task #9088 Authorization model should be changed to be Permission based

This commit is contained in:
Efstratios Giannopoulos 2023-10-18 12:10:24 +03:00
parent 43f77a4497
commit 27bcc31e54
10 changed files with 85 additions and 98 deletions

View File

@ -2,6 +2,14 @@ package eu.eudat.authorization;
public final class Permission {
//Language
public static String BrowseLanguage = "BrowseLanguage";
public static String EditLanguage = "EditLanguage";
//Language
public static String BrowseStatistics = "BrowseStatistics";
public static String BrowsePublicStatistics = "BrowsePublicStatistics";
//DescriptionTemplateType
public static String BrowseDescriptionTemplateType = "BrowseDescriptionTemplateType";
public static String EditDescriptionTemplateType = "EditDescriptionTemplateType";

View File

@ -1,5 +1,6 @@
package eu.eudat.controllers;
import eu.eudat.authorization.Permission;
import eu.eudat.logic.managers.DashBoardManager;
import eu.eudat.logic.security.claims.ClaimedAuthorities;
import eu.eudat.logic.services.ApiContext;
@ -12,6 +13,7 @@ import eu.eudat.models.data.helpers.responses.ResponseItem;
import eu.eudat.models.data.security.Principal;
import eu.eudat.types.ApiMessageCode;
import eu.eudat.types.Authorities;
import gr.cite.commons.web.authz.service.AuthorizationService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
@ -27,18 +29,30 @@ import java.util.List;
public class DashBoardController extends BaseController {
private DashBoardManager dashBoardManager;
private final AuthorizationService authorizationService;
@Autowired
public DashBoardController(ApiContext apiContext, DashBoardManager dashBoardManager) {
public DashBoardController(ApiContext apiContext, DashBoardManager dashBoardManager, AuthorizationService authorizationService) {
super(apiContext);
this.dashBoardManager = dashBoardManager;
this.authorizationService = authorizationService;
}
@RequestMapping(method = RequestMethod.GET, value = {"/dashboard/me/getStatistics"}, produces = "application/json")
public ResponseEntity<ResponseItem<DashBoardStatistics>> getStatistics(Principal principal) throws IOException {
this.authorizationService.authorizeForce(Permission.BrowseStatistics);
DashBoardStatistics statistics = dashBoardManager.getMeStatistics(principal);
return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem<DashBoardStatistics>().status(ApiMessageCode.NO_MESSAGE).payload(statistics));
}
@RequestMapping(method = RequestMethod.GET, value = {"/dashboard/getStatistics"}, produces = "application/json")
public ResponseEntity<ResponseItem<DashBoardStatistics>> getStatistics() {
this.authorizationService.authorizeForce(Permission.BrowsePublicStatistics);
DashBoardStatistics statistics = dashBoardManager.getStatistics();
return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem<DashBoardStatistics>().status(ApiMessageCode.NO_MESSAGE).payload(statistics));
}
@RequestMapping(method = RequestMethod.POST, value = {"/dashboard/recentActivity"}, produces = "application/json")
@Transactional
public ResponseEntity<ResponseItem<List<RecentActivityModel>>> getNewRecentActivity(@RequestBody RecentActivityTableRequest tableRequest,

View File

@ -1,10 +1,12 @@
package eu.eudat.controllers;
import eu.eudat.authorization.Permission;
import eu.eudat.logic.security.claims.ClaimedAuthorities;
import eu.eudat.models.data.helpers.responses.ResponseItem;
import eu.eudat.models.data.security.Principal;
import eu.eudat.types.ApiMessageCode;
import eu.eudat.types.Authorities;
import gr.cite.commons.web.authz.service.AuthorizationService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpHeaders;
@ -21,19 +23,45 @@ import java.io.*;
public class LanguageController {
private Environment environment;
private final AuthorizationService authorizationService;
@Autowired
public LanguageController(Environment environment) {
public LanguageController(Environment environment, AuthorizationService authorizationService) {
this.environment = environment;
this.authorizationService = authorizationService;
}
@RequestMapping(value = "update/{lang}", method = RequestMethod.POST)
public @ResponseBody
ResponseEntity<ResponseItem<String>> updateLang(@PathVariable String lang, @RequestBody String json, @ClaimedAuthorities(claims = {Authorities.ADMIN}) Principal principal) throws Exception {
ResponseEntity<ResponseItem<String>> updateLang(@PathVariable String lang, @RequestBody String json) throws Exception {
this.authorizationService.authorizeForce(Permission.EditLanguage);
String fileName = this.environment.getProperty("language.path") + lang + ".json";
OutputStream os = new FileOutputStream(fileName);
os.write(json.getBytes());
os.close();
return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem<String>().status(ApiMessageCode.SUCCESS_MESSAGE).message("Updated").payload("Updated"));
}
@RequestMapping(value = "{lang}", method = RequestMethod.GET)
public ResponseEntity getLanguage(@PathVariable String lang) throws IOException {
this.authorizationService.authorizeForce(Permission.BrowseLanguage);
String fileName = this.environment.getProperty("language.path") + lang + ".json";
InputStream is = new FileInputStream(fileName);
HttpHeaders responseHeaders = new HttpHeaders();
responseHeaders.setContentLength(is.available());
responseHeaders.setContentType(MediaType.APPLICATION_JSON);
responseHeaders.set("Content-Disposition", "attachment;filename=" + fileName);
responseHeaders.set("Access-Control-Expose-Headers", "Content-Disposition");
responseHeaders.get("Access-Control-Expose-Headers").add("Content-Type");
byte[] content = new byte[is.available()];
is.read(content);
is.close();
return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK);
}
}

View File

@ -1,42 +0,0 @@
package eu.eudat.controllers;
import eu.eudat.controllers.BaseController;
import eu.eudat.logic.managers.DashBoardManager;
import eu.eudat.logic.security.claims.ClaimedAuthorities;
import eu.eudat.logic.services.ApiContext;
import eu.eudat.models.data.dashboard.recent.RecentActivity;
import eu.eudat.models.data.dashboard.recent.model.RecentActivityModel;
import eu.eudat.models.data.dashboard.recent.tablerequest.RecentActivityTableRequest;
import eu.eudat.models.data.dashboard.searchbar.SearchBarItem;
import eu.eudat.models.data.dashboard.statistics.DashBoardStatistics;
import eu.eudat.models.data.helpers.responses.ResponseItem;
import eu.eudat.models.data.security.Principal;
import eu.eudat.types.ApiMessageCode;
import eu.eudat.types.Authorities;
import jakarta.transaction.Transactional;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import java.io.IOException;
import java.util.List;
@RestController
@CrossOrigin
@RequestMapping(value = {"/api/public/dashboard/"})
public class PublicDashBoardController extends BaseController {
private DashBoardManager dashBoardManager;
@Autowired
public PublicDashBoardController(ApiContext apiContext, DashBoardManager dashBoardManager) {
super(apiContext);
this.dashBoardManager = dashBoardManager;
}
@RequestMapping(method = RequestMethod.GET, value = {"getStatistics"}, produces = "application/json")
public ResponseEntity<ResponseItem<DashBoardStatistics>> getStatistics() {
DashBoardStatistics statistics = dashBoardManager.getStatistics();
return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem<DashBoardStatistics>().status(ApiMessageCode.NO_MESSAGE).payload(statistics));
}
}

View File

@ -1,44 +0,0 @@
package eu.eudat.controllers;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import java.io.*;
@RestController
@CrossOrigin
@RequestMapping(value = {"/api/public/language/"})
public class PublicLanguageController {
private Environment environment;
@Autowired
public PublicLanguageController(Environment environment) {
this.environment = environment;
}
@RequestMapping(value = "{lang}", method = RequestMethod.GET)
public ResponseEntity getLanguage(@PathVariable String lang) throws IOException {
String fileName = this.environment.getProperty("language.path") + lang + ".json";
InputStream is = new FileInputStream(fileName);
HttpHeaders responseHeaders = new HttpHeaders();
responseHeaders.setContentLength(is.available());
responseHeaders.setContentType(MediaType.APPLICATION_JSON);
responseHeaders.set("Content-Disposition", "attachment;filename=" + fileName);
responseHeaders.set("Access-Control-Expose-Headers", "Content-Disposition");
responseHeaders.get("Access-Control-Expose-Headers").add("Content-Type");
byte[] content = new byte[is.available()];
is.read(content);
is.close();
return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK);
}
}

View File

@ -1,12 +1,35 @@
permissions:
extendedClaims: [ ]
policies:
# Users
# Language
BrowseLanguage:
roles: [ ]
clients: [ ]
allowAnonymous: true
allowAuthenticated: true
EditLanguage:
roles:
- Admin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
# Statistics
BrowseStatistics:
roles: [ ]
clients: [ ]
allowAnonymous: false
allowAuthenticated: true
BrowsePublicStatistics:
roles: [ ]
clients: [ ]
allowAnonymous: true
allowAuthenticated: true
# DescriptionTemplateType
BrowseDescriptionTemplateType:
roles:
- Admin
clients: [ ]
allowAnonymous: true
allowAnonymous: false
allowAuthenticated: false
EditDescriptionTemplateType:
roles:

View File

@ -14,7 +14,6 @@ export class DashboardService {
private headers: HttpHeaders;
private get apiBase(): string { return `${this.configurationService.server}dashboard`; }
private get publicApiBase(): string { return `${this.configurationService.server}public/dashboard`; }
constructor(private http: BaseHttpService,
@ -22,7 +21,7 @@ export class DashboardService {
}
getStatistics(): Observable<DashboardStatisticsModel> {
return this.http.get<DashboardStatisticsModel>(`${this.publicApiBase}/getStatistics`, { headers: this.headers });
return this.http.get<DashboardStatisticsModel>(`${this.apiBase}/getStatistics`, { headers: this.headers });
}
getUserStatistics(): Observable<DashboardStatisticsModel> {

View File

@ -13,7 +13,6 @@ import { InterceptorType } from '@common/http/interceptors/interceptor-type';
export class LanguageService {
private currentLanguage: string;
private get apiBase(): string { return `${this.configurationService.server}language`; }
private get publicApiBase(): string { return `${this.configurationService.server}public/language`; }
constructor(
private translate: TranslateService,
@ -40,7 +39,7 @@ export class LanguageService {
// InterceptorType.AuthToken,
// ]
// };
return this.http.get(`${this.publicApiBase}/${this.currentLanguage}`, { params: params, responseType: 'blob', observe: 'response' });
return this.http.get(`${this.apiBase}/${this.currentLanguage}`, { params: params, responseType: 'blob', observe: 'response' });
}
public updateLanguage(json: string): Observable<String> {

View File

@ -7,7 +7,7 @@ import { BaseHttpParams } from '@common/http/base-http-params';
import { InterceptorType } from '@common/http/interceptors/interceptor-type';
export class TranslateServerLoader implements TranslateLoader{
private get apiBase(): string { return `${this.configurationService.server}public/language`; }
private get apiBase(): string { return `${this.configurationService.server}language`; }
constructor(
private http: HttpClient,

View File

@ -1,4 +1,5 @@
import { Component, Input, OnInit } from '@angular/core';
import { ActivatedRoute } from '@angular/router';
import { AuthService } from '@app/core/services/auth/auth.service';
import { BaseComponent } from '@common/base/base.component';
@ -24,10 +25,11 @@ export class LoginComponent extends BaseComponent implements OnInit {
constructor(
private authService: AuthService,
private route: ActivatedRoute
) { super(); }
ngOnInit(): void {
const returnUrL = this.returnUrl;
this.authService.authenticate(returnUrL ? returnUrL : "/");
this.returnUrl = this.route.snapshot.queryParamMap.get('returnUrl') || '/';
this.authService.authenticate(this.returnUrl ? this.returnUrl : "/");
}
}