Revision 61372
Added by Konstantinos Spyrou almost 3 years ago
UserRoleController.java | ||
---|---|---|
1 | 1 |
package eu.dnetlib.repo.manager.controllers; |
2 | 2 |
|
3 |
import com.google.gson.JsonArray; |
|
4 |
import com.google.gson.JsonElement; |
|
5 | 3 |
import eu.dnetlib.repo.manager.domain.dto.Role; |
6 | 4 |
import eu.dnetlib.repo.manager.service.aai.registry.AaiRegistryService; |
5 |
import eu.dnetlib.repo.manager.service.security.AuthoritiesUpdater; |
|
6 |
import eu.dnetlib.repo.manager.service.security.AuthorizationService; |
|
7 | 7 |
import eu.dnetlib.repo.manager.service.security.RoleMappingService; |
8 |
import eu.dnetlib.repo.manager.service.security.AuthoritiesMapper; |
|
9 |
import eu.dnetlib.repo.manager.service.security.AuthoritiesUpdater; |
|
10 | 8 |
import eu.dnetlib.repo.manager.utils.JsonUtils; |
11 | 9 |
import io.swagger.annotations.Api; |
12 | 10 |
import io.swagger.annotations.ApiOperation; |
13 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
|
14 |
import org.mitre.openid.connect.model.UserInfo; |
|
15 | 11 |
import org.springframework.beans.factory.annotation.Autowired; |
16 | 12 |
import org.springframework.http.HttpStatus; |
17 | 13 |
import org.springframework.http.ResponseEntity; |
18 | 14 |
import org.springframework.security.access.prepost.PreAuthorize; |
19 |
import org.springframework.security.core.context.SecurityContextHolder; |
|
20 | 15 |
import org.springframework.web.bind.annotation.*; |
21 | 16 |
|
22 | 17 |
import javax.ws.rs.core.MediaType; |
23 | 18 |
import javax.ws.rs.core.Response; |
24 |
import java.util.ArrayList; |
|
25 | 19 |
import java.util.Collection; |
26 |
import java.util.List; |
|
27 | 20 |
|
28 | 21 |
@RestController |
29 | 22 |
@RequestMapping(value = "/role-management") |
... | ... | |
33 | 26 |
private final AaiRegistryService aaiRegistryService; |
34 | 27 |
private final AuthoritiesUpdater authoritiesUpdater; |
35 | 28 |
private final RoleMappingService roleMappingService; |
29 |
private final AuthorizationService authorizationService; |
|
36 | 30 |
|
37 | 31 |
@Autowired |
38 | 32 |
UserRoleController(AaiRegistryService aaiRegistryService, |
39 | 33 |
AuthoritiesUpdater authoritiesUpdater, |
40 |
RoleMappingService roleMappingService) { |
|
34 |
RoleMappingService roleMappingService, |
|
35 |
AuthorizationService authorizationService) { |
|
41 | 36 |
this.aaiRegistryService = aaiRegistryService; |
42 | 37 |
this.authoritiesUpdater = authoritiesUpdater; |
43 | 38 |
this.roleMappingService = roleMappingService; |
39 |
this.authorizationService = authorizationService; |
|
44 | 40 |
} |
45 | 41 |
|
46 | 42 |
/** |
... | ... | |
101 | 97 |
@RequestMapping(method = RequestMethod.GET, path = "/users/{email}/roles") |
102 | 98 |
@PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or hasAuthority('REGISTERED_USER') and authentication.userInfo.email==#email") |
103 | 99 |
public ResponseEntity<Collection<String>> getRolesByEmail(@PathVariable("email") String email) { |
104 |
int coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); |
|
105 |
List<Integer> list = new ArrayList<>(); |
|
106 |
for (JsonElement element : aaiRegistryService.getRolesWithStatus(coPersonId, AaiRegistryService.RoleStatus.ACTIVE)) { |
|
107 |
list.add(element.getAsJsonObject().get("CouId").getAsInt()); |
|
108 |
} |
|
109 |
return ResponseEntity.ok(aaiRegistryService.getCouNames(list).values()); |
|
100 |
return ResponseEntity.ok(authorizationService.getUserRoles(email)); |
|
110 | 101 |
} |
111 | 102 |
|
112 | 103 |
|
113 | 104 |
@RequestMapping(method = RequestMethod.GET, path = "/user/roles/my") |
114 | 105 |
@PreAuthorize("hasAuthority('REGISTERED_USER')") |
115 | 106 |
public ResponseEntity<Collection<String>> getRoleNames() { |
116 |
List<String> roles; |
|
117 |
JsonArray entitlements = null; |
|
118 |
UserInfo userInfo = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo(); |
|
119 |
if (userInfo.getSource().getAsJsonArray("edu_person_entitlements") != null) { |
|
120 |
entitlements = userInfo.getSource().getAsJsonArray("edu_person_entitlements"); |
|
121 |
} else if (userInfo.getSource().getAsJsonArray("eduperson_entitlement") != null) { |
|
122 |
entitlements = userInfo.getSource().getAsJsonArray("eduperson_entitlement"); |
|
123 |
} else { |
|
124 |
return ResponseEntity.ok(null); |
|
125 |
} |
|
126 |
roles = AuthoritiesMapper.entitlementRoles(entitlements); |
|
127 |
return ResponseEntity.ok(roles); |
|
107 |
return ResponseEntity.ok(authorizationService.getUserRoles()); |
|
128 | 108 |
} |
129 | 109 |
|
130 | 110 |
} |
Also available in: Unified diff
1. optimization in retrieval time of repositories/snippets of authenticated user
2. Marked with FIXME methods that need attention