MaDgIK
/
dnet-openaire-users
13
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Users]: Update users' session when roles have been updated

This commit is contained in:
Konstantinos Triantafyllou 2020-11-14 10:17:54 +00:00
parent 0689a1fba2
commit 0a16a3f372
1 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
src/main/java/eu/dnetlib/openaire/usermanagement/api/RegistryService.java
View File

@ -3,16 +3,22 @@ package eu.dnetlib.openaire.usermanagement.api;
import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import eu.dnetlib.openaire.user.login.utils.AuthoritiesUpdater;
import eu.dnetlib.openaire.user.pojos.RoleVerification;
import eu.dnetlib.openaire.user.utils.EmailSender;
import eu.dnetlib.openaire.usermanagement.dto.Role;
import eu.dnetlib.openaire.usermanagement.utils.AuthorizationService;
import eu.dnetlib.openaire.usermanagement.utils.JsonUtils;
import eu.dnetlib.openaire.usermanagement.utils.RegistryCalls;
import eu.dnetlib.openaire.usermanagement.utils.VerificationUtils;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RequestBody;
@ -20,6 +26,8 @@ import javax.mail.MessagingException;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.Collection;
import java.util.HashSet;
@Component(value = "RegistryService")
@Path("/registry")
@ -39,6 +47,16 @@ public class RegistryService {
@Autowired
private VerificationUtils verificationUtils;
@Autowired
private AuthoritiesUpdater authoritiesUpdater;
@Autowired
private AuthorizationService authorizationService;
private String getEmail() {
OIDCAuthenticationToken authenticationToken = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
return authenticationToken.getUserInfo().getEmail();
}
/**
* Subscribe to a type(Community, etc.) with id(ee, egi, etc.)
@ -53,6 +71,11 @@ public class RegistryService {
if (couId != null) {
Integer role = calls.getRoleId(coPersonId, couId);
calls.assignMemberRole(coPersonId, couId, role);
authoritiesUpdater.update(getEmail(), old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
authorities.add(new SimpleGrantedAuthority(authorizationService.member(type, id)));
return authorities;
});
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
} else {
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
@ -75,6 +98,12 @@ public class RegistryService {
if (role != null) {
calls.removeAdminRole(coPersonId, couId);
calls.removeMemberRole(coPersonId, couId, role);
authoritiesUpdater.update(getEmail(), old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id)));
authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id)));
return authorities;
});
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build();
} else
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("User does not have this role").toString()).type(MediaType.APPLICATION_JSON).build();
@ -309,6 +338,12 @@ public class RegistryService {
if (calls.getUserAdminGroup(coPersonId, couId) == null) {
verificationUtils.deleteManagerVerifications(verification.getEmail(), verification.getType(), verification.getEntity());
calls.assignAdminRole(coPersonId, couId);
authoritiesUpdater.update(verification.getEmail(), old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
authorities.add(new SimpleGrantedAuthority(authorizationService.member(verification.getType(), verification.getEntity())));
authorities.add(new SimpleGrantedAuthority(authorizationService.manager(verification.getType(), verification.getEntity())));
return authorities;
});
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Admin role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
} else {
return Response.status(HttpStatus.CONFLICT.value()).entity(jsonUtils.createResponse("User is already admin of this cou").toString()).type(MediaType.APPLICATION_JSON).build();
@ -349,6 +384,11 @@ public class RegistryService {
if (couId != null) {
Integer role = calls.getRoleId(coPersonId, couId);
calls.assignMemberRole(coPersonId, couId, role);
authoritiesUpdater.update(verification.getEmail(), old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
authorities.add(new SimpleGrantedAuthority(authorizationService.member(verification.getType(), verification.getEntity())));
return authorities;
});
verificationUtils.deleteMemberVerifications(verification.getEmail(), verification.getType(), verification.getEntity());
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Member role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
} else {
@ -384,6 +424,11 @@ public class RegistryService {
Integer couId = calls.getCouId(type, id);
if (couId != null) {
calls.removeAdminRole(coPersonId, couId);
authoritiesUpdater.update(email, old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id)));
return authorities;
});
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build();
} else {
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
@ -414,6 +459,12 @@ public class RegistryService {
if (couId != null && role != null) {
calls.removeAdminRole(coPersonId, couId);
calls.removeMemberRole(coPersonId, couId, role);
authoritiesUpdater.update(email, old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id)));
authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id)));
return authorities;
});
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build();
} else {
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();