From 52e59ac11c54ccce6a7cc416728eb2f37eb5dea8 Mon Sep 17 00:00:00 2001 From: sgiannopoulos Date: Wed, 18 Oct 2023 18:52:03 +0300 Subject: [PATCH] task #9088 Authorization model should be changed to be Permission based --- .../eu/eudat/authorization/Permission.java | 13 + .../eudat/data/dao/DatabaseAccessLayer.java | 5 +- .../data/dao/entities/ContentDaoImpl.java | 3 +- .../eudat/data/dao/entities/DMPDaoImpl.java | 3 +- .../data/dao/entities/DMPProfileDaoImpl.java | 5 +- .../dao/entities/DataRepositoryDaoImpl.java | 3 +- .../eudat/data/dao/entities/DatasetDao.java | 3 +- .../data/dao/entities/DatasetDaoImpl.java | 8 +- .../DatasetExternalDatasetDaoImpl.java | 3 +- .../data/dao/entities/DatasetProfileDao.java | 5 +- .../dao/entities/DatasetProfileDaoImpl.java | 8 +- .../dao/entities/DatasetServiceDaoImpl.java | 3 +- .../entities/DmpDatasetProfileDaoImpl.java | 3 +- .../entities/EmailConfirmationDaoImpl.java | 3 +- .../eudat/data/dao/entities/EntityDoiDao.java | 3 +- .../data/dao/entities/EntityDoiDaoImpl.java | 5 +- .../dao/entities/ExternalDatasetDaoImpl.java | 3 +- .../data/dao/entities/FileUploadDao.java | 3 +- .../data/dao/entities/FileUploadDaoImpl.java | 5 +- .../data/dao/entities/FunderDaoImpl.java | 3 +- .../eudat/data/dao/entities/GrantDaoImpl.java | 4 +- .../data/dao/entities/InvitationDaoImpl.java | 3 +- .../eudat/data/dao/entities/LockDaoImpl.java | 3 +- .../dao/entities/NotificationDaoImpl.java | 3 +- .../dao/entities/OrganisationDaoImpl.java | 4 +- .../data/dao/entities/ProjectDaoImpl.java | 4 +- .../data/dao/entities/RegistryDaoImpl.java | 3 +- .../data/dao/entities/ResearcherDaoImpl.java | 3 +- .../data/dao/entities/ServiceDaoImpl.java | 3 +- .../entities/UserDatasetProfileDaoImpl.java | 3 +- .../data/dao/entities/UserDmpDaoImpl.java | 3 +- .../data/dao/entities/UserInfoDaoImpl.java | 3 +- .../eudat/data/dao/entities/UserRoleDao.java | 3 +- .../data/dao/entities/UserRoleDaoImpl.java | 5 +- .../dao/entities/security/CredentialDao.java | 3 +- .../entities/security/CredentialDaoImpl.java | 5 +- .../main/java/eu/eudat/query/DMPQuery.java | 4 +- .../java/eu/eudat/query/DatasetQuery.java | 4 +- .../main/java/eu/eudat/query/GrantQuery.java | 4 +- .../main/java/eu/eudat/query/LockQuery.java | 4 +- .../src/main/java/eu/eudat/query/Query.java | 3 +- .../eu/eudat/queryable/QueryableList.java | 32 +- .../QueryableHibernateList.java | 35 +-- .../jpa/predicates/SinglePredicate.java | 4 +- .../configurations/WebMVCConfiguration.java | 22 +- .../main/java/eu/eudat/controllers/Admin.java | 66 +++-- .../eu/eudat/controllers/ContactEmail.java | 13 +- .../controllers/DMPProfileController.java | 75 +++-- .../main/java/eu/eudat/controllers/DMPs.java | 155 ++++++---- .../controllers/DashBoardController.java | 31 +- .../eudat/controllers/DataRepositories.java | 22 +- .../controllers/DatasetProfileController.java | 17 +- .../eu/eudat/controllers/DatasetProfiles.java | 5 +- .../java/eu/eudat/controllers/Datasets.java | 119 +++++--- .../eudat/controllers/DepositController.java | 27 +- .../eudat/controllers/EmailConfirmation.java | 17 +- .../controllers/EmailMergeConfirmation.java | 4 +- .../controllers/EmailUnlinkConfirmation.java | 4 +- .../eudat/controllers/ExternalDatasets.java | 30 +- .../eu/eudat/controllers/FileController.java | 30 +- .../java/eu/eudat/controllers/Funders.java | 14 +- .../java/eu/eudat/controllers/Grants.java | 35 ++- .../eudat/controllers/JournalsController.java | 16 +- .../eudat/controllers/LanguageController.java | 3 - .../java/eu/eudat/controllers/Licenses.java | 11 +- .../eu/eudat/controllers/LockController.java | 31 +- .../controllers/ManagementController.java | 18 +- .../eu/eudat/controllers/Organisations.java | 20 +- .../java/eu/eudat/controllers/Projects.java | 14 +- .../PubRepositoriesController.java | 16 +- .../controllers/PublicationsController.java | 11 +- .../controllers/QuickWizardController.java | 34 ++- .../java/eu/eudat/controllers/Registries.java | 20 +- .../eu/eudat/controllers/Researchers.java | 22 +- .../java/eu/eudat/controllers/Services.java | 20 +- .../controllers/TaxonomiesController.java | 11 +- .../controllers/UserInvitationController.java | 29 +- .../main/java/eu/eudat/controllers/Users.java | 52 +++- .../java/eu/eudat/controllers/Validation.java | 13 +- .../ControllerErrorHandler.java | 3 - .../DescriptionTemplateTypeV2Controller.java | 8 - .../controllers/v2/PrincipalController.java | 4 +- .../v2/SupportiveMaterialController.java | 11 +- .../handlers/PrincipalArgumentResolver.java | 86 ------ .../eu/eudat/logic/managers/AdminManager.java | 3 +- .../logic/managers/ContactEmailManager.java | 13 +- .../logic/managers/DashBoardManager.java | 51 ++-- .../managers/DataManagementPlanManager.java | 277 ++++++++++-------- .../DataManagementProfileManager.java | 27 +- .../logic/managers/DataRepositoryManager.java | 23 +- .../eudat/logic/managers/DatasetManager.java | 96 +++--- .../logic/managers/DatasetProfileManager.java | 40 ++- .../logic/managers/DatasetWizardManager.java | 13 +- .../eudat/logic/managers/DepositManager.java | 5 +- .../managers/EmailConfirmationManager.java | 17 +- .../managers/ExternalDatasetManager.java | 17 +- .../eu/eudat/logic/managers/FileManager.java | 7 +- .../eudat/logic/managers/FunderManager.java | 11 +- .../eu/eudat/logic/managers/GrantManager.java | 21 +- .../logic/managers/InvitationsManager.java | 37 ++- .../eu/eudat/logic/managers/LockManager.java | 32 +- .../MergeEmailConfirmationManager.java | 15 +- .../eudat/logic/managers/MetricsManager.java | 80 ++--- .../logic/managers/OrganisationsManager.java | 14 +- .../eudat/logic/managers/ProjectManager.java | 11 +- .../logic/managers/QuickWizardManager.java | 29 +- .../eu/eudat/logic/managers/RDAManager.java | 6 +- .../eudat/logic/managers/RegistryManager.java | 15 +- .../logic/managers/ResearcherManager.java | 15 +- .../eudat/logic/managers/ServiceManager.java | 23 +- .../UnlinkEmailConfirmationManager.java | 8 +- .../eu/eudat/logic/managers/UserManager.java | 39 +-- .../logic/managers/ValidationManager.java | 10 +- .../eudat/logic/mapper/elastic/DmpMapper.java | 3 +- .../security/claims/ClaimedAuthorities.java | 17 -- .../logic/security/claims/ClaimedRights.java | 17 -- .../AbstractAuthenticationService.java | 46 --- .../authentication/AuthenticationService.java | 19 -- ...erifiedUserEmailAuthenticationService.java | 60 ---- .../VerifiedUserAuthenticationService.java | 83 ------ .../notification/NotificationScheduleJob.java | 4 +- .../data/quickwizard/DmpQuickWizardModel.java | 9 +- .../data/rda/DatasetRDAExportModel.java | 8 +- .../models/data/rda/DmpRDAExportModel.java | 5 +- .../eudat/models/data/rda/RDAExportModel.java | 5 +- .../eudat/models/rda/mapper/DmpRDAMapper.java | 18 +- .../eu/eudat/models/v2/AccountBuilder.java | 3 +- .../FluentValidatorBuilder.java | 11 +- .../predicates/FieldSelector.java | 4 +- .../rules/AbstractFluentValidatorRule.java | 4 +- .../fluentvalidator/rules/CompareRule.java | 4 +- .../fluentvalidator/rules/NotEmptyRule.java | 4 +- ...ublicDatasetsDescriptionDocumentation.java | 4 - .../src/main/resources/config/permissions.yml | 44 +++ 134 files changed, 1464 insertions(+), 1237 deletions(-) delete mode 100644 dmp-backend/web/src/main/java/eu/eudat/logic/handlers/PrincipalArgumentResolver.java delete mode 100644 dmp-backend/web/src/main/java/eu/eudat/logic/security/claims/ClaimedAuthorities.java delete mode 100644 dmp-backend/web/src/main/java/eu/eudat/logic/security/claims/ClaimedRights.java delete mode 100644 dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/AbstractAuthenticationService.java delete mode 100644 dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/AuthenticationService.java delete mode 100644 dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/NonVerifiedUserEmailAuthenticationService.java delete mode 100644 dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/VerifiedUserAuthenticationService.java diff --git a/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java b/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java index 947de0f03..3f4d15035 100644 --- a/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java +++ b/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java @@ -1,7 +1,20 @@ package eu.eudat.authorization; public final class Permission { + /////// Should Remove after Refactor + public static String AnonymousRole = "AnonymousRole"; + public static String AdminRole = "AdminRole"; + public static String ManagerRole = "ManagerRole"; + public static String UserRole = "UserRole"; + public static String AuthenticatedRole = "AuthenticatedRole"; + public static String PublicRole = "PublicRole"; + public static String DatasetProfileManagerRole = "DatasetProfileManagerRole"; + + ///// + + + //Language public static String BrowseLanguage = "BrowseLanguage"; public static String EditLanguage = "EditLanguage"; diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/DatabaseAccessLayer.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/DatabaseAccessLayer.java index dd6f524db..f44badc72 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/DatabaseAccessLayer.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/DatabaseAccessLayer.java @@ -4,6 +4,7 @@ package eu.eudat.data.dao; import eu.eudat.queryable.QueryableList; import eu.eudat.queryable.queryableentity.DataEntity; +import javax.management.InvalidApplicationException; import java.util.concurrent.CompletableFuture; public interface DatabaseAccessLayer { @@ -11,9 +12,9 @@ public interface DatabaseAccessLayer { CompletableFuture createOrUpdateAsync(T item); - T find(I id); + T find(I id) throws InvalidApplicationException; - T find(I id, String hint); + T find(I id, String hint) throws InvalidApplicationException; void delete(T item); diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ContentDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ContentDaoImpl.java index 2ebc1dfaf..da2a892dc 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ContentDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ContentDaoImpl.java @@ -8,6 +8,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Service; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -34,7 +35,7 @@ public class ContentDaoImpl extends DatabaseAccess implements ContentDa } @Override - public Content find(UUID id) { + public Content find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(Content.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DMPDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DMPDaoImpl.java index 27b49a4cb..e67a6ac22 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DMPDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DMPDaoImpl.java @@ -17,6 +17,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.Arrays; import java.util.Date; import java.util.List; @@ -115,7 +116,7 @@ public class DMPDaoImpl extends DatabaseAccess implements DMPDao { } @Override - public DMP find(UUID id) { + public DMP find(UUID id) throws InvalidApplicationException { return getDatabaseService().getQueryable(DMP.class).where((builder, root) -> builder.equal((root.get("id")), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DMPProfileDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DMPProfileDaoImpl.java index 9d3392be5..b8b811472 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DMPProfileDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DMPProfileDaoImpl.java @@ -10,6 +10,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Service; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -37,12 +38,12 @@ public class DMPProfileDaoImpl extends DatabaseAccess implements DMP @Override - public DMPProfile find(UUID id) { + public DMPProfile find(UUID id) throws InvalidApplicationException { return getDatabaseService().getQueryable(DMPProfile.class).where((builder, root) -> builder.equal((root.get("id")), id)).getSingle(); } @Override - public DMPProfile find(UUID id, String hint) { + public DMPProfile find(UUID id, String hint) throws InvalidApplicationException { return getDatabaseService().getQueryable(DMPProfile.class).where((builder, root) -> builder.equal((root.get("id")), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DataRepositoryDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DataRepositoryDaoImpl.java index f64e1089a..7175ed1cb 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DataRepositoryDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DataRepositoryDaoImpl.java @@ -9,6 +9,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -33,7 +34,7 @@ public class DataRepositoryDaoImpl extends DatabaseAccess implem } @Override - public DataRepository find(UUID id) { + public DataRepository find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(DataRepository.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetDao.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetDao.java index 6683a9ab1..2d66b03f9 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetDao.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetDao.java @@ -6,6 +6,7 @@ import eu.eudat.data.old.Dataset; import eu.eudat.data.old.UserInfo; import eu.eudat.queryable.QueryableList; +import javax.management.InvalidApplicationException; import java.util.List; import java.util.UUID; @@ -17,6 +18,6 @@ public interface DatasetDao extends DatabaseAccessLayer { QueryableList getAuthenticated(QueryableList query, UserInfo principal, List roles); - Dataset isPublicDataset(UUID id); + Dataset isPublicDataset(UUID id) throws InvalidApplicationException; } \ No newline at end of file diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetDaoImpl.java index 4b9f25395..98c6b2abc 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetDaoImpl.java @@ -16,6 +16,8 @@ import org.springframework.stereotype.Component; import jakarta.persistence.criteria.Join; import jakarta.persistence.criteria.JoinType; + +import javax.management.InvalidApplicationException; import java.util.Arrays; import java.util.Date; import java.util.List; @@ -102,19 +104,19 @@ public class DatasetDaoImpl extends DatabaseAccess implements DatasetDa } @Override - public Dataset find(UUID id) { + public Dataset find(UUID id) throws InvalidApplicationException { return getDatabaseService().getQueryable(Dataset.class) .where((builder, root) -> builder.and(builder.notEqual(root.get("status"),Dataset.Status.DELETED.getValue()), builder.notEqual(root.get("status"),Dataset.Status.CANCELED.getValue()), builder.equal((root.get("id")), id))).getSingle(); } @Override - public Dataset find(UUID id, String hint) { + public Dataset find(UUID id, String hint) throws InvalidApplicationException { return getDatabaseService().getQueryable(Dataset.getHints(), Dataset.class).withHint(hint) .where((builder, root) -> builder.and(builder.notEqual(root.get("status"),Dataset.Status.DELETED.getValue()), builder.notEqual(root.get("status"),Dataset.Status.CANCELED.getValue()), builder.equal((root.get("id")), id))).getSingle(); } @Override - public Dataset isPublicDataset(UUID id) { + public Dataset isPublicDataset(UUID id) throws InvalidApplicationException { QueryableList query = getDatabaseService().getQueryable(Dataset.getHints(), Dataset.class); query.where(((builder, root) -> builder.equal(root.get("id"), id))); diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetExternalDatasetDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetExternalDatasetDaoImpl.java index 7fee74ca0..8bcb2ff07 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetExternalDatasetDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetExternalDatasetDaoImpl.java @@ -8,6 +8,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -34,7 +35,7 @@ public class DatasetExternalDatasetDaoImpl extends DatabaseAccess builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetProfileDao.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetProfileDao.java index fef12c40d..a4873dedd 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetProfileDao.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetProfileDao.java @@ -6,6 +6,7 @@ import eu.eudat.data.dao.criteria.DatasetProfileCriteria; import eu.eudat.data.old.DescriptionTemplate; import eu.eudat.queryable.QueryableList; +import javax.management.InvalidApplicationException; import java.util.List; import java.util.UUID; @@ -17,8 +18,8 @@ public interface DatasetProfileDao extends DatabaseAccessLayer getAuthenticated(QueryableList query, UUID principal, List roles); - List getAllIds(); + List getAllIds() throws InvalidApplicationException; - Long countWithType(DescriptionTemplateTypeEntity type); + Long countWithType(DescriptionTemplateTypeEntity type) throws InvalidApplicationException; } \ No newline at end of file diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetProfileDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetProfileDaoImpl.java index 2c5d3b393..234e0ed7b 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetProfileDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetProfileDaoImpl.java @@ -14,6 +14,8 @@ import org.springframework.stereotype.Component; import jakarta.persistence.criteria.Join; import jakarta.persistence.criteria.JoinType; + +import javax.management.InvalidApplicationException; import java.util.Arrays; import java.util.Collections; import java.util.List; @@ -78,7 +80,7 @@ public class DatasetProfileDaoImpl extends DatabaseAccess i } @Override - public DescriptionTemplate find(UUID id) { + public DescriptionTemplate find(UUID id) throws InvalidApplicationException { return getDatabaseService().getQueryable(DescriptionTemplate.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } @@ -88,7 +90,7 @@ public class DatasetProfileDaoImpl extends DatabaseAccess i } @Override - public List getAllIds(){ + public List getAllIds() throws InvalidApplicationException { return getDatabaseService().getQueryable(DescriptionTemplate.class).withFields(Collections.singletonList("id")).toList(); } @@ -128,7 +130,7 @@ public class DatasetProfileDaoImpl extends DatabaseAccess i } @Override - public Long countWithType(DescriptionTemplateTypeEntity type) { + public Long countWithType(DescriptionTemplateTypeEntity type) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(DescriptionTemplate.class).where((builder, root) -> builder.equal(root.get("type"), type)).count(); } } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetServiceDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetServiceDaoImpl.java index f1dba039b..a19e1fd0b 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetServiceDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DatasetServiceDaoImpl.java @@ -8,6 +8,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -34,7 +35,7 @@ public class DatasetServiceDaoImpl extends DatabaseAccess implem } @Override - public DatasetService find(UUID id) { + public DatasetService find(UUID id) throws InvalidApplicationException { return getDatabaseService().getQueryable(DatasetService.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DmpDatasetProfileDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DmpDatasetProfileDaoImpl.java index 1bca0f6c1..2f6bd7bb3 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DmpDatasetProfileDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/DmpDatasetProfileDaoImpl.java @@ -8,6 +8,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Service; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -30,7 +31,7 @@ public class DmpDatasetProfileDaoImpl extends DatabaseAccess } @Override - public DMPDatasetProfile find(UUID id) { + public DMPDatasetProfile find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(DMPDatasetProfile.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/EmailConfirmationDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/EmailConfirmationDaoImpl.java index b7a17c507..5259fab91 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/EmailConfirmationDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/EmailConfirmationDaoImpl.java @@ -8,6 +8,7 @@ import eu.eudat.queryable.QueryableList; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -35,7 +36,7 @@ public class EmailConfirmationDaoImpl extends DatabaseAccess } @Override - public EmailConfirmation find(UUID id) { + public EmailConfirmation find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(EmailConfirmation.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/EntityDoiDao.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/EntityDoiDao.java index b675cc138..48fc74988 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/EntityDoiDao.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/EntityDoiDao.java @@ -3,8 +3,9 @@ package eu.eudat.data.dao.entities; import eu.eudat.data.dao.DatabaseAccessLayer; import eu.eudat.data.old.EntityDoi; +import javax.management.InvalidApplicationException; import java.util.UUID; public interface EntityDoiDao extends DatabaseAccessLayer { - EntityDoi findFromDoi(String doi); + EntityDoi findFromDoi(String doi) throws InvalidApplicationException; } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/EntityDoiDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/EntityDoiDaoImpl.java index c955dda63..782b4c380 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/EntityDoiDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/EntityDoiDaoImpl.java @@ -7,6 +7,7 @@ import eu.eudat.queryable.QueryableList; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -30,12 +31,12 @@ public class EntityDoiDaoImpl extends DatabaseAccess implements Entit } @Override - public EntityDoi find(UUID id) { + public EntityDoi find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(EntityDoi.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } @Override - public EntityDoi findFromDoi(String doi) { + public EntityDoi findFromDoi(String doi) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(EntityDoi.class).where((builder, root) -> builder.equal(root.get("doi"), doi)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ExternalDatasetDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ExternalDatasetDaoImpl.java index e328bdcc2..c90abfc5a 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ExternalDatasetDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ExternalDatasetDaoImpl.java @@ -9,6 +9,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -39,7 +40,7 @@ public class ExternalDatasetDaoImpl extends DatabaseAccess impl } @Override - public ExternalDataset find(UUID id) { + public ExternalDataset find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(ExternalDataset.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/FileUploadDao.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/FileUploadDao.java index f98fd5890..3fdc74cb0 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/FileUploadDao.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/FileUploadDao.java @@ -3,9 +3,10 @@ package eu.eudat.data.dao.entities; import eu.eudat.data.dao.DatabaseAccessLayer; import eu.eudat.data.old.FileUpload; +import javax.management.InvalidApplicationException; import java.util.List; import java.util.UUID; public interface FileUploadDao extends DatabaseAccessLayer { - List getFileUploads(UUID entityId); + List getFileUploads(UUID entityId) throws InvalidApplicationException; } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/FileUploadDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/FileUploadDaoImpl.java index 491f92faf..59fb93b76 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/FileUploadDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/FileUploadDaoImpl.java @@ -7,6 +7,7 @@ import eu.eudat.queryable.QueryableList; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.List; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -30,12 +31,12 @@ public class FileUploadDaoImpl extends DatabaseAccess implements Fil } @Override - public FileUpload find(UUID id) { + public FileUpload find(UUID id) throws InvalidApplicationException { return getDatabaseService().getQueryable(FileUpload.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } @Override - public List getFileUploads(UUID entityId) { + public List getFileUploads(UUID entityId) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(FileUpload.class).where((builder, root) -> builder.equal(root.get("entityId"), entityId)).toList(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/FunderDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/FunderDaoImpl.java index 30e1ee91b..395699416 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/FunderDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/FunderDaoImpl.java @@ -9,6 +9,7 @@ import eu.eudat.queryable.QueryableList; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -54,7 +55,7 @@ public class FunderDaoImpl extends DatabaseAccess implements FunderDao { } @Override - public Funder find(UUID id) { + public Funder find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(Funder.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/GrantDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/GrantDaoImpl.java index 740721dd9..ecf83ba4a 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/GrantDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/GrantDaoImpl.java @@ -13,6 +13,8 @@ import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; import jakarta.persistence.criteria.JoinType; + +import javax.management.InvalidApplicationException; import java.util.Date; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -69,7 +71,7 @@ public class GrantDaoImpl extends DatabaseAccess implements GrantDao { } @Override - public Grant find(UUID id) { + public Grant find(UUID id) throws InvalidApplicationException { return getDatabaseService().getQueryable(Grant.class).where((builder, root) -> builder.equal((root.get("id")), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/InvitationDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/InvitationDaoImpl.java index 9969caea8..123d72e2e 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/InvitationDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/InvitationDaoImpl.java @@ -9,6 +9,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Service; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -32,7 +33,7 @@ public class InvitationDaoImpl extends DatabaseAccess implements Inv } @Override - public Invitation find(UUID id) { + public Invitation find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(Invitation.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/LockDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/LockDaoImpl.java index 979a212e5..dbbce603f 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/LockDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/LockDaoImpl.java @@ -9,6 +9,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Service; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -44,7 +45,7 @@ public class LockDaoImpl extends DatabaseAccess implements LockDao { } @Override - public Lock find(UUID id) { + public Lock find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(Lock.class).where(((builder, root) -> builder.equal(root.get("id"), id))).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/NotificationDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/NotificationDaoImpl.java index 5b4e33152..b10142679 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/NotificationDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/NotificationDaoImpl.java @@ -8,6 +8,7 @@ import eu.eudat.queryable.QueryableList; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -39,7 +40,7 @@ public class NotificationDaoImpl extends DatabaseAccess implements } @Override - public Notification find(UUID id) { + public Notification find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(Notification.class).where(((builder, root) -> builder.equal(root.get("id"), id))).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/OrganisationDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/OrganisationDaoImpl.java index 22dea8fce..9ecf10190 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/OrganisationDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/OrganisationDaoImpl.java @@ -12,6 +12,8 @@ import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; import jakarta.persistence.criteria.JoinType; + +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -52,7 +54,7 @@ public class OrganisationDaoImpl extends DatabaseAccess implements } @Override - public Organisation find(UUID id) { + public Organisation find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(Organisation.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ProjectDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ProjectDaoImpl.java index 9f240148a..67270cb21 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ProjectDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ProjectDaoImpl.java @@ -9,6 +9,8 @@ import eu.eudat.queryable.QueryableList; import org.springframework.stereotype.Service; import jakarta.persistence.criteria.JoinType; + +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -52,7 +54,7 @@ public class ProjectDaoImpl extends DatabaseAccess implements ProjectDa } @Override - public Project find(UUID id) { + public Project find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(Project.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/RegistryDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/RegistryDaoImpl.java index 4651865f3..2ff6dc619 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/RegistryDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/RegistryDaoImpl.java @@ -9,6 +9,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -39,7 +40,7 @@ public class RegistryDaoImpl extends DatabaseAccess implements Registr } @Override - public Registry find(UUID id) { + public Registry find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(Registry.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ResearcherDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ResearcherDaoImpl.java index 1a94a9157..2e37cf91b 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ResearcherDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ResearcherDaoImpl.java @@ -9,6 +9,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -40,7 +41,7 @@ public class ResearcherDaoImpl extends DatabaseAccess implements Res } @Override - public Researcher find(UUID id) { + public Researcher find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(Researcher.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ServiceDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ServiceDaoImpl.java index 924b28970..b39d95d2f 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ServiceDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/ServiceDaoImpl.java @@ -9,6 +9,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -38,7 +39,7 @@ public class ServiceDaoImpl extends DatabaseAccess implements ServiceDa } @Override - public Service find(UUID id) { + public Service find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(Service.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserDatasetProfileDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserDatasetProfileDaoImpl.java index 5ee982d73..b11ee4f72 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserDatasetProfileDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserDatasetProfileDaoImpl.java @@ -8,6 +8,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -25,7 +26,7 @@ public class UserDatasetProfileDaoImpl extends DatabaseAccess builder.equal(root.get("id"), id)).getSingleOrDefault(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserDmpDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserDmpDaoImpl.java index ae94902d0..b5d7fd947 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserDmpDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserDmpDaoImpl.java @@ -8,6 +8,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -28,7 +29,7 @@ public class UserDmpDaoImpl extends DatabaseAccess implements UserDmpDa } @Override - public UserDMP find(UUID id) { + public UserDMP find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(UserDMP.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingleOrDefault(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserInfoDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserInfoDaoImpl.java index 699a99b14..416e5a5cc 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserInfoDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserInfoDaoImpl.java @@ -11,6 +11,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.Arrays; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -54,7 +55,7 @@ public class UserInfoDaoImpl extends DatabaseAccess implements UserInf } @Override - public UserInfo find(UUID id) { + public UserInfo find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(UserInfo.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingle(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserRoleDao.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserRoleDao.java index a43a26a56..4c3a407f3 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserRoleDao.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserRoleDao.java @@ -6,6 +6,7 @@ import eu.eudat.data.old.UserInfo; import eu.eudat.data.old.UserRole; import eu.eudat.queryable.QueryableList; +import javax.management.InvalidApplicationException; import java.util.List; import java.util.UUID; @@ -14,5 +15,5 @@ public interface UserRoleDao extends DatabaseAccessLayer { QueryableList getWithCriteria(UserRoleCriteria criteria); - List getUserRoles(UserInfo userInfo); + List getUserRoles(UserInfo userInfo) throws InvalidApplicationException; } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserRoleDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserRoleDaoImpl.java index 64cd1339c..25278a7c6 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserRoleDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/UserRoleDaoImpl.java @@ -10,6 +10,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.List; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -29,12 +30,12 @@ public class UserRoleDaoImpl extends DatabaseAccess implements UserRol } @Override - public UserRole find(UUID id) { + public UserRole find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(UserRole.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingleOrDefault(); } @Override - public List getUserRoles(UserInfo userInfo) { + public List getUserRoles(UserInfo userInfo) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(UserRole.class).where((builder, root) -> builder.equal(root.get("userInfo"), userInfo)).toList(); } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/security/CredentialDao.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/security/CredentialDao.java index 8e1ade6ba..4c6686741 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/security/CredentialDao.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/security/CredentialDao.java @@ -3,10 +3,11 @@ package eu.eudat.data.dao.entities.security; import eu.eudat.data.CredentialEntity; import eu.eudat.data.dao.DatabaseAccessLayer; +import javax.management.InvalidApplicationException; import java.util.UUID; public interface CredentialDao extends DatabaseAccessLayer { - CredentialEntity getLoggedInCredentials(String username, String secret, Integer provider); + CredentialEntity getLoggedInCredentials(String username, String secret, Integer provider) throws InvalidApplicationException; } diff --git a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/security/CredentialDaoImpl.java b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/security/CredentialDaoImpl.java index a470c3ce3..03b44ea1c 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/security/CredentialDaoImpl.java +++ b/dmp-backend/data/src/main/java/eu/eudat/data/dao/entities/security/CredentialDaoImpl.java @@ -7,6 +7,7 @@ import eu.eudat.queryable.QueryableList; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.UUID; import java.util.concurrent.CompletableFuture; @@ -25,12 +26,12 @@ public class CredentialDaoImpl extends DatabaseAccess implemen } @Override - public CredentialEntity find(UUID id) { + public CredentialEntity find(UUID id) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(CredentialEntity.class).where((builder, root) -> builder.equal(root.get("id"), id)).getSingleOrDefault(); } @Override - public CredentialEntity getLoggedInCredentials(String username, String secret, Integer provider) { + public CredentialEntity getLoggedInCredentials(String username, String secret, Integer provider) throws InvalidApplicationException { return this.getDatabaseService().getQueryable(CredentialEntity.class).where(((builder, root) -> builder.and( builder.equal(root.get("publicValue"), username), diff --git a/dmp-backend/data/src/main/java/eu/eudat/query/DMPQuery.java b/dmp-backend/data/src/main/java/eu/eudat/query/DMPQuery.java index 78d088ca7..3c7597285 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/query/DMPQuery.java +++ b/dmp-backend/data/src/main/java/eu/eudat/query/DMPQuery.java @@ -10,6 +10,8 @@ import eu.eudat.queryable.types.FieldSelectionType; import eu.eudat.queryable.types.SelectionField; import jakarta.persistence.criteria.Subquery; + +import javax.management.InvalidApplicationException; import java.util.Arrays; import java.util.Date; import java.util.List; @@ -115,7 +117,7 @@ public class DMPQuery extends Query { this.datasetQuery = datasetQuery; } - public QueryableList getQuery() { + public QueryableList getQuery() throws InvalidApplicationException { QueryableList query = this.databaseAccessLayer.asQueryable(); if (this.id != null) { query.where((builder, root) -> builder.equal(root.get("id"), this.id)); diff --git a/dmp-backend/data/src/main/java/eu/eudat/query/DatasetQuery.java b/dmp-backend/data/src/main/java/eu/eudat/query/DatasetQuery.java index b3f5f7164..a2f577f30 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/query/DatasetQuery.java +++ b/dmp-backend/data/src/main/java/eu/eudat/query/DatasetQuery.java @@ -8,6 +8,8 @@ import eu.eudat.queryable.types.FieldSelectionType; import eu.eudat.queryable.types.SelectionField; import jakarta.persistence.criteria.Subquery; + +import javax.management.InvalidApplicationException; import java.util.Arrays; import java.util.List; import java.util.UUID; @@ -51,7 +53,7 @@ public class DatasetQuery extends Query { } @Override - public QueryableList getQuery() { + public QueryableList getQuery() throws InvalidApplicationException { QueryableList query = this.databaseAccessLayer.asQueryable(); if (this.id != null) { query.where((builder, root) -> builder.equal(root.get("id"), this.id)); diff --git a/dmp-backend/data/src/main/java/eu/eudat/query/GrantQuery.java b/dmp-backend/data/src/main/java/eu/eudat/query/GrantQuery.java index cb078f982..b3a502da2 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/query/GrantQuery.java +++ b/dmp-backend/data/src/main/java/eu/eudat/query/GrantQuery.java @@ -8,6 +8,8 @@ import eu.eudat.queryable.types.FieldSelectionType; import eu.eudat.queryable.types.SelectionField; import jakarta.persistence.criteria.Subquery; + +import javax.management.InvalidApplicationException; import java.util.Arrays; import java.util.Date; import java.util.List; @@ -88,7 +90,7 @@ public class GrantQuery extends Query { } @Override - public QueryableList getQuery() { + public QueryableList getQuery() throws InvalidApplicationException { QueryableList query = this.databaseAccessLayer.asQueryable(); if (this.id != null) query.where((builder, root) -> builder.equal(root.get("id"), this.id)); diff --git a/dmp-backend/data/src/main/java/eu/eudat/query/LockQuery.java b/dmp-backend/data/src/main/java/eu/eudat/query/LockQuery.java index 1e6851e4c..2968ec9ef 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/query/LockQuery.java +++ b/dmp-backend/data/src/main/java/eu/eudat/query/LockQuery.java @@ -8,6 +8,8 @@ import eu.eudat.queryable.types.FieldSelectionType; import eu.eudat.queryable.types.SelectionField; import jakarta.persistence.criteria.Subquery; + +import javax.management.InvalidApplicationException; import java.util.Arrays; import java.util.Date; import java.util.List; @@ -61,7 +63,7 @@ public class LockQuery extends Query { } @Override - public QueryableList getQuery() { + public QueryableList getQuery() throws InvalidApplicationException { QueryableList query = this.databaseAccessLayer.asQueryable(); if (this.id != null) { query.where((builder, root) -> builder.equal(root.get("id"), this.id)); diff --git a/dmp-backend/data/src/main/java/eu/eudat/query/Query.java b/dmp-backend/data/src/main/java/eu/eudat/query/Query.java index effc6a1be..58bd09cbe 100644 --- a/dmp-backend/data/src/main/java/eu/eudat/query/Query.java +++ b/dmp-backend/data/src/main/java/eu/eudat/query/Query.java @@ -4,6 +4,7 @@ import eu.eudat.data.dao.DatabaseAccessLayer; import eu.eudat.queryable.QueryableList; import eu.eudat.queryable.queryableentity.DataEntity; +import javax.management.InvalidApplicationException; import java.util.LinkedList; import java.util.List; @@ -21,7 +22,7 @@ public abstract class Query { this.databaseAccessLayer = databaseAccessLayer; } - public abstract QueryableList getQuery(); + public abstract QueryableList getQuery() throws InvalidApplicationException; protected List getSelectionFields() { return selectionFields; diff --git a/dmp-backend/queryable/src/main/java/eu/eudat/queryable/QueryableList.java b/dmp-backend/queryable/src/main/java/eu/eudat/queryable/QueryableList.java index 45858815a..cb25278f0 100644 --- a/dmp-backend/queryable/src/main/java/eu/eudat/queryable/QueryableList.java +++ b/dmp-backend/queryable/src/main/java/eu/eudat/queryable/QueryableList.java @@ -7,6 +7,8 @@ import eu.eudat.queryable.types.SelectionField; import jakarta.persistence.criteria.Join; import jakarta.persistence.criteria.JoinType; import jakarta.persistence.criteria.Subquery; + +import javax.management.InvalidApplicationException; import java.util.List; import java.util.Map; import java.util.concurrent.CompletableFuture; @@ -14,27 +16,27 @@ import java.util.concurrent.CompletableFuture; public interface QueryableList { QueryableList where(SinglePredicate predicate); - List select(SelectPredicate predicate); + List select(SelectPredicate predicate) throws InvalidApplicationException; - CompletableFuture> selectAsync(SelectPredicate predicate); + CompletableFuture> selectAsync(SelectPredicate predicate) throws InvalidApplicationException; - List toList(); + List toList() throws InvalidApplicationException; - void update(EntitySelectPredicate selectPredicate, V value); + void update(EntitySelectPredicate selectPredicate, V value) throws InvalidApplicationException; QueryableList withFields(List fields); List toListWithFields(); - CompletableFuture> toListAsync(); + CompletableFuture> toListAsync() throws InvalidApplicationException; - T getSingle(); + T getSingle() throws InvalidApplicationException; - CompletableFuture getSingleAsync(); + CompletableFuture getSingleAsync() throws InvalidApplicationException; - T getSingleOrDefault(); + T getSingleOrDefault() throws InvalidApplicationException; - CompletableFuture getSingleOrDefaultAsync(); + CompletableFuture getSingleOrDefaultAsync() throws InvalidApplicationException; QueryableList skip(Integer offset); @@ -48,25 +50,25 @@ public interface QueryableList { QueryableList withHint(String hint); - Long count(); + Long count() throws InvalidApplicationException; QueryableList where(NestedQuerySinglePredicate predicate); - CompletableFuture countAsync(); + CompletableFuture countAsync() throws InvalidApplicationException; - Subquery query(List fields); + Subquery query(List fields) throws InvalidApplicationException; - Subquery subQuery(SinglePredicate predicate, List fields); + Subquery subQuery(SinglePredicate predicate, List fields) throws InvalidApplicationException; Subquery subQuery(NestedQuerySinglePredicate predicate, List fields); Subquery subQueryCount(NestedQuerySinglePredicate predicate, List fields); - Subquery subQueryCount(SinglePredicate predicate, List fields); + Subquery subQueryCount(SinglePredicate predicate, List fields) throws InvalidApplicationException; QueryableList initSubQuery(Class uClass); - Subquery subQueryMax(SinglePredicate predicate, List fields, Class uClass); + Subquery subQueryMax(SinglePredicate predicate, List fields, Class uClass) throws InvalidApplicationException; Subquery subQueryMax(NestedQuerySinglePredicate predicate, List fields, Class uClass); diff --git a/dmp-backend/queryable/src/main/java/eu/eudat/queryable/jpa/hibernatequeryablelist/QueryableHibernateList.java b/dmp-backend/queryable/src/main/java/eu/eudat/queryable/jpa/hibernatequeryablelist/QueryableHibernateList.java index 0e46d9df5..5397792ca 100644 --- a/dmp-backend/queryable/src/main/java/eu/eudat/queryable/jpa/hibernatequeryablelist/QueryableHibernateList.java +++ b/dmp-backend/queryable/src/main/java/eu/eudat/queryable/jpa/hibernatequeryablelist/QueryableHibernateList.java @@ -16,6 +16,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.scheduling.annotation.Async; +import javax.management.InvalidApplicationException; import java.util.*; import java.util.concurrent.CompletableFuture; import java.util.stream.Collectors; @@ -154,11 +155,11 @@ public class QueryableHibernateList implements QueryableLi return this; } - public List select(SelectPredicate predicate) { + public List select(SelectPredicate predicate) throws InvalidApplicationException { return this.toList().stream().map(predicate::applySelection).collect(Collectors.toList()); } - public CompletableFuture> selectAsync(SelectPredicate predicate) { + public CompletableFuture> selectAsync(SelectPredicate predicate) throws InvalidApplicationException { return this.toListAsync().thenApplyAsync(items -> items.stream().map(predicate::applySelection).collect(Collectors.toList())); } @@ -177,7 +178,7 @@ public class QueryableHibernateList implements QueryableLi return this; } - public Long count() { + public Long count() throws InvalidApplicationException { CriteriaBuilder criteriaBuilder = this.manager.getCriteriaBuilder(); CriteriaQuery criteriaQuery = criteriaBuilder.createQuery(Long.class); this.root = criteriaQuery.from(tClass); @@ -200,7 +201,7 @@ public class QueryableHibernateList implements QueryableLi } @Async - public CompletableFuture countAsync() { + public CompletableFuture countAsync() throws InvalidApplicationException { CriteriaBuilder criteriaBuilder = this.manager.getCriteriaBuilder(); CriteriaQuery criteriaQuery = criteriaBuilder.createQuery(Long.class); this.root = criteriaQuery.from(tClass); @@ -221,14 +222,14 @@ public class QueryableHibernateList implements QueryableLi }); } - private Predicate[] generateWherePredicates(List> singlePredicates, Root root, List> nestedPredicates, Root nestedQueryRoot) { + private Predicate[] generateWherePredicates(List> singlePredicates, Root root, List> nestedPredicates, Root nestedQueryRoot) throws InvalidApplicationException { List predicates = new LinkedList<>(); predicates.addAll(Arrays.asList(this.generateSingleWherePredicates(singlePredicates, root))); predicates.addAll(Arrays.asList(this.generateNestedWherePredicates(nestedPredicates, root, nestedQueryRoot))); return predicates.toArray(new Predicate[predicates.size()]); } - private Predicate[] generateSingleWherePredicates(List> singlePredicates, Root root) { + private Predicate[] generateSingleWherePredicates(List> singlePredicates, Root root) throws InvalidApplicationException { List predicates = new LinkedList<>(); for (SinglePredicate singlePredicate : singlePredicates) { predicates.add(singlePredicate.applyPredicate(this.manager.getCriteriaBuilder(), root)); @@ -260,7 +261,7 @@ public class QueryableHibernateList implements QueryableLi return predicates.toArray(new Expression[predicates.size()]); } - public List toList() { + public List toList() throws InvalidApplicationException { CriteriaBuilder builder = this.manager.getCriteriaBuilder(); if (!this.fields.isEmpty()) this.query = builder.createTupleQuery(); @@ -310,7 +311,7 @@ public class QueryableHibernateList implements QueryableLi } @Async - public CompletableFuture> toListAsync() { + public CompletableFuture> toListAsync() throws InvalidApplicationException { CriteriaBuilder builder = this.manager.getCriteriaBuilder(); if (!this.fields.isEmpty()) this.query = builder.createTupleQuery(); @@ -364,7 +365,7 @@ public class QueryableHibernateList implements QueryableLi }); } - public T getSingle() { + public T getSingle() throws InvalidApplicationException { CriteriaBuilder builder = this.manager.getCriteriaBuilder(); if (!this.fields.isEmpty()) this.query = builder.createTupleQuery(); @@ -381,7 +382,7 @@ public class QueryableHibernateList implements QueryableLi } @Async - public CompletableFuture getSingleAsync() { + public CompletableFuture getSingleAsync() throws InvalidApplicationException { CriteriaBuilder builder = this.manager.getCriteriaBuilder(); if (!this.fields.isEmpty()) this.query = builder.createTupleQuery(); @@ -397,7 +398,7 @@ public class QueryableHibernateList implements QueryableLi return CompletableFuture.supplyAsync(() -> typedQuery.getSingleResult()); } - public T getSingleOrDefault() { + public T getSingleOrDefault() throws InvalidApplicationException { CriteriaBuilder builder = this.manager.getCriteriaBuilder(); if (!this.fields.isEmpty()) this.query = builder.createTupleQuery(); @@ -420,7 +421,7 @@ public class QueryableHibernateList implements QueryableLi } @Async - public CompletableFuture getSingleOrDefaultAsync() { + public CompletableFuture getSingleOrDefaultAsync() throws InvalidApplicationException { CriteriaBuilder builder = this.manager.getCriteriaBuilder(); if (!this.fields.isEmpty()) this.query = builder.createTupleQuery(); @@ -460,7 +461,7 @@ public class QueryableHibernateList implements QueryableLi } @Override - public Subquery subQuery(SinglePredicate predicate, List fields) { + public Subquery subQuery(SinglePredicate predicate, List fields) throws InvalidApplicationException { Subquery subquery = this.manager.getCriteriaBuilder().createQuery().subquery(this.tClass); this.nestedQueryRoot = subquery.from(this.tClass); subquery.where(predicate.applyPredicate(this.manager.getCriteriaBuilder(), this.nestedQueryRoot)); @@ -486,7 +487,7 @@ public class QueryableHibernateList implements QueryableLi } @Override - public Subquery subQueryCount(SinglePredicate predicate, List fields) { + public Subquery subQueryCount(SinglePredicate predicate, List fields) throws InvalidApplicationException { Subquery subquery = this.manager.getCriteriaBuilder().createQuery().subquery(Long.class); this.nestedQueryRoot = subquery.from(this.tClass); subquery.where(predicate.applyPredicate(this.manager.getCriteriaBuilder(), this.nestedQueryRoot)); @@ -504,7 +505,7 @@ public class QueryableHibernateList implements QueryableLi } @Override - public Subquery subQueryMax(SinglePredicate predicate, List fields, Class uClass) { + public Subquery subQueryMax(SinglePredicate predicate, List fields, Class uClass) throws InvalidApplicationException { Subquery subquery = this.manager.getCriteriaBuilder().createQuery().subquery(uClass); this.nestedQueryRoot = subquery.from(this.tClass); subquery.where(predicate.applyPredicate(this.manager.getCriteriaBuilder(), this.nestedQueryRoot)); @@ -537,7 +538,7 @@ public class QueryableHibernateList implements QueryableLi } @Override - public Subquery query(List fields) { + public Subquery query(List fields) throws InvalidApplicationException { CriteriaBuilder builder = this.manager.getCriteriaBuilder(); Subquery query = builder.createQuery().subquery(this.tClass); this.root = query.from(this.tClass); @@ -553,7 +554,7 @@ public class QueryableHibernateList implements QueryableLi } @Override - public void update(EntitySelectPredicate selectPredicate, V value) { + public void update(EntitySelectPredicate selectPredicate, V value) throws InvalidApplicationException { CriteriaBuilder builder = this.manager .getCriteriaBuilder(); CriteriaUpdate update = builder diff --git a/dmp-backend/queryable/src/main/java/eu/eudat/queryable/jpa/predicates/SinglePredicate.java b/dmp-backend/queryable/src/main/java/eu/eudat/queryable/jpa/predicates/SinglePredicate.java index 88e886847..fbbcb8dbc 100644 --- a/dmp-backend/queryable/src/main/java/eu/eudat/queryable/jpa/predicates/SinglePredicate.java +++ b/dmp-backend/queryable/src/main/java/eu/eudat/queryable/jpa/predicates/SinglePredicate.java @@ -4,6 +4,8 @@ import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.Predicate; import jakarta.persistence.criteria.Root; +import javax.management.InvalidApplicationException; + public interface SinglePredicate { - Predicate applyPredicate(CriteriaBuilder builder, Root root); + Predicate applyPredicate(CriteriaBuilder builder, Root root) throws InvalidApplicationException; } diff --git a/dmp-backend/web/src/main/java/eu/eudat/configurations/WebMVCConfiguration.java b/dmp-backend/web/src/main/java/eu/eudat/configurations/WebMVCConfiguration.java index 8170b8c72..23d5f66eb 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/configurations/WebMVCConfiguration.java +++ b/dmp-backend/web/src/main/java/eu/eudat/configurations/WebMVCConfiguration.java @@ -1,11 +1,6 @@ package eu.eudat.configurations; -import eu.eudat.commons.scope.user.UserScope; import eu.eudat.interceptors.UserInterceptor; -import eu.eudat.logic.handlers.PrincipalArgumentResolver; -import eu.eudat.logic.services.ApiContext; -import eu.eudat.logic.services.operations.authentication.AuthenticationService; -import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.scheduling.annotation.EnableAsync; @@ -21,28 +16,15 @@ import java.util.List; @EnableScheduling public class WebMVCConfiguration implements WebMvcConfigurer { - private ApiContext apiContext; - - private AuthenticationService verifiedUserAuthenticationService; - private AuthenticationService nonVerifiedUserAuthenticationService; private final UserInterceptor userInterceptor; - private final UserScope userScope; - private final CurrentPrincipalResolver currentPrincipalResolver; - - @Autowired - public WebMVCConfiguration(ApiContext apiContext, AuthenticationService verifiedUserAuthenticationService, AuthenticationService nonVerifiedUserAuthenticationService, UserInterceptor userInterceptor, UserScope userScope, CurrentPrincipalResolver currentPrincipalResolver) { - this.apiContext = apiContext; - this.verifiedUserAuthenticationService = verifiedUserAuthenticationService; - this.nonVerifiedUserAuthenticationService = nonVerifiedUserAuthenticationService; + @Autowired + public WebMVCConfiguration(UserInterceptor userInterceptor) { this.userInterceptor = userInterceptor; - this.userScope = userScope; - this.currentPrincipalResolver = currentPrincipalResolver; } @Autowired @Override public void addArgumentResolvers(List argumentResolvers) { - argumentResolvers.add(new PrincipalArgumentResolver(verifiedUserAuthenticationService, nonVerifiedUserAuthenticationService, userScope, currentPrincipalResolver)); } @Override diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/Admin.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/Admin.java index 28e885c0c..dfee6159a 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/Admin.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/Admin.java @@ -1,5 +1,7 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.old.DescriptionTemplate; import eu.eudat.data.old.UserDatasetProfile; import eu.eudat.data.old.UserInfo; @@ -11,17 +13,16 @@ import eu.eudat.logic.managers.DatasetProfileManager; import eu.eudat.logic.managers.MetricsManager; import eu.eudat.logic.managers.UserManager; import eu.eudat.logic.proxy.config.configloaders.ConfigLoader; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.admin.composite.DatasetProfile; import eu.eudat.models.data.datasetprofile.DatasetProfileListingModel; import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.models.data.user.composite.PagedDatasetProfile; import eu.eudat.service.DescriptionTemplateTypeService; import eu.eudat.types.ApiMessageCode; import eu.eudat.types.MetricNames; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -30,6 +31,8 @@ import org.springframework.web.multipart.MultipartFile; import jakarta.transaction.Transactional; import jakarta.validation.Valid; + +import javax.management.InvalidApplicationException; import java.io.IOException; import java.util.List; import java.util.UUID; @@ -46,22 +49,28 @@ public class Admin extends BaseController { private UserManager userManager; private ConfigLoader configLoader; private final MetricsManager metricsManager; + private final AuthorizationService authorizationService; + private final UserScope userScope; private final DescriptionTemplateTypeService descriptionTemplateTypeService; @Autowired - public Admin(ApiContext apiContext, DatasetProfileManager datasetProfileManager, UserManager userManager/*, Logger logger*/, ConfigLoader configLoader, MetricsManager metricsManager, DescriptionTemplateTypeService descriptionTemplateTypeService) { + public Admin(ApiContext apiContext, DatasetProfileManager datasetProfileManager, UserManager userManager/*, Logger logger*/, ConfigLoader configLoader, MetricsManager metricsManager, AuthorizationService authorizationService, UserScope userScope, DescriptionTemplateTypeService descriptionTemplateTypeService) { super(apiContext); this.datasetProfileManager = datasetProfileManager; this.userManager = userManager; this.configLoader = configLoader; this.metricsManager = metricsManager; + this.authorizationService = authorizationService; + this.userScope = userScope; this.descriptionTemplateTypeService = descriptionTemplateTypeService; } @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/addDmp"}, consumes = "application/json", produces = "application/json") - public ResponseEntity addDmp(@Valid @RequestBody DatasetProfile profile, @ClaimedAuthorities(claims = {ADMIN ,DATASET_PROFILE_MANAGER}) Principal principal) throws Exception { + public ResponseEntity addDmp(@Valid @RequestBody DatasetProfile profile) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.DatasetProfileManagerRole); + //this.getLoggerService().info(principal, "Admin Added Dataset Profile"); DatasetProfile shortenProfile = profile.toShort(); DescriptionTemplate modelDefinition = AdminManager.generateViewStyleDefinition(shortenProfile, getApiContext(), descriptionTemplateTypeService); @@ -73,7 +82,7 @@ public class Admin extends BaseController { DescriptionTemplate descriptionTemplate = this.getApiContext().getOperationsContext().getDatabaseRepository().getDatasetProfileDao().createOrUpdate(modelDefinition); UserDatasetProfile userDatasetProfile = new UserDatasetProfile(); userDatasetProfile.setDatasetProfile(descriptionTemplate); - UserInfo userInfo = getApiContext().getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); + UserInfo userInfo = getApiContext().getOperationsContext().getDatabaseRepository().getUserInfoDao().find(this.userScope.getUserId()); userDatasetProfile.setUser(userInfo); userDatasetProfile.setRole(0); getApiContext().getOperationsContext().getDatabaseRepository().getUserDatasetProfileDao().createOrUpdate(userDatasetProfile); @@ -85,7 +94,9 @@ public class Admin extends BaseController { @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/addDmp/{id}"}, consumes = "application/json", produces = "application/json") - public ResponseEntity> updateDmp(@PathVariable String id, @RequestBody DatasetProfile profile, @ClaimedAuthorities(claims = {ADMIN, DATASET_PROFILE_MANAGER}) Principal principal) throws Exception { + public ResponseEntity> updateDmp(@PathVariable String id, @RequestBody DatasetProfile profile) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.DatasetProfileManagerRole); + DatasetProfile shortenProfile = profile.toShort(); DescriptionTemplate modelDefinition = AdminManager.generateViewStyleDefinition(shortenProfile, getApiContext(), descriptionTemplateTypeService); DescriptionTemplate datasetprofile = this.getApiContext().getOperationsContext().getDatabaseRepository().getDatasetProfileDao().find(UUID.fromString(id)); @@ -105,7 +116,9 @@ public class Admin extends BaseController { @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/newVersion/{id}"}, produces = "application/json") - public ResponseEntity newVersionDatasetProfile(@PathVariable String id, @RequestBody DatasetProfile profile, @ClaimedAuthorities(claims = {ADMIN, DATASET_PROFILE_MANAGER}) Principal principal) throws Exception { + public ResponseEntity newVersionDatasetProfile(@PathVariable String id, @RequestBody DatasetProfile profile) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.DatasetProfileManagerRole); + try { DescriptionTemplate modelDefinition = this.datasetProfileManager.createNewVersionDatasetProfile(id, profile); return ResponseEntity.status(HttpStatus.OK).body(modelDefinition.getId()); @@ -116,20 +129,26 @@ public class Admin extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"/get/{id}"}, produces = "application/json") @Transactional - public ResponseEntity> get(@PathVariable String id, @ClaimedAuthorities(claims = {ADMIN, DATASET_PROFILE_MANAGER}) Principal principal) { + public ResponseEntity> get(@PathVariable String id) throws InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.DatasetProfileManagerRole); + eu.eudat.models.data.admin.composite.DatasetProfile datasetprofile = this.datasetProfileManager.getDatasetProfile(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(datasetprofile)); } @RequestMapping(method = RequestMethod.POST, value = {"/datasetprofiles/getPaged"}, produces = "application/json") public @ResponseBody - ResponseEntity>> getPaged(@RequestBody DatasetProfileTableRequestItem datasetProfileTableRequestItem, @ClaimedAuthorities(claims = {ADMIN, DATASET_PROFILE_MANAGER}) Principal principal) throws Exception { - DataTableData datasetProfileTableData = this.datasetProfileManager.getPaged(datasetProfileTableRequestItem, principal); + ResponseEntity>> getPaged(@RequestBody DatasetProfileTableRequestItem datasetProfileTableRequestItem) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.DatasetProfileManagerRole); + + DataTableData datasetProfileTableData = this.datasetProfileManager.getPaged(datasetProfileTableRequestItem); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(datasetProfileTableData)); } @RequestMapping(method = RequestMethod.POST, value = {"/preview"}, consumes = "application/json", produces = "application/json") - public ResponseEntity> getPreview(@RequestBody DatasetProfile profile, @ClaimedAuthorities(claims = {ADMIN, DATASET_PROFILE_MANAGER}) Principal principal) throws Exception { + public ResponseEntity> getPreview(@RequestBody DatasetProfile profile) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.DatasetProfileManagerRole); + DescriptionTemplate modelDefinition = AdminManager.generateViewStyleDefinition(profile, getApiContext(), descriptionTemplateTypeService); eu.eudat.models.data.user.composite.DatasetProfile datasetProfile = userManager.generateDatasetProfileModel(modelDefinition); PagedDatasetProfile pagedDatasetProfile = new PagedDatasetProfile(); @@ -139,7 +158,9 @@ public class Admin extends BaseController { @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/datasetprofile/clone/{id}"}, consumes = "application/json", produces = "application/json") - public ResponseEntity> clone(@PathVariable String id, @ClaimedAuthorities(claims = {ADMIN, DATASET_PROFILE_MANAGER}) Principal principal) { + public ResponseEntity> clone(@PathVariable String id) throws InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.DatasetProfileManagerRole); + eu.eudat.models.data.admin.composite.DatasetProfile datasetprofile = this.datasetProfileManager.getDatasetProfile(id); datasetprofile.setLabel(datasetprofile.getLabel() + " new "); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().payload(datasetprofile)); @@ -148,18 +169,22 @@ public class Admin extends BaseController { @Transactional @RequestMapping(method = RequestMethod.DELETE, value = {"{id}"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> inactivate(@PathVariable String id, @ClaimedAuthorities(claims = {ADMIN, DATASET_PROFILE_MANAGER}) Principal principal) { + ResponseEntity> inactivate(@PathVariable String id) { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.DatasetProfileManagerRole); + try { DescriptionTemplate ret = AdminManager.inactivate(this.getApiContext().getOperationsContext().getDatabaseRepository().getDatasetProfileDao(), this.getApiContext().getOperationsContext().getDatabaseRepository().getDatasetDao(), id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE)); - } catch (DatasetProfileWithDatasetsExeption exception) { + } catch (DatasetProfileWithDatasetsExeption | InvalidApplicationException exception) { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ResponseItem().status(ApiMessageCode.UNSUCCESS_DELETE).message(exception.getMessage())); } } @Transactional @RequestMapping(method = RequestMethod.GET, value = {"/getXml/{id}"}, produces = "application/json") - public ResponseEntity getDatasetProfileXml(@PathVariable String id, @RequestHeader("Content-Type") String contentType, @ClaimedAuthorities(claims = {ADMIN, DATASET_PROFILE_MANAGER}) Principal principal) throws IllegalAccessException, IOException, InstantiationException { + public ResponseEntity getDatasetProfileXml(@PathVariable String id, @RequestHeader("Content-Type") String contentType) throws IllegalAccessException, IOException, InstantiationException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.DatasetProfileManagerRole); + if (contentType.equals("application/xml")) { DescriptionTemplate profile = this.getApiContext().getOperationsContext().getDatabaseRepository().getDatasetProfileDao().find(UUID.fromString(id)); eu.eudat.models.data.user.composite.DatasetProfile datasetProfile = userManager.generateDatasetProfileModel(profile); @@ -175,8 +200,9 @@ public class Admin extends BaseController { @RequestMapping(method = RequestMethod.POST, value = {"/upload", "/upload/{id}"}) public ResponseEntity setDatasetProfileXml(@RequestParam("file") MultipartFile file, - @PathVariable(value = "id", required = false) String id, - @ClaimedAuthorities(claims = {ADMIN, DATASET_PROFILE_MANAGER}) Principal principal) throws Exception { + @PathVariable(value = "id", required = false) String id) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.DatasetProfileManagerRole); + eu.eudat.logic.utilities.documents.xml.datasetProfileXml.datasetProfileModel.DatasetProfile datasetProfileModel = this.datasetProfileManager.createDatasetProfileFromXml(file); eu.eudat.models.data.admin.composite.DatasetProfile datasetProfileEntity = datasetProfileModel.toAdminCompositeModel(file.getOriginalFilename()); DescriptionTemplate modelDefinition; @@ -185,7 +211,7 @@ public class Admin extends BaseController { DescriptionTemplate descriptionTemplate = this.getApiContext().getOperationsContext().getDatabaseRepository().getDatasetProfileDao().createOrUpdate(modelDefinition); UserDatasetProfile userDatasetProfile = new UserDatasetProfile(); userDatasetProfile.setDatasetProfile(descriptionTemplate); - UserInfo userInfo = getApiContext().getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); + UserInfo userInfo = getApiContext().getOperationsContext().getDatabaseRepository().getUserInfoDao().find(userScope.getUserId()); userDatasetProfile.setUser(userInfo); userDatasetProfile.setRole(0); getApiContext().getOperationsContext().getDatabaseRepository().getUserDatasetProfileDao().createOrUpdate(userDatasetProfile); @@ -198,7 +224,9 @@ public class Admin extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"/getSemantics"}, produces = "application/json") - public ResponseEntity>> getSemantics(@RequestParam(value = "query", required = false) String query, @ClaimedAuthorities(claims = {ADMIN, DATASET_PROFILE_MANAGER}) Principal principal) { + public ResponseEntity>> getSemantics(@RequestParam(value = "query", required = false) String query) { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.DatasetProfileManagerRole); + List semantics = this.datasetProfileManager.getSemantics(query); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.SUCCESS_MESSAGE).payload(semantics)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/ContactEmail.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/ContactEmail.java index ed54fa55a..961f938af 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/ContactEmail.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/ContactEmail.java @@ -1,11 +1,12 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.logic.managers.ContactEmailManager; import eu.eudat.models.data.ContactEmail.ContactEmailModel; import eu.eudat.models.data.ContactEmail.PublicContactEmailModel; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; @@ -21,18 +22,22 @@ public class ContactEmail { private static final Logger logger = LoggerFactory.getLogger(ContactEmail.class); private ContactEmailManager contactEmailManager; + private final AuthorizationService authorizationService; - public ContactEmail(ContactEmailManager contactEmailManager) { + public ContactEmail(ContactEmailManager contactEmailManager, AuthorizationService authorizationService) { this.contactEmailManager = contactEmailManager; + this.authorizationService = authorizationService; } @Transactional @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity sendContactEmail(@RequestBody ContactEmailModel contactEmailModel, Principal principal) { + ResponseEntity sendContactEmail(@RequestBody ContactEmailModel contactEmailModel) { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + try { this.contactEmailManager.emailValidation(contactEmailModel); - this.contactEmailManager.sendContactEmail(contactEmailModel, principal); + this.contactEmailManager.sendContactEmail(contactEmailModel); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE)); } catch (Exception ex) { logger.error(ex.getMessage(), ex); diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/DMPProfileController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/DMPProfileController.java index ace473c77..e62f74c8c 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/DMPProfileController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/DMPProfileController.java @@ -1,5 +1,6 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.data.dao.criteria.RequestItem; import eu.eudat.data.old.DMPProfile; import eu.eudat.data.old.DescriptionTemplate; @@ -7,7 +8,6 @@ import eu.eudat.data.query.items.dmpblueprint.DataManagementPlanBlueprintTableRe import eu.eudat.data.query.items.table.dmpprofile.DataManagementPlanProfileTableRequest; import eu.eudat.exceptions.dmpblueprint.DmpBlueprintUsedException; import eu.eudat.logic.managers.DataManagementProfileManager; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.helpermodels.Tuple; import eu.eudat.models.data.helpers.common.AutoCompleteLookupItem; @@ -15,8 +15,8 @@ import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.models.data.helpers.responses.ResponseItem; import eu.eudat.models.data.listingmodels.DataManagementPlanBlueprintListingModel; import eu.eudat.models.data.listingmodels.DataManagementPlanProfileListingModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -25,6 +25,8 @@ import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; import jakarta.validation.Valid; + +import javax.management.InvalidApplicationException; import javax.xml.xpath.XPathExpressionException; import java.io.IOException; import java.util.List; @@ -39,62 +41,78 @@ import static eu.eudat.types.Authorities.ADMIN; @RequestMapping(value = {"/api/dmpprofile"}) public class DMPProfileController extends BaseController { - private DataManagementProfileManager dataManagementProfileManager; + private final DataManagementProfileManager dataManagementProfileManager; + private final AuthorizationService authorizationService; @Autowired - public DMPProfileController(ApiContext apiContext, DataManagementProfileManager dataManagementProfileManager) { + public DMPProfileController(ApiContext apiContext, DataManagementProfileManager dataManagementProfileManager, AuthorizationService authorizationService) { super(apiContext); this.dataManagementProfileManager = dataManagementProfileManager; + this.authorizationService = authorizationService; } @Transactional @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> createOrUpdate(@RequestBody DataManagementPlanProfileListingModel dataManagementPlan, @ClaimedAuthorities(claims = {ADMIN}) Principal principal) throws Exception { - this.dataManagementProfileManager.createOrUpdate(dataManagementPlan, principal); + ResponseEntity> createOrUpdate(@RequestBody DataManagementPlanProfileListingModel dataManagementPlan) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole); + + this.dataManagementProfileManager.createOrUpdate(dataManagementPlan); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Created")); } @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/blueprint"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> createOrUpdateBlueprint(@RequestBody DataManagementPlanBlueprintListingModel dataManagementPlan, @ClaimedAuthorities(claims = {ADMIN}) Principal principal) throws Exception { - this.dataManagementProfileManager.createOrUpdateBlueprint(dataManagementPlan, principal); + ResponseEntity> createOrUpdateBlueprint(@RequestBody DataManagementPlanBlueprintListingModel dataManagementPlan) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole); + + this.dataManagementProfileManager.createOrUpdateBlueprint(dataManagementPlan); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Created")); } @RequestMapping(method = RequestMethod.GET, value = {"/getSingle/{id}"}, produces = "application/json") public @ResponseBody - ResponseEntity> getSingle(@PathVariable String id, Principal principal) throws IllegalAccessException, InstantiationException { - DataManagementPlanProfileListingModel dataManagementPlanProfileListingModel = this.dataManagementProfileManager.getSingle(id, principal); + ResponseEntity> getSingle(@PathVariable String id) throws IllegalAccessException, InstantiationException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + DataManagementPlanProfileListingModel dataManagementPlanProfileListingModel = this.dataManagementProfileManager.getSingle(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlanProfileListingModel)); } @RequestMapping(method = RequestMethod.GET, value = {"/getSingleBlueprint/{id}"}, produces = "application/json") public @ResponseBody - ResponseEntity> getSingleBlueprint(@PathVariable String id, Principal principal) { - DataManagementPlanBlueprintListingModel dataManagementPlanBlueprintListingModel = this.dataManagementProfileManager.getSingleBlueprint(id, principal); + ResponseEntity> getSingleBlueprint(@PathVariable String id) throws InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + DataManagementPlanBlueprintListingModel dataManagementPlanBlueprintListingModel = this.dataManagementProfileManager.getSingleBlueprint(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlanBlueprintListingModel)); } @RequestMapping(method = RequestMethod.POST, value = {"/getPaged"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> getPaged(@Valid @RequestBody DataManagementPlanProfileTableRequest dataManagementPlanProfileTableRequest, Principal principal) throws Exception { - DataTableData dataTable = this.dataManagementProfileManager.getPaged(dataManagementPlanProfileTableRequest, principal); + ResponseEntity>> getPaged(@Valid @RequestBody DataManagementPlanProfileTableRequest dataManagementPlanProfileTableRequest) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + DataTableData dataTable = this.dataManagementProfileManager.getPaged(dataManagementPlanProfileTableRequest); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(dataTable)); } @RequestMapping(method = RequestMethod.POST, value = {"/getPagedBlueprint"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> getPagedBlueprint(@Valid @RequestBody DataManagementPlanBlueprintTableRequest dataManagementPlanBlueprintTableRequest, Principal principal) throws Exception { - DataTableData dataTable = this.dataManagementProfileManager.getPagedBlueprint(dataManagementPlanBlueprintTableRequest, principal); + ResponseEntity>> getPagedBlueprint(@Valid @RequestBody DataManagementPlanBlueprintTableRequest dataManagementPlanBlueprintTableRequest) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + DataTableData dataTable = this.dataManagementProfileManager.getPagedBlueprint(dataManagementPlanBlueprintTableRequest); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(dataTable)); } @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/clone/{id}"}, consumes = "application/json", produces = "application/json") - public ResponseEntity> clone(@PathVariable String id, @ClaimedAuthorities(claims = {ADMIN}) Principal principal) { - DataManagementPlanBlueprintListingModel dmpBlueprint = this.dataManagementProfileManager.getSingleBlueprint(id, principal); + public ResponseEntity> clone(@PathVariable String id) throws InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AdminRole); + + DataManagementPlanBlueprintListingModel dmpBlueprint = this.dataManagementProfileManager.getSingleBlueprint(id); dmpBlueprint.setLabel(dmpBlueprint.getLabel() + " new "); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().payload(dmpBlueprint)); } @@ -102,20 +120,24 @@ public class DMPProfileController extends BaseController { @Transactional @RequestMapping(method = RequestMethod.DELETE, value = {"{id}"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> inactivate(@PathVariable String id, @ClaimedAuthorities(claims = {ADMIN}) Principal principal) { + ResponseEntity> inactivate(@PathVariable String id) { + this.authorizationService.authorizeForce(Permission.AdminRole); + try { this.dataManagementProfileManager.inactivate(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE)); - } catch (DmpBlueprintUsedException exception) { + } catch (DmpBlueprintUsedException | InvalidApplicationException exception) { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ResponseItem().status(ApiMessageCode.UNSUCCESS_DELETE).message(exception.getMessage())); } } @RequestMapping(method = RequestMethod.GET, value = {"/getXml/{id}"}, produces = "application/json") public @ResponseBody - ResponseEntity getXml( @RequestHeader("Content-Type") String contentType, @PathVariable String id, Principal principal) throws IOException { + ResponseEntity getXml( @RequestHeader("Content-Type") String contentType, @PathVariable String id) throws IOException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + if (contentType.equals("application/xml")) { - DataManagementPlanBlueprintListingModel dataManagementPlanBlueprintListingModel = this.dataManagementProfileManager.getSingleBlueprint(id, principal); + DataManagementPlanBlueprintListingModel dataManagementPlanBlueprintListingModel = this.dataManagementProfileManager.getSingleBlueprint(id); return this.dataManagementProfileManager.getDocument(dataManagementPlanBlueprintListingModel); }else { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ResponseItem().status(ApiMessageCode.ERROR_MESSAGE).message("NOT AUTHORIZE")); @@ -123,17 +145,18 @@ public class DMPProfileController extends BaseController { } @RequestMapping(method = RequestMethod.POST, value = {"/upload"}) - public ResponseEntity setDatasetProfileXml(@RequestParam("file") MultipartFile file, - @ClaimedAuthorities(claims = {ADMIN}) Principal principal) throws Exception { + public ResponseEntity setDatasetProfileXml(@RequestParam("file") MultipartFile file) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole); + eu.eudat.logic.utilities.documents.xml.dmpXml.dmpBlueprintModel.DmpBlueprint dmpBlueprintModel = this.dataManagementProfileManager.createDmpProfileFromXml(file); DataManagementPlanBlueprintListingModel dmpBlueprint = dmpBlueprintModel.toDmpProfileCompositeModel(file.getOriginalFilename()); - this.dataManagementProfileManager.createOrUpdateBlueprint(dmpBlueprint, principal); + this.dataManagementProfileManager.createOrUpdateBlueprint(dmpBlueprint); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>() .status(ApiMessageCode.SUCCESS_MESSAGE).message("")); } @RequestMapping(method = RequestMethod.POST, value = {"/search/autocomplete"}) - public ResponseEntity getExternalAutocomplete(@RequestBody RequestItem lookupItem) throws XPathExpressionException { + public ResponseEntity getExternalAutocomplete(@RequestBody RequestItem lookupItem) throws XPathExpressionException, InvalidApplicationException { List> items = this.dataManagementProfileManager.getExternalAutocomplete(lookupItem); return ResponseEntity.status(HttpStatus.OK).body(items); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/DMPs.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/DMPs.java index 2b4e85dd2..dd31b1823 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/DMPs.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/DMPs.java @@ -1,6 +1,7 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.configurations.dynamicgrant.DynamicGrantConfiguration; import eu.eudat.criteria.DMPCriteria; import eu.eudat.data.dao.criteria.DynamicFieldsCriteria; @@ -14,7 +15,6 @@ import eu.eudat.exceptions.datamanagementplan.DMPWithDatasetsDeleteException; import eu.eudat.exceptions.security.UnauthorisedException; import eu.eudat.logic.managers.DataManagementPlanManager; import eu.eudat.logic.proxy.config.configloaders.ConfigLoader; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.logic.services.ApiContext; import eu.eudat.logic.services.operations.DatabaseRepository; import eu.eudat.logic.utilities.documents.helpers.FileEnvelope; @@ -29,10 +29,10 @@ import eu.eudat.models.data.listingmodels.DataManagementPlanListingModel; import eu.eudat.models.data.listingmodels.DataManagementPlanOverviewModel; import eu.eudat.models.data.listingmodels.UserInfoListingModel; import eu.eudat.models.data.listingmodels.VersionListingModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.query.DMPQuery; import eu.eudat.types.ApiMessageCode; import eu.eudat.types.Authorities; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -47,6 +47,8 @@ import org.springframework.web.multipart.MultipartFile; import jakarta.activation.MimetypesFileTypeMap; import jakarta.validation.Valid; + +import javax.management.InvalidApplicationException; import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -69,15 +71,17 @@ public class DMPs extends BaseController { private Environment environment; private DataManagementPlanManager dataManagementPlanManager; private ConfigLoader configLoader; + private final AuthorizationService authorizationService; @Autowired public DMPs(ApiContext apiContext, DynamicGrantConfiguration dynamicGrantConfiguration, Environment environment, - DataManagementPlanManager dataManagementPlanManager, ConfigLoader configLoader) { + DataManagementPlanManager dataManagementPlanManager, ConfigLoader configLoader, AuthorizationService authorizationService) { super(apiContext); this.dynamicGrantConfiguration = dynamicGrantConfiguration; this.environment = environment; this.dataManagementPlanManager = dataManagementPlanManager; this.configLoader = configLoader; + this.authorizationService = authorizationService; } /* @@ -87,46 +91,51 @@ public class DMPs extends BaseController { @RequestMapping(method = RequestMethod.POST, value = {"/paged"}, consumes = "application/json", produces = "application/json") public @ResponseBody ResponseEntity>> getPaged(@Valid @RequestBody DataManagementPlanTableRequest dataManagementPlanTableRequest, - @RequestParam String fieldsGroup, - @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws Exception { - DataTableData dataTable = this.dataManagementPlanManager.getPaged(dataManagementPlanTableRequest, principal, fieldsGroup); + @RequestParam String fieldsGroup) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + + DataTableData dataTable = this.dataManagementPlanManager.getPaged(dataManagementPlanTableRequest, fieldsGroup); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(dataTable)); } @RequestMapping(method = RequestMethod.GET, value = {"{id}"}) public @ResponseBody - ResponseEntity getSingle(@PathVariable String id, @RequestHeader("Content-Type") String contentType, - @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws Exception { + ResponseEntity getSingle(@PathVariable String id, @RequestHeader("Content-Type") String contentType) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + if (contentType.equals("application/xml") || contentType.equals("application/msword")) { - return this.dataManagementPlanManager.getDocument(id, contentType, principal, this.configLoader); + return this.dataManagementPlanManager.getDocument(id, contentType, this.configLoader); } else { - eu.eudat.models.data.dmp.DataManagementPlan dataManagementPlan = this.dataManagementPlanManager.getSingle(id, principal, false, true); + eu.eudat.models.data.dmp.DataManagementPlan dataManagementPlan = this.dataManagementPlanManager.getSingle(id, false, true); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlan)); } } @RequestMapping(method = RequestMethod.GET, value = {"/plain/{id}"}) public @ResponseBody - ResponseEntity getSingleNoDatasets(@PathVariable String id, @RequestHeader("Content-Type") String contentType, - @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws Exception { + ResponseEntity getSingleNoDatasets(@PathVariable String id, @RequestHeader("Content-Type") String contentType) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); - eu.eudat.models.data.dmp.DataManagementPlan dataManagementPlan = this.dataManagementPlanManager.getSingle(id, principal, false, false); + eu.eudat.models.data.dmp.DataManagementPlan dataManagementPlan = this.dataManagementPlanManager.getSingle(id, false, false); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlan)); } @RequestMapping(method = RequestMethod.POST, value = {"/datasetProfilesUsedByDmps/paged"}, produces = "application/json") public @ResponseBody - ResponseEntity>> getUsingDatasetProfilesPaged(@RequestBody DatasetProfileTableRequestItem datasetProfileTableRequestItem, Principal principal) { - DataTableData datasetProfileTableData = this.dataManagementPlanManager.getDatasetProfilesUsedByDMP(datasetProfileTableRequestItem, principal); + ResponseEntity>> getUsingDatasetProfilesPaged(@RequestBody DatasetProfileTableRequestItem datasetProfileTableRequestItem) throws InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + DataTableData datasetProfileTableData = this.dataManagementPlanManager.getDatasetProfilesUsedByDMP(datasetProfileTableRequestItem); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(datasetProfileTableData)); } @RequestMapping(method = RequestMethod.GET, value = {"/overview/{id}"}) public @ResponseBody - ResponseEntity getOverviewSingle(@PathVariable String id,@ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) { + ResponseEntity getOverviewSingle(@PathVariable String id) { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); try { - DataManagementPlanOverviewModel dataManagementPlan = this.dataManagementPlanManager.getOverviewSingle(id, principal, false); + DataManagementPlanOverviewModel dataManagementPlan = this.dataManagementPlanManager.getOverviewSingle(id, false); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlan)); } catch (Exception e) { if (e instanceof UnauthorisedException) { @@ -139,9 +148,10 @@ public class DMPs extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"/public/{id}"}) public @ResponseBody - ResponseEntity getSinglePublic(@PathVariable String id, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws Exception { -// try { - eu.eudat.models.data.dmp.DataManagementPlan dataManagementPlan = this.dataManagementPlanManager.getSingle(id, principal, true, true); + ResponseEntity getSinglePublic(@PathVariable String id) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + // try { + eu.eudat.models.data.dmp.DataManagementPlan dataManagementPlan = this.dataManagementPlanManager.getSingle(id, true, true); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlan)); // } catch (Exception ex) { // return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).message(ex.getMessage())); @@ -150,9 +160,10 @@ public class DMPs extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"/publicOverview/{id}"}) public @ResponseBody - ResponseEntity> getOverviewSinglePublic(@PathVariable String id, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws Exception { + ResponseEntity> getOverviewSinglePublic(@PathVariable String id) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); // try { - DataManagementPlanOverviewModel dataManagementPlan = this.dataManagementPlanManager.getOverviewSingle(id, principal, true); + DataManagementPlanOverviewModel dataManagementPlan = this.dataManagementPlanManager.getOverviewSingle(id, true); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlan)); // } catch (Exception ex) { // return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).message(ex.getMessage())); @@ -161,16 +172,18 @@ public class DMPs extends BaseController { @RequestMapping(method = RequestMethod.POST, value = {"/dynamic"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>>> getWithCriteria(@RequestBody RequestItem criteriaRequestItem, Principal principal) throws InstantiationException, IllegalAccessException { + ResponseEntity>>> getWithCriteria(@RequestBody RequestItem criteriaRequestItem) throws InstantiationException, IllegalAccessException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + List> dataTable = this.dataManagementPlanManager.getDynamicFields(criteriaRequestItem.getCriteria().getId(), this.dynamicGrantConfiguration, criteriaRequestItem.getCriteria()); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>>().status(ApiMessageCode.NO_MESSAGE).payload(dataTable)); } @RequestMapping(method = RequestMethod.GET, value = {"/versions/{id}"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> getVersions(@PathVariable(value= "id") String groupId, @RequestParam(value= "public") Boolean isPublic, - @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws Exception { - List versions = this.dataManagementPlanManager.getAllVersions(groupId, principal, isPublic); + ResponseEntity>> getVersions(@PathVariable(value= "id") String groupId, @RequestParam(value= "public") Boolean isPublic) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + List versions = this.dataManagementPlanManager.getAllVersions(groupId, isPublic); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(versions)); } @@ -180,9 +193,10 @@ public class DMPs extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"rda/{id}"}) public @ResponseBody - ResponseEntity getRDAJsonDocument(@PathVariable String id, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) { + ResponseEntity getRDAJsonDocument(@PathVariable String id) { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); try { - FileEnvelope rdaJsonDocument = this.dataManagementPlanManager.getRDAJsonDocument(id, principal); + FileEnvelope rdaJsonDocument = this.dataManagementPlanManager.getRDAJsonDocument(id); HttpHeaders responseHeaders = new HttpHeaders(); responseHeaders.setContentLength(rdaJsonDocument.getFile().length()); @@ -204,9 +218,9 @@ public class DMPs extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"/getPDF/{id}"}) public @ResponseBody - ResponseEntity getPDFDocument(@PathVariable String id, @RequestHeader("Content-Type") String contentType, - @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IllegalAccessException, IOException, InstantiationException, InterruptedException { - FileEnvelope file = this.dataManagementPlanManager.getWordDocument(id, principal, configLoader); + ResponseEntity getPDFDocument(@PathVariable String id, @RequestHeader("Content-Type") String contentType) throws IllegalAccessException, IOException, InstantiationException, InterruptedException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + FileEnvelope file = this.dataManagementPlanManager.getWordDocument(id, configLoader); String name = file.getFilename().substring(0, file.getFilename().length() - 5).replace(" ", "_").replace(",", "_"); File pdffile = PDFUtils.convertToPDF(file, environment); InputStream resource = new FileInputStream(pdffile); @@ -233,24 +247,29 @@ public class DMPs extends BaseController { @Transactional @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> createOrUpdate(@RequestBody eu.eudat.models.data.dmp.DataManagementPlanEditorModel dataManagementPlanEditorModel, Principal principal) throws Exception { - DMP dmp = this.dataManagementPlanManager.createOrUpdate(dataManagementPlanEditorModel, principal); + ResponseEntity> createOrUpdate(@RequestBody eu.eudat.models.data.dmp.DataManagementPlanEditorModel dataManagementPlanEditorModel) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + DMP dmp = this.dataManagementPlanManager.createOrUpdate(dataManagementPlanEditorModel); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Created").payload(new eu.eudat.models.data.dmp.DataManagementPlan().fromDataModel(dmp))); } @Transactional @RequestMapping(method = RequestMethod.POST, path = "full", consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> createOrUpdateWithDatasets(@RequestBody eu.eudat.models.data.dmp.DataManagementPlanEditorModel dataManagementPlanEditorModel, Principal principal) throws Exception { - DMP dmp = this.dataManagementPlanManager.createOrUpdateWithDatasets(dataManagementPlanEditorModel, principal); + ResponseEntity> createOrUpdateWithDatasets(@RequestBody eu.eudat.models.data.dmp.DataManagementPlanEditorModel dataManagementPlanEditorModel) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + DMP dmp = this.dataManagementPlanManager.createOrUpdateWithDatasets(dataManagementPlanEditorModel); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Created").payload(dmp.getId())); } @RequestMapping(method = RequestMethod.POST, value = {"/new/{id}"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> newVersion(@PathVariable UUID id, @Valid @RequestBody eu.eudat.models.data.dmp.DataManagementPlanNewVersionModel dataManagementPlan, Principal principal) throws Exception { + ResponseEntity> newVersion(@PathVariable UUID id, @Valid @RequestBody eu.eudat.models.data.dmp.DataManagementPlanNewVersionModel dataManagementPlan) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); try { - UUID result = this.dataManagementPlanManager.newVersion(id, dataManagementPlan, principal); + UUID result = this.dataManagementPlanManager.newVersion(id, dataManagementPlan); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(result)); } catch (DMPNewVersionException exception) { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ResponseItem().status(ApiMessageCode.ERROR_MESSAGE).message(exception.getMessage())); @@ -259,28 +278,34 @@ public class DMPs extends BaseController { @RequestMapping(method = RequestMethod.POST, value = {"/clone/{id}"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> clone(@PathVariable UUID id, @RequestBody eu.eudat.models.data.dmp.DataManagementPlanNewVersionModel dataManagementPlan, Principal principal) throws Exception { - UUID cloneId = this.dataManagementPlanManager.clone(id, dataManagementPlan, principal); + ResponseEntity> clone(@PathVariable UUID id, @RequestBody eu.eudat.models.data.dmp.DataManagementPlanNewVersionModel dataManagementPlan) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + UUID cloneId = this.dataManagementPlanManager.clone(id, dataManagementPlan); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).payload(cloneId)); } @RequestMapping(method = RequestMethod.DELETE, value = {"{id}"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> delete(@PathVariable UUID id, Principal principal) { + ResponseEntity> delete(@PathVariable UUID id) { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + try { this.dataManagementPlanManager.delete(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Successfully Deleted Datamanagement Plan")); - } catch (DMPWithDatasetsDeleteException | IOException exception) { + } catch (DMPWithDatasetsDeleteException | IOException | InvalidApplicationException exception) { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ResponseItem().status(ApiMessageCode.ERROR_MESSAGE).message(exception.getMessage())); } } @RequestMapping(method = RequestMethod.POST, value = {"/upload"}) - public ResponseEntity dmpUpload(@RequestParam("file") MultipartFile[] files, @RequestParam(name = "profiles", required = false)String[] profiles, Principal principal) throws Exception { + public ResponseEntity dmpUpload(@RequestParam("file") MultipartFile[] files, @RequestParam(name = "profiles", required = false)String[] profiles) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + if (files[0].getContentType().equals(APPLICATION_JSON.toString())) { - this.dataManagementPlanManager.createFromRDA(files, principal, profiles); + this.dataManagementPlanManager.createFromRDA(files, profiles); } else if (files[0].getContentType().equals(APPLICATION_ATOM_XML.toString()) || files[0].getContentType().equals(TEXT_XML.toString())) { - this.dataManagementPlanManager.createDmpFromXml(files, principal, profiles); + this.dataManagementPlanManager.createDmpFromXml(files, profiles); } else { return ResponseEntity.badRequest().body(new ResponseItem().status(ApiMessageCode.ERROR_MESSAGE).message("File format is not supported")); } @@ -289,9 +314,11 @@ public class DMPs extends BaseController { } @RequestMapping(method = RequestMethod.GET, value = {"/makepublic/{id}"}) - public ResponseEntity> makePublic(@PathVariable String id, Principal principal) { + public ResponseEntity> makePublic(@PathVariable String id) { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + try { - this.dataManagementPlanManager.makePublic(UUID.fromString(id), principal); + this.dataManagementPlanManager.makePublic(UUID.fromString(id)); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Successfully Data Datamanagement Plan made public.")); } catch (Exception e) { logger.error(e.getMessage(), e); @@ -300,9 +327,11 @@ public class DMPs extends BaseController { } @RequestMapping(method = RequestMethod.POST, value = {"/finalize/{id}"}) - public ResponseEntity> makeFinalize(@PathVariable String id, Principal principal, @RequestBody DatasetsToBeFinalized datasetsToBeFinalized) { + public ResponseEntity> makeFinalize(@PathVariable String id, @RequestBody DatasetsToBeFinalized datasetsToBeFinalized) { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + try { - this.dataManagementPlanManager.makeFinalize(UUID.fromString(id), principal, datasetsToBeFinalized); + this.dataManagementPlanManager.makeFinalize(UUID.fromString(id), datasetsToBeFinalized); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Successfully Data Datamanagement Plan made finalized.")); } catch (Exception e) { logger.error(e.getMessage(), e); @@ -311,9 +340,11 @@ public class DMPs extends BaseController { } @RequestMapping(method = RequestMethod.POST, value = {"/unfinalize/{id}"}) - public ResponseEntity> undoFinalize(@PathVariable String id, Principal principal) { + public ResponseEntity> undoFinalize(@PathVariable String id) { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + try { - this.dataManagementPlanManager.undoFinalize(UUID.fromString(id), principal); + this.dataManagementPlanManager.undoFinalize(UUID.fromString(id)); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Successfully Data Datamanagement Plan made active.")); } catch (Exception e) { logger.error(e.getMessage(), e); @@ -323,9 +354,11 @@ public class DMPs extends BaseController { @RequestMapping(method = RequestMethod.POST, value = {"/updateusers/{id}"}) - public ResponseEntity> updateUsers(@PathVariable String id, @RequestBody List users, Principal principal) { + public ResponseEntity> updateUsers(@PathVariable String id, @RequestBody List users) { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + try { - this.dataManagementPlanManager.updateUsers(UUID.fromString(id), users, principal); + this.dataManagementPlanManager.updateUsers(UUID.fromString(id), users); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Successfully Updated Colaborators for Data Datamanagement Plan.")); } catch (Exception e) { logger.error(e.getMessage(), e); @@ -340,16 +373,20 @@ public class DMPs extends BaseController { @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/index"}) public @ResponseBody - ResponseEntity> generateIndex(Principal principal) throws Exception { - this.dataManagementPlanManager.generateIndex(principal); + ResponseEntity> generateIndex() throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + this.dataManagementPlanManager.generateIndex(); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Generated").payload(null)); } @Transactional @RequestMapping(method = RequestMethod.DELETE, value = {"/index"}) public @ResponseBody - ResponseEntity> clearIndex(Principal principal) throws Exception { - this.dataManagementPlanManager.clearIndex(principal); + ResponseEntity> clearIndex() throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + this.dataManagementPlanManager.clearIndex(); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Cleared").payload(null)); } @@ -359,7 +396,9 @@ public class DMPs extends BaseController { @RequestMapping(method = RequestMethod.POST, value = {"/test"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> test(@RequestBody DMPCriteria criteria, @ClaimedAuthorities(claims = {Authorities.ANONYMOUS}) Principal principal) throws Exception { + ResponseEntity>> test(@RequestBody DMPCriteria criteria) throws Exception { + this.authorizationService.authorizeForce(Permission.AnonymousRole); + DatabaseRepository dbRepo = this.getApiContext().getOperationsContext().getDatabaseRepository(); DMPQuery query = criteria.buildQuery(dbRepo); @@ -382,7 +421,7 @@ public class DMPs extends BaseController { /*@Transactional @RequestMapping(method = RequestMethod.GET, value = {"{id}/unlock"}, produces = "application/json") public @ResponseBody - ResponseEntity> unlock(@PathVariable(value = "id") UUID id, Principal principal) throws Exception { + ResponseEntity> unlock(@PathVariable(value = "id") UUID id) throws Exception { this.dataManagementPlanManager.unlock(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Unlocked")); }*/ diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/DashBoardController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/DashBoardController.java index f468e4534..4f9a1f7f9 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/DashBoardController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/DashBoardController.java @@ -2,7 +2,6 @@ package eu.eudat.controllers; import eu.eudat.authorization.Permission; import eu.eudat.logic.managers.DashBoardManager; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.dashboard.recent.RecentActivity; import eu.eudat.models.data.dashboard.recent.model.RecentActivityModel; @@ -10,7 +9,6 @@ import eu.eudat.models.data.dashboard.recent.tablerequest.RecentActivityTableReq import eu.eudat.models.data.dashboard.searchbar.SearchBarItem; import eu.eudat.models.data.dashboard.statistics.DashBoardStatistics; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; import eu.eudat.types.Authorities; import gr.cite.commons.web.authz.service.AuthorizationService; @@ -20,6 +18,8 @@ import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import jakarta.transaction.Transactional; + +import javax.management.InvalidApplicationException; import java.io.IOException; import java.util.List; @@ -38,15 +38,15 @@ public class DashBoardController extends BaseController { } @RequestMapping(method = RequestMethod.GET, value = {"/dashboard/me/getStatistics"}, produces = "application/json") - public ResponseEntity> getStatistics(Principal principal) throws IOException { + public ResponseEntity> getMyStatistics() throws IOException, InvalidApplicationException { this.authorizationService.authorizeForce(Permission.BrowseStatistics); - DashBoardStatistics statistics = dashBoardManager.getMeStatistics(principal); + DashBoardStatistics statistics = dashBoardManager.getMeStatistics(); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(statistics)); } @RequestMapping(method = RequestMethod.GET, value = {"/dashboard/getStatistics"}, produces = "application/json") - public ResponseEntity> getStatistics() { + public ResponseEntity> getStatistics() throws InvalidApplicationException { this.authorizationService.authorizeForce(Permission.BrowsePublicStatistics); DashBoardStatistics statistics = dashBoardManager.getStatistics(); @@ -55,23 +55,28 @@ public class DashBoardController extends BaseController { @RequestMapping(method = RequestMethod.POST, value = {"/dashboard/recentActivity"}, produces = "application/json") @Transactional - public ResponseEntity>> getNewRecentActivity(@RequestBody RecentActivityTableRequest tableRequest, - @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws Exception { - List statistics = dashBoardManager.getNewRecentActivity(tableRequest, principal); + public ResponseEntity>> getNewRecentActivity(@RequestBody RecentActivityTableRequest tableRequest) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + + List statistics = dashBoardManager.getNewRecentActivity(tableRequest); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(statistics)); } @Deprecated @RequestMapping(method = RequestMethod.GET, value = {"/user/recentActivity"}, produces = "application/json") - public ResponseEntity> getRecentActivity(@RequestParam(name = "numOfActivities", required = false, defaultValue = "5") Integer numberOfActivities, Principal principal) { - RecentActivity statistics = dashBoardManager.getRecentActivity(principal, numberOfActivities); + public ResponseEntity> getRecentActivity(@RequestParam(name = "numOfActivities", required = false, defaultValue = "5") Integer numberOfActivities) throws InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + + RecentActivity statistics = dashBoardManager.getRecentActivity(numberOfActivities); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(statistics)); } @RequestMapping(method = RequestMethod.GET, value = {"/dashboard/search"}, produces = "application/json") - public ResponseEntity>> search(@RequestParam(name = "like") String like, - @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) { - List searchBarItemList = dashBoardManager.searchUserData(like, principal); + public ResponseEntity>> search(@RequestParam(name = "like") String like) throws InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + + List searchBarItemList = dashBoardManager.searchUserData(like); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(searchBarItemList)); } } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/DataRepositories.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/DataRepositories.java index 9b765d255..994b9c6d9 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/DataRepositories.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/DataRepositories.java @@ -1,5 +1,6 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.data.old.DataRepository; import eu.eudat.logic.managers.DataRepositoryManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; @@ -7,14 +8,15 @@ import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.datarepository.DataRepositoryModel; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; +import javax.management.InvalidApplicationException; import java.util.List; @@ -24,27 +26,33 @@ import java.util.List; public class DataRepositories extends BaseController { private DataRepositoryManager dataRepositoryManager; + private final AuthorizationService authorizationService; @Autowired - public DataRepositories(ApiContext apiContext, DataRepositoryManager dataRepositoryManager) { + public DataRepositories(ApiContext apiContext, DataRepositoryManager dataRepositoryManager, AuthorizationService authorizationService) { super(apiContext); this.dataRepositoryManager = dataRepositoryManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.GET, produces = "application/json") public @ResponseBody ResponseEntity>> listExternalDataRepositories( - @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type, Principal principal - ) throws HugeResultSet, NoURLFound { - List dataRepositoryModels = this.dataRepositoryManager.getDataRepositories(query, type, principal); + @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type + ) throws HugeResultSet, NoURLFound, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + List dataRepositoryModels = this.dataRepositoryManager.getDataRepositories(query, type); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(dataRepositoryModels)); } @Transactional @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> create(@RequestBody eu.eudat.models.data.datarepository.DataRepositoryModel dataRepositoryModel, Principal principal) throws Exception { - DataRepository dataRepository = this.dataRepositoryManager.create(dataRepositoryModel, principal); + ResponseEntity> create(@RequestBody eu.eudat.models.data.datarepository.DataRepositoryModel dataRepositoryModel) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + DataRepository dataRepository = this.dataRepositoryManager.create(dataRepositoryModel); DataRepositoryModel dataRepositoryModel1 = new DataRepositoryModel().fromDataModel(dataRepository); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().payload(dataRepositoryModel1).status(ApiMessageCode.SUCCESS_MESSAGE)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/DatasetProfileController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/DatasetProfileController.java index 7111eff0a..5af490513 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/DatasetProfileController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/DatasetProfileController.java @@ -1,23 +1,24 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.data.dao.criteria.RequestItem; import eu.eudat.data.old.DescriptionTemplate; import eu.eudat.logic.managers.AdminManager; import eu.eudat.logic.managers.DatasetProfileManager; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.components.commons.datafield.AutoCompleteData; import eu.eudat.models.data.externaldataset.ExternalAutocompleteFieldModel; import eu.eudat.models.data.helpers.common.AutoCompleteLookupItem; import eu.eudat.models.data.helpers.common.AutoCompleteOptionsLookupItem; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; +import javax.management.InvalidApplicationException; import javax.xml.xpath.XPathExpressionException; import java.util.List; import java.util.UUID; @@ -29,12 +30,14 @@ import static eu.eudat.types.Authorities.ADMIN; @RequestMapping(value = {"/api"}) public class DatasetProfileController extends BaseController { - private DatasetProfileManager datasetProfileManager; + private final DatasetProfileManager datasetProfileManager; + private final AuthorizationService authorizationService; @Autowired - public DatasetProfileController(ApiContext apiContext, DatasetProfileManager datasetProfileManager) { + public DatasetProfileController(ApiContext apiContext, DatasetProfileManager datasetProfileManager, AuthorizationService authorizationService) { super(apiContext); this.datasetProfileManager = datasetProfileManager; + this.authorizationService = authorizationService; } /* @Transactional @@ -52,7 +55,9 @@ public class DatasetProfileController extends BaseController { @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/datasetprofile/clone/{id}"}, consumes = "application/json", produces = "application/json") - public ResponseEntity> clone(@PathVariable String id, @ClaimedAuthorities(claims = {ADMIN})Principal principal) { + public ResponseEntity> clone(@PathVariable String id) throws InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AdminRole); + DescriptionTemplate profile = this.datasetProfileManager.clone(id); eu.eudat.models.data.admin.composite.DatasetProfile datasetprofile = AdminManager.generateDatasetProfileModel(profile); datasetprofile.setLabel(profile.getLabel() + " new "); @@ -60,7 +65,7 @@ public class DatasetProfileController extends BaseController { } @RequestMapping(method = RequestMethod.POST, value = {"/search/autocomplete"}, consumes = "application/json", produces = "application/json") - public ResponseEntity getDataForAutocomplete(@RequestBody RequestItem lookupItem) throws XPathExpressionException { + public ResponseEntity getDataForAutocomplete(@RequestBody RequestItem lookupItem) throws XPathExpressionException, InvalidApplicationException { DescriptionTemplate descriptionTemplate = this.getApiContext().getOperationsContext().getDatabaseRepository().getDatasetProfileDao().find(UUID.fromString(lookupItem.getCriteria().getProfileID())); eu.eudat.models.data.entities.xmlmodels.datasetprofiledefinition.Field modelfield = this.datasetProfileManager.queryForField(descriptionTemplate.getDefinition(), lookupItem.getCriteria().getFieldID()); AutoCompleteData data = (AutoCompleteData) modelfield.getData(); diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/DatasetProfiles.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/DatasetProfiles.java index 372ad6b1d..46e540048 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/DatasetProfiles.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/DatasetProfiles.java @@ -13,6 +13,7 @@ import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; +import javax.management.InvalidApplicationException; import java.util.List; @@ -31,14 +32,14 @@ public class DatasetProfiles extends BaseController { @RequestMapping(method = RequestMethod.POST, value = {"/dmps/datasetprofiles/get"}, produces = "application/json") public @ResponseBody - ResponseEntity>> get(@RequestBody DatasetProfileAutocompleteRequest datasetProfileAutocompleteRequest) throws InstantiationException, IllegalAccessException { + ResponseEntity>> get(@RequestBody DatasetProfileAutocompleteRequest datasetProfileAutocompleteRequest) throws InstantiationException, IllegalAccessException, InvalidApplicationException { List datasetProfileAutocompleteItems = this.datasetProfileManager.getWithCriteria(datasetProfileAutocompleteRequest); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(datasetProfileAutocompleteItems)); } @RequestMapping(method = RequestMethod.POST, value = {"/datasetprofiles/getAll"}, produces = "application/json") public @ResponseBody - ResponseEntity>> getAll(@RequestBody DatasetProfileTableRequestItem tableRequestItem) throws InstantiationException, IllegalAccessException { + ResponseEntity>> getAll(@RequestBody DatasetProfileTableRequestItem tableRequestItem) throws InstantiationException, IllegalAccessException, InvalidApplicationException { List datasetProfileTableData = this.datasetProfileManager.getAll(tableRequestItem); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(datasetProfileTableData)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/Datasets.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/Datasets.java index fa8818c3c..8a7efed6c 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/Datasets.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/Datasets.java @@ -1,5 +1,7 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.old.Dataset; import eu.eudat.data.old.DescriptionTemplate; import eu.eudat.data.query.items.item.dataset.DatasetWizardAutocompleteRequest; @@ -14,7 +16,6 @@ import eu.eudat.logic.managers.DatasetWizardManager; import eu.eudat.logic.managers.FileManager; import eu.eudat.logic.managers.UserManager; import eu.eudat.logic.proxy.config.configloaders.ConfigLoader; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.logic.services.ApiContext; import eu.eudat.logic.services.forms.VisibilityRuleService; import eu.eudat.logic.services.forms.VisibilityRuleServiceImpl; @@ -29,10 +30,9 @@ import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.models.data.helpers.responses.ResponseItem; import eu.eudat.models.data.listingmodels.DataManagementPlanOverviewModel; import eu.eudat.models.data.listingmodels.DatasetListingModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.models.data.user.composite.PagedDatasetProfile; import eu.eudat.types.ApiMessageCode; -import eu.eudat.types.Authorities; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.apache.poi.util.IOUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -47,6 +47,8 @@ import org.springframework.web.multipart.MultipartFile; import jakarta.persistence.NoResultException; import jakarta.transaction.Transactional; + +import javax.management.InvalidApplicationException; import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -56,8 +58,6 @@ import java.util.List; import java.util.Locale; import java.util.UUID; -import static eu.eudat.types.Authorities.ANONYMOUS; - @RestController @CrossOrigin @@ -70,16 +70,20 @@ public class Datasets extends BaseController { private ConfigLoader configLoader; private UserManager userManager; private FileManager fileManager; + private final AuthorizationService authorizationService; + private final UserScope userScope; @Autowired public Datasets(ApiContext apiContext, Environment environment, DatasetManager datasetManager, ConfigLoader configLoader, UserManager userManager, - FileManager fileManager) { + FileManager fileManager, AuthorizationService authorizationService, UserScope userScope) { super(apiContext); this.environment = environment; this.datasetManager = datasetManager; this.configLoader = configLoader; this.userManager = userManager; this.fileManager = fileManager; + this.authorizationService = authorizationService; + this.userScope = userScope; } /* @@ -88,24 +92,29 @@ public class Datasets extends BaseController { @RequestMapping(method = RequestMethod.POST, value = {"paged"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> getPaged(@RequestBody DatasetTableRequest datasetTableRequest, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws Exception { - DataTableData dataTable = this.datasetManager.getPaged(datasetTableRequest, principal); + ResponseEntity>> getPaged(@RequestBody DatasetTableRequest datasetTableRequest) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + + DataTableData dataTable = this.datasetManager.getPaged(datasetTableRequest); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(dataTable)); } @RequestMapping(method = RequestMethod.POST, value = {"/public/paged"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> getPublicPaged(@RequestBody DatasetPublicTableRequest datasetTableRequest, - @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws Exception { - DataTableData dataTable = this.datasetManager.getPaged(datasetTableRequest, principal); + ResponseEntity>> getPublicPaged(@RequestBody DatasetPublicTableRequest datasetTableRequest) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + + DataTableData dataTable = this.datasetManager.getPaged(datasetTableRequest); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(dataTable)); } @RequestMapping(method = RequestMethod.GET, value = {"/overview/{id}"}) public @ResponseBody - ResponseEntity getOverviewSingle(@PathVariable String id,@ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) { + ResponseEntity getOverviewSingle(@PathVariable String id) { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + try { - DatasetOverviewModel dataset = this.datasetManager.getOverviewSingle(id, principal, false); + DatasetOverviewModel dataset = this.datasetManager.getOverviewSingle(id, false); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(dataset)); } catch (Exception e) { if (e instanceof UnauthorisedException) { @@ -118,9 +127,11 @@ public class Datasets extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"/publicOverview/{id}"}) public @ResponseBody - ResponseEntity> getOverviewSinglePublic(@PathVariable String id, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws Exception { -// try { - DatasetOverviewModel dataset = this.datasetManager.getOverviewSingle(id, principal, true); + ResponseEntity> getOverviewSinglePublic(@PathVariable String id) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + + // try { + DatasetOverviewModel dataset = this.datasetManager.getOverviewSingle(id, true); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(dataset)); // } catch (Exception ex) { // return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).message(ex.getMessage())); @@ -130,13 +141,15 @@ public class Datasets extends BaseController { @Transactional @RequestMapping(method = RequestMethod.GET, value = {"{id}"}, produces = "application/json") public @ResponseBody - ResponseEntity getSingle(@PathVariable String id, @RequestHeader("Content-Type") String contentType, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IllegalAccessException, IOException, InstantiationException { + ResponseEntity getSingle(@PathVariable String id, @RequestHeader("Content-Type") String contentType) throws IllegalAccessException, IOException, InstantiationException { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + try { VisibilityRuleService visibilityRuleService = new VisibilityRuleServiceImpl(); if (contentType.equals("application/xml")) { - return this.datasetManager.getDocument(id, visibilityRuleService, contentType, principal); + return this.datasetManager.getDocument(id, visibilityRuleService, contentType); } else if (contentType.equals("application/msword")) { - FileEnvelope file = datasetManager.getWordDocumentFile(this.configLoader, id, visibilityRuleService, principal); + FileEnvelope file = datasetManager.getWordDocumentFile(this.configLoader, id, visibilityRuleService); InputStream resource = new FileInputStream(file.getFile()); HttpHeaders responseHeaders = new HttpHeaders(); responseHeaders.setContentLength(file.getFile().length()); @@ -153,7 +166,7 @@ public class Datasets extends BaseController { responseHeaders, HttpStatus.OK); } else { - DatasetWizardModel dataset = this.datasetManager.getSingle(id, principal); + DatasetWizardModel dataset = this.datasetManager.getSingle(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(dataset)); } } catch (Exception e) { @@ -170,21 +183,27 @@ public class Datasets extends BaseController { @RequestMapping(method = RequestMethod.POST, value = {"/datasetProfilesUsedByDatasets/paged"}, produces = "application/json") public @ResponseBody - ResponseEntity>> getUsingDatasetProfilesPaged(@RequestBody DatasetProfileTableRequestItem datasetProfileTableRequestItem, Principal principal) { - DataTableData datasetProfileTableData = this.datasetManager.getDatasetProfilesUsedByDatasets(datasetProfileTableRequestItem, principal); + ResponseEntity>> getUsingDatasetProfilesPaged(@RequestBody DatasetProfileTableRequestItem datasetProfileTableRequestItem) throws InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + DataTableData datasetProfileTableData = this.datasetManager.getDatasetProfilesUsedByDatasets(datasetProfileTableRequestItem); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(datasetProfileTableData)); } @RequestMapping(method = RequestMethod.POST, value = {"/userDmps"}, produces = "application/json") public @ResponseBody - ResponseEntity>> getUserDmps(@RequestBody DatasetWizardAutocompleteRequest datasetWizardAutocompleteRequest, Principal principal) throws IllegalAccessException, InstantiationException { - List dataManagementPlans = DatasetWizardManager.getUserDmps(this.getApiContext().getOperationsContext().getDatabaseRepository().getDmpDao(), datasetWizardAutocompleteRequest, principal); + ResponseEntity>> getUserDmps(@RequestBody DatasetWizardAutocompleteRequest datasetWizardAutocompleteRequest) throws IllegalAccessException, InstantiationException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + List dataManagementPlans = DatasetWizardManager.getUserDmps(this.getApiContext().getOperationsContext().getDatabaseRepository().getDmpDao(), datasetWizardAutocompleteRequest, this.userScope); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlans)); } @RequestMapping(method = RequestMethod.POST, value = {"/getAvailableProfiles"}, produces = "application/json") public @ResponseBody - ResponseEntity>> getAvailableProfiles(@RequestBody DatasetProfileWizardAutocompleteRequest datasetProfileWizardAutocompleteRequest, @ClaimedAuthorities(claims = {ANONYMOUS}) Principal principal) throws IllegalAccessException, InstantiationException { + ResponseEntity>> getAvailableProfiles(@RequestBody DatasetProfileWizardAutocompleteRequest datasetProfileWizardAutocompleteRequest) throws IllegalAccessException, InstantiationException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AnonymousRole); + List dataManagementPlans = DatasetWizardManager.getAvailableProfiles(this.getApiContext().getOperationsContext().getDatabaseRepository().getDmpDao(), this.getApiContext().getOperationsContext().getDatabaseRepository().getDatasetProfileDao(), datasetProfileWizardAutocompleteRequest); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(dataManagementPlans)); } @@ -202,7 +221,7 @@ public class Datasets extends BaseController { } @RequestMapping(method = RequestMethod.GET, value = {"/get/{id}"}, produces = "application/json") - public ResponseEntity> getSingle(@PathVariable String id) { + public ResponseEntity> getSingle(@PathVariable String id) throws InvalidApplicationException { DescriptionTemplate profile = this.getApiContext().getOperationsContext().getDatabaseRepository().getDatasetProfileDao().find(UUID.fromString(id)); eu.eudat.models.data.user.composite.DatasetProfile datasetprofile = userManager.generateDatasetProfileModel(profile); PagedDatasetProfile pagedDatasetProfile = new PagedDatasetProfile(); @@ -212,7 +231,9 @@ public class Datasets extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"profile/{id}"}, produces = "application/json") public @ResponseBody - ResponseEntity getSingleProfileUpdate(@PathVariable String id, @ClaimedAuthorities(claims = {ANONYMOUS}) Principal principal) throws IllegalAccessException, IOException, InstantiationException { + ResponseEntity getSingleProfileUpdate(@PathVariable String id) throws IllegalAccessException, IOException, InstantiationException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AnonymousRole); + DatasetWizardModel dataset = this.datasetManager.datasetUpdateProfile(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(dataset)); } @@ -223,8 +244,10 @@ public class Datasets extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"/getPDF/{id}"}) public @ResponseBody - ResponseEntity getPDFDocument(@PathVariable String id, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws IllegalAccessException, IOException, InstantiationException, InterruptedException { - FileEnvelope file = datasetManager.getWordDocumentFile(this.configLoader, id, new VisibilityRuleServiceImpl(), principal); + ResponseEntity getPDFDocument(@PathVariable String id) throws IOException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + + FileEnvelope file = datasetManager.getWordDocumentFile(this.configLoader, id, new VisibilityRuleServiceImpl()); String fileName = file.getFilename().replace(" ", "_").replace(",", "_"); if (fileName.endsWith(".docx")){ fileName = fileName.substring(0, fileName.length() - 5); @@ -255,8 +278,10 @@ public class Datasets extends BaseController { @Transactional @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> createOrUpdate(@RequestBody DatasetWizardModel profile, Principal principal) throws Exception { - DatasetWizardModel dataset = new DatasetWizardModel().fromDataModel(this.datasetManager.createOrUpdate(profile, principal)); + ResponseEntity> createOrUpdate(@RequestBody DatasetWizardModel profile) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + DatasetWizardModel dataset = new DatasetWizardModel().fromDataModel(this.datasetManager.createOrUpdate(profile)); dataset.setTags(profile.getTags()); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Created").payload(dataset)); } @@ -264,7 +289,9 @@ public class Datasets extends BaseController { @Transactional @RequestMapping(method = RequestMethod.GET, value = {"/makepublic/{id}"}, produces = "application/json") public @ResponseBody - ResponseEntity> makePublic(@PathVariable UUID id, Principal principal, Locale locale) throws Exception { + ResponseEntity> makePublic(@PathVariable UUID id, Locale locale) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + this.datasetManager.makePublic(this.getApiContext().getOperationsContext().getDatabaseRepository().getDatasetDao(), id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message(this.getApiContext().getHelpersService().getMessageSource().getMessage("dataset.public", new Object[]{}, locale))); } @@ -272,7 +299,7 @@ public class Datasets extends BaseController { @Transactional @RequestMapping(method = RequestMethod.DELETE, value = {"/delete/{id}"}, produces = "application/json") public @ResponseBody - ResponseEntity> delete(@PathVariable(value = "id") UUID id, Principal principal) throws Exception { + ResponseEntity> delete(@PathVariable(value = "id") UUID id) throws Exception { new DatasetWizardManager().delete(this.getApiContext(), id); this.fileManager.markAllFilesOfEntityIdAsDeleted(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Deleted")); @@ -281,7 +308,9 @@ public class Datasets extends BaseController { @Transactional @RequestMapping(method = RequestMethod.GET, value = {"/{id}/unlock"}, produces = "application/json") public @ResponseBody - ResponseEntity> unlock(@PathVariable(value = "id") UUID id, Principal principal) throws Exception { + ResponseEntity> unlock(@PathVariable(value = "id") UUID id) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + try { new DatasetWizardManager().unlock(this.getApiContext(), id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Unlocked")); @@ -292,7 +321,9 @@ public class Datasets extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"/{id}/validate"}, produces = "application/json") public @ResponseBody - ResponseEntity> validate(@PathVariable(value = "id") UUID id, Principal principal) throws Exception { + ResponseEntity> validate(@PathVariable(value = "id") UUID id) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + Dataset dataset = datasetManager.getEntitySingle(id); String failedField = datasetManager.checkDatasetValidation(dataset); if (failedField == null) { @@ -307,9 +338,11 @@ public class Datasets extends BaseController { * */ @RequestMapping(method = RequestMethod.POST, value = {"/upload"}) - public ResponseEntity datasetXmlImport(@RequestParam("file") MultipartFile file, @RequestParam("dmpId") String dmpId, @RequestParam("datasetProfileId") String datasetProfileId, Principal principal) { + public ResponseEntity datasetXmlImport(@RequestParam("file") MultipartFile file, @RequestParam("dmpId") String dmpId, @RequestParam("datasetProfileId") String datasetProfileId) { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + try { - Dataset dataset = this.datasetManager.createDatasetFromXml(file, dmpId, datasetProfileId, principal); + Dataset dataset = this.datasetManager.createDatasetFromXml(file, dmpId, datasetProfileId); if (dataset != null){ return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE)); } @@ -329,16 +362,20 @@ public class Datasets extends BaseController { @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/index"}) public @ResponseBody - ResponseEntity> generateIndex(Principal principal) throws Exception { - this.datasetManager.generateIndex(principal); + ResponseEntity> generateIndex() throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + this.datasetManager.generateIndex(); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Generated").payload(null)); } @Transactional @RequestMapping(method = RequestMethod.DELETE, value = {"/index"}) public @ResponseBody - ResponseEntity> clearIndex(Principal principal) throws Exception { - this.datasetManager.clearIndex(principal); + ResponseEntity> clearIndex() throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + this.datasetManager.clearIndex(); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Cleared").payload(null)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/DepositController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/DepositController.java index c0cf489d1..390b1f96c 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/DepositController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/DepositController.java @@ -1,16 +1,15 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.logic.managers.DepositManager; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.doi.DepositCode; import eu.eudat.models.data.doi.DepositRequest; import eu.eudat.models.data.doi.Doi; import eu.eudat.models.data.doi.RepositoryConfig; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; -import eu.eudat.types.Authorities; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -26,33 +25,40 @@ import java.util.List; public class DepositController extends BaseController { private static final Logger logger = LoggerFactory.getLogger(DepositController.class); - private DepositManager depositManager; + private final DepositManager depositManager; + private final AuthorizationService authorizationService; @Autowired - public DepositController(ApiContext apiContext, DepositManager depositManager){ + public DepositController(ApiContext apiContext, DepositManager depositManager, AuthorizationService authorizationService){ super(apiContext); this.depositManager = depositManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.GET, value = {"/repos"}) public @ResponseBody - ResponseEntity>> getAvailableRepos(@ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) { + ResponseEntity>> getAvailableRepos() { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + List ids = this.depositManager.getAvailableRepos(); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(ids)); } @RequestMapping(method = RequestMethod.POST, value = {"/getAccessToken"}) public @ResponseBody - ResponseEntity> getAccessToken(@RequestBody DepositCode depositCode, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) throws Exception { + ResponseEntity> getAccessToken(@RequestBody DepositCode depositCode) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + String accessToken = this.depositManager.authenticate(depositCode.getRepositoryId(), depositCode.getCode()); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(accessToken)); } @RequestMapping(method = RequestMethod.POST, value = {"/createDoi"}) public @ResponseBody - ResponseEntity> createDoi(@RequestBody DepositRequest depositRequest, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) { + ResponseEntity> createDoi(@RequestBody DepositRequest depositRequest) { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); try { - Doi doi = this.depositManager.deposit(depositRequest, principal); + Doi doi = this.depositManager.deposit(depositRequest); if(doi != null){ return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Successfully created DOI for Data Datamanagement Plan in question.").payload(doi)); } @@ -67,7 +73,8 @@ public class DepositController extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"/logo/{repositoryId}"}) public @ResponseBody - ResponseEntity> getLogo(@PathVariable("repositoryId") String repositoryId, @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal) { + ResponseEntity> getLogo(@PathVariable("repositoryId") String repositoryId) { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); try { String encodedLogo = this.depositManager.getRepositoryLogo(repositoryId); if(encodedLogo != null){ diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/EmailConfirmation.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/EmailConfirmation.java index 86a9490b3..4c4235ca1 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/EmailConfirmation.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/EmailConfirmation.java @@ -1,11 +1,12 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.exceptions.emailconfirmation.HasConfirmedEmailException; import eu.eudat.exceptions.emailconfirmation.TokenExpiredException; import eu.eudat.logic.managers.EmailConfirmationManager; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -13,16 +14,20 @@ import org.springframework.web.bind.annotation.*; import jakarta.transaction.Transactional; +import javax.management.InvalidApplicationException; + @RestController @CrossOrigin @RequestMapping(value = "/api/emailConfirmation/") public class EmailConfirmation { private EmailConfirmationManager emailConfirmationManager; + private final AuthorizationService authorizationService; @Autowired - public EmailConfirmation(EmailConfirmationManager emailConfirmationManager) { + public EmailConfirmation(EmailConfirmationManager emailConfirmationManager, AuthorizationService authorizationService) { this.emailConfirmationManager = emailConfirmationManager; + this.authorizationService = authorizationService; } @Transactional @@ -33,7 +38,7 @@ public class EmailConfirmation { this.emailConfirmationManager.confirmEmail(token); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE)); } catch - (HasConfirmedEmailException | TokenExpiredException ex) { + (HasConfirmedEmailException | TokenExpiredException | InvalidApplicationException ex) { if (ex instanceof TokenExpiredException) { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE)); } else { @@ -45,9 +50,11 @@ public class EmailConfirmation { @Transactional @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity sendConfirmatioEmail(@RequestBody String email, Principal principal) { + ResponseEntity sendConfirmatioEmail(@RequestBody String email) { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + try { - this.emailConfirmationManager.sendConfirmationEmail(email, principal); + this.emailConfirmationManager.sendConfirmationEmail(email); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE)); } catch (Exception ex) { if (ex instanceof HasConfirmedEmailException) { diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/EmailMergeConfirmation.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/EmailMergeConfirmation.java index 5d010fb32..95309534d 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/EmailMergeConfirmation.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/EmailMergeConfirmation.java @@ -14,6 +14,8 @@ import org.springframework.web.bind.annotation.*; import jakarta.transaction.Transactional; +import javax.management.InvalidApplicationException; + @RestController @CrossOrigin @RequestMapping(value = "api/emailMergeConfirmation") @@ -34,7 +36,7 @@ public class EmailMergeConfirmation { String emailToBeMerged = this.emailConfirmationManager.confirmEmail(token); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().payload(emailToBeMerged).status(ApiMessageCode.SUCCESS_MESSAGE)); } catch - (HasConfirmedEmailException | TokenExpiredException ex) { + (HasConfirmedEmailException | TokenExpiredException | InvalidApplicationException ex) { if (ex instanceof TokenExpiredException) { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE)); } else { diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/EmailUnlinkConfirmation.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/EmailUnlinkConfirmation.java index 175e4cf21..28c616446 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/EmailUnlinkConfirmation.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/EmailUnlinkConfirmation.java @@ -14,6 +14,8 @@ import org.springframework.web.bind.annotation.*; import jakarta.transaction.Transactional; +import javax.management.InvalidApplicationException; + @RestController @CrossOrigin @RequestMapping(value = "api/emailUnlinkConfirmation") @@ -33,7 +35,7 @@ public class EmailUnlinkConfirmation { try { this.unlinkEmailConfirmationManager.confirmEmail(token); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE)); - } catch (TokenExpiredException | HasConfirmedEmailException ex) { + } catch (TokenExpiredException | HasConfirmedEmailException | InvalidApplicationException ex) { if (ex instanceof TokenExpiredException) { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/ExternalDatasets.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/ExternalDatasets.java index 302437d92..e3c53fefb 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/ExternalDatasets.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/ExternalDatasets.java @@ -1,5 +1,6 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.data.old.ExternalDataset; import eu.eudat.data.query.items.table.externaldataset.ExternalDatasetTableRequest; import eu.eudat.logic.managers.ExternalDatasetManager; @@ -9,14 +10,15 @@ import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.externaldataset.ExternalDatasetListingModel; import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; +import javax.management.InvalidApplicationException; import java.util.List; import java.util.UUID; @@ -27,16 +29,20 @@ import java.util.UUID; public class ExternalDatasets extends BaseController { private ExternalDatasetManager externalDatasetManager; + private final AuthorizationService authorizationService; @Autowired - public ExternalDatasets(ApiContext apiContext, ExternalDatasetManager externalDatasetManager) { + public ExternalDatasets(ApiContext apiContext, ExternalDatasetManager externalDatasetManager, AuthorizationService authorizationService) { super(apiContext); this.externalDatasetManager = externalDatasetManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.POST, value = {"/externaldatasets/getPaged"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> getPaged(@RequestBody ExternalDatasetTableRequest datasetTableRequest, Principal principal) throws Exception { + ResponseEntity>> getPaged(@RequestBody ExternalDatasetTableRequest datasetTableRequest) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + DataTableData dataTable = externalDatasetManager.getPaged(datasetTableRequest); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(dataTable)); } @@ -44,15 +50,19 @@ public class ExternalDatasets extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"/external/datasets"}, produces = "application/json") public @ResponseBody ResponseEntity>> getWithExternal( - @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type, Principal principal - ) throws NoURLFound, InstantiationException, HugeResultSet, IllegalAccessException { - List dataTable = externalDatasetManager.getWithExternal(query, type, principal); + @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type + ) throws NoURLFound, InstantiationException, HugeResultSet, IllegalAccessException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + List dataTable = externalDatasetManager.getWithExternal(query, type); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(dataTable).status(ApiMessageCode.NO_MESSAGE)); } @RequestMapping(method = RequestMethod.POST, value = {"/externaldatasets/getSingle/{id}"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseItem getWithExternal(@PathVariable UUID id, Principal principal) throws NoURLFound, InstantiationException, HugeResultSet, IllegalAccessException { + ResponseItem getWithExternal(@PathVariable UUID id) throws NoURLFound, InstantiationException, HugeResultSet, IllegalAccessException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + ExternalDatasetListingModel externalDatasetModel = externalDatasetManager.getSingle(id); return new ResponseItem().payload(externalDatasetModel).status(ApiMessageCode.NO_MESSAGE); } @@ -60,8 +70,10 @@ public class ExternalDatasets extends BaseController { @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/externaldatasets"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> create(@RequestBody eu.eudat.models.data.externaldataset.ExternalDatasetModel externalDatasetModel, Principal principal) throws Exception { - ExternalDataset externalDataset = this.externalDatasetManager.create(externalDatasetModel, principal); + ResponseEntity> create(@RequestBody eu.eudat.models.data.externaldataset.ExternalDatasetModel externalDatasetModel) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + ExternalDataset externalDataset = this.externalDatasetManager.create(externalDatasetModel); ExternalDatasetListingModel externalDatasetListingModel = new ExternalDatasetListingModel().fromDataModel(externalDataset); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().payload(externalDatasetListingModel).status(ApiMessageCode.SUCCESS_MESSAGE)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/FileController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/FileController.java index 25be25026..ed08ae7ac 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/FileController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/FileController.java @@ -3,11 +3,12 @@ package eu.eudat.controllers; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; +import eu.eudat.authorization.Permission; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.old.Dataset; import eu.eudat.data.old.FileUpload; import eu.eudat.exceptions.security.UnauthorisedException; import eu.eudat.logic.managers.DatasetProfileManager; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.logic.services.ApiContext; import eu.eudat.logic.services.operations.DatabaseRepository; import eu.eudat.logic.utilities.documents.helpers.FileEnvelope; @@ -15,9 +16,8 @@ import eu.eudat.logic.utilities.json.JsonSearcher; import eu.eudat.models.HintedModelFactory; import eu.eudat.models.data.datasetwizard.DatasetWizardModel; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; -import eu.eudat.types.Authorities; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.apache.poi.util.IOUtils; import org.json.JSONArray; import org.json.JSONObject; @@ -31,6 +31,8 @@ import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; import jakarta.transaction.Transactional; + +import javax.management.InvalidApplicationException; import java.io.*; import java.nio.file.Files; import java.util.*; @@ -45,19 +47,24 @@ public class FileController { private DatasetProfileManager datasetProfileManager; private final Environment environment; private DatabaseRepository databaseRepository; + private final AuthorizationService authorizationService; + private final UserScope userScope; @Autowired - public FileController(DatasetProfileManager datasetProfileManager, Environment environment, ApiContext apiContext) { + public FileController(DatasetProfileManager datasetProfileManager, Environment environment, ApiContext apiContext, AuthorizationService authorizationService, UserScope userScope) { this.datasetProfileManager = datasetProfileManager; this.environment = environment; this.databaseRepository = apiContext.getOperationsContext().getDatabaseRepository(); + this.authorizationService = authorizationService; + this.userScope = userScope; } @RequestMapping(method = RequestMethod.POST, value = {"/upload"}) public ResponseEntity> upload( - @RequestParam("file") MultipartFile file, @RequestParam("datasetProfileId") String datasetProfileId, @RequestParam("fieldId") String fieldId, - @ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER}) Principal principal) - throws IllegalAccessException, IOException { + @RequestParam("file") MultipartFile file, @RequestParam("datasetProfileId") String datasetProfileId, @RequestParam("fieldId") String fieldId) + throws IllegalAccessException, IOException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole); + String uuid = UUID.randomUUID().toString(); eu.eudat.models.data.admin.composite.DatasetProfile datasetprofile = this.datasetProfileManager.getDatasetProfile(datasetProfileId); @@ -135,9 +142,10 @@ public class FileController { @Transactional @RequestMapping(method = RequestMethod.GET, value = {"{id}"}, produces = "application/json") public @ResponseBody - ResponseEntity download(@PathVariable String id - ,@ClaimedAuthorities(claims = {Authorities.ADMIN, Authorities.MANAGER, Authorities.USER, Authorities.ANONYMOUS}) Principal principal - ) throws IOException { + ResponseEntity download(@PathVariable String id) throws IOException, InvalidApplicationException { + + this.authorizationService.authorizeForce(Permission.AdminRole, Permission.ManagerRole, Permission.UserRole, Permission.AnonymousRole); + FileUpload fileUpload = databaseRepository.getFileUploadDao().find(UUID.fromString(id)); if(fileUpload == null) { throw new NoSuchElementException("File with id "+id+" not found"); @@ -149,7 +157,7 @@ public class FileController { throw new NoSuchElementException("No dataset with id " + fileUpload.getEntityId() + " found. This dataset was related to the file with id " + id); } if (!datasetEntity.getDmp().isPublic() && datasetEntity.getDmp().getUsers() - .stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()) + .stream().filter(userInfo -> userInfo.getUser().getId() == this.userScope.getUserIdSafe()) .collect(Collectors.toList()).size() == 0) throw new UnauthorisedException(); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/Funders.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/Funders.java index 7997dd6bc..37de25549 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/Funders.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/Funders.java @@ -1,5 +1,6 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.data.query.items.item.funder.FunderCriteriaRequest; import eu.eudat.logic.managers.FunderManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; @@ -7,12 +8,13 @@ import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.funder.Funder; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; +import javax.management.InvalidApplicationException; import java.util.List; @RestController @@ -20,16 +22,20 @@ import java.util.List; @RequestMapping(value = {"/api/funders/"}) public class Funders extends BaseController { private FunderManager funderManager; + private final AuthorizationService authorizationService; - public Funders(ApiContext apiContext, FunderManager funderManager) { + public Funders(ApiContext apiContext, FunderManager funderManager, AuthorizationService authorizationService) { super(apiContext); this.funderManager = funderManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.POST, value = {"/external"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> getWithExternal(@RequestBody FunderCriteriaRequest funderCriteria, Principal principal) throws NoURLFound, InstantiationException, HugeResultSet, IllegalAccessException { - List dataTable = this.funderManager.getCriteriaWithExternal(funderCriteria, principal); + ResponseEntity>> getWithExternal(@RequestBody FunderCriteriaRequest funderCriteria) throws NoURLFound, InstantiationException, HugeResultSet, IllegalAccessException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + List dataTable = this.funderManager.getCriteriaWithExternal(funderCriteria); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(dataTable).status(ApiMessageCode.NO_MESSAGE)); } } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/Grants.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/Grants.java index 9b771ff7b..fddc6091f 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/Grants.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/Grants.java @@ -1,27 +1,26 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.data.query.items.item.grant.GrantCriteriaRequest; import eu.eudat.data.query.items.table.grant.GrantTableRequest; import eu.eudat.logic.managers.GrantManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.models.data.helpers.responses.ResponseItem; import eu.eudat.models.data.grant.GrantListingModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; - import jakarta.validation.Valid; +import javax.management.InvalidApplicationException; import java.util.List; -import static eu.eudat.types.Authorities.ANONYMOUS; @RestController @@ -29,17 +28,21 @@ import static eu.eudat.types.Authorities.ANONYMOUS; @RequestMapping(value = {"/api/grants/"}) public class Grants extends BaseController { private GrantManager grantManager; + private final AuthorizationService authorizationService; @Autowired - public Grants(ApiContext apiContext, GrantManager grantManager) { + public Grants(ApiContext apiContext, GrantManager grantManager, AuthorizationService authorizationService) { super(apiContext); this.grantManager = grantManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.POST, value = {"/paged"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> getPaged(@Valid @RequestBody GrantTableRequest grantTableRequest, @RequestParam String fieldsGroup, Principal principal) throws Exception { - DataTableData dataTable = this.grantManager.getPaged(grantTableRequest, principal, fieldsGroup); + ResponseEntity>> getPaged(@Valid @RequestBody GrantTableRequest grantTableRequest, @RequestParam String fieldsGroup) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + DataTableData dataTable = this.grantManager.getPaged(grantTableRequest, fieldsGroup); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(dataTable).status(ApiMessageCode.NO_MESSAGE)); } @@ -52,7 +55,9 @@ public class Grants extends BaseController { @RequestMapping(method = RequestMethod.GET, value = {"{id}"}, produces = "application/json") public @ResponseBody - ResponseEntity> getSingle(@PathVariable String id, Principal principal) throws IllegalAccessException, InstantiationException { + ResponseEntity> getSingle(@PathVariable String id) throws IllegalAccessException, InstantiationException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + eu.eudat.models.data.grant.Grant grant = this.grantManager.getSingle(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().payload(grant).status(ApiMessageCode.NO_MESSAGE)); } @@ -60,7 +65,7 @@ public class Grants extends BaseController { /*@Transactional @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> addGrant(@Valid @RequestBody eu.eudat.models.data.grant.Grant grant, Principal principal) throws IOException, ParseException { + ResponseEntity> addGrant(@Valid @RequestBody eu.eudat.models.data.grant.Grant grant) throws IOException, ParseException { this.grantManager.createOrUpdate(grant, principal); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Created")); }*/ @@ -68,21 +73,25 @@ public class Grants extends BaseController { /*@Transactional @RequestMapping(method = RequestMethod.DELETE, value = {"{id}"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> inactivate(@PathVariable String id, Principal principal) throws IllegalAccessException, InstantiationException { + ResponseEntity> inactivate(@PathVariable String id) throws IllegalAccessException, InstantiationException { this.grantManager.inactivate(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE)); }*/ @RequestMapping(method = RequestMethod.POST, value = {"/external"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> getWithExternal(@RequestBody GrantCriteriaRequest grantCriteria, Principal principal) throws NoURLFound, InstantiationException, HugeResultSet, IllegalAccessException { - List dataTable = this.grantManager.getCriteriaWithExternal(grantCriteria, principal); + ResponseEntity>> getWithExternal(@RequestBody GrantCriteriaRequest grantCriteria) throws NoURLFound, InstantiationException, HugeResultSet, IllegalAccessException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + List dataTable = this.grantManager.getCriteriaWithExternal(grantCriteria); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(dataTable).status(ApiMessageCode.NO_MESSAGE)); } @RequestMapping(method = RequestMethod.POST, value = {"get"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> get(@RequestBody GrantCriteriaRequest grantCriteria, @ClaimedAuthorities(claims = {ANONYMOUS}) Principal principal) throws NoURLFound, InstantiationException, HugeResultSet, IllegalAccessException { + ResponseEntity>> get(@RequestBody GrantCriteriaRequest grantCriteria) throws NoURLFound, InstantiationException, HugeResultSet, IllegalAccessException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AnonymousRole); + List dataTable = this.grantManager.getCriteria(grantCriteria); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(dataTable).status(ApiMessageCode.NO_MESSAGE)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/JournalsController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/JournalsController.java index 437a8e761..eff9a2ea3 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/JournalsController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/JournalsController.java @@ -1,18 +1,20 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.logic.managers.DataRepositoryManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.datarepository.DataRepositoryModel; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; +import javax.management.InvalidApplicationException; import java.util.List; @@ -22,19 +24,23 @@ import java.util.List; public class JournalsController extends BaseController { private DataRepositoryManager dataRepositoryManager; + private final AuthorizationService authorizationService; @Autowired - public JournalsController(ApiContext apiContext, DataRepositoryManager dataRepositoryManager) { + public JournalsController(ApiContext apiContext, DataRepositoryManager dataRepositoryManager, AuthorizationService authorizationService) { super(apiContext); this.dataRepositoryManager = dataRepositoryManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.GET, produces = "application/json") public @ResponseBody ResponseEntity>> listExternalDataRepositories( - @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type, Principal principal - ) throws HugeResultSet, NoURLFound { - List dataRepositoryModels = this.dataRepositoryManager.getJournals(query, type, principal); + @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type + ) throws HugeResultSet, NoURLFound, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + List dataRepositoryModels = this.dataRepositoryManager.getJournals(query, type); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(dataRepositoryModels)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/LanguageController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/LanguageController.java index 1d829cbaf..c942fe3c4 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/LanguageController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/LanguageController.java @@ -1,11 +1,8 @@ package eu.eudat.controllers; import eu.eudat.authorization.Permission; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; -import eu.eudat.types.Authorities; import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.env.Environment; diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/Licenses.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/Licenses.java index ee251c2f4..d8837045e 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/Licenses.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/Licenses.java @@ -1,13 +1,14 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.logic.managers.LicenseManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.helpers.responses.ResponseItem; import eu.eudat.models.data.license.LicenseModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -22,18 +23,22 @@ import java.util.List; public class Licenses extends BaseController { private LicenseManager licenseManager; + private final AuthorizationService authorizationService; @Autowired - public Licenses(ApiContext apiContext, LicenseManager licenseManager) { + public Licenses(ApiContext apiContext, LicenseManager licenseManager, AuthorizationService authorizationService) { super(apiContext); this.licenseManager = licenseManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.GET, produces = "application/json") public @ResponseBody ResponseEntity>> listExternalLicenses( - @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type, Principal principal + @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type ) throws HugeResultSet, NoURLFound { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + List licenseModels = this.licenseManager.getLicenses(query, type); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(licenseModels)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/LockController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/LockController.java index b4633e607..688073bfb 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/LockController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/LockController.java @@ -1,10 +1,11 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.logic.managers.LockManager; import eu.eudat.models.data.helpers.responses.ResponseItem; import eu.eudat.models.data.lock.Lock; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -19,36 +20,46 @@ import java.util.UUID; public class LockController { private LockManager lockManager; + private final AuthorizationService authorizationService; @Autowired - public LockController(LockManager lockManager) { + public LockController(LockManager lockManager, AuthorizationService authorizationService) { this.lockManager = lockManager; + this.authorizationService = authorizationService; } @Transactional @RequestMapping(method = RequestMethod.GET, path = "target/status/{id}") - public @ResponseBody ResponseEntity> getLocked(@PathVariable String id, Principal principal) throws Exception { - boolean locked = this.lockManager.isLocked(id, principal); + public @ResponseBody ResponseEntity> getLocked(@PathVariable String id) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + boolean locked = this.lockManager.isLocked(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("locked").payload(locked)); } @Transactional @RequestMapping(method = RequestMethod.DELETE, path = "target/unlock/{id}") - public @ResponseBody ResponseEntity> unlock(@PathVariable String id, Principal principal) throws Exception { - this.lockManager.unlock(id, principal); + public @ResponseBody ResponseEntity> unlock(@PathVariable String id) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + this.lockManager.unlock(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Created").payload("Lock Removed")); } @Transactional @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") - public @ResponseBody ResponseEntity> createOrUpdate(@RequestBody Lock lock, Principal principal) throws Exception { - eu.eudat.data.old.Lock result = this.lockManager.createOrUpdate(lock, principal); + public @ResponseBody ResponseEntity> createOrUpdate(@RequestBody Lock lock) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + eu.eudat.data.old.Lock result = this.lockManager.createOrUpdate(lock); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Created").payload(result.getId())); } @RequestMapping(method = RequestMethod.GET, path = "target/{id}") - public @ResponseBody ResponseEntity> getSingle(@PathVariable String id, Principal principal) throws Exception { - Lock lock = this.lockManager.getFromTarget(id, principal); + public @ResponseBody ResponseEntity> getSingle(@PathVariable String id) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + Lock lock = this.lockManager.getFromTarget(id); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE).payload(lock)); } } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/ManagementController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/ManagementController.java index 7cbf9d197..df514d71c 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/ManagementController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/ManagementController.java @@ -1,13 +1,11 @@ package eu.eudat.controllers; -import eu.eudat.exceptions.datasetprofile.DatasetProfileNewVersionException; +import eu.eudat.authorization.Permission; import eu.eudat.logic.managers.DatasetProfileManager; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.logic.services.ApiContext; -import eu.eudat.models.data.admin.composite.DatasetProfile; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -22,17 +20,20 @@ import static eu.eudat.types.Authorities.ADMIN; @RequestMapping(value = {"/api/management/"}) public class ManagementController extends BaseController { - private DatasetProfileManager datasetProfileManager; + private final DatasetProfileManager datasetProfileManager; + private final AuthorizationService authorizationService; @Autowired - public ManagementController(ApiContext apiContext, DatasetProfileManager datasetProfileManager){ + public ManagementController(ApiContext apiContext, DatasetProfileManager datasetProfileManager, AuthorizationService authorizationService){ super(apiContext); this.datasetProfileManager = datasetProfileManager; + this.authorizationService = authorizationService; } @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/addSemantics"}) - public ResponseEntity addSemanticsInDatasetProfiles(@ClaimedAuthorities(claims = {ADMIN}) Principal principal) throws Exception { + public ResponseEntity addSemanticsInDatasetProfiles() throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole); try { this.datasetProfileManager.addSemanticsInDatasetProfiles(); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE)); @@ -43,7 +44,8 @@ public class ManagementController extends BaseController { @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/addRdaInSemantics"}) - public ResponseEntity addRdaInSemanticsInDatasetProfiles(@ClaimedAuthorities(claims = {ADMIN}) Principal principal) throws Exception { + public ResponseEntity addRdaInSemanticsInDatasetProfiles() throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole); try { this.datasetProfileManager.addRdaInSemanticsInDatasetProfiles(); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE)); diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/Organisations.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/Organisations.java index 9a6cfdee1..43ef3d378 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/Organisations.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/Organisations.java @@ -1,5 +1,6 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.data.query.items.table.organisations.OrganisationsTableRequest; import eu.eudat.logic.managers.OrganisationsManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; @@ -8,8 +9,8 @@ import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.dmp.Organisation; import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -25,12 +26,15 @@ import java.util.List; public class Organisations extends BaseController { private OrganisationsManager organisationsManager; + private final AuthorizationService authorizationService; private ApiContext apiContext; @Autowired - public Organisations(ApiContext apiContext, OrganisationsManager organisationsManager) { + public Organisations(ApiContext apiContext, OrganisationsManager organisationsManager, AuthorizationService authorizationService, ApiContext apiContext1) { super(apiContext); this.organisationsManager = organisationsManager; + this.authorizationService = authorizationService; + this.apiContext = apiContext1; } @RequestMapping(method = RequestMethod.GET, value = {"/external/organisations"}, produces = "application/json") @@ -44,15 +48,19 @@ public class Organisations extends BaseController { @RequestMapping(method = RequestMethod.POST, value = {"/general/organisations"}, produces = "application/json") public @ResponseBody - ResponseEntity>> listGeneralOrganisations(@RequestBody OrganisationsTableRequest organisationsTableRequest, Principal principal) throws Exception { - List organisations = organisationsManager.getWithExternal(organisationsTableRequest, principal); + ResponseEntity>> listGeneralOrganisations(@RequestBody OrganisationsTableRequest organisationsTableRequest) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + List organisations = organisationsManager.getWithExternal(organisationsTableRequest); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(organisations).status(ApiMessageCode.NO_MESSAGE)); } @RequestMapping(method = RequestMethod.POST, value = {"/internal/organisations"}, produces = "application/json") public @ResponseBody - ResponseEntity>> getPaged(@Valid @RequestBody OrganisationsTableRequest organisationsTableRequest, Principal principal) throws Exception{ - DataTableData organisationDataTableData = this.organisationsManager.getPagedOrganisations(organisationsTableRequest, principal); + ResponseEntity>> getPaged(@Valid @RequestBody OrganisationsTableRequest organisationsTableRequest) throws Exception{ + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + DataTableData organisationDataTableData = this.organisationsManager.getPagedOrganisations(organisationsTableRequest); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(organisationDataTableData).status(ApiMessageCode.NO_MESSAGE)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/Projects.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/Projects.java index 1cf583a7c..74c24204a 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/Projects.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/Projects.java @@ -1,5 +1,6 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.data.query.items.item.project.ProjectCriteriaRequest; import eu.eudat.logic.managers.ProjectManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; @@ -7,13 +8,14 @@ import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.helpers.responses.ResponseItem; import eu.eudat.models.data.project.Project; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; +import javax.management.InvalidApplicationException; import java.util.List; @RestController @@ -21,17 +23,21 @@ import java.util.List; @RequestMapping(value = {"/api/projects/"}) public class Projects extends BaseController { private ProjectManager projectManager; + private final AuthorizationService authorizationService; @Autowired - public Projects(ApiContext apiContext, ProjectManager projectManager) { + public Projects(ApiContext apiContext, ProjectManager projectManager, AuthorizationService authorizationService) { super(apiContext); this.projectManager = projectManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.POST, value = {"/external"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> getWithExternal(@RequestBody ProjectCriteriaRequest projectCriteria, Principal principal) throws NoURLFound, InstantiationException, HugeResultSet, IllegalAccessException { - List dataTable = this.projectManager.getCriteriaWithExternal(projectCriteria, principal); + ResponseEntity>> getWithExternal(@RequestBody ProjectCriteriaRequest projectCriteria) throws NoURLFound, InstantiationException, HugeResultSet, IllegalAccessException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + List dataTable = this.projectManager.getCriteriaWithExternal(projectCriteria); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(dataTable).status(ApiMessageCode.NO_MESSAGE)); } } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/PubRepositoriesController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/PubRepositoriesController.java index 12b0558b9..47511bc7f 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/PubRepositoriesController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/PubRepositoriesController.java @@ -1,18 +1,20 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.logic.managers.DataRepositoryManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.datarepository.DataRepositoryModel; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; +import javax.management.InvalidApplicationException; import java.util.List; @@ -22,19 +24,23 @@ import java.util.List; public class PubRepositoriesController extends BaseController { private DataRepositoryManager dataRepositoryManager; + private final AuthorizationService authorizationService; @Autowired - public PubRepositoriesController(ApiContext apiContext, DataRepositoryManager dataRepositoryManager) { + public PubRepositoriesController(ApiContext apiContext, DataRepositoryManager dataRepositoryManager, AuthorizationService authorizationService) { super(apiContext); this.dataRepositoryManager = dataRepositoryManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.GET, produces = "application/json") public @ResponseBody ResponseEntity>> listExternalDataRepositories( - @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type, Principal principal - ) throws HugeResultSet, NoURLFound { - List dataRepositoryModels = this.dataRepositoryManager.getPubRepositories(query, type, principal); + @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type + ) throws HugeResultSet, NoURLFound, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + List dataRepositoryModels = this.dataRepositoryManager.getPubRepositories(query, type); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(dataRepositoryModels)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/PublicationsController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/PublicationsController.java index 578cd9cbe..af182be6d 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/PublicationsController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/PublicationsController.java @@ -1,13 +1,14 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.logic.managers.PublicationManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.helpers.responses.ResponseItem; import eu.eudat.models.data.publication.PublicationModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -22,18 +23,22 @@ import java.util.List; public class PublicationsController extends BaseController { private PublicationManager publicationManager; + private final AuthorizationService authorizationService; @Autowired - public PublicationsController(ApiContext apiContext, PublicationManager publicationManager) { + public PublicationsController(ApiContext apiContext, PublicationManager publicationManager, AuthorizationService authorizationService) { super(apiContext); this.publicationManager = publicationManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.GET, produces = "application/json") public @ResponseBody ResponseEntity>> listExternalPublications( - @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type, Principal principal + @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type ) throws HugeResultSet, NoURLFound { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + List publicationModels = this.publicationManager.getPublications(query, type); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(publicationModels)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/QuickWizardController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/QuickWizardController.java index ee82cb14d..4c2da492e 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/QuickWizardController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/QuickWizardController.java @@ -1,6 +1,8 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.old.DescriptionTemplate; import eu.eudat.data.old.DMP; import eu.eudat.data.old.Funder; @@ -15,8 +17,8 @@ import eu.eudat.models.data.helpers.responses.ResponseItem; import eu.eudat.models.data.quickwizard.DatasetCreateWizardModel; import eu.eudat.models.data.quickwizard.DatasetDescriptionQuickWizardModel; import eu.eudat.models.data.quickwizard.QuickWizardModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -32,18 +34,24 @@ public class QuickWizardController extends BaseController { private QuickWizardManager quickWizardManager; private DatasetManager datasetManager; + private final AuthorizationService authorizationService; + private final UserScope userScope; @Autowired - public QuickWizardController(ApiContext apiContext, QuickWizardManager quickWizardManager, DatasetManager datasetManager) { + public QuickWizardController(ApiContext apiContext, QuickWizardManager quickWizardManager, DatasetManager datasetManager, AuthorizationService authorizationService, UserScope userScope) { super(apiContext); this.quickWizardManager = quickWizardManager; this.datasetManager = datasetManager; + this.authorizationService = authorizationService; + this.userScope = userScope; } @Transactional @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> addQuickWizardModel(@Valid @RequestBody QuickWizardModel quickWizard, Principal principal) throws Exception { + ResponseEntity> addQuickWizardModel(@Valid @RequestBody QuickWizardModel quickWizard) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + Funder funderEntity; //Create Funder @@ -52,7 +60,7 @@ public class QuickWizardController extends BaseController { } else if (quickWizard.getFunder().getExistFunder() == null && quickWizard.getFunder().getLabel() == null) { funderEntity = null; } else if (quickWizard.getFunder().getExistFunder() == null && quickWizard.getFunder().getLabel() != null) { - funderEntity = this.quickWizardManager.createOrUpdate(quickWizard.getFunder().toDataFunder(), principal); + funderEntity = this.quickWizardManager.createOrUpdate(quickWizard.getFunder().toDataFunder()); } else { funderEntity = quickWizard.getFunder().getExistFunder().toDataModel(); } @@ -64,7 +72,7 @@ public class QuickWizardController extends BaseController { } else if (quickWizard.getGrant().getExistGrant() == null && quickWizard.getGrant().getLabel() == null) { grantEntity = null; } else if (quickWizard.getGrant().getExistGrant() == null) { - grantEntity = this.quickWizardManager.createOrUpdate(quickWizard.getGrant().toDataGrant(), principal); + grantEntity = this.quickWizardManager.createOrUpdate(quickWizard.getGrant().toDataGrant()); } else { grantEntity = quickWizard.getGrant().getExistGrant().toDataModel(); } @@ -75,22 +83,22 @@ public class QuickWizardController extends BaseController { && quickWizard.getProject().getLabel() == null) { projectEntity = null; } else if (quickWizard.getProject().getExistProject() == null && quickWizard.getProject().getLabel() != null) { - projectEntity = this.quickWizardManager.createOrUpdate(quickWizard.getProject().toDataProject(), principal); + projectEntity = this.quickWizardManager.createOrUpdate(quickWizard.getProject().toDataProject()); } else { projectEntity = quickWizard.getProject().getExistProject().toDataModel(); } //Create Dmp - DataManagementPlan dataManagementPlan = quickWizard.getDmp().toDataDmp(grantEntity, projectEntity, principal); - DMP dmpEntity = this.quickWizardManager.createOrUpdate(dataManagementPlan, funderEntity, principal); + DataManagementPlan dataManagementPlan = quickWizard.getDmp().toDataDmp(grantEntity, projectEntity, userScope); + DMP dmpEntity = this.quickWizardManager.createOrUpdate(dataManagementPlan, funderEntity); //Create Datasets quickWizard.getDmp().setId(dmpEntity.getId()); for (DatasetDescriptionQuickWizardModel dataset : quickWizard.getDatasets().getDatasetsList()) { - DataManagementPlan dmp = quickWizard.getDmp().toDataDmp(grantEntity, projectEntity, principal); + DataManagementPlan dmp = quickWizard.getDmp().toDataDmp(grantEntity, projectEntity, userScope); DescriptionTemplate profile = quickWizard.getDmp().getDatasetProfile(); DatasetWizardModel datasetWizardModel = dataset.toDataModel(dmp, profile); - this.datasetManager.createOrUpdate(datasetWizardModel, principal); + this.datasetManager.createOrUpdate(datasetWizardModel); } return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Created")); @@ -98,12 +106,14 @@ public class QuickWizardController extends BaseController { @RequestMapping(method = RequestMethod.POST, value = {"/datasetcreate"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> addDatasetWizard(@RequestBody DatasetCreateWizardModel datasetCreateWizardModel, Principal principal) throws Exception{ + ResponseEntity> addDatasetWizard(@RequestBody DatasetCreateWizardModel datasetCreateWizardModel) throws Exception{ + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + for(DatasetDescriptionQuickWizardModel dataset : datasetCreateWizardModel.getDatasets().getDatasetsList()){ DescriptionTemplate profile = new DescriptionTemplate(); profile.setId(datasetCreateWizardModel.getDmpMeta().getDatasetProfile().getId()); profile.setLabel(datasetCreateWizardModel.getDmpMeta().getDatasetProfile().getLabel()); - this.datasetManager.createOrUpdate(dataset.toDataModel(datasetCreateWizardModel.getDmpMeta().getDmp(), profile), principal); + this.datasetManager.createOrUpdate(dataset.toDataModel(datasetCreateWizardModel.getDmpMeta().getDmp(), profile)); } return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Dataset added!")); diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/Registries.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/Registries.java index 04ddc71d7..c52009d2a 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/Registries.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/Registries.java @@ -1,5 +1,6 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.data.old.Registry; import eu.eudat.logic.managers.RegistryManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; @@ -7,14 +8,15 @@ import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.helpers.responses.ResponseItem; import eu.eudat.models.data.registries.RegistryModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; +import javax.management.InvalidApplicationException; import java.util.List; @@ -24,26 +26,32 @@ import java.util.List; public class Registries extends BaseController { private RegistryManager registryManager; + private final AuthorizationService authorizationService; @Autowired - public Registries(ApiContext apiContext, RegistryManager registryManager) { + public Registries(ApiContext apiContext, RegistryManager registryManager, AuthorizationService authorizationService) { super(apiContext); this.registryManager = registryManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.GET, value = {"/external/registries"}, produces = "application/json") public @ResponseBody ResponseEntity>> listExternalRegistries(@RequestParam(value = "query", required = false) String query - , @RequestParam(value = "type", required = false) String type, Principal principal) throws HugeResultSet, NoURLFound { - List registryModels = this.registryManager.getRegistries(query, type, principal); + , @RequestParam(value = "type", required = false) String type) throws HugeResultSet, NoURLFound, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + List registryModels = this.registryManager.getRegistries(query, type); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(registryModels).status(ApiMessageCode.NO_MESSAGE)); } @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/registries"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> create(@RequestBody RegistryModel registryModel, Principal principal) throws Exception { - Registry registry = this.registryManager.create(registryModel, principal); + ResponseEntity> create(@RequestBody RegistryModel registryModel) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + Registry registry = this.registryManager.create(registryModel); RegistryModel registryModel1 = new RegistryModel().fromDataModel(registry); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().payload(registryModel1).status(ApiMessageCode.SUCCESS_MESSAGE)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/Researchers.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/Researchers.java index b6f7b8da3..9f23f6d1e 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/Researchers.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/Researchers.java @@ -1,23 +1,23 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.data.query.items.item.researcher.ResearcherCriteriaRequest; import eu.eudat.logic.managers.ResearcherManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.dmp.Researcher; -import eu.eudat.models.data.external.ResearchersExternalSourcesModel; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; +import javax.management.InvalidApplicationException; import java.util.List; -import java.util.Map; @RestController @@ -27,24 +27,30 @@ import java.util.Map; public class Researchers extends BaseController { private ResearcherManager researcherManager; + private final AuthorizationService authorizationService; @Autowired - public Researchers(ApiContext apiContext, ResearcherManager researcherManager) { + public Researchers(ApiContext apiContext, ResearcherManager researcherManager, AuthorizationService authorizationService) { super(apiContext); this.researcherManager = researcherManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.POST, value = {"/getWithExternal"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> getWithExternal(@RequestBody ResearcherCriteriaRequest researcherCriteriaRequest, Principal principal) throws HugeResultSet, NoURLFound { - List dataTable = this.researcherManager.getCriteriaWithExternal(researcherCriteriaRequest, principal); + ResponseEntity>> getWithExternal(@RequestBody ResearcherCriteriaRequest researcherCriteriaRequest) throws HugeResultSet, NoURLFound, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + List dataTable = this.researcherManager.getCriteriaWithExternal(researcherCriteriaRequest); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(dataTable).status(ApiMessageCode.NO_MESSAGE)); } @Transactional @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> create(@RequestBody eu.eudat.models.data.researcher.Researcher researcher, Principal principal) throws Exception { - this.researcherManager.create(researcher, principal); + ResponseEntity> create(@RequestBody eu.eudat.models.data.researcher.Researcher researcher) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + this.researcherManager.create(researcher); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/Services.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/Services.java index 37146eef1..04de4a0a2 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/Services.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/Services.java @@ -1,20 +1,22 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.data.old.Service; import eu.eudat.logic.managers.ServiceManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.models.data.services.ServiceModel; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; +import javax.management.InvalidApplicationException; import java.util.List; @@ -24,27 +26,31 @@ import java.util.List; public class Services extends BaseController { private ServiceManager serviceManager; + private final AuthorizationService authorizationService; @Autowired - public Services(ApiContext apiContext, ServiceManager serviceManager) { + public Services(ApiContext apiContext, ServiceManager serviceManager, AuthorizationService authorizationService) { super(apiContext); this.serviceManager = serviceManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.GET, value = {"/external/services"}, produces = "application/json") public @ResponseBody ResponseEntity>> listExternalServices( - @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type, Principal principal - ) throws HugeResultSet, NoURLFound { - List serviceModels = this.serviceManager.getServices(query, type, principal); + @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type + ) throws HugeResultSet, NoURLFound, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + List serviceModels = this.serviceManager.getServices(query, type); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(serviceModels).status(ApiMessageCode.NO_MESSAGE)); } @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/services"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> create(@RequestBody ServiceModel serviceModel, Principal principal) throws Exception { - Service service = serviceManager.create(serviceModel, principal); + ResponseEntity> create(@RequestBody ServiceModel serviceModel) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + Service service = serviceManager.create(serviceModel); ServiceModel serviceModel1 = new ServiceModel().fromDataModel(service); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().payload(serviceModel1).status(ApiMessageCode.SUCCESS_MESSAGE)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/TaxonomiesController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/TaxonomiesController.java index a9f722e90..a83d7ef6e 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/TaxonomiesController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/TaxonomiesController.java @@ -1,13 +1,14 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.logic.managers.TaxonomyManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.models.data.taxonomy.TaxonomyModel; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -22,18 +23,22 @@ import java.util.List; public class TaxonomiesController extends BaseController { private TaxonomyManager taxonomyManager; + private final AuthorizationService authorizationService; @Autowired - public TaxonomiesController(ApiContext apiContext, TaxonomyManager taxonomyManager) { + public TaxonomiesController(ApiContext apiContext, TaxonomyManager taxonomyManager, AuthorizationService authorizationService) { super(apiContext); this.taxonomyManager = taxonomyManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.GET, produces = "application/json") public @ResponseBody ResponseEntity>> listExternalPublications( - @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type, Principal principal + @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type ) throws HugeResultSet, NoURLFound { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + List taxonomyModels = this.taxonomyManager.getTaxonomies(query, type); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.NO_MESSAGE).payload(taxonomyModels)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/UserInvitationController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/UserInvitationController.java index fa92f5fc0..014e24bd2 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/UserInvitationController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/UserInvitationController.java @@ -1,13 +1,14 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.data.query.items.item.userinfo.UserInfoRequestItem; import eu.eudat.logic.managers.InvitationsManager; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.helpers.responses.ResponseItem; import eu.eudat.models.data.invitation.Invitation; -import eu.eudat.models.data.security.Principal; import eu.eudat.models.data.userinfo.UserInfoInvitationModel; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -15,6 +16,8 @@ import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; import jakarta.xml.bind.JAXBException; + +import javax.management.InvalidApplicationException; import java.io.IOException; import java.util.List; import java.util.UUID; @@ -26,34 +29,42 @@ import java.util.UUID; public class UserInvitationController extends BaseController { private InvitationsManager invitationsManager; + private final AuthorizationService authorizationService; @Autowired - public UserInvitationController(ApiContext apiContext, InvitationsManager invitationsManager) { + public UserInvitationController(ApiContext apiContext, InvitationsManager invitationsManager, AuthorizationService authorizationService) { super(apiContext); this.invitationsManager = invitationsManager; + this.authorizationService = authorizationService; } @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/users"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> users(@RequestBody Invitation invitation, Principal principal) throws Exception { - this.invitationsManager.inviteUsers(invitation, principal); + ResponseEntity> users(@RequestBody Invitation invitation) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + this.invitationsManager.inviteUsers(invitation); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).message("Users have beeen invited")); } @Transactional @RequestMapping(method = RequestMethod.GET, value = {"/exchange/{invitationID}"}, produces = "application/json") public @ResponseBody - ResponseEntity> exchange(@PathVariable UUID invitationID, Principal principal) throws JAXBException, IOException { - UUID dmpId = invitationsManager.assignUserAcceptedInvitation(invitationID, principal); + ResponseEntity> exchange(@PathVariable UUID invitationID) throws JAXBException, IOException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + UUID dmpId = invitationsManager.assignUserAcceptedInvitation(invitationID); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.SUCCESS_MESSAGE).payload(dmpId)); } @RequestMapping(method = RequestMethod.POST, value = {"/getUsers"}, consumes = "application/json", produces = "application/json") public @ResponseBody -// ResponseEntity>> getUsers(Principal principal) throws IllegalAccessException, InstantiationException { - ResponseEntity>> getUsers(Principal principal, @RequestBody UserInfoRequestItem userInfoRequestItem) throws IllegalAccessException, InstantiationException { +// ResponseEntity>> getUsers() throws IllegalAccessException, InstantiationException { + ResponseEntity>> getUsers(@RequestBody UserInfoRequestItem userInfoRequestItem) throws IllegalAccessException, InstantiationException, InvalidApplicationException { // List users = invitationsManager.getUsers(principal); - List users = invitationsManager.getUsersWithCriteria(principal, userInfoRequestItem); + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + List users = invitationsManager.getUsersWithCriteria(userInfoRequestItem); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().status(ApiMessageCode.SUCCESS_MESSAGE).payload(users)); } } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/Users.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/Users.java index 5d9f396d5..5a2a117b0 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/Users.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/Users.java @@ -1,16 +1,17 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.query.items.table.userinfo.UserInfoTableRequestItem; import eu.eudat.logic.managers.UserManager; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.models.data.userinfo.UserCredential; import eu.eudat.models.data.userinfo.UserListingModel; import eu.eudat.models.data.userinfo.UserProfile; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -18,12 +19,13 @@ import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; import jakarta.validation.Valid; + +import javax.management.InvalidApplicationException; import java.io.IOException; import java.util.List; import java.util.Map; import java.util.UUID; -import static eu.eudat.types.Authorities.ADMIN; @RestController @@ -32,15 +34,22 @@ import static eu.eudat.types.Authorities.ADMIN; public class Users extends BaseController { private UserManager userManager; + private final AuthorizationService authorizationService; + private final UserScope userScope; + @Autowired - public Users(ApiContext apiContext, UserManager userManager) { + public Users(ApiContext apiContext, UserManager userManager, AuthorizationService authorizationService, UserScope userScope) { super(apiContext); this.userManager = userManager; + this.authorizationService = authorizationService; + this.userScope = userScope; } @RequestMapping(method = RequestMethod.POST, value = {"/getPaged"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> getPaged(@Valid @RequestBody UserInfoTableRequestItem userInfoTableRequestItem, @ClaimedAuthorities(claims = {ADMIN}) Principal principal) throws Exception { + ResponseEntity>> getPaged(@Valid @RequestBody UserInfoTableRequestItem userInfoTableRequestItem) throws Exception { + this.authorizationService.authorizeForce(Permission.AdminRole); + DataTableData dataTable = userManager.getPaged(userInfoTableRequestItem); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(dataTable).status(ApiMessageCode.NO_MESSAGE)); } @@ -48,23 +57,29 @@ public class Users extends BaseController { @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/updateRoles"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity> updateRoles(@Valid @RequestBody UserListingModel userListingModel, @ClaimedAuthorities(claims = {ADMIN}) Principal principal) { + ResponseEntity> updateRoles(@Valid @RequestBody UserListingModel userListingModel) throws InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AdminRole); + userManager.editRoles(userListingModel); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE)); } @RequestMapping(method = RequestMethod.GET, value = {"/{id}"}, produces = "application/json") public @ResponseBody - ResponseEntity> get(@PathVariable String id, Principal principal) throws Exception { - UUID userId = id.equals("me") ? principal.getId() : UUID.fromString(id); + ResponseEntity> get(@PathVariable String id) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + UUID userId = id.equals("me") ? this.userScope.getUserId() : UUID.fromString(id); UserProfile user = userManager.getSingle(userId); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().payload(user).status(ApiMessageCode.NO_MESSAGE)); } @RequestMapping(method = RequestMethod.GET, value = {"/{id}/emails"}, produces = "application/json") public @ResponseBody - ResponseEntity>> getEmails(@PathVariable String id, Principal principal) throws Exception { - UUID userId = id.equals("me") ? principal.getId() : UUID.fromString(id); + ResponseEntity>> getEmails(@PathVariable String id) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + UUID userId = id.equals("me") ? this.userScope.getUserId() : UUID.fromString(id); List user = userManager.getCredentials(userId); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(user).status(ApiMessageCode.NO_MESSAGE)); } @@ -72,27 +87,32 @@ public class Users extends BaseController { @Transactional @RequestMapping(method = RequestMethod.POST, value = {"/settings"}, produces = "application/json") public @ResponseBody - ResponseEntity> saveSettings(@RequestBody Map settings, Principal principal) throws IOException { - userManager.updateSettings(settings, principal); + ResponseEntity> saveSettings(@RequestBody Map settings) throws IOException, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + userManager.updateSettings(settings); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().status(ApiMessageCode.NO_MESSAGE)); } @RequestMapping(method = RequestMethod.POST, value = {"/getCollaboratorsPaged"}, consumes = "application/json", produces = "application/json") public @ResponseBody - ResponseEntity>> getCollaboratorsPaged(@Valid @RequestBody UserInfoTableRequestItem userInfoTableRequestItem, Principal principal) throws Exception { - DataTableData dataTable = userManager.getCollaboratorsPaged(userInfoTableRequestItem, principal); + ResponseEntity>> getCollaboratorsPaged(@Valid @RequestBody UserInfoTableRequestItem userInfoTableRequestItem) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + DataTableData dataTable = userManager.getCollaboratorsPaged(userInfoTableRequestItem); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem>().payload(dataTable).status(ApiMessageCode.NO_MESSAGE)); } @RequestMapping(method = RequestMethod.GET, value = {"/getCsv"}) public @ResponseBody - ResponseEntity exportCsv(@ClaimedAuthorities(claims = {ADMIN}) Principal principal) throws Exception { - return userManager.exportToCsv(principal); + ResponseEntity exportCsv() throws Exception { + return userManager.exportToCsv(); } @RequestMapping(method = RequestMethod.POST, value = {"/find"}, consumes = "application/json", produces = "application/json") public @ResponseBody ResponseEntity> find(@Valid @RequestBody String email) throws Exception { + this.authorizationService.authorizeForce(Permission.PublicRole); UserProfile userProfile = userManager.getFromEmail(email); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().payload(userProfile).status(ApiMessageCode.NO_MESSAGE)); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/Validation.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/Validation.java index 96be70f48..a5818ffd2 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/Validation.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/Validation.java @@ -1,12 +1,13 @@ package eu.eudat.controllers; +import eu.eudat.authorization.Permission; import eu.eudat.logic.managers.ValidationManager; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -18,19 +19,23 @@ import org.springframework.web.bind.annotation.*; public class Validation extends BaseController { private ValidationManager validationManager; + private final AuthorizationService authorizationService; @Autowired - public Validation(ApiContext apiContext, ValidationManager validationManager) { + public Validation(ApiContext apiContext, ValidationManager validationManager, AuthorizationService authorizationService) { super(apiContext); this.validationManager = validationManager; + this.authorizationService = authorizationService; } @RequestMapping(method = RequestMethod.GET, value = {"/external/validation"}, produces = "application/json") public @ResponseBody ResponseEntity> validate( - @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type, Principal principal + @RequestParam(value = "query", required = false) String query, @RequestParam(value = "type", required = false) String type ) throws HugeResultSet, NoURLFound { - Boolean isValid = this.validationManager.validateIdentifier(query, type, principal); + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + + Boolean isValid = this.validationManager.validateIdentifier(query, type); return ResponseEntity.status(HttpStatus.OK).body(new ResponseItem().payload(isValid).status(ApiMessageCode.NO_MESSAGE)); } } diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/controllerhandler/ControllerErrorHandler.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/controllerhandler/ControllerErrorHandler.java index a7cc8f88e..2cdfbda51 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/controllerhandler/ControllerErrorHandler.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/controllerhandler/ControllerErrorHandler.java @@ -1,11 +1,8 @@ package eu.eudat.controllers.controllerhandler; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.ApiMessageCode; -import eu.eudat.types.Authorities; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DescriptionTemplateTypeV2Controller.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DescriptionTemplateTypeV2Controller.java index e8df7549d..087b9a077 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DescriptionTemplateTypeV2Controller.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DescriptionTemplateTypeV2Controller.java @@ -3,17 +3,14 @@ package eu.eudat.controllers.v2; import eu.eudat.audit.AuditableAction; import eu.eudat.authorization.AuthorizationFlags; import eu.eudat.data.DescriptionTemplateTypeEntity; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.model.DescriptionTemplateType; import eu.eudat.model.builder.DescriptionTemplateTypeBuilder; import eu.eudat.model.censorship.DescriptionTemplateTypeCensor; import eu.eudat.model.persist.DescriptionTemplateTypePersist; import eu.eudat.model.result.QueryResult; -import eu.eudat.models.data.security.Principal; import eu.eudat.query.DescriptionTemplateTypeQuery; import eu.eudat.query.lookup.DescriptionTemplateTypeLookup; import eu.eudat.service.DescriptionTemplateTypeService; -import eu.eudat.types.Authorities; import gr.cite.tools.auditing.AuditService; import gr.cite.tools.data.builder.BuilderFactory; import gr.cite.tools.data.censor.CensorFactory; @@ -25,19 +22,14 @@ import gr.cite.tools.fieldset.FieldSet; import gr.cite.tools.logging.LoggerService; import gr.cite.tools.logging.MapLogEntry; import gr.cite.tools.validation.MyValidate; -import org.opensaml.xml.signature.Q; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.MessageSource; import org.springframework.context.i18n.LocaleContextHolder; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.http.ResponseEntity; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; import javax.management.InvalidApplicationException; -import java.io.IOException; import java.util.*; @RestController diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/PrincipalController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/PrincipalController.java index 344d5437a..eecece201 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/PrincipalController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/PrincipalController.java @@ -18,6 +18,8 @@ import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import eu.eudat.models.v2.Account; +import javax.management.InvalidApplicationException; + @RestController @CrossOrigin @RequestMapping(value = { "/api/principal/" }) @@ -39,7 +41,7 @@ public class PrincipalController { } @RequestMapping(path = "me", method = RequestMethod.GET ) - public ResponseEntity me(FieldSet fieldSet) { + public ResponseEntity me(FieldSet fieldSet) throws InvalidApplicationException { logger.debug("me"); if (fieldSet == null || fieldSet.isEmpty()) { diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/SupportiveMaterialController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/SupportiveMaterialController.java index 54ba60cd0..48285bf4e 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/SupportiveMaterialController.java +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/SupportiveMaterialController.java @@ -1,13 +1,13 @@ package eu.eudat.controllers.v2; +import eu.eudat.authorization.Permission; import eu.eudat.commons.enums.SupportiveMaterialFieldType; import eu.eudat.logic.managers.MetricsManager; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.model.persist.UserGuidePersist; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.service.supportivematerial.SupportiveMaterialService; import eu.eudat.types.ApiMessageCode; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.apache.commons.lang3.EnumUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.env.Environment; @@ -31,11 +31,13 @@ public class SupportiveMaterialController { private Environment environment; private SupportiveMaterialService supportiveMaterialService; + private final AuthorizationService authorizationService; @Autowired - public SupportiveMaterialController(Environment environment, SupportiveMaterialService supportiveMaterialService, MetricsManager metricsManager) { + public SupportiveMaterialController(Environment environment, SupportiveMaterialService supportiveMaterialService, MetricsManager metricsManager, AuthorizationService authorizationService) { this.environment = environment; this.supportiveMaterialService = supportiveMaterialService; + this.authorizationService = authorizationService; } @GetMapping("{lang}") @@ -50,7 +52,8 @@ public class SupportiveMaterialController { @PostMapping("current") public @ResponseBody - ResponseEntity> persist(@RequestBody UserGuidePersist guide, String field, @ClaimedAuthorities(claims = {ADMIN}) Principal principal) throws IOException { + ResponseEntity> persist(@RequestBody UserGuidePersist guide, String field) throws IOException { + this.authorizationService.authorizeForce(Permission.AdminRole); if( !EnumUtils.isValidEnum(SupportiveMaterialFieldType.class, field)){ return new ResponseEntity<>(HttpStatus.NOT_FOUND); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/handlers/PrincipalArgumentResolver.java b/dmp-backend/web/src/main/java/eu/eudat/logic/handlers/PrincipalArgumentResolver.java deleted file mode 100644 index f185cfe2e..000000000 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/handlers/PrincipalArgumentResolver.java +++ /dev/null @@ -1,86 +0,0 @@ -package eu.eudat.logic.handlers; - -import eu.eudat.commons.scope.user.UserScope; -import eu.eudat.exceptions.security.UnauthorisedException; -import eu.eudat.logic.security.claims.ClaimedAuthorities; -import eu.eudat.logic.services.operations.authentication.AuthenticationService; -import eu.eudat.models.data.security.Principal; -import eu.eudat.types.Authorities; -import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver; -import gr.cite.commons.web.oidc.principal.MyPrincipal; -import org.springframework.core.MethodParameter; -import org.springframework.web.bind.support.WebDataBinderFactory; -import org.springframework.web.context.request.NativeWebRequest; -import org.springframework.web.context.request.ServletWebRequest; -import org.springframework.web.method.support.HandlerMethodArgumentResolver; -import org.springframework.web.method.support.ModelAndViewContainer; - -import javax.management.InvalidApplicationException; -import java.lang.annotation.Annotation; -import java.util.*; - - -public final class PrincipalArgumentResolver implements HandlerMethodArgumentResolver { - - private AuthenticationService verifiedUserAuthenticationService; - private AuthenticationService nonVerifiedUserAuthenticationService; - private final UserScope userScope; - private final CurrentPrincipalResolver currentPrincipalResolver; - - public PrincipalArgumentResolver(AuthenticationService verifiedUserAuthenticationService, AuthenticationService nonVerifiedUserAuthenticationService, UserScope userScope, CurrentPrincipalResolver currentPrincipalResolver) { - this.verifiedUserAuthenticationService = verifiedUserAuthenticationService; - this.nonVerifiedUserAuthenticationService = nonVerifiedUserAuthenticationService; - this.userScope = userScope; - this.currentPrincipalResolver = currentPrincipalResolver; - } - - @Override - public boolean supportsParameter(MethodParameter methodParameter) { - return methodParameter.getParameterType().equals(Principal.class); - } - - @Override - public Object resolveArgument(MethodParameter methodParameter, ModelAndViewContainer modelAndViewContainer, NativeWebRequest nativeWebRequest, WebDataBinderFactory webDataBinderFactory) throws Exception { - MyPrincipal claimsPrincipal = this.currentPrincipalResolver.currentPrincipal(); - - boolean checkMailNull = ((ServletWebRequest) nativeWebRequest).getRequest().getRequestURI().startsWith("/api/emailConfirmation"); - AuthenticationService authenticationService = checkMailNull ? this.nonVerifiedUserAuthenticationService : this.verifiedUserAuthenticationService; - - Optional claimsAnnotation = Arrays.stream(methodParameter.getParameterAnnotations()).filter(annotation -> annotation.annotationType().equals(ClaimedAuthorities.class)).findAny(); - List claimList = claimsAnnotation.map(annotation -> Arrays.asList(((ClaimedAuthorities) annotation).claims())).orElse(Authorities.all()); - if (claimList.size() == 1 && claimList.get(0).equals(Authorities.ANONYMOUS)) { - return new Principal(); - } else if (claimList.contains(Authorities.ANONYMOUS) && !claimsPrincipal.isAuthenticated()) { - return new Principal(); - } - - if (!claimsPrincipal.isAuthenticated()) throw new UnauthorisedException("Authentication Information Is Missing"); - Principal principal; - if (checkMailNull){ - principal = authenticationService.Touch(claimsPrincipal); - } else { - UUID userId; - try{ - userId = checkMailNull ? null : this.userScope.getUserId(); - } catch (InvalidApplicationException e) { - throw new UnauthorisedException("Authentication Information Is Missing"); - } - principal = authenticationService.Touch(userId); - } - - if (principal == null) throw new UnauthorisedException("Authentication Information Missing"); - if (!claimList.contains(Authorities.ANONYMOUS) && !principal.isAuthorized(claimList)) - throw new UnauthorisedException("You are not Authorized For this Action"); - - return principal; - } - - private Date addADay(Date date) { - Date dt = new Date(); - Calendar c = Calendar.getInstance(); - c.setTime(dt); - c.add(Calendar.DATE, 1); - dt = c.getTime(); - return dt; - } -} \ No newline at end of file diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/AdminManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/AdminManager.java index cbb0e3b7b..8446d144c 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/AdminManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/AdminManager.java @@ -15,6 +15,7 @@ import eu.eudat.service.DescriptionTemplateTypeService; import org.w3c.dom.Document; import org.w3c.dom.Element; +import javax.management.InvalidApplicationException; import java.util.Date; import java.util.UUID; @@ -72,7 +73,7 @@ public class AdminManager { } - public static DescriptionTemplate inactivate(DatasetProfileDao datasetProfileRepository, DatasetDao datasetDao, String id) { + public static DescriptionTemplate inactivate(DatasetProfileDao datasetProfileRepository, DatasetDao datasetDao, String id) throws InvalidApplicationException { eu.eudat.data.dao.criteria.DatasetCriteria datasetsForThatDatasetProfile = new eu.eudat.data.dao.criteria.DatasetCriteria(); datasetsForThatDatasetProfile.setProfileDatasetId(UUID.fromString(id)); if (datasetDao.getWithCriteria(datasetsForThatDatasetProfile).count() == 0) { diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ContactEmailManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ContactEmailManager.java index 18b3057be..5714215c6 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ContactEmailManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ContactEmailManager.java @@ -1,31 +1,34 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.old.UserInfo; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.ContactEmail.ContactEmailModel; import eu.eudat.models.data.ContactEmail.PublicContactEmailModel; import eu.eudat.models.data.mail.SimpleMail; -import eu.eudat.models.data.security.Principal; import org.springframework.core.env.Environment; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import jakarta.mail.MessagingException; +import javax.management.InvalidApplicationException; + @Component public class ContactEmailManager { private ApiContext apiContext; private Environment environment; - + private final UserScope userScope; @Autowired - public ContactEmailManager(ApiContext apiContext, Environment environment) { + public ContactEmailManager(ApiContext apiContext, Environment environment, UserScope userScope) { this.apiContext = apiContext; this.environment = environment; + this.userScope = userScope; } - public void sendContactEmail(ContactEmailModel contactEmailModel, Principal principal) throws MessagingException { - UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); + public void sendContactEmail(ContactEmailModel contactEmailModel) throws MessagingException, InvalidApplicationException { + UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(this.userScope.getUserId()); SimpleMail mail = new SimpleMail(); String enrichedMail = contactEmailModel.getDescription() + "\n\n" + "Send by user: " + user.getEmail() ; mail.setSubject(contactEmailModel.getSubject()); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DashBoardManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DashBoardManager.java index 90d3ce664..7e090371e 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DashBoardManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DashBoardManager.java @@ -1,5 +1,6 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.dao.criteria.DataManagementPlanCriteria; import eu.eudat.data.dao.criteria.DatasetCriteria; import eu.eudat.data.dao.criteria.GrantCriteria; @@ -28,14 +29,16 @@ import eu.eudat.models.data.dashboard.statistics.DashBoardStatistics; import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.models.data.listingmodels.DataManagementPlanListingModel; import eu.eudat.models.data.listingmodels.DatasetListingModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.types.searchbar.SearchBarItemType; +import gr.cite.commons.web.oidc.principal.CurrentPrincipalResolver; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import jakarta.transaction.Transactional; + +import javax.management.InvalidApplicationException; import java.io.IOException; import java.lang.reflect.InvocationTargetException; import java.util.*; @@ -56,20 +59,24 @@ public class DashBoardManager { { "publishedAt", Comparator.comparing(o -> ((RecentActivityModel)o).getPublishedAt(), Comparator.nullsLast(Comparator.naturalOrder())).reversed()} }).collect(Collectors.toMap(data -> (String) data[0], data -> (Comparator)data[1])); - private ApiContext apiContext; - private DatabaseRepository databaseRepository; + private final ApiContext apiContext; + private final DatabaseRepository databaseRepository; private final DataManagementPlanManager dataManagementPlanManager; private final DatasetManager datasetManager; + private final CurrentPrincipalResolver currentPrincipalResolver; + private final UserScope userScope; @Autowired - public DashBoardManager(ApiContext apiContext, DataManagementPlanManager dataManagementPlanManager, DatasetManager datasetManager) { + public DashBoardManager(ApiContext apiContext, DataManagementPlanManager dataManagementPlanManager, DatasetManager datasetManager, CurrentPrincipalResolver currentPrincipalResolver, UserScope userScope) { this.apiContext = apiContext; this.databaseRepository = apiContext.getOperationsContext().getDatabaseRepository(); this.dataManagementPlanManager = dataManagementPlanManager; this.datasetManager = datasetManager; + this.currentPrincipalResolver = currentPrincipalResolver; + this.userScope = userScope; } - public DashBoardStatistics getStatistics() { + public DashBoardStatistics getStatistics() throws InvalidApplicationException { DashBoardStatistics statistics = new DashBoardStatistics(); DataManagementPlanCriteria publicCriteria = new DataManagementPlanCriteria(); @@ -104,7 +111,7 @@ public class DashBoardManager { return statistics; } - public DashBoardStatistics getMeStatistics(Principal principal) throws IOException { + public DashBoardStatistics getMeStatistics() throws IOException, InvalidApplicationException { Long datasets = 0L; Long dmps = 0L; DashBoardStatistics statistics = new DashBoardStatistics(); @@ -113,14 +120,14 @@ public class DashBoardManager { GrantDao grantRepository = databaseRepository.getGrantDao(); OrganisationDao organisationRepository = databaseRepository.getOrganisationDao(); UserInfo user = new UserInfo(); - user.setId(principal.getId()); + user.setId(this.userScope.getUserId()); DatasetCriteria datasetCriteria = new DatasetCriteria(); if (apiContext.getOperationsContext().getElasticRepository().getDatasetRepository() != null) { try { eu.eudat.elastic.criteria.DatasetCriteria datasetElasticCriteria = new eu.eudat.elastic.criteria.DatasetCriteria(); datasetElasticCriteria.setAllowAllVersions(false); datasetElasticCriteria.setPublic(false); - datasetElasticCriteria.setCollaborators(Collections.singletonList(principal.getId())); + datasetElasticCriteria.setCollaborators(Collections.singletonList(this.userScope.getUserId())); datasets = apiContext.getOperationsContext().getElasticRepository().getDatasetRepository().count(datasetElasticCriteria); }catch (Exception e) { logger.warn(e.getMessage(), e); @@ -135,7 +142,7 @@ public class DashBoardManager { eu.eudat.elastic.criteria.DmpCriteria dmpElasticCriteria = new eu.eudat.elastic.criteria.DmpCriteria(); dmpElasticCriteria.setAllowAllVersions(false); dmpElasticCriteria.setPublic(false); - dmpElasticCriteria.setCollaborators(Collections.singletonList(principal.getId())); + dmpElasticCriteria.setCollaborators(Collections.singletonList(this.userScope.getUserId())); dmps = apiContext.getOperationsContext().getElasticRepository().getDmpRepository().count(dmpElasticCriteria); }catch (Exception e) { logger.warn(e.getMessage(), e); @@ -154,7 +161,7 @@ public class DashBoardManager { List roles = new LinkedList<>(); if ((dmps == null || dmps == 0L) && (datasets == null || datasets == 0L)) { - CompletableFuture dmpFuture = dataManagementPlanRepository.getAuthenticated(dataManagementPlanRepository.getWithCriteria(dataManagementPlanCriteria), principal.getId(), roles).distinct().countAsync() + CompletableFuture dmpFuture = dataManagementPlanRepository.getAuthenticated(dataManagementPlanRepository.getWithCriteria(dataManagementPlanCriteria), this.userScope.getUserId(), roles).distinct().countAsync() .whenComplete((dmpsStats, throwable) -> statistics.setTotalDataManagementPlanCount(dmpsStats)); CompletableFuture datasetFuture = datasetRepository.getAuthenticated( datasetRepository.getWithCriteria(datasetCriteria), user, roles).distinct().countAsync() .whenComplete((datasetsStats, throwable) -> statistics.setTotalDataSetCount(datasetsStats)); @@ -173,13 +180,13 @@ public class DashBoardManager { } @Deprecated - public RecentActivity getRecentActivity(Principal principal, Integer numberofactivities) { + public RecentActivity getRecentActivity(Integer numberofactivities) throws InvalidApplicationException { RecentActivity activity = new RecentActivity(); DMPDao dataManagementPlanRepository = databaseRepository.getDmpDao(); DatasetDao datasetRepository = databaseRepository.getDatasetDao(); GrantDao grantRepository = databaseRepository.getGrantDao(); UserInfo user = new UserInfo(); - user.setId(principal.getId()); + user.setId(this.userScope.getUserId()); DatasetCriteria datasetCriteria = new DatasetCriteria(); datasetCriteria.setAllVersions(false); DataManagementPlanCriteria dataManagementPlanCriteria = new DataManagementPlanCriteria(); @@ -188,7 +195,7 @@ public class DashBoardManager { RecentActivityDataBuilder recentActivityDataBuilder = apiContext.getOperationsContext().getBuilderFactory().getBuilder(RecentActivityDataBuilder.class); List roles = new LinkedList<>(); - CompletableFuture> dmps = dataManagementPlanRepository.getAuthenticated(dataManagementPlanRepository.getWithCriteria(dataManagementPlanCriteria), principal.getId(), roles) + CompletableFuture> dmps = dataManagementPlanRepository.getAuthenticated(dataManagementPlanRepository.getWithCriteria(dataManagementPlanCriteria), this.userScope.getUserId(), roles) .withHint("dmpRecentActivity") .orderBy((builder, root) -> builder.desc(root.get("modified"))) .take(numberofactivities) @@ -214,12 +221,12 @@ public class DashBoardManager { } @Transactional - public List getNewRecentActivity(RecentActivityTableRequest tableRequest, Principal principal) throws Exception { - boolean isAuthenticated = principal.getId() != null; + public List getNewRecentActivity(RecentActivityTableRequest tableRequest) throws Exception { + boolean isAuthenticated = this.currentPrincipalResolver.currentPrincipal().isAuthenticated(); List recentActivityModels = new ArrayList<>(); UserInfo user = new UserInfo(); if (isAuthenticated) { - user.setId(principal.getId()); + user.setId(userScope.getUserId()); } DatasetCriteria datasetCriteria = new DatasetCriteria(); datasetCriteria.setLike(tableRequest.getCriteria().getLike()); @@ -243,7 +250,7 @@ public class DashBoardManager { dataManagementPlanTableRequest.setOrderings(tableRequest.getOrderings()); dataManagementPlanTableRequest.setLength(tableRequest.getLength()); dataManagementPlanTableRequest.setOffset(tableRequest.getDmpOffset()); - DataTableData dmps = this.dataManagementPlanManager.getPaged(dataManagementPlanTableRequest, principal, "listing"); + DataTableData dmps = this.dataManagementPlanManager.getPaged(dataManagementPlanTableRequest, "listing"); recentActivityModels.addAll(dmps.getData().stream().map(dataManagementPlanListingModel -> new RecentDmpModel().fromDataModel(dataManagementPlanListingModel.toDataModel())).collect(Collectors.toList())); DatasetTableRequest datasetTableRequest = new DatasetTableRequest(); datasetCriteria.setCollaborators(new ArrayList<>()); @@ -253,7 +260,7 @@ public class DashBoardManager { datasetTableRequest.getOrderings().getFields().removeIf(s -> s.contains("publishedAt") && !s.endsWith("|join|")); datasetTableRequest.setLength(tableRequest.getLength()); datasetTableRequest.setOffset(tableRequest.getDatasetOffset()); - DataTableData datasets = this.datasetManager.getPaged(datasetTableRequest, principal); + DataTableData datasets = this.datasetManager.getPaged(datasetTableRequest); recentActivityModels.addAll(datasets.getData().stream().map(datasetListingModel -> new RecentDatasetModel().fromDataModel(datasetListingModel.toDataModel())).collect(Collectors.toList())); //GK: Shuffle the deck otherwise we will summon the DMPodia when sorting with status @@ -290,9 +297,9 @@ public class DashBoardManager { return recentActivityModels; } - public List searchUserData(String like, Principal principal) { + public List searchUserData(String like) throws InvalidApplicationException { UserInfo user = new UserInfo(); - user.setId(principal.getId()); + user.setId(this.userScope.getUserIdSafe()); DMPDao dataManagementPlanRepository = databaseRepository.getDmpDao(); DatasetDao datasetRepository = databaseRepository.getDatasetDao(); GrantDao grantRepository = databaseRepository.getGrantDao(); @@ -316,8 +323,8 @@ public class DashBoardManager { .selectAsync(item -> new SearchBarItem(item.getId().toString(), item.getLabel(), SearchBarItemType.DATASET.getValue(), true)) .whenComplete((dataSetItems, throwable) -> searchBarItems.addAll(dataSetItems)); - if (principal.getId() != null) { - CompletableFuture> dmps = dataManagementPlanRepository.getAuthenticated(dataManagementPlanRepository.asQueryable(), principal.getId(), roles) + if (this.userScope.isSet()) { + CompletableFuture> dmps = dataManagementPlanRepository.getAuthenticated(dataManagementPlanRepository.asQueryable(), this.userScope.getUserId(), roles) .withHint("dmpRecentActivity") .where((builder, root) -> builder.like(builder.upper(root.get("label")), "%" + like.toUpperCase() + "%")) .where((builder, root) -> builder.notEqual(root.get("status"), DMP.DMPStatus.DELETED.getValue())) diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementPlanManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementPlanManager.java index abeb71ff6..1b6f47e5a 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementPlanManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementPlanManager.java @@ -2,6 +2,8 @@ package eu.eudat.logic.managers; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.ObjectMapper; +import eu.eudat.authorization.Permission; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.configurations.dynamicgrant.DynamicGrantConfiguration; import eu.eudat.configurations.dynamicgrant.entities.Property; import eu.eudat.data.dao.criteria.*; @@ -61,12 +63,12 @@ import eu.eudat.models.data.helpermodels.Tuple; import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.models.data.listingmodels.*; import eu.eudat.models.data.project.ProjectDMPEditorModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.models.data.user.composite.PagedDatasetProfile; import eu.eudat.models.data.userinfo.UserListingModel; import eu.eudat.queryable.QueryableList; import eu.eudat.types.Authorities; import eu.eudat.types.MetricNames; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.apache.poi.xwpf.usermodel.XWPFDocument; import org.apache.poi.xwpf.usermodel.XWPFParagraph; import org.apache.poi.xwpf.usermodel.XWPFRun; @@ -86,6 +88,8 @@ import jakarta.transaction.Transactional; import jakarta.xml.bind.JAXBContext; import jakarta.xml.bind.JAXBException; import jakarta.xml.bind.Unmarshaller; + +import javax.management.InvalidApplicationException; import java.io.*; import java.math.BigInteger; import java.nio.file.Files; @@ -120,10 +124,13 @@ public class DataManagementPlanManager { private final MetricsManager metricsManager; private final ConfigLoader configLoader; private List repositoriesDeposit; + private final UserScope userScope; + private final AuthorizationService authorizationService; + @Autowired public DataManagementPlanManager(ApiContext apiContext, DatasetManager datasetManager, DataManagementProfileManager dataManagementProfileManager, Environment environment, RDAManager rdaManager, UserManager userManager, - MetricsManager metricsManager, ConfigLoader configLoader, List repositoriesDeposit) { + MetricsManager metricsManager, ConfigLoader configLoader, List repositoriesDeposit, UserScope userScope, AuthorizationService authorizationService) { this.apiContext = apiContext; this.datasetManager = datasetManager; this.dataManagementProfileManager = dataManagementProfileManager; @@ -133,6 +140,8 @@ public class DataManagementPlanManager { this.userManager = userManager; this.metricsManager = metricsManager; this.configLoader = configLoader; + this.userScope = userScope; + this.authorizationService = authorizationService; this.objectMapper = new ObjectMapper(); this.repositoriesDeposit = repositoriesDeposit; } @@ -141,8 +150,8 @@ public class DataManagementPlanManager { * Data Retrieval * */ - public DataTableData getPaged(DataManagementPlanTableRequest dataManagementPlanTableRequest, Principal principal, String fieldsGroup) throws Exception { - UUID principalID = principal.getId(); + public DataTableData getPaged(DataManagementPlanTableRequest dataManagementPlanTableRequest, String fieldsGroup) throws Exception { + UUID principalID = userScope.getUserIdSafe(); List dmps = null; QueryableList items = null; QueryableList authItems = null; @@ -199,7 +208,11 @@ public class DataManagementPlanManager { datasetCriteria.setAllVersions(dataManagementPlanTableRequest.getCriteria().getAllVersions()); datasetCriteria.setIsPublic(dataManagementPlanTableRequest.getCriteria().getIsPublic()); datasetCriteria.setGroupIds(Collections.singletonList(dmp.getGroupId())); - dmp.setDataset(retrieveRelevantDatasets(datasetCriteria, principalID)); + try { + dmp.setDataset(retrieveRelevantDatasets(datasetCriteria, principalID)); + } catch (InvalidApplicationException e) { + throw new RuntimeException(e); + } return new DataManagementPlanListingModel().fromDataModelDatasets(dmp); @@ -224,7 +237,11 @@ public class DataManagementPlanManager { datasetCriteria.setIsPublic(true); datasetCriteria.setAllVersions(dataManagementPlanTableRequest.getCriteria().getAllVersions()); datasetCriteria.setGroupIds(Collections.singletonList(dmp.getGroupId())); - dmp.setDataset(retrieveRelevantDatasets(datasetCriteria)); + try { + dmp.setDataset(retrieveRelevantDatasets(datasetCriteria)); + } catch (InvalidApplicationException e) { + throw new RuntimeException(e); + } return new DataManagementPlanListingModel().fromDataModelDatasets(dmp); @@ -253,11 +270,11 @@ public class DataManagementPlanManager { return dataTable; } - private Set retrieveRelevantDatasets(DatasetCriteria datasetCriteria) { + private Set retrieveRelevantDatasets(DatasetCriteria datasetCriteria) throws InvalidApplicationException { return retrieveRelevantDatasets(datasetCriteria, null); } - private Set retrieveRelevantDatasets (DatasetCriteria datasetCriteria, UUID principal) { + private Set retrieveRelevantDatasets (DatasetCriteria datasetCriteria, UUID principal) throws InvalidApplicationException { QueryableList datasetItems = apiContext.getOperationsContext().getDatabaseRepository().getDatasetDao().getWithCriteria(datasetCriteria) .orderBy((builder, root) -> builder.desc(root.get("modified"))); if (principal != null) { @@ -288,12 +305,12 @@ public class DataManagementPlanManager { return datasetsSet; } - public eu.eudat.models.data.dmp.DataManagementPlan getSingle(String id, Principal principal, boolean isPublic, boolean includeDatasets) throws Exception { + public eu.eudat.models.data.dmp.DataManagementPlan getSingle(String id, boolean isPublic, boolean includeDatasets) throws Exception { eu.eudat.models.data.dmp.DataManagementPlan dataManagementPlan = new eu.eudat.models.data.dmp.DataManagementPlan(); DMP dataManagementPlanEntity = databaseRepository.getDmpDao().find(UUID.fromString(id)); - if (!isPublic && principal == null) { + if (!isPublic && !this.userScope.isSet()) { throw new UnauthorisedException(); - } else if (!isPublic && (dataManagementPlanEntity.getUsers().stream().noneMatch(userInfo -> userInfo.getUser().getId() == principal.getId()))) { + } else if (!isPublic && (dataManagementPlanEntity.getUsers().stream().noneMatch(userInfo -> userInfo.getUser().getId() == this.userScope.getUserIdSafe()))) { if (!dataManagementPlanEntity.isPublic()) { throw new UnauthorisedException(); } @@ -339,16 +356,16 @@ public class DataManagementPlanManager { return dataManagementPlan; } - public DataManagementPlanOverviewModel getOverviewSingle(String id, Principal principal, boolean isPublic) throws Exception { + public DataManagementPlanOverviewModel getOverviewSingle(String id, boolean isPublic) throws Exception { DMP dataManagementPlanEntity = databaseRepository.getDmpDao().find(UUID.fromString(id)); if (dataManagementPlanEntity.getStatus() == DMP.DMPStatus.DELETED.getValue()) { throw new Exception("DMP is deleted."); } - if (!isPublic && principal == null) { + if (!isPublic && !this.userScope.isSet()) { throw new UnauthorisedException(); } else if (!isPublic && dataManagementPlanEntity.getUsers() - .stream().noneMatch(userInfo -> userInfo.getUser().getId() == principal.getId())) { + .stream().noneMatch(userInfo -> userInfo.getUser().getId() == this.userScope.getUserIdSafe())) { throw new UnauthorisedException(); } else if (isPublic && !dataManagementPlanEntity.isPublic()) { throw new ForbiddenException("Selected DMP is not public"); @@ -406,9 +423,9 @@ public class DataManagementPlanManager { return result; } - public DataTableData getDatasetProfilesUsedByDMP(DatasetProfileTableRequestItem datasetProfileTableRequestItem, Principal principal) { + public DataTableData getDatasetProfilesUsedByDMP(DatasetProfileTableRequestItem datasetProfileTableRequestItem) throws InvalidApplicationException { datasetProfileTableRequestItem.getCriteria().setFilter(DatasetProfileCriteria.DatasetProfileFilter.DMPs.getValue()); - datasetProfileTableRequestItem.getCriteria().setUserId(principal.getId()); + datasetProfileTableRequestItem.getCriteria().setUserId(this.userScope.getUserId()); QueryableList items = apiContext.getOperationsContext().getDatabaseRepository().getDatasetProfileDao().getWithCriteria(datasetProfileTableRequestItem.getCriteria()); List listingModels = items.select(item -> new DatasetProfileListingModel().fromDataModel(item)); @@ -420,8 +437,8 @@ public class DataManagementPlanManager { return data; } - public List getAllVersions(String groupId, Principal principal, Boolean isPublic) { - UUID principalId = principal != null ? principal.getId() : null; + public List getAllVersions(String groupId, Boolean isPublic) throws InvalidApplicationException { + UUID principalId = this.userScope.getUserIdSafe(); List versions = new ArrayList<>(); QueryableList items = null; QueryableList authItems = null; @@ -452,7 +469,7 @@ public class DataManagementPlanManager { * */ @Transactional - public DMP createOrUpdate(DataManagementPlanEditorModel dataManagementPlan, Principal principal) throws Exception { + public DMP createOrUpdate(DataManagementPlanEditorModel dataManagementPlan) throws Exception { boolean setNotification = false; if (dataManagementPlan.getId() != null) { DMP dmp1 = apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().find(dataManagementPlan.getId()); @@ -460,7 +477,7 @@ public class DataManagementPlanManager { Instant dbTime = Instant.ofEpochMilli(dmp1.getModified().getTime()).truncatedTo(ChronoUnit.SECONDS); Instant modelTime = Instant.ofEpochMilli(dataManagementPlan.getModified().getTime()).truncatedTo(ChronoUnit.SECONDS); - if (!isUserOwnerOfDmp(dmp1, principal)) { + if (!isUserOwnerOfDmp(dmp1)) { throw new Exception("User not being the creator is not authorized to edit this DMP."); } if (dbTime.toEpochMilli() != modelTime.toEpochMilli()) { @@ -487,21 +504,21 @@ public class DataManagementPlanManager { if (newDmp.getStatus() == (int) DMP.DMPStatus.FINALISED.getValue()) { checkDmpValidationRules(newDmp); } - UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); + UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(this.userScope.getUserId()); newDmp.setCreator(user); - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.ORGANIZATIONS, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.ORGANIZATIONS)) { createOrganisationsIfTheyDontExist(newDmp, apiContext.getOperationsContext().getDatabaseRepository().getOrganisationDao()); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.RESEARCHERS, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.RESEARCHERS)) { createResearchersIfTheyDontExist(newDmp, apiContext.getOperationsContext().getDatabaseRepository().getResearcherDao(), user); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.FUNDER, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.FUNDER)) { createFunderIfItDoesntExist(newDmp, apiContext.getOperationsContext().getDatabaseRepository().getFunderDao()); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT)) { createGrantIfItDoesntExist(newDmp, apiContext.getOperationsContext().getDatabaseRepository().getGrantDao()); - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.PROJECT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.PROJECT)) { if (newDmp.getProject() != null && newDmp.getGrant() != null && (newDmp.getProject().getLabel() == null || newDmp.getProject().getLabel().trim().isEmpty())) { newDmp.setProject(newDmp.getProject().projectFromGrant(newDmp.getGrant())); } @@ -515,7 +532,7 @@ public class DataManagementPlanManager { } else dmp = new DMP(); newDmp.setCreated(dmp.getCreated() == null ? new Date() : dmp.getCreated()); - if (newDmp.getUsers()!= null && newDmp.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()) + if (newDmp.getUsers()!= null && newDmp.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == this.userScope.getUserIdSafe()) .collect(Collectors.toList()).size() == 0) { List userDMPList = new ArrayList<>(newDmp.getUsers()); for (UserInfoListingModel userInfoListingModel : dataManagementPlan.getUsers()) { @@ -527,16 +544,16 @@ public class DataManagementPlanManager { } } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT)) { if (newDmp.getGrant() != null && newDmp.getGrant().getType().equals(Grant.GrantType.INTERNAL.getValue())) { checkIfUserCanEditGrant(newDmp, user); } assignGrandUserIfInternal(newDmp, user); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.FUNDER, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.FUNDER)) { assignFunderUserIfInternal(newDmp, user); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.PROJECT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.PROJECT)) { assignProjectUserIfInternal(newDmp, user); } @@ -546,7 +563,7 @@ public class DataManagementPlanManager { } } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT)) { if (newDmp.getGrant() != null) { apiContext.getOperationsContext().getDatabaseRepository().getGrantDao().createOrUpdate(newDmp.getGrant()); } @@ -618,14 +635,14 @@ public class DataManagementPlanManager { return newDmp; } - public DMP createOrUpdateWithDatasets(DataManagementPlanEditorModel dataManagementPlan, Principal principal) throws Exception { + public DMP createOrUpdateWithDatasets(DataManagementPlanEditorModel dataManagementPlan) throws Exception { if (dataManagementPlan.getId() != null) { DMP dmp1 = apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().find(dataManagementPlan.getId()); Instant dbTime = Instant.ofEpochMilli(dmp1.getModified().getTime()).truncatedTo(ChronoUnit.SECONDS); Instant modelTime = Instant.ofEpochMilli(dataManagementPlan.getModified().getTime()).truncatedTo(ChronoUnit.SECONDS); - if (!isUserOwnerOfDmp(dmp1, principal)) { + if (!isUserOwnerOfDmp(dmp1)) { throw new Exception("User not being the creator is not authorized to edit this DMP."); } if (dbTime.toEpochMilli() != modelTime.toEpochMilli()) { @@ -645,25 +662,25 @@ public class DataManagementPlanManager { if (tempDMP.getStatus() == (int) DMP.DMPStatus.FINALISED.getValue()) { checkDmpValidationRules(tempDMP); } - UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); - if(this.dataManagementProfileManager.fieldInBlueprint(tempDMP.getProfile(), SystemFieldType.ORGANIZATIONS, principal)) { + UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(this.userScope.getUserId()); + if(this.dataManagementProfileManager.fieldInBlueprint(tempDMP.getProfile(), SystemFieldType.ORGANIZATIONS)) { createOrganisationsIfTheyDontExist(tempDMP, apiContext.getOperationsContext().getDatabaseRepository().getOrganisationDao()); } - if(this.dataManagementProfileManager.fieldInBlueprint(tempDMP.getProfile(), SystemFieldType.RESEARCHERS, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(tempDMP.getProfile(), SystemFieldType.RESEARCHERS)) { createResearchersIfTheyDontExist(tempDMP, apiContext.getOperationsContext().getDatabaseRepository().getResearcherDao(), user); } - if(this.dataManagementProfileManager.fieldInBlueprint(tempDMP.getProfile(), SystemFieldType.FUNDER, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(tempDMP.getProfile(), SystemFieldType.FUNDER)) { createFunderIfItDoesntExist(tempDMP, apiContext.getOperationsContext().getDatabaseRepository().getFunderDao()); } - if(this.dataManagementProfileManager.fieldInBlueprint(tempDMP.getProfile(), SystemFieldType.GRANT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(tempDMP.getProfile(), SystemFieldType.GRANT)) { createGrantIfItDoesntExist(tempDMP, apiContext.getOperationsContext().getDatabaseRepository().getGrantDao()); } - DMP result = createOrUpdate(dataManagementPlan, principal); + DMP result = createOrUpdate(dataManagementPlan); for (DatasetWizardModel datasetWizardModel: dataManagementPlan.getDatasets()) { datasetWizardModel.setDmp(new DataManagementPlan().fromDataModel(result)); - Dataset dataset = datasetManager.createOrUpdate(datasetWizardModel, principal); + Dataset dataset = datasetManager.createOrUpdate(datasetWizardModel); datasets.add(dataset); } @@ -675,9 +692,9 @@ public class DataManagementPlanManager { return result; } - public UUID newVersion(UUID uuid, DataManagementPlanNewVersionModel dataManagementPlan, Principal principal) throws Exception { + public UUID newVersion(UUID uuid, DataManagementPlanNewVersionModel dataManagementPlan) throws Exception { DMP oldDmp = databaseRepository.getDmpDao().find(uuid); - if (!isUserOwnerOfDmp(oldDmp, principal)) { + if (!isUserOwnerOfDmp(oldDmp)) { throw new Exception("User not being the creator is not authorized to perform this action."); } DataManagementPlanCriteria criteria = new DataManagementPlanCriteria(); @@ -693,20 +710,20 @@ public class DataManagementPlanManager { newDmp.setProfile(oldDmp.getProfile()); newDmp.setProperties(oldDmp.getProperties()); newDmp.setDmpProperties(oldDmp.getDmpProperties()); - UserInfo user = apiContext.getOperationsContext().getBuilderFactory().getBuilder(UserInfoBuilder.class).id(principal.getId()).build(); + UserInfo user = apiContext.getOperationsContext().getBuilderFactory().getBuilder(UserInfoBuilder.class).id(this.userScope.getUserId()).build(); newDmp.setCreator(user); - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.ORGANIZATIONS, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.ORGANIZATIONS)) { createOrganisationsIfTheyDontExist(newDmp, databaseRepository.getOrganisationDao()); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.RESEARCHERS, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.RESEARCHERS)) { createResearchersIfTheyDontExist(newDmp, databaseRepository.getResearcherDao(), user); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.FUNDER, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.FUNDER)) { createFunderIfItDoesntExist(newDmp, databaseRepository.getFunderDao()); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT)) { createGrantIfItDoesntExist(newDmp, databaseRepository.getGrantDao()); - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.PROJECT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.PROJECT)) { if (newDmp.getProject() != null && newDmp.getGrant() != null && (newDmp.getProject().getLabel() == null || newDmp.getProject().getLabel().trim().isEmpty())) { newDmp.setProject(newDmp.getProject().projectFromGrant(newDmp.getGrant())); } @@ -718,19 +735,19 @@ public class DataManagementPlanManager { newDmp.setVersion(oldDmp.getVersion() + 1); newDmp.setId(null); - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT)) { if (newDmp.getGrant() != null && newDmp.getGrant().getType().equals(Grant.GrantType.INTERNAL.getValue())) { checkIfUserCanEditGrant(newDmp, user); } assignGrandUserIfInternal(newDmp, user); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.FUNDER, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.FUNDER)) { assignFunderUserIfInternal(newDmp, user); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.PROJECT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.PROJECT)) { assignProjectUserIfInternal(newDmp, user); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT)) { if (newDmp.getGrant() != null) { if (newDmp.getGrant().getStartdate() == null) { newDmp.getGrant().setStartdate(new Date()); @@ -775,27 +792,27 @@ public class DataManagementPlanManager { } } - public UUID clone(UUID uuid, DataManagementPlanNewVersionModel dataManagementPlan, Principal principal) throws Exception { + public UUID clone(UUID uuid, DataManagementPlanNewVersionModel dataManagementPlan) throws Exception { DMP oldDmp = databaseRepository.getDmpDao().find(uuid); DMP newDmp = dataManagementPlan.toDataModel(); newDmp.setProfile(oldDmp.getProfile()); newDmp.setProperties(oldDmp.getProperties()); newDmp.setDmpProperties(oldDmp.getDmpProperties()); - UserInfo user = apiContext.getOperationsContext().getBuilderFactory().getBuilder(UserInfoBuilder.class).id(principal.getId()).build(); + UserInfo user = apiContext.getOperationsContext().getBuilderFactory().getBuilder(UserInfoBuilder.class).id(this.userScope.getUserId()).build(); newDmp.setCreator(user); - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.ORGANIZATIONS, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.ORGANIZATIONS)) { createOrganisationsIfTheyDontExist(newDmp, databaseRepository.getOrganisationDao()); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.RESEARCHERS, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.RESEARCHERS)) { createResearchersIfTheyDontExist(newDmp, databaseRepository.getResearcherDao(), user); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.FUNDER, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.FUNDER)) { createFunderIfItDoesntExist(newDmp, databaseRepository.getFunderDao()); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT)) { createGrantIfItDoesntExist(newDmp, databaseRepository.getGrantDao()); - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.PROJECT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.PROJECT)) { if (newDmp.getProject() != null && newDmp.getGrant() != null && (newDmp.getProject().getLabel() == null || newDmp.getProject().getLabel().trim().isEmpty())) { newDmp.setProject(newDmp.getProject().projectFromGrant(newDmp.getGrant())); } @@ -807,19 +824,19 @@ public class DataManagementPlanManager { newDmp.setVersion(0); newDmp.setId(null); - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT)) { if (newDmp.getGrant() != null && newDmp.getGrant().getType().equals(Grant.GrantType.INTERNAL.getValue())) { checkIfUserCanEditGrant(newDmp, user); } assignGrandUserIfInternal(newDmp, user); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.FUNDER, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.FUNDER)) { assignFunderUserIfInternal(newDmp, user); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.PROJECT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.PROJECT)) { assignProjectUserIfInternal(newDmp, user); } - if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT, principal)) { + if(this.dataManagementProfileManager.fieldInBlueprint(newDmp.getProfile(), SystemFieldType.GRANT)) { if (newDmp.getGrant() != null) { databaseRepository.getGrantDao().createOrUpdate(newDmp.getGrant()); } @@ -847,7 +864,7 @@ public class DataManagementPlanManager { return newDmp.getId(); } - public void delete(UUID uuid) throws DMPWithDatasetsDeleteException, IOException { + public void delete(UUID uuid) throws DMPWithDatasetsDeleteException, IOException, InvalidApplicationException { DatasetCriteria criteria = new DatasetCriteria(); List dmpIds = Collections.singletonList(uuid); criteria.setDmpIds(dmpIds); @@ -881,7 +898,7 @@ public class DataManagementPlanManager { UUID tdmpId = dmp.getId(); dmp.setUsers(new HashSet<>(apiContext.getOperationsContext().getDatabaseRepository().getUserDmpDao().asQueryable().where((builder, root) -> builder.equal(root.get("dmp").get("id"), tdmpId)).toList())); this.updateIndex(dmp); - } catch (IOException e) { + } catch (IOException | InvalidApplicationException e) { logger.error(e.getMessage(), e); } for (Dataset dataset: dmp.getDataset()) { @@ -900,7 +917,7 @@ public class DataManagementPlanManager { }); } - private void createResearchersIfTheyDontExist(DMP newDmp, ResearcherDao researcherRepository, UserInfo user) { + private void createResearchersIfTheyDontExist(DMP newDmp, ResearcherDao researcherRepository, UserInfo user) throws InvalidApplicationException { if (newDmp.getResearchers() != null && !newDmp.getResearchers().isEmpty()) { for (eu.eudat.data.old.Researcher researcher : newDmp.getResearchers()) { ResearcherCriteria criteria = new ResearcherCriteria(); @@ -916,7 +933,7 @@ public class DataManagementPlanManager { } } - private void createOrganisationsIfTheyDontExist(DMP newDmp, OrganisationDao organisationRepository) { + private void createOrganisationsIfTheyDontExist(DMP newDmp, OrganisationDao organisationRepository) throws InvalidApplicationException { if (newDmp.getOrganisations() != null && !newDmp.getOrganisations().isEmpty()) { for (Organisation organisation : newDmp.getOrganisations()) { boolean createNew = false; @@ -940,7 +957,7 @@ public class DataManagementPlanManager { } } - private void createGrantIfItDoesntExist(DMP newDmp, GrantDao grantDao) { + private void createGrantIfItDoesntExist(DMP newDmp, GrantDao grantDao) throws InvalidApplicationException { if (newDmp.getGrant() != null) { Grant grant = newDmp.getGrant(); GrantCriteria criteria = new GrantCriteria(); @@ -968,7 +985,7 @@ public class DataManagementPlanManager { } } - private void createFunderIfItDoesntExist(DMP newDmp, FunderDao funderDao) { + private void createFunderIfItDoesntExist(DMP newDmp, FunderDao funderDao) throws InvalidApplicationException { if (newDmp.getGrant() != null && newDmp.getGrant().getFunder() != null) { Funder funder = newDmp.getGrant().getFunder(); FunderCriteria criteria = new FunderCriteria(); @@ -986,7 +1003,7 @@ public class DataManagementPlanManager { } } - private void createProjectIfItDoesntExist(DMP newDmp, ProjectDao projectDao) { + private void createProjectIfItDoesntExist(DMP newDmp, ProjectDao projectDao) throws InvalidApplicationException { if (newDmp.getProject() != null) { Project project = newDmp.getProject(); ProjectCriteria criteria = new ProjectCriteria(); @@ -1013,7 +1030,7 @@ public class DataManagementPlanManager { metricsManager.increaseValue(MetricNames.PROJECT, 1, null); } - private void copyDatasets(DMP newDmp, DatasetDao datasetDao) { + private void copyDatasets(DMP newDmp, DatasetDao datasetDao) throws InvalidApplicationException { List> futures = new LinkedList<>(); for (Dataset dataset : newDmp.getDataset()) { Dataset tempDataset = datasetDao.find(dataset.getId()); @@ -1092,7 +1109,7 @@ public class DataManagementPlanManager { datasetElastic.setStatus(dataset1.getStatus()); datasetElastic.setDmp(dataset1.getDmp().getId()); datasetElastic.setGroup(dataset1.getDmp().getGroupId()); - if(this.dataManagementProfileManager.fieldInBlueprint(dataset1.getDmp().getProfile(), SystemFieldType.GRANT, null)) { + if(this.dataManagementProfileManager.fieldInBlueprint(dataset1.getDmp().getProfile(), SystemFieldType.GRANT)) { datasetElastic.setGrant(dataset1.getDmp().getGrant().getId()); } if (dataset1.getDmp().getUsers() != null) { @@ -1115,7 +1132,7 @@ public class DataManagementPlanManager { }).collect(Collectors.toList())); } datasetElastic.setPublic(dataset1.getDmp().isPublic()); - if(this.dataManagementProfileManager.fieldInBlueprint(dataset1.getDmp().getProfile(), SystemFieldType.GRANT, null)) { + if(this.dataManagementProfileManager.fieldInBlueprint(dataset1.getDmp().getProfile(), SystemFieldType.GRANT)) { datasetElastic.setGrantStatus(dataset1.getDmp().getGrant().getStatus()); } @@ -1136,10 +1153,10 @@ public class DataManagementPlanManager { } } - public void makePublic(UUID id, Principal principal) throws Exception { + public void makePublic(UUID id) throws Exception { DMP dmp = this.apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().find(id); // Check if dmp is finalized and if user is owner. - if (!isUserOwnerOfDmp(dmp, principal)) + if (!isUserOwnerOfDmp(dmp)) throw new Exception("User does not have the privilege to do this action."); if (!dmp.getStatus().equals(DMP.DMPStatus.FINALISED.getValue())) throw new Exception("DMP is not finalized"); @@ -1169,14 +1186,14 @@ public class DataManagementPlanManager { } }); }); - UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); + UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(this.userScope.getUserId()); sendNotification(dmp, user, NotificationType.DMP_PUBLISH); } @Transactional - public void makeFinalize(UUID id, Principal principal, DatasetsToBeFinalized datasetsToBeFinalized) throws Exception { + public void makeFinalize(UUID id, DatasetsToBeFinalized datasetsToBeFinalized) throws Exception { DMP dmp = this.apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().find(id); - if (!isUserOwnerOfDmp(dmp, principal)) + if (!isUserOwnerOfDmp(dmp)) throw new Exception("User does not have the privilege to do this action."); if (dmp.getStatus().equals(DMP.DMPStatus.FINALISED.getValue())) throw new Exception("DMP is already finalized"); @@ -1194,7 +1211,7 @@ public class DataManagementPlanManager { wizardModel = wizardModel.fromDataModel(dataset); wizardModel.setDatasetProfileDefinition(this.datasetManager.getPagedProfile(wizardModel, dataset)); try { - datasetManager.createOrUpdate(wizardModel, principal); + datasetManager.createOrUpdate(wizardModel); } catch (Exception e) { dataset.setStatus(status.getValue()); dataset.setFinalizedAt(finalizedDate); @@ -1247,7 +1264,7 @@ public class DataManagementPlanManager { UUID dmpId = dmp.getId(); dmp.setUsers(new HashSet<>(apiContext.getOperationsContext().getDatabaseRepository().getUserDmpDao().asQueryable().where((builder, root) -> builder.equal(root.get("dmp").get("id"), dmpId)).toList())); this.updateIndex(dmp); - UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); + UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(this.userScope.getUserId()); sendNotification(dmp, user, NotificationType.DMP_FINALISED); metricsManager.decreaseValue(MetricNames.DMP, 1, MetricNames.DRAFT); metricsManager.increaseValue(MetricNames.DMP, 1, MetricNames.FINALIZED); @@ -1256,9 +1273,9 @@ public class DataManagementPlanManager { metricsManager.increaseValue(MetricNames.DATASET, indexDatasets.size(), MetricNames.FINALIZED); } - public void undoFinalize(UUID id, Principal principal) throws Exception { + public void undoFinalize(UUID id) throws Exception { DMP dmp = this.apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().find(id); - if (!isUserOwnerOfDmp(dmp, principal)) + if (!isUserOwnerOfDmp(dmp)) throw new Exception("User does not have the privilege to do this action."); if (dmp.getStatus().equals(DMP.DMPStatus.ACTIVE.getValue())) throw new Exception("DMP is already Active"); @@ -1275,9 +1292,9 @@ public class DataManagementPlanManager { metricsManager.increaseValue(MetricNames.DMP, 1, MetricNames.DRAFT); } - public void updateUsers(UUID id, List users, Principal principal) throws Exception { + public void updateUsers(UUID id, List users) throws Exception { DMP dmp = this.apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().find(id); - if (!isUserOwnerOfDmp(dmp, principal)) + if (!isUserOwnerOfDmp(dmp)) throw new Exception("User does not have the privilege to do this action."); clearUsers(dmp); for (UserInfoListingModel userListing : users) { @@ -1291,18 +1308,18 @@ public class DataManagementPlanManager { * Export Data * */ - public FileEnvelope getWordDocument(String id, Principal principal, ConfigLoader configLoader) throws IOException { - return this.getWordDocument(id, principal, configLoader, true); + public FileEnvelope getWordDocument(String id, ConfigLoader configLoader) throws IOException, InvalidApplicationException { + return this.getWordDocument(id, configLoader, true); } - public FileEnvelope getWordDocument(String id, Principal principal, ConfigLoader configLoader, Boolean versioned) throws IOException { + public FileEnvelope getWordDocument(String id, ConfigLoader configLoader, Boolean versioned) throws IOException, InvalidApplicationException { WordBuilder wordBuilder = new WordBuilder(this.environment, configLoader); VisibilityRuleService visibilityRuleService = new VisibilityRuleServiceImpl(); DatasetWizardModel dataset = new DatasetWizardModel(); XWPFDocument document = configLoader.getDocument(); DMP dmpEntity = databaseRepository.getDmpDao().find(UUID.fromString(id)); - if (!dmpEntity.isPublic() && dmpEntity.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0) + if (!dmpEntity.isPublic() && dmpEntity.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == this.userScope.getUserIdSafe()).collect(Collectors.toList()).size() == 0) throw new UnauthorisedException(); wordBuilder.fillFirstPage(dmpEntity, null, document, false); @@ -1678,11 +1695,11 @@ public class DataManagementPlanManager { return exportEnvelope; } - private FileEnvelope getXmlDocument(String id, Principal principal) throws InstantiationException, IllegalAccessException, IOException { + private FileEnvelope getXmlDocument(String id) throws IOException, InvalidApplicationException { ExportXmlBuilder xmlBuilder = new ExportXmlBuilder(); VisibilityRuleService visibilityRuleService = new VisibilityRuleServiceImpl(); DMP dmp = databaseRepository.getDmpDao().find(UUID.fromString(id)); - if (!dmp.isPublic() && dmp.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0) + if (!dmp.isPublic() && dmp.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == this.userScope.getUserIdSafe()).collect(Collectors.toList()).size() == 0) throw new UnauthorisedException(); final Boolean isFinalized = dmp.getStatus() == DMP.DMPStatus.FINALISED.getValue(); final Boolean isPublic = dmp.isPublic(); @@ -1772,7 +1789,7 @@ public class DataManagementPlanManager { // Funder. Element funder = xmlDoc.createElement("funder"); - if (this.dataManagementProfileManager.fieldInBlueprint(dmp.getProfile(), SystemFieldType.GRANT, principal) && this.dataManagementProfileManager.fieldInBlueprint(dmp.getProfile(), SystemFieldType.FUNDER, principal)) { + if (this.dataManagementProfileManager.fieldInBlueprint(dmp.getProfile(), SystemFieldType.GRANT) && this.dataManagementProfileManager.fieldInBlueprint(dmp.getProfile(), SystemFieldType.FUNDER)) { Element funderLabel = xmlDoc.createElement("label"); Element funderId = xmlDoc.createElement("id"); funderLabel.setTextContent(dmp.getGrant().getFunder().getLabel()); @@ -1790,7 +1807,7 @@ public class DataManagementPlanManager { dmpElement.appendChild(funder); // Grant. Element grant = xmlDoc.createElement("grant"); - if (this.dataManagementProfileManager.fieldInBlueprint(dmp.getProfile(), SystemFieldType.GRANT, principal)) { + if (this.dataManagementProfileManager.fieldInBlueprint(dmp.getProfile(), SystemFieldType.GRANT)) { Element grantLabel = xmlDoc.createElement("label"); Element grantId = xmlDoc.createElement("id"); grantLabel.setTextContent(dmp.getGrant().getLabel()); @@ -1808,7 +1825,7 @@ public class DataManagementPlanManager { dmpElement.appendChild(grant); // Project. Element project = xmlDoc.createElement("project"); - if (this.dataManagementProfileManager.fieldInBlueprint(dmp.getProfile(), SystemFieldType.PROJECT, principal)) { + if (this.dataManagementProfileManager.fieldInBlueprint(dmp.getProfile(), SystemFieldType.PROJECT)) { Element projectId = xmlDoc.createElement("id"); Element projectLabel = xmlDoc.createElement("label"); Element projectDescription = xmlDoc.createElement("description"); @@ -1855,7 +1872,7 @@ public class DataManagementPlanManager { Element extraFields = xmlDoc.createElement("extraFields"); Map dmpProperties = new ObjectMapper().readValue(dmp.getProperties(), new TypeReference>() {}); - DataManagementPlanBlueprint blueprint = this.dataManagementProfileManager.getSingleBlueprint(dmp.getProfile().getId().toString(), principal).getDefinition(); + DataManagementPlanBlueprint blueprint = this.dataManagementProfileManager.getSingleBlueprint(dmp.getProfile().getId().toString()).getDefinition(); blueprint.getSections().forEach(section -> { section.getFields().forEach(fieldModel -> { if (fieldModel.getCategory() == FieldCategory.EXTRA) { @@ -1958,9 +1975,9 @@ public class DataManagementPlanManager { return fileEnvelope; } - public FileEnvelope getRDAJsonDocument(String id, Principal principal) throws Exception { + public FileEnvelope getRDAJsonDocument(String id) throws Exception { DMP dmp = databaseRepository.getDmpDao().find(UUID.fromString(id)); - if (!dmp.isPublic() && dmp.getUsers().stream().noneMatch(userInfo -> userInfo.getUser().getId() == principal.getId())) + if (!dmp.isPublic() && dmp.getUsers().stream().noneMatch(userInfo -> userInfo.getUser().getId() == this.userScope.getUserIdSafe())) throw new UnauthorisedException(); final boolean isFinalized = dmp.getStatus() == DMP.DMPStatus.FINALISED.getValue(); final boolean isPublic = dmp.isPublic(); @@ -1996,17 +2013,17 @@ public class DataManagementPlanManager { return rdaJsonDocument; } - public ResponseEntity getDocument(String id, String contentType, Principal principal, ConfigLoader configLoader) throws InstantiationException, IllegalAccessException, IOException { + public ResponseEntity getDocument(String id, String contentType, ConfigLoader configLoader) throws InstantiationException, IllegalAccessException, IOException, InvalidApplicationException { FileEnvelope file; switch (contentType) { case "application/xml": - file = getXmlDocument(id, principal); + file = getXmlDocument(id); break; case "application/msword": - file = getWordDocument(id, principal, configLoader); + file = getWordDocument(id, configLoader); break; default: - file = getXmlDocument(id, principal); + file = getXmlDocument(id); } String fileName = file.getFilename().replace(" ", "_").replace(",", "_"); InputStream resource = new FileInputStream(file.getFile()); @@ -2029,7 +2046,7 @@ public class DataManagementPlanManager { * Data Import * */ - public List createDmpFromXml(MultipartFile[] files, Principal principal, String[] profiles) throws IOException, JAXBException, Exception { + public List createDmpFromXml(MultipartFile[] files, String[] profiles) throws IOException, JAXBException, Exception { List dataManagementPlans = new ArrayList<>(); // Jaxb approach. JAXBContext jaxbContext; @@ -2070,7 +2087,7 @@ public class DataManagementPlanManager { } dm.setProperties(dmpPropertiesMap); - if (this.dataManagementProfileManager.fieldInBlueprint(dmpProfileImportModel.getDmpProfileId().toString(), SystemFieldType.FUNDER, principal)) { + if (this.dataManagementProfileManager.fieldInBlueprint(dmpProfileImportModel.getDmpProfileId().toString(), SystemFieldType.FUNDER)) { eu.eudat.models.data.funder.Funder funder = new eu.eudat.models.data.funder.Funder(); FunderImportModels funderImport = dataManagementPlans.get(0).getFunderImportModels(); funder.setId(funderImport.getId()); @@ -2081,7 +2098,7 @@ public class DataManagementPlanManager { dm.setFunder(funderEditor); } - if (this.dataManagementProfileManager.fieldInBlueprint(dmpProfileImportModel.getDmpProfileId().toString(), SystemFieldType.GRANT, principal)) { + if (this.dataManagementProfileManager.fieldInBlueprint(dmpProfileImportModel.getDmpProfileId().toString(), SystemFieldType.GRANT)) { eu.eudat.models.data.grant.Grant grant = new eu.eudat.models.data.grant.Grant(); GrantImportModels grantImport = dataManagementPlans.get(0).getGrantImport(); grant.setId(grantImport.getId()); @@ -2094,7 +2111,7 @@ public class DataManagementPlanManager { dm.setGrant(grantEditor); } - if (this.dataManagementProfileManager.fieldInBlueprint(dmpProfileImportModel.getDmpProfileId().toString(), SystemFieldType.PROJECT, principal)) { + if (this.dataManagementProfileManager.fieldInBlueprint(dmpProfileImportModel.getDmpProfileId().toString(), SystemFieldType.PROJECT)) { eu.eudat.models.data.project.Project project = new eu.eudat.models.data.project.Project(); ProjectImportModels projectImport = dataManagementPlans.get(0).getProjectImportModels(); project.setId(projectImport.getId()); @@ -2175,7 +2192,7 @@ public class DataManagementPlanManager { dm.setExtraProperties(extraPropertiesMap); //createOrUpdate(apiContext, dm, principal); - DMP dmp = this.createOrUpdate(dm, principal); + DMP dmp = this.createOrUpdate(dm); if (dmp.getOrganisations() == null) { dmp.setOrganisations(new HashSet<>()); } @@ -2212,7 +2229,7 @@ public class DataManagementPlanManager { DatasetWizardModel datasetWizard = new DatasetWizardModel(); datasetWizard.setDatasetProfileDefinition(this.datasetManager.getPagedProfile(datasetWizard, dataset)); datasetWizard.fromDataModel(dataset); - this.datasetManager.createOrUpdate(datasetWizard, principal); + this.datasetManager.createOrUpdate(datasetWizard); // datasets.add(new DatasetListingModel().fromDataModel(dataset)); } } @@ -2220,15 +2237,15 @@ public class DataManagementPlanManager { return dataManagementPlans; } - public List createFromRDA(MultipartFile[] files, Principal principal, String[] profiles) throws IOException { - if (principal.getId() == null) { + public List createFromRDA(MultipartFile[] files, String[] profiles) throws IOException, InvalidApplicationException { + if (!this.userScope.isSet()) { throw new UnauthorisedException("No user is logged in"); } List result = new ArrayList<>(); for (MultipartFile file: files) { DMP dmp = rdaManager.convertToEntity(new String(file.getBytes(), "UTF-8"), profiles); dmp.setLabel(file.getOriginalFilename()); - UserInfo me = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); + UserInfo me = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(this.userScope.getUserId()); dmp.setModified(new Date()); dmp.setCreator(me); Map extraProperties = objectMapper.readValue(dmp.getExtraProperties(), HashMap.class); @@ -2269,7 +2286,11 @@ public class DataManagementPlanManager { if (dmp.getResearchers() == null) { dmp.setResearchers(new HashSet<>()); } - dmp.setUsers(new HashSet<>(apiContext.getOperationsContext().getDatabaseRepository().getUserDmpDao().asQueryable().where((builder, root) -> builder.equal(root.get("dmp").get("id"), dmp.getId())).toList())); + try { + dmp.setUsers(new HashSet<>(apiContext.getOperationsContext().getDatabaseRepository().getUserDmpDao().asQueryable().where((builder, root) -> builder.equal(root.get("dmp").get("id"), dmp.getId())).toList())); + } catch (InvalidApplicationException e) { + throw new RuntimeException(e); + } try { List tags = new ArrayList<>(); eu.eudat.elastic.entities.Dataset elastic = apiContext.getOperationsContext().getElasticRepository().getDatasetRepository().findDocument(dataset.getId().toString()); @@ -2306,7 +2327,7 @@ public class DataManagementPlanManager { databaseRepository.getUserDmpDao().createOrUpdate(userDMP); } - private void clearUsers(DMP dmp) { + private void clearUsers(DMP dmp) throws InvalidApplicationException { List userDMPs = apiContext.getOperationsContext().getDatabaseRepository().getUserDmpDao().asQueryable().where(((builder, root) -> builder.equal(root.get("dmp").get("id"), dmp.getId()))).toList(); userDMPs.forEach(userDMP -> apiContext.getOperationsContext().getDatabaseRepository().getUserDmpDao().delete(userDMP)); } @@ -2333,7 +2354,7 @@ public class DataManagementPlanManager { * Data Index * */ - private void updateGroupIndex(UUID groupId) { + private void updateGroupIndex(UUID groupId) throws InvalidApplicationException { DataManagementPlanCriteria criteria = new DataManagementPlanCriteria(); criteria.setGroupIds(Collections.singletonList(groupId)); criteria.setAllVersions(true); @@ -2345,7 +2366,7 @@ public class DataManagementPlanManager { dmp.setUsers(new HashSet<>(apiContext.getOperationsContext().getDatabaseRepository().getUserDmpDao().asQueryable().where((builder, root) -> builder.equal(root.get("dmp").get("id"), dmpId)).toList())); } this.updateIndex(dmp); - } catch (IOException e) { + } catch (IOException | InvalidApplicationException e) { logger.error(e.getMessage(), e); } } @@ -2370,14 +2391,14 @@ public class DataManagementPlanManager { }); } - public void updateIndex(DMP dmp) throws IOException { + public void updateIndex(DMP dmp) throws IOException, InvalidApplicationException { DmpMapper mapper = new DmpMapper(apiContext, datasetManager); Dmp elastic = mapper.toElastic(dmp); apiContext.getOperationsContext().getElasticRepository().getDmpRepository().createOrUpdate(elastic); } - public void generateIndex(Principal principal) { - if (principal.getAuthorities().contains(Authorities.ADMIN.getValue())) { + public void generateIndex() throws InvalidApplicationException { + if (this.authorizationService.authorize(Permission.AdminRole)) { if (apiContext.getOperationsContext().getElasticRepository().getDmpRepository().createIndex()) { List dmps = apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().asQueryable().toList(); dmps.forEach(dmp -> { @@ -2385,7 +2406,7 @@ public class DataManagementPlanManager { UUID dmpId = dmp.getId(); dmp.setUsers(new HashSet<>(apiContext.getOperationsContext().getDatabaseRepository().getUserDmpDao().asQueryable().where((builder, root) -> builder.equal(root.get("dmp").get("id"), dmpId)).toList())); this.updateIndex(dmp); - } catch (IOException e) { + } catch (IOException | InvalidApplicationException e) { logger.error(e.getMessage(), e); } }); @@ -2393,8 +2414,8 @@ public class DataManagementPlanManager { } } - public void clearIndex(Principal principal) throws IOException { - if (principal.getAuthorities().contains(Authorities.ADMIN.getValue())) { + public void clearIndex() throws IOException { + if (this.authorizationService.authorize(Permission.AdminRole)) { apiContext.getOperationsContext().getElasticRepository().getDmpRepository().clear(); } } @@ -2430,15 +2451,15 @@ public class DataManagementPlanManager { } } - private boolean isUserOwnerOfDmp(DMP dmp, Principal principal) { - return (dmp.getUsers().stream().filter(userDMP -> userDMP.getRole().equals(UserDMP.UserDMPRoles.OWNER.getValue())).map(userDMP -> userDMP.getUser().getId())).collect(Collectors.toList()).contains(principal.getId()); + private boolean isUserOwnerOfDmp(DMP dmp) throws InvalidApplicationException { + return this.userScope.isSet() && (dmp.getUsers().stream().filter(userDMP -> userDMP.getRole().equals(UserDMP.UserDMPRoles.OWNER.getValue())).map(userDMP -> userDMP.getUser().getId())).collect(Collectors.toList()).contains(this.userScope.getUserId()); } /* * DOI Generation * */ - private String getPreviousDOI(UUID groupId, UUID selfId, String repositoryId) { + private String getPreviousDOI(UUID groupId, UUID selfId, String repositoryId) throws InvalidApplicationException { DataManagementPlanCriteria criteria = new DataManagementPlanCriteria(); List groupIds = new ArrayList<>(); groupIds.add(groupId); @@ -2462,16 +2483,16 @@ public class DataManagementPlanManager { return null; } - public Doi createDoi(DepositRequest depositRequest, Principal principal) throws Exception { + public Doi createDoi(DepositRequest depositRequest) throws Exception { DMP dmp = this.apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().find(UUID.fromString(depositRequest.getDmpId())); - if (!isUserOwnerOfDmp(dmp, principal)) + if (!isUserOwnerOfDmp(dmp)) throw new Exception("User is not authorized to invoke this action"); if (!dmp.getStatus().equals(DMP.DMPStatus.FINALISED.getValue())) throw new Exception("DMP is not finalized"); /*if (dmp.getDoi() != null) throw new Exception("DMP already has a DOI");*/ - FileEnvelope file = getWordDocument(depositRequest.getDmpId(), principal, configLoader); + FileEnvelope file = getWordDocument(depositRequest.getDmpId(), configLoader); String name = file.getFilename().substring(0, file.getFilename().length() - 5).replaceAll("[^a-zA-Z0-9_+ ]", "").replace(" ", "_").replace(",", "_"); File pdfFile = PDFUtils.convertToPDF(file, environment); eu.eudat.depositinterface.models.FileEnvelope pdfEnvelope = new eu.eudat.depositinterface.models.FileEnvelope(); @@ -2479,7 +2500,7 @@ public class DataManagementPlanManager { pdfEnvelope.setFilename(name + ".pdf"); eu.eudat.depositinterface.models.FileEnvelope rdaJsonFile = new eu.eudat.depositinterface.models.FileEnvelope(); try { - FileEnvelope rdaJsonDocument = getRDAJsonDocument(depositRequest.getDmpId(), principal); + FileEnvelope rdaJsonDocument = getRDAJsonDocument(depositRequest.getDmpId()); rdaJsonFile.setFile(rdaJsonDocument.getFile()); rdaJsonFile.setFilename(rdaJsonDocument.getFilename()); } catch (Exception e) { @@ -2533,7 +2554,7 @@ public class DataManagementPlanManager { } - private File createSupportingFilesZip(DMP dmp) throws IOException { + private File createSupportingFilesZip(DMP dmp) throws IOException, InvalidApplicationException { FileOutputStream fout = new FileOutputStream(this.environment.getProperty("temp.temp") + "supportingFiles.zip"); ZipOutputStream zout = new ZipOutputStream(fout); @@ -2565,7 +2586,7 @@ public class DataManagementPlanManager { * Misc * */ - private void sendNotification(DMP dmp, UserInfo user, NotificationType notificationType) { + private void sendNotification(DMP dmp, UserInfo user, NotificationType notificationType) throws InvalidApplicationException { List userDMPS = databaseRepository.getUserDmpDao().asQueryable().where(((builder, root) -> builder.equal(root.get("dmp").get("id"), dmp.getId()))).toList(); for (UserDMP userDMP : userDMPS) { if (!userDMP.getUser().getId().equals(user.getId())) { diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementProfileManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementProfileManager.java index f320c5ea9..42166d01b 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementProfileManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementProfileManager.java @@ -22,7 +22,6 @@ import eu.eudat.models.data.helpers.common.AutoCompleteLookupItem; import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.models.data.listingmodels.DataManagementPlanBlueprintListingModel; import eu.eudat.models.data.listingmodels.DataManagementPlanProfileListingModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.queryable.QueryableList; import eu.eudat.logic.services.ApiContext; import org.slf4j.Logger; @@ -33,6 +32,8 @@ import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Component; import jakarta.activation.MimetypesFileTypeMap; + +import javax.management.InvalidApplicationException; import javax.xml.xpath.*; import java.io.*; import java.nio.file.Files; @@ -63,7 +64,7 @@ public class DataManagementProfileManager { this.environment = environment; } - public DataTableData getPaged(DataManagementPlanProfileTableRequest dataManagementPlanProfileTableRequest, Principal principal) throws Exception { + public DataTableData getPaged(DataManagementPlanProfileTableRequest dataManagementPlanProfileTableRequest) throws Exception { QueryableList items = apiContext.getOperationsContext().getDatabaseRepository().getDmpProfileDao().getWithCriteria(dataManagementPlanProfileTableRequest.getCriteria()); QueryableList pagedItems = PaginationManager.applyPaging(items, dataManagementPlanProfileTableRequest); @@ -82,7 +83,7 @@ public class DataManagementProfileManager { return dataTable; } - public DataTableData getPagedBlueprint(DataManagementPlanBlueprintTableRequest dataManagementPlanBlueprintTableRequest, Principal principal) throws Exception { + public DataTableData getPagedBlueprint(DataManagementPlanBlueprintTableRequest dataManagementPlanBlueprintTableRequest) throws Exception { QueryableList items = apiContext.getOperationsContext().getDatabaseRepository().getDmpProfileDao().getWithCriteriaBlueprint(dataManagementPlanBlueprintTableRequest.getCriteria()); QueryableList pagedItems = PaginationManager.applyPaging(items, dataManagementPlanBlueprintTableRequest); @@ -96,26 +97,26 @@ public class DataManagementProfileManager { return dataTable; } - public DataManagementPlanProfileListingModel getSingle(String id, Principal principal) throws InstantiationException, IllegalAccessException { + public DataManagementPlanProfileListingModel getSingle(String id) throws InstantiationException, IllegalAccessException, InvalidApplicationException { DMPProfile dmpProfile = databaseRepository.getDmpProfileDao().find(UUID.fromString(id)); DataManagementPlanProfileListingModel dataManagementPlanProfileListingModel = new DataManagementPlanProfileListingModel(); dataManagementPlanProfileListingModel.fromDataModel(dmpProfile); return dataManagementPlanProfileListingModel; } - public DataManagementPlanBlueprintListingModel getSingleBlueprint(String id, Principal principal) { + public DataManagementPlanBlueprintListingModel getSingleBlueprint(String id) throws InvalidApplicationException { DMPProfile dmpProfile = databaseRepository.getDmpProfileDao().find(UUID.fromString(id)); DataManagementPlanBlueprintListingModel dataManagementPlanBlueprintListingModel = new DataManagementPlanBlueprintListingModel(); dataManagementPlanBlueprintListingModel.fromDataModel(dmpProfile); return dataManagementPlanBlueprintListingModel; } - public boolean fieldInBlueprint(String id, SystemFieldType type, Principal principal) { + public boolean fieldInBlueprint(String id, SystemFieldType type) throws InvalidApplicationException { DMPProfile dmpProfile = databaseRepository.getDmpProfileDao().find(UUID.fromString(id)); - return this.fieldInBlueprint(dmpProfile, type, principal); + return this.fieldInBlueprint(dmpProfile, type); } - public boolean fieldInBlueprint(DMPProfile dmpProfile, SystemFieldType type, Principal principal) { + public boolean fieldInBlueprint(DMPProfile dmpProfile, SystemFieldType type) { DataManagementPlanBlueprintListingModel dmpBlueprint = new DataManagementPlanBlueprintListingModel(); dmpBlueprint.fromDataModel(dmpProfile); for(Section section: dmpBlueprint.getDefinition().getSections()){ @@ -131,23 +132,23 @@ public class DataManagementProfileManager { return false; } - public List getWithCriteria(DataManagementPlanProfileCriteriaRequest dataManagementPlanProfileCriteriaRequest) throws IllegalAccessException, InstantiationException { + public List getWithCriteria(DataManagementPlanProfileCriteriaRequest dataManagementPlanProfileCriteriaRequest) throws IllegalAccessException, InstantiationException, InvalidApplicationException { QueryableList items = databaseRepository.getDmpProfileDao().getWithCriteria(dataManagementPlanProfileCriteriaRequest.getCriteria()); List datamanagementPlans = items.select(item -> new DataManagementPlanProfileListingModel().fromDataModel(item)); return datamanagementPlans; } - public void createOrUpdate(DataManagementPlanProfileListingModel dataManagementPlanProfileListingModel, Principal principal) throws Exception { + public void createOrUpdate(DataManagementPlanProfileListingModel dataManagementPlanProfileListingModel) throws Exception { DMPProfile dmpProfile = dataManagementPlanProfileListingModel.toDataModel(); apiContext.getOperationsContext().getDatabaseRepository().getDmpProfileDao().createOrUpdate(dmpProfile); } - public void createOrUpdateBlueprint(DataManagementPlanBlueprintListingModel dataManagementPlanBlueprintListingModel, Principal principal) throws Exception { + public void createOrUpdateBlueprint(DataManagementPlanBlueprintListingModel dataManagementPlanBlueprintListingModel) throws Exception { DMPProfile dmpProfile = dataManagementPlanBlueprintListingModel.toDataModel(); apiContext.getOperationsContext().getDatabaseRepository().getDmpProfileDao().createOrUpdate(dmpProfile); } - public void inactivate(String id) { + public void inactivate(String id) throws InvalidApplicationException { DMPProfile dmpProfile = databaseRepository.getDmpProfileDao().find(UUID.fromString(id)); DataManagementPlanCriteria dataManagementPlanCriteria = new DataManagementPlanCriteria(); dataManagementPlanCriteria.setProfile(dmpProfile); @@ -208,7 +209,7 @@ public class DataManagementProfileManager { return convFile; } - public List> getExternalAutocomplete(RequestItem lookupItem) throws XPathExpressionException { + public List> getExternalAutocomplete(RequestItem lookupItem) throws XPathExpressionException, InvalidApplicationException { DMPProfile dmpProfile = this.apiContext.getOperationsContext().getDatabaseRepository().getDmpProfileDao().find(UUID.fromString(lookupItem.getCriteria().getProfileID())); Field field = this.queryForField(dmpProfile.getDefinition(), lookupItem.getCriteria().getFieldID()); DmpProfileExternalAutoComplete data = field.getExternalAutocomplete(); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataRepositoryManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataRepositoryManager.java index b5a738f95..f24647209 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataRepositoryManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataRepositoryManager.java @@ -2,6 +2,7 @@ package eu.eudat.logic.managers; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.dao.criteria.DataRepositoryCriteria; import eu.eudat.data.old.DataRepository; import eu.eudat.logic.proxy.config.ExternalUrlCriteria; @@ -9,10 +10,10 @@ import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.datarepository.DataRepositoryModel; -import eu.eudat.models.data.security.Principal; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -24,25 +25,27 @@ import java.util.stream.Collectors; @Component public class DataRepositoryManager { private ApiContext apiContext; + private UserScope userScope; @Autowired - public DataRepositoryManager(ApiContext apiContext) { + public DataRepositoryManager(ApiContext apiContext, UserScope userScope) { this.apiContext = apiContext; + this.userScope = userScope; } - public DataRepository create(eu.eudat.models.data.datarepository.DataRepositoryModel dataRepositoryModel, Principal principal) throws Exception { + public DataRepository create(eu.eudat.models.data.datarepository.DataRepositoryModel dataRepositoryModel) throws Exception { DataRepository dataRepository = dataRepositoryModel.toDataModel(); - dataRepository.getCreationUser().setId(principal.getId()); + dataRepository.getCreationUser().setId(userScope.getUserId()); return apiContext.getOperationsContext().getDatabaseRepository().getDataRepositoryDao().createOrUpdate(dataRepository); } - public List getDataRepositories(String query, String type, Principal principal) throws HugeResultSet, NoURLFound { + public List getDataRepositories(String query, String type) throws HugeResultSet, NoURLFound, InvalidApplicationException { ExternalUrlCriteria externalUrlCriteria = new ExternalUrlCriteria(query); List> remoteRepos = this.apiContext.getOperationsContext().getRemoteFetcher().getRepositories(externalUrlCriteria, type); DataRepositoryCriteria criteria = new DataRepositoryCriteria(); if (!query.isEmpty()) criteria.setLike(query); - criteria.setCreationUserId(principal.getId()); + criteria.setCreationUserId(userScope.getUserId()); List dataRepositoryModels = new LinkedList<>(); if (type.equals("")) { @@ -55,13 +58,13 @@ public class DataRepositoryManager { return dataRepositoryModels; } - public List getPubRepositories(String query, String type, Principal principal) throws HugeResultSet, NoURLFound { + public List getPubRepositories(String query, String type) throws HugeResultSet, NoURLFound, InvalidApplicationException { ExternalUrlCriteria externalUrlCriteria = new ExternalUrlCriteria(query); List> remoteRepos = this.apiContext.getOperationsContext().getRemoteFetcher().getPubRepositories(externalUrlCriteria, type); DataRepositoryCriteria criteria = new DataRepositoryCriteria(); if (!query.isEmpty()) criteria.setLike(query); - criteria.setCreationUserId(principal.getId()); + criteria.setCreationUserId(userScope.getUserId()); List dataRepositoryModels = new LinkedList<>(); if (type.equals("")) { @@ -74,13 +77,13 @@ public class DataRepositoryManager { return dataRepositoryModels; } - public List getJournals(String query, String type, Principal principal) throws HugeResultSet, NoURLFound { + public List getJournals(String query, String type) throws HugeResultSet, NoURLFound, InvalidApplicationException { ExternalUrlCriteria externalUrlCriteria = new ExternalUrlCriteria(query); List> remoteRepos = this.apiContext.getOperationsContext().getRemoteFetcher().getJournals(externalUrlCriteria, type); DataRepositoryCriteria criteria = new DataRepositoryCriteria(); if (!query.isEmpty()) criteria.setLike(query); - criteria.setCreationUserId(principal.getId()); + criteria.setCreationUserId(userScope.getUserId()); List dataRepositoryModels = new LinkedList<>(); if (type.equals("")) { diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DatasetManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DatasetManager.java index 18694945d..6ad2c80de 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DatasetManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DatasetManager.java @@ -4,6 +4,8 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; +import eu.eudat.authorization.Permission; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.dao.criteria.*; import eu.eudat.data.dao.entities.DataRepositoryDao; import eu.eudat.data.dao.entities.DatasetDao; @@ -47,11 +49,11 @@ import eu.eudat.models.data.dmp.AssociatedProfile; import eu.eudat.models.data.dmp.DataManagementPlan; import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.models.data.listingmodels.DatasetListingModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.models.data.user.composite.PagedDatasetProfile; import eu.eudat.queryable.QueryableList; import eu.eudat.types.Authorities; import eu.eudat.types.MetricNames; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.apache.poi.xwpf.extractor.XWPFWordExtractor; import org.apache.poi.xwpf.usermodel.XWPFDocument; import org.apache.poi.xwpf.usermodel.XWPFParagraph; @@ -79,6 +81,8 @@ import jakarta.transaction.Transactional; import jakarta.xml.bind.JAXBContext; import jakarta.xml.bind.JAXBException; import jakarta.xml.bind.Unmarshaller; + +import javax.management.InvalidApplicationException; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.xpath.XPath; @@ -111,10 +115,12 @@ public class DatasetManager { private Environment environment; private final MetricsManager metricsManager; private final FileManager fileManager; + private final UserScope userScope; + private final AuthorizationService authorizationService; @Autowired public DatasetManager(ApiContext apiContext, UserManager userManager, ConfigLoader configLoader, Environment environment, MetricsManager metricsManager, - FileManager fileManager) { + FileManager fileManager, UserScope userScope, AuthorizationService authorizationService) { this.apiContext = apiContext; this.databaseRepository = apiContext.getOperationsContext().getDatabaseRepository(); this.datasetRepository = apiContext.getOperationsContext().getElasticRepository().getDatasetRepository(); @@ -124,9 +130,11 @@ public class DatasetManager { this.environment = environment; this.metricsManager = metricsManager; this.fileManager = fileManager; + this.userScope = userScope; + this.authorizationService = authorizationService; } - public DataTableData getPaged(DatasetTableRequest datasetTableRequest, Principal principal) throws Exception { + public DataTableData getPaged(DatasetTableRequest datasetTableRequest) throws Exception { DatasetCriteria datasetCriteria = new DatasetCriteria(); datasetCriteria.setLike(datasetTableRequest.getCriteria().getLike()); datasetCriteria.setDatasetTemplates(datasetTableRequest.getCriteria().getDatasetTemplates()); @@ -148,7 +156,7 @@ public class DatasetManager { if (datasetCriteria.getCollaborators() == null) { datasetCriteria.setSortCriteria(new ArrayList<>()); } - datasetCriteria.getCollaborators().add(principal.getId()); + datasetCriteria.getCollaborators().add(this.userScope.getUserId()); } if (datasetTableRequest.getCriteria().getGrantStatus() != null) { datasetCriteria.setGrantStatus(datasetTableRequest.getCriteria().getGrantStatus()); @@ -167,7 +175,7 @@ public class DatasetManager { datasets = null; } - UserInfo userInfo = builderFactory.getBuilder(UserInfoBuilder.class).id(principal.getId()).build(); + UserInfo userInfo = builderFactory.getBuilder(UserInfoBuilder.class).id(this.userScope.getUserIdSafe()).build(); // QueryableList items = databaseRepository.getDatasetDao().getWithCriteria(datasetTableRequest.getCriteria()).withHint(HintedModelFactory.getHint(DatasetListingModel.class)); QueryableList items; if (datasets != null) { @@ -188,7 +196,7 @@ public class DatasetManager { QueryableList pagedItems; QueryableList authItems; if (!datasetTableRequest.getCriteria().getIsPublic()) { - if (principal.getId() == null) { + if (this.userScope.getUserIdSafe() == null) { throw new UnauthorisedException("You are not allowed to access those datasets"); } if (datasetTableRequest.getCriteria().getRole() != null) { @@ -197,10 +205,10 @@ public class DatasetManager { authItems = databaseRepository.getDatasetDao().getAuthenticated(items, userInfo, roles).distinct(); pagedItems = PaginationManager.applyPaging(authItems, datasetTableRequest); } else { - if (principal.getId() != null && datasetTableRequest.getCriteria().getRole() != null) { + if (this.userScope.getUserIdSafe() != null && datasetTableRequest.getCriteria().getRole() != null) { items.where((builder, root) -> { Join userJoin = root.join("dmp", JoinType.LEFT).join("users", JoinType.LEFT); - return builder.and(builder.equal(userJoin.join("user", JoinType.LEFT).get("id"), principal.getId()), builder.equal(userJoin.get("role"), datasetTableRequest.getCriteria().getRole())); + return builder.and(builder.equal(userJoin.join("user", JoinType.LEFT).get("id"), this.userScope.getUserId()), builder.equal(userJoin.get("role"), datasetTableRequest.getCriteria().getRole())); }); } String[] strings = new String[1]; @@ -220,7 +228,7 @@ public class DatasetManager { return dataTable; } - public DataTableData getPaged(DatasetPublicTableRequest datasetTableRequest, Principal principal) throws Exception { + public DataTableData getPaged(DatasetPublicTableRequest datasetTableRequest) throws Exception { Long count = 0L; DatasetCriteria datasetCriteria = new DatasetCriteria(); datasetCriteria.setLike(datasetTableRequest.getCriteria().getLike()); @@ -256,10 +264,10 @@ public class DatasetManager { items = datasetTableRequest.applyCriteria(); } - if (principal.getId() != null && datasetTableRequest.getCriteria().getRole() != null) { + if (this.userScope.isSet() && datasetTableRequest.getCriteria().getRole() != null) { items.where((builder, root) -> { Join userJoin = root.join("dmp", JoinType.LEFT).join("users", JoinType.LEFT); - return builder.and(builder.equal(userJoin.join("user", JoinType.LEFT).get("id"), principal.getId()), builder.equal(userJoin.get("role"), datasetTableRequest.getCriteria().getRole())); + return builder.and(builder.equal(userJoin.join("user", JoinType.LEFT).get("id"), this.userScope.getUserId()), builder.equal(userJoin.get("role"), datasetTableRequest.getCriteria().getRole())); }); } List strings = new ArrayList<>(); @@ -281,11 +289,11 @@ public class DatasetManager { return dataTable; } - public DatasetWizardModel getSingle(String id, Principal principal) { + public DatasetWizardModel getSingle(String id) throws InvalidApplicationException { DatasetWizardModel dataset = new DatasetWizardModel(); Dataset datasetEntity = databaseRepository.getDatasetDao().find(UUID.fromString(id), HintedModelFactory.getHint(DatasetWizardModel.class)); if (datasetEntity.getDmp().getUsers() - .stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()) + .stream().filter(userInfo -> userInfo.getUser().getId() == this.userScope.getUserIdSafe()) .collect(Collectors.toList()).size() == 0 && !datasetEntity.getDmp().isPublic()) throw new UnauthorisedException(); dataset.setDatasetProfileDefinition(getPagedProfile(dataset, datasetEntity)); @@ -358,16 +366,16 @@ public class DatasetManager { } } - public DatasetOverviewModel getOverviewSingle(String id, Principal principal, boolean isPublic) throws Exception { + public DatasetOverviewModel getOverviewSingle(String id, boolean isPublic) throws Exception { Dataset datasetEntity = databaseRepository.getDatasetDao().find(UUID.fromString(id)); if (datasetEntity.getStatus() == Dataset.Status.DELETED.getValue()) { throw new Exception("Dataset is deleted."); } - if (!isPublic && principal == null) { + if (!isPublic && !this.userScope.isSet()) { throw new UnauthorisedException(); } else if (!isPublic && datasetEntity.getDmp().getUsers() - .stream().noneMatch(userInfo -> userInfo.getUser().getId() == principal.getId())) { + .stream().noneMatch(userInfo -> userInfo.getUser().getId() == this.userScope.getUserIdSafe())) { throw new UnauthorisedException(); } else if (isPublic && !datasetEntity.getDmp().isPublic()) { throw new ForbiddenException("Selected Dataset is not public"); @@ -378,7 +386,7 @@ public class DatasetManager { return dataset; } - public Dataset getEntitySingle(UUID id) { + public Dataset getEntitySingle(UUID id) throws InvalidApplicationException { return databaseRepository.getDatasetDao().find(id); } @@ -395,14 +403,14 @@ public class DatasetManager { return pagedDatasetProfile; } - private XWPFDocument getWordDocument(ConfigLoader configLoader, Dataset datasetEntity, VisibilityRuleService visibilityRuleService, Principal principal) throws IOException { + private XWPFDocument getWordDocument(ConfigLoader configLoader, Dataset datasetEntity, VisibilityRuleService visibilityRuleService) throws IOException { WordBuilder wordBuilder = new WordBuilder(this.environment, configLoader); DatasetWizardModel dataset = new DatasetWizardModel(); XWPFDocument document = configLoader.getDatasetDocument(); DMP dmpEntity = datasetEntity.getDmp(); - if (!dmpEntity.isPublic() && dmpEntity.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()).collect(Collectors.toList()).size() == 0) + if (!dmpEntity.isPublic() && dmpEntity.getUsers().stream().filter(userInfo -> userInfo.getUser().getId() == this.userScope.getUserIdSafe()).collect(Collectors.toList()).size() == 0) throw new UnauthorisedException(); wordBuilder.fillFirstPage(dmpEntity, datasetEntity, document, true); @@ -537,10 +545,10 @@ public class DatasetManager { // return exportFile; } - public FileEnvelope getWordDocumentFile(ConfigLoader configLoader, String id, VisibilityRuleService visibilityRuleService, Principal principal) throws IOException { + public FileEnvelope getWordDocumentFile(ConfigLoader configLoader, String id, VisibilityRuleService visibilityRuleService) throws IOException, InvalidApplicationException { Dataset datasetEntity = databaseRepository.getDatasetDao().find(UUID.fromString(id), HintedModelFactory.getHint(DatasetWizardModel.class)); if (!datasetEntity.getDmp().isPublic() && datasetEntity.getDmp().getUsers() - .stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()) + .stream().filter(userInfo -> userInfo.getUser().getId() == this.userScope.getUserIdSafe()) .collect(Collectors.toList()).size() == 0) throw new UnauthorisedException(); String label = datasetEntity.getLabel().replaceAll("[^a-zA-Z0-9+ ]", ""); @@ -548,7 +556,7 @@ public class DatasetManager { exportEnvelope.setFilename(label + ".docx"); String uuid = UUID.randomUUID().toString(); File exportFile = new File(this.environment.getProperty("temp.temp") + uuid + ".docx"); - XWPFDocument document = getWordDocument(configLoader, datasetEntity, visibilityRuleService, principal); + XWPFDocument document = getWordDocument(configLoader, datasetEntity, visibilityRuleService); FileOutputStream out = new FileOutputStream(exportFile); document.write(out); out.close(); @@ -564,12 +572,12 @@ public class DatasetManager { return extractor.getText();/*.replaceAll("\n\\s*", " ");*/ } - public FileEnvelope getXmlDocument(String id, VisibilityRuleService visibilityRuleService, Principal principal) throws InstantiationException, IllegalAccessException, IOException { + public FileEnvelope getXmlDocument(String id, VisibilityRuleService visibilityRuleService) throws InstantiationException, IllegalAccessException, IOException, InvalidApplicationException { ExportXmlBuilder xmlBuilder = new ExportXmlBuilder(); DatasetWizardModel dataset = new DatasetWizardModel(); Dataset datasetEntity = databaseRepository.getDatasetDao().find(UUID.fromString(id), HintedModelFactory.getHint(DatasetWizardModel.class)); if (!datasetEntity.getDmp().isPublic() && datasetEntity.getDmp().getUsers() - .stream().filter(userInfo -> userInfo.getUser().getId() == principal.getId()) + .stream().filter(userInfo -> userInfo.getUser().getId() == this.userScope.getUserIdSafe()) .collect(Collectors.toList()).size() == 0) throw new UnauthorisedException(); Map properties = new HashMap<>(); @@ -588,7 +596,7 @@ public class DatasetManager { return fileEnvelope; } - public Dataset createOrUpdate(DatasetWizardModel datasetWizardModel, Principal principal) throws Exception { + public Dataset createOrUpdate(DatasetWizardModel datasetWizardModel) throws Exception { Boolean sendNotification = false; Dataset tempDataset = null; DMP dmp = apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().find(datasetWizardModel.getDmp().getId()); @@ -620,7 +628,7 @@ public class DatasetManager { throw new Exception("Field value of " + failedField + " must be filled."); } } - UserInfo userInfo = apiContext.getOperationsContext().getBuilderFactory().getBuilder(UserInfoBuilder.class).id(principal.getId()).build(); + UserInfo userInfo = apiContext.getOperationsContext().getBuilderFactory().getBuilder(UserInfoBuilder.class).id(this.userScope.getUserId()).build(); dataset.setCreator(userInfo); createDataRepositoriesIfTheyDontExist(apiContext.getOperationsContext().getDatabaseRepository().getDataRepositoryDao(), dataset); @@ -651,7 +659,7 @@ public class DatasetManager { return dataset1; } - private void deleteOldFilesAndAddNew(DatasetWizardModel datasetWizardModel, UserInfo userInfo) throws JsonProcessingException { + private void deleteOldFilesAndAddNew(DatasetWizardModel datasetWizardModel, UserInfo userInfo) throws JsonProcessingException, InvalidApplicationException { // Files in DB for this entityId which are NOT DELETED List fileUploads = fileManager.getCurrentFileUploadsForEntityId(datasetWizardModel.getId()); List fileUploadIds = fileUploads.stream().map(fileUpload -> fileUpload.getId().toString()).collect(Collectors.toList()); @@ -689,7 +697,7 @@ public class DatasetManager { }); } - private void sendNotification(Dataset dataset, DMP dmp, UserInfo user, NotificationType notificationType) { + private void sendNotification(Dataset dataset, DMP dmp, UserInfo user, NotificationType notificationType) throws InvalidApplicationException { List userDMPS = databaseRepository.getUserDmpDao().asQueryable().where(((builder, root) -> builder.equal(root.get("dmp").get("id"), dmp.getId()))).toList(); for (UserDMP userDMP : userDMPS) { if (!userDMP.getUser().getId().equals(user.getId())) { @@ -853,7 +861,7 @@ public class DatasetManager { - private void createRegistriesIfTheyDontExist(RegistryDao registryDao, Dataset dataset) { + private void createRegistriesIfTheyDontExist(RegistryDao registryDao, Dataset dataset) throws InvalidApplicationException { if (dataset.getRegistries() != null && !dataset.getRegistries().isEmpty()) { for (Registry registry : dataset.getRegistries()) { RegistryCriteria criteria = new RegistryCriteria(); @@ -868,7 +876,7 @@ public class DatasetManager { } } - private void createDataRepositoriesIfTheyDontExist(DataRepositoryDao dataRepositoryDao, Dataset dataset) { + private void createDataRepositoriesIfTheyDontExist(DataRepositoryDao dataRepositoryDao, Dataset dataset) throws InvalidApplicationException { if (dataset.getDatasetDataRepositories() != null && !dataset.getDatasetDataRepositories().isEmpty()) { for (DatasetDataRepository datasetDataRepository : dataset.getDatasetDataRepositories()) { DataRepositoryCriteria criteria = new DataRepositoryCriteria(); @@ -889,7 +897,7 @@ public class DatasetManager { } } - private void createServicesIfTheyDontExist(Dataset dataset) { + private void createServicesIfTheyDontExist(Dataset dataset) throws InvalidApplicationException { if (dataset.getServices() != null && !dataset.getServices().isEmpty()) { for (DatasetService service : dataset.getServices()) { ServiceCriteria criteria = new ServiceCriteria(); @@ -906,7 +914,7 @@ public class DatasetManager { } } - private void createExternalDatasetsIfTheyDontExist(Dataset dataset) { + private void createExternalDatasetsIfTheyDontExist(Dataset dataset) throws InvalidApplicationException { if (dataset.getDatasetExternalDatasets() != null && !dataset.getDatasetExternalDatasets().isEmpty()) { for (DatasetExternalDataset datasetExternalDataset : dataset.getDatasetExternalDatasets()) { ExternalDatasetCriteria criteria = new ExternalDatasetCriteria(); @@ -935,8 +943,8 @@ public class DatasetManager { metricsManager.increaseValue(MetricNames.DATASET, 1, MetricNames.PUBLISHED); } - public ResponseEntity getDocument(String id, VisibilityRuleService visibilityRuleService, String contentType, Principal principal) throws IllegalAccessException, IOException, InstantiationException { - FileEnvelope envelope = getXmlDocument(id, visibilityRuleService, principal); + public ResponseEntity getDocument(String id, VisibilityRuleService visibilityRuleService, String contentType) throws IllegalAccessException, IOException, InstantiationException, InvalidApplicationException { + FileEnvelope envelope = getXmlDocument(id, visibilityRuleService); InputStream resource = new FileInputStream(envelope.getFile()); logger.info("Mime Type of " + envelope.getFilename() + " is " + new MimetypesFileTypeMap().getContentType(envelope.getFile())); @@ -957,7 +965,7 @@ public class DatasetManager { HttpStatus.OK); } - public Dataset createDatasetFromXml(MultipartFile importFile, String dmpId, String datasetProfileId, Principal principal) throws JAXBException, IOException { + public Dataset createDatasetFromXml(MultipartFile importFile, String dmpId, String datasetProfileId) throws JAXBException, IOException, InvalidApplicationException { DatasetImportPagedDatasetProfile importModel = new DatasetImportPagedDatasetProfile(); JAXBContext jaxbContext; @@ -1013,7 +1021,7 @@ public class DatasetManager { profile.setId(UUID.fromString(datasetProfileId)); entity.setProfile(profile); - UserInfo userInfo = apiContext.getOperationsContext().getBuilderFactory().getBuilder(UserInfoBuilder.class).id(principal.getId()).build(); + UserInfo userInfo = apiContext.getOperationsContext().getBuilderFactory().getBuilder(UserInfoBuilder.class).id(this.userScope.getUserId()).build(); entity.setCreator(userInfo); updateTagsXmlImportDataset(apiContext.getOperationsContext().getElasticRepository().getDatasetRepository(), entity); @@ -1030,7 +1038,7 @@ public class DatasetManager { // TODO: When tags functionality return. } - public DatasetWizardModel datasetUpdateProfile(String id) { + public DatasetWizardModel datasetUpdateProfile(String id) throws InvalidApplicationException { DatasetWizardModel dataset = new DatasetWizardModel(); Dataset datasetEntity = databaseRepository.getDatasetDao().find(UUID.fromString(id), HintedModelFactory.getHint(DatasetWizardModel.class)); dataset.setDatasetProfileDefinition(getPagedProfile(dataset, datasetEntity)); @@ -1083,9 +1091,9 @@ public class DatasetManager { return pagedDatasetProfile; } - public DataTableData getDatasetProfilesUsedByDatasets(DatasetProfileTableRequestItem datasetProfileTableRequestItem, Principal principal) { + public DataTableData getDatasetProfilesUsedByDatasets(DatasetProfileTableRequestItem datasetProfileTableRequestItem) throws InvalidApplicationException { datasetProfileTableRequestItem.getCriteria().setFilter(DatasetProfileCriteria.DatasetProfileFilter.Datasets.getValue()); - datasetProfileTableRequestItem.getCriteria().setUserId(principal.getId()); + datasetProfileTableRequestItem.getCriteria().setUserId(this.userScope.getUserId()); QueryableList items = apiContext.getOperationsContext().getDatabaseRepository().getDatasetProfileDao().getWithCriteria(datasetProfileTableRequestItem.getCriteria()); List listingModels = items.select(item -> new DatasetProfileListingModel().fromDataModel(item)); @@ -1097,8 +1105,8 @@ public class DatasetManager { return data; } - public void generateIndex(Principal principal) { - if (principal.getAuthorities().contains(Authorities.ADMIN.getValue())) { + public void generateIndex() throws InvalidApplicationException { + if (this.authorizationService.authorize(Permission.AdminRole)) { this.apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().asQueryable().toList(); List datasetEntities = new ArrayList<>(this.apiContext.getOperationsContext().getDatabaseRepository().getDatasetDao().asQueryable().toList()); datasetEntities.forEach(datasetEntity -> { @@ -1114,8 +1122,8 @@ public class DatasetManager { } } - public void clearIndex(Principal principal) { - if (principal.getAuthorities().contains(Authorities.ADMIN.getValue())) { + public void clearIndex() { + if (this.authorizationService.authorize(Permission.AdminRole)) { try { this.apiContext.getOperationsContext().getElasticRepository().getDatasetRepository().clear(); } catch (IOException e) { @@ -1124,7 +1132,7 @@ public class DatasetManager { } } - public void getTagsFromProfile(DatasetWizardModel wizardModel, Dataset dataset) throws IOException { + public void getTagsFromProfile(DatasetWizardModel wizardModel, Dataset dataset) throws IOException, InvalidApplicationException { dataset.setProfile(apiContext.getOperationsContext().getDatabaseRepository().getDatasetProfileDao().find(dataset.getProfile().getId())); wizardModel.setDatasetProfileDefinition(this.getPagedProfile(wizardModel, dataset)); ObjectMapper mapper = new ObjectMapper(); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DatasetProfileManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DatasetProfileManager.java index 7c9b18a8b..5ba065e23 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DatasetProfileManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DatasetProfileManager.java @@ -1,5 +1,7 @@ package eu.eudat.logic.managers; +import eu.eudat.authorization.Permission; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.dao.criteria.DatasetProfileCriteria; import eu.eudat.data.old.DescriptionTemplate; import eu.eudat.data.old.UserDatasetProfile; @@ -26,11 +28,11 @@ import eu.eudat.models.data.externaldataset.ExternalAutocompleteFieldModel; import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.models.data.listingmodels.UserInfoListingModel; import eu.eudat.models.data.mail.SimpleMail; -import eu.eudat.models.data.security.Principal; import eu.eudat.queryable.QueryableList; import eu.eudat.service.DescriptionTemplateTypeService; import eu.eudat.types.Authorities; import eu.eudat.types.MetricNames; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -46,6 +48,7 @@ import org.w3c.dom.NodeList; import jakarta.activation.MimetypesFileTypeMap; import jakarta.transaction.Transactional; +import javax.management.InvalidApplicationException; import javax.xml.transform.OutputKeys; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerException; @@ -73,9 +76,11 @@ public class DatasetProfileManager { private final MetricsManager metricsManager; private final RemoteFetcher remoteFetcher; private final DescriptionTemplateTypeService descriptionTemplateTypeService; + private final AuthorizationService authorizationService; + private final UserScope userScope; @Autowired - public DatasetProfileManager(ApiContext apiContext, Environment environment, ConfigLoader configLoader, MetricsManager metricsManager, RemoteFetcher remoteFetcher, DescriptionTemplateTypeService descriptionTemplateTypeService) { + public DatasetProfileManager(ApiContext apiContext, Environment environment, ConfigLoader configLoader, MetricsManager metricsManager, RemoteFetcher remoteFetcher, DescriptionTemplateTypeService descriptionTemplateTypeService, AuthorizationService authorizationService, UserScope userScope) { this.apiContext = apiContext; this.databaseRepository = apiContext.getOperationsContext().getDatabaseRepository(); this.environment = environment; @@ -83,10 +88,12 @@ public class DatasetProfileManager { this.metricsManager = metricsManager; this.descriptionTemplateTypeService = descriptionTemplateTypeService; this.remoteFetcher = remoteFetcher; + this.authorizationService = authorizationService; + this.userScope = userScope; } @Transactional - public eu.eudat.models.data.admin.composite.DatasetProfile getDatasetProfile(String id) { + public eu.eudat.models.data.admin.composite.DatasetProfile getDatasetProfile(String id) throws InvalidApplicationException { DescriptionTemplate profile = apiContext.getOperationsContext().getDatabaseRepository().getDatasetProfileDao().find(UUID.fromString(id)); eu.eudat.models.data.admin.composite.DatasetProfile datasetprofile = AdminManager.generateDatasetProfileModel(profile); datasetprofile.setLabel(profile.getLabel()); @@ -99,35 +106,35 @@ public class DatasetProfileManager { return datasetprofile; } - public List getWithCriteria(DatasetProfileAutocompleteRequest datasetProfileAutocompleteRequest) throws IllegalAccessException, InstantiationException { + public List getWithCriteria(DatasetProfileAutocompleteRequest datasetProfileAutocompleteRequest) throws IllegalAccessException, InstantiationException, InvalidApplicationException { QueryableList items = databaseRepository.getDatasetProfileDao().getWithCriteria(datasetProfileAutocompleteRequest.getCriteria()); QueryableList pagedItems = datasetProfileAutocompleteRequest.applyPaging(items); List datasetProfiles = pagedItems.select(item -> new DatasetProfileAutocompleteItem().fromDataModel(item)); return datasetProfiles; } - public DescriptionTemplate clone(String id) { + public DescriptionTemplate clone(String id) throws InvalidApplicationException { DescriptionTemplate profile = apiContext.getOperationsContext().getDatabaseRepository().getDatasetProfileDao().find(UUID.fromString(id)); apiContext.getOperationsContext().getDatabaseRepository().detachEntity(profile); profile.setId(null); return profile; } - public DataTableData getPaged(DatasetProfileTableRequestItem datasetProfileTableRequestItem, Principal principal) throws Exception { + public DataTableData getPaged(DatasetProfileTableRequestItem datasetProfileTableRequestItem) throws Exception { QueryableList items = apiContext.getOperationsContext().getDatabaseRepository().getDatasetProfileDao().getWithCriteria(datasetProfileTableRequestItem.getCriteria()); QueryableList authItems = null; - if (principal.getAuthz().contains(Authorities.ADMIN)) { + if (this.authorizationService.authorize(Permission.AdminRole)) { authItems = items; - } else if (principal.getAuthz().contains(Authorities.DATASET_PROFILE_MANAGER)) { + } else if (this.authorizationService.authorize(Permission.DatasetProfileManagerRole)) { List roles = Arrays.asList(0, 1); - authItems = apiContext.getOperationsContext().getDatabaseRepository().getDatasetProfileDao().getAuthenticated(items, principal.getId(), roles); + authItems = apiContext.getOperationsContext().getDatabaseRepository().getDatasetProfileDao().getAuthenticated(items, this.userScope.getUserId(), roles); } QueryableList pagedItems = PaginationManager.applyPaging(authItems, datasetProfileTableRequestItem); List datasetProfiles = pagedItems.select(item -> new DatasetProfileListingModel().fromDataModel(item)); return apiContext.getOperationsContext().getBuilderFactory().getBuilder(DataTableDataBuilder.class).data(datasetProfiles).totalCount(items.count()).build(); } - public List getAll(DatasetProfileTableRequestItem tableRequestItem) throws IllegalAccessException, InstantiationException { + public List getAll(DatasetProfileTableRequestItem tableRequestItem) throws IllegalAccessException, InstantiationException, InvalidApplicationException { QueryableList items = databaseRepository.getDatasetProfileDao().getWithCriteria(tableRequestItem.getCriteria()); List datasetProfiles = items.select(item -> new DatasetProfileListingModel().fromDataModel(item)); @@ -385,8 +392,13 @@ public class DatasetProfileManager { .forEach(userInfoListingModel -> { UserDatasetProfile userDatasetProfile1 = new UserDatasetProfile(); userDatasetProfile1.setDatasetProfile(entity); - UserInfo userInfo1 = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(userInfoListingModel.getId()); - userDatasetProfile1.setUser(userInfo1); + UserInfo userInfo1 = null; + try { + userInfo1 = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(userInfoListingModel.getId()); + } catch (InvalidApplicationException e) { + throw new RuntimeException(e); + } + userDatasetProfile1.setUser(userInfo1); userDatasetProfile1.setRole(1); apiContext.getOperationsContext().getDatabaseRepository().getUserDatasetProfileDao().createOrUpdate(userDatasetProfile1); sendJoinMail(userDatasetProfile1); @@ -450,7 +462,7 @@ public class DatasetProfileManager { return filteredSemantics; } - public void addSemanticsInDatasetProfiles() throws XPathExpressionException { + public void addSemanticsInDatasetProfiles() throws XPathExpressionException, InvalidApplicationException { List ids = this.databaseRepository.getDatasetProfileDao().getAllIds(); for(DescriptionTemplate dp: ids){ DescriptionTemplate descriptionTemplate = this.databaseRepository.getDatasetProfileDao().find(dp.getId()); @@ -476,7 +488,7 @@ public class DatasetProfileManager { } } - public void addRdaInSemanticsInDatasetProfiles() throws XPathExpressionException { + public void addRdaInSemanticsInDatasetProfiles() throws XPathExpressionException, InvalidApplicationException { List ids = this.databaseRepository.getDatasetProfileDao().getAllIds(); for(DescriptionTemplate dp: ids){ DescriptionTemplate descriptionTemplate = this.databaseRepository.getDatasetProfileDao().find(dp.getId()); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DatasetWizardManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DatasetWizardManager.java index 10c4a6694..3f8b2e168 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DatasetWizardManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DatasetWizardManager.java @@ -1,5 +1,6 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.dao.criteria.DatasetProfileCriteria; import eu.eudat.data.dao.entities.DMPDao; import eu.eudat.data.dao.entities.DatasetProfileDao; @@ -14,9 +15,9 @@ import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.datasetwizard.DataManagentPlanListingModel; import eu.eudat.models.data.dmp.AssociatedProfile; import eu.eudat.models.data.dmp.DataManagementPlan; -import eu.eudat.models.data.security.Principal; import eu.eudat.queryable.QueryableList; +import javax.management.InvalidApplicationException; import java.io.IOException; import java.util.LinkedList; import java.util.List; @@ -26,15 +27,15 @@ import java.util.stream.Collectors; public class DatasetWizardManager { - public static List getUserDmps(DMPDao dmpRepository, DatasetWizardAutocompleteRequest datasetWizardAutocompleteRequest, Principal principal) throws InstantiationException, IllegalAccessException { + public static List getUserDmps(DMPDao dmpRepository, DatasetWizardAutocompleteRequest datasetWizardAutocompleteRequest, UserScope userScope) throws InstantiationException, IllegalAccessException, InvalidApplicationException { UserInfo userInfo = new UserInfo(); - userInfo.setId(principal.getId()); + userInfo.setId(userScope.getUserId()); QueryableList items = dmpRepository.getUserDmps(datasetWizardAutocompleteRequest.getCriteria(), userInfo); List dataManagementPlans = items.select(item -> new DataManagentPlanListingModel().fromDataModel(item)); return dataManagementPlans; } - public static List getAvailableProfiles(DMPDao dmpRepository, DatasetProfileDao profileDao, DatasetProfileWizardAutocompleteRequest datasetProfileWizardAutocompleteRequest) throws InstantiationException, IllegalAccessException { + public static List getAvailableProfiles(DMPDao dmpRepository, DatasetProfileDao profileDao, DatasetProfileWizardAutocompleteRequest datasetProfileWizardAutocompleteRequest) throws InstantiationException, IllegalAccessException, InvalidApplicationException { DataManagementPlan dataManagementPlan = new DataManagementPlan().fromDataModel(dmpRepository.find(datasetProfileWizardAutocompleteRequest.getCriteria().getId())); if (dataManagementPlan.getProfiles() == null || dataManagementPlan.getProfiles().isEmpty()) { return new LinkedList<>(); @@ -49,7 +50,7 @@ public class DatasetWizardManager { return profiles; } - public void unlock(ApiContext apiContext, UUID uuid) throws DatasetWizardCannotUnlockException { + public void unlock(ApiContext apiContext, UUID uuid) throws DatasetWizardCannotUnlockException, InvalidApplicationException { Dataset dataset = apiContext.getOperationsContext().getDatabaseRepository().getDatasetDao().find(uuid); if(dataset.getDmp().getStatus() == DMP.DMPStatus.FINALISED.getValue()) throw new DatasetWizardCannotUnlockException("To perform this action you will need to revert DMP's finalisation"); dataset.setStatus(Dataset.Status.SAVED.getValue()); @@ -57,7 +58,7 @@ public class DatasetWizardManager { return; } - public void delete(ApiContext apiContext, UUID uuid) throws IOException { + public void delete(ApiContext apiContext, UUID uuid) throws IOException, InvalidApplicationException { Dataset oldDataset = apiContext.getOperationsContext().getDatabaseRepository().getDatasetDao().find(uuid); eu.eudat.elastic.entities.Dataset oldDatasetElasitc = apiContext.getOperationsContext().getElasticRepository().getDatasetRepository().findDocument(uuid.toString()); oldDataset.setStatus(Dataset.Status.DELETED.getValue()); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DepositManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DepositManager.java index fa8e20d42..cd6bc439e 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DepositManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DepositManager.java @@ -5,7 +5,6 @@ import eu.eudat.depositinterface.repository.RepositoryDepositConfiguration; import eu.eudat.models.data.doi.DepositRequest; import eu.eudat.models.data.doi.Doi; import eu.eudat.models.data.doi.RepositoryConfig; -import eu.eudat.models.data.security.Principal; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -51,8 +50,8 @@ public class DepositManager { return null; } - public Doi deposit(DepositRequest depositRequest, Principal principal) throws Exception { - return this.dataManagementPlanManager.createDoi(depositRequest, principal); + public Doi deposit(DepositRequest depositRequest) throws Exception { + return this.dataManagementPlanManager.createDoi(depositRequest); } public String getRepositoryLogo(String repositoryId){ diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/EmailConfirmationManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/EmailConfirmationManager.java index abea79456..c27e95c6b 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/EmailConfirmationManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/EmailConfirmationManager.java @@ -1,5 +1,6 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.CredentialEntity; import eu.eudat.data.old.EmailConfirmation; import eu.eudat.data.old.UserInfo; @@ -7,10 +8,10 @@ import eu.eudat.exceptions.emailconfirmation.HasConfirmedEmailException; import eu.eudat.exceptions.emailconfirmation.TokenExpiredException; import eu.eudat.logic.services.ApiContext; import eu.eudat.logic.services.operations.DatabaseRepository; -import eu.eudat.models.data.security.Principal; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.Date; import java.util.UUID; @@ -18,14 +19,16 @@ import java.util.UUID; public class EmailConfirmationManager { private ApiContext apiContext; private DatabaseRepository databaseRepository; + private final UserScope userScope; @Autowired - public EmailConfirmationManager(ApiContext apiContext) { + public EmailConfirmationManager(ApiContext apiContext, UserScope userScope) { this.apiContext = apiContext; this.databaseRepository = apiContext.getOperationsContext().getDatabaseRepository(); + this.userScope = userScope; } - public void confirmEmail(String token) throws TokenExpiredException, HasConfirmedEmailException { + public void confirmEmail(String token) throws TokenExpiredException, HasConfirmedEmailException, InvalidApplicationException { EmailConfirmation loginConfirmationEmail = apiContext.getOperationsContext() .getDatabaseRepository().getLoginConfirmationEmailDao().asQueryable() .where((builder, root) -> builder.equal(root.get("token"), UUID.fromString(token))).getSingle(); @@ -65,8 +68,8 @@ public class EmailConfirmationManager { databaseRepository.getLoginConfirmationEmailDao().createOrUpdate(loginConfirmationEmail); } - public void sendConfirmationEmail(String email, Principal principal) throws HasConfirmedEmailException { - UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); + public void sendConfirmationEmail(String email) throws HasConfirmedEmailException, InvalidApplicationException { + UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(this.userScope.getUserId()); if (user.getEmail() != null) throw new HasConfirmedEmailException("User already has confirmed his Email."); @@ -74,11 +77,11 @@ public class EmailConfirmationManager { databaseRepository.getLoginConfirmationEmailDao(), apiContext.getUtilitiesService().getMailService(), email, - principal.getId() + this.userScope.getUserId() ); } - private void mergeNewUserToOld(UserInfo newUser, UserInfo oldUser) { + private void mergeNewUserToOld(UserInfo newUser, UserInfo oldUser) throws InvalidApplicationException { CredentialEntity credential = databaseRepository.getCredentialDao().asQueryable().where((builder, root) -> builder.equal(root.get("userId"), newUser.getId())).getSingle(); credential.setUserId(oldUser.getId()); databaseRepository.getCredentialDao().createOrUpdate(credential); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ExternalDatasetManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ExternalDatasetManager.java index 185fa8563..4261d450f 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ExternalDatasetManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ExternalDatasetManager.java @@ -2,6 +2,7 @@ package eu.eudat.logic.managers; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.old.ExternalDataset; import eu.eudat.logic.builders.model.criteria.ExternalDatasetCriteriaBuilder; import eu.eudat.logic.builders.model.models.DataTableDataBuilder; @@ -14,12 +15,12 @@ import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.proxy.fetching.RemoteFetcher; -import eu.eudat.models.data.security.Principal; import eu.eudat.queryable.QueryableList; import eu.eudat.logic.services.ApiContext; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -32,11 +33,13 @@ public class ExternalDatasetManager { private ApiContext apiContext; private DatabaseRepository databaseRepository; private RemoteFetcher remoteFetcher; + private final UserScope userScope; @Autowired - public ExternalDatasetManager(ApiContext apiContext) { + public ExternalDatasetManager(ApiContext apiContext, UserScope userScope) { this.apiContext = apiContext; this.databaseRepository = apiContext.getOperationsContext().getDatabaseRepository(); this.remoteFetcher = apiContext.getOperationsContext().getRemoteFetcher(); + this.userScope = userScope; } public DataTableData getPaged(ExternalDatasetTableRequest externalDatasetTableRequest) throws Exception { @@ -46,10 +49,10 @@ public class ExternalDatasetManager { return apiContext.getOperationsContext().getBuilderFactory().getBuilder(DataTableDataBuilder.class).data(externalDatasetListingmodels).totalCount(items.count()).build(); } - public List getWithExternal(String query, String type, Principal principal) throws HugeResultSet, NoURLFound { + public List getWithExternal(String query, String type) throws HugeResultSet, NoURLFound, InvalidApplicationException { // Fetch the local saved external Datasets that belong to the user. ExternalDatasetCriteria criteria = apiContext.getOperationsContext().getBuilderFactory().getBuilder(ExternalDatasetCriteriaBuilder.class).like(query).build(); - criteria.setCreationUserId(principal.getId()); + criteria.setCreationUserId(this.userScope.getUserId()); QueryableList items = apiContext.getOperationsContext().getDatabaseRepository().getExternalDatasetDao().getWithCriteria(criteria); // Fetch external Datasets from external sources. @@ -69,16 +72,16 @@ public class ExternalDatasetManager { return externalDatasets; } - public ExternalDatasetListingModel getSingle(UUID id) throws HugeResultSet, NoURLFound, InstantiationException, IllegalAccessException { + public ExternalDatasetListingModel getSingle(UUID id) throws HugeResultSet, NoURLFound, InstantiationException, IllegalAccessException, InvalidApplicationException { ExternalDataset externalDataset = databaseRepository.getExternalDatasetDao().find(id); ExternalDatasetListingModel externalDatasetModel = new ExternalDatasetListingModel(); externalDatasetModel.fromDataModel(externalDataset); return externalDatasetModel; } - public ExternalDataset create(eu.eudat.models.data.externaldataset.ExternalDatasetModel externalDatasetModel, Principal principal) throws Exception { + public ExternalDataset create(eu.eudat.models.data.externaldataset.ExternalDatasetModel externalDatasetModel) throws Exception { ExternalDataset externalDataset = externalDatasetModel.toDataModel(); - externalDataset.getCreationUser().setId(principal.getId()); + externalDataset.getCreationUser().setId(this.userScope.getUserId()); return apiContext.getOperationsContext().getDatabaseRepository().getExternalDatasetDao().createOrUpdate(externalDataset); } } diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/FileManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/FileManager.java index 2e60d4473..a5f3f79f2 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/FileManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/FileManager.java @@ -10,6 +10,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.env.Environment; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.io.File; import java.io.IOException; import java.nio.file.Files; @@ -59,19 +60,19 @@ public class FileManager { databaseRepository.getFileUploadDao().createOrUpdate(fileUpload); } - public List getFileUploadsForEntityId(String entityId) { + public List getFileUploadsForEntityId(String entityId) throws InvalidApplicationException { return databaseRepository.getFileUploadDao().asQueryable() .where((builder, root) -> builder.equal(root.get("entityId"), entityId)).toList(); } - public List getCurrentFileUploadsForEntityId(UUID entityId) { + public List getCurrentFileUploadsForEntityId(UUID entityId) throws InvalidApplicationException { return databaseRepository.getFileUploadDao().asQueryable() .where((builder, root) -> builder.and( builder.equal(root.get("entityId"), entityId), builder.equal(root.get("isDeleted"), false))).toList(); } - public void markAllFilesOfEntityIdAsDeleted(UUID entityId) { + public void markAllFilesOfEntityIdAsDeleted(UUID entityId) throws InvalidApplicationException { List fileUploads = this.getCurrentFileUploadsForEntityId(entityId); fileUploads.forEach(fileUpload -> { this.markOldFileAsDeleted(fileUpload); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/FunderManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/FunderManager.java index e724d3044..de6335a8d 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/FunderManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/FunderManager.java @@ -1,5 +1,6 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.old.UserInfo; import eu.eudat.data.query.items.item.funder.FunderCriteriaRequest; import eu.eudat.logic.builders.model.models.FunderBuilder; @@ -12,10 +13,10 @@ import eu.eudat.logic.utilities.helpers.ListHelper; import eu.eudat.models.data.external.ExternalSourcesItemModel; import eu.eudat.models.data.external.FundersExternalSourcesModel; import eu.eudat.models.data.funder.Funder; -import eu.eudat.models.data.security.Principal; import eu.eudat.queryable.QueryableList; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.Comparator; import java.util.List; import java.util.Map; @@ -27,16 +28,18 @@ public class FunderManager { private ApiContext apiContext; private RemoteFetcher remoteFetcher; private ListHelper listHelper; + private final UserScope userScope; - public FunderManager(ApiContext apiContext, RemoteFetcher remoteFetcher, ListHelper listHelper) { + public FunderManager(ApiContext apiContext, RemoteFetcher remoteFetcher, ListHelper listHelper, UserScope userScope) { this.apiContext = apiContext; this.remoteFetcher = remoteFetcher; this.listHelper = listHelper; + this.userScope = userScope; } - public List getCriteriaWithExternal(FunderCriteriaRequest funderCriteria, Principal principal) throws HugeResultSet, NoURLFound { + public List getCriteriaWithExternal(FunderCriteriaRequest funderCriteria) throws HugeResultSet, NoURLFound, InvalidApplicationException { UserInfo userInfo = new UserInfo(); - userInfo.setId(principal.getId()); + userInfo.setId(this.userScope.getUserId()); funderCriteria.getCriteria().setReference("dmp:"); QueryableList items = apiContext.getOperationsContext().getDatabaseRepository().getFunderDao().getWithCritetia(funderCriteria.getCriteria()); QueryableList authItems = apiContext.getOperationsContext().getDatabaseRepository().getFunderDao().getAuthenticated(items, userInfo); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/GrantManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/GrantManager.java index 7e56d7169..1f9e7d7a5 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/GrantManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/GrantManager.java @@ -1,5 +1,6 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.old.UserInfo; import eu.eudat.data.query.items.table.grant.GrantTableRequest; import eu.eudat.exceptions.grant.GrantWithDMPsDeleteException; @@ -15,7 +16,6 @@ import eu.eudat.models.data.grant.Grant; import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.data.query.items.item.grant.GrantCriteriaRequest; import eu.eudat.models.data.grant.GrantListingModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.proxy.fetching.RemoteFetcher; @@ -23,6 +23,7 @@ import eu.eudat.queryable.QueryableList; import eu.eudat.logic.services.ApiContext; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.Comparator; import java.util.List; import java.util.Map; @@ -38,18 +39,20 @@ public class GrantManager { // private FileStorageService fileStorageService; private RemoteFetcher remoteFetcher; private ListHelper listHelper; + private final UserScope userScope; - public GrantManager(ApiContext apiContext, ListHelper listHelper) { + public GrantManager(ApiContext apiContext, ListHelper listHelper, UserScope userScope) { this.apiContext = apiContext; this.databaseRepository = apiContext.getOperationsContext().getDatabaseRepository(); // this.fileStorageService = apiContext.getOperationsContext().getFileStorageService(); this.remoteFetcher = apiContext.getOperationsContext().getRemoteFetcher(); this.listHelper = listHelper; + this.userScope = userScope; } - public DataTableData getPaged(GrantTableRequest grantTableRequest, Principal principal, String fieldsGroup) throws Exception { + public DataTableData getPaged(GrantTableRequest grantTableRequest, String fieldsGroup) throws Exception { UserInfo userInfo = new UserInfo(); - userInfo.setId(principal.getId()); + userInfo.setId(this.userScope.getUserId()); GrantDao grantRepository = databaseRepository.getGrantDao(); QueryableList items = grantRepository.getWithCriteria(grantTableRequest.getCriteria()); QueryableList authItems = grantRepository.getAuthenticated(items, userInfo); @@ -90,7 +93,7 @@ public class GrantManager { return dataTable; } - public eu.eudat.models.data.grant.Grant getSingle(String id) throws InstantiationException, IllegalAccessException { + public eu.eudat.models.data.grant.Grant getSingle(String id) throws InstantiationException, IllegalAccessException, InvalidApplicationException { eu.eudat.models.data.grant.Grant grant = new eu.eudat.models.data.grant.Grant(); grant.fromDataModel(databaseRepository.getGrantDao().find(UUID.fromString(id))); return grant; @@ -104,9 +107,9 @@ public class GrantManager { return grant; }*/ - public List getCriteriaWithExternal(GrantCriteriaRequest grantCriteria, Principal principal) throws HugeResultSet, NoURLFound { + public List getCriteriaWithExternal(GrantCriteriaRequest grantCriteria) throws HugeResultSet, NoURLFound, InvalidApplicationException { UserInfo userInfo = new UserInfo(); - userInfo.setId(principal.getId()); + userInfo.setId(this.userScope.getUserId()); /*if (grantCriteria.getCriteria().getFunderReference() != null && !grantCriteria.getCriteria().getFunderReference().trim().isEmpty()) { FunderCriteria funderCriteria = new FunderCriteria(); funderCriteria.setReference(grantCriteria.getCriteria().getFunderReference()); @@ -144,7 +147,7 @@ public class GrantManager { return grants; } - public List getCriteria(GrantCriteriaRequest grantCriteria) throws IllegalAccessException, InstantiationException, HugeResultSet, NoURLFound { + public List getCriteria(GrantCriteriaRequest grantCriteria) throws IllegalAccessException, InstantiationException, HugeResultSet, NoURLFound, InvalidApplicationException { GrantDao grantRepository = databaseRepository.getGrantDao(); QueryableList items = grantRepository.getWithCriteria(grantCriteria.getCriteria()); if (grantCriteria.getLength() != null) items.take(grantCriteria.getLength()); @@ -175,7 +178,7 @@ public class GrantManager { databaseRepository.getGrantDao().createOrUpdate(grantEntity); }*/ - public void delete(UUID uuid) { + public void delete(UUID uuid) throws InvalidApplicationException { eu.eudat.data.old.Grant oldGrant = apiContext.getOperationsContext().getDatabaseRepository().getGrantDao().find(uuid); if (oldGrant.getDmps().size() > 0) throw new GrantWithDMPsDeleteException("You cannot Remove Grants with DMPs"); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/InvitationsManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/InvitationsManager.java index 6c68b8e80..78a57f187 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/InvitationsManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/InvitationsManager.java @@ -1,5 +1,6 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.old.DMP; import eu.eudat.data.old.UserDMP; import eu.eudat.data.old.UserInfo; @@ -9,7 +10,6 @@ import eu.eudat.logic.services.ApiContext; import eu.eudat.logic.utilities.helpers.StreamDistinctBy; import eu.eudat.models.data.invitation.Invitation; import eu.eudat.models.data.invitation.Properties; -import eu.eudat.models.data.security.Principal; import eu.eudat.models.data.userinfo.UserInfoInvitationModel; import eu.eudat.queryable.QueryableList; import org.springframework.beans.factory.annotation.Autowired; @@ -18,6 +18,8 @@ import org.springframework.stereotype.Component; import jakarta.xml.bind.JAXBContext; import jakarta.xml.bind.JAXBException; import jakarta.xml.bind.Unmarshaller; + +import javax.management.InvalidApplicationException; import java.io.IOException; import java.io.StringReader; import java.util.*; @@ -29,19 +31,26 @@ public class InvitationsManager { private ApiContext apiContext; private DataManagementPlanManager dataManagementPlanManager; + private final UserScope userScope; @Autowired - public InvitationsManager(ApiContext apiContext, DataManagementPlanManager dataManagementPlanManager) { + public InvitationsManager(ApiContext apiContext, DataManagementPlanManager dataManagementPlanManager, UserScope userScope) { this.apiContext = apiContext; this.dataManagementPlanManager = dataManagementPlanManager; + this.userScope = userScope; } - public void inviteUsers(Invitation invitation, Principal principal) throws Exception { + public void inviteUsers(Invitation invitation) throws Exception { UserInfo principalUser = new UserInfo(); - principalUser.setId(principal.getId()); + principalUser.setId(this.userScope.getUserIdSafe()); invitation.getUsers().stream().filter(item -> item.getId() == null).forEach(item -> { - UserInfo existingUser = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().asQueryable().where((builder, root) -> builder.equal(root.get("email"), item.getEmail())).getSingleOrDefault(); - if (existingUser != null) { + UserInfo existingUser = null; + try { + existingUser = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().asQueryable().where((builder, root) -> builder.equal(root.get("email"), item.getEmail())).getSingleOrDefault(); + } catch (InvalidApplicationException e) { + throw new RuntimeException(e); + } + if (existingUser != null) { item.setId(existingUser.getId()); } }); @@ -65,7 +74,7 @@ public class InvitationsManager { apiContext.getUtilitiesService().getInvitationService().assignToDmp(apiContext.getOperationsContext().getDatabaseRepository().getDmpDao(), userInfoToUserDmp, dataManagementPlan); } - public List getUsers(Principal principal) throws InstantiationException, IllegalAccessException { + public List getUsers() throws InstantiationException, IllegalAccessException, InvalidApplicationException { /*UserInfo principalUser = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); List users = apiContext.getOperationsContext().getDatabaseRepository().getUserAssociationDao().getAssociated(principalUser).stream().map(userAssociation -> { if (userAssociation.getFirstUser().getId().equals(principal.getId())) { @@ -76,20 +85,20 @@ public class InvitationsManager { }).collect(Collectors.toList());*/ List users = apiContext.getOperationsContext().getDatabaseRepository().getDmpDao() .getAuthenticated(apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().asQueryable() - .where(((builder, root) -> builder.notEqual(root.get("status"), DMP.DMPStatus.DELETED.getValue()))), principal.getId(), Stream.of(0, 1).collect(Collectors.toList())) + .where(((builder, root) -> builder.notEqual(root.get("status"), DMP.DMPStatus.DELETED.getValue()))), this.userScope.getUserId(), Stream.of(0, 1).collect(Collectors.toList())) .toList().stream().map(DMP::getUsers).flatMap(Collection::stream).map(UserDMP::getUser) - .filter(userInfo -> !userInfo.getId().equals(principal.getId())).filter(StreamDistinctBy.distinctByKey(UserInfo::getId)).collect(Collectors.toList()); + .filter(userInfo -> !userInfo.getId().equals(this.userScope.getUserIdSafe())).filter(StreamDistinctBy.distinctByKey(UserInfo::getId)).collect(Collectors.toList()); List userModels = users.stream().map(userInfo -> new UserInfoInvitationModel().fromDataModel(userInfo)).collect(Collectors.toList()); return userModels; } - public List getUsersWithCriteria(Principal principal, UserInfoRequestItem userInfoRequestItem) throws IllegalAccessException, InstantiationException { + public List getUsersWithCriteria(UserInfoRequestItem userInfoRequestItem) throws IllegalAccessException, InstantiationException, InvalidApplicationException { List users = apiContext.getOperationsContext().getDatabaseRepository().getDmpDao() .getAuthenticated(apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().asQueryable() .where(((builder, root) -> - builder.notEqual(root.get("status"), DMP.DMPStatus.DELETED.getValue()))), principal.getId(), Stream.of(0, 1).collect(Collectors.toList())) + builder.notEqual(root.get("status"), DMP.DMPStatus.DELETED.getValue()))), this.userScope.getUserId(), Stream.of(0, 1).collect(Collectors.toList())) .toList().stream().map(DMP::getUsers).flatMap(Collection::stream).map(UserDMP::getUser) - .filter(userInfo -> !userInfo.getId().equals(principal.getId())).filter(StreamDistinctBy.distinctByKey(UserInfo::getId)) + .filter(userInfo -> !userInfo.getId().equals(this.userScope.getUserIdSafe())).filter(StreamDistinctBy.distinctByKey(UserInfo::getId)) .filter(userInfo -> (userInfoRequestItem == null || userInfoRequestItem.getCriteria() == null || userInfoRequestItem.getCriteria().getLike() == null || userInfo.getName().toLowerCase().contains(userInfoRequestItem.getCriteria().getLike().toLowerCase()) || (userInfo.getEmail().toLowerCase().contains(userInfoRequestItem.getCriteria().getLike().toLowerCase())))) @@ -100,7 +109,7 @@ public class InvitationsManager { return userModels; } - public UUID assignUserAcceptedInvitation(UUID invitationID, Principal principal) throws UnauthorisedException, JAXBException, IOException { + public UUID assignUserAcceptedInvitation(UUID invitationID) throws UnauthorisedException, JAXBException, IOException, InvalidApplicationException { eu.eudat.data.old.Invitation invitation = apiContext.getOperationsContext().getDatabaseRepository().getInvitationDao().find(invitationID); if (invitation == null) throw new UnauthorisedException("There is no Data Management Plan assigned to this Link"); @@ -108,7 +117,7 @@ public class InvitationsManager { JAXBContext context = JAXBContext.newInstance(Properties.class); Unmarshaller unmarshaller = context.createUnmarshaller(); Properties properties = (Properties) unmarshaller.unmarshal(new StringReader(invitation.getProperties())); - UserInfo invitedUser = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); + UserInfo invitedUser = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(this.userScope.getUserId()); QueryableList userDMPQueryableList = apiContext.getOperationsContext().getDatabaseRepository().getUserDmpDao().asQueryable().where(((builder, root) -> builder.and(builder.equal(root.get("dmp").get("id"), invitation.getDmp().getId()), builder.equal(root.get("user").get("id"), invitedUser.getId())))); UserDMP existingUserDMP = userDMPQueryableList.getSingleOrDefault(); if (existingUserDMP != null) { diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/LockManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/LockManager.java index 77a3f08b2..41e101f2e 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/LockManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/LockManager.java @@ -1,14 +1,16 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.dao.criteria.LockCriteria; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.lock.Lock; -import eu.eudat.models.data.security.Principal; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.env.Environment; import org.springframework.stereotype.Component; import jakarta.persistence.NoResultException; + +import javax.management.InvalidApplicationException; import java.util.Comparator; import java.util.Date; import java.util.List; @@ -20,19 +22,21 @@ public class LockManager { private ApiContext apiContext; private Environment environment; + private final UserScope userScope; @Autowired - public LockManager(ApiContext apiContext, Environment environment) { + public LockManager(ApiContext apiContext, Environment environment, UserScope userScope) { this.apiContext = apiContext; this.environment = environment; + this.userScope = userScope; } - public eu.eudat.data.old.Lock createOrUpdate(Lock lock, Principal principal) throws Exception { + public eu.eudat.data.old.Lock createOrUpdate(Lock lock) throws Exception { if (lock.getId() != null) { try { eu.eudat.data.old.Lock entity = this.apiContext.getOperationsContext().getDatabaseRepository().getLockDao().find(lock.getId()); if (entity != null) { - if (!entity.getLockedBy().getId().equals(principal.getId())) { + if (!entity.getLockedBy().getId().equals(this.userScope.getUserId())) { throw new Exception("Is not locked by that user"); } } @@ -46,26 +50,26 @@ public class LockManager { return newLock; } - public boolean isLocked(String targetId, Principal principal) throws Exception { + public boolean isLocked(String targetId) throws Exception { LockCriteria criteria = new LockCriteria(); criteria.setTarget(UUID.fromString(targetId)); Long availableLocks = this.apiContext.getOperationsContext().getDatabaseRepository().getLockDao().getWithCriteria(criteria).count(); if (availableLocks == 1) { eu.eudat.data.old.Lock lock = this.apiContext.getOperationsContext().getDatabaseRepository().getLockDao().getWithCriteria(criteria).getSingle(); - if (lock.getLockedBy().getId().equals(principal.getId())) { + if (lock.getLockedBy().getId().equals(this.userScope.getUserId())) { lock.setTouchedAt(new Date()); - this.createOrUpdate(new Lock().fromDataModel(lock), principal); + this.createOrUpdate(new Lock().fromDataModel(lock)); return false; } return this.forceUnlock(targetId) > 0; } else if (availableLocks > 1) { this.forceUnlock(targetId); - return this.isLocked(targetId, principal); + return this.isLocked(targetId); } return false; } - private Long forceUnlock(String targetId) { + private Long forceUnlock(String targetId) throws InvalidApplicationException { LockCriteria criteria = new LockCriteria(); criteria.setTarget(UUID.fromString(targetId)); Long availableLocks = this.apiContext.getOperationsContext().getDatabaseRepository().getLockDao().getWithCriteria(criteria).count(); @@ -91,29 +95,29 @@ public class LockManager { return availableLocks - deletedLocks; } - public void unlock(String targetId, Principal principal) throws Exception { + public void unlock(String targetId) throws Exception { LockCriteria criteria = new LockCriteria(); criteria.setTarget(UUID.fromString(targetId)); Long availableLocks = this.apiContext.getOperationsContext().getDatabaseRepository().getLockDao().getWithCriteria(criteria).count(); if (availableLocks == 1) { eu.eudat.data.old.Lock lock = this.apiContext.getOperationsContext().getDatabaseRepository().getLockDao().getWithCriteria(criteria).getSingle(); - if (!lock.getLockedBy().getId().equals(principal.getId())) { + if (!lock.getLockedBy().getId().equals(this.userScope.getUserId())) { throw new Exception("Only the user who created that lock can delete it"); } this.apiContext.getOperationsContext().getDatabaseRepository().getLockDao().delete(lock); } else if (availableLocks > 1) { List locks = this.apiContext.getOperationsContext().getDatabaseRepository().getLockDao().getWithCriteria(criteria).toList(); - locks.stream().filter(lock -> lock.getLockedBy().getId().equals(principal.getId())).forEach(lock -> this.apiContext.getOperationsContext().getDatabaseRepository().getLockDao().delete(lock)); + locks.stream().filter(lock -> lock.getLockedBy().getId().equals(this.userScope.getUserIdSafe())).forEach(lock -> this.apiContext.getOperationsContext().getDatabaseRepository().getLockDao().delete(lock)); } } - public Lock getFromTarget(String targetId, Principal principal) throws Exception { + public Lock getFromTarget(String targetId) throws Exception { LockCriteria criteria = new LockCriteria(); criteria.setTarget(UUID.fromString(targetId)); Long availableLocks = this.apiContext.getOperationsContext().getDatabaseRepository().getLockDao().getWithCriteria(criteria).count(); if (availableLocks > 0) { eu.eudat.data.old.Lock lock = this.apiContext.getOperationsContext().getDatabaseRepository().getLockDao().getWithCriteria(criteria).getSingle(); - if (!lock.getLockedBy().getId().equals(principal.getId())) { + if (!lock.getLockedBy().getId().equals(this.userScope.getUserId())) { throw new Exception("Only the user who created that lock can access it"); } return new Lock().fromDataModel(lock); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/MergeEmailConfirmationManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/MergeEmailConfirmationManager.java index 75fef69b8..efcf923f8 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/MergeEmailConfirmationManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/MergeEmailConfirmationManager.java @@ -1,5 +1,6 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.CredentialEntity; import eu.eudat.data.old.EmailConfirmation; import eu.eudat.data.old.UserDMP; @@ -12,8 +13,8 @@ import eu.eudat.exceptions.emailconfirmation.HasConfirmedEmailException; import eu.eudat.exceptions.emailconfirmation.TokenExpiredException; import eu.eudat.logic.services.ApiContext; import eu.eudat.logic.services.operations.DatabaseRepository; -import eu.eudat.models.data.security.Principal; +import eu.eudat.models.data.security.Principal; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -22,6 +23,8 @@ import org.springframework.stereotype.Component; import com.fasterxml.jackson.databind.ObjectMapper; import jakarta.transaction.Transactional; + +import javax.management.InvalidApplicationException; import java.io.IOException; import java.util.*; @@ -31,16 +34,18 @@ public class MergeEmailConfirmationManager { private ApiContext apiContext; private DatabaseRepository databaseRepository; private DmpRepository dmpRepository; + private final UserScope userScope; @Autowired - public MergeEmailConfirmationManager(ApiContext apiContext) { + public MergeEmailConfirmationManager(ApiContext apiContext, UserScope userScope) { this.apiContext = apiContext; this.databaseRepository = apiContext.getOperationsContext().getDatabaseRepository(); this.dmpRepository = apiContext.getOperationsContext().getElasticRepository().getDmpRepository(); + this.userScope = userScope; } @Transactional - public String confirmEmail(String token) throws TokenExpiredException, HasConfirmedEmailException { + public String confirmEmail(String token) throws TokenExpiredException, HasConfirmedEmailException, InvalidApplicationException { EmailConfirmation loginConfirmationEmail = apiContext.getOperationsContext() .getDatabaseRepository().getLoginConfirmationEmailDao().asQueryable() .where((builder, root) -> builder.equal(root.get("token"), UUID.fromString(token))).getSingle(); @@ -69,7 +74,7 @@ public class MergeEmailConfirmationManager { return userToBeMergedEmail; } - public void sendConfirmationEmail(String email, Principal principal, UUID userId, Integer provider) throws HasConfirmedEmailException { + public void sendConfirmationEmail(String email, Principal principal, UUID userId, Integer provider) throws HasConfirmedEmailException, InvalidApplicationException { UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); if (user.getEmail() != null && !user.getEmail().equals(email)) { @@ -85,7 +90,7 @@ public class MergeEmailConfirmationManager { } @Transactional - private void mergeNewUserToOld(UserInfo newUser, UserInfo oldUser, Integer provider) { + private void mergeNewUserToOld(UserInfo newUser, UserInfo oldUser, Integer provider) throws InvalidApplicationException { CredentialEntity credential = databaseRepository.getCredentialDao().asQueryable().where((builder, root) -> builder.and(builder.equal(root.get("userId"), oldUser.getId()), builder.equal(root.get("provider"), provider))).getSingle(); credential.setUserId(newUser.getId()); databaseRepository.getCredentialDao().createOrUpdate(credential); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/MetricsManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/MetricsManager.java index e1ed24361..f145af3db 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/MetricsManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/MetricsManager.java @@ -15,6 +15,8 @@ import org.springframework.stereotype.Component; import jakarta.annotation.PostConstruct; import jakarta.transaction.Transactional; + +import javax.management.InvalidApplicationException; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; @@ -124,7 +126,7 @@ public class MetricsManager { @PostConstruct @Transactional @Scheduled(initialDelay = 1000 * 60 * 60, fixedDelay = 1000 * 60 * 60) - public void init() throws IOException { + public void init() throws IOException, InvalidApplicationException { logger.info("Start calculating Metrics"); calculateValue(MetricNames.DMP, (int) countAllDraftDMPs(), MetricNames.DRAFT); calculateValue(MetricNames.DMP, (int) countAllFinalizedDMPs(), MetricNames.FINALIZED); @@ -199,33 +201,33 @@ public class MetricsManager { return Date.from(LocalDate.of(2021, 1, 1).atStartOfDay(ZoneId.systemDefault()).toInstant()); } - private long countAllDraftDMPs(){ + private long countAllDraftDMPs() throws InvalidApplicationException { return countAllDraftDMPs(false); } - private long countAllDraftDMPs(boolean countNexus) { + private long countAllDraftDMPs(boolean countNexus) throws InvalidApplicationException { DataManagementPlanCriteria criteria = new DataManagementPlanCriteria(); criteria.setStatus(0); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().getWithCriteria(criteria).count(); } - private long countAllFinalizedDMPs() { + private long countAllFinalizedDMPs() throws InvalidApplicationException { return countAllFinalizedDMPs(false); } - private long countAllFinalizedDMPs(boolean countNexus) { + private long countAllFinalizedDMPs(boolean countNexus) throws InvalidApplicationException { DataManagementPlanCriteria criteria = new DataManagementPlanCriteria(); criteria.setStatus(1); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().getWithCriteria(criteria).count(); } - private long countAllPublishedDMPs() { + private long countAllPublishedDMPs() throws InvalidApplicationException { return countAllPublishedDMPs(false); } - private long countAllPublishedDMPs(boolean countNexus) { + private long countAllPublishedDMPs(boolean countNexus) throws InvalidApplicationException { DataManagementPlanCriteria criteria = new DataManagementPlanCriteria(); criteria.setIsPublic(true); criteria.setOnlyPublic(true); @@ -233,44 +235,44 @@ public class MetricsManager { return apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().getWithCriteria(criteria).count(); } - private long countAllDoiedDMPs() { + private long countAllDoiedDMPs() throws InvalidApplicationException { return countAllDoiedDMPs(false); } - private long countAllDoiedDMPs(boolean countNexus) { + private long countAllDoiedDMPs(boolean countNexus) throws InvalidApplicationException { DataManagementPlanCriteria criteria = new DataManagementPlanCriteria(); criteria.setHasDoi(true); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().getWithCriteria(criteria).count(); } - private long countAllDraftDMPsWithGrantId() { + private long countAllDraftDMPsWithGrantId() throws InvalidApplicationException { return countAllDraftDMPsWithGrantId(false); } - private long countAllDraftDMPsWithGrantId(boolean countNexus) { + private long countAllDraftDMPsWithGrantId(boolean countNexus) throws InvalidApplicationException { DataManagementPlanCriteria criteria = new DataManagementPlanCriteria(); criteria.setStatus(0); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().getWithCriteria(criteria).groupBy((builder, root) -> root.get("grant")).count(); } - private long countAllFinalizedDMPsWithGrantId() { + private long countAllFinalizedDMPsWithGrantId() throws InvalidApplicationException { return countAllFinalizedDMPsWithGrantId(false); } - private long countAllFinalizedDMPsWithGrantId(boolean countNexus) { + private long countAllFinalizedDMPsWithGrantId(boolean countNexus) throws InvalidApplicationException { DataManagementPlanCriteria criteria = new DataManagementPlanCriteria(); criteria.setStatus(1); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().getWithCriteria(criteria).groupBy((builder, root) -> root.get("grant")).count(); } - private long countAllPublishedDMPsWithGrantId() { + private long countAllPublishedDMPsWithGrantId() throws InvalidApplicationException { return countAllPublishedDMPsWithGrantId(false); } - private long countAllPublishedDMPsWithGrantId(boolean countNexus) { + private long countAllPublishedDMPsWithGrantId(boolean countNexus) throws InvalidApplicationException { DataManagementPlanCriteria criteria = new DataManagementPlanCriteria(); criteria.setIsPublic(true); criteria.setOnlyPublic(true); @@ -278,117 +280,117 @@ public class MetricsManager { return apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().getWithCriteria(criteria).groupBy((builder, root) -> root.get("grant")).count(); } - private long countAllDoiedDMPsWithGrantId() { + private long countAllDoiedDMPsWithGrantId() throws InvalidApplicationException { return countAllDoiedDMPsWithGrantId(false); } - private long countAllDoiedDMPsWithGrantId(boolean countNexus) { + private long countAllDoiedDMPsWithGrantId(boolean countNexus) throws InvalidApplicationException { DataManagementPlanCriteria criteria = new DataManagementPlanCriteria(); criteria.setHasDoi(true); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().getWithCriteria(criteria).groupBy((builder, root) -> root.get("grant")).count(); } - private long countAllResearchers() { + private long countAllResearchers() throws InvalidApplicationException { return countAllResearchers(false); } - private long countAllResearchers(boolean countNexus) { + private long countAllResearchers(boolean countNexus) throws InvalidApplicationException { ResearcherCriteria criteria = new ResearcherCriteria(); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getResearcherDao().getWithCriteria(criteria).count(); } - private long countAllProjects() { + private long countAllProjects() throws InvalidApplicationException { return countAllProjects(false); } - private long countAllProjects(boolean countNexus) { + private long countAllProjects(boolean countNexus) throws InvalidApplicationException { ProjectCriteria criteria = new ProjectCriteria(); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getProjectDao().getWithCritetia(criteria).count(); } - private long countAllFunders() { + private long countAllFunders() throws InvalidApplicationException { return countAllFunders(false); } - private long countAllFunders(boolean countNexus) { + private long countAllFunders(boolean countNexus) throws InvalidApplicationException { FunderCriteria criteria = new FunderCriteria(); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getFunderDao().getWithCritetia(criteria).count(); } - private long countAllGrants() { + private long countAllGrants() throws InvalidApplicationException { return countAllGrants(false); } - private long countAllGrants(boolean countNexus) { + private long countAllGrants(boolean countNexus) throws InvalidApplicationException { GrantCriteria criteria = new GrantCriteria(); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getGrantDao().getWithCriteria(criteria).count(); } - public long countAllDraftDatasets() { + public long countAllDraftDatasets() throws InvalidApplicationException { return countAllDraftDatasets(false); } - public long countAllDraftDatasets(boolean countNexus) { + public long countAllDraftDatasets(boolean countNexus) throws InvalidApplicationException { eu.eudat.data.dao.criteria.DatasetCriteria criteria = new eu.eudat.data.dao.criteria.DatasetCriteria(); criteria.setStatus(0); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getDatasetDao().getWithCriteria(criteria).count(); } - public long countAllFinalizedDatasets() { + public long countAllFinalizedDatasets() throws InvalidApplicationException { return countAllFinalizedDatasets(false); } - public long countAllFinalizedDatasets(boolean countNexus) { + public long countAllFinalizedDatasets(boolean countNexus) throws InvalidApplicationException { eu.eudat.data.dao.criteria.DatasetCriteria criteria = new eu.eudat.data.dao.criteria.DatasetCriteria(); criteria.setStatus(1); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getDatasetDao().getWithCriteria(criteria).count(); } - public long countAllPublicDatasets() { + public long countAllPublicDatasets() throws InvalidApplicationException { return countAllPublicDatasets(false); } - public long countAllPublicDatasets(boolean countNexus) { + public long countAllPublicDatasets(boolean countNexus) throws InvalidApplicationException { eu.eudat.data.dao.criteria.DatasetCriteria criteria = new eu.eudat.data.dao.criteria.DatasetCriteria(); criteria.setIsPublic(true); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getDatasetDao().getWithCriteria(criteria).count(); } - public long countAllDatasetsWithDoi() { + public long countAllDatasetsWithDoi() throws InvalidApplicationException { return countAllDatasetsWithDoi(false); } - public long countAllDatasetsWithDoi(boolean countNexus) { + public long countAllDatasetsWithDoi(boolean countNexus) throws InvalidApplicationException { eu.eudat.data.dao.criteria.DatasetCriteria criteria = new eu.eudat.data.dao.criteria.DatasetCriteria(); criteria.setHasDoi(true); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getDatasetDao().getWithCriteria(criteria).count(); } - public long countAllDraftTemplates() { + public long countAllDraftTemplates() throws InvalidApplicationException { return countAllDraftTemplates(false); } - public long countAllDraftTemplates(boolean countNexus) { + public long countAllDraftTemplates(boolean countNexus) throws InvalidApplicationException { DatasetProfileCriteria criteria = new DatasetProfileCriteria(); criteria.setStatus(0); if (countNexus) criteria.setPeriodStart(getNexusDate()); return apiContext.getOperationsContext().getDatabaseRepository().getDatasetProfileDao().getWithCriteria(criteria).count(); } - public long countAllFinalizedTemplates() { + public long countAllFinalizedTemplates() throws InvalidApplicationException { return countAllFinalizedTemplates(false); } - public long countAllFinalizedTemplates(boolean countNexus) { + public long countAllFinalizedTemplates(boolean countNexus) throws InvalidApplicationException { DatasetProfileCriteria criteria = new DatasetProfileCriteria(); criteria.setStatus(1); if (countNexus) criteria.setPeriodStart(getNexusDate()); @@ -396,12 +398,12 @@ public class MetricsManager { } @Transactional - public long countAllUsedTemplates() { + public long countAllUsedTemplates() throws InvalidApplicationException { return countAllUsedTemplates(false); } @Transactional - public long countAllUsedTemplates(boolean countNexus) { + public long countAllUsedTemplates(boolean countNexus) throws InvalidApplicationException { DatasetProfileCriteria criteria = new DatasetProfileCriteria(); criteria.setStatus(1); criteria.setAllVersions(false); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/OrganisationsManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/OrganisationsManager.java index 4747e2549..fe21dce3a 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/OrganisationsManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/OrganisationsManager.java @@ -1,5 +1,6 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.dao.entities.OrganisationDao; import eu.eudat.data.old.UserInfo; import eu.eudat.data.query.items.table.organisations.OrganisationsTableRequest; @@ -13,7 +14,6 @@ import eu.eudat.models.data.dmp.Organisation; import eu.eudat.models.data.external.ExternalSourcesItemModel; import eu.eudat.models.data.external.OrganisationsExternalSourcesModel; import eu.eudat.models.data.helpers.common.DataTableData; -import eu.eudat.models.data.security.Principal; import eu.eudat.queryable.QueryableList; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -28,16 +28,18 @@ public class OrganisationsManager { private ApiContext apiContext; private DatabaseRepository databaseRepository; + private final UserScope userScope; @Autowired - public OrganisationsManager(ApiContext apiContext) { + public OrganisationsManager(ApiContext apiContext, UserScope userScope) { this.apiContext = apiContext; this.databaseRepository = apiContext.getOperationsContext().getDatabaseRepository(); + this.userScope = userScope; } - public DataTableData getPagedOrganisations(OrganisationsTableRequest organisationsTableRequest, Principal principal) throws Exception { + public DataTableData getPagedOrganisations(OrganisationsTableRequest organisationsTableRequest) throws Exception { UserInfo userInfo = new UserInfo(); - userInfo.setId(principal.getId()); + userInfo.setId(this.userScope.getUserId()); OrganisationDao organisationDao = databaseRepository.getOrganisationDao(); QueryableList items = organisationDao.getWithCriteria(organisationsTableRequest.getCriteria()); @@ -67,9 +69,9 @@ public class OrganisationsManager { return organisationDataTableData; } - public List getWithExternal(OrganisationsTableRequest organisationsTableRequest, Principal principal) throws Exception { + public List getWithExternal(OrganisationsTableRequest organisationsTableRequest) throws Exception { UserInfo userInfo = new UserInfo(); - userInfo.setId(principal.getId()); + userInfo.setId(this.userScope.getUserId()); OrganisationDao organisationDao = databaseRepository.getOrganisationDao(); QueryableList items = organisationDao.getWithCriteria(organisationsTableRequest.getCriteria()); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ProjectManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ProjectManager.java index 2c5c5b098..c08d6cf59 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ProjectManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ProjectManager.java @@ -1,5 +1,6 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.old.UserInfo; import eu.eudat.logic.proxy.config.ExternalUrlCriteria; import eu.eudat.logic.utilities.helpers.ListHelper; @@ -12,10 +13,10 @@ import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.proxy.fetching.RemoteFetcher; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.external.ExternalSourcesItemModel; -import eu.eudat.models.data.security.Principal; import eu.eudat.queryable.QueryableList; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.Comparator; import java.util.List; import java.util.Map; @@ -27,16 +28,18 @@ public class ProjectManager { private ApiContext apiContext; private RemoteFetcher remoteFetcher; private ListHelper listHelper; + private final UserScope userScope; - public ProjectManager(ApiContext apiContext, ListHelper listHelper) { + public ProjectManager(ApiContext apiContext, ListHelper listHelper, UserScope userScope) { this.apiContext = apiContext; this.remoteFetcher = apiContext.getOperationsContext().getRemoteFetcher(); this.listHelper = listHelper; + this.userScope = userScope; } - public List getCriteriaWithExternal(ProjectCriteriaRequest projectCriteria, Principal principal) throws HugeResultSet, NoURLFound { + public List getCriteriaWithExternal(ProjectCriteriaRequest projectCriteria) throws HugeResultSet, NoURLFound, InvalidApplicationException { UserInfo userInfo = new UserInfo(); - userInfo.setId(principal.getId()); + userInfo.setId(this.userScope.getUserId()); projectCriteria.getCriteria().setReference("dmp:"); QueryableList items = apiContext.getOperationsContext().getDatabaseRepository().getProjectDao().getWithCritetia(projectCriteria.getCriteria()); QueryableList authItems = apiContext.getOperationsContext().getDatabaseRepository().getProjectDao().getAuthenticated(items, userInfo); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/QuickWizardManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/QuickWizardManager.java index c849ff462..f70b14f4b 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/QuickWizardManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/QuickWizardManager.java @@ -1,5 +1,6 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.dao.criteria.FunderCriteria; import eu.eudat.data.dao.criteria.GrantCriteria; import eu.eudat.data.dao.criteria.ProjectCriteria; @@ -9,10 +10,10 @@ import eu.eudat.logic.mapper.elastic.DmpMapper; import eu.eudat.logic.services.ApiContext; import eu.eudat.logic.services.operations.DatabaseRepository; import eu.eudat.models.data.dmp.DataManagementPlan; -import eu.eudat.models.data.security.Principal; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.io.IOException; import java.text.ParseException; import java.util.UUID; @@ -24,37 +25,39 @@ public class QuickWizardManager { private DatabaseRepository databaseRepository; private DatasetManager datasetManager; + private final UserScope userScope; @Autowired - public QuickWizardManager(ApiContext apiContext, DatasetManager datasetManager) { + public QuickWizardManager(ApiContext apiContext, DatasetManager datasetManager, UserScope userScope) { this.apiContext = apiContext; this.databaseRepository = apiContext.getOperationsContext().getDatabaseRepository(); this.datasetManager = datasetManager; + this.userScope = userScope; } - public Funder createOrUpdate(eu.eudat.models.data.funder.Funder funder, Principal principal) { + public Funder createOrUpdate(eu.eudat.models.data.funder.Funder funder) { Funder funderEntity = funder.toDataModel(); return databaseRepository.getFunderDao().createOrUpdate(funderEntity); } - public Grant createOrUpdate(eu.eudat.models.data.grant.Grant grant, Principal principal) throws ParseException, IOException { + public Grant createOrUpdate(eu.eudat.models.data.grant.Grant grant) throws ParseException, IOException, InvalidApplicationException { Grant grantEntity = grant.toDataModel(); grantEntity.setType(Grant.GrantType.INTERNAL.getValue()); - grantEntity.setCreationUser(databaseRepository.getUserInfoDao().find(principal.getId())); + grantEntity.setCreationUser(databaseRepository.getUserInfoDao().find(this.userScope.getUserId())); return databaseRepository.getGrantDao().createOrUpdate(grantEntity); } - public Project createOrUpdate(eu.eudat.models.data.project.Project project, Principal principal) { + public Project createOrUpdate(eu.eudat.models.data.project.Project project) throws InvalidApplicationException { Project projectEntity = project.toDataModel(); - projectEntity.setCreationUser(databaseRepository.getUserInfoDao().find(principal.getId())); + projectEntity.setCreationUser(databaseRepository.getUserInfoDao().find(this.userScope.getUserId())); return databaseRepository.getProjectDao().createOrUpdate(projectEntity); } - public DMP createOrUpdate(DataManagementPlan dataManagementPlan, Funder funderEntity, Principal principal) throws Exception { + public DMP createOrUpdate(DataManagementPlan dataManagementPlan, Funder funderEntity) throws Exception { DMP newDmp = dataManagementPlan.toDataModel(); if (funderEntity != null) { newDmp.getGrant().setFunder(funderEntity); } - UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); + UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(this.userScope.getUserId()); createFunderIfItDoesntExist(newDmp, user); createGrantIfItDoesntExist(newDmp, user); if (newDmp.getProject() == null) { @@ -73,7 +76,7 @@ public class QuickWizardManager { return dmpret; } - private void updateIndex(DMP dmp) throws IOException { + private void updateIndex(DMP dmp) throws IOException, InvalidApplicationException { DmpMapper mapper = new DmpMapper(apiContext, datasetManager); Dmp elastic = mapper.toElastic(dmp); apiContext.getOperationsContext().getElasticRepository().getDmpRepository().createOrUpdate(elastic); @@ -87,7 +90,7 @@ public class QuickWizardManager { apiContext.getOperationsContext().getDatabaseRepository().getUserDmpDao().createOrUpdate(userDMP); } - private void createGrantIfItDoesntExist(DMP newDmp, UserInfo userInfo) { + private void createGrantIfItDoesntExist(DMP newDmp, UserInfo userInfo) throws InvalidApplicationException { if (newDmp.getGrant() != null) { Grant grant = newDmp.getGrant(); GrantCriteria criteria = new GrantCriteria(); @@ -101,7 +104,7 @@ public class QuickWizardManager { } } - private void createFunderIfItDoesntExist(DMP newDmp, UserInfo userInfo) { + private void createFunderIfItDoesntExist(DMP newDmp, UserInfo userInfo) throws InvalidApplicationException { if (newDmp.getGrant().getFunder() != null) { Funder funder = newDmp.getGrant().getFunder(); FunderCriteria criteria = new FunderCriteria(); @@ -115,7 +118,7 @@ public class QuickWizardManager { } } - private void createProjectIfItDoesntExist(DMP newDmp, UserInfo userInfo) { + private void createProjectIfItDoesntExist(DMP newDmp, UserInfo userInfo) throws InvalidApplicationException { if (newDmp.getProject() != null) { Project project = newDmp.getProject(); ProjectCriteria criteria = new ProjectCriteria(); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/RDAManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/RDAManager.java index 14ca7bfa1..3ef75fff1 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/RDAManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/RDAManager.java @@ -10,6 +10,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import jakarta.transaction.Transactional; + +import javax.management.InvalidApplicationException; import java.io.IOException; import java.text.SimpleDateFormat; @@ -24,7 +26,7 @@ public class RDAManager { } @Transactional - public String convertToRDA(DMP dmp) throws JsonProcessingException { + public String convertToRDA(DMP dmp) throws JsonProcessingException, InvalidApplicationException { String result = ""; Dmp rdaDmp = dmpRDAMapper.toRDA(dmp); @@ -39,7 +41,7 @@ public class RDAManager { return result; } - public DMP convertToEntity(String json, String[] profiles) throws IOException { + public DMP convertToEntity(String json, String[] profiles) throws IOException, InvalidApplicationException { ObjectMapper mapper = new ObjectMapper(); Dmp rda = mapper.readValue(json, RDAModel.class).getDmp(); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/RegistryManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/RegistryManager.java index a8c6ba855..a8e597755 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/RegistryManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/RegistryManager.java @@ -2,6 +2,7 @@ package eu.eudat.logic.managers; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.dao.criteria.RegistryCriteria; import eu.eudat.data.old.Registry; import eu.eudat.logic.proxy.config.ExternalUrlCriteria; @@ -9,10 +10,10 @@ import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.registries.RegistryModel; -import eu.eudat.models.data.security.Principal; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -22,28 +23,30 @@ import java.util.stream.Collectors; public class RegistryManager { private ApiContext apiContext; + private final UserScope userScope; @Autowired - public RegistryManager(ApiContext apiContext) { + public RegistryManager(ApiContext apiContext, UserScope userScope) { this.apiContext = apiContext; + this.userScope = userScope; } - public Registry create(RegistryModel registryModel, Principal principal) throws Exception { + public Registry create(RegistryModel registryModel) throws Exception { if (registryModel.getLabel() == null || registryModel.getAbbreviation() == null || registryModel.getUri() == null) { throw new Exception("Missing mandatory entity."); } Registry registry = registryModel.toDataModel(); - registry.getCreationUser().setId(principal.getId()); + registry.getCreationUser().setId(this.userScope.getUserId()); return apiContext.getOperationsContext().getDatabaseRepository().getRegistryDao().createOrUpdate(registry); } - public List getRegistries(String query, String type, Principal principal) throws HugeResultSet, NoURLFound { + public List getRegistries(String query, String type) throws HugeResultSet, NoURLFound, InvalidApplicationException { ExternalUrlCriteria externalUrlCriteria = new ExternalUrlCriteria(query); List> remoteRepos = this.apiContext.getOperationsContext().getRemoteFetcher().getRegistries(externalUrlCriteria, type); RegistryCriteria criteria = new RegistryCriteria(); if (!query.isEmpty()) criteria.setLike(query); - criteria.setCreationUserId(principal.getId()); + criteria.setCreationUserId(this.userScope.getUserId()); List registryModels = new LinkedList<>(); if (type.equals("")) { List registryList = (this.apiContext.getOperationsContext().getDatabaseRepository().getRegistryDao().getWithCriteria(criteria)).toList(); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ResearcherManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ResearcherManager.java index 2cc95e672..9a24752e6 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ResearcherManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ResearcherManager.java @@ -1,5 +1,6 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.logic.builders.model.models.ResearcherBuilder; import eu.eudat.data.old.Researcher; import eu.eudat.logic.proxy.config.ExternalUrlCriteria; @@ -10,12 +11,12 @@ import eu.eudat.data.query.items.item.researcher.ResearcherCriteriaRequest; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.proxy.fetching.RemoteFetcher; -import eu.eudat.models.data.security.Principal; import eu.eudat.queryable.QueryableList; import eu.eudat.logic.services.ApiContext; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.List; import java.util.Map; import java.util.stream.Collectors; @@ -29,24 +30,26 @@ public class ResearcherManager { private ApiContext apiContext; private RemoteFetcher remoteFetcher; private ConfigLoader configLoader; + private final UserScope userScope; @Autowired - public ResearcherManager(ApiContext apiContext, ConfigLoader configLoader) { + public ResearcherManager(ApiContext apiContext, ConfigLoader configLoader, UserScope userScope) { this.apiContext = apiContext; this.remoteFetcher = apiContext.getOperationsContext().getRemoteFetcher(); this.configLoader = configLoader; + this.userScope = userScope; } - public Researcher create(eu.eudat.models.data.researcher.Researcher researcher, Principal principal) throws Exception { + public Researcher create(eu.eudat.models.data.researcher.Researcher researcher) throws Exception { Researcher researcherEntity = researcher.toDataModel(); - researcherEntity.setCreationUser(apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId())); + researcherEntity.setCreationUser(apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(this.userScope.getUserId())); return apiContext.getOperationsContext().getDatabaseRepository().getResearcherDao().createOrUpdate(researcherEntity); } - public List getCriteriaWithExternal(ResearcherCriteriaRequest researcherCriteriaRequest, Principal principal) throws HugeResultSet, NoURLFound { + public List getCriteriaWithExternal(ResearcherCriteriaRequest researcherCriteriaRequest) throws HugeResultSet, NoURLFound, InvalidApplicationException { QueryableList items = apiContext.getOperationsContext().getDatabaseRepository().getResearcherDao().getWithCriteria(researcherCriteriaRequest.getCriteria()); - items.where((builder, root) -> builder.equal(root.get("creationUser").get("id"), principal.getId())); + items.where((builder, root) -> builder.equal(root.get("creationUser").get("id"), this.userScope.getUserId())); List researchers = items.select(item -> new eu.eudat.models.data.dmp.Researcher().fromDataModel(item)); researchers = researchers.stream().filter(item -> item.getKey().equals("Internal")).collect(Collectors.toList()); Map keyToSourceMap = configLoader.getKeyToSourceMap(); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ServiceManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ServiceManager.java index 3e492449b..93e55725a 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ServiceManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ServiceManager.java @@ -2,17 +2,20 @@ package eu.eudat.logic.managers; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; +import eu.eudat.authorization.Permission; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.dao.criteria.ServiceCriteria; import eu.eudat.data.old.Service; import eu.eudat.logic.proxy.config.ExternalUrlCriteria; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.services.ApiContext; -import eu.eudat.models.data.security.Principal; import eu.eudat.models.data.services.ServiceModel; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -22,25 +25,33 @@ import java.util.stream.Collectors; public class ServiceManager { private ApiContext apiContext; + private final AuthorizationService authorizationService; + private final UserScope userScope; @Autowired - public ServiceManager(ApiContext apiContext) { + public ServiceManager(ApiContext apiContext, AuthorizationService authorizationService, UserScope userScope) { this.apiContext = apiContext; + this.authorizationService = authorizationService; + this.userScope = userScope; } - public Service create(ServiceModel serviceModel, Principal principal) throws Exception { + public Service create(ServiceModel serviceModel) throws Exception { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + Service service = serviceModel.toDataModel(); - service.getCreationUser().setId(principal.getId()); + service.getCreationUser().setId(userScope.getUserId()); return apiContext.getOperationsContext().getDatabaseRepository().getServiceDao().createOrUpdate(service); } - public List getServices(String query, String type, Principal principal) throws HugeResultSet, NoURLFound { + public List getServices(String query, String type) throws HugeResultSet, NoURLFound, InvalidApplicationException { + this.authorizationService.authorizeForce(Permission.AuthenticatedRole); + ExternalUrlCriteria externalUrlCriteria = new ExternalUrlCriteria(query); List> remoteRepos = this.apiContext.getOperationsContext().getRemoteFetcher().getServices(externalUrlCriteria, type); ServiceCriteria criteria = new ServiceCriteria(); if (!query.isEmpty()) criteria.setLike(query); - criteria.setCreationUserId(principal.getId()); + criteria.setCreationUserId(userScope.getUserId()); List serviceModels = new LinkedList<>(); if (type.equals("")) { List serviceList = (this.apiContext.getOperationsContext().getDatabaseRepository().getServiceDao().getWithCriteria(criteria)).toList(); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/UnlinkEmailConfirmationManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/UnlinkEmailConfirmationManager.java index 5503f6cf6..a077a4f73 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/UnlinkEmailConfirmationManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/UnlinkEmailConfirmationManager.java @@ -16,6 +16,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import jakarta.transaction.Transactional; + +import javax.management.InvalidApplicationException; import java.util.*; @Component @@ -33,7 +35,7 @@ public class UnlinkEmailConfirmationManager { } @Transactional - public void confirmEmail(String token) throws TokenExpiredException, HasConfirmedEmailException { + public void confirmEmail(String token) throws TokenExpiredException, HasConfirmedEmailException, InvalidApplicationException { EmailConfirmation loginConfirmationEmail = apiContext.getOperationsContext() .getDatabaseRepository().getLoginConfirmationEmailDao().asQueryable() .where((builder, root) -> builder.equal(root.get("token"), UUID.fromString(token))).getSingle(); @@ -63,7 +65,7 @@ public class UnlinkEmailConfirmationManager { } @Transactional - private void unlinkUser(String emailTobeUnlinked, Integer provider){ + private void unlinkUser(String emailTobeUnlinked, Integer provider) throws InvalidApplicationException { CredentialEntity credential = databaseRepository.getCredentialDao().asQueryable() .where((builder, root) -> builder.and(builder.equal(root.get("email"), emailTobeUnlinked), builder.equal(root.get("provider"), provider))).getSingle(); if(credential != null) { @@ -71,7 +73,7 @@ public class UnlinkEmailConfirmationManager { } } - public void sendConfirmationEmail(String email, Principal principal, UUID userId, Integer provider) { + public void sendConfirmationEmail(String email, Principal principal, UUID userId, Integer provider) throws InvalidApplicationException { UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); if (user.getEmail() != null && !user.getEmail().equals(email)) { diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/UserManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/UserManager.java index a843a0f0f..4109ec1cc 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/UserManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/UserManager.java @@ -1,6 +1,8 @@ package eu.eudat.logic.managers; import com.fasterxml.jackson.databind.ObjectMapper; +import eu.eudat.authorization.Permission; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.CredentialEntity; import eu.eudat.data.dao.criteria.DataManagementPlanCriteria; import eu.eudat.data.dao.entities.UserInfoDao; @@ -9,7 +11,6 @@ import eu.eudat.data.old.DescriptionTemplate; import eu.eudat.data.old.UserInfo; import eu.eudat.data.old.UserRole; import eu.eudat.data.query.items.table.userinfo.UserInfoTableRequestItem; -import eu.eudat.exceptions.security.UnauthorisedException; import eu.eudat.logic.builders.entity.UserRoleBuilder; import eu.eudat.logic.builders.model.models.DataTableDataBuilder; import eu.eudat.logic.services.ApiContext; @@ -17,12 +18,11 @@ import eu.eudat.logic.utilities.builders.XmlBuilder; import eu.eudat.models.HintedModelFactory; import eu.eudat.models.data.dmp.DataManagementPlan; import eu.eudat.models.data.helpers.common.DataTableData; -import eu.eudat.models.data.security.Principal; import eu.eudat.models.data.userinfo.UserCredential; import eu.eudat.models.data.userinfo.UserListingModel; import eu.eudat.models.data.userinfo.UserProfile; import eu.eudat.queryable.QueryableList; -import eu.eudat.types.Authorities; +import gr.cite.commons.web.authz.service.AuthorizationService; import org.json.JSONObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -36,6 +36,7 @@ import org.springframework.stereotype.Component; import org.w3c.dom.Document; import org.w3c.dom.Element; +import javax.management.InvalidApplicationException; import java.io.*; import java.nio.file.Files; import java.util.*; @@ -45,13 +46,17 @@ import java.util.stream.Collectors; public class UserManager { private static final Logger logger = LoggerFactory.getLogger(UserManager.class); - private ApiContext apiContext; - private Environment environment; + private final ApiContext apiContext; + private final Environment environment; + private final UserScope userScope; + private final AuthorizationService authorizationService; @Autowired - public UserManager(ApiContext apiContext, Environment environment) { + public UserManager(ApiContext apiContext, Environment environment, UserScope userScope, AuthorizationService authorizationService) { this.apiContext = apiContext; this.environment = environment; + this.userScope = userScope; + this.authorizationService = authorizationService; } public eu.eudat.models.data.user.composite.DatasetProfile generateDatasetProfileModel(DescriptionTemplate profile) { @@ -73,7 +78,7 @@ public class UserManager { return apiContext.getOperationsContext().getBuilderFactory().getBuilder(DataTableDataBuilder.class).totalCount(users.count()).data(modelUsers).build(); } - public List getCredentials(UUID userId) { + public List getCredentials(UUID userId) throws InvalidApplicationException { List results = new ArrayList<>(); UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(userId); List credentials = apiContext.getOperationsContext().getDatabaseRepository().getCredentialDao().asQueryable().where((builder, root) -> builder.equal(root.get("userId"), user.getId())).toList(); @@ -98,7 +103,7 @@ public class UserManager { return profile; } - public void editRoles(UserListingModel user) { + public void editRoles(UserListingModel user) throws InvalidApplicationException { UserInfo userInfo = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(user.getId()); userInfo.getUserRoles().stream().forEach(item -> apiContext.getOperationsContext().getDatabaseRepository().getUserRoleDao().delete(item)); for (Integer role : user.getAppRoles()) { @@ -107,8 +112,8 @@ public class UserManager { } } - public void updateSettings(Map settings, Principal principal) throws IOException { - UserInfo userInfo = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId()); + public void updateSettings(Map settings) throws IOException, InvalidApplicationException { + UserInfo userInfo = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(this.userScope.getUserId()); apiContext.getOperationsContext().getDatabaseRepository().detachEntity(userInfo); HashMap result = new ObjectMapper().readValue(userInfo.getAdditionalinfo(), HashMap.class); @@ -120,11 +125,11 @@ public class UserManager { .createOrUpdate(userInfo); } - public DataTableData getCollaboratorsPaged(UserInfoTableRequestItem userInfoTableRequestItem, Principal principal) throws Exception { + public DataTableData getCollaboratorsPaged(UserInfoTableRequestItem userInfoTableRequestItem) throws Exception { UserInfoDao userInfoDao = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao(); QueryableList users = userInfoDao.getWithCriteria(userInfoTableRequestItem.getCriteria()); - List colaborators = userInfoDao.getAuthenticated(users, principal.getId()) + List colaborators = userInfoDao.getAuthenticated(users, this.userScope.getUserId()) .withHint(HintedModelFactory.getHint(UserListingModel.class)) .select(colaborator -> new UserListingModel().fromDataModel(colaborator)); @@ -134,9 +139,9 @@ public class UserManager { return dataTableData; } - public ResponseEntity exportToCsv(Principal principal) throws IOException { - if (!principal.getAuthz().contains(Authorities.ADMIN)) - throw new UnauthorisedException(); + public ResponseEntity exportToCsv() throws IOException, InvalidApplicationException { + + this.authorizationService.authorizeForce(Permission.AdminRole); List users = this.apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().asQueryable().toList(); StringBuilder resultBuilder = new StringBuilder(); @@ -173,7 +178,7 @@ public class UserManager { return new ResponseEntity<>(content, responseHeaders, HttpStatus.OK); } - public UserProfile getFromEmail(String email) { + public UserProfile getFromEmail(String email) throws InvalidApplicationException { UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().asQueryable().where((builder, root) -> builder.equal(root.get("email"), email)).getSingle(); return new UserProfile().fromDataModel(user); } @@ -183,7 +188,7 @@ public class UserManager { //return apiContext.getOperationsContext().getDatabaseRepository().getUserTokenDao().asQueryable().where(((builder, root) -> builder.greaterThan(root.get("expiresAt"), new Date()))).count(); } - public Long countAllUsers(){ + public Long countAllUsers() throws InvalidApplicationException { return apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().asQueryable().count(); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ValidationManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ValidationManager.java index 566d64bc1..d9a87905f 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ValidationManager.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/ValidationManager.java @@ -1,5 +1,6 @@ package eu.eudat.logic.managers; +import eu.eudat.commons.scope.user.UserScope; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -7,23 +8,24 @@ import eu.eudat.logic.proxy.config.ExternalUrlCriteria; import eu.eudat.logic.proxy.config.exceptions.HugeResultSet; import eu.eudat.logic.proxy.config.exceptions.NoURLFound; import eu.eudat.logic.proxy.fetching.RemoteFetcher; -import eu.eudat.models.data.security.Principal; @Component public class ValidationManager { private RemoteFetcher remoteFetcher; + private final UserScope userScope; @Autowired - public ValidationManager(RemoteFetcher remoteFetcher) { + public ValidationManager(RemoteFetcher remoteFetcher, UserScope userScope) { super(); this.remoteFetcher = remoteFetcher; + this.userScope = userScope; } - public Boolean validateIdentifier(String identifier, String type, Principal principal) throws NoURLFound, HugeResultSet { + public Boolean validateIdentifier(String identifier, String type) throws NoURLFound, HugeResultSet { ExternalUrlCriteria externalUrlCriteria = new ExternalUrlCriteria(identifier); Integer count = this.remoteFetcher.findEntries(externalUrlCriteria, type); - return principal != null && count > 0; + return this.userScope.isSet() && count > 0; } diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/mapper/elastic/DmpMapper.java b/dmp-backend/web/src/main/java/eu/eudat/logic/mapper/elastic/DmpMapper.java index 3b35f9eec..bec5ec468 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/mapper/elastic/DmpMapper.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/mapper/elastic/DmpMapper.java @@ -10,6 +10,7 @@ import eu.eudat.logic.services.ApiContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.management.InvalidApplicationException; import java.util.Collections; import java.util.Comparator; import java.util.List; @@ -29,7 +30,7 @@ public class DmpMapper { this.datasetMapper = new DatasetMapper(apiContext, datasetManager); } - public Dmp toElastic(DMP dmp) { + public Dmp toElastic(DMP dmp) throws InvalidApplicationException { Dmp elastic = new Dmp(); elastic.setId(dmp.getId()); elastic.setGroupId(dmp.getGroupId()); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/security/claims/ClaimedAuthorities.java b/dmp-backend/web/src/main/java/eu/eudat/logic/security/claims/ClaimedAuthorities.java deleted file mode 100644 index 6e5d99e00..000000000 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/security/claims/ClaimedAuthorities.java +++ /dev/null @@ -1,17 +0,0 @@ -package eu.eudat.logic.security.claims; - -import eu.eudat.types.Authorities; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -import static eu.eudat.types.Authorities.USER; - - -@Retention(RetentionPolicy.RUNTIME) -@Target(ElementType.PARAMETER) -public @interface ClaimedAuthorities { - Authorities[] claims() default {USER}; -} diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/security/claims/ClaimedRights.java b/dmp-backend/web/src/main/java/eu/eudat/logic/security/claims/ClaimedRights.java deleted file mode 100644 index 0cdfa7255..000000000 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/security/claims/ClaimedRights.java +++ /dev/null @@ -1,17 +0,0 @@ -package eu.eudat.logic.security.claims; - -import eu.eudat.types.Rights; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -/** - * Created by ikalyvas on 2/8/2018. - */ -@Retention(RetentionPolicy.RUNTIME) -@Target(ElementType.PARAMETER) -public @interface ClaimedRights { - Rights[] claims() default {}; -} diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/AbstractAuthenticationService.java b/dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/AbstractAuthenticationService.java deleted file mode 100644 index b1106f09d..000000000 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/AbstractAuthenticationService.java +++ /dev/null @@ -1,46 +0,0 @@ -package eu.eudat.logic.services.operations.authentication; - -import eu.eudat.data.old.UserInfo; -import eu.eudat.logic.managers.MetricsManager; -import eu.eudat.logic.services.ApiContext; -import eu.eudat.models.data.security.Principal; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.core.env.Environment; - -import java.util.Calendar; -import java.util.Date; -import java.util.UUID; - -public abstract class AbstractAuthenticationService implements AuthenticationService { - private static final Logger logger = LoggerFactory.getLogger(AbstractAuthenticationService.class); - - protected ApiContext apiContext; - protected Environment environment; - protected MetricsManager metricsManager; - - public AbstractAuthenticationService(ApiContext apiContext, Environment environment, MetricsManager metricsManager) { - this.apiContext = apiContext; - this.environment = environment; - this.metricsManager = metricsManager; - } - - protected Date addADay(Date date) { - Date dt = new Date(); - Calendar c = Calendar.getInstance(); - c.setTime(dt); - c.add(Calendar.DATE, 1); - dt = c.getTime(); - return dt; - } - - abstract Principal Touch(UserInfo token); - - - public Principal Touch(UUID userId) { //TODO: Authn - UserInfo tokenEntry = this.apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(userId); - if (tokenEntry == null) return null; - - return this.Touch(tokenEntry); - } -} diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/AuthenticationService.java b/dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/AuthenticationService.java deleted file mode 100644 index bd32d4a26..000000000 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/AuthenticationService.java +++ /dev/null @@ -1,19 +0,0 @@ -package eu.eudat.logic.services.operations.authentication; - -import eu.eudat.exceptions.security.NullEmailException; -import eu.eudat.models.data.login.Credentials; -import eu.eudat.models.data.loginprovider.LoginProviderUser; -import eu.eudat.models.data.security.Principal; -import gr.cite.commons.web.oidc.principal.MyPrincipal; - -import java.util.UUID; - -/** - * Created by ikalyvas on 3/1/2018. - */ -public interface AuthenticationService { - - Principal Touch(MyPrincipal principal) throws NullEmailException; - - Principal Touch(UUID token) throws NullEmailException; -} diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/NonVerifiedUserEmailAuthenticationService.java b/dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/NonVerifiedUserEmailAuthenticationService.java deleted file mode 100644 index cd7fd5156..000000000 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/NonVerifiedUserEmailAuthenticationService.java +++ /dev/null @@ -1,60 +0,0 @@ -package eu.eudat.logic.services.operations.authentication; - -import eu.eudat.data.old.UserInfo; -import eu.eudat.exceptions.security.NullEmailException; -import eu.eudat.logic.builders.model.models.PrincipalBuilder; -import eu.eudat.logic.managers.MetricsManager; -import eu.eudat.logic.services.ApiContext; -import eu.eudat.models.data.security.Principal; -import eu.eudat.types.Authorities; -import gr.cite.commons.web.oidc.principal.MyPrincipal; -import gr.cite.commons.web.oidc.principal.extractor.ClaimExtractor; -import org.apache.commons.lang3.NotImplementedException; -import org.springframework.core.env.Environment; -import org.springframework.stereotype.Service; - -import java.time.Instant; -import java.time.temporal.ChronoUnit; -import java.util.Date; -import java.util.HashSet; -import java.util.UUID; - -@Service("nonVerifiedUserAuthenticationService") -public class NonVerifiedUserEmailAuthenticationService extends AbstractAuthenticationService { - - private final ClaimExtractor claimExtractor; - public NonVerifiedUserEmailAuthenticationService(ApiContext apiContext, Environment environment, MetricsManager metricsManager, ClaimExtractor claimExtractor) { - super(apiContext, environment, metricsManager); - this.claimExtractor = claimExtractor; - } - - @Override - Principal Touch(UserInfo token) { - throw new NotImplementedException(""); - } - - @Override - public Principal Touch(MyPrincipal principal) throws NullEmailException { //TODO: Authn - if (principal == null /*|| this.claimExtractor.expiresAt(principal).isBefore(Instant.now())*/) return null; - - Principal principalItem = this.apiContext.getOperationsContext().getBuilderFactory().getBuilder(PrincipalBuilder.class) - .id(UUID.randomUUID()).token(UUID.randomUUID())//TODO: Authn - .expiresAt(Date.from(Instant.now().plus(5, ChronoUnit.DAYS))) - .name(this.claimExtractor.name(principal)) - .email(this.claimExtractor.email(principal)) - .avatarUrl("") - .culture("") - .language("") - .timezone("") - .build(); - principalItem.setAuthorities(new HashSet<>()); - principalItem.getAuthz().add(Authorities.USER); -// List userRoles = apiContext.getOperationsContext().getDatabaseRepository().getUserRoleDao().getUserRoles(user); -// for (UserRole item : userRoles) { -// if (principal.getAuthz() == null) principal.setAuthorities(new HashSet<>()); -// principal.getAuthz().add(Authorities.fromInteger(item.getRole())); -// } - return principalItem; - - } -} diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/VerifiedUserAuthenticationService.java b/dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/VerifiedUserAuthenticationService.java deleted file mode 100644 index 2aa2384eb..000000000 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/services/operations/authentication/VerifiedUserAuthenticationService.java +++ /dev/null @@ -1,83 +0,0 @@ -package eu.eudat.logic.services.operations.authentication; - -import com.fasterxml.jackson.databind.ObjectMapper; -import eu.eudat.data.old.UserInfo; -import eu.eudat.data.old.UserRole; -import eu.eudat.exceptions.security.NullEmailException; -import eu.eudat.logic.builders.model.models.PrincipalBuilder; -import eu.eudat.logic.managers.MetricsManager; -import eu.eudat.logic.services.ApiContext; -import eu.eudat.models.data.security.Principal; -import eu.eudat.types.Authorities; -import gr.cite.commons.web.oidc.principal.MyPrincipal; -import org.apache.commons.lang3.NotImplementedException; -import org.springframework.core.env.Environment; -import org.springframework.stereotype.Service; - -import java.time.Instant; -import java.time.temporal.ChronoUnit; -import java.util.Date; -import java.util.HashSet; -import java.util.List; -import java.util.UUID; - - -@Service("verifiedUserAuthenticationService") -public class VerifiedUserAuthenticationService extends AbstractAuthenticationService { - - public VerifiedUserAuthenticationService(ApiContext apiContext, Environment environment, MetricsManager metricsManager) { - super(apiContext, environment, metricsManager); - } - - public Principal Touch(UserInfo user) { - if (user == null) return null; - if (user.getEmail() == null) throw new NullEmailException(); - String avatarUrl; - try { - avatarUrl = user.getAdditionalinfo() != null ? new ObjectMapper().readTree(user.getAdditionalinfo()).get("avatarUrl").asText() : ""; - } catch (Exception e) { - avatarUrl = ""; - } - String culture; - try { - culture = user.getAdditionalinfo() != null ? new ObjectMapper().readTree(user.getAdditionalinfo()).get("culture").get("name").asText() : ""; - } catch (Exception e) { - culture = ""; - } - String language; - try { - language = user.getAdditionalinfo() != null ? new ObjectMapper().readTree(user.getAdditionalinfo()).get("language").get("value").asText() : ""; - } catch (Exception e) { - language = ""; - } - String timezone; - try { - timezone = user.getAdditionalinfo() != null ? new ObjectMapper().readTree(user.getAdditionalinfo()).get("timezone").asText() : ""; - } catch (Exception e) { - timezone = ""; - } - Principal principal = this.apiContext.getOperationsContext().getBuilderFactory().getBuilder(PrincipalBuilder.class) - .id(user.getId()).token(UUID.randomUUID()) //TODO: Authn - .expiresAt(Date.from(Instant.now().plus(5, ChronoUnit.DAYS)))//TODO: Authn - .name(user.getName()) - .email(user.getEmail()) - .avatarUrl(avatarUrl) - .culture(culture) - .language(language) - .timezone(timezone) - .build(); - - List userRoles = apiContext.getOperationsContext().getDatabaseRepository().getUserRoleDao().getUserRoles(user); - for (UserRole item : userRoles) { - if (principal.getAuthz() == null) principal.setAuthorities(new HashSet<>()); - principal.getAuthz().add(Authorities.fromInteger(item.getRole())); - } - return principal; - } - - - @Override - public Principal Touch(MyPrincipal principal) throws NullEmailException { - throw new NotImplementedException(""); - } -} diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/utilities/schedule/notification/NotificationScheduleJob.java b/dmp-backend/web/src/main/java/eu/eudat/logic/utilities/schedule/notification/NotificationScheduleJob.java index f1518e1b1..b6a6eec69 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/utilities/schedule/notification/NotificationScheduleJob.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/utilities/schedule/notification/NotificationScheduleJob.java @@ -12,6 +12,8 @@ import org.springframework.scheduling.annotation.Scheduled; import org.springframework.stereotype.Component; import jakarta.transaction.Transactional; + +import javax.management.InvalidApplicationException; import java.util.LinkedList; import java.util.List; import java.util.concurrent.CompletableFuture; @@ -31,7 +33,7 @@ public class NotificationScheduleJob { @Transactional @Scheduled(fixedRateString = "${notification.rateInterval}") - public void sendNotifications() { + public void sendNotifications() throws InvalidApplicationException { List> futures = new LinkedList<>(); this.apiContext.getOperationsContext().getDatabaseRepository().getNotificationDao().asQueryable().where(((builder, root) -> builder.and( diff --git a/dmp-backend/web/src/main/java/eu/eudat/models/data/quickwizard/DmpQuickWizardModel.java b/dmp-backend/web/src/main/java/eu/eudat/models/data/quickwizard/DmpQuickWizardModel.java index 8f0f99e6f..5da3da906 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/models/data/quickwizard/DmpQuickWizardModel.java +++ b/dmp-backend/web/src/main/java/eu/eudat/models/data/quickwizard/DmpQuickWizardModel.java @@ -1,12 +1,13 @@ package eu.eudat.models.data.quickwizard; +import eu.eudat.commons.scope.user.UserScope; import eu.eudat.data.old.DescriptionTemplate; import eu.eudat.data.old.Grant; import eu.eudat.data.old.Project; import eu.eudat.models.data.dmp.AssociatedProfile; -import eu.eudat.models.data.security.Principal; import eu.eudat.models.data.userinfo.UserListingModel; +import javax.management.InvalidApplicationException; import java.util.*; @@ -72,7 +73,7 @@ public class DmpQuickWizardModel { this.language = language; } - public eu.eudat.models.data.dmp.DataManagementPlan toDataDmp(Grant grant, Project project, Principal principal) { + public eu.eudat.models.data.dmp.DataManagementPlan toDataDmp(Grant grant, Project project, UserScope userScope) throws InvalidApplicationException { eu.eudat.models.data.dmp.DataManagementPlan dataManagementPlanEntity = new eu.eudat.models.data.dmp.DataManagementPlan(); dataManagementPlanEntity.setId(this.id); @@ -98,12 +99,12 @@ public class DmpQuickWizardModel { dataManagementPlanEntity.setCreated(new Date()); List user = new LinkedList<>(); eu.eudat.models.data.userinfo.UserInfo userInfo = new eu.eudat.models.data.userinfo.UserInfo(); - userInfo.setId(principal.getId()); + userInfo.setId(userScope.getUserId()); dataManagementPlanEntity.setAssociatedUsers(user); dataManagementPlanEntity.setExtraProperties(new HashMap<>()); dataManagementPlanEntity.getExtraProperties().put("language", this.language); dataManagementPlanEntity.getExtraProperties().put("visible", false); - dataManagementPlanEntity.getExtraProperties().put("contact", principal.getId().toString()); + dataManagementPlanEntity.getExtraProperties().put("contact", userScope.getUserId().toString()); return dataManagementPlanEntity; } diff --git a/dmp-backend/web/src/main/java/eu/eudat/models/data/rda/DatasetRDAExportModel.java b/dmp-backend/web/src/main/java/eu/eudat/models/data/rda/DatasetRDAExportModel.java index 2f6476f1b..44ed53d9e 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/models/data/rda/DatasetRDAExportModel.java +++ b/dmp-backend/web/src/main/java/eu/eudat/models/data/rda/DatasetRDAExportModel.java @@ -7,7 +7,6 @@ import com.jayway.jsonpath.JsonPath; import eu.eudat.data.old.Dataset; import eu.eudat.logic.managers.DatasetManager; import eu.eudat.logic.utilities.builders.XmlBuilder; -import eu.eudat.models.data.security.Principal; import org.json.JSONArray; import org.json.JSONObject; import org.slf4j.Logger; @@ -16,6 +15,7 @@ import org.w3c.dom.Document; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import javax.management.InvalidApplicationException; import javax.xml.xpath.*; import java.text.DateFormat; import java.util.*; @@ -150,7 +150,7 @@ public class DatasetRDAExportModel { } - public DatasetRDAExportModel fromDataModel(Dataset dataset, DatasetManager datasetManager, Principal principal) { + public DatasetRDAExportModel fromDataModel(Dataset dataset, DatasetManager datasetManager) { // Map of template Ids to rda values. JSONObject jObject = new JSONObject(dataset.getProperties()); Map templateIdsToValues = jObject.toMap(); @@ -166,9 +166,9 @@ public class DatasetRDAExportModel { // Transform the answered dataset description to json so we can parse it and fill the rda model. JSONObject datasetDescriptionJson = null; try { - String jsonResult = mapper.writeValueAsString(datasetManager.getSingle(dataset.getId().toString(), principal).getDatasetProfileDefinition()); + String jsonResult = mapper.writeValueAsString(datasetManager.getSingle(dataset.getId().toString()).getDatasetProfileDefinition()); datasetDescriptionJson = new JSONObject(jsonResult); - } catch (JsonProcessingException e) { + } catch (JsonProcessingException | InvalidApplicationException e) { logger.error(e.getMessage(), e); } setMultiplicityIdToFieldSetId(datasetDescriptionJson); diff --git a/dmp-backend/web/src/main/java/eu/eudat/models/data/rda/DmpRDAExportModel.java b/dmp-backend/web/src/main/java/eu/eudat/models/data/rda/DmpRDAExportModel.java index 724d667ad..4edd72fa4 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/models/data/rda/DmpRDAExportModel.java +++ b/dmp-backend/web/src/main/java/eu/eudat/models/data/rda/DmpRDAExportModel.java @@ -5,7 +5,6 @@ import eu.eudat.data.old.Dataset; import eu.eudat.data.old.EntityDoi; import eu.eudat.data.old.UserDMP; import eu.eudat.logic.managers.DatasetManager; -import eu.eudat.models.data.security.Principal; import java.text.SimpleDateFormat; import java.util.Date; @@ -127,7 +126,7 @@ public class DmpRDAExportModel { this.title = title; } - public DmpRDAExportModel fromDataModel(DMP entity, DatasetManager datasetManager, Principal principal) { + public DmpRDAExportModel fromDataModel(DMP entity, DatasetManager datasetManager) { DmpRDAExportModel dmpRda = new DmpRDAExportModel(); dmpRda.contact = new ContactRDAExportModel().fromDataModel(entity.getUsers().stream().filter(x -> x.getRole().equals(UserDMP.UserDMPRoles.OWNER.getValue())).findFirst().get().getUser()); if (entity.getUsers().stream().anyMatch(x -> x.getRole().equals(UserDMP.UserDMPRoles.USER.getValue()))) { @@ -142,7 +141,7 @@ public class DmpRDAExportModel { dmpRda.dataset = new LinkedList<>(); for (Dataset dataset : entity.getDataset()) { if (dataset.getStatus() != Dataset.Status.DELETED.getValue() && dataset.getStatus() != Dataset.Status.CANCELED.getValue()) - dmpRda.dataset.add(new DatasetRDAExportModel().fromDataModel(dataset, datasetManager, principal)); + dmpRda.dataset.add(new DatasetRDAExportModel().fromDataModel(dataset, datasetManager)); } dmpRda.description = entity.getDescription().replace("\n", " "); if (entity.getDois() != null && !entity.getDois().isEmpty()) { diff --git a/dmp-backend/web/src/main/java/eu/eudat/models/data/rda/RDAExportModel.java b/dmp-backend/web/src/main/java/eu/eudat/models/data/rda/RDAExportModel.java index fc885cc83..7981de564 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/models/data/rda/RDAExportModel.java +++ b/dmp-backend/web/src/main/java/eu/eudat/models/data/rda/RDAExportModel.java @@ -2,7 +2,6 @@ package eu.eudat.models.data.rda; import eu.eudat.data.old.DMP; import eu.eudat.logic.managers.DatasetManager; -import eu.eudat.models.data.security.Principal; public class RDAExportModel { private DmpRDAExportModel dmp; @@ -14,8 +13,8 @@ public class RDAExportModel { this.dmp = dmp; } - public RDAExportModel fromDataModel(DMP dmp, DatasetManager datasetManager, Principal principal) { - this.dmp = new DmpRDAExportModel().fromDataModel(dmp, datasetManager, principal); + public RDAExportModel fromDataModel(DMP dmp, DatasetManager datasetManager) { + this.dmp = new DmpRDAExportModel().fromDataModel(dmp, datasetManager); return this; } } diff --git a/dmp-backend/web/src/main/java/eu/eudat/models/rda/mapper/DmpRDAMapper.java b/dmp-backend/web/src/main/java/eu/eudat/models/rda/mapper/DmpRDAMapper.java index e93aa35fd..f264015ce 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/models/rda/mapper/DmpRDAMapper.java +++ b/dmp-backend/web/src/main/java/eu/eudat/models/rda/mapper/DmpRDAMapper.java @@ -13,6 +13,8 @@ import org.springframework.stereotype.Component; import jakarta.persistence.NoResultException; import jakarta.transaction.Transactional; + +import javax.management.InvalidApplicationException; import java.io.IOException; import java.util.*; import java.util.stream.Collectors; @@ -34,7 +36,7 @@ public class DmpRDAMapper { } @Transactional - public Dmp toRDA(DMP dmp) { + public Dmp toRDA(DMP dmp) throws InvalidApplicationException { if (dmp.getDataset() == null || dmp.getDataset().isEmpty()) { throw new IllegalArgumentException("DMP has no Datasets"); } @@ -123,7 +125,7 @@ public class DmpRDAMapper { return rda; } - public DMP toEntity(Dmp rda, String[] profiles) { + public DMP toEntity(Dmp rda, String[] profiles) throws InvalidApplicationException { DMP entity = new DMP(); entity.setLabel(rda.getTitle()); if (rda.getDmpId().getType() == DmpId.Type.DOI) { @@ -133,13 +135,19 @@ public class DmpRDAMapper { dois.add(doi); entity.setDois(dois); } - catch (NoResultException e) { + catch (NoResultException | InvalidApplicationException e) { logger.warn("No entity doi: " + rda.getDmpId().getIdentifier() + " found in database. No dois are added to dmp."); entity.setDois(new HashSet<>()); } } if (((List) rda.getAdditionalProperties().get("templates")) != null && !((List) rda.getAdditionalProperties().get("templates")).isEmpty() && entity.getId() != null) { - entity.setAssociatedDmps(((List) rda.getAdditionalProperties().get("templates")).stream().map(x -> this.getProfile(x, entity.getId())).filter(Objects::nonNull).collect(Collectors.toSet())); + entity.setAssociatedDmps(((List) rda.getAdditionalProperties().get("templates")).stream().map(x -> { + try { + return this.getProfile(x, entity.getId()); + } catch (InvalidApplicationException e) { + throw new RuntimeException(e); + } + }).filter(Objects::nonNull).collect(Collectors.toSet())); } if (entity.getAssociatedDmps() == null) { entity.setAssociatedDmps(new HashSet<>()); @@ -171,7 +179,7 @@ public class DmpRDAMapper { return entity; } - private DMPDatasetProfile getProfile(String descriptionTemplateId, UUID dmpId) { + private DMPDatasetProfile getProfile(String descriptionTemplateId, UUID dmpId) throws InvalidApplicationException { return apiContext.getOperationsContext().getDatabaseRepository().getDmpDatasetProfileDao().asQueryable().where(((builder, root) -> builder.and( builder.equal(root.get("datasetprofile"), UUID.fromString(descriptionTemplateId)), builder.equal(root.get("dmp"), dmpId)) diff --git a/dmp-backend/web/src/main/java/eu/eudat/models/v2/AccountBuilder.java b/dmp-backend/web/src/main/java/eu/eudat/models/v2/AccountBuilder.java index c4398a63f..e082c4c93 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/models/v2/AccountBuilder.java +++ b/dmp-backend/web/src/main/java/eu/eudat/models/v2/AccountBuilder.java @@ -15,6 +15,7 @@ import org.springframework.beans.factory.config.ConfigurableBeanFactory; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; +import javax.management.InvalidApplicationException; import java.util.*; @Component @@ -44,7 +45,7 @@ public class AccountBuilder { ClaimExtractorKeys.ExpiresAt); } - public Account build(FieldSet fields, MyPrincipal principal) { + public Account build(FieldSet fields, MyPrincipal principal) throws InvalidApplicationException { Account model = new Account(); if (principal == null || !principal.isAuthenticated()) { model.setIsAuthenticated(Boolean.FALSE); diff --git a/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/FluentValidatorBuilder.java b/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/FluentValidatorBuilder.java index ecab91921..bfe3f607e 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/FluentValidatorBuilder.java +++ b/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/FluentValidatorBuilder.java @@ -7,6 +7,7 @@ import eu.eudat.models.validators.fluentvalidator.rules.AbstractFluentValidatorR import eu.eudat.models.validators.fluentvalidator.rules.CompareRule; import eu.eudat.models.validators.fluentvalidator.rules.NotEmptyRule; +import javax.management.InvalidApplicationException; import java.util.LinkedList; import java.util.List; import java.util.stream.Collectors; @@ -55,11 +56,17 @@ public class FluentValidatorBuilder { this.item = item; List errors = new LinkedList<>(); if(this.conditionalOperator != null && !this.conditionalOperator.apply(this.item)) return errors; - this.rules.forEach(x -> errors.add(this.evaluateError(x))); + this.rules.forEach(x -> { + try { + errors.add(this.evaluateError(x)); + } catch (InvalidApplicationException e) { + throw new RuntimeException(e); + } + }); return errors.stream().filter(x -> x != null).collect(Collectors.toList()); } - private FluentValidatorResult evaluateError(AbstractFluentValidatorRule rule) { + private FluentValidatorResult evaluateError(AbstractFluentValidatorRule rule) throws InvalidApplicationException { if (rule.assertValue(this.item)) { return new FluentValidatorResult(this.name, this.message); } diff --git a/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/predicates/FieldSelector.java b/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/predicates/FieldSelector.java index 66d743f2b..cd06ef9c6 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/predicates/FieldSelector.java +++ b/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/predicates/FieldSelector.java @@ -1,8 +1,10 @@ package eu.eudat.models.validators.fluentvalidator.predicates; +import javax.management.InvalidApplicationException; + /** * Created by ikalyvas on 8/28/2018. */ public interface FieldSelector { - R apply(T item); + R apply(T item) throws InvalidApplicationException; } diff --git a/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/rules/AbstractFluentValidatorRule.java b/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/rules/AbstractFluentValidatorRule.java index 61cd3091c..cdc50b34a 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/rules/AbstractFluentValidatorRule.java +++ b/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/rules/AbstractFluentValidatorRule.java @@ -2,6 +2,8 @@ package eu.eudat.models.validators.fluentvalidator.rules; import eu.eudat.models.validators.fluentvalidator.predicates.FieldSelector; +import javax.management.InvalidApplicationException; + /** * Created by ikalyvas on 8/31/2018. */ @@ -16,5 +18,5 @@ public abstract class AbstractFluentValidatorRule { this.fieldSelector = fieldSelector; } - public abstract boolean assertValue(T item); + public abstract boolean assertValue(T item) throws InvalidApplicationException; } diff --git a/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/rules/CompareRule.java b/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/rules/CompareRule.java index b2fcfa3dc..bb12f63a3 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/rules/CompareRule.java +++ b/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/rules/CompareRule.java @@ -3,6 +3,8 @@ package eu.eudat.models.validators.fluentvalidator.rules; import eu.eudat.models.validators.fluentvalidator.predicates.ComparisonOperator; import eu.eudat.models.validators.fluentvalidator.predicates.FieldSelector; +import javax.management.InvalidApplicationException; + /** * Created by ikalyvas on 8/31/2018. */ @@ -18,7 +20,7 @@ public class CompareRule extends AbstractFluentValidatorRule { } @Override - public boolean assertValue(T item) { + public boolean assertValue(T item) throws InvalidApplicationException { return this.comparisonOperator.compare(this.getFieldSelector().apply(item), this.comparisonSelector.apply(item)); } } diff --git a/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/rules/NotEmptyRule.java b/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/rules/NotEmptyRule.java index 5c693be9a..8f47809e5 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/rules/NotEmptyRule.java +++ b/dmp-backend/web/src/main/java/eu/eudat/models/validators/fluentvalidator/rules/NotEmptyRule.java @@ -2,6 +2,8 @@ package eu.eudat.models.validators.fluentvalidator.rules; import eu.eudat.models.validators.fluentvalidator.predicates.FieldSelector; +import javax.management.InvalidApplicationException; + /** * Created by ikalyvas on 8/31/2018. */ @@ -12,7 +14,7 @@ public class NotEmptyRule extends AbstractFluentValidatorRule { } @Override - public boolean assertValue(T item) { + public boolean assertValue(T item) throws InvalidApplicationException { return this.getFieldSelector().apply(item) != null; } } diff --git a/dmp-backend/web/src/main/java/eu/eudat/publicapi/controllers/PublicDatasetsDescriptionDocumentation.java b/dmp-backend/web/src/main/java/eu/eudat/publicapi/controllers/PublicDatasetsDescriptionDocumentation.java index e4aa01a1b..db8675a58 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/publicapi/controllers/PublicDatasetsDescriptionDocumentation.java +++ b/dmp-backend/web/src/main/java/eu/eudat/publicapi/controllers/PublicDatasetsDescriptionDocumentation.java @@ -1,18 +1,14 @@ package eu.eudat.publicapi.controllers; import eu.eudat.controllers.BaseController; -import eu.eudat.logic.security.claims.ClaimedAuthorities; import eu.eudat.logic.services.ApiContext; import eu.eudat.models.data.helpers.common.DataTableData; import eu.eudat.models.data.helpers.responses.ResponseItem; -import eu.eudat.models.data.security.Principal; import eu.eudat.publicapi.managers.DatasetPublicManager; import eu.eudat.publicapi.models.listingmodels.DatasetPublicListingModel; import eu.eudat.publicapi.models.overviewmodels.DatasetPublicModel; import eu.eudat.publicapi.request.dataset.DatasetPublicTableRequest; import eu.eudat.types.ApiMessageCode; -import eu.eudat.types.Authorities; -import io.swagger.annotations.*; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Content; diff --git a/dmp-backend/web/src/main/resources/config/permissions.yml b/dmp-backend/web/src/main/resources/config/permissions.yml index 8a99fb973..7ee5a0dc9 100644 --- a/dmp-backend/web/src/main/resources/config/permissions.yml +++ b/dmp-backend/web/src/main/resources/config/permissions.yml @@ -1,6 +1,50 @@ permissions: extendedClaims: [ ] policies: + ###### Should Remove after Refactor + PublicRole: + roles: [ ] + clients: [ ] + allowAnonymous: true + allowAuthenticated: true + AdminRole: + roles: + - Admin + clients: [ ] + allowAnonymous: false + allowAuthenticated: false + DatasetProfileManagerRole: + roles: + - DatasetProfileManager + clients: [ ] + allowAnonymous: false + allowAuthenticated: false + ManagerRole: + roles: + - Manager + clients: [ ] + allowAnonymous: false + allowAuthenticated: false + UserRole: + roles: + - User + clients: [ ] + allowAnonymous: false + allowAuthenticated: false + AuthenticatedRole: + roles: [] + clients: [ ] + allowAnonymous: false + allowAuthenticated: true + AnonymousRole: + roles: [] + clients: [ ] + allowAnonymous: true + allowAuthenticated: true + + ###### + + # Language BrowseLanguage: roles: [ ]