Merge branch 'dmp-refactoring' of https://code-repo.d4science.org/MaDgiK-CITE/argos into dmp-refactoring
This commit is contained in:
commit
2bad85019b
|
@ -0,0 +1,9 @@
|
||||||
|
package eu.eudat.authorization;
|
||||||
|
|
||||||
|
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
|
||||||
|
@Configuration("AppAuthorizationConfiguration")
|
||||||
|
@EnableConfigurationProperties(AuthorizationProperties.class)
|
||||||
|
public class AuthorizationConfiguration {
|
||||||
|
}
|
|
@ -0,0 +1,31 @@
|
||||||
|
package eu.eudat.authorization;
|
||||||
|
|
||||||
|
|
||||||
|
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||||
|
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
@ConfigurationProperties(prefix = "authorization")
|
||||||
|
public class AuthorizationProperties {
|
||||||
|
|
||||||
|
private List<String> allowedTenantRoles;
|
||||||
|
|
||||||
|
public List<String> getAllowedTenantRoles() {
|
||||||
|
return allowedTenantRoles;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAllowedTenantRoles(List<String> allowedTenantRoles) {
|
||||||
|
this.allowedTenantRoles = allowedTenantRoles;
|
||||||
|
}
|
||||||
|
|
||||||
|
private List<String> allowedGlobalRoles;
|
||||||
|
|
||||||
|
public List<String> getAllowedGlobalRoles() {
|
||||||
|
return allowedGlobalRoles;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAllowedGlobalRoles(List<String> allowedGlobalRoles) {
|
||||||
|
this.allowedGlobalRoles = allowedGlobalRoles;
|
||||||
|
}
|
||||||
|
}
|
|
@ -2,4 +2,8 @@ package eu.eudat.authorization;
|
||||||
|
|
||||||
public class ClaimNames {
|
public class ClaimNames {
|
||||||
public static final String ExternalProviderName = "ExternalProviderName";
|
public static final String ExternalProviderName = "ExternalProviderName";
|
||||||
|
public static final String TenantCodesClaimName = "TenantCodes";
|
||||||
|
public static final String TenantClaimName = "x-tenant";
|
||||||
|
public static final String GlobalRolesClaimName = "GlobalRoles";
|
||||||
|
public static final String TenantRolesClaimName = "TenantRoles";
|
||||||
}
|
}
|
||||||
|
|
|
@ -123,9 +123,6 @@ public final class Permission {
|
||||||
public static String DeleteUserSettings = "DeleteUserSettings";
|
public static String DeleteUserSettings = "DeleteUserSettings";
|
||||||
|
|
||||||
|
|
||||||
// UI Pages
|
|
||||||
public static String ViewDescriptionTemplateTypePage = "ViewDescriptionTemplateTypePage";
|
|
||||||
public static String ViewDmpBlueprintPage = "ViewDmpBlueprintPage";
|
|
||||||
|
|
||||||
//Reference
|
//Reference
|
||||||
public static String BrowseReference = "BrowseReference";
|
public static String BrowseReference = "BrowseReference";
|
||||||
|
@ -191,4 +188,26 @@ public final class Permission {
|
||||||
public static String DeletePrefillingSource = "DeletePrefillingSource";
|
public static String DeletePrefillingSource = "DeletePrefillingSource";
|
||||||
|
|
||||||
|
|
||||||
|
// UI Pages
|
||||||
|
public static String ViewDescriptionTemplateTypePage = "ViewDescriptionTemplateTypePage";
|
||||||
|
public static String ViewMaintenancePage = "ViewMaintenancePage";
|
||||||
|
public static String ViewNotificationPage = "ViewNotificationPage";
|
||||||
|
public static String ViewNotificationTemplatePage = "ViewNotificationTemplatePage";
|
||||||
|
public static String ViewSupportiveMaterialPage = "ViewSupportiveMaterialPage";
|
||||||
|
public static String ViewLanguagePage = "ViewLanguagePage";
|
||||||
|
public static String ViewUserPage = "ViewUserPage";
|
||||||
|
public static String ViewTenantPage = "ViewTenantPage";
|
||||||
|
public static String ViewPrefillingSourcePage = "ViewPrefillingSourcePage";
|
||||||
|
public static String ViewReferenceTypePage = "ViewReferenceTypePage";
|
||||||
|
public static String ViewReferencePage = "ViewReferencePage";
|
||||||
|
public static String ViewEntityLockPage = "ViewEntityLockPage";
|
||||||
|
public static String ViewDescriptionTemplatePage = "ViewDescriptionTemplatePage";
|
||||||
|
public static String ViewDmpBlueprintPage = "ViewDmpBlueprintPage";
|
||||||
|
public static String ViewPublicDescriptionPage = "ViewPublicDescriptionPage";
|
||||||
|
public static String ViewPublicDmpPage = "ViewPublicDmpPage";
|
||||||
|
public static String ViewMyDescriptionPage = "ViewMyDescriptionPage";
|
||||||
|
public static String ViewMyDmpPage = "ViewMyDmpPage";
|
||||||
|
public static String ViewHomePage = "ViewHomePage";
|
||||||
|
public static String ViewMineInAppNotificationPage = "ViewMineInAppNotificationPage";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,9 +16,6 @@ import java.util.concurrent.atomic.AtomicReference;
|
||||||
@RequestScope
|
@RequestScope
|
||||||
public class TenantScope {
|
public class TenantScope {
|
||||||
public static final String TenantReplaceParameter = "::TenantCode::";
|
public static final String TenantReplaceParameter = "::TenantCode::";
|
||||||
public static final String TenantCodesClaimName = "TenantCodes";
|
|
||||||
public static final String TenantClaimName = "x-tenant";
|
|
||||||
|
|
||||||
private final MultitenancyProperties multitenancy;
|
private final MultitenancyProperties multitenancy;
|
||||||
private final AtomicReference<UUID> tenant = new AtomicReference<>();
|
private final AtomicReference<UUID> tenant = new AtomicReference<>();
|
||||||
private final AtomicReference<String> tenantCode = new AtomicReference<>();
|
private final AtomicReference<String> tenantCode = new AtomicReference<>();
|
||||||
|
|
|
@ -21,9 +21,6 @@ import java.util.UUID;
|
||||||
public class TenantEntityManager {
|
public class TenantEntityManager {
|
||||||
@PersistenceContext
|
@PersistenceContext
|
||||||
private EntityManager entityManager;
|
private EntityManager entityManager;
|
||||||
// private final CurrentPrincipalResolver currentPrincipalResolver;
|
|
||||||
// private final ClaimExtractor claimExtractor;
|
|
||||||
// private final AuthorizationService authorizationService;
|
|
||||||
private final TenantScope tenantScope;
|
private final TenantScope tenantScope;
|
||||||
|
|
||||||
public TenantEntityManager(TenantScope tenantScope) {
|
public TenantEntityManager(TenantScope tenantScope) {
|
||||||
|
@ -36,23 +33,23 @@ public class TenantEntityManager {
|
||||||
}
|
}
|
||||||
|
|
||||||
public <T> T merge(T entity) throws InvalidApplicationException {
|
public <T> T merge(T entity) throws InvalidApplicationException {
|
||||||
if (tenantScope.isMultitenant() && (entity instanceof TenantScoped)) {
|
if (tenantScope.isMultitenant() && (entity instanceof TenantScoped tenantScopedEntity)) {
|
||||||
// this.currentPrincipalResolver.currentPrincipal().isAuthenticated();
|
if (!tenantScope.isDefaultTenant()) {
|
||||||
// this.claimExtractor.subjectUUID(this.currentPrincipalResolver.currentPrincipal());
|
if (tenantScopedEntity.getTenantId() == null || !tenantScopedEntity.getTenantId().equals(tenantScope.getTenant())) throw new MyForbiddenException("tenant tampering");
|
||||||
// boolean isAllowedNoTenant = authorizationService.authorize(Permission.AllowNoTenant);
|
} else if (tenantScopedEntity.getTenantId() != null) {
|
||||||
|
throw new MyForbiddenException("tenant tampering");
|
||||||
boolean isAllowedNoTenant = ((TenantScoped) entity).allowNullTenant() || this.tenantScope.isDefaultTenant();
|
}
|
||||||
final UUID tenantId = !isAllowedNoTenant ? tenantScope.getTenant() : null;
|
|
||||||
if (!isAllowedNoTenant && !tenantId.equals(((TenantScoped) entity).getTenantId())) throw new MyForbiddenException("tenant tampering");
|
|
||||||
}
|
}
|
||||||
return this.entityManager.merge(entity);
|
return this.entityManager.merge(entity);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void remove(Object entity) throws InvalidApplicationException {
|
public void remove(Object entity) throws InvalidApplicationException {
|
||||||
if (tenantScope.isMultitenant() && (entity instanceof TenantScoped)) {
|
if (tenantScope.isMultitenant() && (entity instanceof TenantScoped tenantScopedEntity)) {
|
||||||
boolean isAllowedNoTenant = ((TenantScoped) entity).allowNullTenant() || this.tenantScope.isDefaultTenant();
|
if (!tenantScope.isDefaultTenant()) {
|
||||||
final UUID tenantId = !isAllowedNoTenant ? tenantScope.getTenant() : null;
|
if (tenantScopedEntity.getTenantId() == null || !tenantScopedEntity.getTenantId().equals(tenantScope.getTenant())) throw new MyForbiddenException("tenant tampering");
|
||||||
if (!isAllowedNoTenant && !tenantId.equals(((TenantScoped) entity).getTenantId())) throw new MyForbiddenException("tenant tampering");
|
} else if (tenantScopedEntity.getTenantId() != null) {
|
||||||
|
throw new MyForbiddenException("tenant tampering");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
this.entityManager.remove(entity);
|
this.entityManager.remove(entity);
|
||||||
}
|
}
|
||||||
|
@ -60,14 +57,8 @@ public class TenantEntityManager {
|
||||||
public <T> T find(Class<T> entityClass, Object primaryKey) throws InvalidApplicationException {
|
public <T> T find(Class<T> entityClass, Object primaryKey) throws InvalidApplicationException {
|
||||||
T entity = this.entityManager.find(entityClass, primaryKey);
|
T entity = this.entityManager.find(entityClass, primaryKey);
|
||||||
|
|
||||||
if (tenantScope.isMultitenant() && (entity instanceof TenantScoped)) {
|
if (tenantScope.isMultitenant() && (entity instanceof TenantScoped tenantScopedEntity)) {
|
||||||
// this.currentPrincipalResolver.currentPrincipal().isAuthenticated();
|
if (tenantScopedEntity.getTenantId() != null && !tenantScopedEntity.getTenantId().equals(tenantScope.getTenant())) return null;
|
||||||
// this.claimExtractor.subjectUUID(this.currentPrincipalResolver.currentPrincipal());
|
|
||||||
// boolean isAllowedNoTenant = authorizationService.authorize(Permission.AllowNoTenant);
|
|
||||||
|
|
||||||
boolean isAllowedNoTenant = ((TenantScoped) entity).allowNullTenant() || this.tenantScope.isDefaultTenant();
|
|
||||||
final UUID tenantId = !isAllowedNoTenant ? tenantScope.getTenant() : null;
|
|
||||||
if (!isAllowedNoTenant && !tenantId.equals(((TenantScoped) entity).getTenantId())) return null;
|
|
||||||
}
|
}
|
||||||
return entity;
|
return entity;
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,7 +33,7 @@ public class TenantListener {
|
||||||
logger.error("somebody tried to set not login tenant");
|
logger.error("somebody tried to set not login tenant");
|
||||||
throw new MyForbiddenException("tenant tampering");
|
throw new MyForbiddenException("tenant tampering");
|
||||||
}
|
}
|
||||||
if (!entity.allowNullTenant() && !tenantScope.isDefaultTenant()) {
|
if (!tenantScope.isDefaultTenant()) {
|
||||||
final UUID tenantId = tenantScope.getTenant();
|
final UUID tenantId = tenantScope.getTenant();
|
||||||
entity.setTenantId(tenantId);
|
entity.setTenantId(tenantId);
|
||||||
}
|
}
|
||||||
|
@ -46,7 +46,6 @@ public class TenantListener {
|
||||||
@PreRemove
|
@PreRemove
|
||||||
public void setTenantOnUpdate(TenantScoped entity) throws InvalidApplicationException {
|
public void setTenantOnUpdate(TenantScoped entity) throws InvalidApplicationException {
|
||||||
if (tenantScope.isMultitenant()) {
|
if (tenantScope.isMultitenant()) {
|
||||||
if (!entity.allowNullTenant()){
|
|
||||||
if (!tenantScope.isDefaultTenant()) {
|
if (!tenantScope.isDefaultTenant()) {
|
||||||
if (entity.getTenantId() == null) {
|
if (entity.getTenantId() == null) {
|
||||||
logger.error("somebody tried to set null tenant");
|
logger.error("somebody tried to set null tenant");
|
||||||
|
@ -72,12 +71,5 @@ public class TenantListener {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
} else {
|
|
||||||
if (entity.getTenantId() != null) {
|
|
||||||
logger.error("somebody tried to set non null tenant");
|
|
||||||
throw new MyForbiddenException("tenant tampering");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -74,7 +74,6 @@ public class LanguageServiceImpl implements LanguageService {
|
||||||
|
|
||||||
LanguageEntity data;
|
LanguageEntity data;
|
||||||
if (isUpdate) {
|
if (isUpdate) {
|
||||||
((org.hibernate.Session) entityManager).setHibernateFlushMode(FlushMode.MANUAL);
|
|
||||||
data = this.entityManager.find(LanguageEntity.class, model.getId());
|
data = this.entityManager.find(LanguageEntity.class, model.getId());
|
||||||
if (data == null)
|
if (data == null)
|
||||||
throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), Language.class.getSimpleName()}, LocaleContextHolder.getLocale()));
|
throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), Language.class.getSimpleName()}, LocaleContextHolder.getLocale()));
|
||||||
|
@ -90,11 +89,10 @@ public class LanguageServiceImpl implements LanguageService {
|
||||||
data.setPayload(model.getPayload() != null && !model.getPayload().isEmpty() ? model.getPayload() : null);
|
data.setPayload(model.getPayload() != null && !model.getPayload().isEmpty() ? model.getPayload() : null);
|
||||||
data.setOrdinal(model.getOrdinal());
|
data.setOrdinal(model.getOrdinal());
|
||||||
data.setUpdatedAt(Instant.now());
|
data.setUpdatedAt(Instant.now());
|
||||||
data.setIsActive(IsActive.Inactive);
|
if (isUpdate) this.entityManager.merge(data);
|
||||||
// if (isUpdate) this.entityManager.merge(data);
|
else this.entityManager.persist(data);
|
||||||
// else this.entityManager.persist(data);
|
|
||||||
//
|
this.entityManager.flush();
|
||||||
// this.entityManager.flush();
|
|
||||||
|
|
||||||
return this.builderFactory.builder(LanguageBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Language._id), data);
|
return this.builderFactory.builder(LanguageBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Language._id), data);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package eu.eudat.controllers;
|
package eu.eudat.controllers;
|
||||||
|
|
||||||
import eu.eudat.audit.AuditableAction;
|
import eu.eudat.audit.AuditableAction;
|
||||||
|
import eu.eudat.authorization.ClaimNames;
|
||||||
import eu.eudat.commons.scope.tenant.TenantScope;
|
import eu.eudat.commons.scope.tenant.TenantScope;
|
||||||
import eu.eudat.models.Account;
|
import eu.eudat.models.Account;
|
||||||
import eu.eudat.models.AccountBuilder;
|
import eu.eudat.models.AccountBuilder;
|
||||||
|
@ -83,7 +84,7 @@ public class PrincipalController {
|
||||||
logger.debug("my-tenants");
|
logger.debug("my-tenants");
|
||||||
|
|
||||||
MyPrincipal principal = this.currentPrincipalResolver.currentPrincipal();
|
MyPrincipal principal = this.currentPrincipalResolver.currentPrincipal();
|
||||||
List<String> tenants = this.claimExtractor.asStrings(principal, TenantScope.TenantCodesClaimName);
|
List<String> tenants = this.claimExtractor.asStrings(principal, ClaimNames.TenantCodesClaimName);
|
||||||
|
|
||||||
this.auditService.track(AuditableAction.Principal_MyTenants);
|
this.auditService.track(AuditableAction.Principal_MyTenants);
|
||||||
//auditService.trackIdentity(AuditableAction.IdentityTracking_Action);
|
//auditService.trackIdentity(AuditableAction.IdentityTracking_Action);
|
||||||
|
|
|
@ -1,15 +1,20 @@
|
||||||
package eu.eudat.interceptors.tenant;
|
package eu.eudat.interceptors.tenant;
|
||||||
|
|
||||||
|
|
||||||
|
import eu.eudat.authorization.AuthorizationProperties;
|
||||||
|
import eu.eudat.authorization.ClaimNames;
|
||||||
import eu.eudat.authorization.Permission;
|
import eu.eudat.authorization.Permission;
|
||||||
import eu.eudat.commons.enums.IsActive;
|
import eu.eudat.commons.enums.IsActive;
|
||||||
import eu.eudat.commons.lock.LockByKeyManager;
|
import eu.eudat.commons.lock.LockByKeyManager;
|
||||||
import eu.eudat.commons.scope.tenant.TenantScope;
|
import eu.eudat.commons.scope.tenant.TenantScope;
|
||||||
import eu.eudat.commons.scope.user.UserScope;
|
import eu.eudat.commons.scope.user.UserScope;
|
||||||
|
import eu.eudat.convention.ConventionService;
|
||||||
import eu.eudat.data.TenantUserEntity;
|
import eu.eudat.data.TenantUserEntity;
|
||||||
import eu.eudat.data.UserEntity;
|
import eu.eudat.data.UserEntity;
|
||||||
|
import eu.eudat.data.UserRoleEntity;
|
||||||
import eu.eudat.data.tenant.TenantScopedBaseEntity;
|
import eu.eudat.data.tenant.TenantScopedBaseEntity;
|
||||||
import eu.eudat.errorcode.ErrorThesaurusProperties;
|
import eu.eudat.errorcode.ErrorThesaurusProperties;
|
||||||
|
import eu.eudat.integrationevent.outbox.usertouched.UserTouchedIntegrationEventHandler;
|
||||||
import eu.eudat.query.utils.BuildSubQueryInput;
|
import eu.eudat.query.utils.BuildSubQueryInput;
|
||||||
import eu.eudat.query.utils.QueryUtilsService;
|
import eu.eudat.query.utils.QueryUtilsService;
|
||||||
import gr.cite.commons.web.authz.service.AuthorizationService;
|
import gr.cite.commons.web.authz.service.AuthorizationService;
|
||||||
|
@ -19,7 +24,6 @@ import gr.cite.tools.exception.MyForbiddenException;
|
||||||
import gr.cite.tools.logging.LoggerService;
|
import gr.cite.tools.logging.LoggerService;
|
||||||
import jakarta.persistence.EntityManager;
|
import jakarta.persistence.EntityManager;
|
||||||
import jakarta.persistence.PersistenceContext;
|
import jakarta.persistence.PersistenceContext;
|
||||||
import jakarta.persistence.Tuple;
|
|
||||||
import jakarta.persistence.criteria.CriteriaBuilder;
|
import jakarta.persistence.criteria.CriteriaBuilder;
|
||||||
import jakarta.persistence.criteria.CriteriaQuery;
|
import jakarta.persistence.criteria.CriteriaQuery;
|
||||||
import jakarta.persistence.criteria.Root;
|
import jakarta.persistence.criteria.Root;
|
||||||
|
@ -41,6 +45,7 @@ import org.springframework.web.context.request.WebRequestInterceptor;
|
||||||
|
|
||||||
import javax.management.InvalidApplicationException;
|
import javax.management.InvalidApplicationException;
|
||||||
import java.time.Instant;
|
import java.time.Instant;
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Locale;
|
import java.util.Locale;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
@ -61,6 +66,9 @@ public class TenantInterceptor implements WebRequestInterceptor {
|
||||||
private final ErrorThesaurusProperties errors;
|
private final ErrorThesaurusProperties errors;
|
||||||
private final QueryUtilsService queryUtilsService;
|
private final QueryUtilsService queryUtilsService;
|
||||||
private final LockByKeyManager lockByKeyManager;
|
private final LockByKeyManager lockByKeyManager;
|
||||||
|
private final ConventionService conventionService;
|
||||||
|
private final UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler;
|
||||||
|
private final AuthorizationProperties authorizationProperties;
|
||||||
@PersistenceContext
|
@PersistenceContext
|
||||||
public EntityManager entityManager;
|
public EntityManager entityManager;
|
||||||
|
|
||||||
|
@ -74,7 +82,7 @@ public class TenantInterceptor implements WebRequestInterceptor {
|
||||||
TenantScopeProperties tenantScopeProperties,
|
TenantScopeProperties tenantScopeProperties,
|
||||||
UserAllowedTenantCacheService userAllowedTenantCacheService,
|
UserAllowedTenantCacheService userAllowedTenantCacheService,
|
||||||
PlatformTransactionManager transactionManager,
|
PlatformTransactionManager transactionManager,
|
||||||
ErrorThesaurusProperties errors, QueryUtilsService queryUtilsService, LockByKeyManager lockByKeyManager) {
|
ErrorThesaurusProperties errors, QueryUtilsService queryUtilsService, LockByKeyManager lockByKeyManager, ConventionService conventionService, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler, AuthorizationProperties authorizationProperties) {
|
||||||
this.tenantScope = tenantScope;
|
this.tenantScope = tenantScope;
|
||||||
this.userScope = userScope;
|
this.userScope = userScope;
|
||||||
this.currentPrincipalResolver = currentPrincipalResolver;
|
this.currentPrincipalResolver = currentPrincipalResolver;
|
||||||
|
@ -86,6 +94,9 @@ public class TenantInterceptor implements WebRequestInterceptor {
|
||||||
this.errors = errors;
|
this.errors = errors;
|
||||||
this.queryUtilsService = queryUtilsService;
|
this.queryUtilsService = queryUtilsService;
|
||||||
this.lockByKeyManager = lockByKeyManager;
|
this.lockByKeyManager = lockByKeyManager;
|
||||||
|
this.conventionService = conventionService;
|
||||||
|
this.userTouchedIntegrationEventHandler = userTouchedIntegrationEventHandler;
|
||||||
|
this.authorizationProperties = authorizationProperties;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -95,7 +106,7 @@ public class TenantInterceptor implements WebRequestInterceptor {
|
||||||
|
|
||||||
boolean isAllowedNoTenant = this.applicationContext.getBean(AuthorizationService.class).authorize(Permission.AllowNoTenant);
|
boolean isAllowedNoTenant = this.applicationContext.getBean(AuthorizationService.class).authorize(Permission.AllowNoTenant);
|
||||||
if (tenantScope.isSet() && this.entityManager != null) {
|
if (tenantScope.isSet() && this.entityManager != null) {
|
||||||
List<String> currentPrincipalTenantCodes = this.claimExtractor.asStrings(this.currentPrincipalResolver.currentPrincipal(), TenantScope.TenantCodesClaimName);
|
List<String> currentPrincipalTenantCodes = this.claimExtractor.asStrings(this.currentPrincipalResolver.currentPrincipal(), ClaimNames.TenantCodesClaimName);
|
||||||
if ((currentPrincipalTenantCodes == null || !currentPrincipalTenantCodes.contains(tenantScope.getTenantCode())) && !isAllowedNoTenant) {
|
if ((currentPrincipalTenantCodes == null || !currentPrincipalTenantCodes.contains(tenantScope.getTenantCode())) && !isAllowedNoTenant) {
|
||||||
logger.warn("tenant not allowed {}", this.tenantScope.getTenant());
|
logger.warn("tenant not allowed {}", this.tenantScope.getTenant());
|
||||||
throw new MyForbiddenException(this.errors.getTenantNotAllowed().getCode(), this.errors.getTenantNotAllowed().getMessage());
|
throw new MyForbiddenException(this.errors.getTenantNotAllowed().getCode(), this.errors.getTenantNotAllowed().getMessage());
|
||||||
|
@ -133,6 +144,8 @@ public class TenantInterceptor implements WebRequestInterceptor {
|
||||||
throw new MyForbiddenException(this.errors.getTenantNotAllowed().getCode(), this.errors.getTenantNotAllowed().getMessage());
|
throw new MyForbiddenException(this.errors.getTenantNotAllowed().getCode(), this.errors.getTenantNotAllowed().getMessage());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
this.syncUserWithClaims();
|
||||||
} else {
|
} else {
|
||||||
if (!isAllowedNoTenant) {
|
if (!isAllowedNoTenant) {
|
||||||
if (!this.isWhiteListedEndpoint(request)) {
|
if (!this.isWhiteListedEndpoint(request)) {
|
||||||
|
@ -163,7 +176,7 @@ public class TenantInterceptor implements WebRequestInterceptor {
|
||||||
if (this.tenantScopeProperties.getAutoCreateTenantUser()) usedResource = this.lockByKeyManager.tryLock(lockId, 5000, TimeUnit.MILLISECONDS);
|
if (this.tenantScopeProperties.getAutoCreateTenantUser()) usedResource = this.lockByKeyManager.tryLock(lockId, 5000, TimeUnit.MILLISECONDS);
|
||||||
|
|
||||||
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
||||||
CriteriaQuery<Tuple> query = criteriaBuilder.createQuery(Tuple.class);
|
CriteriaQuery<UserEntity> query = criteriaBuilder.createQuery(UserEntity.class);
|
||||||
Root<UserEntity> root = query.from(UserEntity.class);
|
Root<UserEntity> root = query.from(UserEntity.class);
|
||||||
query.where(criteriaBuilder.and(
|
query.where(criteriaBuilder.and(
|
||||||
criteriaBuilder.equal(root.get(UserEntity._isActive), IsActive.Active),
|
criteriaBuilder.equal(root.get(UserEntity._isActive), IsActive.Active),
|
||||||
|
@ -188,7 +201,7 @@ public class TenantInterceptor implements WebRequestInterceptor {
|
||||||
)
|
)
|
||||||
));
|
));
|
||||||
query.multiselect(root.get(UserEntity._id).alias(UserEntity._id));
|
query.multiselect(root.get(UserEntity._id).alias(UserEntity._id));
|
||||||
List<Tuple> results = this.entityManager.createQuery(query).getResultList();
|
List<UserEntity> results = this.entityManager.createQuery(query).getResultList();
|
||||||
if (results.isEmpty() && this.tenantScopeProperties.getAutoCreateTenantUser()) {
|
if (results.isEmpty() && this.tenantScopeProperties.getAutoCreateTenantUser()) {
|
||||||
return this.createTenantUser();
|
return this.createTenantUser();
|
||||||
} else {
|
} else {
|
||||||
|
@ -212,7 +225,6 @@ public class TenantInterceptor implements WebRequestInterceptor {
|
||||||
user.setUserId(userScope.getUserId());
|
user.setUserId(userScope.getUserId());
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
DefaultTransactionDefinition definition = new DefaultTransactionDefinition();
|
DefaultTransactionDefinition definition = new DefaultTransactionDefinition();
|
||||||
definition.setName(UUID.randomUUID().toString());
|
definition.setName(UUID.randomUUID().toString());
|
||||||
definition.setIsolationLevel(TransactionDefinition.ISOLATION_READ_COMMITTED);
|
definition.setIsolationLevel(TransactionDefinition.ISOLATION_READ_COMMITTED);
|
||||||
|
@ -227,9 +239,122 @@ public class TenantInterceptor implements WebRequestInterceptor {
|
||||||
if (status != null) transactionManager.rollback(status);
|
if (status != null) transactionManager.rollback(status);
|
||||||
throw ex;
|
throw ex;
|
||||||
}
|
}
|
||||||
|
this.userTouchedIntegrationEventHandler.handle(this.userScope.getUserId());
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void syncUserWithClaims() throws InvalidApplicationException, InterruptedException {
|
||||||
|
boolean usedResource = false;
|
||||||
|
String lockId = userScope.getUserId().toString().toLowerCase(Locale.ROOT);
|
||||||
|
boolean hasChanges = false;
|
||||||
|
try {
|
||||||
|
usedResource = this.lockByKeyManager.tryLock(lockId, 5000, TimeUnit.MILLISECONDS);
|
||||||
|
|
||||||
|
DefaultTransactionDefinition definition = new DefaultTransactionDefinition();
|
||||||
|
definition.setName(UUID.randomUUID().toString());
|
||||||
|
definition.setIsolationLevel(TransactionDefinition.ISOLATION_READ_COMMITTED);
|
||||||
|
definition.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRED);
|
||||||
|
TransactionStatus status = null;
|
||||||
|
try {
|
||||||
|
status = transactionManager.getTransaction(definition);
|
||||||
|
|
||||||
|
List<String> existingUserRoles = this.collectUserRoles();
|
||||||
|
if (!this.userRolesSynced(existingUserRoles)) {
|
||||||
|
this.syncRoles();
|
||||||
|
hasChanges = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.entityManager.flush();
|
||||||
|
transactionManager.commit(status);
|
||||||
|
} catch (Exception ex) {
|
||||||
|
if (status != null) transactionManager.rollback(status);
|
||||||
|
throw ex;
|
||||||
|
}
|
||||||
|
} finally {
|
||||||
|
if (usedResource) this.lockByKeyManager.unlock(lockId);
|
||||||
|
}
|
||||||
|
if (hasChanges){
|
||||||
|
this.userTouchedIntegrationEventHandler.handle(this.userScope.getUserId());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private List<String> getRolesFromClaims() {
|
||||||
|
List<String> claimsRoles = this.claimExtractor.asStrings(currentPrincipalResolver.currentPrincipal(), ClaimNames.TenantRolesClaimName);
|
||||||
|
if (claimsRoles == null) claimsRoles = new ArrayList<>();
|
||||||
|
claimsRoles = claimsRoles.stream().filter(x -> x != null && !x.isBlank() && (this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedTenantRoles()) || this.authorizationProperties.getAllowedTenantRoles().contains(x))).distinct().toList();
|
||||||
|
return claimsRoles;
|
||||||
|
}
|
||||||
|
|
||||||
|
private List<String> collectUserRoles() throws InvalidApplicationException {
|
||||||
|
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
||||||
|
CriteriaQuery<UserRoleEntity> query = criteriaBuilder.createQuery(UserRoleEntity.class);
|
||||||
|
Root<UserRoleEntity> root = query.from(UserRoleEntity.class);
|
||||||
|
|
||||||
|
CriteriaBuilder.In<String> inRolesClause = criteriaBuilder.in(root.get(UserRoleEntity._role));
|
||||||
|
for (String item : this.authorizationProperties.getAllowedTenantRoles()) inRolesClause.value(item);
|
||||||
|
|
||||||
|
query.where(criteriaBuilder.and(
|
||||||
|
criteriaBuilder.equal(root.get(UserRoleEntity._userId), userScope.getUserId()),
|
||||||
|
this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedTenantRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause,
|
||||||
|
this.tenantScope.isDefaultTenant() ? criteriaBuilder.isNull(root.get(UserRoleEntity._tenantId)) : criteriaBuilder.equal(root.get(UserRoleEntity._tenantId), this.tenantScope.getTenant())
|
||||||
|
)).multiselect(root.get(UserRoleEntity._role).alias(UserRoleEntity._role));
|
||||||
|
List<UserRoleEntity> results = this.entityManager.createQuery(query).getResultList();
|
||||||
|
|
||||||
|
return results.stream().map(UserRoleEntity::getRole).toList();
|
||||||
|
}
|
||||||
|
|
||||||
|
private boolean userRolesSynced(List<String> existingUserRoles) {
|
||||||
|
List<String> claimsRoles = this.getRolesFromClaims();
|
||||||
|
if (existingUserRoles == null) existingUserRoles = new ArrayList<>();
|
||||||
|
existingUserRoles = existingUserRoles.stream().filter(x -> x != null && !x.isBlank()).distinct().toList();
|
||||||
|
if (claimsRoles.size() != existingUserRoles.size()) return false;
|
||||||
|
|
||||||
|
for (String claim : claimsRoles) {
|
||||||
|
if (existingUserRoles.stream().noneMatch(claim::equalsIgnoreCase)) return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
private void syncRoles() throws InvalidApplicationException {
|
||||||
|
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
||||||
|
CriteriaQuery<UserRoleEntity> query = criteriaBuilder.createQuery(UserRoleEntity.class);
|
||||||
|
Root<UserRoleEntity> root = query.from(UserRoleEntity.class);
|
||||||
|
|
||||||
|
CriteriaBuilder.In<String> inRolesClause = criteriaBuilder.in(root.get(UserRoleEntity._role));
|
||||||
|
for (String item : this.authorizationProperties.getAllowedTenantRoles()) inRolesClause.value(item);
|
||||||
|
query.where(criteriaBuilder.and(
|
||||||
|
criteriaBuilder.equal(root.get(UserRoleEntity._userId), userScope.getUserId()),
|
||||||
|
this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedTenantRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause,
|
||||||
|
this.tenantScope.isDefaultTenant() ? criteriaBuilder.isNull(root.get(UserRoleEntity._tenantId)) : criteriaBuilder.equal(root.get(UserRoleEntity._tenantId), this.tenantScope.getTenant())
|
||||||
|
));
|
||||||
|
List<UserRoleEntity> existingUserRoles = this.entityManager.createQuery(query).getResultList();
|
||||||
|
|
||||||
|
List<UUID> foundRoles = new ArrayList<>();
|
||||||
|
for (String claimRole : this.getRolesFromClaims()) {
|
||||||
|
UserRoleEntity roleEntity = existingUserRoles.stream().filter(x -> x.getRole().equals(claimRole)).findFirst().orElse(null);
|
||||||
|
if (roleEntity == null) {
|
||||||
|
roleEntity = this.buildRole(claimRole);
|
||||||
|
this.entityManager.persist(roleEntity);
|
||||||
|
}
|
||||||
|
foundRoles.add(roleEntity.getId());
|
||||||
|
}
|
||||||
|
for (UserRoleEntity existing : existingUserRoles) {
|
||||||
|
if (!foundRoles.contains(existing.getId())) {
|
||||||
|
this.entityManager.remove(existing);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private UserRoleEntity buildRole(String role) throws InvalidApplicationException {
|
||||||
|
UserRoleEntity data = new UserRoleEntity();
|
||||||
|
data.setId(UUID.randomUUID());
|
||||||
|
data.setUserId( userScope.getUserId());
|
||||||
|
data.setRole(role);
|
||||||
|
if (this.tenantScope.isDefaultTenant()) data.setTenantId(this.tenantScope.getTenant());
|
||||||
|
data.setCreatedAt(Instant.now());
|
||||||
|
return data;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void postHandle(@NonNull WebRequest request, ModelMap model) {
|
public void postHandle(@NonNull WebRequest request, ModelMap model) {
|
||||||
this.tenantScope.setTenant(null, null);
|
this.tenantScope.setTenant(null, null);
|
||||||
|
|
|
@ -1,10 +1,12 @@
|
||||||
package eu.eudat.interceptors.tenant;
|
package eu.eudat.interceptors.tenant;
|
||||||
|
|
||||||
|
|
||||||
|
import eu.eudat.authorization.ClaimNames;
|
||||||
import eu.eudat.commons.enums.IsActive;
|
import eu.eudat.commons.enums.IsActive;
|
||||||
import eu.eudat.commons.scope.tenant.TenantScope;
|
import eu.eudat.commons.scope.tenant.TenantScope;
|
||||||
import eu.eudat.convention.ConventionService;
|
import eu.eudat.convention.ConventionService;
|
||||||
import eu.eudat.data.TenantEntity;
|
import eu.eudat.data.TenantEntity;
|
||||||
|
import eu.eudat.data.UserEntity;
|
||||||
import eu.eudat.errorcode.ErrorThesaurusProperties;
|
import eu.eudat.errorcode.ErrorThesaurusProperties;
|
||||||
import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver;
|
import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver;
|
||||||
import gr.cite.commons.web.oidc.principal.MyPrincipal;
|
import gr.cite.commons.web.oidc.principal.MyPrincipal;
|
||||||
|
@ -68,7 +70,7 @@ public class TenantScopeClaimInterceptor implements WebRequestInterceptor {
|
||||||
this.claimExtractorContext = claimExtractorContext;
|
this.claimExtractorContext = claimExtractorContext;
|
||||||
this.tenantByCodeCacheService = tenantByCodeCacheService;
|
this.tenantByCodeCacheService = tenantByCodeCacheService;
|
||||||
this.tenantByIdCacheService = tenantByIdCacheService;
|
this.tenantByIdCacheService = tenantByIdCacheService;
|
||||||
this.clientTenantClaimName = this.tenantScopeProperties.getClientClaimsPrefix() + TenantScope.TenantClaimName;
|
this.clientTenantClaimName = this.tenantScopeProperties.getClientClaimsPrefix() + ClaimNames.TenantClaimName;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -140,7 +142,7 @@ public class TenantScopeClaimInterceptor implements WebRequestInterceptor {
|
||||||
|
|
||||||
private UUID getTenantIdFromDatabase(String tenantCode) {
|
private UUID getTenantIdFromDatabase(String tenantCode) {
|
||||||
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
||||||
CriteriaQuery<Tuple> query = criteriaBuilder.createQuery(Tuple.class);
|
CriteriaQuery<UserEntity> query = criteriaBuilder.createQuery(UserEntity.class);
|
||||||
Root<TenantEntity> root = query.from(TenantEntity.class);
|
Root<TenantEntity> root = query.from(TenantEntity.class);
|
||||||
query = query.where(
|
query = query.where(
|
||||||
criteriaBuilder.and(
|
criteriaBuilder.and(
|
||||||
|
@ -148,27 +150,16 @@ public class TenantScopeClaimInterceptor implements WebRequestInterceptor {
|
||||||
criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active)
|
criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active)
|
||||||
)
|
)
|
||||||
).multiselect(root.get(TenantEntity._id).alias(TenantEntity._id));
|
).multiselect(root.get(TenantEntity._id).alias(TenantEntity._id));
|
||||||
List<Tuple> results = this.entityManager.createQuery(query).getResultList();
|
List<UserEntity> results = this.entityManager.createQuery(query).getResultList();
|
||||||
if (results.size() == 1) {
|
if (results.size() == 1) {
|
||||||
Object o;
|
return results.getFirst().getId();
|
||||||
try {
|
|
||||||
o = results.getFirst().get(TenantEntity._id);
|
|
||||||
} catch (IllegalArgumentException e) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
if (o == null) return null;
|
|
||||||
try {
|
|
||||||
return (UUID) o;
|
|
||||||
} catch (ClassCastException e) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
private String getTenantCodeFromDatabase(UUID tenantId) {
|
private String getTenantCodeFromDatabase(UUID tenantId) {
|
||||||
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
||||||
CriteriaQuery<Tuple> query = criteriaBuilder.createQuery(Tuple.class);
|
CriteriaQuery<TenantEntity> query = criteriaBuilder.createQuery(TenantEntity.class);
|
||||||
Root<TenantEntity> root = query.from(TenantEntity.class);
|
Root<TenantEntity> root = query.from(TenantEntity.class);
|
||||||
query = query.where(
|
query = query.where(
|
||||||
criteriaBuilder.and(
|
criteriaBuilder.and(
|
||||||
|
@ -176,20 +167,9 @@ public class TenantScopeClaimInterceptor implements WebRequestInterceptor {
|
||||||
criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active)
|
criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active)
|
||||||
)
|
)
|
||||||
).multiselect(root.get(TenantEntity._code).alias(TenantEntity._code));
|
).multiselect(root.get(TenantEntity._code).alias(TenantEntity._code));
|
||||||
List<Tuple> results = this.entityManager.createQuery(query).getResultList();
|
List<TenantEntity> results = this.entityManager.createQuery(query).getResultList();
|
||||||
if (results.size() == 1) {
|
if (results.size() == 1) {
|
||||||
Object o;
|
return results.getFirst().getCode();
|
||||||
try {
|
|
||||||
o = results.getFirst().get(TenantEntity._code);
|
|
||||||
} catch (IllegalArgumentException e) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
if (o == null) return null;
|
|
||||||
try {
|
|
||||||
return (String) o;
|
|
||||||
} catch (ClassCastException e) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package eu.eudat.interceptors.tenant;
|
package eu.eudat.interceptors.tenant;
|
||||||
|
|
||||||
|
|
||||||
|
import eu.eudat.authorization.ClaimNames;
|
||||||
import eu.eudat.commons.enums.IsActive;
|
import eu.eudat.commons.enums.IsActive;
|
||||||
import eu.eudat.commons.scope.tenant.TenantScope;
|
import eu.eudat.commons.scope.tenant.TenantScope;
|
||||||
import eu.eudat.convention.ConventionService;
|
import eu.eudat.convention.ConventionService;
|
||||||
|
@ -60,7 +61,7 @@ public class TenantScopeHeaderInterceptor implements WebRequestInterceptor {
|
||||||
if (!this.currentPrincipalResolver.currentPrincipal().isAuthenticated()) return;
|
if (!this.currentPrincipalResolver.currentPrincipal().isAuthenticated()) return;
|
||||||
if (!this.tenantScope.isMultitenant()) return;
|
if (!this.tenantScope.isMultitenant()) return;
|
||||||
|
|
||||||
String tenantCode = request.getHeader(TenantScope.TenantClaimName);
|
String tenantCode = request.getHeader(ClaimNames.TenantClaimName);
|
||||||
logger.debug("retrieved request tenant header is: {}", tenantCode);
|
logger.debug("retrieved request tenant header is: {}", tenantCode);
|
||||||
if (tenantCode == null || this.conventionService.isNullOrEmpty(tenantCode)) return;
|
if (tenantCode == null || this.conventionService.isNullOrEmpty(tenantCode)) return;
|
||||||
|
|
||||||
|
@ -101,7 +102,7 @@ public class TenantScopeHeaderInterceptor implements WebRequestInterceptor {
|
||||||
|
|
||||||
private UUID getTenantIdFromDatabase(String tenantCode) {
|
private UUID getTenantIdFromDatabase(String tenantCode) {
|
||||||
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
||||||
CriteriaQuery<Tuple> query = criteriaBuilder.createQuery(Tuple.class);
|
CriteriaQuery<TenantEntity> query = criteriaBuilder.createQuery(TenantEntity.class);
|
||||||
Root<TenantEntity> root = query.from(TenantEntity.class);
|
Root<TenantEntity> root = query.from(TenantEntity.class);
|
||||||
query = query.where(
|
query = query.where(
|
||||||
criteriaBuilder.and(
|
criteriaBuilder.and(
|
||||||
|
@ -109,27 +110,16 @@ public class TenantScopeHeaderInterceptor implements WebRequestInterceptor {
|
||||||
criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active)
|
criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active)
|
||||||
)
|
)
|
||||||
).multiselect(root.get(TenantEntity._id).alias(TenantEntity._id));
|
).multiselect(root.get(TenantEntity._id).alias(TenantEntity._id));
|
||||||
List<Tuple> results = this.entityManager.createQuery(query).getResultList();
|
List<TenantEntity> results = this.entityManager.createQuery(query).getResultList();
|
||||||
if (results.size() == 1) {
|
if (results.size() == 1) {
|
||||||
Object o;
|
return results.getFirst().getId();
|
||||||
try {
|
|
||||||
o = results.getFirst().get(TenantEntity._id);
|
|
||||||
} catch (IllegalArgumentException e) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
if (o == null) return null;
|
|
||||||
try {
|
|
||||||
return (UUID) o;
|
|
||||||
} catch (ClassCastException e) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
private String getTenantCodeFromDatabase(UUID tenantId) {
|
private String getTenantCodeFromDatabase(UUID tenantId) {
|
||||||
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
||||||
CriteriaQuery<Tuple> query = criteriaBuilder.createQuery(Tuple.class);
|
CriteriaQuery<TenantEntity> query = criteriaBuilder.createQuery(TenantEntity.class);
|
||||||
Root<TenantEntity> root = query.from(TenantEntity.class);
|
Root<TenantEntity> root = query.from(TenantEntity.class);
|
||||||
query = query.where(
|
query = query.where(
|
||||||
criteriaBuilder.and(
|
criteriaBuilder.and(
|
||||||
|
@ -137,20 +127,9 @@ public class TenantScopeHeaderInterceptor implements WebRequestInterceptor {
|
||||||
criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active)
|
criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active)
|
||||||
)
|
)
|
||||||
).multiselect(root.get(TenantEntity._code).alias(TenantEntity._code));
|
).multiselect(root.get(TenantEntity._code).alias(TenantEntity._code));
|
||||||
List<Tuple> results = this.entityManager.createQuery(query).getResultList();
|
List<TenantEntity> results = this.entityManager.createQuery(query).getResultList();
|
||||||
if (results.size() == 1) {
|
if (results.size() == 1) {
|
||||||
Object o;
|
return results.getFirst().getCode();
|
||||||
try {
|
|
||||||
o = results.getFirst().get(TenantEntity._code);
|
|
||||||
} catch (IllegalArgumentException e) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
if (o == null) return null;
|
|
||||||
try {
|
|
||||||
return (String) o;
|
|
||||||
} catch (ClassCastException e) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package eu.eudat.interceptors.user;
|
package eu.eudat.interceptors.user;
|
||||||
|
|
||||||
|
|
||||||
|
import eu.eudat.authorization.AuthorizationProperties;
|
||||||
import eu.eudat.authorization.ClaimNames;
|
import eu.eudat.authorization.ClaimNames;
|
||||||
import eu.eudat.commons.JsonHandlingService;
|
import eu.eudat.commons.JsonHandlingService;
|
||||||
import eu.eudat.commons.enums.ContactInfoType;
|
import eu.eudat.commons.enums.ContactInfoType;
|
||||||
|
@ -10,17 +11,13 @@ import eu.eudat.commons.scope.user.UserScope;
|
||||||
import eu.eudat.commons.types.user.AdditionalInfoEntity;
|
import eu.eudat.commons.types.user.AdditionalInfoEntity;
|
||||||
import eu.eudat.commons.types.usercredential.UserCredentialDataEntity;
|
import eu.eudat.commons.types.usercredential.UserCredentialDataEntity;
|
||||||
import eu.eudat.commons.locale.LocaleProperties;
|
import eu.eudat.commons.locale.LocaleProperties;
|
||||||
import eu.eudat.data.UserContactInfoEntity;
|
import eu.eudat.convention.ConventionService;
|
||||||
import eu.eudat.data.UserCredentialEntity;
|
import eu.eudat.data.*;
|
||||||
import eu.eudat.data.UserEntity;
|
|
||||||
import eu.eudat.data.UserRoleEntity;
|
|
||||||
import eu.eudat.integrationevent.outbox.usertouched.UserTouchedIntegrationEventHandler;
|
import eu.eudat.integrationevent.outbox.usertouched.UserTouchedIntegrationEventHandler;
|
||||||
import eu.eudat.model.UserContactInfo;
|
import eu.eudat.model.UserContactInfo;
|
||||||
import eu.eudat.model.UserCredential;
|
import eu.eudat.model.UserCredential;
|
||||||
import eu.eudat.model.UserRole;
|
|
||||||
import eu.eudat.query.UserContactInfoQuery;
|
import eu.eudat.query.UserContactInfoQuery;
|
||||||
import eu.eudat.query.UserCredentialQuery;
|
import eu.eudat.query.UserCredentialQuery;
|
||||||
import eu.eudat.query.UserRoleQuery;
|
|
||||||
import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver;
|
import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver;
|
||||||
import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractor;
|
import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractor;
|
||||||
import gr.cite.tools.data.query.QueryFactory;
|
import gr.cite.tools.data.query.QueryFactory;
|
||||||
|
@ -29,6 +26,10 @@ import gr.cite.tools.fieldset.BaseFieldSet;
|
||||||
import gr.cite.tools.logging.LoggerService;
|
import gr.cite.tools.logging.LoggerService;
|
||||||
import jakarta.persistence.EntityManager;
|
import jakarta.persistence.EntityManager;
|
||||||
import jakarta.persistence.PersistenceContext;
|
import jakarta.persistence.PersistenceContext;
|
||||||
|
import jakarta.persistence.Tuple;
|
||||||
|
import jakarta.persistence.criteria.CriteriaBuilder;
|
||||||
|
import jakarta.persistence.criteria.CriteriaQuery;
|
||||||
|
import jakarta.persistence.criteria.Root;
|
||||||
import org.apache.commons.validator.routines.EmailValidator;
|
import org.apache.commons.validator.routines.EmailValidator;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
@ -61,6 +62,8 @@ public class UserInterceptor implements WebRequestInterceptor {
|
||||||
private final LockByKeyManager lockByKeyManager;
|
private final LockByKeyManager lockByKeyManager;
|
||||||
private final LocaleProperties localeProperties;
|
private final LocaleProperties localeProperties;
|
||||||
private final UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler;
|
private final UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler;
|
||||||
|
private final AuthorizationProperties authorizationProperties;
|
||||||
|
private final ConventionService conventionService;
|
||||||
@PersistenceContext
|
@PersistenceContext
|
||||||
public EntityManager entityManager;
|
public EntityManager entityManager;
|
||||||
|
|
||||||
|
@ -74,7 +77,7 @@ public class UserInterceptor implements WebRequestInterceptor {
|
||||||
JsonHandlingService jsonHandlingService,
|
JsonHandlingService jsonHandlingService,
|
||||||
QueryFactory queryFactory,
|
QueryFactory queryFactory,
|
||||||
LockByKeyManager lockByKeyManager,
|
LockByKeyManager lockByKeyManager,
|
||||||
LocaleProperties localeProperties, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler) {
|
LocaleProperties localeProperties, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler, AuthorizationProperties authorizationProperties, ConventionService conventionService) {
|
||||||
this.userScope = userScope;
|
this.userScope = userScope;
|
||||||
this.currentPrincipalResolver = currentPrincipalResolver;
|
this.currentPrincipalResolver = currentPrincipalResolver;
|
||||||
this.claimExtractor = claimExtractor;
|
this.claimExtractor = claimExtractor;
|
||||||
|
@ -85,6 +88,8 @@ public class UserInterceptor implements WebRequestInterceptor {
|
||||||
this.lockByKeyManager = lockByKeyManager;
|
this.lockByKeyManager = lockByKeyManager;
|
||||||
this.localeProperties = localeProperties;
|
this.localeProperties = localeProperties;
|
||||||
this.userTouchedIntegrationEventHandler = userTouchedIntegrationEventHandler;
|
this.userTouchedIntegrationEventHandler = userTouchedIntegrationEventHandler;
|
||||||
|
this.authorizationProperties = authorizationProperties;
|
||||||
|
this.conventionService = conventionService;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -230,14 +235,27 @@ public class UserInterceptor implements WebRequestInterceptor {
|
||||||
}
|
}
|
||||||
|
|
||||||
private List<String> getRolesFromClaims() {
|
private List<String> getRolesFromClaims() {
|
||||||
List<String> claimsRoles = claimExtractor.roles(currentPrincipalResolver.currentPrincipal());
|
List<String> claimsRoles = this.claimExtractor.asStrings(currentPrincipalResolver.currentPrincipal(), ClaimNames.GlobalRolesClaimName);
|
||||||
if (claimsRoles == null) claimsRoles = new ArrayList<>();
|
if (claimsRoles == null) claimsRoles = new ArrayList<>();
|
||||||
|
claimsRoles = claimsRoles.stream().filter(x -> x != null && !x.isBlank() && (this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedGlobalRoles()) || this.authorizationProperties.getAllowedGlobalRoles().contains(x))).distinct().toList();
|
||||||
claimsRoles = claimsRoles.stream().filter(x -> x != null && !x.isBlank()).distinct().toList();
|
claimsRoles = claimsRoles.stream().filter(x -> x != null && !x.isBlank()).distinct().toList();
|
||||||
return claimsRoles;
|
return claimsRoles;
|
||||||
}
|
}
|
||||||
|
|
||||||
private void syncRoles(UUID userId) {
|
private void syncRoles(UUID userId) {
|
||||||
List<UserRoleEntity> existingUserRoles = this.queryFactory.query(UserRoleQuery.class).userIds(userId).collect();
|
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
||||||
|
CriteriaQuery<UserRoleEntity> query = criteriaBuilder.createQuery(UserRoleEntity.class);
|
||||||
|
Root<UserRoleEntity> root = query.from(UserRoleEntity.class);
|
||||||
|
|
||||||
|
CriteriaBuilder.In<String> inRolesClause = criteriaBuilder.in(root.get(UserRoleEntity._role));
|
||||||
|
for (String item : this.authorizationProperties.getAllowedGlobalRoles()) inRolesClause.value(item);
|
||||||
|
query.where(criteriaBuilder.and(
|
||||||
|
criteriaBuilder.equal(root.get(UserRoleEntity._userId), userId),
|
||||||
|
this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedGlobalRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause,
|
||||||
|
criteriaBuilder.isNull(root.get(UserRoleEntity._tenantId))
|
||||||
|
));
|
||||||
|
List<UserRoleEntity> existingUserRoles = this.entityManager.createQuery(query).getResultList();
|
||||||
|
|
||||||
List<UUID> foundRoles = new ArrayList<>();
|
List<UUID> foundRoles = new ArrayList<>();
|
||||||
for (String claimRole : this.getRolesFromClaims()) {
|
for (String claimRole : this.getRolesFromClaims()) {
|
||||||
UserRoleEntity roleEntity = existingUserRoles.stream().filter(x -> x.getRole().equals(claimRole)).findFirst().orElse(null);
|
UserRoleEntity roleEntity = existingUserRoles.stream().filter(x -> x.getRole().equals(claimRole)).findFirst().orElse(null);
|
||||||
|
@ -255,8 +273,21 @@ public class UserInterceptor implements WebRequestInterceptor {
|
||||||
}
|
}
|
||||||
|
|
||||||
private List<String> collectUserRoles(UUID userId) {
|
private List<String> collectUserRoles(UUID userId) {
|
||||||
List<UserRoleEntity> items = this.queryFactory.query(UserRoleQuery.class).userIds(userId).collectAs(new BaseFieldSet().ensure(UserRole._role));
|
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
|
||||||
return items == null ? new ArrayList<>() : items.stream().map(UserRoleEntity::getRole).toList();
|
CriteriaQuery<UserRoleEntity> query = criteriaBuilder.createQuery(UserRoleEntity.class);
|
||||||
|
Root<UserRoleEntity> root = query.from(UserRoleEntity.class);
|
||||||
|
|
||||||
|
CriteriaBuilder.In<String> inRolesClause = criteriaBuilder.in(root.get(UserRoleEntity._role));
|
||||||
|
for (String item : this.authorizationProperties.getAllowedGlobalRoles()) inRolesClause.value(item);
|
||||||
|
|
||||||
|
query.where(criteriaBuilder.and(
|
||||||
|
criteriaBuilder.equal(root.get(UserRoleEntity._userId), userId),
|
||||||
|
this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedGlobalRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause,
|
||||||
|
criteriaBuilder.isNull(root.get(UserRoleEntity._tenantId))
|
||||||
|
)).multiselect(root.get(UserRoleEntity._role).alias(UserRoleEntity._role));
|
||||||
|
List<UserRoleEntity> results = this.entityManager.createQuery(query).getResultList();
|
||||||
|
|
||||||
|
return results.stream().map(UserRoleEntity::getRole).toList();
|
||||||
}
|
}
|
||||||
|
|
||||||
private List<String> collectUserEmails(UUID userId) {
|
private List<String> collectUserEmails(UUID userId) {
|
||||||
|
|
|
@ -31,6 +31,7 @@ spring:
|
||||||
optional:classpath:config/public-api.yml[.yml], optional:classpath:config/public-api-${spring.profiles.active}.yml[.yml], optional:file:../config/public-api-${spring.profiles.active}.yml[.yml],
|
optional:classpath:config/public-api.yml[.yml], optional:classpath:config/public-api-${spring.profiles.active}.yml[.yml], optional:file:../config/public-api-${spring.profiles.active}.yml[.yml],
|
||||||
optional:classpath:config/dashboard.yml[.yml], optional:classpath:config/dashboard-${spring.profiles.active}.yml[.yml], optional:file:../config/dashboard-${spring.profiles.active}.yml[.yml],
|
optional:classpath:config/dashboard.yml[.yml], optional:classpath:config/dashboard-${spring.profiles.active}.yml[.yml], optional:file:../config/dashboard-${spring.profiles.active}.yml[.yml],
|
||||||
optional:classpath:config/transformer.yml[.yml], optional:classpath:config/transformer-${spring.profiles.active}.yml[.yml], optional:file:../config/transformer-${spring.profiles.active}.yml[.yml],
|
optional:classpath:config/transformer.yml[.yml], optional:classpath:config/transformer-${spring.profiles.active}.yml[.yml], optional:file:../config/transformer-${spring.profiles.active}.yml[.yml],
|
||||||
|
optional:classpath:config/authorization.yml[.yml], optional:classpath:config/authorization-${spring.profiles.active}.yml[.yml], optional:file:../config/authorization-${spring.profiles.active}.yml[.yml],
|
||||||
optional:classpath:config/lock.yml[.yml], optional:classpath:config/lock-${spring.profiles.active}.yml[.yml], optional:file:../config/lock-${spring.profiles.active}.yml[.yml]
|
optional:classpath:config/lock.yml[.yml], optional:classpath:config/lock-${spring.profiles.active}.yml[.yml], optional:file:../config/lock-${spring.profiles.active}.yml[.yml]
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
authorization:
|
||||||
|
allowedTenantRoles:
|
||||||
|
- TenantAdmin
|
||||||
|
- TenantUser
|
||||||
|
- TenantManager
|
||||||
|
- TenantDescriptionTemplateEditor
|
||||||
|
allowedGlobalRoles:
|
||||||
|
- Admin
|
||||||
|
- User
|
|
@ -24,6 +24,14 @@ idpclient:
|
||||||
filterBy: "(.*):::TenantCode::"
|
filterBy: "(.*):::TenantCode::"
|
||||||
extractByExpression: "(.*):(.*)"
|
extractByExpression: "(.*):(.*)"
|
||||||
extractExpressionValue: "[[g1]]"
|
extractExpressionValue: "[[g1]]"
|
||||||
|
GlobalRoles:
|
||||||
|
- type: resource_access
|
||||||
|
path: dmp_web.roles
|
||||||
|
TenantRoles:
|
||||||
|
- type: tenant_roles
|
||||||
|
filterBy: "(.*):::TenantCode::"
|
||||||
|
extractByExpression: "(.*):(.*)"
|
||||||
|
extractExpressionValue: "[[g1]]"
|
||||||
Scope:
|
Scope:
|
||||||
- type: scope
|
- type: scope
|
||||||
AccessToken:
|
AccessToken:
|
||||||
|
|
|
@ -15,13 +15,13 @@ permissions:
|
||||||
allowAuthenticated: true
|
allowAuthenticated: true
|
||||||
|
|
||||||
######
|
######
|
||||||
# public
|
# Affiliation
|
||||||
DeferredAffiliation:
|
DeferredAffiliation:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- User
|
- TenantUser
|
||||||
- Manager
|
- TenantManager
|
||||||
- DescriptionTemplateEditor
|
- TenantDescriptionTemplateEditor
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
|
@ -76,6 +76,11 @@ permissions:
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: true
|
allowAnonymous: true
|
||||||
allowAuthenticated: true
|
allowAuthenticated: true
|
||||||
|
BrowsePublicStatistics:
|
||||||
|
roles: [ ]
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: true
|
||||||
|
allowAuthenticated: true
|
||||||
# Elastic
|
# Elastic
|
||||||
ManageElastic:
|
ManageElastic:
|
||||||
roles:
|
roles:
|
||||||
|
@ -87,13 +92,13 @@ permissions:
|
||||||
# Deposit
|
# Deposit
|
||||||
BrowseDeposit:
|
BrowseDeposit:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditDeposit:
|
EditDeposit:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
|
@ -106,13 +111,13 @@ permissions:
|
||||||
allowAuthenticated: true
|
allowAuthenticated: true
|
||||||
EditLanguage:
|
EditLanguage:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteLanguage:
|
DeleteLanguage:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -123,15 +128,10 @@ permissions:
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: true
|
allowAuthenticated: true
|
||||||
BrowsePublicStatistics:
|
|
||||||
roles: [ ]
|
|
||||||
clients: [ ]
|
|
||||||
allowAnonymous: true
|
|
||||||
allowAuthenticated: true
|
|
||||||
# Description
|
# Description
|
||||||
BrowseDescription:
|
BrowseDescription:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -143,7 +143,7 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditDescription:
|
EditDescription:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -153,7 +153,7 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
FinalizeDescription:
|
FinalizeDescription:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -163,7 +163,7 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteDescription:
|
DeleteDescription:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -174,7 +174,7 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
CloneDescription:
|
CloneDescription:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -186,19 +186,19 @@ permissions:
|
||||||
# Tag
|
# Tag
|
||||||
BrowseTag:
|
BrowseTag:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditTag:
|
EditTag:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteTag:
|
DeleteTag:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -206,33 +206,33 @@ permissions:
|
||||||
# User
|
# User
|
||||||
BrowseUser:
|
BrowseUser:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditUser:
|
EditUser:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteUser:
|
DeleteUser:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
ExportUsers:
|
ExportUsers:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
BrowseDmpAssociatedUser:
|
BrowseDmpAssociatedUser:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -246,22 +246,22 @@ permissions:
|
||||||
# DescriptionTemplateType
|
# DescriptionTemplateType
|
||||||
BrowseDescriptionTemplateType:
|
BrowseDescriptionTemplateType:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- User
|
- TenantUser
|
||||||
- Manager
|
- TenantManager
|
||||||
- DescriptionTemplateEditor
|
- TenantDescriptionTemplateEditor
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditDescriptionTemplateType:
|
EditDescriptionTemplateType:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteDescriptionTemplateType:
|
DeleteDescriptionTemplateType:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -275,14 +275,14 @@ permissions:
|
||||||
allowAuthenticated: true
|
allowAuthenticated: true
|
||||||
EditStorageFile:
|
EditStorageFile:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteStorageFile:
|
DeleteStorageFile:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -290,56 +290,56 @@ permissions:
|
||||||
# DescriptionTemplate
|
# DescriptionTemplate
|
||||||
BrowseDescriptionTemplate:
|
BrowseDescriptionTemplate:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- DescriptionTemplateEditor
|
- TenantUser
|
||||||
- Manager
|
- TenantManager
|
||||||
- User
|
- TenantDescriptionTemplateEditor
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditDescriptionTemplate:
|
EditDescriptionTemplate:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- DescriptionTemplateEditor
|
- TenantDescriptionTemplateEditor
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteDescriptionTemplate:
|
DeleteDescriptionTemplate:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- DescriptionTemplateEditor
|
- TenantDescriptionTemplateEditor
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
CloneDescriptionTemplate:
|
CloneDescriptionTemplate:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- DescriptionTemplateEditor
|
- TenantDescriptionTemplateEditor
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
CreateNewVersionDescriptionTemplate:
|
CreateNewVersionDescriptionTemplate:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- DescriptionTemplateEditor
|
- TenantDescriptionTemplateEditor
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
ImportDescriptionTemplate:
|
ImportDescriptionTemplate:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- DescriptionTemplateEditor
|
- TenantDescriptionTemplateEditor
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
ExportDescriptionTemplate:
|
ExportDescriptionTemplate:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- DescriptionTemplateEditor
|
- TenantDescriptionTemplateEditor
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -347,13 +347,13 @@ permissions:
|
||||||
# Dmp
|
# Dmp
|
||||||
BrowseDmp:
|
BrowseDmp:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditDmp:
|
EditDmp:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -365,16 +365,16 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
NewDmp:
|
NewDmp:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- User
|
- TenantUser
|
||||||
- Manager
|
- TenantManager
|
||||||
- DescriptionTemplateEditor
|
- TenantDescriptionTemplateEditor
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteDmp:
|
DeleteDmp:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -384,7 +384,7 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DepositDmp:
|
DepositDmp:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -394,7 +394,7 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
CloneDmp:
|
CloneDmp:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -404,7 +404,7 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
ExportDmp:
|
ExportDmp:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -414,7 +414,7 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
CreateNewVersionDmp:
|
CreateNewVersionDmp:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -424,7 +424,7 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
FinalizeDmp:
|
FinalizeDmp:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -434,7 +434,7 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
UndoFinalizeDmp:
|
UndoFinalizeDmp:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -444,7 +444,7 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
AssignDmpUsers:
|
AssignDmpUsers:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -454,7 +454,7 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
InviteDmpUsers:
|
InviteDmpUsers:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -465,47 +465,47 @@ permissions:
|
||||||
# DmpBlueprint
|
# DmpBlueprint
|
||||||
BrowseDmpBlueprint:
|
BrowseDmpBlueprint:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- User
|
- TenantUser
|
||||||
- Manager
|
- TenantManager
|
||||||
- DescriptionTemplateEditor
|
- TenantDescriptionTemplateEditor
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditDmpBlueprint:
|
EditDmpBlueprint:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
CloneDmpBlueprint:
|
CloneDmpBlueprint:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
CreateNewVersionDmpBlueprint:
|
CreateNewVersionDmpBlueprint:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
ExportDmpBlueprint:
|
ExportDmpBlueprint:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
ImportDmpBlueprint:
|
ImportDmpBlueprint:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteDmpBlueprint:
|
DeleteDmpBlueprint:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -513,48 +513,41 @@ permissions:
|
||||||
# EntityDoi
|
# EntityDoi
|
||||||
BrowseEntityDoi:
|
BrowseEntityDoi:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditEntityDoi:
|
EditEntityDoi:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteEntityDoi:
|
DeleteEntityDoi:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
|
|
||||||
# ViewPage Permissions
|
|
||||||
ViewDescriptionTemplateTypePage:
|
|
||||||
roles:
|
|
||||||
- Admin
|
|
||||||
clients: [ ]
|
|
||||||
allowAnonymous: false
|
|
||||||
allowAuthenticated: false
|
|
||||||
|
|
||||||
# Reference Permissions
|
# Reference Permissions
|
||||||
BrowseReference:
|
BrowseReference:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditReference:
|
EditReference:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteReference:
|
DeleteReference:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -563,19 +556,19 @@ permissions:
|
||||||
# DmpReference Permissions
|
# DmpReference Permissions
|
||||||
BrowseDmpReference:
|
BrowseDmpReference:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditDmpReference:
|
EditDmpReference:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteDmpReference:
|
DeleteDmpReference:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -584,19 +577,19 @@ permissions:
|
||||||
# DmpUser Permissions
|
# DmpUser Permissions
|
||||||
BrowseDmpUser:
|
BrowseDmpUser:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditDmpUser:
|
EditDmpUser:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteDmpUser:
|
DeleteDmpUser:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -607,20 +600,22 @@ permissions:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- Admin
|
||||||
- User
|
- User
|
||||||
- Manager
|
- TenantAdmin
|
||||||
- DescriptionTemplateEditor
|
- TenantUser
|
||||||
|
- TenantManager
|
||||||
|
- TenantDescriptionTemplateEditor
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: yes
|
allowAnonymous: yes
|
||||||
allowAuthenticated: yes
|
allowAuthenticated: yes
|
||||||
EditSupportiveMaterial:
|
EditSupportiveMaterial:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteSupportiveMaterial:
|
DeleteSupportiveMaterial:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -629,22 +624,22 @@ permissions:
|
||||||
# ReferenceType Permissions
|
# ReferenceType Permissions
|
||||||
BrowseReferenceType:
|
BrowseReferenceType:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- User
|
- TenantUser
|
||||||
- Manager
|
- TenantManager
|
||||||
- DescriptionTemplateEditor
|
- TenantDescriptionTemplateEditor
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditReferenceType:
|
EditReferenceType:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteReferenceType:
|
DeleteReferenceType:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -670,30 +665,26 @@ permissions:
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
AllowNoTenant:
|
|
||||||
roles:
|
|
||||||
- TenantManager
|
|
||||||
claims: [ ]
|
|
||||||
clients: [ ]
|
|
||||||
allowAnonymous: false
|
|
||||||
allowAuthenticated: false
|
|
||||||
|
|
||||||
# TenantUser Permissions
|
# TenantUser Permissions
|
||||||
BrowseTenantUser:
|
BrowseTenantUser:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- Admin
|
||||||
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditTenantUser:
|
EditTenantUser:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- Admin
|
||||||
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteTenantUser:
|
DeleteTenantUser:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- Admin
|
||||||
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -702,19 +693,19 @@ permissions:
|
||||||
# DmpDescriptionTemplate Permissions
|
# DmpDescriptionTemplate Permissions
|
||||||
BrowseDmpDescriptionTemplate:
|
BrowseDmpDescriptionTemplate:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditDmpDescriptionTemplate:
|
EditDmpDescriptionTemplate:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteDmpDescriptionTemplate:
|
DeleteDmpDescriptionTemplate:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -723,19 +714,19 @@ permissions:
|
||||||
# DescriptionReference Permissions
|
# DescriptionReference Permissions
|
||||||
BrowseDescriptionReference:
|
BrowseDescriptionReference:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditDescriptionReference:
|
EditDescriptionReference:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteDescriptionReference:
|
DeleteDescriptionReference:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -744,19 +735,19 @@ permissions:
|
||||||
# DescriptionReference Permissions
|
# DescriptionReference Permissions
|
||||||
BrowseDescriptionTag:
|
BrowseDescriptionTag:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditDescriptionTag:
|
EditDescriptionTag:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteDescriptionTag:
|
DeleteDescriptionTag:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -764,10 +755,10 @@ permissions:
|
||||||
# Prefilling
|
# Prefilling
|
||||||
BrowsePrefilling:
|
BrowsePrefilling:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- DescriptionTemplateEditor
|
- TenantUser
|
||||||
- Manager
|
- TenantManager
|
||||||
- User
|
- TenantDescriptionTemplateEditor
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -776,16 +767,16 @@ permissions:
|
||||||
# Lock Permissions
|
# Lock Permissions
|
||||||
BrowseLock:
|
BrowseLock:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- DescriptionTemplateEditor
|
- TenantUser
|
||||||
- Manager
|
- TenantManager
|
||||||
- User
|
- TenantDescriptionTemplateEditor
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditLock:
|
EditLock:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -797,7 +788,7 @@ permissions:
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteLock:
|
DeleteLock:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
dmp:
|
dmp:
|
||||||
roles:
|
roles:
|
||||||
- Owner
|
- Owner
|
||||||
|
@ -808,6 +799,7 @@ permissions:
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
|
|
||||||
# Contact Permissions
|
# Contact Permissions
|
||||||
SendContactSupport:
|
SendContactSupport:
|
||||||
roles: []
|
roles: []
|
||||||
|
@ -817,19 +809,19 @@ permissions:
|
||||||
# ActionConfirmation Permissions
|
# ActionConfirmation Permissions
|
||||||
BrowseActionConfirmation:
|
BrowseActionConfirmation:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditActionConfirmation:
|
EditActionConfirmation:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeleteActionConfirmation:
|
DeleteActionConfirmation:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
@ -838,23 +830,148 @@ permissions:
|
||||||
# PrefillingSource Permissions
|
# PrefillingSource Permissions
|
||||||
BrowsePrefillingSource:
|
BrowsePrefillingSource:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
- DescriptionTemplateEditor
|
- TenantUser
|
||||||
- Manager
|
- TenantManager
|
||||||
- User
|
- TenantDescriptionTemplateEditor
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
EditPrefillingSource:
|
EditPrefillingSource:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
DeletePrefillingSource:
|
DeletePrefillingSource:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- TenantAdmin
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
|
|
||||||
|
# ViewPage Permissions
|
||||||
|
ViewDescriptionTemplateTypePage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewMaintenancePage:
|
||||||
|
roles:
|
||||||
|
- Admin
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewNotificationPage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewNotificationTemplatePage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewSupportiveMaterialPage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewLanguagePage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewUserPage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewTenantPage:
|
||||||
|
roles:
|
||||||
|
- Admin
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewPrefillingSourcePage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewReferenceTypePage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewReferencePage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewEntityLockPage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewDescriptionTemplatePage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
- TenantDescriptionTemplateEditor
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewDmpBlueprintPage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewPublicDescriptionPage:
|
||||||
|
roles: [ ]
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: true
|
||||||
|
allowAuthenticated: true
|
||||||
|
ViewPublicDmpPage:
|
||||||
|
roles: [ ]
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: true
|
||||||
|
allowAuthenticated: true
|
||||||
|
ViewMyDescriptionPage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
- TenantUser
|
||||||
|
- TenantManager
|
||||||
|
- TenantDescriptionTemplateEditor
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewMyDmpPage:
|
||||||
|
roles:
|
||||||
|
- TenantAdmin
|
||||||
|
- TenantUser
|
||||||
|
- TenantManager
|
||||||
|
- TenantDescriptionTemplateEditor
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
|
ViewHomePage:
|
||||||
|
roles: [ ]
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: true
|
||||||
|
allowAuthenticated: true
|
||||||
|
ViewMineInAppNotificationPage:
|
||||||
|
roles: [ ]
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: true
|
|
@ -30,6 +30,9 @@ const appRoutes: Routes = [
|
||||||
path: 'descriptions',
|
path: 'descriptions',
|
||||||
loadChildren: () => import('./ui/description/description.module').then(m => m.DescriptionModule),
|
loadChildren: () => import('./ui/description/description.module').then(m => m.DescriptionModule),
|
||||||
data: {
|
data: {
|
||||||
|
authContext: {
|
||||||
|
permissions: [AppPermission.ViewMyDescriptionPage]
|
||||||
|
},
|
||||||
breadcrumb: true,
|
breadcrumb: true,
|
||||||
title: 'GENERAL.TITLES.DESCRIPTIONS'
|
title: 'GENERAL.TITLES.DESCRIPTIONS'
|
||||||
}
|
}
|
||||||
|
@ -46,6 +49,9 @@ const appRoutes: Routes = [
|
||||||
path: 'plans',
|
path: 'plans',
|
||||||
loadChildren: () => import('./ui/dmp/dmp.module').then(m => m.DmpModule),
|
loadChildren: () => import('./ui/dmp/dmp.module').then(m => m.DmpModule),
|
||||||
data: {
|
data: {
|
||||||
|
authContext: {
|
||||||
|
permissions: [AppPermission.ViewMyDmpPage]
|
||||||
|
},
|
||||||
breadcrumb: true,
|
breadcrumb: true,
|
||||||
title: 'GENERAL.TITLES.PLANS'
|
title: 'GENERAL.TITLES.PLANS'
|
||||||
}
|
}
|
||||||
|
@ -188,6 +194,9 @@ const appRoutes: Routes = [
|
||||||
path: 'users',
|
path: 'users',
|
||||||
loadChildren: () => import('./ui/admin/user/user.module').then(m => m.UsersModule),
|
loadChildren: () => import('./ui/admin/user/user.module').then(m => m.UsersModule),
|
||||||
data: {
|
data: {
|
||||||
|
authContext: {
|
||||||
|
permissions: [AppPermission.ViewUserPage]
|
||||||
|
},
|
||||||
breadcrumb: true,
|
breadcrumb: true,
|
||||||
title: 'GENERAL.TITLES.USERS'
|
title: 'GENERAL.TITLES.USERS'
|
||||||
},
|
},
|
||||||
|
@ -324,6 +333,9 @@ const appRoutes: Routes = [
|
||||||
path: 'index-managment',
|
path: 'index-managment',
|
||||||
loadChildren: () => import('./ui/admin/index-managment/index-managment.module').then(m => m.IndexManagmentModule),
|
loadChildren: () => import('./ui/admin/index-managment/index-managment.module').then(m => m.IndexManagmentModule),
|
||||||
data: {
|
data: {
|
||||||
|
authContext: {
|
||||||
|
permissions: [AppPermission.ViewMaintenancePage]
|
||||||
|
},
|
||||||
breadcrumb: true,
|
breadcrumb: true,
|
||||||
title: 'GENERAL.TITLES.INDEX-MANAGMENT'
|
title: 'GENERAL.TITLES.INDEX-MANAGMENT'
|
||||||
},
|
},
|
||||||
|
@ -332,6 +344,9 @@ const appRoutes: Routes = [
|
||||||
path: 'maintenance-tasks',
|
path: 'maintenance-tasks',
|
||||||
loadChildren: () => import('./ui/admin/maintenance-tasks/maintenance-tasks.module').then(m => m.MaintenanceTasksModule),
|
loadChildren: () => import('./ui/admin/maintenance-tasks/maintenance-tasks.module').then(m => m.MaintenanceTasksModule),
|
||||||
data: {
|
data: {
|
||||||
|
authContext: {
|
||||||
|
permissions: [AppPermission.ViewMaintenancePage]
|
||||||
|
},
|
||||||
breadcrumb: true
|
breadcrumb: true
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -33,20 +33,6 @@ export enum AppPermission {
|
||||||
EditDescriptionTemplate = "EditDescriptionTemplate",
|
EditDescriptionTemplate = "EditDescriptionTemplate",
|
||||||
DeleteDescriptionTemplate = "DeleteDescriptionTemplate",
|
DeleteDescriptionTemplate = "DeleteDescriptionTemplate",
|
||||||
|
|
||||||
// UI Pages
|
|
||||||
ViewDescriptionTemplateTypePage = "ViewDescriptionTemplateTypePage",
|
|
||||||
ViewDmpBlueprintPage = "ViewDmpBlueprintPage",
|
|
||||||
ViewDescriptionTemplatePage = "ViewDescriptionTemplatePage",
|
|
||||||
ViewSupportiveMaterialPage = 'ViewSupportiveMaterialPage',
|
|
||||||
ViewReferenceTypePage = 'ViewReferenceTypePage',
|
|
||||||
ViewReferencePage = 'ViewReferencePage',
|
|
||||||
ViewTenantPage = 'ViewTenantPage',
|
|
||||||
ViewLanguagePage = "ViewLanguagePage",
|
|
||||||
ViewNotificationTemplatePage = "ViewNotificationTemplatePage",
|
|
||||||
ViewMineInAppNotificationPage = "ViewMineInAppNotificationPage",
|
|
||||||
ViewNotificationPage = "ViewNotificationPage",
|
|
||||||
ViewPrefillingSourcePage = "ViewPrefillingSourcePage",
|
|
||||||
ViewEntityLockPage = "ViewEntityLockPage",
|
|
||||||
|
|
||||||
//ReferenceType
|
//ReferenceType
|
||||||
BrowseReferenceType = "BrowseReferenceType",
|
BrowseReferenceType = "BrowseReferenceType",
|
||||||
|
@ -83,5 +69,27 @@ export enum AppPermission {
|
||||||
BrowsePrefillingSource= "BrowsePrefillingSource",
|
BrowsePrefillingSource= "BrowsePrefillingSource",
|
||||||
EditPrefillingSource = "EditPrefillingSource",
|
EditPrefillingSource = "EditPrefillingSource",
|
||||||
DeletePrefillingSource = "DeletePrefillingSource",
|
DeletePrefillingSource = "DeletePrefillingSource",
|
||||||
|
|
||||||
|
// UI Pages
|
||||||
|
ViewDescriptionTemplateTypePage = "ViewDescriptionTemplateTypePage",
|
||||||
|
ViewMaintenancePage = "ViewMaintenancePage",
|
||||||
|
ViewNotificationPage = "ViewNotificationPage",
|
||||||
|
ViewNotificationTemplatePage = "ViewNotificationTemplatePage",
|
||||||
|
ViewSupportiveMaterialPage = "ViewSupportiveMaterialPage",
|
||||||
|
ViewLanguagePage = "ViewLanguagePage",
|
||||||
|
ViewUserPage = "ViewUserPage",
|
||||||
|
ViewTenantPage = "ViewTenantPage",
|
||||||
|
ViewPrefillingSourcePage = "ViewPrefillingSourcePage",
|
||||||
|
ViewReferenceTypePage = "ViewReferenceTypePage",
|
||||||
|
ViewReferencePage = "ViewReferencePage",
|
||||||
|
ViewEntityLockPage = "ViewEntityLockPage",
|
||||||
|
ViewDescriptionTemplatePage = "ViewDescriptionTemplatePage",
|
||||||
|
ViewDmpBlueprintPage = "ViewDmpBlueprintPage",
|
||||||
|
ViewPublicDescriptionPage = "ViewPublicDescriptionPage",
|
||||||
|
ViewPublicDmpPage = "ViewPublicDmpPage",
|
||||||
|
ViewMyDescriptionPage = "ViewMyDescriptionPage",
|
||||||
|
ViewMyDmpPage = "ViewMyDmpPage",
|
||||||
|
ViewHomePage = "ViewHomePage",
|
||||||
|
ViewMineInAppNotificationPage = "ViewMineInAppNotificationPage",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -331,7 +331,7 @@ export class AuthService extends BaseService {
|
||||||
}
|
}
|
||||||
private evaluatePermission(availablePermissions: string[], permissionToCheck: string): boolean {
|
private evaluatePermission(availablePermissions: string[], permissionToCheck: string): boolean {
|
||||||
if (!permissionToCheck) { return false; }
|
if (!permissionToCheck) { return false; }
|
||||||
if (this.hasRole(AppRole.Admin)) { return true; }
|
// if (this.hasRole(AppRole.Admin)) { return true; }
|
||||||
return availablePermissions.map(x => x.toLowerCase()).includes(permissionToCheck.toLowerCase());
|
return availablePermissions.map(x => x.toLowerCase()).includes(permissionToCheck.toLowerCase());
|
||||||
}
|
}
|
||||||
public hasAnyPermission(permissions: AppPermission[]): boolean {
|
public hasAnyPermission(permissions: AppPermission[]): boolean {
|
||||||
|
|
|
@ -188,7 +188,7 @@ export class TenantDepositConfigEditorModel implements TenantDepositConfigPersis
|
||||||
|
|
||||||
const baseContext: ValidationContext = new ValidationContext();
|
const baseContext: ValidationContext = new ValidationContext();
|
||||||
const baseValidationArray: Validation[] = new Array<Validation>();
|
const baseValidationArray: Validation[] = new Array<Validation>();
|
||||||
baseValidationArray.push({ key: 'sources', validators: [Validators.required, BackendErrorValidator(validationErrorModel, `${rootPath}sources`)] });
|
baseValidationArray.push({ key: 'sources', validators: [BackendErrorValidator(validationErrorModel, `${rootPath}sources`)] });
|
||||||
|
|
||||||
baseContext.validation = baseValidationArray;
|
baseContext.validation = baseValidationArray;
|
||||||
return baseContext;
|
return baseContext;
|
||||||
|
@ -258,7 +258,7 @@ export class TenantFileTransformersConfigEditorModel implements TenantFileTransf
|
||||||
|
|
||||||
const baseContext: ValidationContext = new ValidationContext();
|
const baseContext: ValidationContext = new ValidationContext();
|
||||||
const baseValidationArray: Validation[] = new Array<Validation>();
|
const baseValidationArray: Validation[] = new Array<Validation>();
|
||||||
baseValidationArray.push({ key: 'sources', validators: [Validators.required, BackendErrorValidator(validationErrorModel, `${rootPath}sources`)] });
|
baseValidationArray.push({ key: 'sources', validators: [BackendErrorValidator(validationErrorModel, `${rootPath}sources`)] });
|
||||||
|
|
||||||
baseContext.validation = baseValidationArray;
|
baseContext.validation = baseValidationArray;
|
||||||
return baseContext;
|
return baseContext;
|
||||||
|
|
|
@ -15,7 +15,6 @@ import { takeUntil } from 'rxjs/operators';
|
||||||
import { StartNewDmpDialogComponent } from '../dmp/new/start-new-dmp-dialogue/start-new-dmp-dialog.component';
|
import { StartNewDmpDialogComponent } from '../dmp/new/start-new-dmp-dialogue/start-new-dmp-dialog.component';
|
||||||
import { FaqDialogComponent } from '../faq/dialog/faq-dialog.component';
|
import { FaqDialogComponent } from '../faq/dialog/faq-dialog.component';
|
||||||
import { UserDialogComponent } from './user-dialog/user-dialog.component';
|
import { UserDialogComponent } from './user-dialog/user-dialog.component';
|
||||||
import { DATASETS_ROUTES, DMP_ROUTES, GENERAL_ROUTES } from '../sidebar/sidebar.component';
|
|
||||||
import { MineInAppNotificationListingDialogComponent } from '../inapp-notification/listing-dialog/mine-inapp-notification-listing-dialog.component';
|
import { MineInAppNotificationListingDialogComponent } from '../inapp-notification/listing-dialog/mine-inapp-notification-listing-dialog.component';
|
||||||
import { InAppNotificationService } from '@app/core/services/inapp-notification/inapp-notification.service';
|
import { InAppNotificationService } from '@app/core/services/inapp-notification/inapp-notification.service';
|
||||||
import { timer } from 'rxjs';
|
import { timer } from 'rxjs';
|
||||||
|
@ -28,7 +27,7 @@ import { ConfigurationService } from '@app/core/services/configuration/configura
|
||||||
})
|
})
|
||||||
export class NavbarComponent extends BaseComponent implements OnInit {
|
export class NavbarComponent extends BaseComponent implements OnInit {
|
||||||
progressIndication = false;
|
progressIndication = false;
|
||||||
private listTitles: any[];
|
//private listTitles: any[];
|
||||||
location: Location;
|
location: Location;
|
||||||
mobile_menu_visible: any = 0;
|
mobile_menu_visible: any = 0;
|
||||||
private toggleButton: any;
|
private toggleButton: any;
|
||||||
|
@ -64,10 +63,10 @@ export class NavbarComponent extends BaseComponent implements OnInit {
|
||||||
ngOnInit() {
|
ngOnInit() {
|
||||||
this.matomoService.trackPageView('Navbar');
|
this.matomoService.trackPageView('Navbar');
|
||||||
this.currentRoute = this.router.url;
|
this.currentRoute = this.router.url;
|
||||||
this.listTitles = GENERAL_ROUTES.filter(listTitle => listTitle);
|
// this.listTitles = GENERAL_ROUTES.filter(listTitle => listTitle);
|
||||||
this.listTitles.push(DMP_ROUTES.filter(listTitle => listTitle));
|
// this.listTitles.push(DMP_ROUTES.filter(listTitle => listTitle));
|
||||||
// this.listTitles.push(HISTORY_ROUTES.filter(listTitle => listTitle));
|
// this.listTitles.push(HISTORY_ROUTES.filter(listTitle => listTitle));
|
||||||
this.listTitles.push(DATASETS_ROUTES.filter(listTitle => listTitle));
|
// this.listTitles.push(DATASETS_ROUTES.filter(listTitle => listTitle));
|
||||||
// const navbar: HTMLElement = this.element.nativeElement;
|
// const navbar: HTMLElement = this.element.nativeElement;
|
||||||
// this.toggleButton = navbar.getElementsByClassName('navbar-toggler')[0];
|
// this.toggleButton = navbar.getElementsByClassName('navbar-toggler')[0];
|
||||||
// this.router.events.subscribe((event) => {
|
// this.router.events.subscribe((event) => {
|
||||||
|
@ -193,20 +192,20 @@ export class NavbarComponent extends BaseComponent implements OnInit {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
getTitle() {
|
// getTitle() {
|
||||||
var titlee = this.location.prepareExternalUrl(this.location.path());
|
// var titlee = this.location.prepareExternalUrl(this.location.path());
|
||||||
if (titlee.charAt(0) === '#') {
|
// if (titlee.charAt(0) === '#') {
|
||||||
titlee = titlee.slice(2);
|
// titlee = titlee.slice(2);
|
||||||
}
|
// }
|
||||||
titlee = titlee.split('/').pop();
|
// titlee = titlee.split('/').pop();
|
||||||
|
|
||||||
for (var item = 0; item < this.listTitles.length; item++) {
|
// for (var item = 0; item < this.listTitles.length; item++) {
|
||||||
if (this.listTitles[item].path === titlee) {
|
// if (this.listTitles[item].path === titlee) {
|
||||||
return this.listTitles[item].title;
|
// return this.listTitles[item].title;
|
||||||
}
|
// }
|
||||||
}
|
// }
|
||||||
return 'Dashboard';
|
// return 'Dashboard';
|
||||||
}
|
// }
|
||||||
|
|
||||||
public getCurrentLanguage(): any {
|
public getCurrentLanguage(): any {
|
||||||
const lang = this.languages.find(lang => lang.value === this.languageService.getCurrentLanguage());
|
const lang = this.languages.find(lang => lang.value === this.languageService.getCurrentLanguage());
|
||||||
|
|
|
@ -6,9 +6,11 @@ import { Router } from '@angular/router';
|
||||||
import { MatomoService } from '@app/core/services/matomo/matomo-service';
|
import { MatomoService } from '@app/core/services/matomo/matomo-service';
|
||||||
import { TranslateService } from '@ngx-translate/core';
|
import { TranslateService } from '@ngx-translate/core';
|
||||||
import { AppRole } from '../../core/common/enum/app-role';
|
import { AppRole } from '../../core/common/enum/app-role';
|
||||||
import { AuthService } from '../../core/services/auth/auth.service';
|
import { AuthService, LoginStatus } from '../../core/services/auth/auth.service';
|
||||||
import { LanguageDialogComponent } from '../language/dialog/language-dialog.component';
|
import { LanguageDialogComponent } from '../language/dialog/language-dialog.component';
|
||||||
import { UserDialogComponent } from '../navbar/user-dialog/user-dialog.component';
|
import { UserDialogComponent } from '../navbar/user-dialog/user-dialog.component';
|
||||||
|
import { AppPermission } from '@app/core/common/enum/permission.enum';
|
||||||
|
import { takeUntil } from 'rxjs/operators';
|
||||||
|
|
||||||
declare interface RouteInfo {
|
declare interface RouteInfo {
|
||||||
path: string;
|
path: string;
|
||||||
|
@ -19,56 +21,8 @@ declare interface RouteInfo {
|
||||||
declare interface GroupMenuItem {
|
declare interface GroupMenuItem {
|
||||||
title: string;
|
title: string;
|
||||||
routes: RouteInfo[];
|
routes: RouteInfo[];
|
||||||
requiresAuthentication: boolean;
|
|
||||||
requiresSpecialPermission?: AppRole;
|
|
||||||
requiresAdmin: boolean;
|
|
||||||
isGeneral: boolean;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
export const GENERAL_ROUTES: RouteInfo[] = [
|
|
||||||
{ path: '/home', title: 'SIDE-BAR.DASHBOARD', icon: 'home' }
|
|
||||||
];
|
|
||||||
export const DMP_ROUTES: RouteInfo[] = [
|
|
||||||
{ path: '/plans', title: 'SIDE-BAR.MY-DMPS', icon: 'library_books' },
|
|
||||||
{ path: '/descriptions', title: 'SIDE-BAR.MY-DESCRIPTIONS', icon: 'dns' },
|
|
||||||
];
|
|
||||||
export const DATASETS_ROUTES: RouteInfo[] = [
|
|
||||||
{ path: '/explore-plans', title: 'SIDE-BAR.PUBLIC-DMPS', icon: 'library_books' },
|
|
||||||
{ path: '/explore-descriptions', title: 'SIDE-BAR.PUBLIC-DESC', icon: 'dns' },
|
|
||||||
];
|
|
||||||
|
|
||||||
export const PUBLIC_ROUTES: RouteInfo[] = [
|
|
||||||
{ path: '/explore-plans', title: 'SIDE-BAR.PUBLIC-DMPS', icon: 'library_books' },
|
|
||||||
{ path: '/explore-descriptions', title: 'SIDE-BAR.PUBLIC-DESC', icon: 'dns' }
|
|
||||||
];
|
|
||||||
|
|
||||||
export const ADMIN_ROUTES: RouteInfo[] = [
|
|
||||||
{ path: '/dmp-blueprints', title: 'SIDE-BAR.DMP-BLUEPRINTS', icon: 'library_books' },
|
|
||||||
{ path: '/description-templates', title: 'SIDE-BAR.DESCRIPTION-TEMPLATES', icon: 'description' },
|
|
||||||
{ path: '/description-template-type', title: 'SIDE-BAR.DESCRIPTION-TEMPLATE-TYPES', icon: 'stack' },
|
|
||||||
{ path: '/entity-locks', title: 'SIDE-BAR.ENTITY-LOCKS', icon: 'build' },
|
|
||||||
{ path: '/references', title: 'SIDE-BAR.REFERENCES', icon: 'dataset_linked' },
|
|
||||||
{ path: '/reference-type', title: 'SIDE-BAR.REFERENCE-TYPES', icon: 'add_link' },
|
|
||||||
{ path: '/prefilling-sources', title: 'SIDE-BAR.PREFILLING-SOURCES', icon: 'add_link' },
|
|
||||||
{ path: '/tenants', title: 'SIDE-BAR.TENANTS', icon: 'tenancy' },
|
|
||||||
{ path: '/users', title: 'SIDE-BAR.USERS', icon: 'people' },
|
|
||||||
{ path: '/languages', title: 'SIDE-BAR.LANGUAGES', icon: 'language' },
|
|
||||||
{ path: '/supportive-material', title: 'SIDE-BAR.SUPPORTIVE-MATERIAL', icon: 'dataset_linked' },
|
|
||||||
{ path: '/notification-templates', title: 'SIDE-BAR.NOTIFICATION-TEMPLATES', icon: 'build' },
|
|
||||||
{ path: '/notifications', title: 'SIDE-BAR.NOTIFICATIONS', icon: 'build' },
|
|
||||||
{ path: '/index-managment', title: 'SIDE-BAR.MAINTENANCE', icon: 'build' }
|
|
||||||
];
|
|
||||||
|
|
||||||
export const DATASET_TEMPLATE_ROUTES: RouteInfo[] = [
|
|
||||||
{ path: '/description-templates', title: 'SIDE-BAR.DESCRIPTION-TEMPLATES', icon: 'description' }
|
|
||||||
];
|
|
||||||
|
|
||||||
export const INFO_ROUTES: RouteInfo[] = [
|
|
||||||
{ path: '/co-branding', title: 'SIDE-BAR.CO-BRANDING', icon: 'toll' },
|
|
||||||
{ path: '/contact-support', title: 'SIDE-BAR.SUPPORT', icon: 'help' },
|
|
||||||
{ path: '/feedback', title: 'SIDE-BAR.FEEDBACK', icon: 'feedback', url: 'https://docs.google.com/forms/d/12RSCrUjdSDp2LZLpjDKOi44cN1fLDD2q1-F66SqZIis/viewform?edit_requested=true' }
|
|
||||||
];
|
|
||||||
|
|
||||||
@Component({
|
@Component({
|
||||||
selector: 'app-sidebar',
|
selector: 'app-sidebar',
|
||||||
templateUrl: './sidebar.component.html',
|
templateUrl: './sidebar.component.html',
|
||||||
|
@ -102,71 +56,80 @@ export class SidebarComponent implements OnInit {
|
||||||
ngOnInit() {
|
ngOnInit() {
|
||||||
this.matomoService.trackPageView('Sidebar');
|
this.matomoService.trackPageView('Sidebar');
|
||||||
this.currentRoute = this.router.url;
|
this.currentRoute = this.router.url;
|
||||||
|
|
||||||
|
this.authentication.getAuthenticationStateObservable().pipe().subscribe(authenticationState => {
|
||||||
|
this.reCalculateMenu()
|
||||||
|
});
|
||||||
|
|
||||||
|
this.reCalculateMenu();
|
||||||
|
|
||||||
|
this.router.events.subscribe((event) => this.currentRoute = this.router.url);
|
||||||
|
}
|
||||||
|
|
||||||
|
private reCalculateMenu() {
|
||||||
|
this.groupMenuItems = []
|
||||||
this.generalItems = {
|
this.generalItems = {
|
||||||
title: 'SIDE-BAR.GENERAL',
|
title: 'SIDE-BAR.GENERAL',
|
||||||
routes: GENERAL_ROUTES,
|
routes: [],
|
||||||
requiresAuthentication: false,
|
|
||||||
requiresAdmin: false,
|
|
||||||
isGeneral: true
|
|
||||||
}
|
}
|
||||||
|
this.generalItems.routes.push({ path: '/home', title: 'SIDE-BAR.DASHBOARD', icon: 'home' });
|
||||||
|
|
||||||
this.groupMenuItems.push(this.generalItems);
|
this.groupMenuItems.push(this.generalItems);
|
||||||
|
|
||||||
this.dmpItems = {
|
this.dmpItems = {
|
||||||
title: 'SIDE-BAR.DMP',
|
title: 'SIDE-BAR.DMP',
|
||||||
routes: DMP_ROUTES,
|
routes: [],
|
||||||
requiresAuthentication: true,
|
|
||||||
requiresAdmin: false,
|
|
||||||
isGeneral: false
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewMyDmpPage)) this.dmpItems.routes.push({ path: '/plans', title: 'SIDE-BAR.MY-DMPS', icon: 'library_books' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewMyDescriptionPage)) this.dmpItems.routes.push({ path: '/descriptions', title: 'SIDE-BAR.MY-DESCRIPTIONS', icon: 'dns' });
|
||||||
this.groupMenuItems.push(this.dmpItems);
|
this.groupMenuItems.push(this.dmpItems);
|
||||||
|
|
||||||
this.datasetItems = {
|
this.datasetItems = {
|
||||||
title: 'SIDE-BAR.DATASETS',
|
title: 'SIDE-BAR.DATASETS',
|
||||||
routes: DATASETS_ROUTES,
|
routes: [],
|
||||||
requiresAuthentication: true,
|
|
||||||
requiresAdmin: false,
|
|
||||||
isGeneral: false
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewPublicDmpPage)) this.datasetItems.routes.push({ path: '/explore-plans', title: 'SIDE-BAR.PUBLIC-DMPS', icon: 'library_books' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewPublicDescriptionPage)) this.datasetItems.routes.push({ path: '/explore-descriptions', title: 'SIDE-BAR.PUBLIC-DESC', icon: 'dns' });
|
||||||
this.groupMenuItems.push(this.datasetItems);
|
this.groupMenuItems.push(this.datasetItems);
|
||||||
|
|
||||||
this.adminItems = {
|
|
||||||
title: 'SIDE-BAR.ADMIN',
|
|
||||||
routes: ADMIN_ROUTES,
|
|
||||||
requiresAuthentication: true,
|
|
||||||
requiresAdmin: true,
|
|
||||||
isGeneral: false
|
|
||||||
}
|
|
||||||
this.groupMenuItems.push(this.adminItems);
|
|
||||||
|
|
||||||
this.datasetTemplateItems = {
|
|
||||||
title: 'SIDE-BAR.ADMIN',
|
|
||||||
routes: DATASET_TEMPLATE_ROUTES,
|
|
||||||
requiresAuthentication: true,
|
|
||||||
requiresSpecialPermission: AppRole.DescriptionTemplateEditor,
|
|
||||||
requiresAdmin: false,
|
|
||||||
isGeneral: false
|
|
||||||
}
|
|
||||||
this.groupMenuItems.push(this.datasetTemplateItems);
|
|
||||||
|
|
||||||
this.publicItems = {
|
this.publicItems = {
|
||||||
title: 'SIDE-BAR.PUBLIC',
|
title: 'SIDE-BAR.PUBLIC',
|
||||||
routes: PUBLIC_ROUTES,
|
routes: [],
|
||||||
requiresAuthentication: false,
|
|
||||||
requiresAdmin: false,
|
|
||||||
isGeneral: false
|
|
||||||
}
|
}
|
||||||
|
this.publicItems.routes.push({ path: '/explore-plans', title: 'SIDE-BAR.PUBLIC-DMPS', icon: 'library_books' });
|
||||||
|
this.publicItems.routes.push({ path: '/explore-descriptions', title: 'SIDE-BAR.PUBLIC-DESC', icon: 'dns' });
|
||||||
this.groupMenuItems.push(this.publicItems);
|
this.groupMenuItems.push(this.publicItems);
|
||||||
|
|
||||||
|
this.adminItems = {
|
||||||
|
title: 'SIDE-BAR.ADMIN',
|
||||||
|
routes: [],
|
||||||
|
}
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewDmpBlueprintPage)) this.adminItems.routes.push({ path: '/dmp-blueprints', title: 'SIDE-BAR.DMP-BLUEPRINTS', icon: 'library_books' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewDescriptionTemplatePage)) this.adminItems.routes.push({ path: '/description-templates', title: 'SIDE-BAR.DESCRIPTION-TEMPLATES', icon: 'description' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewDescriptionTemplateTypePage)) this.adminItems.routes.push({ path: '/description-template-type', title: 'SIDE-BAR.DESCRIPTION-TEMPLATE-TYPES', icon: 'stack' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewEntityLockPage)) this.adminItems.routes.push({ path: '/entity-locks', title: 'SIDE-BAR.ENTITY-LOCKS', icon: 'build' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewReferencePage)) this.adminItems.routes.push({ path: '/references', title: 'SIDE-BAR.REFERENCES', icon: 'dataset_linked' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewReferenceTypePage)) this.adminItems.routes.push({ path: '/reference-type', title: 'SIDE-BAR.REFERENCE-TYPES', icon: 'add_link' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewPrefillingSourcePage)) this.adminItems.routes.push({ path: '/prefilling-sources', title: 'SIDE-BAR.PREFILLING-SOURCES', icon: 'add_link' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewTenantPage)) this.adminItems.routes.push({ path: '/tenants', title: 'SIDE-BAR.TENANTS', icon: 'tenancy' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewUserPage)) this.adminItems.routes.push({ path: '/users', title: 'SIDE-BAR.USERS', icon: 'people' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewLanguagePage)) this.adminItems.routes.push({ path: '/languages', title: 'SIDE-BAR.LANGUAGES', icon: 'language' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewSupportiveMaterialPage)) this.adminItems.routes.push({ path: '/supportive-material', title: 'SIDE-BAR.SUPPORTIVE-MATERIAL', icon: 'dataset_linked' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewNotificationTemplatePage)) this.adminItems.routes.push({ path: '/notification-templates', title: 'SIDE-BAR.NOTIFICATION-TEMPLATES', icon: 'build' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewNotificationPage)) this.adminItems.routes.push({ path: '/notifications', title: 'SIDE-BAR.NOTIFICATIONS', icon: 'build' });
|
||||||
|
if (this.authentication.hasPermission(AppPermission.ViewMaintenancePage)) this.adminItems.routes.push({ path: '/index-managment', title: 'SIDE-BAR.MAINTENANCE', icon: 'build' });
|
||||||
|
this.groupMenuItems.push(this.adminItems);
|
||||||
|
|
||||||
this.infoItems = {
|
this.infoItems = {
|
||||||
title: "",
|
title: "",
|
||||||
routes: INFO_ROUTES,
|
routes: [],
|
||||||
requiresAuthentication: false,
|
|
||||||
requiresAdmin: false,
|
|
||||||
isGeneral: false
|
|
||||||
}
|
}
|
||||||
|
this.infoItems.routes.push({ path: '/co-branding', title: 'SIDE-BAR.CO-BRANDING', icon: 'toll' });
|
||||||
|
this.infoItems.routes.push({ path: '/contact-support', title: 'SIDE-BAR.SUPPORT', icon: 'help' });
|
||||||
|
this.infoItems.routes.push({ path: '/feedback', title: 'SIDE-BAR.FEEDBACK', icon: 'feedback', url: 'https://docs.google.com/forms/d/12RSCrUjdSDp2LZLpjDKOi44cN1fLDD2q1-F66SqZIis/viewform?edit_requested=true' });
|
||||||
this.groupMenuItems.push(this.infoItems);
|
this.groupMenuItems.push(this.infoItems);
|
||||||
|
|
||||||
this.router.events.subscribe((event) => this.currentRoute = this.router.url);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public principalHasAvatar(): boolean {
|
public principalHasAvatar(): boolean {
|
||||||
|
@ -206,20 +169,7 @@ export class SidebarComponent implements OnInit {
|
||||||
}
|
}
|
||||||
|
|
||||||
showItem(value: GroupMenuItem) {
|
showItem(value: GroupMenuItem) {
|
||||||
if (this.isAuthenticated()) {
|
return value.routes && value.routes.length > 0;
|
||||||
if (value.requiresAdmin) {
|
|
||||||
return this.isAdmin();
|
|
||||||
}
|
|
||||||
else if (value.requiresSpecialPermission !== undefined) {
|
|
||||||
return this.hasPermission(value.requiresSpecialPermission);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
return value.isGeneral || value.requiresAuthentication;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
return !value.requiresAuthentication;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
openProfile() {
|
openProfile() {
|
||||||
|
|
Loading…
Reference in New Issue