diff --git a/src/main/java/eu/dnetlib/repo/manager/config/OpenAIREAuthoritiesMapper.java b/src/main/java/eu/dnetlib/repo/manager/config/OpenAIREAuthoritiesMapper.java index afb6579..91bd1ce 100644 --- a/src/main/java/eu/dnetlib/repo/manager/config/OpenAIREAuthoritiesMapper.java +++ b/src/main/java/eu/dnetlib/repo/manager/config/OpenAIREAuthoritiesMapper.java @@ -12,9 +12,7 @@ import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.stereotype.Component; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; +import java.util.*; @ComponentScan @Component @@ -28,21 +26,18 @@ public class OpenAIREAuthoritiesMapper implements OIDCAuthoritiesMapper { @Override public Collection mapAuthorities(JWT jwtToken, UserInfo userInfo) { JsonArray entitlements = null; - List authorities = new ArrayList<>(); + Set authorities = new HashSet<>(); if (userInfo != null && userInfo.getSource() != null) { if (userInfo.getSource().getAsJsonArray("edu_person_entitlements") != null) { entitlements = userInfo.getSource().getAsJsonArray("edu_person_entitlements"); } else if (userInfo.getSource().getAsJsonArray("eduperson_entitlement") != null) { entitlements = userInfo.getSource().getAsJsonArray("eduperson_entitlement"); - } else { - authorities.add(new SimpleGrantedAuthority("ROLE_USER")); - logger.error("Could not read user 'edu_person_entitlements' && 'eduperson_entitlement'\nAdding default role 'ROLE_USER' to user: " + userInfo.toString()); } logger.debug("user info: " + userInfo + "\nentitlements: " + entitlements); - // FIXME: delete this if statement + // FIXME: delete this if statement when super administrators are set if (userInfo.getEmail() != null && userInfo.getEmail().equals(adminEmail)) { - authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN")); + authorities.add(new SimpleGrantedAuthority("SUPER_ADMINISTRATOR")); } authorities.addAll(AuthoritiesMapper.map(entitlements)); diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/BrokerController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/BrokerController.java index b22b284..fa68b66 100644 --- a/src/main/java/eu/dnetlib/repo/manager/controllers/BrokerController.java +++ b/src/main/java/eu/dnetlib/repo/manager/controllers/BrokerController.java @@ -30,7 +30,7 @@ public class BrokerController{ @RequestMapping(value = "/getDatasourcesOfUser" , method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public DatasourcesBroker getDatasourcesOfUser( @RequestParam("includeShared") @ApiParam(value = "Include shared datasources", required = true , defaultValue = "false") String includeShared, @@ -51,7 +51,7 @@ public class BrokerController{ method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public EventsPage advancedShowEvents(@PathVariable("page") String page, @PathVariable("size") String size, @RequestBody AdvQueryObject advQueryObject) throws BrokerException, JSONException ,IOException{ @@ -62,7 +62,7 @@ public class BrokerController{ method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public EventsPage showEvents(@RequestParam("datasourceName") String datasourceName, @RequestParam("topic") String topic, @RequestParam("page") String page, @@ -74,7 +74,7 @@ public class BrokerController{ method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public Map> getSimpleSubscriptionsOfUser() throws BrokerException{ return brokerService.getSimpleSubscriptionsOfUser(((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail()); } @@ -83,7 +83,7 @@ public class BrokerController{ consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER') ") + @PreAuthorize("hasAuthority('REGISTERED_USER') ") public Subscription subscribe(@RequestBody OpenaireSubscription obj) throws BrokerException{ return brokerService.subscribe(obj); } @@ -92,7 +92,7 @@ public class BrokerController{ consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public ResponseEntity unsubscribe(@PathVariable("subscriptionId") String subscriptionId) throws BrokerException{ return brokerService.unsubscribe(subscriptionId); } @@ -100,7 +100,7 @@ public class BrokerController{ @RequestMapping(value = "/getSubscription/{subscriptionId}" , method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public Subscription getSubscription(@PathVariable("subscriptionId") String subscriptionId) throws BrokerException{ return brokerService.getSubscription(subscriptionId); } @@ -116,7 +116,7 @@ public class BrokerController{ @RequestMapping(value = "/getNotificationsBySubscriptionId/{subscriptionId}/{page}/{size}" , method = RequestMethod.GET ,produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public EventsPage getNotificationsBySubscriptionId(@PathVariable("subscriptionId") String subscriptionId, @PathVariable("page") String page, @PathVariable("size") String size) throws BrokerException{ diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/DashboardController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/DashboardController.java index e981d4e..aefcfd9 100644 --- a/src/main/java/eu/dnetlib/repo/manager/controllers/DashboardController.java +++ b/src/main/java/eu/dnetlib/repo/manager/controllers/DashboardController.java @@ -36,7 +36,7 @@ public class DashboardController { @RequestMapping(value = "/getRepositoriesSummary/{page}/{size}" , method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public List getRepositoriesSummaryInfo( @PathVariable("page") String page, @PathVariable("size") String size) throws JSONException { @@ -46,7 +46,7 @@ public class DashboardController { @RequestMapping(value = "/collectionMonitorSummary/{repoId}" , method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public CollectionMonitorSummary getCollectionMonitorSummary( @PathVariable("repoId") String repoId, @RequestParam(name = "size", required = false, defaultValue = "20") int size) throws JSONException { @@ -72,7 +72,7 @@ public class DashboardController { @RequestMapping(value = "/usageSummary/{repoId}" , method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public UsageSummary getUsageSummary( @PathVariable("repoId") String repoId ) throws RepositoryServiceException { @@ -82,7 +82,7 @@ public class DashboardController { @RequestMapping(value = "/brokerSummary/{ds_name}" , method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public BrokerSummary getBrokerSummary( @PathVariable("ds_name") String datasourceName) throws BrokerException { return new BrokerSummary(brokerService.getSimpleSubscriptionsOfUser( ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail()), brokerService.getTopicsForDatasource(datasourceName)); diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/MonitorController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/MonitorController.java index e8fb20b..f1c7b2d 100644 --- a/src/main/java/eu/dnetlib/repo/manager/controllers/MonitorController.java +++ b/src/main/java/eu/dnetlib/repo/manager/controllers/MonitorController.java @@ -29,7 +29,7 @@ public class MonitorController { @RequestMapping(value = "/getJobsOfUser" , method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public JobsOfUser getJobsOfUser(@RequestParam(value = "jobType", required = false) @ApiParam(value = "Equals to filter job type on validation history page") String jobType, @RequestParam("offset") @ApiParam(value = "Page number", required = true) String offset, @@ -43,7 +43,7 @@ public class MonitorController { @RequestMapping(value = "/getJobsOfUserPerValidationStatus" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public int getJobsOfUserPerValidationStatus(@RequestBody String jobType, @RequestBody String validationStatus) throws JSONException { return monitorService.getJobsOfUserPerValidationStatus(((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail(), jobType, validationStatus); diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/PiWikController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/PiWikController.java index a2c81e8..c34064c 100644 --- a/src/main/java/eu/dnetlib/repo/manager/controllers/PiWikController.java +++ b/src/main/java/eu/dnetlib/repo/manager/controllers/PiWikController.java @@ -42,13 +42,13 @@ public class PiWikController { @RequestMapping(value = "/getPiwikSiteForRepo/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))") + @PreAuthorize("hasAnyRole('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasAuthority('REGISTERED_USER'))") public PiwikInfo getPiwikSiteForRepo(@PathVariable("repositoryId") String repositoryId) { return piWikService.getPiwikSiteForRepo(repositoryId); } @RequestMapping(value = "/savePiwikInfo" , method = RequestMethod.POST,produces = MediaType.APPLICATION_JSON_VALUE) - @PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#piwikInfo.repositoryId) or (@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))") + @PreAuthorize("hasAnyRole('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#piwikInfo.repositoryId) or (@repositoryService.getRepositoryById(#piwikInfo.repositoryId).registeredBy=='null' and hasAuthority('REGISTERED_USER'))") public PiwikInfo savePiwikInfo(@RequestBody PiwikInfo piwikInfo) { return piWikService.savePiwikInfo(piwikInfo); } @@ -150,14 +150,14 @@ public class PiWikController { @RequestMapping(value = "/approvePiwikSite/{repositoryId}" , method = RequestMethod.GET) @ResponseBody - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')") public ResponseEntity approvePiwikSite(@PathVariable("repositoryId") String repositoryId) { return piWikService.approvePiwikSite(repositoryId); } @RequestMapping(value = "/getOpenaireId/{repositoryId}" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasRole('ROLE_USER'))") + @PreAuthorize("hasAnyRole('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#repositoryId) or (@repositoryService.getRepositoryById(#repositoryId).registeredBy=='null' and hasAuthority('REGISTERED_USER'))") public String getOpenaireId(@PathVariable("repositoryId") String repositoryId){ return piWikService.getOpenaireId(repositoryId); } @@ -165,14 +165,14 @@ public class PiWikController { @RequestMapping(value = "/markPiwikSiteAsValidated/{repositoryId}" , method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')") public ResponseEntity markPiwikSiteAsValidated(@PathVariable("repositoryId") String repositoryId) throws RepositoryServiceException { return piWikService.markPiwikSiteAsValidated(repositoryId); } @RequestMapping(value = "/enableMetricsForRepository", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE) - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (hasRole('ROLE_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or (hasAuthority('REGISTERED_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)") public PiwikInfo enableMetricsForRepository(@RequestParam("officialName") String officialName, @RequestParam("repoWebsite") String repoWebsite, @RequestBody PiwikInfo piwikInfo) throws RepositoryServiceException { diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java index c8c555c..217bf1a 100644 --- a/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java +++ b/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java @@ -63,7 +63,7 @@ public class RepositoryController { @RequestMapping(value = "/getRepositoriesOfUser/{page}/{size}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public List getRepositoriesSnippetOfUser( @PathVariable("page") String page, @PathVariable("size") String size) throws JSONException, IOException { @@ -73,7 +73,7 @@ public class RepositoryController { @RequestMapping(value = "/user/repositories/{page}/{size}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public List getRepositoriesOfUser( @PathVariable("page") String page, @PathVariable("size") String size) throws JSONException, IOException { @@ -83,7 +83,7 @@ public class RepositoryController { @RequestMapping(value = "/searchRegisteredRepositories/{page}/{size}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')") public List searchRegisteredRepositories(@RequestParam(name = "country", required = false) String country, @RequestParam(name = "typology", required = false) String typology, @RequestParam(name = "englishName", required = false) String englishName, @@ -100,7 +100,7 @@ public class RepositoryController { @RequestMapping(value = "/getRepositoryById/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PostAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id) or (returnObject.registeredBy=='null' and hasRole('ROLE_USER'))") + @PostAuthorize("hasAnyRole('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id) or (returnObject.registeredBy=='null' and hasAuthority('REGISTERED_USER'))") public Repository getRepositoryById(@PathVariable("id") String id) throws JSONException, ResourceNotFoundException { Repository repo = repositoryService.getRepositoryById(id); @@ -137,7 +137,7 @@ public class RepositoryController { @RequestMapping(value = "/getRepositoryInterface/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PostAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id) or (@repositoryService.getRepositoryById(#id).registeredBy=='null' and hasRole('ROLE_USER'))") + @PostAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id) or (@repositoryService.getRepositoryById(#id).registeredBy=='null' and hasAuthority('REGISTERED_USER'))") public List getRepositoryInterface(@PathVariable("id") String id) throws JSONException { return repositoryService.getRepositoryInterface(id); } @@ -145,8 +145,8 @@ public class RepositoryController { @RequestMapping(value = "/addRepository", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE) @ResponseBody -// @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (hasRole(@authorizationService.convertRepoIdToRoleId(#repository.id)) or hasRole(@authorizationService.convertRepoIdToRoleId(returnObject.id)))") - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or hasRole('ROLE_USER')") +// @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or (hasAuthority(@authorizationService.convertRepoIdToRoleId(#repository.id)) or hasAuthority(@authorizationService.convertRepoIdToRoleId(returnObject.id)))") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or hasAuthority('REGISTERED_USER')") public Repository addRepository(@RequestParam("datatype") String datatype, @RequestBody Repository repository) throws Exception { @@ -177,7 +177,7 @@ public class RepositoryController { @RequestMapping(value = "/updateRepository", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#repository.id)") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#repository.id)") public Repository updateRepository(@RequestBody Repository repository, Authentication authentication) throws Exception { return repositoryService.updateRepository(repository, authentication); } @@ -192,7 +192,7 @@ public class RepositoryController { @RequestMapping(value = "/addInterface", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)") public RepositoryInterface addRepositoryInterface(@RequestParam("datatype") String datatype, @RequestParam("id") String id, @RequestParam("registeredBy") String registeredBy, @@ -204,7 +204,7 @@ public class RepositoryController { @RequestMapping(value = "/getUrlsOfUserRepos/{page}/{size}/", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public List getUrlsOfUserRepos(@PathVariable("page") String page, @PathVariable("size") String size) { return repositoryService.getUrlsOfUserRepos(((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail(), page, size); } @@ -248,7 +248,7 @@ public class RepositoryController { @RequestMapping(value = "/updateRepositoryInterface", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)") public RepositoryInterface updateRepositoryInterface(@RequestParam("id") String id, @RequestParam("registeredBy") String registeredBy, @RequestParam(value = "comment", required = false) String comment, @@ -264,7 +264,7 @@ public class RepositoryController { * Get all the admins of the repository */ @RequestMapping(method = RequestMethod.GET, path = "{id}/admins") - @PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)") + @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)") public ResponseEntity> getAdminsOfARepo(@PathVariable("id") String id) { return new ResponseEntity<>(authorizationService.getAdminsOfRepo(id), HttpStatus.OK); } @@ -273,7 +273,7 @@ public class RepositoryController { * Subscribe to repo by email */ @RequestMapping(method = RequestMethod.POST, path = "{id}/admins") - @PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)") + @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)") public Response subscribeByEmail(@PathVariable("id") String id, @RequestBody String email) throws ResourceNotFoundException { authorizationService.addAdmin(id, email); return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been assigned").toString()).type(javax.ws.rs.core.MediaType.APPLICATION_JSON).build(); @@ -283,7 +283,7 @@ public class RepositoryController { * Unsubscribe from repo by email */ @RequestMapping(method = RequestMethod.DELETE, path = "{id}/admins/{email:.+}") - @PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or @authorizationService.isMemberOf(#id)") + @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or @authorizationService.isMemberOf(#id)") public ResponseEntity unsubscribeByEmail(@PathVariable("id") String id, @PathVariable("email") String email) throws ResourceNotFoundException { authorizationService.removeAdmin(id, email); return new ResponseEntity<>(HttpStatus.NO_CONTENT); diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/SushiliteController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/SushiliteController.java index 7f934d5..7d7aa4e 100644 --- a/src/main/java/eu/dnetlib/repo/manager/controllers/SushiliteController.java +++ b/src/main/java/eu/dnetlib/repo/manager/controllers/SushiliteController.java @@ -19,7 +19,7 @@ public class SushiliteController { @RequestMapping(value = "/getReportResults/{page}/{pageSize}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public ReportResponseWrapper getReportResults(@PathVariable("page") String page, @PathVariable("pageSize") String pageSize, @RequestParam(value = "Report") String Report, diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/UserController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/UserController.java index a7641a2..08e2119 100644 --- a/src/main/java/eu/dnetlib/repo/manager/controllers/UserController.java +++ b/src/main/java/eu/dnetlib/repo/manager/controllers/UserController.java @@ -18,7 +18,7 @@ public class UserController { private UserServiceImpl userService; @RequestMapping(value = "/login" , method = RequestMethod.GET) - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public ResponseEntity login() { return userService.login(); } diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/UserRoleController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/UserRoleController.java index 0665910..c69e553 100644 --- a/src/main/java/eu/dnetlib/repo/manager/controllers/UserRoleController.java +++ b/src/main/java/eu/dnetlib/repo/manager/controllers/UserRoleController.java @@ -47,7 +47,7 @@ public class UserRoleController { * Get the role with the given id. **/ @RequestMapping(method = RequestMethod.GET, path = "/role/{id}") -// @PreAuthorize("hasAnyAuthority('ROLE_USER', 'ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") +// @PreAuthorize("hasAnyAuthority('REGISTERED_USER', 'SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')") public Response getRole(@RequestParam(value = "type", defaultValue = "datasource") String type, @PathVariable("id") String id) { int roleId = aaiRegistryService.getCouId(type, id); return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role id is: " + roleId).toString()).type(MediaType.APPLICATION_JSON).build(); @@ -57,7 +57,7 @@ public class UserRoleController { * Create a new role with the given name and description. **/ @RequestMapping(method = RequestMethod.POST, path = "/role") - @PreAuthorize("hasAnyAuthority('ROLE_ADMIN')") + @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR')") public Response createRole(@RequestBody Role role) { aaiRegistryService.createRole(role); return Response.status(HttpStatus.OK.value()).entity(JsonUtils.createResponse("Role has been created").toString()).type(MediaType.APPLICATION_JSON).build(); @@ -68,7 +68,7 @@ public class UserRoleController { */ @ApiOperation(value = "subscribe") @RequestMapping(method = RequestMethod.POST, path = "/subscribe/{type}/{id}") - @PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") + @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')") public Response subscribe(@PathVariable("type") String type, @PathVariable("id") String id) { Integer coPersonId = aaiRegistryService.getCoPersonIdByIdentifier(); if (coPersonId == null) { @@ -91,7 +91,7 @@ public class UserRoleController { ///////////////////////////////////////////////////////////////////////////////////////////// @RequestMapping(method = RequestMethod.GET, path = "/users/couid/{id}") - @PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN')") + @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')") public ResponseEntity getUsersByCouId(@PathVariable("id") Integer id) { // calls.getUserByCoId() return ResponseEntity.ok(aaiRegistryService.getUsersByCouId(id).toString()); @@ -99,12 +99,11 @@ public class UserRoleController { @RequestMapping(method = RequestMethod.GET, path = "/users/{email}/roles") - @PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_PROVIDE_ADMIN') or hasRole('ROLE_USER') and authentication.userInfo.email==#email") + @PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or hasAuthority('REGISTERED_USER') and authentication.userInfo.email==#email") public ResponseEntity> getRolesByEmail(@PathVariable("email") String email) { int coPersonId = aaiRegistryService.getCoPersonIdByEmail(email); List list = new ArrayList<>(); - // FIXME: getRoles returns all roles of user, requested and active - for (JsonElement element : aaiRegistryService.getRoles(coPersonId)) { + for (JsonElement element : aaiRegistryService.getRolesWithStatus(coPersonId, AaiRegistryService.RoleStatus.ACTIVE)) { list.add(element.getAsJsonObject().get("CouId").getAsInt()); } return ResponseEntity.ok(aaiRegistryService.getCouNames(list).values()); @@ -112,7 +111,7 @@ public class UserRoleController { @RequestMapping(method = RequestMethod.GET, path = "/user/roles/my") - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public ResponseEntity> getRoleNames() { List roles; JsonArray entitlements = null; diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/ValidatorController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/ValidatorController.java index 1811103..faf4c38 100644 --- a/src/main/java/eu/dnetlib/repo/manager/controllers/ValidatorController.java +++ b/src/main/java/eu/dnetlib/repo/manager/controllers/ValidatorController.java @@ -38,7 +38,7 @@ public class ValidatorController { consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER') and #jobForValidation.userEmail == authentication.userInfo.email") + @PreAuthorize("hasAuthority('REGISTERED_USER') and #jobForValidation.userEmail == authentication.userInfo.email") public JobForValidation submitJobForValidation(@RequestBody JobForValidation jobForValidation) throws ValidatorServiceException { return validatorService.submitJobForValidation(jobForValidation); } @@ -47,7 +47,7 @@ public class ValidatorController { consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public ResponseEntity reSubmitJobForValidation(@PathVariable("jobId") String jobId) throws JSONException, ValidatorServiceException { return validatorService.reSubmitJobForValidation(((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail(), jobId); } @@ -78,7 +78,7 @@ public class ValidatorController { @RequestMapping(value = "/getStoredJobsNew" , method = RequestMethod.GET,produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public List getStoredJobsNew(@RequestParam(value = "jobType", required = false) @ApiParam(value = "Equals to filter job type on validation history page") String jobType, @RequestParam("offset") @ApiParam(value = "Page number", required = true) String offset, diff --git a/src/main/java/eu/dnetlib/repo/manager/service/PiWikServiceImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/PiWikServiceImpl.java index 5f6ae13..a388ba4 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/PiWikServiceImpl.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/PiWikServiceImpl.java @@ -75,7 +75,7 @@ public class PiWikServiceImpl implements PiWikService { } @Override - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (hasRole('ROLE_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or (hasAuthority('REGISTERED_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)") public PiwikInfo savePiwikInfo(PiwikInfo piwikInfo) { JdbcTemplate jdbcTemplate = new JdbcTemplate(dataSource); jdbcTemplate.update(INSERT_PIWIK_INFO, new Object[]{piwikInfo.getRepositoryId(), piwikInfo.getSiteId(), piwikInfo.getRequestorName(), @@ -144,7 +144,7 @@ public class PiWikServiceImpl implements PiWikService { } @Override - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')") public ResponseEntity approvePiwikSite(String repositoryId) { new JdbcTemplate(dataSource).update(APPROVE_PIWIK_SITE, new Object[] {repositoryId}, new int[] {Types.VARCHAR}); return new ResponseEntity<>("OK",HttpStatus.OK); @@ -158,7 +158,7 @@ public class PiWikServiceImpl implements PiWikService { } @Override - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN')") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR')") public ResponseEntity markPiwikSiteAsValidated(String repositoryId) throws RepositoryServiceException { try { approvePiwikSite(repositoryId); @@ -179,7 +179,7 @@ public class PiWikServiceImpl implements PiWikService { } @Override - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_PROVIDE_ADMIN') or (hasRole('ROLE_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)") + @PreAuthorize("hasAuthority('SUPER_ADMINISTRATOR') or hasAuthority('CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or (hasAuthority('REGISTERED_USER') and #piwikInfo.requestorEmail == authentication.userInfo.email)") public PiwikInfo enableMetricsForRepository(String officialName, String repoWebsite, PiwikInfo piwikInfo) throws RepositoryServiceException { diff --git a/src/main/java/eu/dnetlib/repo/manager/service/RepositoryServiceImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/RepositoryServiceImpl.java index b4e4a55..d7999b1 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/RepositoryServiceImpl.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/RepositoryServiceImpl.java @@ -1027,7 +1027,7 @@ public class RepositoryServiceImpl implements RepositoryService { ArrayList roleIds = new ArrayList<>(); ArrayList couIds = new ArrayList<>(); if (coPersonId != null) { - roles = registryCalls.getRoles(coPersonId); + roles = registryCalls.getRolesWithStatus(coPersonId, AaiRegistryService.RoleStatus.ACTIVE); for (JsonElement role : roles) { JsonObject object = role.getAsJsonObject(); if (object.get("CouId") == null) { diff --git a/src/main/java/eu/dnetlib/repo/manager/service/SushiliteServiceImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/SushiliteServiceImpl.java index 3344a6e..a99a198 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/SushiliteServiceImpl.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/SushiliteServiceImpl.java @@ -31,7 +31,7 @@ public class SushiliteServiceImpl implements SushiliteService { @Override - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public ReportResponseWrapper getReportResults(String page, String pageSize, String Report, diff --git a/src/main/java/eu/dnetlib/repo/manager/service/ValidatorServiceImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/ValidatorServiceImpl.java index 8c62afe..b0d1f46 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/ValidatorServiceImpl.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/ValidatorServiceImpl.java @@ -125,7 +125,7 @@ public class ValidatorServiceImpl implements ValidatorService { } @Override - @PreAuthorize("hasRole('ROLE_USER') and #jobForValidation.userEmail == authentication.userInfo.email") + @PreAuthorize("hasAuthority('REGISTERED_USER') and #jobForValidation.userEmail == authentication.userInfo.email") public JobForValidation submitJobForValidation(JobForValidation jobForValidation) throws ValidatorServiceException { LOGGER.debug("Submit job for validation with id : " + jobForValidation.getDatasourceId()); try { @@ -153,7 +153,7 @@ public class ValidatorServiceImpl implements ValidatorService { } @Override - @PreAuthorize("hasRole('ROLE_USER') and #email == authentication.userInfo.email") + @PreAuthorize("hasAuthority('REGISTERED_USER') and #email == authentication.userInfo.email") public ResponseEntity reSubmitJobForValidation(String email, String jobId) throws JSONException, ValidatorServiceException { LOGGER.debug("Resubmit validation job with id : " + jobId); @@ -240,7 +240,7 @@ public class ValidatorServiceImpl implements ValidatorService { } @Override - @PreAuthorize("hasRole('ROLE_USER')") + @PreAuthorize("hasAuthority('REGISTERED_USER')") public List getStoredJobsNew(String user, String jobType, String offset, diff --git a/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/AaiRegistryService.java b/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/AaiRegistryService.java index 839f62a..476f8fc 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/AaiRegistryService.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/AaiRegistryService.java @@ -89,6 +89,14 @@ public interface AaiRegistryService { */ JsonArray getRoles(Integer coPersonId); + /** + * 5.2 Get User non admin active roles + * + * @param coPersonId + * @return + */ + JsonArray getRolesWithStatus(Integer coPersonId, RoleStatus status); + /** * 6. Get Role id of User base on couId. * @@ -251,4 +259,15 @@ public interface AaiRegistryService { // TODO: add description List getUsers(Integer couId); + + enum RoleStatus { + ACTIVE("Active"), + DELETED("Deleted"); + + public final String status; + + RoleStatus(String status) { + this.status = status; + } + } } diff --git a/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/RegistryCalls.java b/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/RegistryCalls.java index c177ce0..70b932f 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/RegistryCalls.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/RegistryCalls.java @@ -161,6 +161,21 @@ public class RegistryCalls implements AaiRegistryService { return (response != null) ? response.getAsJsonObject().get("CoPersonRoles").getAsJsonArray() : new JsonArray(); } + @Override + public JsonArray getRolesWithStatus(Integer coPersonId, RoleStatus status) { + JsonArray roles = getRoles(coPersonId); + if (status == null) { + return roles; + } + JsonArray activeRoles = new JsonArray(); + for (JsonElement role : roles) { + if (role.getAsJsonObject().get("Status").getAsString().equalsIgnoreCase(status.toString())) { + activeRoles.add(role); + } + } + return activeRoles; + } + @Override public Integer getRoleId(Integer coPersonId, Integer couId) { JsonArray roles = getRoles(coPersonId); diff --git a/src/main/java/eu/dnetlib/repo/manager/service/security/AuthoritiesMapper.java b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthoritiesMapper.java index 379f21e..567cca9 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/security/AuthoritiesMapper.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthoritiesMapper.java @@ -21,7 +21,6 @@ public class AuthoritiesMapper { public static Collection map(JsonArray entitlements) { HashSet authorities = new HashSet<>(); - provideRoles(entitlements, authorities); entityRoles(entitlements, authorities); return authorities; } @@ -71,23 +70,4 @@ public class AuthoritiesMapper { } } - // TODO: remove when ROLE_ADMIN and ROLE_PROVIDE_ADMIN are removed from project - private static void provideRoles(JsonArray entitlements, Set authorities) { - Map userRoles = new HashMap() {{ - put("urn:geant:openaire.eu:group:Super+Administrator:role=member#aai.openaire.eu", "ROLE_ADMIN"); - put("urn:geant:openaire.eu:group:Content+Provider+Dashboard+Administrator:role=member#aai.openaire.eu", "ROLE_PROVIDE_ADMIN"); - }}; - Map userRolesMap = new HashMap<>(); - userRoles.forEach((openaireRole, appRole) -> userRolesMap.put(openaireRole, new SimpleGrantedAuthority(appRole))); - authorities.add(new SimpleGrantedAuthority("ROLE_USER")); - if (entitlements != null) { - entitlements.forEach(role -> { - SimpleGrantedAuthority authority = userRolesMap.get(role.getAsString()); - if (authority != null) { - authorities.add(authority); - } - }); - } - } - } diff --git a/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationServiceImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationServiceImpl.java index c5fdd11..3e551a8 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationServiceImpl.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationServiceImpl.java @@ -15,9 +15,9 @@ import java.util.List; @Service("authorizationService") public class AuthorizationServiceImpl implements AuthorizationService { - public final String ROLE_ADMIN = "ROLE_ADMIN"; - public final String ROLE_PROVIDE_ADMIN = "ROLE_PROVIDE_ADMIN"; - public final String ROLE_USER = "ROLE_USER"; + public static final String SUPER_ADMINISTRATOR = "SUPER_ADMINISTRATOR"; + public static final String CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR = "CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR"; + public static final String REGISTERED_USER = "REGISTERED_USER"; private final RoleMappingService roleMappingService; private final AaiRegistryService aaiRegistryService;