From f05ccb0b431755e66c5c61bfa53c0db01ae7bdbe Mon Sep 17 00:00:00 2001 From: spyroukon Date: Fri, 2 Jul 2021 12:10:06 +0000 Subject: [PATCH] 1. fixed authorization in RepositoryController 2. created new methods and classes 3. made authorities mapping the same as with other openaire projects 4. refactoring --- .../aai/registry/AaiRegistryService.java | 250 +++++++++++ .../service/aai/registry/RegistryCalls.java | 405 ++++++++++++++++++ .../aai/registry/utils/RegistryUtils.java | 76 ++++ .../service/security/AuthoritiesMapper.java | 69 +++ .../security/AuthorizationService.java | 12 + 5 files changed, 812 insertions(+) create mode 100644 src/main/java/eu/dnetlib/repo/manager/service/aai/registry/AaiRegistryService.java create mode 100644 src/main/java/eu/dnetlib/repo/manager/service/aai/registry/RegistryCalls.java create mode 100644 src/main/java/eu/dnetlib/repo/manager/service/aai/registry/utils/RegistryUtils.java create mode 100644 src/main/java/eu/dnetlib/repo/manager/service/security/AuthoritiesMapper.java create mode 100644 src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationService.java diff --git a/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/AaiRegistryService.java b/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/AaiRegistryService.java new file mode 100644 index 0000000..3dbe14b --- /dev/null +++ b/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/AaiRegistryService.java @@ -0,0 +1,250 @@ +package eu.dnetlib.repo.manager.service.aai.registry; + +import com.google.gson.JsonArray; +import com.google.gson.JsonObject; +import eu.dnetlib.repo.manager.domain.dto.Role; + +import java.util.List; +import java.util.Map; + +public interface AaiRegistryService { + + /** + * 1.1 Get CoPersonId by authenticated user's Email + * + * @return + */ + Integer getCoPersonIdByEmail(); + + /** + * 1.2 Get CoPersonId by Email + * + * @param email + * @return + */ + Integer getCoPersonIdByEmail(String email); + + /** + * 1. Get CoPersonId List by Email + * + * @param email + * @return + */ + List getCoPersonIdsByEmail(String email); + + /** + * 2. Get CoPersonId by AAI identifier + * + * @return + */ + Integer getCoPersonIdByIdentifier(); + + /** + * 3.1 Get OpenAIRE cous with a specific name(or substring) + * + * @param name + * @return + */ + JsonArray getCous(String name); + + /** + * 3.2 Get all OpenAIRE cous + * + * @return + */ + JsonArray getCous(); + + /** + * 4.1 Get a couId by name + * + * @param name + * @return + */ + Integer getCouId(String name); + + /** + * 4.2 Get a couId by type.id with/without mapping type + * + * @param type + * @param id + * @return + */ + Integer getCouId(String type, String id, boolean communityMap); + + /** + * 4.3 Get a couId by type.id with mapping type + * + * @param type + * @param id + * @return + */ + Integer getCouId(String type, String id); + + /** + * 5. Get User non admin roles + * + * @param coPersonId + * @return + */ + JsonArray getRoles(Integer coPersonId); + + /** + * 6. Get Role id of User base on couId. + * + * @param coPersonId + * @param couId + * @return + */ + Integer getRoleId(Integer coPersonId, Integer couId); + + /** + * 7. Get User Groups + * + * @param coPersonId + * @return + */ + JsonArray getUserGroups(Integer coPersonId); + + /** + * 8. Get User Admin Group of a Cou + * + * @param coPersonId + * @param couId + * @return + */ + JsonObject getUserAdminGroup(Integer coPersonId, Integer couId); + + /** + * 9. Get Groups of a Cou + * + * @param couId + * @return + */ + JsonArray getCouGroups(Integer couId); + + /** + * 10. Get Admin Group of a Cou + * + * @param couId + * @return + */ + JsonObject getCouAdminGroup(Integer couId); + + /** + * 11. Get users of a group + * + * @param coGroupId + * @return + */ + JsonArray getGroupMembers(Integer coGroupId); + + + /** + * 12. Get Users' email of a Cou + * + * @param couId + * @param admin + * @return + */ + JsonArray getUserEmailByCouId(Integer couId, boolean admin); + + /** + * 12.2 Get All Users that have a specific role // TODO: Keep or delete + * + * @param couId + * @return + */ + JsonArray getUsersByCouId(Integer couId); + + /** + * 13. Get Users' names of a Cou + * + * @param couId + * @param admin + * @return + */ + JsonArray getUserNamesByCouId(Integer couId, boolean admin); + + /** + * 14. Get Users' identifiers of a Cou + * + * @param couId + * @param admin + * @return + */ + JsonArray getUserIdByCouId(Integer couId, boolean admin); + + /** + * 15. Assign a member role to a User + * + * @param coPersonId + * @param couId + * @param id + */ + void assignMemberRole(Integer coPersonId, Integer couId, Integer id); + + /** + * 16. Remove a member role from a User + * + * @param coPersonId + * @param couId + * @param id + */ + void removeMemberRole(Integer coPersonId, Integer couId, Integer id); + + /** + * 17. Create a new role + * + * @param role + * @return + */ + Integer createRole(Role role); + + /** + * 18. Get User's email + * + * @param coPersonId + * @return + */ + String getUserEmail(Integer coPersonId); + + /** + * 19. Get User's names + * + * @param coPersonId + * @return + */ + String getUserNames(Integer coPersonId); + + /** + * 20. Get User's identifier + * + * @param coPersonId + * @return + */ + String getUserId(Integer coPersonId); + + /** + * 21. Assign an admin role to a User + * + * @param coPersonId + * @param couId + */ + void assignAdminRole(Integer coPersonId, Integer couId); + + /** + * 22. Remove an admin role from a User + * + * @param coPersonId + * @param couId + */ + void removeAdminRole(Integer coPersonId, Integer couId); + + /** + * 23. Get a cou Names from couIds. + * + * @param couIds + * @return + */ + Map getCouNames(List couIds); +} diff --git a/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/RegistryCalls.java b/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/RegistryCalls.java new file mode 100644 index 0000000..10d3a67 --- /dev/null +++ b/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/RegistryCalls.java @@ -0,0 +1,405 @@ +package eu.dnetlib.repo.manager.service.aai.registry; + +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import eu.dnetlib.repo.manager.domain.dto.Role; +import eu.dnetlib.repo.manager.service.aai.registry.utils.RegistryUtils; +import eu.dnetlib.repo.manager.utils.HttpUtils; +import org.apache.log4j.Logger; +import org.mitre.openid.connect.model.OIDCAuthenticationToken; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Service; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +@Service +public class RegistryCalls implements AaiRegistryService { + + private static final Logger logger = Logger.getLogger(RegistryCalls.class); + + private final String coid; + public final HttpUtils httpUtils; + public final RegistryUtils jsonUtils; + + @Autowired + RegistryCalls(@Value("${registry.coid:2}") String coid, + HttpUtils httpUtils, RegistryUtils registryUtils) { + this.coid = coid; + this.httpUtils = httpUtils; + this.jsonUtils = registryUtils; + } + + private String mapType(String type, boolean communityMap) { + if (type.equals("organization")) { + type = "institution"; + } else if (type.equals("ri") && communityMap) { + type = "community"; + } + return type; + } + + @Override + public Integer getCoPersonIdByEmail() { + try { + OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); + String email = authentication.getUserInfo().getEmail(); + Map params = new HashMap<>(); + params.put("coid", coid); + params.put("mail", email); + JsonElement response = httpUtils.get("co_people.json", params); + return (response != null) ? response.getAsJsonObject().get("CoPeople").getAsJsonArray().get(0).getAsJsonObject().get("Id").getAsInt() : null; + } catch (Exception e) { + logger.error("Get User info: An error occurred ", e); + return null; + } + } + + @Override + public Integer getCoPersonIdByEmail(String email) { + Map params = new HashMap<>(); + params.put("coid", coid); + params.put("mail", email); + JsonElement response = httpUtils.get("co_people.json", params); + if (response != null) { + JsonArray coPeople = response.getAsJsonObject().get("CoPeople").getAsJsonArray(); + if (coPeople.size() > 0) { + return coPeople.get(0).getAsJsonObject().get("Id").getAsInt(); + } + } + return null; + } + + @Override + public List getCoPersonIdsByEmail(String email) { + List coPersonIds = new ArrayList<>(); + Map params = new HashMap<>(); + params.put("coid", coid); + params.put("mail", email); + JsonElement response = httpUtils.get("co_people.json", params); + if (response != null) { + JsonArray coPeople = response.getAsJsonObject().get("CoPeople").getAsJsonArray(); + for (int i = 0; i < coPeople.size(); i++) { + coPersonIds.add(coPeople.get(i).getAsJsonObject().get("Id").getAsInt()); + } + } + return coPersonIds; + } + + @Override + public Integer getCoPersonIdByIdentifier() { + try { + OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); + String sub = authentication.getUserInfo().getSub(); + Map params = new HashMap<>(); + params.put("coid", coid); + params.put("search.identifier", sub); + JsonElement response = httpUtils.get("co_people.json", params); + return (response != null) ? response.getAsJsonObject().get("CoPeople").getAsJsonArray().get(0).getAsJsonObject().get("Id").getAsInt() : null; + } catch (Exception e) { + logger.error("Get User info: An error occurred ", e); + return null; + } + } + + public Integer getCoPersonIdByIdentifier(String sub) { + Map params = new HashMap<>(); + params.put("coid", coid); + params.put("search.identifier", sub); + JsonElement response = httpUtils.get("co_people.json", params); + return (response != null) ? response.getAsJsonObject().get("CoPeople").getAsJsonArray().get(0).getAsJsonObject().get("Id").getAsInt() : null; + } + + @Override + public JsonArray getCous(String name) { + Map params = new HashMap<>(); + params.put("coid", coid); + if (name != null) { + params.put("name", name.toLowerCase()); + } + JsonElement response = httpUtils.get("cous.json", params); + return (response != null) ? response.getAsJsonObject().get("Cous").getAsJsonArray() : new JsonArray(); + } + + @Override + public JsonArray getCous() { + return getCous(null); + } + + @Override + public Integer getCouId(String name) { + JsonArray cous = getCous(name); + for (JsonElement cou : cous) { + if (cou.getAsJsonObject().get("Name").getAsString().equalsIgnoreCase(name)) { + return cou.getAsJsonObject().get("Id").getAsInt(); + } + } + return null; + } + + @Override + public Integer getCouId(String type, String id, boolean communityMap) { + return getCouId(mapType(type, communityMap) + "." + id); + } + + @Override + public Integer getCouId(String type, String id) { + return getCouId(type, id, true); + } + + @Override + public JsonArray getRoles(Integer coPersonId) { + Map params = new HashMap<>(); + params.put("copersonid", coPersonId.toString()); + JsonElement response = httpUtils.get("co_person_roles.json", params); + return (response != null) ? response.getAsJsonObject().get("CoPersonRoles").getAsJsonArray() : new JsonArray(); + } + + @Override + public Integer getRoleId(Integer coPersonId, Integer couId) { + JsonArray roles = getRoles(coPersonId); + for (JsonElement role : roles) { + JsonObject object = role.getAsJsonObject(); + if (object.get("CouId").getAsInt() == couId && !object.get("Status").getAsString().equals("Deleted")) { + return object.get("Id").getAsInt(); + } + } + return null; + } + + @Override + public JsonArray getUserGroups(Integer coPersonId) { + Map params = new HashMap<>(); + params.put("copersonid", coPersonId.toString()); + JsonElement response = httpUtils.get("co_groups.json", params); + return (response != null) ? response.getAsJsonObject().get("CoGroups").getAsJsonArray() : new JsonArray(); + } + + @Override + public JsonObject getUserAdminGroup(Integer coPersonId, Integer couId) { + Map params = new HashMap<>(); + params.put("copersonid", coPersonId.toString()); + JsonElement response = httpUtils.get("co_groups.json", params); + JsonArray roles = (response != null) ? response.getAsJsonObject().get("CoGroups").getAsJsonArray() : new JsonArray(); + for (JsonElement role : roles) { + JsonObject object = role.getAsJsonObject(); + if (object.get("CouId") != null && object.get("CouId").getAsInt() == couId) { + if (object.get("Name").getAsString().contains("admins")) { + return object; + } + } + } + return null; + } + + @Override + public JsonArray getCouGroups(Integer couId) { + Map params = new HashMap<>(); + params.put("coid", coid); + params.put("couid", couId.toString()); + JsonElement response = httpUtils.get("co_groups.json", params); + return (response != null) ? response.getAsJsonObject().get("CoGroups").getAsJsonArray() : new JsonArray(); + } + + @Override + public JsonObject getCouAdminGroup(Integer couId) { + JsonArray groups = getCouGroups(couId); + for (JsonElement group : groups) { + if (group.getAsJsonObject().get("Name").getAsString().contains("admins")) { + return group.getAsJsonObject(); + } + } + return null; + } + + @Override + public JsonArray getGroupMembers(Integer coGroupId) { + Map params = new HashMap<>(); + params.put("cogroupid", coGroupId.toString()); + JsonElement response = httpUtils.get("co_group_members.json", params); + return (response != null) ? response.getAsJsonObject().get("CoGroupMembers").getAsJsonArray() : new JsonArray(); + } + + + @Override + public JsonArray getUserEmailByCouId(Integer couId, boolean admin) { + Map params = new HashMap<>(); + params.put("couid", couId.toString()); + if (admin) { + params.put("admin", "true"); + } + JsonElement response = httpUtils.get("email_addresses.json", params); + JsonArray infos = (response != null) ? response.getAsJsonObject().get("EmailAddresses").getAsJsonArray() : new JsonArray(); + JsonArray emails = new JsonArray(); + infos.forEach(info -> { + JsonObject user = new JsonObject(); + boolean add = true; + String email = info.getAsJsonObject().get("Mail").getAsString(); + for (JsonElement element : emails) { + if (element.getAsJsonObject().get("email").getAsString().equals(email)) { + add = false; + } + } + if (add) { + user.addProperty("email", email); + user.addProperty("memberSince", info.getAsJsonObject().get("Created").getAsString()); + emails.add(user); + } + }); + return emails; + } + + @Override + public JsonArray getUsersByCouId(Integer couId) { + Map params = new HashMap<>(); + params.put("couid", couId.toString()); + JsonElement response = httpUtils.get("co_person_roles.json", params); + JsonArray infos = (response != null) ? response.getAsJsonObject().get("CoPersonRoles").getAsJsonArray() : new JsonArray(); +// JsonArray users = new JsonArray(); +// infos.forEach(info -> { +// JsonObject user = new JsonObject(); +// user.addProperty("email", info.getAsJsonObject().get("Mail").getAsString()); +// user.addProperty("memberSince", info.getAsJsonObject().get("Created").getAsString()); +// emails.add(user); +// }); + return infos; + } + + @Override + public JsonArray getUserNamesByCouId(Integer couId, boolean admin) { + Map params = new HashMap<>(); + params.put("couid", couId.toString()); + if (admin) { + params.put("admin", "true"); + } + JsonElement response = httpUtils.get("names.json", params); + JsonArray infos = (response != null) ? response.getAsJsonObject().get("Names").getAsJsonArray() : new JsonArray(); + JsonArray names = new JsonArray(); + infos.forEach(info -> { + JsonObject user = new JsonObject(); + user.addProperty("name", info.getAsJsonObject().get("Given").getAsString() + " " + info.getAsJsonObject().get("Family").getAsString()); + user.addProperty("memberSince", info.getAsJsonObject().get("Created").getAsString()); + names.add(user); + }); + return names; + } + + @Override + public JsonArray getUserIdByCouId(Integer couId, boolean admin) { + Map params = new HashMap<>(); + params.put("couid", couId.toString()); + if (admin) { + params.put("admin", "true"); + } + JsonElement response = httpUtils.get("identifiers.json", params); + JsonArray infos = (response != null) ? response.getAsJsonObject().get("Identifiers").getAsJsonArray() : new JsonArray(); + JsonArray emails = new JsonArray(); + infos.forEach(info -> { + JsonObject user = new JsonObject(); + user.addProperty("id", info.getAsJsonObject().get("Identifier").getAsString()); + user.addProperty("memberSince", info.getAsJsonObject().get("Created").getAsString()); + emails.add(user); + }); + return emails; + } + + @Override + public void assignMemberRole(Integer coPersonId, Integer couId, Integer id) { + if (id != null) { + httpUtils.put("co_person_roles/" + id.toString() + ".json", jsonUtils.coPersonRoles(coPersonId, couId, "Active")); + } else { + httpUtils.post("co_person_roles.json", jsonUtils.coPersonRoles(coPersonId, couId, "Active")); + } + } + + @Override + public void removeMemberRole(Integer coPersonId, Integer couId, Integer id) { + if (id != null) { + httpUtils.put("co_person_roles/" + id.toString() + ".json", jsonUtils.coPersonRoles(coPersonId, couId, "Deleted")); + } + } + + @Override + public Integer createRole(Role role) { + JsonElement element = httpUtils.post("cous.json", jsonUtils.createNewCou(role)); + return element.getAsJsonObject().get("Id").getAsInt(); + } + + @Override + public String getUserEmail(Integer coPersonId) { + Map params = new HashMap<>(); + params.put("copersonid", coPersonId.toString()); + JsonElement response = httpUtils.get("email_addresses.json", params); + JsonObject info = (response != null) ? response.getAsJsonObject().get("EmailAddresses").getAsJsonArray().get(0).getAsJsonObject() : null; + return (info != null) ? info.getAsJsonObject().get("Mail").getAsString() : null; + } + + @Override + public String getUserNames(Integer coPersonId) { + Map params = new HashMap<>(); + params.put("copersonid", coPersonId.toString()); + JsonElement response = httpUtils.get("names.json", params); + JsonObject info = (response != null) ? response.getAsJsonObject().get("Names").getAsJsonArray().get(0).getAsJsonObject() : null; + return (info != null) ? info.getAsJsonObject().get("Given").getAsString() + " " + info.getAsJsonObject().get("Family").getAsString() : null; + } + + @Override + public String getUserId(Integer coPersonId) { + Map params = new HashMap<>(); + params.put("copersonid", coPersonId.toString()); + JsonElement response = httpUtils.get("identifiers.json", params); + JsonObject info = (response != null) ? response.getAsJsonObject().get("Identifiers").getAsJsonArray().get(0).getAsJsonObject() : null; + return (info != null) ? info.getAsJsonObject().get("Identifier").getAsString() : null; + } + + @Override + public void assignAdminRole(Integer coPersonId, Integer couId) { + JsonObject group = getCouAdminGroup(couId); + if (group != null) { + httpUtils.post("co_group_members.json", jsonUtils.coGroupMembers(group.get("Id").getAsInt(), coPersonId, true)); + } + } + + @Override + public void removeAdminRole(Integer coPersonId, Integer couId) { + JsonObject adminGroup = this.getCouAdminGroup(couId); + JsonArray admins = this.getGroupMembers(adminGroup.get("Id").getAsInt()); + Integer id = null; + for (JsonElement admin : admins) { + if (admin.getAsJsonObject().get("Person").getAsJsonObject().get("Id").getAsInt() == coPersonId) { + id = admin.getAsJsonObject().get("Id").getAsInt(); + } + } + if (id != null) { + httpUtils.delete("co_group_members/" + id.toString() + ".json"); + } + } + + @Override + public Map getCouNames(List couIds) { + Map idNameMap = new HashMap<>(); + for (Integer id : couIds) { + idNameMap.put(id, null); + } + + JsonArray cous = getCous(); + int count = 0; + int total = couIds.size(); + for (JsonElement cou : cous) { + if (count < total) { + if (idNameMap.containsKey(cou.getAsJsonObject().get("Id").getAsInt())) { + idNameMap.put(cou.getAsJsonObject().get("Id").getAsInt(), cou.getAsJsonObject().get("Name").getAsString()); + count++; + } + } else { + break; + } + } + return idNameMap; + } +} diff --git a/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/utils/RegistryUtils.java b/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/utils/RegistryUtils.java new file mode 100644 index 0000000..7fe74f1 --- /dev/null +++ b/src/main/java/eu/dnetlib/repo/manager/service/aai/registry/utils/RegistryUtils.java @@ -0,0 +1,76 @@ +package eu.dnetlib.repo.manager.service.aai.registry.utils; + +import com.google.gson.JsonArray; +import com.google.gson.JsonObject; +import eu.dnetlib.repo.manager.domain.dto.Role; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Component; + +@Component +public class RegistryUtils { + + @Value("1.0") + private String version; + + @Value("2") + private String coid; + + public JsonObject coPersonRoles(Integer coPersonId, Integer couId, String status) { + JsonObject role = new JsonObject(); + JsonArray coPersonRoles = new JsonArray(); + JsonObject coPersonRole = new JsonObject(); + JsonObject person = new JsonObject(); + person.addProperty("Type", "CO"); + person.addProperty("Id", coPersonId.toString()); + coPersonRole.addProperty("Version", version); + coPersonRole.add("Person", person); + coPersonRole.addProperty("CouId", couId.toString()); + coPersonRole.addProperty("Affiliation", "member"); + coPersonRole.addProperty("Title", ""); + coPersonRole.addProperty("O", "Openaire"); + coPersonRole.addProperty("Status", status); + coPersonRole.addProperty("ValidFrom", ""); + coPersonRole.addProperty("ValidThrough", ""); + coPersonRoles.add(coPersonRole); + role.addProperty("RequestType", "CoPersonRoles"); + role.addProperty("Version", version); + role.add("CoPersonRoles", coPersonRoles); + return role; + } + + public JsonObject createNewCou(Role role) { + JsonObject cou = new JsonObject(); + JsonArray cous = new JsonArray(); + JsonObject newCou = new JsonObject(); + newCou.addProperty("Version", version); + newCou.addProperty("CoId", coid); + newCou.addProperty("Name", role.getName()); + newCou.addProperty("Description", role.getDescription()); + cous.add(newCou); + cou.addProperty("RequestType", "Cous"); + cou.addProperty("Version", version); + cou.add("Cous", cous); + return cou; + } + + public JsonObject coGroupMembers(Integer coGroupId, Integer coPersonId, boolean member) { + JsonObject coGroup = new JsonObject(); + JsonArray coGroupMembers = new JsonArray(); + JsonObject coGroupMember = new JsonObject(); + JsonObject person = new JsonObject(); + person.addProperty("Type", "CO"); + person.addProperty("Id", coPersonId.toString()); + coGroupMember.addProperty("Version", version); + coGroupMember.add("Person", person); + coGroupMember.addProperty("CoGroupId", coGroupId.toString()); + coGroupMember.addProperty("Member", member); + coGroupMember.addProperty("Owner", false); + coGroupMember.addProperty("ValidFrom", ""); + coGroupMember.addProperty("ValidThrough", ""); + coGroupMembers.add(coGroupMember); + coGroup.addProperty("RequestType", "CoGroupMembers"); + coGroup.addProperty("Version", version); + coGroup.add("CoGroupMembers", coGroupMembers); + return coGroup; + } +} diff --git a/src/main/java/eu/dnetlib/repo/manager/service/security/AuthoritiesMapper.java b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthoritiesMapper.java new file mode 100644 index 0000000..f435d98 --- /dev/null +++ b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthoritiesMapper.java @@ -0,0 +1,69 @@ +package eu.dnetlib.repo.manager.service.security; + +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; +import org.apache.log4j.Logger; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; + +import java.util.*; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +public class AuthoritiesMapper { + + private static final Logger logger = Logger.getLogger(AuthoritiesMapper.class); + + private AuthoritiesMapper() { + } + + public static Collection map(JsonArray entitlements) { + HashSet authorities = new HashSet<>(); + //entitlements.add("urn:geant:openaire.eu:group:datasource.opendoar____$$3469:role=member#aai.openaire.eu"); + provideRoles(entitlements, authorities); + entityRoles(entitlements, authorities); + return authorities; + } + + private static void entityRoles(JsonArray entitlements, Set authorities) { + String regex = "urn:geant:openaire[.]eu:group:([^:]*):?(.*)?:role=member#aai[.]openaire[.]eu"; + for (JsonElement obj : entitlements) { + Matcher matcher = Pattern.compile(regex).matcher(obj.getAsString()); + if (matcher.find()) { + StringBuilder sb = new StringBuilder(); + if (matcher.group(1) != null && matcher.group(1).length() > 0) { + sb.append(matcher.group(1).replace("+-+", "_").replaceAll("[+.]", "_").toUpperCase()); + } + if (matcher.group(2).length() > 0) { + sb.append("_"); + if (matcher.group(2).equals("admins")) { + sb.append("MANAGER"); + } else { + sb.append(matcher.group(2).toUpperCase()); + } + } + authorities.add(new SimpleGrantedAuthority(sb.toString())); + } + } + } + + // TODO: remove when ROLE_ADMIN and ROLE_PROVIDE_ADMIN are removed from project + private static void provideRoles(JsonArray entitlements, Set authorities) { + Map userRoles = new HashMap() {{ + put("urn:geant:openaire.eu:group:Super+Administrator:role=member#aai.openaire.eu", "ROLE_ADMIN"); + put("urn:geant:openaire.eu:group:Content+Provider+Dashboard+Administrator:role=member#aai.openaire.eu", "ROLE_PROVIDE_ADMIN"); + }}; + Map userRolesMap = new HashMap<>(); + userRoles.forEach((openaireRole, appRole) -> userRolesMap.put(openaireRole, new SimpleGrantedAuthority(appRole))); + authorities.add(new SimpleGrantedAuthority("ROLE_USER")); + if (entitlements != null) { + entitlements.forEach(role -> { + SimpleGrantedAuthority authority = userRolesMap.get(role.getAsString()); + if (authority != null) { + authorities.add(authority); + } + }); + } + } + +} diff --git a/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationService.java b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationService.java new file mode 100644 index 0000000..f41df4b --- /dev/null +++ b/src/main/java/eu/dnetlib/repo/manager/service/security/AuthorizationService.java @@ -0,0 +1,12 @@ +package eu.dnetlib.repo.manager.service.security; + +public interface AuthorizationService { + + /** + * + * @param type + * @param id + * @return + */ + String member(String type, String id); +}