From 39ea1b6c88339d05ba89833f427df01c6a5e28d1 Mon Sep 17 00:00:00 2001 From: sgiannopoulos Date: Thu, 11 Apr 2024 12:36:00 +0300 Subject: [PATCH] add authn only permissions to me --- .../gr/cite/annotation/web/model/AccountBuilder.java | 11 +++++++---- .../src/main/java/eu/eudat/models/AccountBuilder.java | 6 ++++++ .../cite/notification/web/model/AccountBuilder.java | 11 +++++++---- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/annotation-service/annotation-web/src/main/java/gr/cite/annotation/web/model/AccountBuilder.java b/annotation-service/annotation-web/src/main/java/gr/cite/annotation/web/model/AccountBuilder.java index b00ff09e9..de36df03c 100644 --- a/annotation-service/annotation-web/src/main/java/gr/cite/annotation/web/model/AccountBuilder.java +++ b/annotation-service/annotation-web/src/main/java/gr/cite/annotation/web/model/AccountBuilder.java @@ -1,6 +1,7 @@ package gr.cite.annotation.web.model; import gr.cite.commons.web.authz.configuration.AuthorizationConfiguration; +import gr.cite.commons.web.authz.configuration.Permission; import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver; import gr.cite.commons.web.oidc.principal.MyPrincipal; import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractor; @@ -12,10 +13,7 @@ import org.springframework.beans.factory.config.ConfigurableBeanFactory; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Set; +import java.util.*; @Component @Scope(value = ConfigurableBeanFactory.SCOPE_PROTOTYPE) @@ -76,6 +74,11 @@ public class AccountBuilder { if (fields.hasField(Account._permissions)) { List roles = claimExtractor.roles(currentPrincipalResolver.currentPrincipal()); Set permissions = authorizationConfiguration.permissionsOfRoles(roles); + for (Map.Entry permissionEntry : authorizationConfiguration.getRawPolicies().entrySet()){ + if (permissionEntry.getValue().getAllowAuthenticated()){ + permissions.add(permissionEntry.getKey()); + } + } model.setPermissions(new ArrayList<>(permissions)); } return model; diff --git a/dmp-backend/web/src/main/java/eu/eudat/models/AccountBuilder.java b/dmp-backend/web/src/main/java/eu/eudat/models/AccountBuilder.java index 884b1f484..36e4580ba 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/models/AccountBuilder.java +++ b/dmp-backend/web/src/main/java/eu/eudat/models/AccountBuilder.java @@ -6,6 +6,7 @@ import eu.eudat.commons.types.user.AdditionalInfoEntity; import eu.eudat.data.TenantEntityManager; import eu.eudat.data.UserEntity; import gr.cite.commons.web.authz.configuration.AuthorizationConfiguration; +import gr.cite.commons.web.authz.configuration.Permission; import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver; import gr.cite.commons.web.oidc.principal.MyPrincipal; import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractor; @@ -96,6 +97,11 @@ public class AccountBuilder { if (fields.hasField(Account._permissions)) { List roles = claimExtractor.roles(currentPrincipalResolver.currentPrincipal()); Set permissions = authorizationConfiguration.permissionsOfRoles(roles); + for (Map.Entry permissionEntry : authorizationConfiguration.getRawPolicies().entrySet()){ + if (permissionEntry.getValue().getAllowAuthenticated()){ + permissions.add(permissionEntry.getKey()); + } + } model.setPermissions(new ArrayList<>(permissions)); } diff --git a/notification-service/notification-web/src/main/java/gr/cite/notification/web/model/AccountBuilder.java b/notification-service/notification-web/src/main/java/gr/cite/notification/web/model/AccountBuilder.java index 17deb15fb..792b25965 100644 --- a/notification-service/notification-web/src/main/java/gr/cite/notification/web/model/AccountBuilder.java +++ b/notification-service/notification-web/src/main/java/gr/cite/notification/web/model/AccountBuilder.java @@ -1,6 +1,7 @@ package gr.cite.notification.web.model; import gr.cite.commons.web.authz.configuration.AuthorizationConfiguration; +import gr.cite.commons.web.authz.configuration.Permission; import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver; import gr.cite.commons.web.oidc.principal.MyPrincipal; import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractor; @@ -12,10 +13,7 @@ import org.springframework.beans.factory.config.ConfigurableBeanFactory; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Set; +import java.util.*; @Component @Scope(value = ConfigurableBeanFactory.SCOPE_PROTOTYPE) @@ -76,6 +74,11 @@ public class AccountBuilder { if (fields.hasField(Account._permissions)) { List roles = claimExtractor.roles(currentPrincipalResolver.currentPrincipal()); Set permissions = authorizationConfiguration.permissionsOfRoles(roles); + for (Map.Entry permissionEntry : authorizationConfiguration.getRawPolicies().entrySet()){ + if (permissionEntry.getValue().getAllowAuthenticated()){ + permissions.add(permissionEntry.getKey()); + } + } model.setPermissions(new ArrayList<>(permissions)); } return model;