[Users]: Update users' session when roles have been updated
This commit is contained in:
parent
0689a1fba2
commit
0a16a3f372
|
@ -3,16 +3,22 @@ package eu.dnetlib.openaire.usermanagement.api;
|
|||
import com.google.gson.JsonArray;
|
||||
import com.google.gson.JsonObject;
|
||||
import com.google.gson.JsonParser;
|
||||
import eu.dnetlib.openaire.user.login.utils.AuthoritiesUpdater;
|
||||
import eu.dnetlib.openaire.user.pojos.RoleVerification;
|
||||
import eu.dnetlib.openaire.user.utils.EmailSender;
|
||||
import eu.dnetlib.openaire.usermanagement.dto.Role;
|
||||
import eu.dnetlib.openaire.usermanagement.utils.AuthorizationService;
|
||||
import eu.dnetlib.openaire.usermanagement.utils.JsonUtils;
|
||||
import eu.dnetlib.openaire.usermanagement.utils.RegistryCalls;
|
||||
import eu.dnetlib.openaire.usermanagement.utils.VerificationUtils;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
|
||||
|
@ -20,6 +26,8 @@ import javax.mail.MessagingException;
|
|||
import javax.ws.rs.*;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
|
||||
@Component(value = "RegistryService")
|
||||
@Path("/registry")
|
||||
|
@ -39,6 +47,16 @@ public class RegistryService {
|
|||
@Autowired
|
||||
private VerificationUtils verificationUtils;
|
||||
|
||||
@Autowired
|
||||
private AuthoritiesUpdater authoritiesUpdater;
|
||||
|
||||
@Autowired
|
||||
private AuthorizationService authorizationService;
|
||||
|
||||
private String getEmail() {
|
||||
OIDCAuthenticationToken authenticationToken = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
||||
return authenticationToken.getUserInfo().getEmail();
|
||||
}
|
||||
|
||||
/**
|
||||
* Subscribe to a type(Community, etc.) with id(ee, egi, etc.)
|
||||
|
@ -53,6 +71,11 @@ public class RegistryService {
|
|||
if (couId != null) {
|
||||
Integer role = calls.getRoleId(coPersonId, couId);
|
||||
calls.assignMemberRole(coPersonId, couId, role);
|
||||
authoritiesUpdater.update(getEmail(), old -> {
|
||||
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
|
||||
authorities.add(new SimpleGrantedAuthority(authorizationService.member(type, id)));
|
||||
return authorities;
|
||||
});
|
||||
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
} else {
|
||||
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
|
@ -75,6 +98,12 @@ public class RegistryService {
|
|||
if (role != null) {
|
||||
calls.removeAdminRole(coPersonId, couId);
|
||||
calls.removeMemberRole(coPersonId, couId, role);
|
||||
authoritiesUpdater.update(getEmail(), old -> {
|
||||
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
|
||||
authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id)));
|
||||
authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id)));
|
||||
return authorities;
|
||||
});
|
||||
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
} else
|
||||
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("User does not have this role").toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
|
@ -309,6 +338,12 @@ public class RegistryService {
|
|||
if (calls.getUserAdminGroup(coPersonId, couId) == null) {
|
||||
verificationUtils.deleteManagerVerifications(verification.getEmail(), verification.getType(), verification.getEntity());
|
||||
calls.assignAdminRole(coPersonId, couId);
|
||||
authoritiesUpdater.update(verification.getEmail(), old -> {
|
||||
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
|
||||
authorities.add(new SimpleGrantedAuthority(authorizationService.member(verification.getType(), verification.getEntity())));
|
||||
authorities.add(new SimpleGrantedAuthority(authorizationService.manager(verification.getType(), verification.getEntity())));
|
||||
return authorities;
|
||||
});
|
||||
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Admin role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
} else {
|
||||
return Response.status(HttpStatus.CONFLICT.value()).entity(jsonUtils.createResponse("User is already admin of this cou").toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
|
@ -349,6 +384,11 @@ public class RegistryService {
|
|||
if (couId != null) {
|
||||
Integer role = calls.getRoleId(coPersonId, couId);
|
||||
calls.assignMemberRole(coPersonId, couId, role);
|
||||
authoritiesUpdater.update(verification.getEmail(), old -> {
|
||||
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
|
||||
authorities.add(new SimpleGrantedAuthority(authorizationService.member(verification.getType(), verification.getEntity())));
|
||||
return authorities;
|
||||
});
|
||||
verificationUtils.deleteMemberVerifications(verification.getEmail(), verification.getType(), verification.getEntity());
|
||||
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Member role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
} else {
|
||||
|
@ -384,6 +424,11 @@ public class RegistryService {
|
|||
Integer couId = calls.getCouId(type, id);
|
||||
if (couId != null) {
|
||||
calls.removeAdminRole(coPersonId, couId);
|
||||
authoritiesUpdater.update(email, old -> {
|
||||
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
|
||||
authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id)));
|
||||
return authorities;
|
||||
});
|
||||
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
} else {
|
||||
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
|
@ -414,6 +459,12 @@ public class RegistryService {
|
|||
if (couId != null && role != null) {
|
||||
calls.removeAdminRole(coPersonId, couId);
|
||||
calls.removeMemberRole(coPersonId, couId, role);
|
||||
authoritiesUpdater.update(email, old -> {
|
||||
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
|
||||
authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id)));
|
||||
authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id)));
|
||||
return authorities;
|
||||
});
|
||||
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
} else {
|
||||
return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
|
|
Loading…
Reference in New Issue