diff --git a/src/main/java/eu/dnetlib/openaire/usermanagement/api/RegistryService.java b/src/main/java/eu/dnetlib/openaire/usermanagement/api/RegistryService.java index ad23848..c9afb82 100644 --- a/src/main/java/eu/dnetlib/openaire/usermanagement/api/RegistryService.java +++ b/src/main/java/eu/dnetlib/openaire/usermanagement/api/RegistryService.java @@ -34,7 +34,7 @@ public class RegistryService { private VerificationUtils verificationUtils; /** - * Subscribe to type(Community, etc.) with id(ee, egi, etc.) + * Subscribe to a type(Community, etc.) with id(ee, egi, etc.) * * */ @Path("/subscribe/{type}/{id}") @@ -81,7 +81,7 @@ public class RegistryService { /** * Create a new role with the given name and description. * - * */ + **/ @Path("/createRole") @POST @Produces(MediaType.APPLICATION_JSON) @@ -105,8 +105,13 @@ public class RegistryService { public Response inviteUser(@PathParam("type") String type, @PathParam("id") String id, @PathParam("email") String email) { Integer couId = calls.getCouId(type, id); if (couId != null) { - JsonObject invitation = verificationUtils.createInvitation(email, type, id); - return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse(invitation).toString()).type(MediaType.APPLICATION_JSON).build(); + Integer coPersonId = calls.getCoPersonIdByEmail(email); + if(calls.getUserAdminGroup(coPersonId, couId) == null) { + JsonObject invitation = verificationUtils.createInvitation(email, type, id); + return Response.status(HttpStatus.OK.value()).entity(jsonUtils.createResponse(invitation).toString()).type(MediaType.APPLICATION_JSON).build(); + } else { + return Response.status(HttpStatus.CONFLICT.value()).entity(jsonUtils.createResponse("User has been already manager of this cou").toString()).type(MediaType.APPLICATION_JSON).build(); + } } else { return Response.status(HttpStatus.NOT_FOUND.value()).entity(jsonUtils.createResponse("Role has not been found").toString()).type(MediaType.APPLICATION_JSON).build(); } @@ -135,7 +140,7 @@ public class RegistryService { * Get the invited managers for a type(Community, etc.) with id(ee, egi, etc.) * * */ - @Path("/invite/{type}/{id}/manager/") + @Path("/invite/{type}/{id}/managers/") @GET @Produces(MediaType.APPLICATION_JSON) @PreAuthorize("hasAnyAuthority(@AuthoritiesService.SUPER_ADMIN, @AuthoritiesService.USER_ADMIN, @AuthoritiesService.PORTAL_ADMIN, " + @@ -173,8 +178,7 @@ public class RegistryService { @Path("verification/{id}") @DELETE @Produces(MediaType.APPLICATION_JSON) - @PreAuthorize("hasAnyAuthority(@AuthoritiesService.SUPER_ADMIN, @AuthoritiesService.USER_ADMIN," + - "@AuthoritiesService.PORTAL_ADMIN, @AuthoritiesService.curator(#type), @AuthoritiesService.manager(#type, #id))") + @PreAuthorize("isAuthenticated() && @VerificationUtils.ownedVerification(#id)") public Response deleteVerification(@PathParam("id") String id) { if (verificationUtils.getVerification(id) != null) { verificationUtils.deleteVerification(id); diff --git a/src/main/java/eu/dnetlib/openaire/usermanagement/utils/RegistryCalls.java b/src/main/java/eu/dnetlib/openaire/usermanagement/utils/RegistryCalls.java index 47596db..41aeebd 100644 --- a/src/main/java/eu/dnetlib/openaire/usermanagement/utils/RegistryCalls.java +++ b/src/main/java/eu/dnetlib/openaire/usermanagement/utils/RegistryCalls.java @@ -4,13 +4,10 @@ import com.google.gson.JsonArray; import com.google.gson.JsonElement; import com.google.gson.JsonObject; import eu.dnetlib.openaire.usermanagement.dto.Role; -import net.minidev.json.JSONObject; import org.apache.log4j.Logger; import org.mitre.openid.connect.model.OIDCAuthenticationToken; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Service; diff --git a/src/main/java/eu/dnetlib/openaire/usermanagement/utils/VerificationUtils.java b/src/main/java/eu/dnetlib/openaire/usermanagement/utils/VerificationUtils.java index 7cc0c21..6d7128c 100644 --- a/src/main/java/eu/dnetlib/openaire/usermanagement/utils/VerificationUtils.java +++ b/src/main/java/eu/dnetlib/openaire/usermanagement/utils/VerificationUtils.java @@ -4,7 +4,10 @@ import com.google.gson.JsonArray; import com.google.gson.JsonObject; import eu.dnetlib.openaire.user.pojos.ManagerVerification; import eu.dnetlib.openaire.user.utils.ManagerVerificationActions; +import org.apache.log4j.Logger; +import org.mitre.openid.connect.model.OIDCAuthenticationToken; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Component; @@ -13,10 +16,11 @@ import java.sql.Timestamp; import java.util.*; -@Component +@Component("VerificationUtils") public class VerificationUtils { private final Random random = new Random(); + private static final Logger logger = Logger.getLogger(VerificationUtils.class); @Autowired private ManagerVerificationActions actions; @@ -25,7 +29,7 @@ public class VerificationUtils { String id; do { id = createId(); - }while (exists(id)); + } while (exists(id)); ManagerVerification managerVerification = actions.addVerificationEntry(id, email, type, entity, createVerificationCode(), new Timestamp(new Date().getTime())); JsonObject invitation = new JsonObject(); invitation.addProperty("link", managerVerification.getId()); @@ -36,7 +40,7 @@ public class VerificationUtils { public void deleteRelatedVerifications(ManagerVerification managerVerification) { List related = actions. getUserVerificationsForAnEntity(managerVerification.getEmail(), managerVerification.getType(), managerVerification.getEntity()); - for(ManagerVerification verification : related) { + for (ManagerVerification verification : related) { deleteVerification(verification.getId()); } } @@ -44,7 +48,7 @@ public class VerificationUtils { public void deleteUserVerifications(String email, String type, String entity) { List managerVerifications = actions. getUserVerificationsForAnEntity(email, type, entity); - for(ManagerVerification verification : managerVerifications) { + for (ManagerVerification verification : managerVerifications) { deleteVerification(verification.getId()); } } @@ -68,8 +72,23 @@ public class VerificationUtils { return actions.verificationEntryExists(id); } + public boolean ownedVerification(String id) { + try { + ManagerVerification managerVerification = getVerification(id); + if (managerVerification != null) { + OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); + String email = authentication.getUserInfo().getEmail().toLowerCase(); + return managerVerification.getEmail().toLowerCase().equals(email); + } + } catch (Exception e) { + logger.error("Get User info: An error occurred ", e); + return false; + } + return false; + } + private String createId() { - return random.ints(48, 123) + return random.ints(48, 123) .filter(i -> (i <= 57 || i >= 65) && (i <= 90 || i >= 97)) .limit(16) .collect(StringBuilder::new, StringBuilder::appendCodePoint, StringBuilder::append) diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml index 11f7618..70ba31a 100644 --- a/src/main/webapp/WEB-INF/web.xml +++ b/src/main/webapp/WEB-INF/web.xml @@ -152,7 +152,7 @@ cors.allowed.methods - GET, POST, DELETE OPTIONS + GET, POST, DELETE, OPTIONS cors.exposed.headers