1 |
61318
|
spyroukon
|
package eu.dnetlib.repo.manager.service.security;
|
2 |
60749
|
akoulalis
|
|
3 |
61363
|
spyroukon
|
import com.google.gson.JsonArray;
|
4 |
|
|
import com.google.gson.JsonElement;
|
5 |
|
|
import eu.dnetlib.repo.manager.domain.dto.User;
|
6 |
|
|
import eu.dnetlib.repo.manager.exception.ResourceNotFoundException;
|
7 |
|
|
import eu.dnetlib.repo.manager.service.aai.registry.AaiRegistryService;
|
8 |
61372
|
spyroukon
|
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
9 |
|
|
import org.mitre.openid.connect.model.UserInfo;
|
10 |
61363
|
spyroukon
|
import org.springframework.beans.factory.annotation.Autowired;
|
11 |
|
|
import org.springframework.security.core.context.SecurityContextHolder;
|
12 |
|
|
import org.springframework.stereotype.Service;
|
13 |
60749
|
akoulalis
|
|
14 |
61363
|
spyroukon
|
import java.util.ArrayList;
|
15 |
61372
|
spyroukon
|
import java.util.Collection;
|
16 |
61363
|
spyroukon
|
import java.util.List;
|
17 |
|
|
|
18 |
|
|
@Service("authorizationService")
|
19 |
61318
|
spyroukon
|
public class AuthorizationServiceImpl implements AuthorizationService {
|
20 |
60749
|
akoulalis
|
|
21 |
61371
|
spyroukon
|
public static final String SUPER_ADMINISTRATOR = "SUPER_ADMINISTRATOR";
|
22 |
|
|
public static final String CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR = "CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR";
|
23 |
|
|
public static final String REGISTERED_USER = "REGISTERED_USER";
|
24 |
60749
|
akoulalis
|
|
25 |
61363
|
spyroukon
|
private final RoleMappingService roleMappingService;
|
26 |
|
|
private final AaiRegistryService aaiRegistryService;
|
27 |
|
|
private final AuthoritiesUpdater authoritiesUpdater;
|
28 |
|
|
|
29 |
|
|
@Autowired
|
30 |
|
|
AuthorizationServiceImpl(RoleMappingService roleMappingService, AaiRegistryService aaiRegistryService,
|
31 |
|
|
AuthoritiesUpdater authoritiesUpdater) {
|
32 |
|
|
this.roleMappingService = roleMappingService;
|
33 |
|
|
this.aaiRegistryService = aaiRegistryService;
|
34 |
|
|
this.authoritiesUpdater = authoritiesUpdater;
|
35 |
|
|
}
|
36 |
|
|
|
37 |
60749
|
akoulalis
|
private String mapType(String type) {
|
38 |
61318
|
spyroukon
|
if (type.equals("datasource")) {
|
39 |
60749
|
akoulalis
|
type = "datasource";
|
40 |
|
|
}
|
41 |
|
|
return type;
|
42 |
|
|
}
|
43 |
|
|
|
44 |
|
|
/**
|
45 |
|
|
* Type = DATASOURCE
|
46 |
61318
|
spyroukon
|
*/
|
47 |
61363
|
spyroukon
|
@Override
|
48 |
60749
|
akoulalis
|
public String member(String type, String id) {
|
49 |
|
|
return mapType(type).toUpperCase() + "_" + id.toUpperCase();
|
50 |
|
|
}
|
51 |
|
|
|
52 |
61363
|
spyroukon
|
@Override
|
53 |
|
|
public boolean isMemberOf(String repoId) {
|
54 |
|
|
String repoRole = roleMappingService.convertRepoIdToEncodedAuthorityId(repoId);
|
55 |
|
|
return SecurityContextHolder.getContext().getAuthentication().getAuthorities()
|
56 |
|
|
.parallelStream().anyMatch(authority -> authority.toString().equals(repoRole));
|
57 |
|
|
}
|
58 |
|
|
|
59 |
|
|
@Override
|
60 |
|
|
public List<User> getAdminsOfRepo(String repoId) {
|
61 |
|
|
List<String> userList = new ArrayList<>();
|
62 |
|
|
|
63 |
|
|
// find couId by role name
|
64 |
|
|
String role = roleMappingService.getRoleIdByRepoId(repoId);
|
65 |
|
|
Integer couId = aaiRegistryService.getCouId(role);
|
66 |
|
|
if (couId != null) {
|
67 |
|
|
JsonArray users = aaiRegistryService.getUsersByCouId(couId);
|
68 |
|
|
for (JsonElement jsonElement : users) {
|
69 |
|
|
userList.add(jsonElement.toString());
|
70 |
|
|
}
|
71 |
|
|
}
|
72 |
|
|
return aaiRegistryService.getUsers(couId);
|
73 |
|
|
}
|
74 |
|
|
|
75 |
|
|
|
76 |
|
|
@Override
|
77 |
|
|
public boolean addAdmin(String id, String email) throws ResourceNotFoundException {
|
78 |
|
|
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email);
|
79 |
|
|
if (coPersonId != null) {
|
80 |
|
|
String role = roleMappingService.getRoleIdByRepoId(id);
|
81 |
|
|
Integer couId = aaiRegistryService.getCouId(role);
|
82 |
|
|
if (couId != null) {
|
83 |
|
|
Integer roleId = aaiRegistryService.getRoleId(coPersonId, couId);
|
84 |
|
|
aaiRegistryService.assignMemberRole(coPersonId, couId, roleId);
|
85 |
|
|
|
86 |
|
|
// Add role to user current authorities
|
87 |
|
|
authoritiesUpdater.addRole(email, roleMappingService.convertRepoIdToAuthority(id));
|
88 |
|
|
|
89 |
|
|
return true;
|
90 |
|
|
} else {
|
91 |
|
|
throw new ResourceNotFoundException("Cannot find CouId for role: " + role);
|
92 |
|
|
}
|
93 |
|
|
} else {
|
94 |
|
|
throw new ResourceNotFoundException("Cannot find coPersonId for user with email: " + email);
|
95 |
|
|
}
|
96 |
|
|
}
|
97 |
|
|
|
98 |
|
|
@Override
|
99 |
|
|
public boolean removeAdmin(String id, String email) throws ResourceNotFoundException {
|
100 |
|
|
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email);
|
101 |
|
|
if (coPersonId != null) {
|
102 |
|
|
String role = roleMappingService.getRoleIdByRepoId(id);
|
103 |
|
|
Integer couId = aaiRegistryService.getCouId(role);
|
104 |
|
|
Integer roleId = null;
|
105 |
|
|
if (couId != null) {
|
106 |
|
|
roleId = aaiRegistryService.getRoleId(coPersonId, couId);
|
107 |
|
|
}
|
108 |
|
|
if (couId != null && roleId != null) {
|
109 |
|
|
aaiRegistryService.removeMemberRole(coPersonId, couId, roleId);
|
110 |
|
|
|
111 |
|
|
// Remove role from user current authorities
|
112 |
|
|
authoritiesUpdater.removeRole(email, roleMappingService.convertRepoIdToAuthority(id));
|
113 |
|
|
|
114 |
|
|
return true;
|
115 |
|
|
} else {
|
116 |
|
|
throw new ResourceNotFoundException("Cannot find CouId for role: " + role);
|
117 |
|
|
}
|
118 |
|
|
} else {
|
119 |
|
|
throw new ResourceNotFoundException("Cannot find coPersonId for user with email: " + email);
|
120 |
|
|
}
|
121 |
|
|
}
|
122 |
|
|
|
123 |
61372
|
spyroukon
|
@Override
|
124 |
|
|
public Collection<String> getUserRoles() {
|
125 |
|
|
List<String> roles;
|
126 |
|
|
JsonArray entitlements;
|
127 |
|
|
UserInfo userInfo = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo();
|
128 |
|
|
if (userInfo.getSource().getAsJsonArray("edu_person_entitlements") != null) {
|
129 |
|
|
entitlements = userInfo.getSource().getAsJsonArray("edu_person_entitlements");
|
130 |
|
|
} else if (userInfo.getSource().getAsJsonArray("eduperson_entitlement") != null) {
|
131 |
|
|
entitlements = userInfo.getSource().getAsJsonArray("eduperson_entitlement");
|
132 |
|
|
} else {
|
133 |
|
|
entitlements = new JsonArray();
|
134 |
|
|
}
|
135 |
|
|
roles = AuthoritiesMapper.entitlementRoles(entitlements);
|
136 |
|
|
return roles;
|
137 |
|
|
}
|
138 |
|
|
|
139 |
|
|
@Override
|
140 |
|
|
public Collection<String> getUserRoles(String email) {
|
141 |
|
|
int coPersonId = aaiRegistryService.getCoPersonIdByEmail(email);
|
142 |
|
|
List<Integer> list = new ArrayList<>();
|
143 |
|
|
for (JsonElement element : aaiRegistryService.getRolesWithStatus(coPersonId, AaiRegistryService.RoleStatus.ACTIVE)) {
|
144 |
|
|
list.add(element.getAsJsonObject().get("CouId").getAsInt());
|
145 |
|
|
}
|
146 |
|
|
return aaiRegistryService.getCouNames(list).values();
|
147 |
|
|
}
|
148 |
|
|
|
149 |
60749
|
akoulalis
|
}
|