1. changed user roles defined in the project to authorities given by the aai.
2. created method returning user roles with desired status (active, deleted).
This commit is contained in:
parent
95929e6587
commit
90827f99d3
|
@ -12,9 +12,7 @@ import org.springframework.security.core.GrantedAuthority;
|
|||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.*;
|
||||
|
||||
@ComponentScan
|
||||
@Component
|
||||
|
@ -28,21 +26,18 @@ public class OpenAIREAuthoritiesMapper implements OIDCAuthoritiesMapper {
|
|||
@Override
|
||||
public Collection<? extends GrantedAuthority> mapAuthorities(JWT jwtToken, UserInfo userInfo) {
|
||||
JsonArray entitlements = null;
|
||||
List<GrantedAuthority> authorities = new ArrayList<>();
|
||||
Set<GrantedAuthority> authorities = new HashSet<>();
|
||||
if (userInfo != null && userInfo.getSource() != null) {
|
||||
if (userInfo.getSource().getAsJsonArray("edu_person_entitlements") != null) {
|
||||
entitlements = userInfo.getSource().getAsJsonArray("edu_person_entitlements");
|
||||
} else if (userInfo.getSource().getAsJsonArray("eduperson_entitlement") != null) {
|
||||
entitlements = userInfo.getSource().getAsJsonArray("eduperson_entitlement");
|
||||
} else {
|
||||
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
|
||||
logger.error("Could not read user 'edu_person_entitlements' && 'eduperson_entitlement'\nAdding default role 'ROLE_USER' to user: " + userInfo.toString());
|
||||
}
|
||||
logger.debug("user info: " + userInfo + "\nentitlements: " + entitlements);
|
||||
|
||||
// FIXME: delete this if statement
|
||||
// FIXME: delete this if statement when super administrators are set
|
||||
if (userInfo.getEmail() != null && userInfo.getEmail().equals(adminEmail)) {
|
||||
authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
|
||||
authorities.add(new SimpleGrantedAuthority("SUPER_ADMINISTRATOR"));
|
||||
}
|
||||
|
||||
authorities.addAll(AuthoritiesMapper.map(entitlements));
|
||||
|
|
|
@ -30,7 +30,7 @@ public class BrokerController{
|
|||
@RequestMapping(value = "/getDatasourcesOfUser" , method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public DatasourcesBroker getDatasourcesOfUser(
|
||||
@RequestParam("includeShared")
|
||||
@ApiParam(value = "Include shared datasources", required = true , defaultValue = "false") String includeShared,
|
||||
|
@ -51,7 +51,7 @@ public class BrokerController{
|
|||
method = RequestMethod.POST,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public EventsPage advancedShowEvents(@PathVariable("page") String page,
|
||||
@PathVariable("size") String size,
|
||||
@RequestBody AdvQueryObject advQueryObject) throws BrokerException, JSONException ,IOException{
|
||||
|
@ -62,7 +62,7 @@ public class BrokerController{
|
|||
method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public EventsPage showEvents(@RequestParam("datasourceName") String datasourceName,
|
||||
@RequestParam("topic") String topic,
|
||||
@RequestParam("page") String page,
|
||||
|
@ -74,7 +74,7 @@ public class BrokerController{
|
|||
method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public Map<String, List<SimpleSubscriptionDesc>> getSimpleSubscriptionsOfUser() throws BrokerException{
|
||||
return brokerService.getSimpleSubscriptionsOfUser(((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail());
|
||||
}
|
||||
|
@ -83,7 +83,7 @@ public class BrokerController{
|
|||
consumes = MediaType.APPLICATION_JSON_VALUE,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER') ")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER') ")
|
||||
public Subscription subscribe(@RequestBody OpenaireSubscription obj) throws BrokerException{
|
||||
return brokerService.subscribe(obj);
|
||||
}
|
||||
|
@ -92,7 +92,7 @@ public class BrokerController{
|
|||
consumes = MediaType.APPLICATION_JSON_VALUE,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public ResponseEntity<Object> unsubscribe(@PathVariable("subscriptionId") String subscriptionId) throws BrokerException{
|
||||
return brokerService.unsubscribe(subscriptionId);
|
||||
}
|
||||
|
@ -100,7 +100,7 @@ public class BrokerController{
|
|||
@RequestMapping(value = "/getSubscription/{subscriptionId}" , method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public Subscription getSubscription(@PathVariable("subscriptionId") String subscriptionId) throws BrokerException{
|
||||
return brokerService.getSubscription(subscriptionId);
|
||||
}
|
||||
|
@ -116,7 +116,7 @@ public class BrokerController{
|
|||
@RequestMapping(value = "/getNotificationsBySubscriptionId/{subscriptionId}/{page}/{size}" , method = RequestMethod.GET
|
||||
,produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public EventsPage getNotificationsBySubscriptionId(@PathVariable("subscriptionId") String subscriptionId,
|
||||
@PathVariable("page") String page,
|
||||
@PathVariable("size") String size) throws BrokerException{
|
||||
|
|
|
@ -36,7 +36,7 @@ public class DashboardController {
|
|||
@RequestMapping(value = "/getRepositoriesSummary/{page}/{size}" , method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public List<RepositorySummaryInfo> getRepositoriesSummaryInfo(
|
||||
@PathVariable("page") String page,
|
||||
@PathVariable("size") String size) throws JSONException {
|
||||
|
@ -46,7 +46,7 @@ public class DashboardController {
|
|||
@RequestMapping(value = "/collectionMonitorSummary/{repoId}" , method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public CollectionMonitorSummary getCollectionMonitorSummary(
|
||||
@PathVariable("repoId") String repoId,
|
||||
@RequestParam(name = "size", required = false, defaultValue = "20") int size) throws JSONException {
|
||||
|
@ -72,7 +72,7 @@ public class DashboardController {
|
|||
@RequestMapping(value = "/usageSummary/{repoId}" , method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public UsageSummary getUsageSummary(
|
||||
@PathVariable("repoId") String repoId
|
||||
) throws RepositoryServiceException {
|
||||
|
@ -82,7 +82,7 @@ public class DashboardController {
|
|||
@RequestMapping(value = "/brokerSummary/{ds_name}" , method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public BrokerSummary getBrokerSummary(
|
||||
@PathVariable("ds_name") String datasourceName) throws BrokerException {
|
||||
return new BrokerSummary(brokerService.getSimpleSubscriptionsOfUser( ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail()), brokerService.getTopicsForDatasource(datasourceName));
|
||||
|
|
|
@ -29,7 +29,7 @@ public class MonitorController {
|
|||
@RequestMapping(value = "/getJobsOfUser" , method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public JobsOfUser getJobsOfUser(@RequestParam(value = "jobType", required = false)
|
||||
@ApiParam(value = "Equals to filter job type on validation history page") String jobType,
|
||||
@RequestParam("offset") @ApiParam(value = "Page number", required = true) String offset,
|
||||
|
@ -43,7 +43,7 @@ public class MonitorController {
|
|||
|
||||
@RequestMapping(value = "/getJobsOfUserPerValidationStatus" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public int getJobsOfUserPerValidationStatus(@RequestBody String jobType,
|
||||
@RequestBody String validationStatus) throws JSONException {
|
||||
return monitorService.getJobsOfUserPerValidationStatus(((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail(), jobType, validationStatus);
|
||||
|
|
|
@ -42,13 +42,13 @@ public class PiWikController {
|
|||
|
||||
@RequestMapping(value = "/getPiwikSiteForRepo/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))")
|
||||
@PreAuthorize("hasAnyRole('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasAuthority('REGISTERED_USER'))")
|
||||
public PiwikInfo getPiwikSiteForRepo(@PathVariable("repositoryId") String repositoryId) {
|
||||
return piWikService.getPiwikSiteForRepo(repositoryId);
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/savePiwikInfo" , method = RequestMethod.POST,produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#piwikInfo.repositoryId) or (@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))")
|
||||
@PreAuthorize("hasAnyRole('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#piwikInfo.repositoryId) or (@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy=='null' and hasAuthority('REGISTERED_USER'))")
|
||||
public PiwikInfo savePiwikInfo(@RequestBody PiwikInfo piwikInfo) {
|
||||
return piWikService.savePiwikInfo(piwikInfo);
|
||||
}
|
||||
|
@ -150,14 +150,14 @@ public class PiWikController {
|
|||
|
||||
@RequestMapping(value = "/approvePiwikSite/{repositoryId}" , method = RequestMethod.GET)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
|
||||
public ResponseEntity<Object> approvePiwikSite(@PathVariable("repositoryId") String repositoryId) {
|
||||
return piWikService.approvePiwikSite(repositoryId);
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/getOpenaireId/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))")
|
||||
@PreAuthorize("hasAnyRole('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasAuthority('REGISTERED_USER'))")
|
||||
public String getOpenaireId(@PathVariable("repositoryId") String repositoryId){
|
||||
return piWikService.getOpenaireId(repositoryId);
|
||||
}
|
||||
|
@ -165,14 +165,14 @@ public class PiWikController {
|
|||
@RequestMapping(value = "/markPiwikSiteAsValidated/{repositoryId}" , method = RequestMethod.POST,
|
||||
consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
|
||||
public ResponseEntity<Object> markPiwikSiteAsValidated(@PathVariable("repositoryId") String repositoryId) throws RepositoryServiceException {
|
||||
return piWikService.markPiwikSiteAsValidated(repositoryId);
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/enableMetricsForRepository", method = RequestMethod.POST,
|
||||
consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (hasRole('ROLE_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or (hasAuthority('REGISTERED_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)")
|
||||
public PiwikInfo enableMetricsForRepository(@RequestParam("officialName") String officialName,
|
||||
@RequestParam("repoWebsite") String repoWebsite,
|
||||
@RequestBody PiwikInfo piwikInfo) throws RepositoryServiceException {
|
||||
|
|
|
@ -63,7 +63,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/getRepositoriesOfUser/{page}/{size}", method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public List<RepositorySnippet> getRepositoriesSnippetOfUser(
|
||||
@PathVariable("page") String page,
|
||||
@PathVariable("size") String size) throws JSONException, IOException {
|
||||
|
@ -73,7 +73,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/user/repositories/{page}/{size}", method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public List<Repository> getRepositoriesOfUser(
|
||||
@PathVariable("page") String page,
|
||||
@PathVariable("size") String size) throws JSONException, IOException {
|
||||
|
@ -83,7 +83,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/searchRegisteredRepositories/{page}/{size}", method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
|
||||
public List<RepositorySnippet> searchRegisteredRepositories(@RequestParam(name = "country", required = false) String country,
|
||||
@RequestParam(name = "typology", required = false) String typology,
|
||||
@RequestParam(name = "englishName", required = false) String englishName,
|
||||
|
@ -100,7 +100,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/getRepositoryById/{id}", method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PostAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id) or (returnObject.registeredBy=='null' and hasRole('ROLE_USER'))")
|
||||
@PostAuthorize("hasAnyRole('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id) or (returnObject.registeredBy=='null' and hasAuthority('REGISTERED_USER'))")
|
||||
public Repository getRepositoryById(@PathVariable("id") String id) throws JSONException, ResourceNotFoundException {
|
||||
Repository repo = repositoryService.getRepositoryById(id);
|
||||
|
||||
|
@ -137,7 +137,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/getRepositoryInterface/{id}", method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id) or (@repositoryService.getRepositoryById(#id).registeredBy=='null' and hasRole('ROLE_USER'))")
|
||||
@PostAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id) or (@repositoryService.getRepositoryById(#id).registeredBy=='null' and hasAuthority('REGISTERED_USER'))")
|
||||
public List<RepositoryInterface> getRepositoryInterface(@PathVariable("id") String id) throws JSONException {
|
||||
return repositoryService.getRepositoryInterface(id);
|
||||
}
|
||||
|
@ -145,8 +145,8 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/addRepository", method = RequestMethod.POST,
|
||||
consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
// @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (hasRole(@authorizationService.convertRepoIdToRoleId(#repository.id)) or hasRole(@authorizationService.convertRepoIdToRoleId(returnObject.id)))")
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or hasRole('ROLE_USER')")
|
||||
// @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or (hasAuthority(@authorizationService.convertRepoIdToRoleId(#repository.id)) or hasAuthority(@authorizationService.convertRepoIdToRoleId(returnObject.id)))")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or hasAuthority('REGISTERED_USER')")
|
||||
public Repository addRepository(@RequestParam("datatype") String datatype,
|
||||
@RequestBody Repository repository) throws Exception {
|
||||
|
||||
|
@ -177,7 +177,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/updateRepository", method = RequestMethod.POST,
|
||||
consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#repository.id)")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#repository.id)")
|
||||
public Repository updateRepository(@RequestBody Repository repository, Authentication authentication) throws Exception {
|
||||
return repositoryService.updateRepository(repository, authentication);
|
||||
}
|
||||
|
@ -192,7 +192,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/addInterface", method = RequestMethod.POST,
|
||||
consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)")
|
||||
public RepositoryInterface addRepositoryInterface(@RequestParam("datatype") String datatype,
|
||||
@RequestParam("id") String id,
|
||||
@RequestParam("registeredBy") String registeredBy,
|
||||
|
@ -204,7 +204,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/getUrlsOfUserRepos/{page}/{size}/", method = RequestMethod.GET,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public List<String> getUrlsOfUserRepos(@PathVariable("page") String page, @PathVariable("size") String size) {
|
||||
return repositoryService.getUrlsOfUserRepos(((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail(), page, size);
|
||||
}
|
||||
|
@ -248,7 +248,7 @@ public class RepositoryController {
|
|||
@RequestMapping(value = "/updateRepositoryInterface", method = RequestMethod.POST,
|
||||
consumes = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)")
|
||||
public RepositoryInterface updateRepositoryInterface(@RequestParam("id") String id,
|
||||
@RequestParam("registeredBy") String registeredBy,
|
||||
@RequestParam(value = "comment", required = false) String comment,
|
||||
|
@ -264,7 +264,7 @@ public class RepositoryController {
|
|||
* Get all the admins of the repository
|
||||
*/
|
||||
@RequestMapping(method = RequestMethod.GET, path = "{id}/admins")
|
||||
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)")
|
||||
@PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)")
|
||||
public ResponseEntity<List<User>> getAdminsOfARepo(@PathVariable("id") String id) {
|
||||
return new ResponseEntity<>(authorizationService.getAdminsOfRepo(id), HttpStatus.OK);
|
||||
}
|
||||
|
@ -273,7 +273,7 @@ public class RepositoryController {
|
|||
* Subscribe to repo by email
|
||||
*/
|
||||
@RequestMapping(method = RequestMethod.POST, path = "{id}/admins")
|
||||
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)")
|
||||
@PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)")
|
||||
public Response subscribeByEmail(@PathVariable("id") String id, @RequestBody String email) throws ResourceNotFoundException {
|
||||
authorizationService.addAdmin(id, email);
|
||||
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(javax.ws.rs.core.MediaType.APPLICATION_JSON).build();
|
||||
|
@ -283,7 +283,7 @@ public class RepositoryController {
|
|||
* Unsubscribe from repo by email
|
||||
*/
|
||||
@RequestMapping(method = RequestMethod.DELETE, path = "{id}/admins/{email:.+}")
|
||||
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)")
|
||||
@PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)")
|
||||
public ResponseEntity<Void> unsubscribeByEmail(@PathVariable("id") String id, @PathVariable("email") String email) throws ResourceNotFoundException {
|
||||
authorizationService.removeAdmin(id, email);
|
||||
return new ResponseEntity<>(HttpStatus.NO_CONTENT);
|
||||
|
|
|
@ -19,7 +19,7 @@ public class SushiliteController {
|
|||
|
||||
@RequestMapping(value = "/getReportResults/{page}/{pageSize}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public ReportResponseWrapper getReportResults(@PathVariable("page") String page,
|
||||
@PathVariable("pageSize") String pageSize,
|
||||
@RequestParam(value = "Report") String Report,
|
||||
|
|
|
@ -18,7 +18,7 @@ public class UserController {
|
|||
private UserServiceImpl userService;
|
||||
|
||||
@RequestMapping(value = "/login" , method = RequestMethod.GET)
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public ResponseEntity<Object> login() {
|
||||
return userService.login();
|
||||
}
|
||||
|
|
|
@ -47,7 +47,7 @@ public class UserRoleController {
|
|||
* Get the role with the given id.
|
||||
**/
|
||||
@RequestMapping(method = RequestMethod.GET, path = "/role/{id}")
|
||||
// @PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
||||
// @PreAuthorize("hasAnyAuthority('REGISTERED_USER', 'SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
|
||||
public Response getRole(@RequestParam(value = "type", defaultValue = "datasource") String type, @PathVariable("id") String id) {
|
||||
int roleId = aaiRegistryService.getCouId(type, id);
|
||||
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role id is: " + roleId).toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
|
@ -57,7 +57,7 @@ public class UserRoleController {
|
|||
* Create a new role with the given name and description.
|
||||
**/
|
||||
@RequestMapping(method = RequestMethod.POST, path = "/role")
|
||||
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN')")
|
||||
@PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR')")
|
||||
public Response createRole(@RequestBody Role role) {
|
||||
aaiRegistryService.createRole(role);
|
||||
return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been created").toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
|
@ -68,7 +68,7 @@ public class UserRoleController {
|
|||
*/
|
||||
@ApiOperation(value = "subscribe")
|
||||
@RequestMapping(method = RequestMethod.POST, path = "/subscribe/{type}/{id}")
|
||||
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
||||
@PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
|
||||
public Response subscribe(@PathVariable("type") String type, @PathVariable("id") String id) {
|
||||
Integer coPersonId = aaiRegistryService.getCoPersonIdByIdentifier();
|
||||
if (coPersonId == null) {
|
||||
|
@ -91,7 +91,7 @@ public class UserRoleController {
|
|||
/////////////////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
@RequestMapping(method = RequestMethod.GET, path = "/users/couid/{id}")
|
||||
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')")
|
||||
@PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
|
||||
public ResponseEntity<String> getUsersByCouId(@PathVariable("id") Integer id) {
|
||||
// calls.getUserByCoId()
|
||||
return ResponseEntity.ok(aaiRegistryService.getUsersByCouId(id).toString());
|
||||
|
@ -99,12 +99,11 @@ public class UserRoleController {
|
|||
|
||||
|
||||
@RequestMapping(method = RequestMethod.GET, path = "/users/{email}/roles")
|
||||
@PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or hasRole('ROLE_USER') and authentication.userInfo.email==#email")
|
||||
@PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or hasAuthority('REGISTERED_USER') and authentication.userInfo.email==#email")
|
||||
public ResponseEntity<Collection<String>> getRolesByEmail(@PathVariable("email") String email) {
|
||||
int coPersonId = aaiRegistryService.getCoPersonIdByEmail(email);
|
||||
List<Integer> list = new ArrayList<>();
|
||||
// FIXME: getRoles returns all roles of user, requested and active
|
||||
for (JsonElement element : aaiRegistryService.getRoles(coPersonId)) {
|
||||
for (JsonElement element : aaiRegistryService.getRolesWithStatus(coPersonId, AaiRegistryService.RoleStatus.ACTIVE)) {
|
||||
list.add(element.getAsJsonObject().get("CouId").getAsInt());
|
||||
}
|
||||
return ResponseEntity.ok(aaiRegistryService.getCouNames(list).values());
|
||||
|
@ -112,7 +111,7 @@ public class UserRoleController {
|
|||
|
||||
|
||||
@RequestMapping(method = RequestMethod.GET, path = "/user/roles/my")
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public ResponseEntity<Collection<String>> getRoleNames() {
|
||||
List<String> roles;
|
||||
JsonArray entitlements = null;
|
||||
|
|
|
@ -38,7 +38,7 @@ public class ValidatorController {
|
|||
consumes = MediaType.APPLICATION_JSON_VALUE,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER') and #jobForValidation.userEmail == authentication.userInfo.email")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER') and #jobForValidation.userEmail == authentication.userInfo.email")
|
||||
public JobForValidation submitJobForValidation(@RequestBody JobForValidation jobForValidation) throws ValidatorServiceException {
|
||||
return validatorService.submitJobForValidation(jobForValidation);
|
||||
}
|
||||
|
@ -47,7 +47,7 @@ public class ValidatorController {
|
|||
consumes = MediaType.APPLICATION_JSON_VALUE,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public ResponseEntity<Object> reSubmitJobForValidation(@PathVariable("jobId") String jobId) throws JSONException, ValidatorServiceException {
|
||||
return validatorService.reSubmitJobForValidation(((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail(), jobId);
|
||||
}
|
||||
|
@ -78,7 +78,7 @@ public class ValidatorController {
|
|||
|
||||
@RequestMapping(value = "/getStoredJobsNew" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public List<StoredJob> getStoredJobsNew(@RequestParam(value = "jobType", required = false)
|
||||
@ApiParam(value = "Equals to filter job type on validation history page") String jobType,
|
||||
@RequestParam("offset") @ApiParam(value = "Page number", required = true) String offset,
|
||||
|
|
|
@ -75,7 +75,7 @@ public class PiWikServiceImpl implements PiWikService {
|
|||
}
|
||||
|
||||
@Override
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (hasRole('ROLE_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or (hasAuthority('REGISTERED_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)")
|
||||
public PiwikInfo savePiwikInfo(PiwikInfo piwikInfo) {
|
||||
JdbcTemplate jdbcTemplate = new JdbcTemplate(dataSource);
|
||||
jdbcTemplate.update(INSERT_PIWIK_INFO, new Object[]{piwikInfo.getRepositoryId(), piwikInfo.getSiteId(), piwikInfo.getRequestorName(),
|
||||
|
@ -144,7 +144,7 @@ public class PiWikServiceImpl implements PiWikService {
|
|||
}
|
||||
|
||||
@Override
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
|
||||
public ResponseEntity<Object> approvePiwikSite(String repositoryId) {
|
||||
new JdbcTemplate(dataSource).update(APPROVE_PIWIK_SITE, new Object[] {repositoryId}, new int[] {Types.VARCHAR});
|
||||
return new ResponseEntity<>("OK",HttpStatus.OK);
|
||||
|
@ -158,7 +158,7 @@ public class PiWikServiceImpl implements PiWikService {
|
|||
}
|
||||
|
||||
@Override
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')")
|
||||
public ResponseEntity<Object> markPiwikSiteAsValidated(String repositoryId) throws RepositoryServiceException {
|
||||
try {
|
||||
approvePiwikSite(repositoryId);
|
||||
|
@ -179,7 +179,7 @@ public class PiWikServiceImpl implements PiWikService {
|
|||
}
|
||||
|
||||
@Override
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (hasRole('ROLE_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)")
|
||||
@PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or (hasAuthority('REGISTERED_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)")
|
||||
public PiwikInfo enableMetricsForRepository(String officialName,
|
||||
String repoWebsite,
|
||||
PiwikInfo piwikInfo) throws RepositoryServiceException {
|
||||
|
|
|
@ -1027,7 +1027,7 @@ public class RepositoryServiceImpl implements RepositoryService {
|
|||
ArrayList<String> roleIds = new ArrayList<>();
|
||||
ArrayList<Integer> couIds = new ArrayList<>();
|
||||
if (coPersonId != null) {
|
||||
roles = registryCalls.getRoles(coPersonId);
|
||||
roles = registryCalls.getRolesWithStatus(coPersonId, AaiRegistryService.RoleStatus.ACTIVE);
|
||||
for (JsonElement role : roles) {
|
||||
JsonObject object = role.getAsJsonObject();
|
||||
if (object.get("CouId") == null) {
|
||||
|
|
|
@ -31,7 +31,7 @@ public class SushiliteServiceImpl implements SushiliteService {
|
|||
|
||||
|
||||
@Override
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public ReportResponseWrapper getReportResults(String page,
|
||||
String pageSize,
|
||||
String Report,
|
||||
|
|
|
@ -125,7 +125,7 @@ public class ValidatorServiceImpl implements ValidatorService {
|
|||
}
|
||||
|
||||
@Override
|
||||
@PreAuthorize("hasRole('ROLE_USER') and #jobForValidation.userEmail == authentication.userInfo.email")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER') and #jobForValidation.userEmail == authentication.userInfo.email")
|
||||
public JobForValidation submitJobForValidation(JobForValidation jobForValidation) throws ValidatorServiceException {
|
||||
LOGGER.debug("Submit job for validation with id : " + jobForValidation.getDatasourceId());
|
||||
try {
|
||||
|
@ -153,7 +153,7 @@ public class ValidatorServiceImpl implements ValidatorService {
|
|||
}
|
||||
|
||||
@Override
|
||||
@PreAuthorize("hasRole('ROLE_USER') and #email == authentication.userInfo.email")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER') and #email == authentication.userInfo.email")
|
||||
public ResponseEntity<Object> reSubmitJobForValidation(String email,
|
||||
String jobId) throws JSONException, ValidatorServiceException {
|
||||
LOGGER.debug("Resubmit validation job with id : " + jobId);
|
||||
|
@ -240,7 +240,7 @@ public class ValidatorServiceImpl implements ValidatorService {
|
|||
}
|
||||
|
||||
@Override
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('REGISTERED_USER')")
|
||||
public List<StoredJob> getStoredJobsNew(String user,
|
||||
String jobType,
|
||||
String offset,
|
||||
|
|
|
@ -89,6 +89,14 @@ public interface AaiRegistryService {
|
|||
*/
|
||||
JsonArray getRoles(Integer coPersonId);
|
||||
|
||||
/**
|
||||
* 5.2 Get User non admin active roles
|
||||
*
|
||||
* @param coPersonId
|
||||
* @return
|
||||
*/
|
||||
JsonArray getRolesWithStatus(Integer coPersonId, RoleStatus status);
|
||||
|
||||
/**
|
||||
* 6. Get Role id of User base on couId.
|
||||
*
|
||||
|
@ -251,4 +259,15 @@ public interface AaiRegistryService {
|
|||
|
||||
// TODO: add description
|
||||
List<User> getUsers(Integer couId);
|
||||
|
||||
enum RoleStatus {
|
||||
ACTIVE("Active"),
|
||||
DELETED("Deleted");
|
||||
|
||||
public final String status;
|
||||
|
||||
RoleStatus(String status) {
|
||||
this.status = status;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -161,6 +161,21 @@ public class RegistryCalls implements AaiRegistryService {
|
|||
return (response != null) ? response.getAsJsonObject().get("CoPersonRoles").getAsJsonArray() : new JsonArray();
|
||||
}
|
||||
|
||||
@Override
|
||||
public JsonArray getRolesWithStatus(Integer coPersonId, RoleStatus status) {
|
||||
JsonArray roles = getRoles(coPersonId);
|
||||
if (status == null) {
|
||||
return roles;
|
||||
}
|
||||
JsonArray activeRoles = new JsonArray();
|
||||
for (JsonElement role : roles) {
|
||||
if (role.getAsJsonObject().get("Status").getAsString().equalsIgnoreCase(status.toString())) {
|
||||
activeRoles.add(role);
|
||||
}
|
||||
}
|
||||
return activeRoles;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Integer getRoleId(Integer coPersonId, Integer couId) {
|
||||
JsonArray roles = getRoles(coPersonId);
|
||||
|
|
|
@ -21,7 +21,6 @@ public class AuthoritiesMapper {
|
|||
|
||||
public static Collection<GrantedAuthority> map(JsonArray entitlements) {
|
||||
HashSet<GrantedAuthority> authorities = new HashSet<>();
|
||||
provideRoles(entitlements, authorities);
|
||||
entityRoles(entitlements, authorities);
|
||||
return authorities;
|
||||
}
|
||||
|
@ -71,23 +70,4 @@ public class AuthoritiesMapper {
|
|||
}
|
||||
}
|
||||
|
||||
// TODO: remove when ROLE_ADMIN and ROLE_PROVIDE_ADMIN are removed from project
|
||||
private static void provideRoles(JsonArray entitlements, Set<GrantedAuthority> authorities) {
|
||||
Map<String, String> userRoles = new HashMap() {{
|
||||
put("urn:geant:openaire.eu:group:Super+Administrator:role=member#aai.openaire.eu", "ROLE_ADMIN");
|
||||
put("urn:geant:openaire.eu:group:Content+Provider+Dashboard+Administrator:role=member#aai.openaire.eu", "ROLE_PROVIDE_ADMIN");
|
||||
}};
|
||||
Map<String, SimpleGrantedAuthority> userRolesMap = new HashMap<>();
|
||||
userRoles.forEach((openaireRole, appRole) -> userRolesMap.put(openaireRole, new SimpleGrantedAuthority(appRole)));
|
||||
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
|
||||
if (entitlements != null) {
|
||||
entitlements.forEach(role -> {
|
||||
SimpleGrantedAuthority authority = userRolesMap.get(role.getAsString());
|
||||
if (authority != null) {
|
||||
authorities.add(authority);
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -15,9 +15,9 @@ import java.util.List;
|
|||
@Service("authorizationService")
|
||||
public class AuthorizationServiceImpl implements AuthorizationService {
|
||||
|
||||
public final String ROLE_ADMIN = "ROLE_ADMIN";
|
||||
public final String ROLE_PROVIDE_ADMIN = "ROLE_PROVIDE_ADMIN";
|
||||
public final String ROLE_USER = "ROLE_USER";
|
||||
public static final String SUPER_ADMINISTRATOR = "SUPER_ADMINISTRATOR";
|
||||
public static final String CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR = "CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR";
|
||||
public static final String REGISTERED_USER = "REGISTERED_USER";
|
||||
|
||||
private final RoleMappingService roleMappingService;
|
||||
private final AaiRegistryService aaiRegistryService;
|
||||
|
|
Loading…
Reference in New Issue