MaDgiK-CITE
/
argos
13
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

permission changes

This commit is contained in:
amentis 2024-06-04 14:07:45 +03:00
parent 9695e32c17
commit 3a6b648bff
6 changed files with 50 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
annotation-service/annotation-web/src/main/resources/config/permissions.yml
View File

@ -56,9 +56,6 @@ permissions:
BrowseAnnotation:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
entityAffiliated: true
clients: [ ]
@ -67,9 +64,6 @@ permissions:
NewAnnotation:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
entityAffiliated: true
clients: [ ]
@ -78,9 +72,6 @@ permissions:
EditAnnotation:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: true
@ -88,9 +79,6 @@ permissions:
DeleteAnnotation:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
entityAffiliated: false
clients: [ ]

9
backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java
View File

@ -9,6 +9,7 @@ import java.util.List;
public class AuthorizationProperties {
private List<String> globalAdminRoles;
private String adminRole;
private String tenantAdminRole;
private String globalUserRole;
private String tenantUserRole;
@ -24,6 +25,14 @@ public class AuthorizationProperties {
this.globalAdminRoles = globalAdminRoles;
}
public String getAdminRole() {
return adminRole;
}
public void setAdminRole(String adminRole) {
this.adminRole = adminRole;
}
public String getTenantAdminRole() {
return this.tenantAdminRole;
}

6
backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java
View File

@ -185,7 +185,11 @@ public class TenantServiceImpl implements TenantService {
item.setId(UUID.randomUUID());
item.setUserId(userId);
item.setTenantId(tenant.getId());
item.setRole(this.authorizationProperties.getTenantAdminRole());
if (existingItems.stream().filter(x -> x.getUserId().equals(userId) && x.getRole().equals(this.authorizationProperties.getAdminRole())).findFirst().orElse(null) != null){
item.setRole(this.authorizationProperties.getTenantAdminRole()); // admin
} else {
item.setRole(this.authorizationProperties.getTenantUserRole()); // installation admin
}
item.setCreatedAt(Instant.now());
this.entityManager.persist(item);
keycloakIdsToAddToTenantGroup.add(userCredential.getExternalId());

1
backend/web/src/main/resources/config/authorization.yml
View File

@ -2,6 +2,7 @@ authorization:
globalAdminRoles:
- Admin
- InstallationAdmin
adminRole: Admin
tenantAdminRole: TenantAdmin
globalUserRole: User
tenantUserRole: TenantUser

190
backend/web/src/main/resources/config/permissions.yml
View File

@ -6,8 +6,8 @@ permissions:
roles:
- TenantAdmin
- TenantUser
- TenantManager
- TenantDescriptionTemplateEditor
- TenantPlanManager
- TenantConfigManager
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
@ -94,9 +94,6 @@ permissions:
BrowseDeposit:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -104,9 +101,6 @@ permissions:
EditDeposit:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -120,6 +114,7 @@ permissions:
EditNotificationTemplate:
roles:
- Admin
- TenantAdmin
- TenantConfigManager
clients: [ ]
allowAnonymous: false
@ -127,6 +122,7 @@ permissions:
DeleteNotificationTemplate:
roles:
- Admin
- TenantAdmin
- TenantConfigManager
claims: [ ]
clients: [ ]
@ -164,6 +160,7 @@ permissions:
EditLanguage:
roles:
- Admin
- TenantAdmin
- TenantConfigManager
clients: [ ]
allowAnonymous: false
@ -171,6 +168,7 @@ permissions:
DeleteLanguage:
roles:
- Admin
- TenantAdmin
- TenantConfigManager
claims: [ ]
clients: [ ]
@ -186,9 +184,6 @@ permissions:
BrowseDescription:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -202,9 +197,6 @@ permissions:
ReviewDescription:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -217,9 +209,6 @@ permissions:
EditDescription:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -231,9 +220,6 @@ permissions:
FinalizeDescription:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -245,9 +231,6 @@ permissions:
DeleteDescription:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -260,9 +243,6 @@ permissions:
CloneDescription:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -281,9 +261,6 @@ permissions:
BrowseTag:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -291,9 +268,6 @@ permissions:
EditTag:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -301,9 +275,6 @@ permissions:
DeleteTag:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
claims: [ ]
clients: [ ]
@ -314,8 +285,6 @@ permissions:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -346,9 +315,6 @@ permissions:
BrowseDmpAssociatedUser:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -364,9 +330,7 @@ permissions:
BrowseDescriptionTemplateType:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
- TenantUser
clients: [ ]
@ -375,6 +339,7 @@ permissions:
EditDescriptionTemplateType:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
clients: [ ]
allowAnonymous: false
@ -382,6 +347,7 @@ permissions:
DeleteDescriptionTemplateType:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
claims: [ ]
clients: [ ]
@ -431,6 +397,7 @@ permissions:
EditDescriptionTemplate:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
clients: [ ]
allowAnonymous: false
@ -438,6 +405,7 @@ permissions:
DeleteDescriptionTemplate:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
claims: [ ]
clients: [ ]
@ -446,6 +414,7 @@ permissions:
CloneDescriptionTemplate:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
claims: [ ]
clients: [ ]
@ -454,6 +423,7 @@ permissions:
CreateNewVersionDescriptionTemplate:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
claims: [ ]
clients: [ ]
@ -462,6 +432,7 @@ permissions:
ImportDescriptionTemplate:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
claims: [ ]
clients: [ ]
@ -470,6 +441,7 @@ permissions:
ExportDescriptionTemplate:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
claims: [ ]
clients: [ ]
@ -479,9 +451,6 @@ permissions:
BrowseDmp:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -495,9 +464,6 @@ permissions:
EditDmp:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -519,9 +485,6 @@ permissions:
DeleteDmp:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -533,9 +496,6 @@ permissions:
DepositDmp:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -547,9 +507,6 @@ permissions:
CloneDmp:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -567,9 +524,6 @@ permissions:
CreateNewVersionDmp:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -581,9 +535,6 @@ permissions:
FinalizeDmp:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -595,9 +546,6 @@ permissions:
UndoFinalizeDmp:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -609,9 +557,6 @@ permissions:
AssignDmpUsers:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -623,9 +568,6 @@ permissions:
InviteDmpUsers:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
dmp:
roles:
@ -649,6 +591,7 @@ permissions:
EditDmpBlueprint:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
clients: [ ]
allowAnonymous: false
@ -656,6 +599,7 @@ permissions:
CloneDmpBlueprint:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
clients: [ ]
allowAnonymous: false
@ -663,12 +607,14 @@ permissions:
CreateNewVersionDmpBlueprint:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ExportDmpBlueprint:
roles:
- TenantAdmin
- TenantPlanManager
- Admin
clients: [ ]
@ -677,6 +623,7 @@ permissions:
ImportDmpBlueprint:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
claims: [ ]
clients: [ ]
@ -685,6 +632,7 @@ permissions:
DeleteDmpBlueprint:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
claims: [ ]
clients: [ ]
@ -694,9 +642,6 @@ permissions:
BrowseEntityDoi:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -704,9 +649,6 @@ permissions:
EditEntityDoi:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -714,9 +656,6 @@ permissions:
DeleteEntityDoi:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
claims: [ ]
clients: [ ]
@ -728,9 +667,6 @@ permissions:
BrowseReference:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -753,9 +689,6 @@ permissions:
BrowseDmpReference:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -763,9 +696,6 @@ permissions:
EditDmpReference:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -773,9 +703,6 @@ permissions:
DeleteDmpReference:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
claims: [ ]
clients: [ ]
@ -786,9 +713,6 @@ permissions:
BrowseDmpUser:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -796,9 +720,6 @@ permissions:
EditDmpUser:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -806,9 +727,6 @@ permissions:
DeleteDmpUser:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
claims: [ ]
clients: [ ]
@ -824,12 +742,14 @@ permissions:
- TenantConfigManager
- TenantAdmin
- TenantUser
- User
clients: [ ]
allowAnonymous: yes
allowAuthenticated: yes
EditSupportiveMaterial:
roles:
- Admin
- TenantAdmin
- TenantConfigManager
clients: [ ]
allowAnonymous: false
@ -837,6 +757,7 @@ permissions:
DeleteSupportiveMaterial:
roles:
- Admin
- TenantAdmin
- TenantConfigManager
claims: [ ]
clients: [ ]
@ -858,14 +779,14 @@ permissions:
EditReferenceType:
roles:
- Admin
- TenantPlanManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
DeleteReferenceType:
roles:
- Admin
- TenantPlanManager
- TenantAdmin
claims: [ ]
clients: [ ]
allowAnonymous: false
@ -923,9 +844,6 @@ permissions:
BrowseDmpDescriptionTemplate:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -933,9 +851,6 @@ permissions:
EditDmpDescriptionTemplate:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -943,9 +858,6 @@ permissions:
DeleteDmpDescriptionTemplate:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
claims: [ ]
clients: [ ]
@ -956,9 +868,6 @@ permissions:
BrowseDescriptionReference:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -966,9 +875,6 @@ permissions:
EditDescriptionReference:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -976,9 +882,6 @@ permissions:
DeleteDescriptionReference:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
claims: [ ]
clients: [ ]
@ -989,9 +892,6 @@ permissions:
BrowseDescriptionTag:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -999,9 +899,6 @@ permissions:
EditDescriptionTag:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
clients: [ ]
allowAnonymous: false
@ -1009,9 +906,6 @@ permissions:
DeleteDescriptionTag:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
claims: [ ]
clients: [ ]
@ -1046,11 +940,6 @@ permissions:
EditLock:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
- TenantUser
dmp:
roles:
- Owner
@ -1063,11 +952,6 @@ permissions:
DeleteLock:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
- TenantUser
dmp:
roles:
- Owner
@ -1089,33 +973,21 @@ permissions:
BrowseActionConfirmation:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
- TenantUser
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
EditActionConfirmation:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
- TenantUser
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
DeleteActionConfirmation:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
- TenantUser
claims: [ ]
clients: [ ]
allowAnonymous: false
@ -1153,6 +1025,7 @@ permissions:
ViewDescriptionTemplateTypePage:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
clients: [ ]
allowAnonymous: false
@ -1172,6 +1045,7 @@ permissions:
ViewNotificationTemplatePage:
roles:
- Admin
- TenantAdmin
- TenantConfigManager
clients: [ ]
allowAnonymous: false
@ -1179,6 +1053,7 @@ permissions:
ViewSupportiveMaterialPage:
roles:
- Admin
- TenantAdmin
- TenantConfigManager
clients: [ ]
allowAnonymous: false
@ -1186,6 +1061,7 @@ permissions:
ViewLanguagePage:
roles:
- Admin
- TenantAdmin
- TenantConfigManager
clients: [ ]
allowAnonymous: false
@ -1233,6 +1109,7 @@ permissions:
ViewDescriptionTemplatePage:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
clients: [ ]
allowAnonymous: false
@ -1240,6 +1117,7 @@ permissions:
ViewDmpBlueprintPage:
roles:
- Admin
- TenantAdmin
- TenantPlanManager
clients: [ ]
allowAnonymous: false
@ -1257,9 +1135,6 @@ permissions:
ViewMyDescriptionPage:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
- TenantUser
clients: [ ]
@ -1268,9 +1143,6 @@ permissions:
ViewMyDmpPage:
roles:
- Admin
- InstallationAdmin
- TenantPlanManager
- TenantConfigManager
- TenantAdmin
- TenantUser
clients: [ ]

4
notification-service/notification-web/src/main/resources/config/permissions.yml
View File

@ -146,6 +146,7 @@ permissions:
ViewNotificationTemplatePage:
roles:
- Admin
- TenantAdmin
- TenantConfigManager
clients: [ ]
allowAnonymous: false
@ -155,6 +156,7 @@ permissions:
BrowseNotificationTemplate:
roles:
- Admin
- TenantAdmin
- TenantConfigManager
clients: [ ]
allowAnonymous: false
@ -162,6 +164,7 @@ permissions:
EditNotificationTemplate:
roles:
- Admin
- TenantAdmin
- TenantConfigManager
clients: [ ]
allowAnonymous: false
@ -169,6 +172,7 @@ permissions:
DeleteNotificationTemplate:
roles:
- Admin
- TenantAdmin
- TenantConfigManager
clients: [ ]
allowAnonymous: false