From 27bcc31e54e4dc6c80dec5392f22a4634c046dde Mon Sep 17 00:00:00 2001 From: sgiannopoulos Date: Wed, 18 Oct 2023 12:10:24 +0300 Subject: [PATCH] task #9088 Authorization model should be changed to be Permission based --- .../eu/eudat/authorization/Permission.java | 8 ++++ .../controllers/DashBoardController.java | 16 ++++++- .../eudat/controllers/LanguageController.java | 32 +++++++++++++- .../PublicDashBoardController.java | 42 ------------------ .../controllers/PublicLanguageController.java | 44 ------------------- .../src/main/resources/config/permissions.yml | 27 +++++++++++- .../services/dashboard/dashboard.service.ts | 3 +- .../services/language/language.service.ts | 3 +- .../core/services/language/server.loader.ts | 2 +- .../src/app/ui/auth/login/login.component.ts | 6 ++- 10 files changed, 85 insertions(+), 98 deletions(-) delete mode 100644 dmp-backend/web/src/main/java/eu/eudat/controllers/PublicDashBoardController.java delete mode 100644 dmp-backend/web/src/main/java/eu/eudat/controllers/PublicLanguageController.java diff --git a/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java b/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java index b68deaf62..947de0f03 100644 --- a/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java +++ b/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java @@ -2,6 +2,14 @@ package eu.eudat.authorization; public final class Permission { + //Language + public static String BrowseLanguage = "BrowseLanguage"; + public static String EditLanguage = "EditLanguage"; + + //Language + public static String BrowseStatistics = "BrowseStatistics"; + public static String BrowsePublicStatistics = "BrowsePublicStatistics"; + //DescriptionTemplateType public static String BrowseDescriptionTemplateType = "BrowseDescriptionTemplateType"; public static String EditDescriptionTemplateType = "EditDescriptionTemplateType"; diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/DashBoardController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/DashBoardController.java index 5e7aedd6d..f468e4534 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/DashBoardController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/DashBoardController.java @@ -1,5 +1,6 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.logic.managers.DashBoardManager; import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.logic.services.ApiContext; @@ -12,6 +13,7 @@ import eu.eudat.models.data.helpers.responses.ResponseItem; import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; import eu.eudat.types.Authorities; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -27,18 +29,30 @@ import java.util.List; public class DashBoardController extends BaseController { private DashBoardManager dashBoardManager; + private final AuthorizationService authorizationService; @Autowired - public DashBoardController(ApiContext apiContext, DashBoardManager dashBoardManager) { + public DashBoardController(ApiContext apiContext, DashBoardManager dashBoardManager, AuthorizationService authorizationService) { super(apiContext); this.dashBoardManager = dashBoardManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.GET, value = {"/dashboard/me/getStatistics"}, produces = "application/json") public ResponseEntity> getStatistics(Principal principal) throws IOException { + this.authorizationService.authorizeForce(Permission.BrowseStatistics); + DashBoardStatistics statistics = dashBoardManager.getMeStatistics(principal); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(statistics)); } + @RequestMapping(method = RequestMethod.GET, value = {"/dashboard/getStatistics"}, produces = "application/json") + public ResponseEntity> getStatistics() { + this.authorizationService.authorizeForce(Permission.BrowsePublicStatistics); + + DashBoardStatistics statistics = dashBoardManager.getStatistics(); + return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(statistics)); + } + @RequestMapping(method = RequestMethod.POST, value = {"/dashboard/recentActivity"}, produces = "application/json") @Transactional public ResponseEntity>> getNewRecentActivity(@RequestBody RecentActivityTableRequest tableRequest, diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/LanguageController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/LanguageController.java index bf958e2c6..1d829cbaf 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/LanguageController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/LanguageController.java @@ -1,10 +1,12 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.models.data.helpers.responses.ResponseItem; import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; import eu.eudat.types.Authorities; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.env.Environment; import org.springframework.http.HttpHeaders; @@ -21,19 +23,45 @@ import java.io.*; public class LanguageController { private Environment environment; + private final AuthorizationService authorizationService; @Autowired - public LanguageController(Environment environment) { + public LanguageController(Environment environment, AuthorizationService authorizationService) { this.environment = environment; + this.authorizationService = authorizationService; } @RequestMapping(value = "update/{lang}", method = RequestMethod.POST) public @ResponseBody - ResponseEntity> updateLang(@PathVariable String lang, @RequestBody String json, @ClaimedAuthorities(claims = {Authorities.ADMIN}) Principal principal) throws Exception { + ResponseEntity> updateLang(@PathVariable String lang, @RequestBody String json) throws Exception { + this.authorizationService.authorizeForce(Permission.EditLanguage); + String fileName = this.environment.getProperty("language.path") + lang + ".json"; OutputStream os = new FileOutputStream(fileName); os.write(json.getBytes()); os.close(); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Updated").payload("Updated")); } + + @RequestMapping(value = "{lang}", method = RequestMethod.GET) + public ResponseEntity getLanguage(@PathVariable String lang) throws IOException { + + this.authorizationService.authorizeForce(Permission.BrowseLanguage); + + String fileName = this.environment.getProperty("language.path") + lang + ".json"; + InputStream is = new FileInputStream(fileName); + + HttpHeaders responseHeaders = new HttpHeaders(); + responseHeaders.setContentLength(is.available()); + responseHeaders.setContentType(MediaType.APPLICATION_JSON); + responseHeaders.set("Content-Disposition", "attachment;filename=" + fileName); + responseHeaders.set("Access-Control-Expose-Headers", "Content-Disposition"); + responseHeaders.get("Access-Control-Expose-Headers").add("Content-Type"); + + byte[] content = new byte[is.available()]; + is.read(content); + is.close(); + + return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK); + } } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/PublicDashBoardController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/PublicDashBoardController.java deleted file mode 100644 index 3c72134da..000000000 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/PublicDashBoardController.java +++ /dev/null @@ -1,42 +0,0 @@ -package eu.eudat.controllers; - -import eu.eudat.controllers.BaseController; -import eu.eudat.logic.managers.DashBoardManager; -import eu.eudat.logic.security.claims.ClaimedAuthorities; -import eu.eudat.logic.services.ApiContext; -import eu.eudat.models.data.dashboard.recent.RecentActivity; -import eu.eudat.models.data.dashboard.recent.model.RecentActivityModel; -import eu.eudat.models.data.dashboard.recent.tablerequest.RecentActivityTableRequest; -import eu.eudat.models.data.dashboard.searchbar.SearchBarItem; -import eu.eudat.models.data.dashboard.statistics.DashBoardStatistics; -import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; -import eu.eudat.types.ApiMessageCode; -import eu.eudat.types.Authorities; -import jakarta.transaction.Transactional; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.*; - -import java.io.IOException; -import java.util.List; - -@RestController -@CrossOrigin -@RequestMapping(value = {"/api/public/dashboard/"}) -public class PublicDashBoardController extends BaseController { - - private DashBoardManager dashBoardManager; - @Autowired - public PublicDashBoardController(ApiContext apiContext, DashBoardManager dashBoardManager) { - super(apiContext); - this.dashBoardManager = dashBoardManager; - } - - @RequestMapping(method = RequestMethod.GET, value = {"getStatistics"}, produces = "application/json") - public ResponseEntity> getStatistics() { - DashBoardStatistics statistics = dashBoardManager.getStatistics(); - return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(statistics)); - } -} diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/PublicLanguageController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/PublicLanguageController.java deleted file mode 100644 index 1f62ba879..000000000 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/PublicLanguageController.java +++ /dev/null @@ -1,44 +0,0 @@ -package eu.eudat.controllers; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.env.Environment; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.*; - -import java.io.*; - -@RestController -@CrossOrigin -@RequestMapping(value = {"/api/public/language/"}) -public class PublicLanguageController { - - private Environment environment; - - @Autowired - public PublicLanguageController(Environment environment) { - this.environment = environment; - } - - @RequestMapping(value = "{lang}", method = RequestMethod.GET) - public ResponseEntity getLanguage(@PathVariable String lang) throws IOException { - - String fileName = this.environment.getProperty("language.path") + lang + ".json"; - InputStream is = new FileInputStream(fileName); - - HttpHeaders responseHeaders = new HttpHeaders(); - responseHeaders.setContentLength(is.available()); - responseHeaders.setContentType(MediaType.APPLICATION_JSON); - responseHeaders.set("Content-Disposition", "attachment;filename=" + fileName); - responseHeaders.set("Access-Control-Expose-Headers", "Content-Disposition"); - responseHeaders.get("Access-Control-Expose-Headers").add("Content-Type"); - - byte[] content = new byte[is.available()]; - is.read(content); - is.close(); - - return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK); - } -} diff --git a/dmp-backend/web/src/main/resources/config/permissions.yml b/dmp-backend/web/src/main/resources/config/permissions.yml index 1d61b4aa4..8a99fb973 100644 --- a/dmp-backend/web/src/main/resources/config/permissions.yml +++ b/dmp-backend/web/src/main/resources/config/permissions.yml @@ -1,12 +1,35 @@ permissions: extendedClaims: [ ] policies: - # Users + # Language + BrowseLanguage: + roles: [ ] + clients: [ ] + allowAnonymous: true + allowAuthenticated: true + EditLanguage: + roles: + - Admin + clients: [ ] + allowAnonymous: false + allowAuthenticated: false + # Statistics + BrowseStatistics: + roles: [ ] + clients: [ ] + allowAnonymous: false + allowAuthenticated: true + BrowsePublicStatistics: + roles: [ ] + clients: [ ] + allowAnonymous: true + allowAuthenticated: true + # DescriptionTemplateType BrowseDescriptionTemplateType: roles: - Admin clients: [ ] - allowAnonymous: true + allowAnonymous: false allowAuthenticated: false EditDescriptionTemplateType: roles: diff --git a/dmp-frontend/src/app/core/services/dashboard/dashboard.service.ts b/dmp-frontend/src/app/core/services/dashboard/dashboard.service.ts index c215246f2..fac61010b 100644 --- a/dmp-frontend/src/app/core/services/dashboard/dashboard.service.ts +++ b/dmp-frontend/src/app/core/services/dashboard/dashboard.service.ts @@ -14,7 +14,6 @@ export class DashboardService { private headers: HttpHeaders; private get apiBase(): string { return `${this.configurationService.server}dashboard`; } - private get publicApiBase(): string { return `${this.configurationService.server}public/dashboard`; } constructor(private http: BaseHttpService, @@ -22,7 +21,7 @@ export class DashboardService { } getStatistics(): Observable { - return this.http.get(`${this.publicApiBase}/getStatistics`, { headers: this.headers }); + return this.http.get(`${this.apiBase}/getStatistics`, { headers: this.headers }); } getUserStatistics(): Observable { diff --git a/dmp-frontend/src/app/core/services/language/language.service.ts b/dmp-frontend/src/app/core/services/language/language.service.ts index 0b76a0ffb..f4c671b3f 100644 --- a/dmp-frontend/src/app/core/services/language/language.service.ts +++ b/dmp-frontend/src/app/core/services/language/language.service.ts @@ -13,7 +13,6 @@ import { InterceptorType } from '@common/http/interceptors/interceptor-type'; export class LanguageService { private currentLanguage: string; private get apiBase(): string { return `${this.configurationService.server}language`; } - private get publicApiBase(): string { return `${this.configurationService.server}public/language`; } constructor( private translate: TranslateService, @@ -40,7 +39,7 @@ export class LanguageService { // InterceptorType.AuthToken, // ] // }; - return this.http.get(`${this.publicApiBase}/${this.currentLanguage}`, { params: params, responseType: 'blob', observe: 'response' }); + return this.http.get(`${this.apiBase}/${this.currentLanguage}`, { params: params, responseType: 'blob', observe: 'response' }); } public updateLanguage(json: string): Observable { diff --git a/dmp-frontend/src/app/core/services/language/server.loader.ts b/dmp-frontend/src/app/core/services/language/server.loader.ts index 4f2ed4548..1a2dfbabc 100644 --- a/dmp-frontend/src/app/core/services/language/server.loader.ts +++ b/dmp-frontend/src/app/core/services/language/server.loader.ts @@ -7,7 +7,7 @@ import { BaseHttpParams } from '@common/http/base-http-params'; import { InterceptorType } from '@common/http/interceptors/interceptor-type'; export class TranslateServerLoader implements TranslateLoader{ - private get apiBase(): string { return `${this.configurationService.server}public/language`; } + private get apiBase(): string { return `${this.configurationService.server}language`; } constructor( private http: HttpClient, diff --git a/dmp-frontend/src/app/ui/auth/login/login.component.ts b/dmp-frontend/src/app/ui/auth/login/login.component.ts index 2dc737d76..4b2216188 100644 --- a/dmp-frontend/src/app/ui/auth/login/login.component.ts +++ b/dmp-frontend/src/app/ui/auth/login/login.component.ts @@ -1,4 +1,5 @@ import { Component, Input, OnInit } from '@angular/core'; +import { ActivatedRoute } from '@angular/router'; import { AuthService } from '@app/core/services/auth/auth.service'; import { BaseComponent } from '@common/base/base.component'; @@ -24,10 +25,11 @@ export class LoginComponent extends BaseComponent implements OnInit { constructor( private authService: AuthService, + private route: ActivatedRoute ) { super(); } ngOnInit(): void { - const returnUrL = this.returnUrl; - this.authService.authenticate(returnUrL ? returnUrL : "/"); + this.returnUrl = this.route.snapshot.queryParamMap.get('returnUrl') || '/'; + this.authService.authenticate(this.returnUrl ? this.returnUrl : "/"); } }