diff --git a/src/main/java/eu/dnetlib/openaire/usermanagement/api/RegistryService.java b/src/main/java/eu/dnetlib/openaire/usermanagement/api/RegistryService.java index 3c2ac4c..cb4d7ab 100644 --- a/src/main/java/eu/dnetlib/openaire/usermanagement/api/RegistryService.java +++ b/src/main/java/eu/dnetlib/openaire/usermanagement/api/RegistryService.java @@ -3,16 +3,22 @@ package eu.dnetlib.openaire.usermanagement.api; import com.google.gson.JsonArray; import com.google.gson.JsonObject; import com.google.gson.JsonParser; +import eu.dnetlib.openaire.user.login.utils.AuthoritiesUpdater; import eu.dnetlib.openaire.user.pojos.RoleVerification; import eu.dnetlib.openaire.user.utils.EmailSender; import eu.dnetlib.openaire.usermanagement.dto.Role; +import eu.dnetlib.openaire.usermanagement.utils.AuthorizationService; import eu.dnetlib.openaire.usermanagement.utils.JsonUtils; import eu.dnetlib.openaire.usermanagement.utils.RegistryCalls; import eu.dnetlib.openaire.usermanagement.utils.VerificationUtils; import org.apache.log4j.Logger; +import org.mitre.openid.connect.model.OIDCAuthenticationToken; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; import org.springframework.web.bind.annotation.RequestBody; @@ -20,6 +26,8 @@ import javax.mail.MessagingException; import javax.ws.rs.*; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; +import java.util.Collection; +import java.util.HashSet; @Component(value = "RegistryService") @Path("/registry") @@ -39,6 +47,16 @@ public class RegistryService { @Autowired private VerificationUtils verificationUtils; + @Autowired + private AuthoritiesUpdater authoritiesUpdater; + + @Autowired + private AuthorizationService authorizationService; + + private String getEmail() { + OIDCAuthenticationToken authenticationToken = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); + return authenticationToken.getUserInfo().getEmail(); + } /** * Subscribe to a type(Community, etc.) with id(ee, egi, etc.) @@ -53,6 +71,11 @@ public class RegistryService { if (couId != null) { Integer role = calls.getRoleId(coPersonId, couId); calls.assignMemberRole(coPersonId, couId, role); + authoritiesUpdater.update(getEmail(), old -> { + HashSet authorities = new HashSet<>((Collection) old); + authorities.add(new SimpleGrantedAuthority(authorizationService.member(type, id))); + return authorities; + }); return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build(); } else { return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); @@ -75,6 +98,12 @@ public class RegistryService { if (role != null) { calls.removeAdminRole(coPersonId, couId); calls.removeMemberRole(coPersonId, couId, role); + authoritiesUpdater.update(getEmail(), old -> { + HashSet authorities = new HashSet<>((Collection) old); + authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id))); + authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id))); + return authorities; + }); return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build(); } else return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("User does not have this role").toString()).type(MediaType.APPLICATION_JSON).build(); @@ -309,6 +338,12 @@ public class RegistryService { if (calls.getUserAdminGroup(coPersonId, couId) == null) { verificationUtils.deleteManagerVerifications(verification.getEmail(), verification.getType(), verification.getEntity()); calls.assignAdminRole(coPersonId, couId); + authoritiesUpdater.update(verification.getEmail(), old -> { + HashSet authorities = new HashSet<>((Collection) old); + authorities.add(new SimpleGrantedAuthority(authorizationService.member(verification.getType(), verification.getEntity()))); + authorities.add(new SimpleGrantedAuthority(authorizationService.manager(verification.getType(), verification.getEntity()))); + return authorities; + }); return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Admin role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build(); } else { return Response.status(HttpStatus.CONFLICT.value()).entity(jsonUtils.createResponse("User is already admin of this cou").toString()).type(MediaType.APPLICATION_JSON).build(); @@ -349,6 +384,11 @@ public class RegistryService { if (couId != null) { Integer role = calls.getRoleId(coPersonId, couId); calls.assignMemberRole(coPersonId, couId, role); + authoritiesUpdater.update(verification.getEmail(), old -> { + HashSet authorities = new HashSet<>((Collection) old); + authorities.add(new SimpleGrantedAuthority(authorizationService.member(verification.getType(), verification.getEntity()))); + return authorities; + }); verificationUtils.deleteMemberVerifications(verification.getEmail(), verification.getType(), verification.getEntity()); return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Member role has been assigned").toString()).type(MediaType.APPLICATION_JSON).build(); } else { @@ -384,6 +424,11 @@ public class RegistryService { Integer couId = calls.getCouId(type, id); if (couId != null) { calls.removeAdminRole(coPersonId, couId); + authoritiesUpdater.update(email, old -> { + HashSet authorities = new HashSet<>((Collection) old); + authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id))); + return authorities; + }); return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build(); } else { return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); @@ -414,6 +459,12 @@ public class RegistryService { if (couId != null && role != null) { calls.removeAdminRole(coPersonId, couId); calls.removeMemberRole(coPersonId, couId, role); + authoritiesUpdater.update(email, old -> { + HashSet authorities = new HashSet<>((Collection) old); + authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id))); + authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id))); + return authorities; + }); return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been removed").toString()).type(MediaType.APPLICATION_JSON).build(); } else { return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();