2021-07-21 13:51:18 +02:00
|
|
|
package eu.dnetlib.repo.manager.service.security;
|
|
|
|
|
|
|
|
import com.google.gson.JsonElement;
|
2023-01-17 17:20:41 +01:00
|
|
|
import eu.dnetlib.repo.manager.domain.dto.Role;
|
2021-07-21 13:51:18 +02:00
|
|
|
import eu.dnetlib.repo.manager.domain.dto.User;
|
|
|
|
import eu.dnetlib.repo.manager.exception.ResourceNotFoundException;
|
|
|
|
import eu.dnetlib.repo.manager.service.aai.registry.AaiRegistryService;
|
|
|
|
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
|
|
|
import org.mitre.openid.connect.model.UserInfo;
|
2023-01-13 11:55:15 +01:00
|
|
|
import org.slf4j.Logger;
|
2023-01-11 17:50:31 +01:00
|
|
|
import org.slf4j.LoggerFactory;
|
2021-07-21 13:51:18 +02:00
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
|
import org.springframework.security.core.context.SecurityContextHolder;
|
|
|
|
import org.springframework.stereotype.Service;
|
2023-01-17 17:20:41 +01:00
|
|
|
import org.springframework.web.client.HttpClientErrorException;
|
2021-07-21 13:51:18 +02:00
|
|
|
|
|
|
|
import java.util.ArrayList;
|
|
|
|
import java.util.Collection;
|
|
|
|
import java.util.List;
|
|
|
|
|
|
|
|
@Service("authorizationService")
|
|
|
|
public class AuthorizationServiceImpl implements AuthorizationService {
|
|
|
|
|
2023-01-11 17:50:31 +01:00
|
|
|
private static final Logger logger = LoggerFactory.getLogger(AuthorizationServiceImpl.class);
|
2022-03-15 12:33:49 +01:00
|
|
|
|
2021-07-21 13:51:18 +02:00
|
|
|
public static final String SUPER_ADMINISTRATOR = "SUPER_ADMINISTRATOR";
|
|
|
|
public static final String CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR = "CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR";
|
|
|
|
public static final String REGISTERED_USER = "REGISTERED_USER";
|
|
|
|
|
|
|
|
private final RoleMappingService roleMappingService;
|
|
|
|
private final AaiRegistryService aaiRegistryService;
|
|
|
|
private final AuthoritiesUpdater authoritiesUpdater;
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
AuthorizationServiceImpl(RoleMappingService roleMappingService, AaiRegistryService aaiRegistryService,
|
|
|
|
AuthoritiesUpdater authoritiesUpdater) {
|
|
|
|
this.roleMappingService = roleMappingService;
|
|
|
|
this.aaiRegistryService = aaiRegistryService;
|
|
|
|
this.authoritiesUpdater = authoritiesUpdater;
|
|
|
|
}
|
|
|
|
|
|
|
|
private String mapType(String type) {
|
|
|
|
if (type.equals("datasource")) {
|
|
|
|
type = "datasource";
|
|
|
|
}
|
|
|
|
return type;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Type = DATASOURCE
|
|
|
|
*/
|
|
|
|
@Override
|
|
|
|
public String member(String type, String id) {
|
|
|
|
return mapType(type).toUpperCase() + "_" + id.toUpperCase();
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public boolean isMemberOf(String repoId) {
|
|
|
|
String repoRole = roleMappingService.convertRepoIdToEncodedAuthorityId(repoId);
|
|
|
|
return SecurityContextHolder.getContext().getAuthentication().getAuthorities()
|
2021-10-22 13:32:44 +02:00
|
|
|
.stream().anyMatch(authority -> authority.toString().equals(repoRole));
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public boolean isMemberOfInterface(String interfaceId) {
|
|
|
|
|
|
|
|
//TODO blame Konstantinos Spyrou. He forced my hand...
|
|
|
|
String repoId = interfaceId.split("::")[1] + "::" + interfaceId.split("::")[2];
|
|
|
|
|
|
|
|
return isMemberOf(repoId);
|
2021-07-21 13:51:18 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public List<User> getAdminsOfRepo(String repoId) {
|
|
|
|
|
|
|
|
// find couId by role name
|
|
|
|
String role = roleMappingService.getRoleIdByRepoId(repoId);
|
|
|
|
Integer couId = aaiRegistryService.getCouId(role);
|
|
|
|
return aaiRegistryService.getUsers(couId);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
2023-01-20 18:15:59 +01:00
|
|
|
public void addAdmin(String resourceId, String email) throws ResourceNotFoundException {
|
|
|
|
String role = roleMappingService.getRoleIdByRepoId(resourceId);
|
|
|
|
Integer couId = aaiRegistryService.getCouId(role);
|
|
|
|
if (couId == null) {
|
|
|
|
throw new ResourceNotFoundException("Cannot find CouId for role: " + role);
|
|
|
|
}
|
|
|
|
List<Integer> coPersonIds = aaiRegistryService.getCoPersonIdsByEmail(email);
|
|
|
|
for (Integer coPersonId : coPersonIds) {
|
|
|
|
assert coPersonId != null;
|
|
|
|
aaiRegistryService.assignMemberRole(coPersonId, couId);
|
2021-07-21 13:51:18 +02:00
|
|
|
|
2023-01-20 18:15:59 +01:00
|
|
|
// Add role to user current authorities
|
|
|
|
for (String userId : aaiRegistryService.getUserIdentifiersByEmail(email)) {
|
|
|
|
authoritiesUpdater.addRole(userId, roleMappingService.convertRepoIdToAuthority(resourceId));
|
2021-07-21 13:51:18 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
2023-01-20 18:15:59 +01:00
|
|
|
public void removeAdmin(String resourceId, String email) throws ResourceNotFoundException {
|
|
|
|
String role = roleMappingService.getRoleIdByRepoId(resourceId);
|
|
|
|
Integer couId = aaiRegistryService.getCouId(role);
|
|
|
|
if (couId == null) {
|
|
|
|
throw new ResourceNotFoundException("Cannot find CouId for role: " + role);
|
|
|
|
}
|
|
|
|
List<Integer> coPersonIds = aaiRegistryService.getCoPersonIdsByEmail(email);
|
|
|
|
for (Integer coPersonId : coPersonIds) {
|
|
|
|
assert coPersonId != null;
|
|
|
|
Integer roleId = aaiRegistryService.getRoleId(coPersonId, couId);
|
|
|
|
if (roleId != null) {
|
2021-07-21 13:51:18 +02:00
|
|
|
aaiRegistryService.removeMemberRole(coPersonId, couId, roleId);
|
|
|
|
|
|
|
|
// Remove role from user current authorities
|
2023-01-18 15:54:18 +01:00
|
|
|
for (String userId : aaiRegistryService.getUserIdentifiersByEmail(email)) {
|
|
|
|
authoritiesUpdater.removeRole(userId, roleMappingService.convertRepoIdToAuthority(resourceId));
|
|
|
|
}
|
2021-07-21 13:51:18 +02:00
|
|
|
} else {
|
2023-01-20 18:15:59 +01:00
|
|
|
logger.error("Cannot find RoleId for role: {}", role);
|
2021-07-21 13:51:18 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-17 17:20:41 +01:00
|
|
|
@Override
|
|
|
|
public void createAndAssignRoleToAuthenticatedUser(String resourceId, String roleDescription) {
|
|
|
|
// Create new role
|
|
|
|
String newRoleName = roleMappingService.getRoleIdByRepoId(resourceId);
|
|
|
|
Role newRole = new Role(newRoleName, roleDescription);
|
|
|
|
|
|
|
|
Integer couId;
|
|
|
|
try {
|
|
|
|
couId = aaiRegistryService.createRole(newRole);
|
|
|
|
} catch (HttpClientErrorException e) {
|
|
|
|
couId = aaiRegistryService.getCouId(newRoleName);
|
|
|
|
if (couId == null) {
|
|
|
|
logger.error(String.format("Could not create role '%s'", newRoleName), e);
|
|
|
|
}
|
|
|
|
} catch (Exception e) {
|
|
|
|
logger.error(String.format("Could not create role '%s'", newRoleName), e);
|
|
|
|
throw e;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Assign new role to the current authenticated user
|
|
|
|
Integer coPersonId = aaiRegistryService.getCoPersonIdByIdentifier();
|
|
|
|
if (couId != null) {
|
|
|
|
aaiRegistryService.assignMemberRole(coPersonId, couId);
|
|
|
|
|
|
|
|
// Add role to current user authorities
|
|
|
|
authoritiesUpdater.addRole(roleMappingService.convertRepoIdToAuthority(resourceId));
|
2021-07-21 13:51:18 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public Collection<String> getUserRoles() {
|
2022-03-15 12:33:49 +01:00
|
|
|
Collection<String> roles;
|
2021-07-21 13:51:18 +02:00
|
|
|
UserInfo userInfo = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo();
|
2023-01-12 13:16:27 +01:00
|
|
|
roles = getUserRolesByEmail(userInfo.getEmail());
|
2022-03-15 12:33:49 +01:00
|
|
|
|
2023-01-31 13:35:48 +01:00
|
|
|
if (logger.isTraceEnabled()) {
|
|
|
|
logger.trace("User Roles: {}", String.join(",", roles));
|
2023-01-12 13:16:27 +01:00
|
|
|
}
|
2021-07-21 13:51:18 +02:00
|
|
|
return roles;
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
2023-01-12 13:16:27 +01:00
|
|
|
public Collection<String> getUserRolesByEmail(String email) {
|
2023-01-20 18:15:59 +01:00
|
|
|
List<Integer> coPersonIds = aaiRegistryService.getCoPersonIdsByEmail(email);
|
2021-07-21 13:51:18 +02:00
|
|
|
List<Integer> list = new ArrayList<>();
|
2023-01-20 18:15:59 +01:00
|
|
|
for (JsonElement element : aaiRegistryService.getRolesWithStatus(coPersonIds, AaiRegistryService.RoleStatus.ACTIVE)) {
|
2023-01-19 12:41:11 +01:00
|
|
|
if (element.getAsJsonObject().get("CouId") != null) {
|
|
|
|
list.add(element.getAsJsonObject().get("CouId").getAsInt());
|
|
|
|
}
|
2021-07-21 13:51:18 +02:00
|
|
|
}
|
|
|
|
return aaiRegistryService.getCouNames(list).values();
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|