[Users | Trunk]: Remove from authorization service user and super admin

This commit is contained in:
Konstantinos Triantafyllou 2020-11-19 17:15:08 +00:00
parent 46af960f38
commit 3251045bb2
2 changed files with 49 additions and 73 deletions

View File

@ -16,7 +16,6 @@ import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
@ -53,7 +52,7 @@ public class RegistryService {
@Autowired @Autowired
private AuthorizationService authorizationService; private AuthorizationService authorizationService;
private String getEmail() { private String sendEmail() {
OIDCAuthenticationToken authenticationToken = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); OIDCAuthenticationToken authenticationToken = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
return authenticationToken.getUserInfo().getEmail(); return authenticationToken.getUserInfo().getEmail();
} }
@ -71,7 +70,7 @@ public class RegistryService {
if (couId != null) { if (couId != null) {
Integer role = calls.getRoleId(coPersonId, couId); Integer role = calls.getRoleId(coPersonId, couId);
calls.assignMemberRole(coPersonId, couId, role); calls.assignMemberRole(coPersonId, couId, role);
authoritiesUpdater.update(getEmail(), old -> { authoritiesUpdater.update(sendEmail(), old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
authorities.add(new SimpleGrantedAuthority(authorizationService.member(type, id))); authorities.add(new SimpleGrantedAuthority(authorizationService.member(type, id)));
return authorities; return authorities;
@ -98,7 +97,7 @@ public class RegistryService {
if (role != null) { if (role != null) {
calls.removeAdminRole(coPersonId, couId); calls.removeAdminRole(coPersonId, couId);
calls.removeMemberRole(coPersonId, couId, role); calls.removeMemberRole(coPersonId, couId, role);
authoritiesUpdater.update(getEmail(), old -> { authoritiesUpdater.update(sendEmail(), old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old); HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id))); authorities.remove(new SimpleGrantedAuthority(authorizationService.manager(type, id)));
authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id))); authorities.remove(new SimpleGrantedAuthority(authorizationService.member(type, id)));
@ -119,50 +118,32 @@ public class RegistryService {
@POST @POST
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
@PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.USER_ADMIN, @AuthorizationService.PORTAL_ADMIN)") @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
public Response createRole(@RequestBody Role role) { public Response createRole(@RequestBody Role role) {
calls.createRole(role); calls.createRole(role);
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been created").toString()).type(MediaType.APPLICATION_JSON).build(); return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse("Role has been created").toString()).type(MediaType.APPLICATION_JSON).build();
} }
/** /**
*
* Invite user with email to manage a type(Community, etc.) with id(ee, egi, etc.) * Invite user with email to manage a type(Community, etc.) with id(ee, egi, etc.)
* Auto generated link and code will be sent as response. * Auto generated link and code will be sent as response.
*/ */
@Path("/invite/{type}/{id}/manager/{email}") @Path("/invite/{type}/{id}/manager")
@POST @POST
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.USER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " + @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN, " +
"@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))") "@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))")
public Response inviteManager(@PathParam("type") String type, @PathParam("id") String id, @PathParam("email") String email, @RequestBody String body) { public Response inviteManager(@PathParam("type") String type, @PathParam("id") String id, @RequestBody String body) {
Integer couId = calls.getCouId(type, id); Integer couId = calls.getCouId(type, id);
if (couId != null) { if (couId != null) {
Integer coPersonId = calls.getCoPersonIdByEmail(email);
if (coPersonId == null || calls.getUserAdminGroup(coPersonId, couId) == null) {
JsonObject invitation = verificationUtils.createManagerInvitation(email, type, id);
String name = (coPersonId != null)?calls.getUserNames(coPersonId):null;
JsonObject details = new JsonParser().parse(body).getAsJsonObject(); JsonObject details = new JsonParser().parse(body).getAsJsonObject();
String link = details.get("link").getAsString() + invitation.get("link").getAsString(); JsonObject email = details.get("email").getAsJsonObject();
String subject = "Invite to manage " + details.get("name").getAsString(); String recipient = email.get("recipient").getAsString();
String message = "<p>Hello" + ((name != null)?(" " + name):"") + ",</p>" + Integer coPersonId = calls.getCoPersonIdByEmail(recipient);
"<p> You have been invited to manage " + details.get("name").getAsString() + ". " + if (coPersonId == null || calls.getUserAdminGroup(coPersonId, couId) == null) {
"Use the verification code below to accept the invitation." + JsonObject invitation = verificationUtils.createManagerInvitation(recipient, type, id);
"</p>" + return sendEmail(details, email, coPersonId, invitation);
"<p>" +
"The verification code is " + invitation.get("code").getAsString() +
"</p>" +
"Click the URL below and proceed with the process." +
"<p><a href=" + link + ">" + link + "</a></p>" +
"<p>Thank you,</p>" +
"<p>OpenAIRE technical team</p>";
try {
emailSender.sendEmail(email, subject, message);
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse(invitation).toString()).type(MediaType.APPLICATION_JSON).build();
} catch (MessagingException e) {
logger.error(e.getMessage());
verificationUtils.deleteVerification(invitation.get("link").getAsString());
return Response.status(HttpStatus.BAD_REQUEST.value()).entity(jsonUtils.createResponse("Email sent failed").toString()).type(MediaType.APPLICATION_JSON).build();
}
} else { } else {
return Response.status(HttpStatus.CONFLICT.value()).entity(jsonUtils.createResponse("User has been already manager of this " + type).toString()).type(MediaType.APPLICATION_JSON).build(); return Response.status(HttpStatus.CONFLICT.value()).entity(jsonUtils.createResponse("User has been already manager of this " + type).toString()).type(MediaType.APPLICATION_JSON).build();
} }
@ -175,40 +156,21 @@ public class RegistryService {
* Invite user with email to be a member of a type(Community, etc.) with id(ee, egi, etc.) * Invite user with email to be a member of a type(Community, etc.) with id(ee, egi, etc.)
* Auto generated link and code will be sent as response. * Auto generated link and code will be sent as response.
*/ */
@Path("/invite/{type}/{id}/member/{email}") @Path("/invite/{type}/{id}/member")
@POST @POST
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.USER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " + @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN, " +
"@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))") "@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))")
public Response inviteMember(@PathParam("type") String type, @PathParam("id") String id, @PathParam("email") String email, @RequestBody String body) { public Response inviteMember(@PathParam("type") String type, @PathParam("id") String id, @RequestBody String body) {
Integer couId = calls.getCouId(type, id); Integer couId = calls.getCouId(type, id);
if (couId != null) { if (couId != null) {
Integer coPersonId = calls.getCoPersonIdByEmail(email);
if (coPersonId == null || calls.getRoleId(coPersonId, couId) == null) {
JsonObject invitation = verificationUtils.createMemberInvitation(email, type, id);
String name = (coPersonId != null)?calls.getUserNames(coPersonId):null;
JsonObject details = new JsonParser().parse(body).getAsJsonObject(); JsonObject details = new JsonParser().parse(body).getAsJsonObject();
String link = details.get("link").getAsString() + invitation.get("link").getAsString(); JsonObject email = details.get("email").getAsJsonObject();
String subject = "Invite to be a member of " + details.get("name").getAsString(); String recipient = email.get("recipient").getAsString();
String message = "<p>Hello" + ((name != null)?(" " + name):"") + ",</p>" + Integer coPersonId = calls.getCoPersonIdByEmail(recipient);
"<p> You have been invited to be a member of " + details.get("name").getAsString() + ". " + if (coPersonId == null || calls.getRoleId(coPersonId, couId) == null) {
"Use the verification code below to accept the invitation." + JsonObject invitation = verificationUtils.createMemberInvitation(recipient, type, id);
"</p>" + return sendEmail(details, email, coPersonId, invitation);
"<p>" +
"The verification code is " + invitation.get("code").getAsString() +
"</p>" +
"Click the URL below and proceed with the process." +
"<p><a href=" + link + ">" + link + "</a></p>" +
"<p>Thank you,</p>" +
"<p>OpenAIRE technical team</p>";
try {
emailSender.sendEmail(email, subject, message);
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse(invitation).toString()).type(MediaType.APPLICATION_JSON).build();
} catch (MessagingException e) {
logger.error(e.getMessage());
verificationUtils.deleteVerification(invitation.get("link").getAsString());
return Response.status(HttpStatus.BAD_REQUEST.value()).entity(jsonUtils.createResponse("Email sent failed").toString()).type(MediaType.APPLICATION_JSON).build();
}
} else { } else {
return Response.status(HttpStatus.CONFLICT.value()).entity(jsonUtils.createResponse("User has been already member of this " + type).toString()).type(MediaType.APPLICATION_JSON).build(); return Response.status(HttpStatus.CONFLICT.value()).entity(jsonUtils.createResponse("User has been already member of this " + type).toString()).type(MediaType.APPLICATION_JSON).build();
} }
@ -217,13 +179,31 @@ public class RegistryService {
} }
} }
private Response sendEmail(JsonObject details, JsonObject email, Integer coPersonId, JsonObject invitation) {
String name = (coPersonId != null)?calls.getUserNames(coPersonId):"User";
String link = details.get("link").getAsString() + invitation.get("link").getAsString();
String subject = email.get("subject").getAsString();
String message = email.get("body").getAsString().
replace("((__user__))", name).
replace("((__link__))", link).
replace("((__code__))", invitation.get("code").getAsString());
try {
emailSender.sendEmail(email.get("recipient").getAsString(), subject, message);
return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse(invitation).toString()).type(MediaType.APPLICATION_JSON).build();
} catch (MessagingException e) {
logger.error(e.getMessage());
verificationUtils.deleteVerification(invitation.get("link").getAsString());
return Response.status(HttpStatus.BAD_REQUEST.value()).entity(jsonUtils.createResponse("Email sent failed").toString()).type(MediaType.APPLICATION_JSON).build();
}
}
/** /**
* Cancel invitation to user with email for managing a type(Community, etc.) with id(ee, egi, etc.) * Cancel invitation to user with email for managing a type(Community, etc.) with id(ee, egi, etc.)
*/ */
@Path("/invite/{type}/{id}/manager/{email}") @Path("/invite/{type}/{id}/manager/{email}")
@DELETE @DELETE
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.USER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " + @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN, " +
"@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))") "@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))")
public Response cancelManagerInvitations(@PathParam("type") String type, @PathParam("id") String id, @PathParam("email") String email) { public Response cancelManagerInvitations(@PathParam("type") String type, @PathParam("id") String id, @PathParam("email") String email) {
Integer couId = calls.getCouId(type, id); Integer couId = calls.getCouId(type, id);
@ -241,7 +221,7 @@ public class RegistryService {
@Path("/invite/{type}/{id}/member/{email}") @Path("/invite/{type}/{id}/member/{email}")
@DELETE @DELETE
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.USER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " + @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN, " +
"@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))") "@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))")
public Response cancelMemberInvitations(@PathParam("type") String type, @PathParam("id") String id, @PathParam("email") String email) { public Response cancelMemberInvitations(@PathParam("type") String type, @PathParam("id") String id, @PathParam("email") String email) {
Integer couId = calls.getCouId(type, id); Integer couId = calls.getCouId(type, id);
@ -259,7 +239,7 @@ public class RegistryService {
@Path("/invite/{type}/{id}/managers/") @Path("/invite/{type}/{id}/managers/")
@GET @GET
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.USER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " + @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN, " +
"@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))") "@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))")
public Response getInvitedManagers(@PathParam("type") String type, @PathParam("id") String id) { public Response getInvitedManagers(@PathParam("type") String type, @PathParam("id") String id) {
JsonArray invited = verificationUtils.getInvitedManagers(type, id); JsonArray invited = verificationUtils.getInvitedManagers(type, id);
@ -272,7 +252,7 @@ public class RegistryService {
@Path("/invite/{type}/{id}/members/") @Path("/invite/{type}/{id}/members/")
@GET @GET
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.USER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " + @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN, " +
"@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))") "@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))")
public Response getInviteMembers(@PathParam("type") String type, @PathParam("id") String id) { public Response getInviteMembers(@PathParam("type") String type, @PathParam("id") String id) {
JsonArray invited = verificationUtils.getInvitedMembers(type, id); JsonArray invited = verificationUtils.getInvitedMembers(type, id);
@ -415,8 +395,7 @@ public class RegistryService {
@DELETE @DELETE
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
@PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.USER_ADMIN," + @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN, @AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))")
"@AuthorizationService.PORTAL_ADMIN, @AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))")
public Response removeManagerRole(@PathParam("type") String type, @PathParam("id") String public Response removeManagerRole(@PathParam("type") String type, @PathParam("id") String
id, @PathParam("email") String email) { id, @PathParam("email") String email) {
Integer coPersonId = calls.getCoPersonIdByEmail(email); Integer coPersonId = calls.getCoPersonIdByEmail(email);
@ -445,8 +424,7 @@ public class RegistryService {
@DELETE @DELETE
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
@PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.USER_ADMIN," + @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN, @AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))")
"@AuthorizationService.PORTAL_ADMIN, @AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))")
public Response removeMemberRole(@PathParam("type") String type, @PathParam("id") String public Response removeMemberRole(@PathParam("type") String type, @PathParam("id") String
id, @PathParam("email") String email) { id, @PathParam("email") String email) {
Integer coPersonId = calls.getCoPersonIdByEmail(email); Integer coPersonId = calls.getCoPersonIdByEmail(email);
@ -480,7 +458,7 @@ public class RegistryService {
@Path("/{type}/{id}/members") @Path("/{type}/{id}/members")
@GET @GET
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN," + @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN," +
"@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))") "@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))")
public Response getMembers(@PathParam("type") String type, @PathParam("id") String id) { public Response getMembers(@PathParam("type") String type, @PathParam("id") String id) {
Integer couId = calls.getCouId(type, id); Integer couId = calls.getCouId(type, id);
@ -498,7 +476,7 @@ public class RegistryService {
@Path("/{type}/{id}/members/email") @Path("/{type}/{id}/members/email")
@GET @GET
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN," + @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN," +
"@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))") "@AuthorizationService.curator(#type), @AuthorizationService.manager(#type, #id))")
public Response getMembersEmail(@PathParam("type") String type, @PathParam("id") String id) { public Response getMembersEmail(@PathParam("type") String type, @PathParam("id") String id) {
Integer couId = calls.getCouId(type, id); Integer couId = calls.getCouId(type, id);

View File

@ -5,9 +5,7 @@ import org.springframework.stereotype.Component;
@Component("AuthorizationService") @Component("AuthorizationService")
public class AuthorizationService { public class AuthorizationService {
public final String SUPER_ADMIN = "SUPER_ADMINISTRATOR";
public final String PORTAL_ADMIN = "PORTAL_ADMINISTRATOR"; public final String PORTAL_ADMIN = "PORTAL_ADMINISTRATOR";
public final String USER_ADMIN = "USER_MANAGER";
private String mapType(String type) { private String mapType(String type) {
if(type.equals("organization")) { if(type.equals("organization")) {