13
import org.springframework.stereotype.Component;
14 14

  
15
import java.util.ArrayList;
16
import java.util.Collection;
17
import java.util.List;
15
import java.util.*;
18 16

  
19 17
@ComponentScan
20 18
@Component
......
28 26
    @Override
29 27
    public Collection<? extends GrantedAuthority> mapAuthorities(JWT jwtToken, UserInfo userInfo) {
30 28
        JsonArray entitlements = null;
31
        List<GrantedAuthority> authorities = new ArrayList<>();
29
        Set<GrantedAuthority> authorities = new HashSet<>();
32 30
        if (userInfo != null && userInfo.getSource() != null) {
33 31
            if (userInfo.getSource().getAsJsonArray("edu_person_entitlements") != null) {
34 32
                entitlements = userInfo.getSource().getAsJsonArray("edu_person_entitlements");
35 33
            } else if (userInfo.getSource().getAsJsonArray("eduperson_entitlement") != null) {
36 34
                entitlements = userInfo.getSource().getAsJsonArray("eduperson_entitlement");
37
            } else {
38
                authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
39
                logger.error("Could not read user 'edu_person_entitlements' && 'eduperson_entitlement'\nAdding default role 'ROLE_USER' to user: " + userInfo.toString());
40 35
            }
41 36
            logger.debug("user info: " + userInfo + "\nentitlements: " + entitlements);
42 37

  
43
            // FIXME: delete this if statement
38
            // FIXME: delete this if statement when super administrators are set
44 39
            if (userInfo.getEmail() != null && userInfo.getEmail().equals(adminEmail)) {
45
                authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
40
                authorities.add(new SimpleGrantedAuthority("SUPER_ADMINISTRATOR"));
46 41
            }
47 42

  
48 43
            authorities.addAll(AuthoritiesMapper.map(entitlements));
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/UserController.java
18 18
    private UserServiceImpl userService;
19 19

  
20 20
    @RequestMapping(value = "/login" , method = RequestMethod.GET)
21
    @PreAuthorize("hasRole('ROLE_USER')")
21
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
22 22
    public ResponseEntity<Object> login() {
23 23
        return userService.login();
24 24
    }
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java
63 63
    @RequestMapping(value = "/getRepositoriesOfUser/{page}/{size}", method = RequestMethod.GET,
64 64
            produces = MediaType.APPLICATION_JSON_VALUE)
65 65
    @ResponseBody
66
    @PreAuthorize("hasRole('ROLE_USER')")
66
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
67 67
    public List<RepositorySnippet> getRepositoriesSnippetOfUser(
68 68
            @PathVariable("page") String page,
69 69
            @PathVariable("size") String size) throws JSONException, IOException {
......
73 73
    @RequestMapping(value = "/user/repositories/{page}/{size}", method = RequestMethod.GET,
74 74
            produces = MediaType.APPLICATION_JSON_VALUE)
75 75
    @ResponseBody
76
    @PreAuthorize("hasRole('ROLE_USER')")
76
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
77 77
    public List<Repository> getRepositoriesOfUser(
78 78
            @PathVariable("page") String page,
79 79
            @PathVariable("size") String size) throws JSONException, IOException {
......
83 83
    @RequestMapping(value = "/searchRegisteredRepositories/{page}/{size}", method = RequestMethod.GET,
84 84
            produces = MediaType.APPLICATION_JSON_VALUE)
85 85
    @ResponseBody
86
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')")
86
    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
87 87
    public List<RepositorySnippet> searchRegisteredRepositories(@RequestParam(name = "country", required = false) String country,
88 88
                                                                @RequestParam(name = "typology", required = false) String typology,
89 89
                                                                @RequestParam(name = "englishName", required = false) String englishName,
......
100 100
    @RequestMapping(value = "/getRepositoryById/{id}", method = RequestMethod.GET,
101 101
            produces = MediaType.APPLICATION_JSON_VALUE)
102 102
    @ResponseBody
103
    @PostAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id) or (returnObject.registeredBy=='null' and hasRole('ROLE_USER'))")
103
    @PostAuthorize("hasAnyRole('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id) or (returnObject.registeredBy=='null' and hasAuthority('REGISTERED_USER'))")
104 104
    public Repository getRepositoryById(@PathVariable("id") String id) throws JSONException, ResourceNotFoundException {
105 105
        Repository repo = repositoryService.getRepositoryById(id);
106 106

  
......
137 137
    @RequestMapping(value = "/getRepositoryInterface/{id}", method = RequestMethod.GET,
138 138
            produces = MediaType.APPLICATION_JSON_VALUE)
139 139
    @ResponseBody
140
    @PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id) or (@repositoryService.getRepositoryById(#id).registeredBy=='null' and hasRole('ROLE_USER'))")
140
    @PostAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id) or (@repositoryService.getRepositoryById(#id).registeredBy=='null' and hasAuthority('REGISTERED_USER'))")
141 141
    public List<RepositoryInterface> getRepositoryInterface(@PathVariable("id") String id) throws JSONException {
142 142
        return repositoryService.getRepositoryInterface(id);
143 143
    }
......
145 145
    @RequestMapping(value = "/addRepository", method = RequestMethod.POST,
146 146
            consumes = MediaType.APPLICATION_JSON_VALUE)
147 147
    @ResponseBody
148
//    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (hasRole(@authorizationService.convertRepoIdToRoleId(#repository.id)) or hasRole(@authorizationService.convertRepoIdToRoleId(returnObject.id)))")
149
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or hasRole('ROLE_USER')")
148
//    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or (hasAuthority(@authorizationService.convertRepoIdToRoleId(#repository.id)) or hasAuthority(@authorizationService.convertRepoIdToRoleId(returnObject.id)))")
149
    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or hasAuthority('REGISTERED_USER')")
150 150
    public Repository addRepository(@RequestParam("datatype") String datatype,
151 151
                                    @RequestBody Repository repository) throws Exception {
152 152

  
......
177 177
    @RequestMapping(value = "/updateRepository", method = RequestMethod.POST,
178 178
            consumes = MediaType.APPLICATION_JSON_VALUE)
179 179
    @ResponseBody
180
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#repository.id)")
180
    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#repository.id)")
181 181
    public Repository updateRepository(@RequestBody Repository repository, Authentication authentication) throws Exception {
182 182
        return repositoryService.updateRepository(repository, authentication);
183 183
    }
......
192 192
    @RequestMapping(value = "/addInterface", method = RequestMethod.POST,
193 193
            consumes = MediaType.APPLICATION_JSON_VALUE)
194 194
    @ResponseBody
195
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)")
195
    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)")
196 196
    public RepositoryInterface addRepositoryInterface(@RequestParam("datatype") String datatype,
197 197
                                                      @RequestParam("id") String id,
198 198
                                                      @RequestParam("registeredBy") String registeredBy,
......
204 204
    @RequestMapping(value = "/getUrlsOfUserRepos/{page}/{size}/", method = RequestMethod.GET,
205 205
            produces = MediaType.APPLICATION_JSON_VALUE)
206 206
    @ResponseBody
207
    @PreAuthorize("hasRole('ROLE_USER')")
207
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
208 208
    public List<String> getUrlsOfUserRepos(@PathVariable("page") String page, @PathVariable("size") String size) {
209 209
        return repositoryService.getUrlsOfUserRepos(((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail(), page, size);
210 210
    }
......
248 248
    @RequestMapping(value = "/updateRepositoryInterface", method = RequestMethod.POST,
249 249
            consumes = MediaType.APPLICATION_JSON_VALUE)
250 250
    @ResponseBody
251
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)")
251
    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)")
252 252
    public RepositoryInterface updateRepositoryInterface(@RequestParam("id") String id,
253 253
                                                         @RequestParam("registeredBy") String registeredBy,
254 254
                                                         @RequestParam(value = "comment", required = false) String comment,
......
264 264
     * Get all the admins of the repository
265 265
     */
266 266
    @RequestMapping(method = RequestMethod.GET, path = "{id}/admins")
267
    @PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)")
267
    @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)")
268 268
    public ResponseEntity<List<User>> getAdminsOfARepo(@PathVariable("id") String id) {
269 269
        return new ResponseEntity<>(authorizationService.getAdminsOfRepo(id), HttpStatus.OK);
270 270
    }
......
273 273
     * Subscribe to repo by email
274 274
     */
275 275
    @RequestMapping(method = RequestMethod.POST, path = "{id}/admins")
276
    @PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)")
276
    @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)")
277 277
    public Response subscribeByEmail(@PathVariable("id") String id, @RequestBody String email) throws ResourceNotFoundException {
278 278
        authorizationService.addAdmin(id, email);
279 279
        return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(javax.ws.rs.core.MediaType.APPLICATION_JSON).build();
......
283 283
     * Unsubscribe from repo by email
284 284
     */
285 285
    @RequestMapping(method = RequestMethod.DELETE, path = "{id}/admins/{email:.+}")
286
    @PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)")
286
    @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)")
287 287
    public ResponseEntity<Void> unsubscribeByEmail(@PathVariable("id") String id, @PathVariable("email") String email) throws ResourceNotFoundException {
288 288
        authorizationService.removeAdmin(id, email);
289 289
        return new ResponseEntity<>(HttpStatus.NO_CONTENT);
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/UserRoleController.java
47 47
     * Get the role with the given id.
48 48
     **/
49 49
    @RequestMapping(method = RequestMethod.GET, path = "/role/{id}")
50
//    @PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
50
//    @PreAuthorize("hasAnyAuthority('REGISTERED_USER', 'SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
51 51
    public Response getRole(@RequestParam(value = "type", defaultValue = "datasource") String type, @PathVariable("id") String id) {
52 52
        int roleId = aaiRegistryService.getCouId(type, id);
53 53
        return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role id is: " + roleId).toString()).type(MediaType.APPLICATION_JSON).build();
......
57 57
     * Create a new role with the given name and description.
58 58
     **/
59 59
    @RequestMapping(method = RequestMethod.POST, path = "/role")
60
    @PreAuthorize("hasAnyAuthority('ROLE_ADMIN')")
60
    @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR')")
61 61
    public Response createRole(@RequestBody Role role) {
62 62
        aaiRegistryService.createRole(role);
63 63
        return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been created").toString()).type(MediaType.APPLICATION_JSON).build();
......
68 68
     */
69 69
    @ApiOperation(value = "subscribe")
70 70
    @RequestMapping(method = RequestMethod.POST, path = "/subscribe/{type}/{id}")
71
    @PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
71
    @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
72 72
    public Response subscribe(@PathVariable("type") String type, @PathVariable("id") String id) {
73 73
        Integer coPersonId = aaiRegistryService.getCoPersonIdByIdentifier();
74 74
        if (coPersonId == null) {
......
91 91
    /////////////////////////////////////////////////////////////////////////////////////////////
92 92

  
93 93
    @RequestMapping(method = RequestMethod.GET, path = "/users/couid/{id}")
94
    @PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
94
    @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
95 95
    public ResponseEntity<String> getUsersByCouId(@PathVariable("id") Integer id) {
96 96
//        calls.getUserByCoId()
97 97
        return ResponseEntity.ok(aaiRegistryService.getUsersByCouId(id).toString());
......
99 99

  
100 100

  
101 101
    @RequestMapping(method = RequestMethod.GET, path = "/users/{email}/roles")
102
    @PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or hasRole('ROLE_USER') and authentication.userInfo.email==#email")
102
    @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or hasAuthority('REGISTERED_USER') and authentication.userInfo.email==#email")
103 103
    public ResponseEntity<Collection<String>> getRolesByEmail(@PathVariable("email") String email) {
104 104
        int coPersonId = aaiRegistryService.getCoPersonIdByEmail(email);
105 105
        List<Integer> list = new ArrayList<>();
106
        // FIXME: getRoles returns all roles of user, requested and active
107
        for (JsonElement element : aaiRegistryService.getRoles(coPersonId)) {
106
        for (JsonElement element : aaiRegistryService.getRolesWithStatus(coPersonId, AaiRegistryService.RoleStatus.ACTIVE)) {
108 107
            list.add(element.getAsJsonObject().get("CouId").getAsInt());
109 108
        }
110 109
        return ResponseEntity.ok(aaiRegistryService.getCouNames(list).values());
......
112 111

  
113 112

  
114 113
    @RequestMapping(method = RequestMethod.GET, path = "/user/roles/my")
115
    @PreAuthorize("hasRole('ROLE_USER')")
114
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
116 115
    public ResponseEntity<Collection<String>> getRoleNames() {
117 116
        List<String> roles;
118 117
        JsonArray entitlements = null;
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/PiWikController.java
42 42

  
43 43
    @RequestMapping(value = "/getPiwikSiteForRepo/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE)
44 44
    @ResponseBody
45
    @PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))")
45
    @PreAuthorize("hasAnyRole('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasAuthority('REGISTERED_USER'))")
46 46
    public PiwikInfo getPiwikSiteForRepo(@PathVariable("repositoryId") String repositoryId) {
47 47
        return piWikService.getPiwikSiteForRepo(repositoryId);
48 48
    }
49 49

  
50 50
    @RequestMapping(value = "/savePiwikInfo" , method = RequestMethod.POST,produces = MediaType.APPLICATION_JSON_VALUE)
51
    @PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#piwikInfo.repositoryId) or (@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))")
51
    @PreAuthorize("hasAnyRole('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#piwikInfo.repositoryId) or (@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy=='null' and hasAuthority('REGISTERED_USER'))")
52 52
    public PiwikInfo savePiwikInfo(@RequestBody PiwikInfo piwikInfo) {
53 53
        return piWikService.savePiwikInfo(piwikInfo);
54 54
    }
......
150 150

  
151 151
    @RequestMapping(value = "/approvePiwikSite/{repositoryId}" , method = RequestMethod.GET)
152 152
    @ResponseBody
153
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')")
153
    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
154 154
    public ResponseEntity<Object> approvePiwikSite(@PathVariable("repositoryId") String repositoryId) {
155 155
        return piWikService.approvePiwikSite(repositoryId);
156 156
    }
157 157

  
158 158
    @RequestMapping(value = "/getOpenaireId/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE)
159 159
    @ResponseBody
160
    @PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))")
160
    @PreAuthorize("hasAnyRole('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasAuthority('REGISTERED_USER'))")
161 161
    public String getOpenaireId(@PathVariable("repositoryId") String repositoryId){
162 162
        return piWikService.getOpenaireId(repositoryId);
163 163
    }
......
165 165
    @RequestMapping(value = "/markPiwikSiteAsValidated/{repositoryId}" , method = RequestMethod.POST,
166 166
            consumes = MediaType.APPLICATION_JSON_VALUE)
167 167
    @ResponseBody
168
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')")
168
    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
169 169
    public ResponseEntity<Object> markPiwikSiteAsValidated(@PathVariable("repositoryId") String repositoryId) throws RepositoryServiceException {
170 170
        return piWikService.markPiwikSiteAsValidated(repositoryId);
171 171
    }
172 172

  
173 173
    @RequestMapping(value = "/enableMetricsForRepository", method = RequestMethod.POST,
174 174
            consumes = MediaType.APPLICATION_JSON_VALUE)
175
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (hasRole('ROLE_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)")
175
    @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or (hasAuthority('REGISTERED_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)")
176 176
    public PiwikInfo enableMetricsForRepository(@RequestParam("officialName") String officialName,
177 177
                                                @RequestParam("repoWebsite") String repoWebsite,
178 178
                                                @RequestBody PiwikInfo piwikInfo) throws RepositoryServiceException {
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/BrokerController.java
30 30
    @RequestMapping(value = "/getDatasourcesOfUser" , method = RequestMethod.GET,
31 31
            produces = MediaType.APPLICATION_JSON_VALUE)
32 32
    @ResponseBody
33
    @PreAuthorize("hasRole('ROLE_USER')")
33
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
34 34
    public DatasourcesBroker getDatasourcesOfUser(
35 35
                                           @RequestParam("includeShared")
36 36
                                           @ApiParam(value = "Include shared datasources", required = true , defaultValue = "false") String includeShared,
......
51 51
            method = RequestMethod.POST,
52 52
            produces = MediaType.APPLICATION_JSON_VALUE)
53 53
    @ResponseBody
54
    @PreAuthorize("hasRole('ROLE_USER')")
54
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
55 55
    public EventsPage advancedShowEvents(@PathVariable("page") String page,
56 56
                                  @PathVariable("size") String size,
57 57
                                  @RequestBody AdvQueryObject advQueryObject) throws BrokerException, JSONException ,IOException{
......
62 62
            method = RequestMethod.GET,
63 63
            produces = MediaType.APPLICATION_JSON_VALUE)
64 64
    @ResponseBody
65
    @PreAuthorize("hasRole('ROLE_USER')")
65
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
66 66
    public EventsPage showEvents(@RequestParam("datasourceName") String datasourceName,
67 67
                          @RequestParam("topic") String topic,
68 68
                          @RequestParam("page") String page,
......
74 74
            method = RequestMethod.GET,
75 75
            produces = MediaType.APPLICATION_JSON_VALUE)
76 76
    @ResponseBody
77
    @PreAuthorize("hasRole('ROLE_USER')")
77
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
78 78
    public Map<String, List<SimpleSubscriptionDesc>> getSimpleSubscriptionsOfUser() throws BrokerException{
79 79
        return brokerService.getSimpleSubscriptionsOfUser(((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail());
80 80
    }
......
83 83
            consumes = MediaType.APPLICATION_JSON_VALUE,
84 84
            produces = MediaType.APPLICATION_JSON_VALUE)
85 85
    @ResponseBody
86
    @PreAuthorize("hasRole('ROLE_USER') ")
86
    @PreAuthorize("hasAuthority('REGISTERED_USER') ")
87 87
    public Subscription subscribe(@RequestBody OpenaireSubscription obj) throws BrokerException{
88 88
        return brokerService.subscribe(obj);
89 89
    }
......
92 92
            consumes = MediaType.APPLICATION_JSON_VALUE,
93 93
            produces = MediaType.APPLICATION_JSON_VALUE)
94 94
    @ResponseBody
95
    @PreAuthorize("hasRole('ROLE_USER')")
95
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
96 96
    public ResponseEntity<Object> unsubscribe(@PathVariable("subscriptionId") String subscriptionId) throws BrokerException{
97 97
        return brokerService.unsubscribe(subscriptionId);
98 98
    }
......
100 100
    @RequestMapping(value = "/getSubscription/{subscriptionId}" , method = RequestMethod.GET,
101 101
            produces = MediaType.APPLICATION_JSON_VALUE)
102 102
    @ResponseBody
103
    @PreAuthorize("hasRole('ROLE_USER')")
103
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
104 104
    public Subscription getSubscription(@PathVariable("subscriptionId") String subscriptionId) throws BrokerException{
105 105
        return brokerService.getSubscription(subscriptionId);
106 106
    }
......
116 116
    @RequestMapping(value = "/getNotificationsBySubscriptionId/{subscriptionId}/{page}/{size}" , method = RequestMethod.GET
117 117
            ,produces = MediaType.APPLICATION_JSON_VALUE)
118 118
    @ResponseBody
119
    @PreAuthorize("hasRole('ROLE_USER')")
119
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
120 120
    public EventsPage getNotificationsBySubscriptionId(@PathVariable("subscriptionId") String subscriptionId,
121 121
                                                @PathVariable("page") String page,
122 122
                                                @PathVariable("size") String size) throws BrokerException{
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/ValidatorController.java
38 38
            consumes = MediaType.APPLICATION_JSON_VALUE,
39 39
            produces = MediaType.APPLICATION_JSON_VALUE)
40 40
    @ResponseBody
41
    @PreAuthorize("hasRole('ROLE_USER') and #jobForValidation.userEmail == authentication.userInfo.email")
41
    @PreAuthorize("hasAuthority('REGISTERED_USER') and #jobForValidation.userEmail == authentication.userInfo.email")
42 42
    public JobForValidation submitJobForValidation(@RequestBody JobForValidation jobForValidation) throws ValidatorServiceException {
43 43
        return validatorService.submitJobForValidation(jobForValidation);
44 44
    }
......
47 47
            consumes = MediaType.APPLICATION_JSON_VALUE,
48 48
            produces = MediaType.APPLICATION_JSON_VALUE)
49 49
    @ResponseBody
50
    @PreAuthorize("hasRole('ROLE_USER')")
50
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
51 51
    public ResponseEntity<Object> reSubmitJobForValidation(@PathVariable("jobId") String jobId) throws JSONException, ValidatorServiceException {
52 52
        return validatorService.reSubmitJobForValidation(((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail(), jobId);
53 53
    }
......
78 78

  
79 79
    @RequestMapping(value = "/getStoredJobsNew" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE)
80 80
    @ResponseBody
81
    @PreAuthorize("hasRole('ROLE_USER')")
81
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
82 82
    public List<StoredJob> getStoredJobsNew(@RequestParam(value = "jobType", required = false)
83 83
                                            @ApiParam(value = "Equals to filter job type on validation history page") String jobType,
84 84
                                            @RequestParam("offset") @ApiParam(value = "Page number", required = true) String offset,
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/DashboardController.java
36 36
    @RequestMapping(value = "/getRepositoriesSummary/{page}/{size}" , method = RequestMethod.GET,
37 37
            produces = MediaType.APPLICATION_JSON_VALUE)
38 38
    @ResponseBody
39
    @PreAuthorize("hasRole('ROLE_USER')")
39
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
40 40
    public List<RepositorySummaryInfo> getRepositoriesSummaryInfo(
41 41
                                                                  @PathVariable("page") String page,
42 42
                                                                  @PathVariable("size") String size) throws JSONException {
......
46 46
    @RequestMapping(value = "/collectionMonitorSummary/{repoId}" , method = RequestMethod.GET,
47 47
            produces = MediaType.APPLICATION_JSON_VALUE)
48 48
    @ResponseBody
49
    @PreAuthorize("hasRole('ROLE_USER')")
49
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
50 50
    public CollectionMonitorSummary getCollectionMonitorSummary(
51 51
            @PathVariable("repoId") String repoId,
52 52
            @RequestParam(name = "size", required = false, defaultValue = "20") int size) throws JSONException {
......
72 72
    @RequestMapping(value = "/usageSummary/{repoId}" , method = RequestMethod.GET,
73 73
            produces = MediaType.APPLICATION_JSON_VALUE)
74 74
    @ResponseBody
75
    @PreAuthorize("hasRole('ROLE_USER')")
75
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
76 76
    public UsageSummary getUsageSummary(
77 77
            @PathVariable("repoId") String repoId
78 78
    ) throws RepositoryServiceException {
......
82 82
    @RequestMapping(value = "/brokerSummary/{ds_name}" , method = RequestMethod.GET,
83 83
            produces = MediaType.APPLICATION_JSON_VALUE)
84 84
    @ResponseBody
85
    @PreAuthorize("hasRole('ROLE_USER')")
85
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
86 86
    public BrokerSummary getBrokerSummary(
87 87
            @PathVariable("ds_name") String datasourceName) throws BrokerException {
88 88
        return new BrokerSummary(brokerService.getSimpleSubscriptionsOfUser( ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail()), brokerService.getTopicsForDatasource(datasourceName));
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/MonitorController.java
29 29
    @RequestMapping(value = "/getJobsOfUser" , method = RequestMethod.GET,
30 30
            produces = MediaType.APPLICATION_JSON_VALUE)
31 31
    @ResponseBody
32
    @PreAuthorize("hasRole('ROLE_USER')")
32
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
33 33
    public JobsOfUser getJobsOfUser(@RequestParam(value = "jobType", required = false)
34 34
                                    @ApiParam(value = "Equals to filter job type on validation history page") String jobType,
35 35
                                    @RequestParam("offset") @ApiParam(value = "Page number", required = true) String offset,
......
43 43

  
44 44
    @RequestMapping(value = "/getJobsOfUserPerValidationStatus" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE)
45 45
    @ResponseBody
46
    @PreAuthorize("hasRole('ROLE_USER')")
46
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
47 47
    public int getJobsOfUserPerValidationStatus(@RequestBody String jobType,
48 48
                                                @RequestBody String validationStatus) throws JSONException {
49 49
        return monitorService.getJobsOfUserPerValidationStatus(((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail(), jobType, validationStatus);
modules/uoa-repository-manager-service/branches/aai_roles_new/src/main/java/eu/dnetlib/repo/manager/controllers/SushiliteController.java
19 19

  
20 20
    @RequestMapping(value = "/getReportResults/{page}/{pageSize}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
21 21
    @ResponseBody
22
    @PreAuthorize("hasRole('ROLE_USER')")
22
    @PreAuthorize("hasAuthority('REGISTERED_USER')")
23 23
    public ReportResponseWrapper getReportResults(@PathVariable("page") String page,
24 24
                                                  @PathVariable("pageSize") String pageSize,
25 25
                                                  @RequestParam(value = "Report") String Report,

Also available in: Unified diff