1
|
package eu.dnetlib.repo.manager.service.security;
|
2
|
|
3
|
import com.google.gson.JsonArray;
|
4
|
import com.google.gson.JsonElement;
|
5
|
import eu.dnetlib.repo.manager.domain.dto.User;
|
6
|
import eu.dnetlib.repo.manager.exception.ResourceNotFoundException;
|
7
|
import eu.dnetlib.repo.manager.service.aai.registry.AaiRegistryService;
|
8
|
import org.springframework.beans.factory.annotation.Autowired;
|
9
|
import org.springframework.security.core.context.SecurityContextHolder;
|
10
|
import org.springframework.stereotype.Service;
|
11
|
|
12
|
import java.util.ArrayList;
|
13
|
import java.util.List;
|
14
|
|
15
|
@Service("authorizationService")
|
16
|
public class AuthorizationServiceImpl implements AuthorizationService {
|
17
|
|
18
|
public static final String SUPER_ADMINISTRATOR = "SUPER_ADMINISTRATOR";
|
19
|
public static final String CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR = "CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR";
|
20
|
public static final String REGISTERED_USER = "REGISTERED_USER";
|
21
|
|
22
|
private final RoleMappingService roleMappingService;
|
23
|
private final AaiRegistryService aaiRegistryService;
|
24
|
private final AuthoritiesUpdater authoritiesUpdater;
|
25
|
|
26
|
@Autowired
|
27
|
AuthorizationServiceImpl(RoleMappingService roleMappingService, AaiRegistryService aaiRegistryService,
|
28
|
AuthoritiesUpdater authoritiesUpdater) {
|
29
|
this.roleMappingService = roleMappingService;
|
30
|
this.aaiRegistryService = aaiRegistryService;
|
31
|
this.authoritiesUpdater = authoritiesUpdater;
|
32
|
}
|
33
|
|
34
|
private String mapType(String type) {
|
35
|
if (type.equals("datasource")) {
|
36
|
type = "datasource";
|
37
|
}
|
38
|
return type;
|
39
|
}
|
40
|
|
41
|
/**
|
42
|
* Type = DATASOURCE
|
43
|
*/
|
44
|
@Override
|
45
|
public String member(String type, String id) {
|
46
|
return mapType(type).toUpperCase() + "_" + id.toUpperCase();
|
47
|
}
|
48
|
|
49
|
@Override
|
50
|
public boolean isMemberOf(String repoId) {
|
51
|
String repoRole = roleMappingService.convertRepoIdToEncodedAuthorityId(repoId);
|
52
|
return SecurityContextHolder.getContext().getAuthentication().getAuthorities()
|
53
|
.parallelStream().anyMatch(authority -> authority.toString().equals(repoRole));
|
54
|
}
|
55
|
|
56
|
@Override
|
57
|
public List<User> getAdminsOfRepo(String repoId) {
|
58
|
List<String> userList = new ArrayList<>();
|
59
|
|
60
|
// find couId by role name
|
61
|
String role = roleMappingService.getRoleIdByRepoId(repoId);
|
62
|
Integer couId = aaiRegistryService.getCouId(role);
|
63
|
if (couId != null) {
|
64
|
JsonArray users = aaiRegistryService.getUsersByCouId(couId);
|
65
|
for (JsonElement jsonElement : users) {
|
66
|
userList.add(jsonElement.toString());
|
67
|
}
|
68
|
}
|
69
|
return aaiRegistryService.getUsers(couId);
|
70
|
}
|
71
|
|
72
|
|
73
|
@Override
|
74
|
public boolean addAdmin(String id, String email) throws ResourceNotFoundException {
|
75
|
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email);
|
76
|
if (coPersonId != null) {
|
77
|
String role = roleMappingService.getRoleIdByRepoId(id);
|
78
|
Integer couId = aaiRegistryService.getCouId(role);
|
79
|
if (couId != null) {
|
80
|
Integer roleId = aaiRegistryService.getRoleId(coPersonId, couId);
|
81
|
aaiRegistryService.assignMemberRole(coPersonId, couId, roleId);
|
82
|
|
83
|
// Add role to user current authorities
|
84
|
authoritiesUpdater.addRole(email, roleMappingService.convertRepoIdToAuthority(id));
|
85
|
|
86
|
return true;
|
87
|
} else {
|
88
|
throw new ResourceNotFoundException("Cannot find CouId for role: " + role);
|
89
|
}
|
90
|
} else {
|
91
|
throw new ResourceNotFoundException("Cannot find coPersonId for user with email: " + email);
|
92
|
}
|
93
|
}
|
94
|
|
95
|
@Override
|
96
|
public boolean removeAdmin(String id, String email) throws ResourceNotFoundException {
|
97
|
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email);
|
98
|
if (coPersonId != null) {
|
99
|
String role = roleMappingService.getRoleIdByRepoId(id);
|
100
|
Integer couId = aaiRegistryService.getCouId(role);
|
101
|
Integer roleId = null;
|
102
|
if (couId != null) {
|
103
|
roleId = aaiRegistryService.getRoleId(coPersonId, couId);
|
104
|
}
|
105
|
if (couId != null && roleId != null) {
|
106
|
aaiRegistryService.removeMemberRole(coPersonId, couId, roleId);
|
107
|
|
108
|
// Remove role from user current authorities
|
109
|
authoritiesUpdater.removeRole(email, roleMappingService.convertRepoIdToAuthority(id));
|
110
|
|
111
|
return true;
|
112
|
} else {
|
113
|
throw new ResourceNotFoundException("Cannot find CouId for role: " + role);
|
114
|
}
|
115
|
} else {
|
116
|
throw new ResourceNotFoundException("Cannot find coPersonId for user with email: " + email);
|
117
|
}
|
118
|
}
|
119
|
|
120
|
}
|