Added dmp user censor

2023-11-07 14:44:26 +02:00 · 2023-11-07 14:44:26 +02:00 · 4a8c3640de
parent 001cd0828b
commit 4a8c3640de
3 changed files with 71 additions and 0 deletions
--- a/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java
@ -56,6 +56,11 @@ public final class Permission {
 	public static String EditDmpDescriptionTemplate = "EditDmpDescriptionTemplate";
 	public static String DeleteDmpDescriptionTemplate = "DeleteDmpDescriptionTemplate";

+	//DmpUser
+	public static String BrowseDmpUser = "BrowseDmpUser";
+	public static String EditDmpUser = "EditDmpUser";
+	public static String DeleteDmpUser = "DeleteDmpUser";
+
 	//Description
 	public static String BrowseDescription = "BrowseDescription";
 	public static String EditDescription = "EditDescription";
--- a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/DmpUserCensor.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/DmpUserCensor.java
@ -0,0 +1,45 @@
+package eu.eudat.model.censorship;
+
+import eu.eudat.authorization.Permission;
+import eu.eudat.convention.ConventionService;
+import eu.eudat.model.DmpDescriptionTemplate;
+import eu.eudat.model.DmpUser;
+import eu.eudat.model.UserDescriptionTemplate;
+import gr.cite.commons.web.authz.service.AuthorizationService;
+import gr.cite.tools.data.censor.CensorFactory;
+import gr.cite.tools.fieldset.FieldSet;
+import gr.cite.tools.logging.DataLogEntry;
+import gr.cite.tools.logging.LoggerService;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.config.ConfigurableBeanFactory;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Component;
+
+import java.util.UUID;
+
+@Component
+@Scope(value = ConfigurableBeanFactory.SCOPE_PROTOTYPE)
+public class DmpUserCensor extends BaseCensor {
+
+    private static final LoggerService logger = new LoggerService(LoggerFactory.getLogger(DmpUserCensor.class));
+
+    protected final AuthorizationService authService;
+    protected final CensorFactory censorFactory;
+
+    public DmpUserCensor(ConventionService conventionService, AuthorizationService authService, CensorFactory censorFactory) {
+        super(conventionService);
+        this.authService = authService;
+        this.censorFactory = censorFactory;
+    }
+
+    public void censor(FieldSet fields, UUID userId) {
+        logger.debug(new DataLogEntry("censoring fields", fields));
+        if (fields == null || fields.isEmpty())
+            return;
+
+        this.authService.authorizeForce(Permission.BrowseDmpUser);
+        FieldSet dmpFields = fields.extractPrefixed(this.asIndexerPrefix(DmpUser._dmp));
+        this.censorFactory.censor(DmpCensor.class).censor(dmpFields, userId);
+    }
+
+}
--- a/dmp-backend/web/src/main/resources/config/permissions.yml
+++ b/dmp-backend/web/src/main/resources/config/permissions.yml
@ -321,6 +321,27 @@ permissions:
      allowAnonymous: false
      allowAuthenticated: false

+      # DmpUser Permissions
+      BrowseDmpUser:
+        roles:
+          - Admin
+        clients: [ ]
+        allowAnonymous: false
+        allowAuthenticated: false
+      EditDmpUser:
+        roles:
+          - Admin
+        clients: [ ]
+        allowAnonymous: false
+        allowAuthenticated: false
+      DeleteDmpUser:
+        roles:
+          - Admin
+        claims: [ ]
+        clients: [ ]
+        allowAnonymous: false
+        allowAuthenticated: false
+
    # SupportiveMaterial Permissions
    BrowseSupportiveMaterial:
      roles: