From 39ea1b6c88339d05ba89833f427df01c6a5e28d1 Mon Sep 17 00:00:00 2001
From: sgiannopoulos <sgiannopoulos@cite.gr>
Date: Thu, 11 Apr 2024 12:36:00 +0300
Subject: [PATCH] add authn only permissions to me

---
 .../gr/cite/annotation/web/model/AccountBuilder.java  | 11 +++++++----
 .../src/main/java/eu/eudat/models/AccountBuilder.java |  6 ++++++
 .../cite/notification/web/model/AccountBuilder.java   | 11 +++++++----
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/annotation-service/annotation-web/src/main/java/gr/cite/annotation/web/model/AccountBuilder.java b/annotation-service/annotation-web/src/main/java/gr/cite/annotation/web/model/AccountBuilder.java
index b00ff09e9..de36df03c 100644
--- a/annotation-service/annotation-web/src/main/java/gr/cite/annotation/web/model/AccountBuilder.java
+++ b/annotation-service/annotation-web/src/main/java/gr/cite/annotation/web/model/AccountBuilder.java
@@ -1,6 +1,7 @@
 package gr.cite.annotation.web.model;
 
 import gr.cite.commons.web.authz.configuration.AuthorizationConfiguration;
+import gr.cite.commons.web.authz.configuration.Permission;
 import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver;
 import gr.cite.commons.web.oidc.principal.MyPrincipal;
 import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractor;
@@ -12,10 +13,7 @@ import org.springframework.beans.factory.config.ConfigurableBeanFactory;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Set;
+import java.util.*;
 
 @Component
 @Scope(value = ConfigurableBeanFactory.SCOPE_PROTOTYPE)
@@ -76,6 +74,11 @@ public class AccountBuilder {
 		if (fields.hasField(Account._permissions)) {
 			List<String> roles = claimExtractor.roles(currentPrincipalResolver.currentPrincipal());
 			Set<String> permissions = authorizationConfiguration.permissionsOfRoles(roles);
+			for (Map.Entry<String, Permission> permissionEntry : authorizationConfiguration.getRawPolicies().entrySet()){
+				if (permissionEntry.getValue().getAllowAuthenticated()){
+					permissions.add(permissionEntry.getKey());
+				}
+			}
 			model.setPermissions(new ArrayList<>(permissions));
 		}
 		return model;
diff --git a/dmp-backend/web/src/main/java/eu/eudat/models/AccountBuilder.java b/dmp-backend/web/src/main/java/eu/eudat/models/AccountBuilder.java
index 884b1f484..36e4580ba 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/models/AccountBuilder.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/models/AccountBuilder.java
@@ -6,6 +6,7 @@ import eu.eudat.commons.types.user.AdditionalInfoEntity;
 import eu.eudat.data.TenantEntityManager;
 import eu.eudat.data.UserEntity;
 import gr.cite.commons.web.authz.configuration.AuthorizationConfiguration;
+import gr.cite.commons.web.authz.configuration.Permission;
 import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver;
 import gr.cite.commons.web.oidc.principal.MyPrincipal;
 import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractor;
@@ -96,6 +97,11 @@ public class AccountBuilder {
         if (fields.hasField(Account._permissions)) {
             List<String> roles = claimExtractor.roles(currentPrincipalResolver.currentPrincipal());
             Set<String> permissions = authorizationConfiguration.permissionsOfRoles(roles);
+            for (Map.Entry<String, Permission> permissionEntry : authorizationConfiguration.getRawPolicies().entrySet()){
+                if (permissionEntry.getValue().getAllowAuthenticated()){
+                    permissions.add(permissionEntry.getKey());
+                }
+            }
             model.setPermissions(new ArrayList<>(permissions));
         }
 
diff --git a/notification-service/notification-web/src/main/java/gr/cite/notification/web/model/AccountBuilder.java b/notification-service/notification-web/src/main/java/gr/cite/notification/web/model/AccountBuilder.java
index 17deb15fb..792b25965 100644
--- a/notification-service/notification-web/src/main/java/gr/cite/notification/web/model/AccountBuilder.java
+++ b/notification-service/notification-web/src/main/java/gr/cite/notification/web/model/AccountBuilder.java
@@ -1,6 +1,7 @@
 package gr.cite.notification.web.model;
 
 import gr.cite.commons.web.authz.configuration.AuthorizationConfiguration;
+import gr.cite.commons.web.authz.configuration.Permission;
 import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver;
 import gr.cite.commons.web.oidc.principal.MyPrincipal;
 import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractor;
@@ -12,10 +13,7 @@ import org.springframework.beans.factory.config.ConfigurableBeanFactory;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Set;
+import java.util.*;
 
 @Component
 @Scope(value = ConfigurableBeanFactory.SCOPE_PROTOTYPE)
@@ -76,6 +74,11 @@ public class AccountBuilder {
 		if (fields.hasField(Account._permissions)) {
 			List<String> roles = claimExtractor.roles(currentPrincipalResolver.currentPrincipal());
 			Set<String> permissions = authorizationConfiguration.permissionsOfRoles(roles);
+			for (Map.Entry<String, Permission> permissionEntry : authorizationConfiguration.getRawPolicies().entrySet()){
+				if (permissionEntry.getValue().getAllowAuthenticated()){
+					permissions.add(permissionEntry.getKey());
+				}
+			}
 			model.setPermissions(new ArrayList<>(permissions));
 		}
 		return model;