[Users | Trunk]: Add delete method on web.xml. Add method to check if an verification id is owned bu user

src/main/java/eu/dnetlib/openaire/usermanagement/api/RegistryService.java

@@ -34,7 +34,7 @@ public class RegistryService {
     private VerificationUtils verificationUtils;
 
     /**
-     * Subscribe to type(Community, etc.) with id(ee, egi, etc.)
+     * Subscribe to a type(Community, etc.) with id(ee, egi, etc.)
      *
      * */
     @Path("/subscribe/{type}/{id}")
@@ -81,7 +81,7 @@ public class RegistryService {
     /**
      * Create a new role with the given name and description.
      *
-     * */
+     **/
     @Path("/createRole")
     @POST
     @Produces(MediaType.APPLICATION_JSON)
@@ -105,8 +105,13 @@ public class RegistryService {
     public Response inviteUser(@PathParam("type") String type, @PathParam("id") String id, @PathParam("email") String email) {
         Integer couId = calls.getCouId(type, id);
         if (couId != null) {
-            JsonObject invitation = verificationUtils.createInvitation(email, type, id);
-            return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse(invitation).toString()).type(MediaType.APPLICATION_JSON).build();
+            Integer coPersonId = calls.getCoPersonIdByEmail(email);
+            if(calls.getUserAdminGroup(coPersonId, couId) == null) {
+                JsonObject invitation = verificationUtils.createInvitation(email, type, id);
+                return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse(invitation).toString()).type(MediaType.APPLICATION_JSON).build();
+            } else {
+                return Response.status(HttpStatus.CONFLICT.value()).entity(jsonUtils.createResponse("User has been already manager of this cou").toString()).type(MediaType.APPLICATION_JSON).build();
+            }
         } else {
             return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build();
         }
@@ -135,7 +140,7 @@ public class RegistryService {
      * Get the invited managers for a type(Community, etc.) with id(ee, egi, etc.)
      *
      * */
-    @Path("/invite/{type}/{id}/manager/")
+    @Path("/invite/{type}/{id}/managers/")
     @GET
     @Produces(MediaType.APPLICATION_JSON)
     @PreAuthorize("hasAnyAuthority(@AuthoritiesService.SUPER_ADMIN, @AuthoritiesService.USER_ADMIN, @AuthoritiesService.PORTAL_ADMIN, " +
@@ -173,8 +178,7 @@ public class RegistryService {
     @Path("verification/{id}")
     @DELETE
     @Produces(MediaType.APPLICATION_JSON)
-    @PreAuthorize("hasAnyAuthority(@AuthoritiesService.SUPER_ADMIN, @AuthoritiesService.USER_ADMIN," +
-            "@AuthoritiesService.PORTAL_ADMIN, @AuthoritiesService.curator(#type), @AuthoritiesService.manager(#type, #id))")
+    @PreAuthorize("isAuthenticated() && @VerificationUtils.ownedVerification(#id)")
     public Response deleteVerification(@PathParam("id") String id) {
         if (verificationUtils.getVerification(id) != null) {
             verificationUtils.deleteVerification(id);

src/main/java/eu/dnetlib/openaire/usermanagement/utils/RegistryCalls.java

@@ -4,13 +4,10 @@ import com.google.gson.JsonArray;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import eu.dnetlib.openaire.usermanagement.dto.Role;
-import net.minidev.json.JSONObject;
 import org.apache.log4j.Logger;
 import org.mitre.openid.connect.model.OIDCAuthenticationToken;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 

src/main/java/eu/dnetlib/openaire/usermanagement/utils/VerificationUtils.java

@@ -4,7 +4,10 @@ import com.google.gson.JsonArray;
 import com.google.gson.JsonObject;
 import eu.dnetlib.openaire.user.pojos.ManagerVerification;
 import eu.dnetlib.openaire.user.utils.ManagerVerificationActions;
+import org.apache.log4j.Logger;
+import org.mitre.openid.connect.model.OIDCAuthenticationToken;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Component;
@@ -13,10 +16,11 @@ import java.sql.Timestamp;
 import java.util.*;
 
 
-@Component
+@Component("VerificationUtils")
 public class VerificationUtils {
 
     private final Random random = new Random();
+    private static final Logger logger = Logger.getLogger(VerificationUtils.class);
 
     @Autowired
     private ManagerVerificationActions actions;
@@ -25,7 +29,7 @@ public class VerificationUtils {
         String id;
         do {
             id = createId();
-        }while (exists(id));
+        } while (exists(id));
         ManagerVerification managerVerification = actions.addVerificationEntry(id, email, type, entity, createVerificationCode(), new Timestamp(new Date().getTime()));
         JsonObject invitation = new JsonObject();
         invitation.addProperty("link", managerVerification.getId());
@@ -36,7 +40,7 @@ public class VerificationUtils {
     public void deleteRelatedVerifications(ManagerVerification managerVerification) {
         List<ManagerVerification> related = actions.
                 getUserVerificationsForAnEntity(managerVerification.getEmail(), managerVerification.getType(), managerVerification.getEntity());
-        for(ManagerVerification verification : related) {
+        for (ManagerVerification verification : related) {
             deleteVerification(verification.getId());
         }
     }
@@ -44,7 +48,7 @@ public class VerificationUtils {
     public void deleteUserVerifications(String email, String type, String entity) {
         List<ManagerVerification> managerVerifications = actions.
                 getUserVerificationsForAnEntity(email, type, entity);
-        for(ManagerVerification verification : managerVerifications) {
+        for (ManagerVerification verification : managerVerifications) {
             deleteVerification(verification.getId());
         }
     }
@@ -68,8 +72,23 @@ public class VerificationUtils {
         return actions.verificationEntryExists(id);
     }
 
+    public boolean ownedVerification(String id) {
+        try {
+            ManagerVerification managerVerification = getVerification(id);
+            if (managerVerification != null) {
+                OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
+                String email = authentication.getUserInfo().getEmail().toLowerCase();
+                return managerVerification.getEmail().toLowerCase().equals(email);
+            }
+        } catch (Exception e) {
+            logger.error("Get User info: An error occurred ", e);
+            return false;
+        }
+        return false;
+    }
+
     private String createId() {
-        return  random.ints(48, 123)
+        return random.ints(48, 123)
                 .filter(i -> (i <= 57 || i >= 65) && (i <= 90 || i >= 97))
                 .limit(16)
                 .collect(StringBuilder::new, StringBuilder::appendCodePoint, StringBuilder::append)

src/main/webapp/WEB-INF/web.xml

@@ -152,7 +152,7 @@
         </init-param>
         <init-param>
             <param-name>cors.allowed.methods</param-name>
-            <param-value>GET, POST, DELETE OPTIONS</param-value>
+            <param-value>GET, POST, DELETE, OPTIONS</param-value>
         </init-param>
         <init-param>
             <param-name>cors.exposed.headers</param-name>