Merge branch 'dmp-refactoring' of https://code-repo.d4science.org/MaDgiK-CITE/argos into dmp-refactoring

This commit is contained in:
Sofia Papacharalampous 2024-04-02 19:09:21 +03:00
commit 2bad85019b
23 changed files with 686 additions and 422 deletions

View File

@ -0,0 +1,9 @@
package eu.eudat.authorization;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;
@Configuration("AppAuthorizationConfiguration")
@EnableConfigurationProperties(AuthorizationProperties.class)
public class AuthorizationConfiguration {
}

View File

@ -0,0 +1,31 @@
package eu.eudat.authorization;
import org.springframework.boot.context.properties.ConfigurationProperties;
import java.util.HashSet;
import java.util.List;
@ConfigurationProperties(prefix = "authorization")
public class AuthorizationProperties {
private List<String> allowedTenantRoles;
public List<String> getAllowedTenantRoles() {
return allowedTenantRoles;
}
public void setAllowedTenantRoles(List<String> allowedTenantRoles) {
this.allowedTenantRoles = allowedTenantRoles;
}
private List<String> allowedGlobalRoles;
public List<String> getAllowedGlobalRoles() {
return allowedGlobalRoles;
}
public void setAllowedGlobalRoles(List<String> allowedGlobalRoles) {
this.allowedGlobalRoles = allowedGlobalRoles;
}
}

View File

@ -2,4 +2,8 @@ package eu.eudat.authorization;
public class ClaimNames { public class ClaimNames {
public static final String ExternalProviderName = "ExternalProviderName"; public static final String ExternalProviderName = "ExternalProviderName";
public static final String TenantCodesClaimName = "TenantCodes";
public static final String TenantClaimName = "x-tenant";
public static final String GlobalRolesClaimName = "GlobalRoles";
public static final String TenantRolesClaimName = "TenantRoles";
} }

View File

@ -123,9 +123,6 @@ public final class Permission {
public static String DeleteUserSettings = "DeleteUserSettings"; public static String DeleteUserSettings = "DeleteUserSettings";
// UI Pages
public static String ViewDescriptionTemplateTypePage = "ViewDescriptionTemplateTypePage";
public static String ViewDmpBlueprintPage = "ViewDmpBlueprintPage";
//Reference //Reference
public static String BrowseReference = "BrowseReference"; public static String BrowseReference = "BrowseReference";
@ -191,4 +188,26 @@ public final class Permission {
public static String DeletePrefillingSource = "DeletePrefillingSource"; public static String DeletePrefillingSource = "DeletePrefillingSource";
// UI Pages
public static String ViewDescriptionTemplateTypePage = "ViewDescriptionTemplateTypePage";
public static String ViewMaintenancePage = "ViewMaintenancePage";
public static String ViewNotificationPage = "ViewNotificationPage";
public static String ViewNotificationTemplatePage = "ViewNotificationTemplatePage";
public static String ViewSupportiveMaterialPage = "ViewSupportiveMaterialPage";
public static String ViewLanguagePage = "ViewLanguagePage";
public static String ViewUserPage = "ViewUserPage";
public static String ViewTenantPage = "ViewTenantPage";
public static String ViewPrefillingSourcePage = "ViewPrefillingSourcePage";
public static String ViewReferenceTypePage = "ViewReferenceTypePage";
public static String ViewReferencePage = "ViewReferencePage";
public static String ViewEntityLockPage = "ViewEntityLockPage";
public static String ViewDescriptionTemplatePage = "ViewDescriptionTemplatePage";
public static String ViewDmpBlueprintPage = "ViewDmpBlueprintPage";
public static String ViewPublicDescriptionPage = "ViewPublicDescriptionPage";
public static String ViewPublicDmpPage = "ViewPublicDmpPage";
public static String ViewMyDescriptionPage = "ViewMyDescriptionPage";
public static String ViewMyDmpPage = "ViewMyDmpPage";
public static String ViewHomePage = "ViewHomePage";
public static String ViewMineInAppNotificationPage = "ViewMineInAppNotificationPage";
} }

View File

@ -16,9 +16,6 @@ import java.util.concurrent.atomic.AtomicReference;
@RequestScope @RequestScope
public class TenantScope { public class TenantScope {
public static final String TenantReplaceParameter = "::TenantCode::"; public static final String TenantReplaceParameter = "::TenantCode::";
public static final String TenantCodesClaimName = "TenantCodes";
public static final String TenantClaimName = "x-tenant";
private final MultitenancyProperties multitenancy; private final MultitenancyProperties multitenancy;
private final AtomicReference<UUID> tenant = new AtomicReference<>(); private final AtomicReference<UUID> tenant = new AtomicReference<>();
private final AtomicReference<String> tenantCode = new AtomicReference<>(); private final AtomicReference<String> tenantCode = new AtomicReference<>();

View File

@ -21,9 +21,6 @@ import java.util.UUID;
public class TenantEntityManager { public class TenantEntityManager {
@PersistenceContext @PersistenceContext
private EntityManager entityManager; private EntityManager entityManager;
// private final CurrentPrincipalResolver currentPrincipalResolver;
// private final ClaimExtractor claimExtractor;
// private final AuthorizationService authorizationService;
private final TenantScope tenantScope; private final TenantScope tenantScope;
public TenantEntityManager(TenantScope tenantScope) { public TenantEntityManager(TenantScope tenantScope) {
@ -36,23 +33,23 @@ public class TenantEntityManager {
} }
public <T> T merge(T entity) throws InvalidApplicationException { public <T> T merge(T entity) throws InvalidApplicationException {
if (tenantScope.isMultitenant() && (entity instanceof TenantScoped)) { if (tenantScope.isMultitenant() && (entity instanceof TenantScoped tenantScopedEntity)) {
// this.currentPrincipalResolver.currentPrincipal().isAuthenticated(); if (!tenantScope.isDefaultTenant()) {
// this.claimExtractor.subjectUUID(this.currentPrincipalResolver.currentPrincipal()); if (tenantScopedEntity.getTenantId() == null || !tenantScopedEntity.getTenantId().equals(tenantScope.getTenant())) throw new MyForbiddenException("tenant tampering");
// boolean isAllowedNoTenant = authorizationService.authorize(Permission.AllowNoTenant); } else if (tenantScopedEntity.getTenantId() != null) {
throw new MyForbiddenException("tenant tampering");
boolean isAllowedNoTenant = ((TenantScoped) entity).allowNullTenant() || this.tenantScope.isDefaultTenant(); }
final UUID tenantId = !isAllowedNoTenant ? tenantScope.getTenant() : null;
if (!isAllowedNoTenant && !tenantId.equals(((TenantScoped) entity).getTenantId())) throw new MyForbiddenException("tenant tampering");
} }
return this.entityManager.merge(entity); return this.entityManager.merge(entity);
} }
public void remove(Object entity) throws InvalidApplicationException { public void remove(Object entity) throws InvalidApplicationException {
if (tenantScope.isMultitenant() && (entity instanceof TenantScoped)) { if (tenantScope.isMultitenant() && (entity instanceof TenantScoped tenantScopedEntity)) {
boolean isAllowedNoTenant = ((TenantScoped) entity).allowNullTenant() || this.tenantScope.isDefaultTenant(); if (!tenantScope.isDefaultTenant()) {
final UUID tenantId = !isAllowedNoTenant ? tenantScope.getTenant() : null; if (tenantScopedEntity.getTenantId() == null || !tenantScopedEntity.getTenantId().equals(tenantScope.getTenant())) throw new MyForbiddenException("tenant tampering");
if (!isAllowedNoTenant && !tenantId.equals(((TenantScoped) entity).getTenantId())) throw new MyForbiddenException("tenant tampering"); } else if (tenantScopedEntity.getTenantId() != null) {
throw new MyForbiddenException("tenant tampering");
}
} }
this.entityManager.remove(entity); this.entityManager.remove(entity);
} }
@ -60,14 +57,8 @@ public class TenantEntityManager {
public <T> T find(Class<T> entityClass, Object primaryKey) throws InvalidApplicationException { public <T> T find(Class<T> entityClass, Object primaryKey) throws InvalidApplicationException {
T entity = this.entityManager.find(entityClass, primaryKey); T entity = this.entityManager.find(entityClass, primaryKey);
if (tenantScope.isMultitenant() && (entity instanceof TenantScoped)) { if (tenantScope.isMultitenant() && (entity instanceof TenantScoped tenantScopedEntity)) {
// this.currentPrincipalResolver.currentPrincipal().isAuthenticated(); if (tenantScopedEntity.getTenantId() != null && !tenantScopedEntity.getTenantId().equals(tenantScope.getTenant())) return null;
// this.claimExtractor.subjectUUID(this.currentPrincipalResolver.currentPrincipal());
// boolean isAllowedNoTenant = authorizationService.authorize(Permission.AllowNoTenant);
boolean isAllowedNoTenant = ((TenantScoped) entity).allowNullTenant() || this.tenantScope.isDefaultTenant();
final UUID tenantId = !isAllowedNoTenant ? tenantScope.getTenant() : null;
if (!isAllowedNoTenant && !tenantId.equals(((TenantScoped) entity).getTenantId())) return null;
} }
return entity; return entity;
} }

View File

@ -33,7 +33,7 @@ public class TenantListener {
logger.error("somebody tried to set not login tenant"); logger.error("somebody tried to set not login tenant");
throw new MyForbiddenException("tenant tampering"); throw new MyForbiddenException("tenant tampering");
} }
if (!entity.allowNullTenant() && !tenantScope.isDefaultTenant()) { if (!tenantScope.isDefaultTenant()) {
final UUID tenantId = tenantScope.getTenant(); final UUID tenantId = tenantScope.getTenant();
entity.setTenantId(tenantId); entity.setTenantId(tenantId);
} }
@ -46,38 +46,30 @@ public class TenantListener {
@PreRemove @PreRemove
public void setTenantOnUpdate(TenantScoped entity) throws InvalidApplicationException { public void setTenantOnUpdate(TenantScoped entity) throws InvalidApplicationException {
if (tenantScope.isMultitenant()) { if (tenantScope.isMultitenant()) {
if (!entity.allowNullTenant()){ if (!tenantScope.isDefaultTenant()) {
if (!tenantScope.isDefaultTenant()) { if (entity.getTenantId() == null) {
if (entity.getTenantId() == null) { logger.error("somebody tried to set null tenant");
logger.error("somebody tried to set null tenant"); throw new MyForbiddenException("tenant tampering");
throw new MyForbiddenException("tenant tampering");
}
if (entity.getTenantId().compareTo(tenantScope.getTenant()) != 0) {
logger.error("somebody tried to change an entries tenant");
throw new MyForbiddenException("tenant tampering");
}
final UUID tenantId = tenantScope.getTenant();
entity.setTenantId(tenantId);
} else {
if (entity.getTenantId() != null) {
logger.error("somebody tried to set null tenant");
throw new MyForbiddenException("tenant tampering");
}
} }
} else { if (entity.getTenantId().compareTo(tenantScope.getTenant()) != 0) {
if (entity.getTenantId() != null && (!this.tenantScope.isDefaultTenant() ||entity.getTenantId().compareTo(tenantScope.getTenant()) != 0)) {
logger.error("somebody tried to change an entries tenant"); logger.error("somebody tried to change an entries tenant");
throw new MyForbiddenException("tenant tampering"); throw new MyForbiddenException("tenant tampering");
} }
final UUID tenantId = tenantScope.getTenant();
entity.setTenantId(tenantId);
} else {
if (entity.getTenantId() != null) {
logger.error("somebody tried to set null tenant");
throw new MyForbiddenException("tenant tampering");
}
} }
} else { } else {
if (entity.getTenantId() != null) { if (entity.getTenantId() != null && (!this.tenantScope.isDefaultTenant() ||entity.getTenantId().compareTo(tenantScope.getTenant()) != 0)) {
logger.error("somebody tried to set non null tenant"); logger.error("somebody tried to change an entries tenant");
throw new MyForbiddenException("tenant tampering"); throw new MyForbiddenException("tenant tampering");
} }
} }
} }
} }

View File

@ -74,7 +74,6 @@ public class LanguageServiceImpl implements LanguageService {
LanguageEntity data; LanguageEntity data;
if (isUpdate) { if (isUpdate) {
((org.hibernate.Session) entityManager).setHibernateFlushMode(FlushMode.MANUAL);
data = this.entityManager.find(LanguageEntity.class, model.getId()); data = this.entityManager.find(LanguageEntity.class, model.getId());
if (data == null) if (data == null)
throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), Language.class.getSimpleName()}, LocaleContextHolder.getLocale())); throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), Language.class.getSimpleName()}, LocaleContextHolder.getLocale()));
@ -90,11 +89,10 @@ public class LanguageServiceImpl implements LanguageService {
data.setPayload(model.getPayload() != null && !model.getPayload().isEmpty() ? model.getPayload() : null); data.setPayload(model.getPayload() != null && !model.getPayload().isEmpty() ? model.getPayload() : null);
data.setOrdinal(model.getOrdinal()); data.setOrdinal(model.getOrdinal());
data.setUpdatedAt(Instant.now()); data.setUpdatedAt(Instant.now());
data.setIsActive(IsActive.Inactive); if (isUpdate) this.entityManager.merge(data);
// if (isUpdate) this.entityManager.merge(data); else this.entityManager.persist(data);
// else this.entityManager.persist(data);
// this.entityManager.flush();
// this.entityManager.flush();
return this.builderFactory.builder(LanguageBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Language._id), data); return this.builderFactory.builder(LanguageBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Language._id), data);
} }

View File

@ -1,6 +1,7 @@
package eu.eudat.controllers; package eu.eudat.controllers;
import eu.eudat.audit.AuditableAction; import eu.eudat.audit.AuditableAction;
import eu.eudat.authorization.ClaimNames;
import eu.eudat.commons.scope.tenant.TenantScope; import eu.eudat.commons.scope.tenant.TenantScope;
import eu.eudat.models.Account; import eu.eudat.models.Account;
import eu.eudat.models.AccountBuilder; import eu.eudat.models.AccountBuilder;
@ -83,7 +84,7 @@ public class PrincipalController {
logger.debug("my-tenants"); logger.debug("my-tenants");
MyPrincipal principal = this.currentPrincipalResolver.currentPrincipal(); MyPrincipal principal = this.currentPrincipalResolver.currentPrincipal();
List<String> tenants = this.claimExtractor.asStrings(principal, TenantScope.TenantCodesClaimName); List<String> tenants = this.claimExtractor.asStrings(principal, ClaimNames.TenantCodesClaimName);
this.auditService.track(AuditableAction.Principal_MyTenants); this.auditService.track(AuditableAction.Principal_MyTenants);
//auditService.trackIdentity(AuditableAction.IdentityTracking_Action); //auditService.trackIdentity(AuditableAction.IdentityTracking_Action);

View File

@ -1,15 +1,20 @@
package eu.eudat.interceptors.tenant; package eu.eudat.interceptors.tenant;
import eu.eudat.authorization.AuthorizationProperties;
import eu.eudat.authorization.ClaimNames;
import eu.eudat.authorization.Permission; import eu.eudat.authorization.Permission;
import eu.eudat.commons.enums.IsActive; import eu.eudat.commons.enums.IsActive;
import eu.eudat.commons.lock.LockByKeyManager; import eu.eudat.commons.lock.LockByKeyManager;
import eu.eudat.commons.scope.tenant.TenantScope; import eu.eudat.commons.scope.tenant.TenantScope;
import eu.eudat.commons.scope.user.UserScope; import eu.eudat.commons.scope.user.UserScope;
import eu.eudat.convention.ConventionService;
import eu.eudat.data.TenantUserEntity; import eu.eudat.data.TenantUserEntity;
import eu.eudat.data.UserEntity; import eu.eudat.data.UserEntity;
import eu.eudat.data.UserRoleEntity;
import eu.eudat.data.tenant.TenantScopedBaseEntity; import eu.eudat.data.tenant.TenantScopedBaseEntity;
import eu.eudat.errorcode.ErrorThesaurusProperties; import eu.eudat.errorcode.ErrorThesaurusProperties;
import eu.eudat.integrationevent.outbox.usertouched.UserTouchedIntegrationEventHandler;
import eu.eudat.query.utils.BuildSubQueryInput; import eu.eudat.query.utils.BuildSubQueryInput;
import eu.eudat.query.utils.QueryUtilsService; import eu.eudat.query.utils.QueryUtilsService;
import gr.cite.commons.web.authz.service.AuthorizationService; import gr.cite.commons.web.authz.service.AuthorizationService;
@ -19,7 +24,6 @@ import gr.cite.tools.exception.MyForbiddenException;
import gr.cite.tools.logging.LoggerService; import gr.cite.tools.logging.LoggerService;
import jakarta.persistence.EntityManager; import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext; import jakarta.persistence.PersistenceContext;
import jakarta.persistence.Tuple;
import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.CriteriaBuilder;
import jakarta.persistence.criteria.CriteriaQuery; import jakarta.persistence.criteria.CriteriaQuery;
import jakarta.persistence.criteria.Root; import jakarta.persistence.criteria.Root;
@ -41,6 +45,7 @@ import org.springframework.web.context.request.WebRequestInterceptor;
import javax.management.InvalidApplicationException; import javax.management.InvalidApplicationException;
import java.time.Instant; import java.time.Instant;
import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Locale; import java.util.Locale;
import java.util.UUID; import java.util.UUID;
@ -61,6 +66,9 @@ public class TenantInterceptor implements WebRequestInterceptor {
private final ErrorThesaurusProperties errors; private final ErrorThesaurusProperties errors;
private final QueryUtilsService queryUtilsService; private final QueryUtilsService queryUtilsService;
private final LockByKeyManager lockByKeyManager; private final LockByKeyManager lockByKeyManager;
private final ConventionService conventionService;
private final UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler;
private final AuthorizationProperties authorizationProperties;
@PersistenceContext @PersistenceContext
public EntityManager entityManager; public EntityManager entityManager;
@ -74,7 +82,7 @@ public class TenantInterceptor implements WebRequestInterceptor {
TenantScopeProperties tenantScopeProperties, TenantScopeProperties tenantScopeProperties,
UserAllowedTenantCacheService userAllowedTenantCacheService, UserAllowedTenantCacheService userAllowedTenantCacheService,
PlatformTransactionManager transactionManager, PlatformTransactionManager transactionManager,
ErrorThesaurusProperties errors, QueryUtilsService queryUtilsService, LockByKeyManager lockByKeyManager) { ErrorThesaurusProperties errors, QueryUtilsService queryUtilsService, LockByKeyManager lockByKeyManager, ConventionService conventionService, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler, AuthorizationProperties authorizationProperties) {
this.tenantScope = tenantScope; this.tenantScope = tenantScope;
this.userScope = userScope; this.userScope = userScope;
this.currentPrincipalResolver = currentPrincipalResolver; this.currentPrincipalResolver = currentPrincipalResolver;
@ -86,6 +94,9 @@ public class TenantInterceptor implements WebRequestInterceptor {
this.errors = errors; this.errors = errors;
this.queryUtilsService = queryUtilsService; this.queryUtilsService = queryUtilsService;
this.lockByKeyManager = lockByKeyManager; this.lockByKeyManager = lockByKeyManager;
this.conventionService = conventionService;
this.userTouchedIntegrationEventHandler = userTouchedIntegrationEventHandler;
this.authorizationProperties = authorizationProperties;
} }
@Override @Override
@ -95,7 +106,7 @@ public class TenantInterceptor implements WebRequestInterceptor {
boolean isAllowedNoTenant = this.applicationContext.getBean(AuthorizationService.class).authorize(Permission.AllowNoTenant); boolean isAllowedNoTenant = this.applicationContext.getBean(AuthorizationService.class).authorize(Permission.AllowNoTenant);
if (tenantScope.isSet() && this.entityManager != null) { if (tenantScope.isSet() && this.entityManager != null) {
List<String> currentPrincipalTenantCodes = this.claimExtractor.asStrings(this.currentPrincipalResolver.currentPrincipal(), TenantScope.TenantCodesClaimName); List<String> currentPrincipalTenantCodes = this.claimExtractor.asStrings(this.currentPrincipalResolver.currentPrincipal(), ClaimNames.TenantCodesClaimName);
if ((currentPrincipalTenantCodes == null || !currentPrincipalTenantCodes.contains(tenantScope.getTenantCode())) && !isAllowedNoTenant) { if ((currentPrincipalTenantCodes == null || !currentPrincipalTenantCodes.contains(tenantScope.getTenantCode())) && !isAllowedNoTenant) {
logger.warn("tenant not allowed {}", this.tenantScope.getTenant()); logger.warn("tenant not allowed {}", this.tenantScope.getTenant());
throw new MyForbiddenException(this.errors.getTenantNotAllowed().getCode(), this.errors.getTenantNotAllowed().getMessage()); throw new MyForbiddenException(this.errors.getTenantNotAllowed().getCode(), this.errors.getTenantNotAllowed().getMessage());
@ -133,6 +144,8 @@ public class TenantInterceptor implements WebRequestInterceptor {
throw new MyForbiddenException(this.errors.getTenantNotAllowed().getCode(), this.errors.getTenantNotAllowed().getMessage()); throw new MyForbiddenException(this.errors.getTenantNotAllowed().getCode(), this.errors.getTenantNotAllowed().getMessage());
} }
} }
this.syncUserWithClaims();
} else { } else {
if (!isAllowedNoTenant) { if (!isAllowedNoTenant) {
if (!this.isWhiteListedEndpoint(request)) { if (!this.isWhiteListedEndpoint(request)) {
@ -163,7 +176,7 @@ public class TenantInterceptor implements WebRequestInterceptor {
if (this.tenantScopeProperties.getAutoCreateTenantUser()) usedResource = this.lockByKeyManager.tryLock(lockId, 5000, TimeUnit.MILLISECONDS); if (this.tenantScopeProperties.getAutoCreateTenantUser()) usedResource = this.lockByKeyManager.tryLock(lockId, 5000, TimeUnit.MILLISECONDS);
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder(); CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
CriteriaQuery<Tuple> query = criteriaBuilder.createQuery(Tuple.class); CriteriaQuery<UserEntity> query = criteriaBuilder.createQuery(UserEntity.class);
Root<UserEntity> root = query.from(UserEntity.class); Root<UserEntity> root = query.from(UserEntity.class);
query.where(criteriaBuilder.and( query.where(criteriaBuilder.and(
criteriaBuilder.equal(root.get(UserEntity._isActive), IsActive.Active), criteriaBuilder.equal(root.get(UserEntity._isActive), IsActive.Active),
@ -188,7 +201,7 @@ public class TenantInterceptor implements WebRequestInterceptor {
) )
)); ));
query.multiselect(root.get(UserEntity._id).alias(UserEntity._id)); query.multiselect(root.get(UserEntity._id).alias(UserEntity._id));
List<Tuple> results = this.entityManager.createQuery(query).getResultList(); List<UserEntity> results = this.entityManager.createQuery(query).getResultList();
if (results.isEmpty() && this.tenantScopeProperties.getAutoCreateTenantUser()) { if (results.isEmpty() && this.tenantScopeProperties.getAutoCreateTenantUser()) {
return this.createTenantUser(); return this.createTenantUser();
} else { } else {
@ -210,7 +223,6 @@ public class TenantInterceptor implements WebRequestInterceptor {
user.setIsActive(IsActive.Active); user.setIsActive(IsActive.Active);
user.setTenantId(this.tenantScope.getTenant()); user.setTenantId(this.tenantScope.getTenant());
user.setUserId(userScope.getUserId()); user.setUserId(userScope.getUserId());
DefaultTransactionDefinition definition = new DefaultTransactionDefinition(); DefaultTransactionDefinition definition = new DefaultTransactionDefinition();
@ -227,9 +239,122 @@ public class TenantInterceptor implements WebRequestInterceptor {
if (status != null) transactionManager.rollback(status); if (status != null) transactionManager.rollback(status);
throw ex; throw ex;
} }
this.userTouchedIntegrationEventHandler.handle(this.userScope.getUserId());
return true; return true;
} }
private void syncUserWithClaims() throws InvalidApplicationException, InterruptedException {
boolean usedResource = false;
String lockId = userScope.getUserId().toString().toLowerCase(Locale.ROOT);
boolean hasChanges = false;
try {
usedResource = this.lockByKeyManager.tryLock(lockId, 5000, TimeUnit.MILLISECONDS);
DefaultTransactionDefinition definition = new DefaultTransactionDefinition();
definition.setName(UUID.randomUUID().toString());
definition.setIsolationLevel(TransactionDefinition.ISOLATION_READ_COMMITTED);
definition.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRED);
TransactionStatus status = null;
try {
status = transactionManager.getTransaction(definition);
List<String> existingUserRoles = this.collectUserRoles();
if (!this.userRolesSynced(existingUserRoles)) {
this.syncRoles();
hasChanges = true;
}
this.entityManager.flush();
transactionManager.commit(status);
} catch (Exception ex) {
if (status != null) transactionManager.rollback(status);
throw ex;
}
} finally {
if (usedResource) this.lockByKeyManager.unlock(lockId);
}
if (hasChanges){
this.userTouchedIntegrationEventHandler.handle(this.userScope.getUserId());
}
}
private List<String> getRolesFromClaims() {
List<String> claimsRoles = this.claimExtractor.asStrings(currentPrincipalResolver.currentPrincipal(), ClaimNames.TenantRolesClaimName);
if (claimsRoles == null) claimsRoles = new ArrayList<>();
claimsRoles = claimsRoles.stream().filter(x -> x != null && !x.isBlank() && (this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedTenantRoles()) || this.authorizationProperties.getAllowedTenantRoles().contains(x))).distinct().toList();
return claimsRoles;
}
private List<String> collectUserRoles() throws InvalidApplicationException {
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
CriteriaQuery<UserRoleEntity> query = criteriaBuilder.createQuery(UserRoleEntity.class);
Root<UserRoleEntity> root = query.from(UserRoleEntity.class);
CriteriaBuilder.In<String> inRolesClause = criteriaBuilder.in(root.get(UserRoleEntity._role));
for (String item : this.authorizationProperties.getAllowedTenantRoles()) inRolesClause.value(item);
query.where(criteriaBuilder.and(
criteriaBuilder.equal(root.get(UserRoleEntity._userId), userScope.getUserId()),
this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedTenantRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause,
this.tenantScope.isDefaultTenant() ? criteriaBuilder.isNull(root.get(UserRoleEntity._tenantId)) : criteriaBuilder.equal(root.get(UserRoleEntity._tenantId), this.tenantScope.getTenant())
)).multiselect(root.get(UserRoleEntity._role).alias(UserRoleEntity._role));
List<UserRoleEntity> results = this.entityManager.createQuery(query).getResultList();
return results.stream().map(UserRoleEntity::getRole).toList();
}
private boolean userRolesSynced(List<String> existingUserRoles) {
List<String> claimsRoles = this.getRolesFromClaims();
if (existingUserRoles == null) existingUserRoles = new ArrayList<>();
existingUserRoles = existingUserRoles.stream().filter(x -> x != null && !x.isBlank()).distinct().toList();
if (claimsRoles.size() != existingUserRoles.size()) return false;
for (String claim : claimsRoles) {
if (existingUserRoles.stream().noneMatch(claim::equalsIgnoreCase)) return false;
}
return true;
}
private void syncRoles() throws InvalidApplicationException {
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
CriteriaQuery<UserRoleEntity> query = criteriaBuilder.createQuery(UserRoleEntity.class);
Root<UserRoleEntity> root = query.from(UserRoleEntity.class);
CriteriaBuilder.In<String> inRolesClause = criteriaBuilder.in(root.get(UserRoleEntity._role));
for (String item : this.authorizationProperties.getAllowedTenantRoles()) inRolesClause.value(item);
query.where(criteriaBuilder.and(
criteriaBuilder.equal(root.get(UserRoleEntity._userId), userScope.getUserId()),
this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedTenantRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause,
this.tenantScope.isDefaultTenant() ? criteriaBuilder.isNull(root.get(UserRoleEntity._tenantId)) : criteriaBuilder.equal(root.get(UserRoleEntity._tenantId), this.tenantScope.getTenant())
));
List<UserRoleEntity> existingUserRoles = this.entityManager.createQuery(query).getResultList();
List<UUID> foundRoles = new ArrayList<>();
for (String claimRole : this.getRolesFromClaims()) {
UserRoleEntity roleEntity = existingUserRoles.stream().filter(x -> x.getRole().equals(claimRole)).findFirst().orElse(null);
if (roleEntity == null) {
roleEntity = this.buildRole(claimRole);
this.entityManager.persist(roleEntity);
}
foundRoles.add(roleEntity.getId());
}
for (UserRoleEntity existing : existingUserRoles) {
if (!foundRoles.contains(existing.getId())) {
this.entityManager.remove(existing);
}
}
}
private UserRoleEntity buildRole(String role) throws InvalidApplicationException {
UserRoleEntity data = new UserRoleEntity();
data.setId(UUID.randomUUID());
data.setUserId( userScope.getUserId());
data.setRole(role);
if (this.tenantScope.isDefaultTenant()) data.setTenantId(this.tenantScope.getTenant());
data.setCreatedAt(Instant.now());
return data;
}
@Override @Override
public void postHandle(@NonNull WebRequest request, ModelMap model) { public void postHandle(@NonNull WebRequest request, ModelMap model) {
this.tenantScope.setTenant(null, null); this.tenantScope.setTenant(null, null);

View File

@ -1,10 +1,12 @@
package eu.eudat.interceptors.tenant; package eu.eudat.interceptors.tenant;
import eu.eudat.authorization.ClaimNames;
import eu.eudat.commons.enums.IsActive; import eu.eudat.commons.enums.IsActive;
import eu.eudat.commons.scope.tenant.TenantScope; import eu.eudat.commons.scope.tenant.TenantScope;
import eu.eudat.convention.ConventionService; import eu.eudat.convention.ConventionService;
import eu.eudat.data.TenantEntity; import eu.eudat.data.TenantEntity;
import eu.eudat.data.UserEntity;
import eu.eudat.errorcode.ErrorThesaurusProperties; import eu.eudat.errorcode.ErrorThesaurusProperties;
import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver; import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver;
import gr.cite.commons.web.oidc.principal.MyPrincipal; import gr.cite.commons.web.oidc.principal.MyPrincipal;
@ -68,7 +70,7 @@ public class TenantScopeClaimInterceptor implements WebRequestInterceptor {
this.claimExtractorContext = claimExtractorContext; this.claimExtractorContext = claimExtractorContext;
this.tenantByCodeCacheService = tenantByCodeCacheService; this.tenantByCodeCacheService = tenantByCodeCacheService;
this.tenantByIdCacheService = tenantByIdCacheService; this.tenantByIdCacheService = tenantByIdCacheService;
this.clientTenantClaimName = this.tenantScopeProperties.getClientClaimsPrefix() + TenantScope.TenantClaimName; this.clientTenantClaimName = this.tenantScopeProperties.getClientClaimsPrefix() + ClaimNames.TenantClaimName;
} }
@Override @Override
@ -140,7 +142,7 @@ public class TenantScopeClaimInterceptor implements WebRequestInterceptor {
private UUID getTenantIdFromDatabase(String tenantCode) { private UUID getTenantIdFromDatabase(String tenantCode) {
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder(); CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
CriteriaQuery<Tuple> query = criteriaBuilder.createQuery(Tuple.class); CriteriaQuery<UserEntity> query = criteriaBuilder.createQuery(UserEntity.class);
Root<TenantEntity> root = query.from(TenantEntity.class); Root<TenantEntity> root = query.from(TenantEntity.class);
query = query.where( query = query.where(
criteriaBuilder.and( criteriaBuilder.and(
@ -148,27 +150,16 @@ public class TenantScopeClaimInterceptor implements WebRequestInterceptor {
criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active) criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active)
) )
).multiselect(root.get(TenantEntity._id).alias(TenantEntity._id)); ).multiselect(root.get(TenantEntity._id).alias(TenantEntity._id));
List<Tuple> results = this.entityManager.createQuery(query).getResultList(); List<UserEntity> results = this.entityManager.createQuery(query).getResultList();
if (results.size() == 1) { if (results.size() == 1) {
Object o; return results.getFirst().getId();
try {
o = results.getFirst().get(TenantEntity._id);
} catch (IllegalArgumentException e) {
return null;
}
if (o == null) return null;
try {
return (UUID) o;
} catch (ClassCastException e) {
return null;
}
} }
return null; return null;
} }
private String getTenantCodeFromDatabase(UUID tenantId) { private String getTenantCodeFromDatabase(UUID tenantId) {
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder(); CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
CriteriaQuery<Tuple> query = criteriaBuilder.createQuery(Tuple.class); CriteriaQuery<TenantEntity> query = criteriaBuilder.createQuery(TenantEntity.class);
Root<TenantEntity> root = query.from(TenantEntity.class); Root<TenantEntity> root = query.from(TenantEntity.class);
query = query.where( query = query.where(
criteriaBuilder.and( criteriaBuilder.and(
@ -176,20 +167,9 @@ public class TenantScopeClaimInterceptor implements WebRequestInterceptor {
criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active) criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active)
) )
).multiselect(root.get(TenantEntity._code).alias(TenantEntity._code)); ).multiselect(root.get(TenantEntity._code).alias(TenantEntity._code));
List<Tuple> results = this.entityManager.createQuery(query).getResultList(); List<TenantEntity> results = this.entityManager.createQuery(query).getResultList();
if (results.size() == 1) { if (results.size() == 1) {
Object o; return results.getFirst().getCode();
try {
o = results.getFirst().get(TenantEntity._code);
} catch (IllegalArgumentException e) {
return null;
}
if (o == null) return null;
try {
return (String) o;
} catch (ClassCastException e) {
return null;
}
} }
return null; return null;
} }

View File

@ -1,6 +1,7 @@
package eu.eudat.interceptors.tenant; package eu.eudat.interceptors.tenant;
import eu.eudat.authorization.ClaimNames;
import eu.eudat.commons.enums.IsActive; import eu.eudat.commons.enums.IsActive;
import eu.eudat.commons.scope.tenant.TenantScope; import eu.eudat.commons.scope.tenant.TenantScope;
import eu.eudat.convention.ConventionService; import eu.eudat.convention.ConventionService;
@ -60,7 +61,7 @@ public class TenantScopeHeaderInterceptor implements WebRequestInterceptor {
if (!this.currentPrincipalResolver.currentPrincipal().isAuthenticated()) return; if (!this.currentPrincipalResolver.currentPrincipal().isAuthenticated()) return;
if (!this.tenantScope.isMultitenant()) return; if (!this.tenantScope.isMultitenant()) return;
String tenantCode = request.getHeader(TenantScope.TenantClaimName); String tenantCode = request.getHeader(ClaimNames.TenantClaimName);
logger.debug("retrieved request tenant header is: {}", tenantCode); logger.debug("retrieved request tenant header is: {}", tenantCode);
if (tenantCode == null || this.conventionService.isNullOrEmpty(tenantCode)) return; if (tenantCode == null || this.conventionService.isNullOrEmpty(tenantCode)) return;
@ -101,7 +102,7 @@ public class TenantScopeHeaderInterceptor implements WebRequestInterceptor {
private UUID getTenantIdFromDatabase(String tenantCode) { private UUID getTenantIdFromDatabase(String tenantCode) {
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder(); CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
CriteriaQuery<Tuple> query = criteriaBuilder.createQuery(Tuple.class); CriteriaQuery<TenantEntity> query = criteriaBuilder.createQuery(TenantEntity.class);
Root<TenantEntity> root = query.from(TenantEntity.class); Root<TenantEntity> root = query.from(TenantEntity.class);
query = query.where( query = query.where(
criteriaBuilder.and( criteriaBuilder.and(
@ -109,27 +110,16 @@ public class TenantScopeHeaderInterceptor implements WebRequestInterceptor {
criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active) criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active)
) )
).multiselect(root.get(TenantEntity._id).alias(TenantEntity._id)); ).multiselect(root.get(TenantEntity._id).alias(TenantEntity._id));
List<Tuple> results = this.entityManager.createQuery(query).getResultList(); List<TenantEntity> results = this.entityManager.createQuery(query).getResultList();
if (results.size() == 1) { if (results.size() == 1) {
Object o; return results.getFirst().getId();
try {
o = results.getFirst().get(TenantEntity._id);
} catch (IllegalArgumentException e) {
return null;
}
if (o == null) return null;
try {
return (UUID) o;
} catch (ClassCastException e) {
return null;
}
} }
return null; return null;
} }
private String getTenantCodeFromDatabase(UUID tenantId) { private String getTenantCodeFromDatabase(UUID tenantId) {
CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder(); CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
CriteriaQuery<Tuple> query = criteriaBuilder.createQuery(Tuple.class); CriteriaQuery<TenantEntity> query = criteriaBuilder.createQuery(TenantEntity.class);
Root<TenantEntity> root = query.from(TenantEntity.class); Root<TenantEntity> root = query.from(TenantEntity.class);
query = query.where( query = query.where(
criteriaBuilder.and( criteriaBuilder.and(
@ -137,20 +127,9 @@ public class TenantScopeHeaderInterceptor implements WebRequestInterceptor {
criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active) criteriaBuilder.equal(root.get(TenantEntity._isActive), IsActive.Active)
) )
).multiselect(root.get(TenantEntity._code).alias(TenantEntity._code)); ).multiselect(root.get(TenantEntity._code).alias(TenantEntity._code));
List<Tuple> results = this.entityManager.createQuery(query).getResultList(); List<TenantEntity> results = this.entityManager.createQuery(query).getResultList();
if (results.size() == 1) { if (results.size() == 1) {
Object o; return results.getFirst().getCode();
try {
o = results.getFirst().get(TenantEntity._code);
} catch (IllegalArgumentException e) {
return null;
}
if (o == null) return null;
try {
return (String) o;
} catch (ClassCastException e) {
return null;
}
} }
return null; return null;
} }

View File

@ -1,6 +1,7 @@
package eu.eudat.interceptors.user; package eu.eudat.interceptors.user;
import eu.eudat.authorization.AuthorizationProperties;
import eu.eudat.authorization.ClaimNames; import eu.eudat.authorization.ClaimNames;
import eu.eudat.commons.JsonHandlingService; import eu.eudat.commons.JsonHandlingService;
import eu.eudat.commons.enums.ContactInfoType; import eu.eudat.commons.enums.ContactInfoType;
@ -10,17 +11,13 @@ import eu.eudat.commons.scope.user.UserScope;
import eu.eudat.commons.types.user.AdditionalInfoEntity; import eu.eudat.commons.types.user.AdditionalInfoEntity;
import eu.eudat.commons.types.usercredential.UserCredentialDataEntity; import eu.eudat.commons.types.usercredential.UserCredentialDataEntity;
import eu.eudat.commons.locale.LocaleProperties; import eu.eudat.commons.locale.LocaleProperties;
import eu.eudat.data.UserContactInfoEntity; import eu.eudat.convention.ConventionService;
import eu.eudat.data.UserCredentialEntity; import eu.eudat.data.*;
import eu.eudat.data.UserEntity;
import eu.eudat.data.UserRoleEntity;
import eu.eudat.integrationevent.outbox.usertouched.UserTouchedIntegrationEventHandler; import eu.eudat.integrationevent.outbox.usertouched.UserTouchedIntegrationEventHandler;
import eu.eudat.model.UserContactInfo; import eu.eudat.model.UserContactInfo;
import eu.eudat.model.UserCredential; import eu.eudat.model.UserCredential;
import eu.eudat.model.UserRole;
import eu.eudat.query.UserContactInfoQuery; import eu.eudat.query.UserContactInfoQuery;
import eu.eudat.query.UserCredentialQuery; import eu.eudat.query.UserCredentialQuery;
import eu.eudat.query.UserRoleQuery;
import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver; import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver;
import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractor; import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractor;
import gr.cite.tools.data.query.QueryFactory; import gr.cite.tools.data.query.QueryFactory;
@ -29,6 +26,10 @@ import gr.cite.tools.fieldset.BaseFieldSet;
import gr.cite.tools.logging.LoggerService; import gr.cite.tools.logging.LoggerService;
import jakarta.persistence.EntityManager; import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext; import jakarta.persistence.PersistenceContext;
import jakarta.persistence.Tuple;
import jakarta.persistence.criteria.CriteriaBuilder;
import jakarta.persistence.criteria.CriteriaQuery;
import jakarta.persistence.criteria.Root;
import org.apache.commons.validator.routines.EmailValidator; import org.apache.commons.validator.routines.EmailValidator;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -61,6 +62,8 @@ public class UserInterceptor implements WebRequestInterceptor {
private final LockByKeyManager lockByKeyManager; private final LockByKeyManager lockByKeyManager;
private final LocaleProperties localeProperties; private final LocaleProperties localeProperties;
private final UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler; private final UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler;
private final AuthorizationProperties authorizationProperties;
private final ConventionService conventionService;
@PersistenceContext @PersistenceContext
public EntityManager entityManager; public EntityManager entityManager;
@ -74,7 +77,7 @@ public class UserInterceptor implements WebRequestInterceptor {
JsonHandlingService jsonHandlingService, JsonHandlingService jsonHandlingService,
QueryFactory queryFactory, QueryFactory queryFactory,
LockByKeyManager lockByKeyManager, LockByKeyManager lockByKeyManager,
LocaleProperties localeProperties, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler) { LocaleProperties localeProperties, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler, AuthorizationProperties authorizationProperties, ConventionService conventionService) {
this.userScope = userScope; this.userScope = userScope;
this.currentPrincipalResolver = currentPrincipalResolver; this.currentPrincipalResolver = currentPrincipalResolver;
this.claimExtractor = claimExtractor; this.claimExtractor = claimExtractor;
@ -85,6 +88,8 @@ public class UserInterceptor implements WebRequestInterceptor {
this.lockByKeyManager = lockByKeyManager; this.lockByKeyManager = lockByKeyManager;
this.localeProperties = localeProperties; this.localeProperties = localeProperties;
this.userTouchedIntegrationEventHandler = userTouchedIntegrationEventHandler; this.userTouchedIntegrationEventHandler = userTouchedIntegrationEventHandler;
this.authorizationProperties = authorizationProperties;
this.conventionService = conventionService;
} }
@Override @Override
@ -230,14 +235,27 @@ public class UserInterceptor implements WebRequestInterceptor {
} }
private List<String> getRolesFromClaims() { private List<String> getRolesFromClaims() {
List<String> claimsRoles = claimExtractor.roles(currentPrincipalResolver.currentPrincipal()); List<String> claimsRoles = this.claimExtractor.asStrings(currentPrincipalResolver.currentPrincipal(), ClaimNames.GlobalRolesClaimName);
if (claimsRoles == null) claimsRoles = new ArrayList<>(); if (claimsRoles == null) claimsRoles = new ArrayList<>();
claimsRoles = claimsRoles.stream().filter(x -> x != null && !x.isBlank() && (this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedGlobalRoles()) || this.authorizationProperties.getAllowedGlobalRoles().contains(x))).distinct().toList();
claimsRoles = claimsRoles.stream().filter(x -> x != null && !x.isBlank()).distinct().toList(); claimsRoles = claimsRoles.stream().filter(x -> x != null && !x.isBlank()).distinct().toList();
return claimsRoles; return claimsRoles;
} }
private void syncRoles(UUID userId) { private void syncRoles(UUID userId) {
List<UserRoleEntity> existingUserRoles = this.queryFactory.query(UserRoleQuery.class).userIds(userId).collect(); CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
CriteriaQuery<UserRoleEntity> query = criteriaBuilder.createQuery(UserRoleEntity.class);
Root<UserRoleEntity> root = query.from(UserRoleEntity.class);
CriteriaBuilder.In<String> inRolesClause = criteriaBuilder.in(root.get(UserRoleEntity._role));
for (String item : this.authorizationProperties.getAllowedGlobalRoles()) inRolesClause.value(item);
query.where(criteriaBuilder.and(
criteriaBuilder.equal(root.get(UserRoleEntity._userId), userId),
this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedGlobalRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause,
criteriaBuilder.isNull(root.get(UserRoleEntity._tenantId))
));
List<UserRoleEntity> existingUserRoles = this.entityManager.createQuery(query).getResultList();
List<UUID> foundRoles = new ArrayList<>(); List<UUID> foundRoles = new ArrayList<>();
for (String claimRole : this.getRolesFromClaims()) { for (String claimRole : this.getRolesFromClaims()) {
UserRoleEntity roleEntity = existingUserRoles.stream().filter(x -> x.getRole().equals(claimRole)).findFirst().orElse(null); UserRoleEntity roleEntity = existingUserRoles.stream().filter(x -> x.getRole().equals(claimRole)).findFirst().orElse(null);
@ -255,8 +273,21 @@ public class UserInterceptor implements WebRequestInterceptor {
} }
private List<String> collectUserRoles(UUID userId) { private List<String> collectUserRoles(UUID userId) {
List<UserRoleEntity> items = this.queryFactory.query(UserRoleQuery.class).userIds(userId).collectAs(new BaseFieldSet().ensure(UserRole._role)); CriteriaBuilder criteriaBuilder = this.entityManager.getCriteriaBuilder();
return items == null ? new ArrayList<>() : items.stream().map(UserRoleEntity::getRole).toList(); CriteriaQuery<UserRoleEntity> query = criteriaBuilder.createQuery(UserRoleEntity.class);
Root<UserRoleEntity> root = query.from(UserRoleEntity.class);
CriteriaBuilder.In<String> inRolesClause = criteriaBuilder.in(root.get(UserRoleEntity._role));
for (String item : this.authorizationProperties.getAllowedGlobalRoles()) inRolesClause.value(item);
query.where(criteriaBuilder.and(
criteriaBuilder.equal(root.get(UserRoleEntity._userId), userId),
this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedGlobalRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause,
criteriaBuilder.isNull(root.get(UserRoleEntity._tenantId))
)).multiselect(root.get(UserRoleEntity._role).alias(UserRoleEntity._role));
List<UserRoleEntity> results = this.entityManager.createQuery(query).getResultList();
return results.stream().map(UserRoleEntity::getRole).toList();
} }
private List<String> collectUserEmails(UUID userId) { private List<String> collectUserEmails(UUID userId) {

View File

@ -31,6 +31,7 @@ spring:
optional:classpath:config/public-api.yml[.yml], optional:classpath:config/public-api-${spring.profiles.active}.yml[.yml], optional:file:../config/public-api-${spring.profiles.active}.yml[.yml], optional:classpath:config/public-api.yml[.yml], optional:classpath:config/public-api-${spring.profiles.active}.yml[.yml], optional:file:../config/public-api-${spring.profiles.active}.yml[.yml],
optional:classpath:config/dashboard.yml[.yml], optional:classpath:config/dashboard-${spring.profiles.active}.yml[.yml], optional:file:../config/dashboard-${spring.profiles.active}.yml[.yml], optional:classpath:config/dashboard.yml[.yml], optional:classpath:config/dashboard-${spring.profiles.active}.yml[.yml], optional:file:../config/dashboard-${spring.profiles.active}.yml[.yml],
optional:classpath:config/transformer.yml[.yml], optional:classpath:config/transformer-${spring.profiles.active}.yml[.yml], optional:file:../config/transformer-${spring.profiles.active}.yml[.yml], optional:classpath:config/transformer.yml[.yml], optional:classpath:config/transformer-${spring.profiles.active}.yml[.yml], optional:file:../config/transformer-${spring.profiles.active}.yml[.yml],
optional:classpath:config/authorization.yml[.yml], optional:classpath:config/authorization-${spring.profiles.active}.yml[.yml], optional:file:../config/authorization-${spring.profiles.active}.yml[.yml],
optional:classpath:config/lock.yml[.yml], optional:classpath:config/lock-${spring.profiles.active}.yml[.yml], optional:file:../config/lock-${spring.profiles.active}.yml[.yml] optional:classpath:config/lock.yml[.yml], optional:classpath:config/lock-${spring.profiles.active}.yml[.yml], optional:file:../config/lock-${spring.profiles.active}.yml[.yml]

View File

@ -0,0 +1,9 @@
authorization:
allowedTenantRoles:
- TenantAdmin
- TenantUser
- TenantManager
- TenantDescriptionTemplateEditor
allowedGlobalRoles:
- Admin
- User

View File

@ -24,6 +24,14 @@ idpclient:
filterBy: "(.*):::TenantCode::" filterBy: "(.*):::TenantCode::"
extractByExpression: "(.*):(.*)" extractByExpression: "(.*):(.*)"
extractExpressionValue: "[[g1]]" extractExpressionValue: "[[g1]]"
GlobalRoles:
- type: resource_access
path: dmp_web.roles
TenantRoles:
- type: tenant_roles
filterBy: "(.*):::TenantCode::"
extractByExpression: "(.*):(.*)"
extractExpressionValue: "[[g1]]"
Scope: Scope:
- type: scope - type: scope
AccessToken: AccessToken:

View File

@ -15,13 +15,13 @@ permissions:
allowAuthenticated: true allowAuthenticated: true
###### ######
# public # Affiliation
DeferredAffiliation: DeferredAffiliation:
roles: roles:
- Admin - TenantAdmin
- User - TenantUser
- Manager - TenantManager
- DescriptionTemplateEditor - TenantDescriptionTemplateEditor
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
@ -76,6 +76,11 @@ permissions:
clients: [ ] clients: [ ]
allowAnonymous: true allowAnonymous: true
allowAuthenticated: true allowAuthenticated: true
BrowsePublicStatistics:
roles: [ ]
clients: [ ]
allowAnonymous: true
allowAuthenticated: true
# Elastic # Elastic
ManageElastic: ManageElastic:
roles: roles:
@ -87,13 +92,13 @@ permissions:
# Deposit # Deposit
BrowseDeposit: BrowseDeposit:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditDeposit: EditDeposit:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
@ -106,13 +111,13 @@ permissions:
allowAuthenticated: true allowAuthenticated: true
EditLanguage: EditLanguage:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteLanguage: DeleteLanguage:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -123,15 +128,10 @@ permissions:
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: true allowAuthenticated: true
BrowsePublicStatistics:
roles: [ ]
clients: [ ]
allowAnonymous: true
allowAuthenticated: true
# Description # Description
BrowseDescription: BrowseDescription:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -143,7 +143,7 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
EditDescription: EditDescription:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -153,7 +153,7 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
FinalizeDescription: FinalizeDescription:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -163,7 +163,7 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
DeleteDescription: DeleteDescription:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -174,7 +174,7 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
CloneDescription: CloneDescription:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -186,19 +186,19 @@ permissions:
# Tag # Tag
BrowseTag: BrowseTag:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditTag: EditTag:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteTag: DeleteTag:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -206,33 +206,33 @@ permissions:
# User # User
BrowseUser: BrowseUser:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditUser: EditUser:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteUser: DeleteUser:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
ExportUsers: ExportUsers:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
BrowseDmpAssociatedUser: BrowseDmpAssociatedUser:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -246,22 +246,22 @@ permissions:
# DescriptionTemplateType # DescriptionTemplateType
BrowseDescriptionTemplateType: BrowseDescriptionTemplateType:
roles: roles:
- Admin - TenantAdmin
- User - TenantUser
- Manager - TenantManager
- DescriptionTemplateEditor - TenantDescriptionTemplateEditor
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditDescriptionTemplateType: EditDescriptionTemplateType:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteDescriptionTemplateType: DeleteDescriptionTemplateType:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -275,14 +275,14 @@ permissions:
allowAuthenticated: true allowAuthenticated: true
EditStorageFile: EditStorageFile:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteStorageFile: DeleteStorageFile:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -290,56 +290,56 @@ permissions:
# DescriptionTemplate # DescriptionTemplate
BrowseDescriptionTemplate: BrowseDescriptionTemplate:
roles: roles:
- Admin - TenantAdmin
- DescriptionTemplateEditor - TenantUser
- Manager - TenantManager
- User - TenantDescriptionTemplateEditor
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditDescriptionTemplate: EditDescriptionTemplate:
roles: roles:
- Admin - TenantAdmin
- DescriptionTemplateEditor - TenantDescriptionTemplateEditor
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteDescriptionTemplate: DeleteDescriptionTemplate:
roles: roles:
- Admin - TenantAdmin
- DescriptionTemplateEditor - TenantDescriptionTemplateEditor
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
CloneDescriptionTemplate: CloneDescriptionTemplate:
roles: roles:
- Admin - TenantAdmin
- DescriptionTemplateEditor - TenantDescriptionTemplateEditor
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
CreateNewVersionDescriptionTemplate: CreateNewVersionDescriptionTemplate:
roles: roles:
- Admin - TenantAdmin
- DescriptionTemplateEditor - TenantDescriptionTemplateEditor
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
ImportDescriptionTemplate: ImportDescriptionTemplate:
roles: roles:
- Admin - TenantAdmin
- DescriptionTemplateEditor - TenantDescriptionTemplateEditor
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
ExportDescriptionTemplate: ExportDescriptionTemplate:
roles: roles:
- Admin - TenantAdmin
- DescriptionTemplateEditor - TenantDescriptionTemplateEditor
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -347,13 +347,13 @@ permissions:
# Dmp # Dmp
BrowseDmp: BrowseDmp:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditDmp: EditDmp:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -365,16 +365,16 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
NewDmp: NewDmp:
roles: roles:
- Admin - TenantAdmin
- User - TenantUser
- Manager - TenantManager
- DescriptionTemplateEditor - TenantDescriptionTemplateEditor
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteDmp: DeleteDmp:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -384,7 +384,7 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
DepositDmp: DepositDmp:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -394,7 +394,7 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
CloneDmp: CloneDmp:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -404,7 +404,7 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
ExportDmp: ExportDmp:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -414,7 +414,7 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
CreateNewVersionDmp: CreateNewVersionDmp:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -424,7 +424,7 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
FinalizeDmp: FinalizeDmp:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -434,7 +434,7 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
UndoFinalizeDmp: UndoFinalizeDmp:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -444,7 +444,7 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
AssignDmpUsers: AssignDmpUsers:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -454,7 +454,7 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
InviteDmpUsers: InviteDmpUsers:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -465,47 +465,47 @@ permissions:
# DmpBlueprint # DmpBlueprint
BrowseDmpBlueprint: BrowseDmpBlueprint:
roles: roles:
- Admin - TenantAdmin
- User - TenantUser
- Manager - TenantManager
- DescriptionTemplateEditor - TenantDescriptionTemplateEditor
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditDmpBlueprint: EditDmpBlueprint:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
CloneDmpBlueprint: CloneDmpBlueprint:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
CreateNewVersionDmpBlueprint: CreateNewVersionDmpBlueprint:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
ExportDmpBlueprint: ExportDmpBlueprint:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
ImportDmpBlueprint: ImportDmpBlueprint:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteDmpBlueprint: DeleteDmpBlueprint:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -513,48 +513,41 @@ permissions:
# EntityDoi # EntityDoi
BrowseEntityDoi: BrowseEntityDoi:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditEntityDoi: EditEntityDoi:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteEntityDoi: DeleteEntityDoi:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
# ViewPage Permissions
ViewDescriptionTemplateTypePage:
roles:
- Admin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
# Reference Permissions # Reference Permissions
BrowseReference: BrowseReference:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditReference: EditReference:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteReference: DeleteReference:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -563,19 +556,19 @@ permissions:
# DmpReference Permissions # DmpReference Permissions
BrowseDmpReference: BrowseDmpReference:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditDmpReference: EditDmpReference:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteDmpReference: DeleteDmpReference:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -584,19 +577,19 @@ permissions:
# DmpUser Permissions # DmpUser Permissions
BrowseDmpUser: BrowseDmpUser:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditDmpUser: EditDmpUser:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteDmpUser: DeleteDmpUser:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -607,20 +600,22 @@ permissions:
roles: roles:
- Admin - Admin
- User - User
- Manager - TenantAdmin
- DescriptionTemplateEditor - TenantUser
- TenantManager
- TenantDescriptionTemplateEditor
clients: [ ] clients: [ ]
allowAnonymous: yes allowAnonymous: yes
allowAuthenticated: yes allowAuthenticated: yes
EditSupportiveMaterial: EditSupportiveMaterial:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteSupportiveMaterial: DeleteSupportiveMaterial:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -629,22 +624,22 @@ permissions:
# ReferenceType Permissions # ReferenceType Permissions
BrowseReferenceType: BrowseReferenceType:
roles: roles:
- Admin - TenantAdmin
- User - TenantUser
- Manager - TenantManager
- DescriptionTemplateEditor - TenantDescriptionTemplateEditor
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditReferenceType: EditReferenceType:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteReferenceType: DeleteReferenceType:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -670,30 +665,26 @@ permissions:
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
AllowNoTenant:
roles:
- TenantManager
claims: [ ]
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
# TenantUser Permissions # TenantUser Permissions
BrowseTenantUser: BrowseTenantUser:
roles: roles:
- Admin - Admin
- TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditTenantUser: EditTenantUser:
roles: roles:
- Admin - Admin
- TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteTenantUser: DeleteTenantUser:
roles: roles:
- Admin - Admin
- TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -702,19 +693,19 @@ permissions:
# DmpDescriptionTemplate Permissions # DmpDescriptionTemplate Permissions
BrowseDmpDescriptionTemplate: BrowseDmpDescriptionTemplate:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditDmpDescriptionTemplate: EditDmpDescriptionTemplate:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteDmpDescriptionTemplate: DeleteDmpDescriptionTemplate:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -723,19 +714,19 @@ permissions:
# DescriptionReference Permissions # DescriptionReference Permissions
BrowseDescriptionReference: BrowseDescriptionReference:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditDescriptionReference: EditDescriptionReference:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteDescriptionReference: DeleteDescriptionReference:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -744,19 +735,19 @@ permissions:
# DescriptionReference Permissions # DescriptionReference Permissions
BrowseDescriptionTag: BrowseDescriptionTag:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditDescriptionTag: EditDescriptionTag:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteDescriptionTag: DeleteDescriptionTag:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -764,10 +755,10 @@ permissions:
# Prefilling # Prefilling
BrowsePrefilling: BrowsePrefilling:
roles: roles:
- Admin - TenantAdmin
- DescriptionTemplateEditor - TenantUser
- Manager - TenantManager
- User - TenantDescriptionTemplateEditor
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -776,16 +767,16 @@ permissions:
# Lock Permissions # Lock Permissions
BrowseLock: BrowseLock:
roles: roles:
- Admin - TenantAdmin
- DescriptionTemplateEditor - TenantUser
- Manager - TenantManager
- User - TenantDescriptionTemplateEditor
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditLock: EditLock:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -797,7 +788,7 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
DeleteLock: DeleteLock:
roles: roles:
- Admin - TenantAdmin
dmp: dmp:
roles: roles:
- Owner - Owner
@ -808,6 +799,7 @@ permissions:
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
# Contact Permissions # Contact Permissions
SendContactSupport: SendContactSupport:
roles: [] roles: []
@ -817,19 +809,19 @@ permissions:
# ActionConfirmation Permissions # ActionConfirmation Permissions
BrowseActionConfirmation: BrowseActionConfirmation:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditActionConfirmation: EditActionConfirmation:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteActionConfirmation: DeleteActionConfirmation:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -838,23 +830,148 @@ permissions:
# PrefillingSource Permissions # PrefillingSource Permissions
BrowsePrefillingSource: BrowsePrefillingSource:
roles: roles:
- Admin - TenantAdmin
- DescriptionTemplateEditor - TenantUser
- Manager - TenantManager
- User - TenantDescriptionTemplateEditor
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditPrefillingSource: EditPrefillingSource:
roles: roles:
- Admin - TenantAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeletePrefillingSource: DeletePrefillingSource:
roles: roles:
- Admin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
# ViewPage Permissions
ViewDescriptionTemplateTypePage:
roles:
- TenantAdmin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewMaintenancePage:
roles:
- Admin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewNotificationPage:
roles:
- TenantAdmin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewNotificationTemplatePage:
roles:
- TenantAdmin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewSupportiveMaterialPage:
roles:
- TenantAdmin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewLanguagePage:
roles:
- TenantAdmin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewUserPage:
roles:
- TenantAdmin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewTenantPage:
roles:
- Admin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewPrefillingSourcePage:
roles:
- TenantAdmin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewReferenceTypePage:
roles:
- TenantAdmin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewReferencePage:
roles:
- TenantAdmin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewEntityLockPage:
roles:
- TenantAdmin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewDescriptionTemplatePage:
roles:
- TenantAdmin
- TenantDescriptionTemplateEditor
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewDmpBlueprintPage:
roles:
- TenantAdmin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewPublicDescriptionPage:
roles: [ ]
clients: [ ]
allowAnonymous: true
allowAuthenticated: true
ViewPublicDmpPage:
roles: [ ]
clients: [ ]
allowAnonymous: true
allowAuthenticated: true
ViewMyDescriptionPage:
roles:
- TenantAdmin
- TenantUser
- TenantManager
- TenantDescriptionTemplateEditor
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewMyDmpPage:
roles:
- TenantAdmin
- TenantUser
- TenantManager
- TenantDescriptionTemplateEditor
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewHomePage:
roles: [ ]
clients: [ ]
allowAnonymous: true
allowAuthenticated: true
ViewMineInAppNotificationPage:
roles: [ ]
clients: [ ]
allowAnonymous: false
allowAuthenticated: true

View File

@ -30,6 +30,9 @@ const appRoutes: Routes = [
path: 'descriptions', path: 'descriptions',
loadChildren: () => import('./ui/description/description.module').then(m => m.DescriptionModule), loadChildren: () => import('./ui/description/description.module').then(m => m.DescriptionModule),
data: { data: {
authContext: {
permissions: [AppPermission.ViewMyDescriptionPage]
},
breadcrumb: true, breadcrumb: true,
title: 'GENERAL.TITLES.DESCRIPTIONS' title: 'GENERAL.TITLES.DESCRIPTIONS'
} }
@ -46,6 +49,9 @@ const appRoutes: Routes = [
path: 'plans', path: 'plans',
loadChildren: () => import('./ui/dmp/dmp.module').then(m => m.DmpModule), loadChildren: () => import('./ui/dmp/dmp.module').then(m => m.DmpModule),
data: { data: {
authContext: {
permissions: [AppPermission.ViewMyDmpPage]
},
breadcrumb: true, breadcrumb: true,
title: 'GENERAL.TITLES.PLANS' title: 'GENERAL.TITLES.PLANS'
} }
@ -71,7 +77,7 @@ const appRoutes: Routes = [
} }
}, },
{ {
path: 'about', path: 'about',
loadChildren: () => import('./ui/about/about.module').then(m => m.AboutModule), loadChildren: () => import('./ui/about/about.module').then(m => m.AboutModule),
@ -80,7 +86,7 @@ const appRoutes: Routes = [
title: 'GENERAL.TITLES.ABOUT' title: 'GENERAL.TITLES.ABOUT'
} }
}, },
{ {
path: 'description-templates', path: 'description-templates',
loadChildren: () => import('./ui/admin/description-template/description-template.module').then(m => m.DescriptionTemplateModule), loadChildren: () => import('./ui/admin/description-template/description-template.module').then(m => m.DescriptionTemplateModule),
@ -169,7 +175,7 @@ const appRoutes: Routes = [
title: 'GENERAL.TITLES.COOKIES-POLICY' title: 'GENERAL.TITLES.COOKIES-POLICY'
} }
}, },
// { // {
// path: 'splash', // path: 'splash',
// loadChildren: () => import('./ui/splash/splash.module').then(m => m.SplashModule), // loadChildren: () => import('./ui/splash/splash.module').then(m => m.SplashModule),
@ -188,6 +194,9 @@ const appRoutes: Routes = [
path: 'users', path: 'users',
loadChildren: () => import('./ui/admin/user/user.module').then(m => m.UsersModule), loadChildren: () => import('./ui/admin/user/user.module').then(m => m.UsersModule),
data: { data: {
authContext: {
permissions: [AppPermission.ViewUserPage]
},
breadcrumb: true, breadcrumb: true,
title: 'GENERAL.TITLES.USERS' title: 'GENERAL.TITLES.USERS'
}, },
@ -324,6 +333,9 @@ const appRoutes: Routes = [
path: 'index-managment', path: 'index-managment',
loadChildren: () => import('./ui/admin/index-managment/index-managment.module').then(m => m.IndexManagmentModule), loadChildren: () => import('./ui/admin/index-managment/index-managment.module').then(m => m.IndexManagmentModule),
data: { data: {
authContext: {
permissions: [AppPermission.ViewMaintenancePage]
},
breadcrumb: true, breadcrumb: true,
title: 'GENERAL.TITLES.INDEX-MANAGMENT' title: 'GENERAL.TITLES.INDEX-MANAGMENT'
}, },
@ -332,6 +344,9 @@ const appRoutes: Routes = [
path: 'maintenance-tasks', path: 'maintenance-tasks',
loadChildren: () => import('./ui/admin/maintenance-tasks/maintenance-tasks.module').then(m => m.MaintenanceTasksModule), loadChildren: () => import('./ui/admin/maintenance-tasks/maintenance-tasks.module').then(m => m.MaintenanceTasksModule),
data: { data: {
authContext: {
permissions: [AppPermission.ViewMaintenancePage]
},
breadcrumb: true breadcrumb: true
}, },
}, },

View File

@ -33,20 +33,6 @@ export enum AppPermission {
EditDescriptionTemplate = "EditDescriptionTemplate", EditDescriptionTemplate = "EditDescriptionTemplate",
DeleteDescriptionTemplate = "DeleteDescriptionTemplate", DeleteDescriptionTemplate = "DeleteDescriptionTemplate",
// UI Pages
ViewDescriptionTemplateTypePage = "ViewDescriptionTemplateTypePage",
ViewDmpBlueprintPage = "ViewDmpBlueprintPage",
ViewDescriptionTemplatePage = "ViewDescriptionTemplatePage",
ViewSupportiveMaterialPage = 'ViewSupportiveMaterialPage',
ViewReferenceTypePage = 'ViewReferenceTypePage',
ViewReferencePage = 'ViewReferencePage',
ViewTenantPage = 'ViewTenantPage',
ViewLanguagePage = "ViewLanguagePage",
ViewNotificationTemplatePage = "ViewNotificationTemplatePage",
ViewMineInAppNotificationPage = "ViewMineInAppNotificationPage",
ViewNotificationPage = "ViewNotificationPage",
ViewPrefillingSourcePage = "ViewPrefillingSourcePage",
ViewEntityLockPage = "ViewEntityLockPage",
//ReferenceType //ReferenceType
BrowseReferenceType = "BrowseReferenceType", BrowseReferenceType = "BrowseReferenceType",
@ -83,5 +69,27 @@ export enum AppPermission {
BrowsePrefillingSource= "BrowsePrefillingSource", BrowsePrefillingSource= "BrowsePrefillingSource",
EditPrefillingSource = "EditPrefillingSource", EditPrefillingSource = "EditPrefillingSource",
DeletePrefillingSource = "DeletePrefillingSource", DeletePrefillingSource = "DeletePrefillingSource",
// UI Pages
ViewDescriptionTemplateTypePage = "ViewDescriptionTemplateTypePage",
ViewMaintenancePage = "ViewMaintenancePage",
ViewNotificationPage = "ViewNotificationPage",
ViewNotificationTemplatePage = "ViewNotificationTemplatePage",
ViewSupportiveMaterialPage = "ViewSupportiveMaterialPage",
ViewLanguagePage = "ViewLanguagePage",
ViewUserPage = "ViewUserPage",
ViewTenantPage = "ViewTenantPage",
ViewPrefillingSourcePage = "ViewPrefillingSourcePage",
ViewReferenceTypePage = "ViewReferenceTypePage",
ViewReferencePage = "ViewReferencePage",
ViewEntityLockPage = "ViewEntityLockPage",
ViewDescriptionTemplatePage = "ViewDescriptionTemplatePage",
ViewDmpBlueprintPage = "ViewDmpBlueprintPage",
ViewPublicDescriptionPage = "ViewPublicDescriptionPage",
ViewPublicDmpPage = "ViewPublicDmpPage",
ViewMyDescriptionPage = "ViewMyDescriptionPage",
ViewMyDmpPage = "ViewMyDmpPage",
ViewHomePage = "ViewHomePage",
ViewMineInAppNotificationPage = "ViewMineInAppNotificationPage",
} }

View File

@ -331,7 +331,7 @@ export class AuthService extends BaseService {
} }
private evaluatePermission(availablePermissions: string[], permissionToCheck: string): boolean { private evaluatePermission(availablePermissions: string[], permissionToCheck: string): boolean {
if (!permissionToCheck) { return false; } if (!permissionToCheck) { return false; }
if (this.hasRole(AppRole.Admin)) { return true; } // if (this.hasRole(AppRole.Admin)) { return true; }
return availablePermissions.map(x => x.toLowerCase()).includes(permissionToCheck.toLowerCase()); return availablePermissions.map(x => x.toLowerCase()).includes(permissionToCheck.toLowerCase());
} }
public hasAnyPermission(permissions: AppPermission[]): boolean { public hasAnyPermission(permissions: AppPermission[]): boolean {

View File

@ -23,7 +23,7 @@ export class TenantEditorModel extends BaseEditorModel implements TenantPersist
this.name = item.name; this.name = item.name;
this.code = item.code; this.code = item.code;
this.description = item.description; this.description = item.description;
if (item.config) this.config = new TenantConfigEditorModel(this.validationErrorModel).fromModel(item.config); if (item.config) this.config = new TenantConfigEditorModel(this.validationErrorModel).fromModel(item.config);
} }
return this; return this;
} }
@ -38,7 +38,7 @@ export class TenantEditorModel extends BaseEditorModel implements TenantPersist
description: [{ value: this.description, disabled: disabled }, context.getValidation('description').validators], description: [{ value: this.description, disabled: disabled }, context.getValidation('description').validators],
config: this.config.buildForm({ config: this.config.buildForm({
rootPath: `config.`, rootPath: `config.`,
}), }),
hash: [{ value: this.hash, disabled: disabled }, context.getValidation('hash').validators] hash: [{ value: this.hash, disabled: disabled }, context.getValidation('hash').validators]
}); });
} }
@ -97,8 +97,8 @@ export class TenantConfigEditorModel implements TenantConfigPersist {
public fromModel(item: TenantConfig): TenantConfigEditorModel { public fromModel(item: TenantConfig): TenantConfigEditorModel {
if (item) { if (item) {
if (item.deposit) this.deposit = new TenantDepositConfigEditorModel(this.validationErrorModel).fromModel(item.deposit); if (item.deposit) this.deposit = new TenantDepositConfigEditorModel(this.validationErrorModel).fromModel(item.deposit);
if (item.fileTransformers) this.fileTransformers = new TenantFileTransformersConfigEditorModel(this.validationErrorModel).fromModel(item.fileTransformers); if (item.fileTransformers) this.fileTransformers = new TenantFileTransformersConfigEditorModel(this.validationErrorModel).fromModel(item.fileTransformers);
} }
return this; return this;
} }
@ -188,7 +188,7 @@ export class TenantDepositConfigEditorModel implements TenantDepositConfigPersis
const baseContext: ValidationContext = new ValidationContext(); const baseContext: ValidationContext = new ValidationContext();
const baseValidationArray: Validation[] = new Array<Validation>(); const baseValidationArray: Validation[] = new Array<Validation>();
baseValidationArray.push({ key: 'sources', validators: [Validators.required, BackendErrorValidator(validationErrorModel, `${rootPath}sources`)] }); baseValidationArray.push({ key: 'sources', validators: [BackendErrorValidator(validationErrorModel, `${rootPath}sources`)] });
baseContext.validation = baseValidationArray; baseContext.validation = baseValidationArray;
return baseContext; return baseContext;
@ -258,7 +258,7 @@ export class TenantFileTransformersConfigEditorModel implements TenantFileTransf
const baseContext: ValidationContext = new ValidationContext(); const baseContext: ValidationContext = new ValidationContext();
const baseValidationArray: Validation[] = new Array<Validation>(); const baseValidationArray: Validation[] = new Array<Validation>();
baseValidationArray.push({ key: 'sources', validators: [Validators.required, BackendErrorValidator(validationErrorModel, `${rootPath}sources`)] }); baseValidationArray.push({ key: 'sources', validators: [BackendErrorValidator(validationErrorModel, `${rootPath}sources`)] });
baseContext.validation = baseValidationArray; baseContext.validation = baseValidationArray;
return baseContext; return baseContext;

View File

@ -15,7 +15,6 @@ import { takeUntil } from 'rxjs/operators';
import { StartNewDmpDialogComponent } from '../dmp/new/start-new-dmp-dialogue/start-new-dmp-dialog.component'; import { StartNewDmpDialogComponent } from '../dmp/new/start-new-dmp-dialogue/start-new-dmp-dialog.component';
import { FaqDialogComponent } from '../faq/dialog/faq-dialog.component'; import { FaqDialogComponent } from '../faq/dialog/faq-dialog.component';
import { UserDialogComponent } from './user-dialog/user-dialog.component'; import { UserDialogComponent } from './user-dialog/user-dialog.component';
import { DATASETS_ROUTES, DMP_ROUTES, GENERAL_ROUTES } from '../sidebar/sidebar.component';
import { MineInAppNotificationListingDialogComponent } from '../inapp-notification/listing-dialog/mine-inapp-notification-listing-dialog.component'; import { MineInAppNotificationListingDialogComponent } from '../inapp-notification/listing-dialog/mine-inapp-notification-listing-dialog.component';
import { InAppNotificationService } from '@app/core/services/inapp-notification/inapp-notification.service'; import { InAppNotificationService } from '@app/core/services/inapp-notification/inapp-notification.service';
import { timer } from 'rxjs'; import { timer } from 'rxjs';
@ -28,7 +27,7 @@ import { ConfigurationService } from '@app/core/services/configuration/configura
}) })
export class NavbarComponent extends BaseComponent implements OnInit { export class NavbarComponent extends BaseComponent implements OnInit {
progressIndication = false; progressIndication = false;
private listTitles: any[]; //private listTitles: any[];
location: Location; location: Location;
mobile_menu_visible: any = 0; mobile_menu_visible: any = 0;
private toggleButton: any; private toggleButton: any;
@ -64,10 +63,10 @@ export class NavbarComponent extends BaseComponent implements OnInit {
ngOnInit() { ngOnInit() {
this.matomoService.trackPageView('Navbar'); this.matomoService.trackPageView('Navbar');
this.currentRoute = this.router.url; this.currentRoute = this.router.url;
this.listTitles = GENERAL_ROUTES.filter(listTitle => listTitle); // this.listTitles = GENERAL_ROUTES.filter(listTitle => listTitle);
this.listTitles.push(DMP_ROUTES.filter(listTitle => listTitle)); // this.listTitles.push(DMP_ROUTES.filter(listTitle => listTitle));
// this.listTitles.push(HISTORY_ROUTES.filter(listTitle => listTitle)); // this.listTitles.push(HISTORY_ROUTES.filter(listTitle => listTitle));
this.listTitles.push(DATASETS_ROUTES.filter(listTitle => listTitle)); // this.listTitles.push(DATASETS_ROUTES.filter(listTitle => listTitle));
// const navbar: HTMLElement = this.element.nativeElement; // const navbar: HTMLElement = this.element.nativeElement;
// this.toggleButton = navbar.getElementsByClassName('navbar-toggler')[0]; // this.toggleButton = navbar.getElementsByClassName('navbar-toggler')[0];
// this.router.events.subscribe((event) => { // this.router.events.subscribe((event) => {
@ -193,20 +192,20 @@ export class NavbarComponent extends BaseComponent implements OnInit {
} }
}; };
getTitle() { // getTitle() {
var titlee = this.location.prepareExternalUrl(this.location.path()); // var titlee = this.location.prepareExternalUrl(this.location.path());
if (titlee.charAt(0) === '#') { // if (titlee.charAt(0) === '#') {
titlee = titlee.slice(2); // titlee = titlee.slice(2);
} // }
titlee = titlee.split('/').pop(); // titlee = titlee.split('/').pop();
for (var item = 0; item < this.listTitles.length; item++) { // for (var item = 0; item < this.listTitles.length; item++) {
if (this.listTitles[item].path === titlee) { // if (this.listTitles[item].path === titlee) {
return this.listTitles[item].title; // return this.listTitles[item].title;
} // }
} // }
return 'Dashboard'; // return 'Dashboard';
} // }
public getCurrentLanguage(): any { public getCurrentLanguage(): any {
const lang = this.languages.find(lang => lang.value === this.languageService.getCurrentLanguage()); const lang = this.languages.find(lang => lang.value === this.languageService.getCurrentLanguage());

View File

@ -6,9 +6,11 @@ import { Router } from '@angular/router';
import { MatomoService } from '@app/core/services/matomo/matomo-service'; import { MatomoService } from '@app/core/services/matomo/matomo-service';
import { TranslateService } from '@ngx-translate/core'; import { TranslateService } from '@ngx-translate/core';
import { AppRole } from '../../core/common/enum/app-role'; import { AppRole } from '../../core/common/enum/app-role';
import { AuthService } from '../../core/services/auth/auth.service'; import { AuthService, LoginStatus } from '../../core/services/auth/auth.service';
import { LanguageDialogComponent } from '../language/dialog/language-dialog.component'; import { LanguageDialogComponent } from '../language/dialog/language-dialog.component';
import { UserDialogComponent } from '../navbar/user-dialog/user-dialog.component'; import { UserDialogComponent } from '../navbar/user-dialog/user-dialog.component';
import { AppPermission } from '@app/core/common/enum/permission.enum';
import { takeUntil } from 'rxjs/operators';
declare interface RouteInfo { declare interface RouteInfo {
path: string; path: string;
@ -19,56 +21,8 @@ declare interface RouteInfo {
declare interface GroupMenuItem { declare interface GroupMenuItem {
title: string; title: string;
routes: RouteInfo[]; routes: RouteInfo[];
requiresAuthentication: boolean;
requiresSpecialPermission?: AppRole;
requiresAdmin: boolean;
isGeneral: boolean;
} }
export const GENERAL_ROUTES: RouteInfo[] = [
{ path: '/home', title: 'SIDE-BAR.DASHBOARD', icon: 'home' }
];
export const DMP_ROUTES: RouteInfo[] = [
{ path: '/plans', title: 'SIDE-BAR.MY-DMPS', icon: 'library_books' },
{ path: '/descriptions', title: 'SIDE-BAR.MY-DESCRIPTIONS', icon: 'dns' },
];
export const DATASETS_ROUTES: RouteInfo[] = [
{ path: '/explore-plans', title: 'SIDE-BAR.PUBLIC-DMPS', icon: 'library_books' },
{ path: '/explore-descriptions', title: 'SIDE-BAR.PUBLIC-DESC', icon: 'dns' },
];
export const PUBLIC_ROUTES: RouteInfo[] = [
{ path: '/explore-plans', title: 'SIDE-BAR.PUBLIC-DMPS', icon: 'library_books' },
{ path: '/explore-descriptions', title: 'SIDE-BAR.PUBLIC-DESC', icon: 'dns' }
];
export const ADMIN_ROUTES: RouteInfo[] = [
{ path: '/dmp-blueprints', title: 'SIDE-BAR.DMP-BLUEPRINTS', icon: 'library_books' },
{ path: '/description-templates', title: 'SIDE-BAR.DESCRIPTION-TEMPLATES', icon: 'description' },
{ path: '/description-template-type', title: 'SIDE-BAR.DESCRIPTION-TEMPLATE-TYPES', icon: 'stack' },
{ path: '/entity-locks', title: 'SIDE-BAR.ENTITY-LOCKS', icon: 'build' },
{ path: '/references', title: 'SIDE-BAR.REFERENCES', icon: 'dataset_linked' },
{ path: '/reference-type', title: 'SIDE-BAR.REFERENCE-TYPES', icon: 'add_link' },
{ path: '/prefilling-sources', title: 'SIDE-BAR.PREFILLING-SOURCES', icon: 'add_link' },
{ path: '/tenants', title: 'SIDE-BAR.TENANTS', icon: 'tenancy' },
{ path: '/users', title: 'SIDE-BAR.USERS', icon: 'people' },
{ path: '/languages', title: 'SIDE-BAR.LANGUAGES', icon: 'language' },
{ path: '/supportive-material', title: 'SIDE-BAR.SUPPORTIVE-MATERIAL', icon: 'dataset_linked' },
{ path: '/notification-templates', title: 'SIDE-BAR.NOTIFICATION-TEMPLATES', icon: 'build' },
{ path: '/notifications', title: 'SIDE-BAR.NOTIFICATIONS', icon: 'build' },
{ path: '/index-managment', title: 'SIDE-BAR.MAINTENANCE', icon: 'build' }
];
export const DATASET_TEMPLATE_ROUTES: RouteInfo[] = [
{ path: '/description-templates', title: 'SIDE-BAR.DESCRIPTION-TEMPLATES', icon: 'description' }
];
export const INFO_ROUTES: RouteInfo[] = [
{ path: '/co-branding', title: 'SIDE-BAR.CO-BRANDING', icon: 'toll' },
{ path: '/contact-support', title: 'SIDE-BAR.SUPPORT', icon: 'help' },
{ path: '/feedback', title: 'SIDE-BAR.FEEDBACK', icon: 'feedback', url: 'https://docs.google.com/forms/d/12RSCrUjdSDp2LZLpjDKOi44cN1fLDD2q1-F66SqZIis/viewform?edit_requested=true' }
];
@Component({ @Component({
selector: 'app-sidebar', selector: 'app-sidebar',
templateUrl: './sidebar.component.html', templateUrl: './sidebar.component.html',
@ -102,71 +56,80 @@ export class SidebarComponent implements OnInit {
ngOnInit() { ngOnInit() {
this.matomoService.trackPageView('Sidebar'); this.matomoService.trackPageView('Sidebar');
this.currentRoute = this.router.url; this.currentRoute = this.router.url;
this.authentication.getAuthenticationStateObservable().pipe().subscribe(authenticationState => {
this.reCalculateMenu()
});
this.reCalculateMenu();
this.router.events.subscribe((event) => this.currentRoute = this.router.url);
}
private reCalculateMenu() {
this.groupMenuItems = []
this.generalItems = { this.generalItems = {
title: 'SIDE-BAR.GENERAL', title: 'SIDE-BAR.GENERAL',
routes: GENERAL_ROUTES, routes: [],
requiresAuthentication: false,
requiresAdmin: false,
isGeneral: true
} }
this.generalItems.routes.push({ path: '/home', title: 'SIDE-BAR.DASHBOARD', icon: 'home' });
this.groupMenuItems.push(this.generalItems); this.groupMenuItems.push(this.generalItems);
this.dmpItems = { this.dmpItems = {
title: 'SIDE-BAR.DMP', title: 'SIDE-BAR.DMP',
routes: DMP_ROUTES, routes: [],
requiresAuthentication: true,
requiresAdmin: false,
isGeneral: false
} }
if (this.authentication.hasPermission(AppPermission.ViewMyDmpPage)) this.dmpItems.routes.push({ path: '/plans', title: 'SIDE-BAR.MY-DMPS', icon: 'library_books' });
if (this.authentication.hasPermission(AppPermission.ViewMyDescriptionPage)) this.dmpItems.routes.push({ path: '/descriptions', title: 'SIDE-BAR.MY-DESCRIPTIONS', icon: 'dns' });
this.groupMenuItems.push(this.dmpItems); this.groupMenuItems.push(this.dmpItems);
this.datasetItems = { this.datasetItems = {
title: 'SIDE-BAR.DATASETS', title: 'SIDE-BAR.DATASETS',
routes: DATASETS_ROUTES, routes: [],
requiresAuthentication: true,
requiresAdmin: false,
isGeneral: false
} }
if (this.authentication.hasPermission(AppPermission.ViewPublicDmpPage)) this.datasetItems.routes.push({ path: '/explore-plans', title: 'SIDE-BAR.PUBLIC-DMPS', icon: 'library_books' });
if (this.authentication.hasPermission(AppPermission.ViewPublicDescriptionPage)) this.datasetItems.routes.push({ path: '/explore-descriptions', title: 'SIDE-BAR.PUBLIC-DESC', icon: 'dns' });
this.groupMenuItems.push(this.datasetItems); this.groupMenuItems.push(this.datasetItems);
this.adminItems = {
title: 'SIDE-BAR.ADMIN',
routes: ADMIN_ROUTES,
requiresAuthentication: true,
requiresAdmin: true,
isGeneral: false
}
this.groupMenuItems.push(this.adminItems);
this.datasetTemplateItems = {
title: 'SIDE-BAR.ADMIN',
routes: DATASET_TEMPLATE_ROUTES,
requiresAuthentication: true,
requiresSpecialPermission: AppRole.DescriptionTemplateEditor,
requiresAdmin: false,
isGeneral: false
}
this.groupMenuItems.push(this.datasetTemplateItems);
this.publicItems = { this.publicItems = {
title: 'SIDE-BAR.PUBLIC', title: 'SIDE-BAR.PUBLIC',
routes: PUBLIC_ROUTES, routes: [],
requiresAuthentication: false,
requiresAdmin: false,
isGeneral: false
} }
this.publicItems.routes.push({ path: '/explore-plans', title: 'SIDE-BAR.PUBLIC-DMPS', icon: 'library_books' });
this.publicItems.routes.push({ path: '/explore-descriptions', title: 'SIDE-BAR.PUBLIC-DESC', icon: 'dns' });
this.groupMenuItems.push(this.publicItems); this.groupMenuItems.push(this.publicItems);
this.adminItems = {
title: 'SIDE-BAR.ADMIN',
routes: [],
}
if (this.authentication.hasPermission(AppPermission.ViewDmpBlueprintPage)) this.adminItems.routes.push({ path: '/dmp-blueprints', title: 'SIDE-BAR.DMP-BLUEPRINTS', icon: 'library_books' });
if (this.authentication.hasPermission(AppPermission.ViewDescriptionTemplatePage)) this.adminItems.routes.push({ path: '/description-templates', title: 'SIDE-BAR.DESCRIPTION-TEMPLATES', icon: 'description' });
if (this.authentication.hasPermission(AppPermission.ViewDescriptionTemplateTypePage)) this.adminItems.routes.push({ path: '/description-template-type', title: 'SIDE-BAR.DESCRIPTION-TEMPLATE-TYPES', icon: 'stack' });
if (this.authentication.hasPermission(AppPermission.ViewEntityLockPage)) this.adminItems.routes.push({ path: '/entity-locks', title: 'SIDE-BAR.ENTITY-LOCKS', icon: 'build' });
if (this.authentication.hasPermission(AppPermission.ViewReferencePage)) this.adminItems.routes.push({ path: '/references', title: 'SIDE-BAR.REFERENCES', icon: 'dataset_linked' });
if (this.authentication.hasPermission(AppPermission.ViewReferenceTypePage)) this.adminItems.routes.push({ path: '/reference-type', title: 'SIDE-BAR.REFERENCE-TYPES', icon: 'add_link' });
if (this.authentication.hasPermission(AppPermission.ViewPrefillingSourcePage)) this.adminItems.routes.push({ path: '/prefilling-sources', title: 'SIDE-BAR.PREFILLING-SOURCES', icon: 'add_link' });
if (this.authentication.hasPermission(AppPermission.ViewTenantPage)) this.adminItems.routes.push({ path: '/tenants', title: 'SIDE-BAR.TENANTS', icon: 'tenancy' });
if (this.authentication.hasPermission(AppPermission.ViewUserPage)) this.adminItems.routes.push({ path: '/users', title: 'SIDE-BAR.USERS', icon: 'people' });
if (this.authentication.hasPermission(AppPermission.ViewLanguagePage)) this.adminItems.routes.push({ path: '/languages', title: 'SIDE-BAR.LANGUAGES', icon: 'language' });
if (this.authentication.hasPermission(AppPermission.ViewSupportiveMaterialPage)) this.adminItems.routes.push({ path: '/supportive-material', title: 'SIDE-BAR.SUPPORTIVE-MATERIAL', icon: 'dataset_linked' });
if (this.authentication.hasPermission(AppPermission.ViewNotificationTemplatePage)) this.adminItems.routes.push({ path: '/notification-templates', title: 'SIDE-BAR.NOTIFICATION-TEMPLATES', icon: 'build' });
if (this.authentication.hasPermission(AppPermission.ViewNotificationPage)) this.adminItems.routes.push({ path: '/notifications', title: 'SIDE-BAR.NOTIFICATIONS', icon: 'build' });
if (this.authentication.hasPermission(AppPermission.ViewMaintenancePage)) this.adminItems.routes.push({ path: '/index-managment', title: 'SIDE-BAR.MAINTENANCE', icon: 'build' });
this.groupMenuItems.push(this.adminItems);
this.infoItems = { this.infoItems = {
title: "", title: "",
routes: INFO_ROUTES, routes: [],
requiresAuthentication: false,
requiresAdmin: false,
isGeneral: false
} }
this.infoItems.routes.push({ path: '/co-branding', title: 'SIDE-BAR.CO-BRANDING', icon: 'toll' });
this.infoItems.routes.push({ path: '/contact-support', title: 'SIDE-BAR.SUPPORT', icon: 'help' });
this.infoItems.routes.push({ path: '/feedback', title: 'SIDE-BAR.FEEDBACK', icon: 'feedback', url: 'https://docs.google.com/forms/d/12RSCrUjdSDp2LZLpjDKOi44cN1fLDD2q1-F66SqZIis/viewform?edit_requested=true' });
this.groupMenuItems.push(this.infoItems); this.groupMenuItems.push(this.infoItems);
this.router.events.subscribe((event) => this.currentRoute = this.router.url);
} }
public principalHasAvatar(): boolean { public principalHasAvatar(): boolean {
@ -206,20 +169,7 @@ export class SidebarComponent implements OnInit {
} }
showItem(value: GroupMenuItem) { showItem(value: GroupMenuItem) {
if (this.isAuthenticated()) { return value.routes && value.routes.length > 0;
if (value.requiresAdmin) {
return this.isAdmin();
}
else if (value.requiresSpecialPermission !== undefined) {
return this.hasPermission(value.requiresSpecialPermission);
}
else {
return value.isGeneral || value.requiresAuthentication;
}
}
else {
return !value.requiresAuthentication;
}
} }
openProfile() { openProfile() {