diff --git a/backend/core/src/main/java/org/opencdmp/authorization/AffiliatedAuthorizationRequirement.java b/backend/core/src/main/java/org/opencdmp/authorization/AffiliatedAuthorizationRequirement.java index c5450f0f4..52054fb47 100644 --- a/backend/core/src/main/java/org/opencdmp/authorization/AffiliatedAuthorizationRequirement.java +++ b/backend/core/src/main/java/org/opencdmp/authorization/AffiliatedAuthorizationRequirement.java @@ -31,10 +31,10 @@ public class AffiliatedAuthorizationRequirement implements AuthorizationRequirem } public Set getRequiredPermissions() { - return requiredPermissions; + return this.requiredPermissions; } public boolean getMatchAll() { - return matchAll; + return this.matchAll; } } diff --git a/backend/core/src/main/java/org/opencdmp/authorization/AffiliatedResource.java b/backend/core/src/main/java/org/opencdmp/authorization/AffiliatedResource.java index f6c469e92..7c5a1c53f 100644 --- a/backend/core/src/main/java/org/opencdmp/authorization/AffiliatedResource.java +++ b/backend/core/src/main/java/org/opencdmp/authorization/AffiliatedResource.java @@ -1,31 +1,33 @@ package org.opencdmp.authorization; -import org.opencdmp.commons.enums.DmpUserRole; import gr.cite.commons.web.authz.policy.AuthorizationResource; +import org.opencdmp.commons.enums.DmpUserRole; +import org.opencdmp.commons.enums.UserDescriptionTemplateRole; import java.util.HashSet; -import java.util.List; public class AffiliatedResource extends AuthorizationResource { private HashSet dmpUserRoles; + private HashSet userDescriptionTemplateRoles; public AffiliatedResource() { - dmpUserRoles = new HashSet<>(); - } - - public AffiliatedResource(DmpUserRole dmpUserRole) { - this(List.of(dmpUserRole)); - } - - public AffiliatedResource(List dmpUserRoles) { - this.dmpUserRoles = new HashSet<>(dmpUserRoles); + this.dmpUserRoles = new HashSet<>(); + this.userDescriptionTemplateRoles = new HashSet<>(); } public HashSet getDmpUserRoles() { - return dmpUserRoles; + return this.dmpUserRoles; } public void setDmpUserRoles(HashSet dmpUserRoles) { this.dmpUserRoles = dmpUserRoles; } + + public HashSet getUserDescriptionTemplateRoles() { + return this.userDescriptionTemplateRoles; + } + + public void setUserDescriptionTemplateRoles(HashSet userDescriptionTemplateRoles) { + this.userDescriptionTemplateRoles = userDescriptionTemplateRoles; + } } diff --git a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationConfiguration.java b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationConfiguration.java index 9cf23acee..b883f908e 100644 --- a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationConfiguration.java +++ b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationConfiguration.java @@ -6,4 +6,13 @@ import org.springframework.context.annotation.Configuration; @Configuration("AppAuthorizationConfiguration") @EnableConfigurationProperties(AuthorizationProperties.class) public class AuthorizationConfiguration { + private final AuthorizationProperties authorizationProperties; + + public AuthorizationConfiguration(AuthorizationProperties authorizationProperties) { + this.authorizationProperties = authorizationProperties; + } + + public AuthorizationProperties getAuthorizationProperties() { + return this.authorizationProperties; + } } diff --git a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationFlags.java b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationFlags.java index ec97c0450..bf8554aac 100644 --- a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationFlags.java +++ b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationFlags.java @@ -3,7 +3,7 @@ package org.opencdmp.authorization; import java.util.EnumSet; public enum AuthorizationFlags { - None, Permission, DmpAssociated, Public, Owner; - public static final EnumSet OwnerOrDmpAssociatedOrPermission = EnumSet.of(DmpAssociated, Permission, Owner); - public static final EnumSet OwnerOrDmpAssociatedOrPermissionOrPublic = EnumSet.of(DmpAssociated, Permission, Owner, Public); + None, Permission, DmpAssociated, Public, Owner, DescriptionTemplateAssociated; + public static final EnumSet AllExceptPublic = EnumSet.of(DmpAssociated, Permission, Owner, DescriptionTemplateAssociated); + public static final EnumSet All = EnumSet.of(DmpAssociated, Permission, Owner, Public); } diff --git a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java index 61b5f6057..da7cbd4de 100644 --- a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java +++ b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java @@ -18,7 +18,7 @@ public class AuthorizationProperties { private List allowedGlobalRoles; public List getGlobalAdminRoles() { - return globalAdminRoles; + return this.globalAdminRoles; } public void setGlobalAdminRoles(List globalAdminRoles) { @@ -26,7 +26,7 @@ public class AuthorizationProperties { } public String getAdminRole() { - return adminRole; + return this.adminRole; } public void setAdminRole(String adminRole) { diff --git a/backend/core/src/main/java/org/opencdmp/authorization/authorizationcontentresolver/AuthorizationContentResolver.java b/backend/core/src/main/java/org/opencdmp/authorization/authorizationcontentresolver/AuthorizationContentResolver.java index a8793f40a..3e38bd9d9 100644 --- a/backend/core/src/main/java/org/opencdmp/authorization/authorizationcontentresolver/AuthorizationContentResolver.java +++ b/backend/core/src/main/java/org/opencdmp/authorization/authorizationcontentresolver/AuthorizationContentResolver.java @@ -13,6 +13,12 @@ public interface AuthorizationContentResolver { Map dmpsAffiliation(List ids); + AffiliatedResource descriptionTemplateAffiliation(UUID id); + + Map descriptionTemplateAffiliation(List ids); + + boolean hasAtLeastOneDescriptionTemplateAffiliation(); + AffiliatedResource descriptionAffiliation(UUID id); Map descriptionsAffiliation(List ids); diff --git a/backend/core/src/main/java/org/opencdmp/authorization/authorizationcontentresolver/AuthorizationContentResolverImpl.java b/backend/core/src/main/java/org/opencdmp/authorization/authorizationcontentresolver/AuthorizationContentResolverImpl.java index db7711ea7..e78baa5f2 100644 --- a/backend/core/src/main/java/org/opencdmp/authorization/authorizationcontentresolver/AuthorizationContentResolverImpl.java +++ b/backend/core/src/main/java/org/opencdmp/authorization/authorizationcontentresolver/AuthorizationContentResolverImpl.java @@ -7,16 +7,15 @@ import org.opencdmp.authorization.PermissionNameProvider; import org.opencdmp.commons.enums.IsActive; import org.opencdmp.commons.scope.tenant.TenantScope; import org.opencdmp.commons.scope.user.UserScope; -import org.opencdmp.data.DescriptionEntity; -import org.opencdmp.data.DmpDescriptionTemplateEntity; -import org.opencdmp.data.DmpEntity; -import org.opencdmp.data.DmpUserEntity; +import org.opencdmp.data.*; import org.opencdmp.model.DmpDescriptionTemplate; import org.opencdmp.model.DmpUser; +import org.opencdmp.model.UserDescriptionTemplate; import org.opencdmp.model.description.Description; import org.opencdmp.query.DescriptionQuery; import org.opencdmp.query.DmpDescriptionTemplateQuery; import org.opencdmp.query.DmpUserQuery; +import org.opencdmp.query.UserDescriptionTemplateQuery; import org.springframework.stereotype.Service; import org.springframework.web.context.annotation.RequestScope; @@ -71,6 +70,42 @@ public class AuthorizationContentResolverImpl implements AuthorizationContentRes return affiliatedResources; } + @Override + public AffiliatedResource descriptionTemplateAffiliation(UUID id) { + return this.descriptionTemplateAffiliation(List.of(id)).getOrDefault(id, new AffiliatedResource()); + } + + @Override + public Map descriptionTemplateAffiliation(List ids){ + UUID userId = this.userScope.getUserIdSafe(); + Map affiliatedResources = new HashMap<>(); + for (UUID id : ids){ + affiliatedResources.put(id, new AffiliatedResource()); + } + if (userId == null || !this.userScope.isSet()) return affiliatedResources; + + List idsToResolve = this.getAffiliatedFromCache(ids, userId, affiliatedResources, DescriptionTemplateEntity.class.getSimpleName()); + if (idsToResolve.isEmpty()) return affiliatedResources; + + List userDescriptionTemplates = this.queryFactory.query(UserDescriptionTemplateQuery.class).disableTracking().descriptionTemplateIds(ids).userIds(userId).isActive(IsActive.Active).collectAs(new BaseFieldSet().ensure(UserDescriptionTemplate._role).ensure(UserDescriptionTemplate._descriptionTemplate)); + + for (UserDescriptionTemplateEntity dmpUser : userDescriptionTemplates){ + affiliatedResources.get(dmpUser.getDescriptionTemplateId()).getUserDescriptionTemplateRoles().add(dmpUser.getRole()); + } + + this.ensureAffiliatedInCache(idsToResolve, userId, affiliatedResources, DmpEntity.class.getSimpleName()); + return affiliatedResources; + } + + @Override + public boolean hasAtLeastOneDescriptionTemplateAffiliation(){ + UUID userId = this.userScope.getUserIdSafe(); + if (userId == null || !this.userScope.isSet()) return false; + + //TODO: investigate if we want to use cache + return this.queryFactory.query(UserDescriptionTemplateQuery.class).disableTracking().userIds(userId).isActive(IsActive.Active).count() > 0; + } + @Override public AffiliatedResource descriptionAffiliation(UUID id) { return this.descriptionsAffiliation(List.of(id)).getOrDefault(id, new AffiliatedResource()); diff --git a/backend/core/src/main/java/org/opencdmp/data/DmpUserEntity.java b/backend/core/src/main/java/org/opencdmp/data/DmpUserEntity.java index 6a1755a94..bc0027d55 100644 --- a/backend/core/src/main/java/org/opencdmp/data/DmpUserEntity.java +++ b/backend/core/src/main/java/org/opencdmp/data/DmpUserEntity.java @@ -1,11 +1,11 @@ package org.opencdmp.data; +import jakarta.persistence.*; import org.opencdmp.commons.enums.DmpUserRole; import org.opencdmp.commons.enums.IsActive; import org.opencdmp.data.converters.enums.DmpUserRoleConverter; import org.opencdmp.data.converters.enums.IsActiveConverter; import org.opencdmp.data.tenant.TenantScopedBaseEntity; -import jakarta.persistence.*; import java.time.Instant; import java.util.UUID; @@ -57,7 +57,7 @@ public class DmpUserEntity extends TenantScopedBaseEntity { public static final String _isActive = "isActive"; public UUID getId() { - return id; + return this.id; } public void setId(UUID id) { @@ -65,7 +65,7 @@ public class DmpUserEntity extends TenantScopedBaseEntity { } public UUID getDmpId() { - return dmpId; + return this.dmpId; } public void setDmpId(UUID dmpId) { @@ -73,7 +73,7 @@ public class DmpUserEntity extends TenantScopedBaseEntity { } public UUID getUserId() { - return userId; + return this.userId; } public void setUserId(UUID userId) { @@ -81,7 +81,7 @@ public class DmpUserEntity extends TenantScopedBaseEntity { } public DmpUserRole getRole() { - return role; + return this.role; } public void setRole(DmpUserRole role) { @@ -89,7 +89,7 @@ public class DmpUserEntity extends TenantScopedBaseEntity { } public UUID getSectionId() { - return sectionId; + return this.sectionId; } public void setSectionId(UUID sectionId) { @@ -97,7 +97,7 @@ public class DmpUserEntity extends TenantScopedBaseEntity { } public Instant getCreatedAt() { - return createdAt; + return this.createdAt; } public void setCreatedAt(Instant createdAt) { @@ -105,7 +105,7 @@ public class DmpUserEntity extends TenantScopedBaseEntity { } public Instant getUpdatedAt() { - return updatedAt; + return this.updatedAt; } public void setUpdatedAt(Instant updatedAt) { @@ -113,7 +113,7 @@ public class DmpUserEntity extends TenantScopedBaseEntity { } public IsActive getIsActive() { - return isActive; + return this.isActive; } public void setIsActive(IsActive isActive) { diff --git a/backend/core/src/main/java/org/opencdmp/model/builder/UserBuilder.java b/backend/core/src/main/java/org/opencdmp/model/builder/UserBuilder.java index 1235da346..a0124bd2c 100644 --- a/backend/core/src/main/java/org/opencdmp/model/builder/UserBuilder.java +++ b/backend/core/src/main/java/org/opencdmp/model/builder/UserBuilder.java @@ -8,8 +8,8 @@ import gr.cite.tools.fieldset.BaseFieldSet; import gr.cite.tools.fieldset.FieldSet; import gr.cite.tools.logging.DataLogEntry; import gr.cite.tools.logging.LoggerService; +import org.opencdmp.authorization.AuthorizationConfiguration; import org.opencdmp.authorization.AuthorizationFlags; -import org.opencdmp.authorization.AuthorizationProperties; import org.opencdmp.commons.JsonHandlingService; import org.opencdmp.commons.scope.tenant.TenantScope; import org.opencdmp.commons.types.user.AdditionalInfoEntity; @@ -43,7 +43,7 @@ public class UserBuilder extends BaseBuilder { private final BuilderFactory builderFactory; private final JsonHandlingService jsonHandlingService; - private final AuthorizationProperties authorizationProperties; + private final AuthorizationConfiguration authorizationConfiguration; private final TenantScope tenantScope; @@ -52,12 +52,12 @@ public class UserBuilder extends BaseBuilder { @Autowired public UserBuilder(ConventionService conventionService, QueryFactory queryFactory, - BuilderFactory builderFactory, JsonHandlingService jsonHandlingService, AuthorizationProperties authorizationProperties, TenantScope tenantScope) { + BuilderFactory builderFactory, JsonHandlingService jsonHandlingService, AuthorizationConfiguration authorizationConfiguration, TenantScope tenantScope) { super(conventionService, new LoggerService(LoggerFactory.getLogger(UserBuilder.class))); this.queryFactory = queryFactory; this.builderFactory = builderFactory; this.jsonHandlingService = jsonHandlingService; - this.authorizationProperties = authorizationProperties; + this.authorizationConfiguration = authorizationConfiguration; this.tenantScope = tenantScope; } @@ -139,7 +139,7 @@ public class UserBuilder extends BaseBuilder { Map> itemMap; FieldSet clone = new BaseFieldSet(fields.getFields()).ensure(this.asIndexer(UserRole._user, User._id)); - UserRoleQuery query = this.queryFactory.query(UserRoleQuery.class).disableTracking().authorize(this.authorize).tenantIsSet(false).roles(this.authorizationProperties.getAllowedGlobalRoles()).userIds(data.stream().map(UserEntity::getId).distinct().collect(Collectors.toList())); + UserRoleQuery query = this.queryFactory.query(UserRoleQuery.class).disableTracking().authorize(this.authorize).tenantIsSet(false).roles(this.authorizationConfiguration.getAuthorizationProperties().getAllowedGlobalRoles()).userIds(data.stream().map(UserEntity::getId).distinct().collect(Collectors.toList())); itemMap = this.builderFactory.builder(UserRoleBuilder.class).authorize(this.authorize).asMasterKey(query, clone, x -> x.getUser().getId()); if (!fields.hasField(this.asIndexer(UserRole._user, User._id))) { @@ -159,7 +159,7 @@ public class UserBuilder extends BaseBuilder { if (!this.tenantScope.isSet()) throw new MyForbiddenException("tenant scope required"); - UserRoleQuery query = this.queryFactory.query(UserRoleQuery.class).disableTracking().authorize(this.authorize).roles(this.authorizationProperties.getAllowedTenantRoles()).userIds(data.stream().map(UserEntity::getId).distinct().collect(Collectors.toList())); + UserRoleQuery query = this.queryFactory.query(UserRoleQuery.class).disableTracking().authorize(this.authorize).roles(this.authorizationConfiguration.getAuthorizationProperties().getAllowedTenantRoles()).userIds(data.stream().map(UserEntity::getId).distinct().collect(Collectors.toList())); if (this.tenantScope.isDefaultTenant()) query.tenantIsSet(false); else { try { diff --git a/backend/core/src/main/java/org/opencdmp/model/builder/commonmodels/description/FieldCommonModelBuilder.java b/backend/core/src/main/java/org/opencdmp/model/builder/commonmodels/description/FieldCommonModelBuilder.java index ade4abd33..775a3aa3c 100644 --- a/backend/core/src/main/java/org/opencdmp/model/builder/commonmodels/description/FieldCommonModelBuilder.java +++ b/backend/core/src/main/java/org/opencdmp/model/builder/commonmodels/description/FieldCommonModelBuilder.java @@ -161,7 +161,7 @@ public class FieldCommonModelBuilder extends BaseCommonModelBuilder tagIds = data.stream().map(FieldEntity::getTextListValue).filter(Objects::nonNull).flatMap(List::stream).filter(x-> !this.conventionService.isNullOrEmpty(x)).map(UUID::fromString).distinct().collect(Collectors.toList()); - List existingTags = this.queryFactory.query(TagQuery.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).disableTracking().ids(tagIds).collectAs(new BaseFieldSet().ensure(Tag._id).ensure(Tag._label)); + List existingTags = this.queryFactory.query(TagQuery.class).authorize(AuthorizationFlags.AllExceptPublic).disableTracking().ids(tagIds).collectAs(new BaseFieldSet().ensure(Tag._id).ensure(Tag._label)); Map itemMap = new HashMap<>(); for (UUID tag : tagIds){ diff --git a/backend/core/src/main/java/org/opencdmp/model/builder/descriptiontemplate/DescriptionTemplateBuilder.java b/backend/core/src/main/java/org/opencdmp/model/builder/descriptiontemplate/DescriptionTemplateBuilder.java index f0e410e1b..316e834b8 100644 --- a/backend/core/src/main/java/org/opencdmp/model/builder/descriptiontemplate/DescriptionTemplateBuilder.java +++ b/backend/core/src/main/java/org/opencdmp/model/builder/descriptiontemplate/DescriptionTemplateBuilder.java @@ -1,5 +1,6 @@ package org.opencdmp.model.builder.descriptiontemplate; +import gr.cite.commons.web.authz.service.AuthorizationService; import gr.cite.tools.data.builder.BuilderFactory; import gr.cite.tools.data.query.QueryFactory; import gr.cite.tools.exception.MyApplicationException; @@ -7,7 +8,9 @@ import gr.cite.tools.fieldset.BaseFieldSet; import gr.cite.tools.fieldset.FieldSet; import gr.cite.tools.logging.DataLogEntry; import gr.cite.tools.logging.LoggerService; +import org.opencdmp.authorization.AffiliatedResource; import org.opencdmp.authorization.AuthorizationFlags; +import org.opencdmp.authorization.authorizationcontentresolver.AuthorizationContentResolver; import org.opencdmp.commons.XmlHandlingService; import org.opencdmp.commons.scope.tenant.TenantScope; import org.opencdmp.commons.types.descriptiontemplate.DefinitionEntity; @@ -19,6 +22,7 @@ import org.opencdmp.model.builder.BaseBuilder; import org.opencdmp.model.builder.DescriptionTemplateTypeBuilder; import org.opencdmp.model.builder.UserDescriptionTemplateBuilder; import org.opencdmp.model.descriptiontemplate.DescriptionTemplate; +import org.opencdmp.model.dmp.Dmp; import org.opencdmp.query.DescriptionTemplateTypeQuery; import org.opencdmp.query.UserDescriptionTemplateQuery; import org.slf4j.LoggerFactory; @@ -42,15 +46,19 @@ public class DescriptionTemplateBuilder extends BaseBuilder values) { @@ -71,6 +79,9 @@ public class DescriptionTemplateBuilder extends BaseBuilder> usersMap = this.collectUserDescriptionTemplates(usersFields, data); + Set authorizationFlags = this.extractAuthorizationFlags(fields, Dmp._authorizationFlags, this.authorizationContentResolver.getPermissionNames()); + Map affiliatedResourceMap = authorizationFlags == null || authorizationFlags.isEmpty() ? null : this.authorizationContentResolver.descriptionTemplateAffiliation(data.stream().map(DescriptionTemplateEntity::getId).collect(Collectors.toList())); + FieldSet definitionFields = fields.extractPrefixed(this.asPrefix(DescriptionTemplate._definition)); List models = new ArrayList<>(); for (DescriptionTemplateEntity d : data) { @@ -108,6 +119,7 @@ public class DescriptionTemplateBuilder extends BaseBuilder x.getId()); + DescriptionTemplateType::getId); } else { FieldSet clone = new BaseFieldSet(fields.getFields()).ensure(DescriptionTemplateType._id); DescriptionTemplateTypeQuery q = this.queryFactory.query(DescriptionTemplateTypeQuery.class).disableTracking().ids(data.stream().map(DescriptionTemplateEntity::getTypeId).distinct().collect(Collectors.toList())); itemMap = this.builderFactory.builder(DescriptionTemplateTypeBuilder.class).asForeignKey(q, clone, DescriptionTemplateType::getId); } if (!fields.hasField(DescriptionTemplateType._id)) { - itemMap.values().stream().filter(Objects::nonNull).map(x -> { + itemMap.values().stream().filter(Objects::nonNull).forEach(x -> { x.setId(null); - return x; - }).collect(Collectors.toList()); + }); } return itemMap; @@ -155,10 +166,9 @@ public class DescriptionTemplateBuilder extends BaseBuilder x.getDescriptionTemplate().getId()); if (!fields.hasField(this.asIndexer(UserDescriptionTemplate._descriptionTemplate, DescriptionTemplate._id))) { - itemMap.values().stream().flatMap(List::stream).filter(x -> x != null && x.getDescriptionTemplate() != null).map(x -> { + itemMap.values().stream().flatMap(List::stream).filter(x -> x != null && x.getDescriptionTemplate() != null).forEach(x -> { x.getDescriptionTemplate().setId(null); - return x; - }).collect(Collectors.toList()); + }); } return itemMap; } diff --git a/backend/core/src/main/java/org/opencdmp/model/deleter/DmpDeleter.java b/backend/core/src/main/java/org/opencdmp/model/deleter/DmpDeleter.java index 114481437..e455fb756 100644 --- a/backend/core/src/main/java/org/opencdmp/model/deleter/DmpDeleter.java +++ b/backend/core/src/main/java/org/opencdmp/model/deleter/DmpDeleter.java @@ -1,21 +1,21 @@ package org.opencdmp.model.deleter; -import org.opencdmp.authorization.AuthorizationFlags; -import org.opencdmp.commons.enums.DmpVersionStatus; -import org.opencdmp.commons.enums.EntityType; -import org.opencdmp.commons.enums.IsActive; -import org.opencdmp.data.*; -import org.opencdmp.model.description.Description; -import org.opencdmp.model.DmpDescriptionTemplate; -import org.opencdmp.model.dmpreference.DmpReference; -import org.opencdmp.query.*; -import org.opencdmp.service.elastic.ElasticService; import gr.cite.tools.data.deleter.Deleter; import gr.cite.tools.data.deleter.DeleterFactory; import gr.cite.tools.data.query.QueryFactory; import gr.cite.tools.exception.MyApplicationException; import gr.cite.tools.logging.LoggerService; import gr.cite.tools.logging.MapLogEntry; +import org.opencdmp.authorization.AuthorizationFlags; +import org.opencdmp.commons.enums.DmpVersionStatus; +import org.opencdmp.commons.enums.EntityType; +import org.opencdmp.commons.enums.IsActive; +import org.opencdmp.data.*; +import org.opencdmp.model.DmpDescriptionTemplate; +import org.opencdmp.model.description.Description; +import org.opencdmp.model.dmpreference.DmpReference; +import org.opencdmp.query.*; +import org.opencdmp.service.elastic.ElasticService; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.config.ConfigurableBeanFactory; @@ -30,7 +30,7 @@ import java.util.Optional; import java.util.UUID; @Component -@Scope(value = ConfigurableBeanFactory.SCOPE_PROTOTYPE) +@Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE) public class DmpDeleter implements Deleter { private static final LoggerService logger = new LoggerService(LoggerFactory.getLogger(DmpDeleter.class)); @@ -104,7 +104,7 @@ public class DmpDeleter implements Deleter { for (DmpEntity item : data) { logger.trace("deleting item {}", item.getId()); - EntityDoiQuery entityDoiQuery = this.queryFactory.query(EntityDoiQuery.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).types(EntityType.DMP).entityIds(item.getId()); + EntityDoiQuery entityDoiQuery = this.queryFactory.query(EntityDoiQuery.class).authorize(AuthorizationFlags.AllExceptPublic).types(EntityType.DMP).entityIds(item.getId()); if (entityDoiQuery.count() > 0) throw new MyApplicationException("DMP is deposited can not deleted"); if(item.getVersionStatus().equals(DmpVersionStatus.Current)) throw new MyApplicationException("DMP is current can not deleted"); item.setIsActive(IsActive.Inactive); diff --git a/backend/core/src/main/java/org/opencdmp/model/descriptiontemplate/DescriptionTemplate.java b/backend/core/src/main/java/org/opencdmp/model/descriptiontemplate/DescriptionTemplate.java index 4c9b4ebf1..b29c78b09 100644 --- a/backend/core/src/main/java/org/opencdmp/model/descriptiontemplate/DescriptionTemplate.java +++ b/backend/core/src/main/java/org/opencdmp/model/descriptiontemplate/DescriptionTemplate.java @@ -5,7 +5,6 @@ import org.opencdmp.commons.enums.DescriptionTemplateVersionStatus; import org.opencdmp.commons.enums.IsActive; import org.opencdmp.model.DescriptionTemplateType; import org.opencdmp.model.UserDescriptionTemplate; -import org.opencdmp.model.descriptiontemplate.Definition; import java.time.Instant; import java.util.List; @@ -58,11 +57,14 @@ public class DescriptionTemplate { public final static String _hash = "hash"; private String hash; + private List authorizationFlags; + public static final String _authorizationFlags = "authorizationFlags"; + private Boolean belongsToCurrentTenant; public static final String _belongsToCurrentTenant = "belongsToCurrentTenant"; public UUID getId() { - return id; + return this.id; } public void setId(UUID id) { @@ -70,7 +72,7 @@ public class DescriptionTemplate { } public String getLabel() { - return label; + return this.label; } public void setLabel(String label) { @@ -78,7 +80,7 @@ public class DescriptionTemplate { } public String getDescription() { - return description; + return this.description; } public void setDescription(String description) { @@ -86,7 +88,7 @@ public class DescriptionTemplate { } public UUID getGroupId() { - return groupId; + return this.groupId; } public void setGroupId(UUID groupId) { @@ -94,7 +96,7 @@ public class DescriptionTemplate { } public Short getVersion() { - return version; + return this.version; } public void setVersion(Short version) { @@ -102,7 +104,7 @@ public class DescriptionTemplate { } public String getLanguage() { - return language; + return this.language; } public void setLanguage(String language) { @@ -110,7 +112,7 @@ public class DescriptionTemplate { } public DescriptionTemplateType getType() { - return type; + return this.type; } public void setType(DescriptionTemplateType type) { @@ -118,7 +120,7 @@ public class DescriptionTemplate { } public Definition getDefinition() { - return definition; + return this.definition; } public void setDefinition(Definition definition) { @@ -126,7 +128,7 @@ public class DescriptionTemplate { } public Instant getCreatedAt() { - return createdAt; + return this.createdAt; } public void setCreatedAt(Instant createdAt) { @@ -134,7 +136,7 @@ public class DescriptionTemplate { } public Instant getUpdatedAt() { - return updatedAt; + return this.updatedAt; } public void setUpdatedAt(Instant updatedAt) { @@ -142,7 +144,7 @@ public class DescriptionTemplate { } public IsActive getIsActive() { - return isActive; + return this.isActive; } public void setIsActive(IsActive isActive) { @@ -150,7 +152,7 @@ public class DescriptionTemplate { } public DescriptionTemplateStatus getStatus() { - return status; + return this.status; } public void setStatus(DescriptionTemplateStatus status) { @@ -158,7 +160,7 @@ public class DescriptionTemplate { } public List getUsers() { - return users; + return this.users; } public void setUsers(List users) { @@ -166,7 +168,7 @@ public class DescriptionTemplate { } public String getHash() { - return hash; + return this.hash; } public void setHash(String hash) { @@ -174,15 +176,23 @@ public class DescriptionTemplate { } public DescriptionTemplateVersionStatus getVersionStatus() { - return versionStatus; + return this.versionStatus; } public void setVersionStatus(DescriptionTemplateVersionStatus versionStatus) { this.versionStatus = versionStatus; } + public List getAuthorizationFlags() { + return this.authorizationFlags; + } + + public void setAuthorizationFlags(List authorizationFlags) { + this.authorizationFlags = authorizationFlags; + } + public Boolean getBelongsToCurrentTenant() { - return belongsToCurrentTenant; + return this.belongsToCurrentTenant; } public void setBelongsToCurrentTenant(Boolean belongsToCurrentTenant) { diff --git a/backend/core/src/main/java/org/opencdmp/model/persist/DescriptionPersist.java b/backend/core/src/main/java/org/opencdmp/model/persist/DescriptionPersist.java index cfbd43d95..b37bb69ec 100644 --- a/backend/core/src/main/java/org/opencdmp/model/persist/DescriptionPersist.java +++ b/backend/core/src/main/java/org/opencdmp/model/persist/DescriptionPersist.java @@ -244,7 +244,7 @@ public class DescriptionPersist { DmpDescriptionTemplateEntity dmpDescriptionTemplateEntity = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().ids(dmpDescriptionTemplateId).isActive(IsActive.Active).dmpIds(dmpId).first(); if (dmpDescriptionTemplateEntity == null) return true; - List descriptionEntities = this.queryFactory.query(DescriptionQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).dmpIds(dmpId).dmpDescriptionTemplateIds(dmpDescriptionTemplateId).isActive(IsActive.Active).collect(); + List descriptionEntities = this.queryFactory.query(DescriptionQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).dmpIds(dmpId).dmpDescriptionTemplateIds(dmpDescriptionTemplateId).isActive(IsActive.Active).collect(); for (SectionEntity section: definition.getSections()) { if (dmpDescriptionTemplateEntity.getSectionId().equals(section.getId()) && section.getHasTemplates() && !this.isListNullOrEmpty(section.getDescriptionTemplates())){ diff --git a/backend/core/src/main/java/org/opencdmp/model/persist/DmpPersist.java b/backend/core/src/main/java/org/opencdmp/model/persist/DmpPersist.java index db26b6452..df4c431c4 100644 --- a/backend/core/src/main/java/org/opencdmp/model/persist/DmpPersist.java +++ b/backend/core/src/main/java/org/opencdmp/model/persist/DmpPersist.java @@ -274,8 +274,8 @@ public class DmpPersist { org.opencdmp.commons.types.dmpblueprint.DefinitionEntity definition = this.xmlHandlingService.fromXmlSafe(org.opencdmp.commons.types.dmpblueprint.DefinitionEntity.class, dmpBlueprintEntity.getDefinition()); if (definition == null || this.isListNullOrEmpty(definition.getSections())) return true; - List dmpDescriptionTemplateEntities = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).dmpIds(dmpId).collect(); - List descriptionEntities = this.queryFactory.query(DescriptionQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).dmpIds(dmpId).isActive(IsActive.Active).collect(); + List dmpDescriptionTemplateEntities = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).isActive(IsActive.Active).dmpIds(dmpId).collect(); + List descriptionEntities = this.queryFactory.query(DescriptionQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).dmpIds(dmpId).isActive(IsActive.Active).collect(); for (SectionEntity section: definition.getSections()) { if (section.getHasTemplates() && !this.isListNullOrEmpty(section.getDescriptionTemplates())){ diff --git a/backend/core/src/main/java/org/opencdmp/model/persist/dmpproperties/DmpBlueprintValuePersist.java b/backend/core/src/main/java/org/opencdmp/model/persist/dmpproperties/DmpBlueprintValuePersist.java index e8fcdddc6..8301d62dc 100644 --- a/backend/core/src/main/java/org/opencdmp/model/persist/dmpproperties/DmpBlueprintValuePersist.java +++ b/backend/core/src/main/java/org/opencdmp/model/persist/dmpproperties/DmpBlueprintValuePersist.java @@ -174,7 +174,7 @@ public class DmpBlueprintValuePersist { private String getReferenceTypeName(FieldEntity fieldEntity){ if (fieldEntity instanceof ReferenceTypeFieldEntity) { - return this.queryFactory.query(ReferenceTypeQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(((ReferenceTypeFieldEntity)fieldEntity).getReferenceTypeId()).firstAs(new BaseFieldSet().ensure(ReferenceType._name)).getName(); + return this.queryFactory.query(ReferenceTypeQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(((ReferenceTypeFieldEntity)fieldEntity).getReferenceTypeId()).firstAs(new BaseFieldSet().ensure(ReferenceType._name)).getName(); } return ""; } diff --git a/backend/core/src/main/java/org/opencdmp/query/DescriptionTemplateQuery.java b/backend/core/src/main/java/org/opencdmp/query/DescriptionTemplateQuery.java index e81c0c85d..df790e8b5 100644 --- a/backend/core/src/main/java/org/opencdmp/query/DescriptionTemplateQuery.java +++ b/backend/core/src/main/java/org/opencdmp/query/DescriptionTemplateQuery.java @@ -15,10 +15,7 @@ import org.opencdmp.commons.enums.DescriptionTemplateStatus; import org.opencdmp.commons.enums.DescriptionTemplateVersionStatus; import org.opencdmp.commons.enums.IsActive; import org.opencdmp.commons.scope.user.UserScope; -import org.opencdmp.data.DescriptionTemplateEntity; -import org.opencdmp.data.DmpDescriptionTemplateEntity; -import org.opencdmp.data.DmpEntity; -import org.opencdmp.data.TenantEntityManager; +import org.opencdmp.data.*; import org.opencdmp.model.descriptiontemplate.DescriptionTemplate; import org.opencdmp.query.utils.BuildSubQueryInput; import org.opencdmp.query.utils.QueryUtilsService; @@ -54,6 +51,7 @@ public class DescriptionTemplateQuery extends QueryBase typeIds; private Instant after; + private Boolean onlyCanEdit; private DmpDescriptionTemplateQuery dmpDescriptionTemplateQuery; @@ -204,6 +202,11 @@ public class DescriptionTemplateQuery extends QueryBase subquery = this.queryUtilsService.buildSubQuery(new BuildSubQueryInput<>( + new BuildSubQueryInput.Builder<>(UserDescriptionTemplateEntity.class, UUID.class, queryContext) + .keyPathFunc((subQueryRoot) -> subQueryRoot.get(UserDescriptionTemplateEntity._descriptionTemplateId)) + .filterFunc((subQueryRoot, cb) -> + cb.in(subQueryRoot.get(UserDescriptionTemplateEntity._userId)).value(userId) + ) + )); + predicates.add(queryContext.CriteriaBuilder.in(queryContext.Root.get(DescriptionTemplateEntity._id)).value(subquery)); + } + } + } if (this.dmpDescriptionTemplateQuery != null) { QueryContext subQuery = this.applySubQuery(this.dmpDescriptionTemplateQuery, queryContext, UUID.class, dmpDescriptionTemplateEntityRoot -> dmpDescriptionTemplateEntityRoot.get(DmpDescriptionTemplateEntity._descriptionTemplateGroupId)); diff --git a/backend/core/src/main/java/org/opencdmp/query/lookup/DescriptionTemplateLookup.java b/backend/core/src/main/java/org/opencdmp/query/lookup/DescriptionTemplateLookup.java index c4bf67b28..9f0037c5a 100644 --- a/backend/core/src/main/java/org/opencdmp/query/lookup/DescriptionTemplateLookup.java +++ b/backend/core/src/main/java/org/opencdmp/query/lookup/DescriptionTemplateLookup.java @@ -1,11 +1,11 @@ package org.opencdmp.query.lookup; +import gr.cite.tools.data.query.Lookup; +import gr.cite.tools.data.query.QueryFactory; import org.opencdmp.commons.enums.DescriptionTemplateStatus; import org.opencdmp.commons.enums.DescriptionTemplateVersionStatus; import org.opencdmp.commons.enums.IsActive; import org.opencdmp.query.DescriptionTemplateQuery; -import gr.cite.tools.data.query.Lookup; -import gr.cite.tools.data.query.QueryFactory; import java.util.List; import java.util.UUID; @@ -31,9 +31,10 @@ public class DescriptionTemplateLookup extends Lookup { private List excludedIds; private List excludedGroupIds; + private Boolean onlyCanEdit; public String getLike() { - return like; + return this.like; } public void setLike(String like) { @@ -41,7 +42,7 @@ public class DescriptionTemplateLookup extends Lookup { } public List getIsActive() { - return isActive; + return this.isActive; } public void setIsActive(List isActive) { @@ -49,7 +50,7 @@ public class DescriptionTemplateLookup extends Lookup { } public List getGroupIds() { - return groupIds; + return this.groupIds; } public void setGroupIds(List groupIds) { @@ -57,7 +58,7 @@ public class DescriptionTemplateLookup extends Lookup { } public List getVersions() { - return versions; + return this.versions; } public void setVersions(List versions) { @@ -65,7 +66,7 @@ public class DescriptionTemplateLookup extends Lookup { } public List getStatuses() { - return statuses; + return this.statuses; } public void setStatuses(List statuses) { @@ -73,7 +74,7 @@ public class DescriptionTemplateLookup extends Lookup { } public List getVersionStatuses() { - return versionStatuses; + return this.versionStatuses; } public void setVersionStatuses(List versionStatuses) { @@ -81,7 +82,7 @@ public class DescriptionTemplateLookup extends Lookup { } public List getIds() { - return ids; + return this.ids; } public void setIds(List ids) { @@ -89,7 +90,7 @@ public class DescriptionTemplateLookup extends Lookup { } public List getTypeIds() { - return typeIds; + return this.typeIds; } public void setTypeIds(List typeIds) { @@ -97,7 +98,7 @@ public class DescriptionTemplateLookup extends Lookup { } public List getExcludedIds() { - return excludedIds; + return this.excludedIds; } public void setExcludedIds(List excludedIds) { @@ -105,13 +106,21 @@ public class DescriptionTemplateLookup extends Lookup { } public List getExcludedGroupIds() { - return excludedGroupIds; + return this.excludedGroupIds; } public void setExcludedGroupIds(List excludedGroupIds) { this.excludedGroupIds = excludedGroupIds; } + public Boolean getOnlyCanEdit() { + return this.onlyCanEdit; + } + + public void setOnlyCanEdit(Boolean onlyCanEdit) { + this.onlyCanEdit = onlyCanEdit; + } + public DescriptionTemplateQuery enrich(QueryFactory queryFactory) { DescriptionTemplateQuery query = queryFactory.query(DescriptionTemplateQuery.class); if (this.like != null) @@ -134,7 +143,8 @@ public class DescriptionTemplateLookup extends Lookup { query.versions(this.versions); if (this.versionStatuses != null) query.versionStatuses(this.versionStatuses); - + if (this.onlyCanEdit != null) + query.onlyCanEdit(this.onlyCanEdit); this.enrichCommon(query); return query; diff --git a/backend/core/src/main/java/org/opencdmp/service/dashborad/DashboardServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/dashborad/DashboardServiceImpl.java index 92d40bf35..c70c563d9 100644 --- a/backend/core/src/main/java/org/opencdmp/service/dashborad/DashboardServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/dashborad/DashboardServiceImpl.java @@ -77,7 +77,7 @@ public class DashboardServiceImpl implements DashboardService { descriptionLookup.getPage().setOffset(0); descriptionLookup.getPage().setSize(model.getPage().getSize()+model.getPage().getOffset()); - QueryResult descriptions = this.elasticQueryHelperService.collect(descriptionLookup, AuthorizationFlags.OwnerOrDmpAssociatedOrPermission, new BaseFieldSet().ensure(Description._id).ensure(Description._updatedAt).ensure(Description._status).ensure(Description._label)); + QueryResult descriptions = this.elasticQueryHelperService.collect(descriptionLookup, AuthorizationFlags.AllExceptPublic, new BaseFieldSet().ensure(Description._id).ensure(Description._updatedAt).ensure(Description._status).ensure(Description._label)); if (!this.conventionService.isListNullOrEmpty(descriptions.getItems())) { for (Description description : descriptions.getItems()) recentActivityItemEntities.add(new RecentActivityItemEntity(RecentActivityItemType.Description, description.getId(), description.getUpdatedAt(), description.getLabel(), description.getStatus().getValue())); } @@ -88,7 +88,7 @@ public class DashboardServiceImpl implements DashboardService { dmpLookup.getPage().setOffset(0); dmpLookup.getPage().setSize(model.getPage().getSize()+model.getPage().getOffset()); - QueryResult dmps = this.elasticQueryHelperService.collect(dmpLookup, AuthorizationFlags.OwnerOrDmpAssociatedOrPermission, new BaseFieldSet().ensure(Dmp._id).ensure(Dmp._updatedAt).ensure(Dmp._label).ensure(Dmp._status)); + QueryResult dmps = this.elasticQueryHelperService.collect(dmpLookup, AuthorizationFlags.AllExceptPublic, new BaseFieldSet().ensure(Dmp._id).ensure(Dmp._updatedAt).ensure(Dmp._label).ensure(Dmp._status)); if (!this.conventionService.isListNullOrEmpty(dmps.getItems())) { for (Dmp dmp : dmps.getItems()) recentActivityItemEntities.add(new RecentActivityItemEntity(RecentActivityItemType.Dmp, dmp.getId(), dmp.getUpdatedAt(), dmp.getLabel(), dmp.getStatus().getValue())); } @@ -109,7 +109,7 @@ public class DashboardServiceImpl implements DashboardService { if (model.getPage() != null){ recentActivityItemEntities = recentActivityItemEntities.stream().skip(model.getPage().getOffset()).limit(model.getPage().getSize()).toList(); } - return this.builderFactory.builder(RecentActivityItemBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(model.getProject()), recentActivityItemEntities); + return this.builderFactory.builder(RecentActivityItemBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(model.getProject()), recentActivityItemEntities); } @Override @@ -156,14 +156,14 @@ public class DashboardServiceImpl implements DashboardService { DmpQuery dmpQuery = this.queryFactory.query(DmpQuery.class).disableTracking().isActive(IsActive.Active).dmpUserSubQuery(dmpUserLookup).versionStatuses(List.of(DmpVersionStatus.Current, DmpVersionStatus.NotFinalized)); DashboardStatistics statistics = new DashboardStatistics(); - statistics.setDmpCount(dmpQuery.authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).count()); - statistics.setDescriptionCount(this.queryFactory.query(DescriptionQuery.class).disableTracking().isActive(IsActive.Active).dmpSubQuery(dmpQuery).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).count()); + statistics.setDmpCount(dmpQuery.authorize(AuthorizationFlags.AllExceptPublic).count()); + statistics.setDescriptionCount(this.queryFactory.query(DescriptionQuery.class).disableTracking().isActive(IsActive.Active).dmpSubQuery(dmpQuery).authorize(AuthorizationFlags.AllExceptPublic).count()); statistics.setReferenceTypeStatistics(new ArrayList<>()); if (!this.conventionService.isListNullOrEmpty(this.config.getReferenceTypeCounters())){ for (UUID typeId : this.config.getReferenceTypeCounters()){ DashboardReferenceTypeStatistics referenceTypeStatistics = new DashboardReferenceTypeStatistics(); - referenceTypeStatistics.setCount(this.queryFactory.query(ReferenceQuery.class).disableTracking().isActive(IsActive.Active).typeIds(typeId).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission) + referenceTypeStatistics.setCount(this.queryFactory.query(ReferenceQuery.class).disableTracking().isActive(IsActive.Active).typeIds(typeId).authorize(AuthorizationFlags.AllExceptPublic) .dmpReferenceSubQuery(this.queryFactory.query(DmpReferenceQuery.class).disableTracking().isActives(IsActive.Active) .dmpSubQuery(dmpQuery)).count()); referenceTypeStatistics.setReferenceType(this.builderFactory.builder(PublicReferenceTypeBuilder.class).build(new BaseFieldSet().ensure(PublicReferenceType._id), this.queryFactory.query(ReferenceTypeQuery.class).disableTracking().ids(typeId).first())); diff --git a/backend/core/src/main/java/org/opencdmp/service/deposit/DepositServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/deposit/DepositServiceImpl.java index bf7c836a4..980bc4cc2 100644 --- a/backend/core/src/main/java/org/opencdmp/service/deposit/DepositServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/deposit/DepositServiceImpl.java @@ -5,10 +5,8 @@ import gr.cite.commons.web.oidc.filter.webflux.TokenExchangeCacheService; import gr.cite.commons.web.oidc.filter.webflux.TokenExchangeFilterFunction; import gr.cite.commons.web.oidc.filter.webflux.TokenExchangeModel; import gr.cite.tools.data.builder.BuilderFactory; -import gr.cite.tools.data.query.Ordering; import gr.cite.tools.data.query.QueryFactory; import gr.cite.tools.exception.MyNotFoundException; -import gr.cite.tools.exception.MyValidationException; import gr.cite.tools.fieldset.BaseFieldSet; import gr.cite.tools.fieldset.FieldSet; import gr.cite.tools.logging.LoggerService; @@ -21,7 +19,6 @@ import org.opencdmp.authorization.authorizationcontentresolver.AuthorizationCont import org.opencdmp.commonmodels.models.FileEnvelopeModel; import org.opencdmp.commonmodels.models.dmp.DmpModel; import org.opencdmp.commons.JsonHandlingService; -import org.opencdmp.commons.enums.ContactInfoType; import org.opencdmp.commons.enums.IsActive; import org.opencdmp.commons.enums.StorageType; import org.opencdmp.commons.enums.TenantConfigurationType; @@ -29,7 +26,9 @@ import org.opencdmp.commons.notification.NotificationProperties; import org.opencdmp.commons.scope.tenant.TenantScope; import org.opencdmp.commons.scope.user.UserScope; import org.opencdmp.commons.types.deposit.DepositSourceEntity; -import org.opencdmp.commons.types.notification.*; +import org.opencdmp.commons.types.notification.DataType; +import org.opencdmp.commons.types.notification.FieldInfo; +import org.opencdmp.commons.types.notification.NotificationFieldData; import org.opencdmp.commons.types.tenantconfiguration.DepositTenantConfigurationEntity; import org.opencdmp.convention.ConventionService; import org.opencdmp.data.DmpEntity; @@ -43,7 +42,6 @@ import org.opencdmp.integrationevent.outbox.notification.NotifyIntegrationEvent; import org.opencdmp.integrationevent.outbox.notification.NotifyIntegrationEventHandler; import org.opencdmp.model.EntityDoi; import org.opencdmp.model.StorageFile; -import org.opencdmp.model.UserContactInfo; import org.opencdmp.model.builder.commonmodels.DepositConfigurationBuilder; import org.opencdmp.model.builder.commonmodels.dmp.DmpCommonModelBuilder; import org.opencdmp.model.persist.EntityDoiPersist; @@ -51,7 +49,10 @@ import org.opencdmp.model.persist.StorageFilePersist; import org.opencdmp.model.persist.deposit.DepositAuthenticateRequest; import org.opencdmp.model.persist.deposit.DepositRequest; import org.opencdmp.model.tenantconfiguration.TenantConfiguration; -import org.opencdmp.query.*; +import org.opencdmp.query.DmpQuery; +import org.opencdmp.query.DmpUserQuery; +import org.opencdmp.query.TenantConfigurationQuery; +import org.opencdmp.query.UserQuery; import org.opencdmp.service.encryption.EncryptionService; import org.opencdmp.service.entitydoi.EntityDoiService; import org.opencdmp.service.filetransformer.FileTransformerService; @@ -310,7 +311,7 @@ public class DepositServiceImpl implements DepositService { } //GK: Fifth Transform them to the DepositModel - DmpModel depositModel = this.builderFactory.builder(DmpCommonModelBuilder.class).useSharedStorage(depositClient.getConfiguration().isUseSharedStorage()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission) + DmpModel depositModel = this.builderFactory.builder(DmpCommonModelBuilder.class).useSharedStorage(depositClient.getConfiguration().isUseSharedStorage()).authorize(AuthorizationFlags.AllExceptPublic) .setRepositoryId(dmpDepositModel.getRepositoryId()).setPdfFile(pdfEnvelope).setRdaJsonFile(jsonEnvelope).build(dmpEntity); diff --git a/backend/core/src/main/java/org/opencdmp/service/description/DescriptionServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/description/DescriptionServiceImpl.java index b085e82a9..e86ada34a 100644 --- a/backend/core/src/main/java/org/opencdmp/service/description/DescriptionServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/description/DescriptionServiceImpl.java @@ -273,7 +273,7 @@ public class DescriptionServiceImpl implements DescriptionService { this.annotationEntityTouchedIntegrationEventHandler.handleDescription(data.getId()); this.elasticService.persistDescription(data); - return this.builderFactory.builder(DescriptionBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Description._id), data); + return this.builderFactory.builder(DescriptionBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, Description._id), data); } @Override public void updateDescriptionTemplate(UpdateDescriptionTemplatePersist model) throws InvalidApplicationException, IOException { @@ -453,13 +453,13 @@ public class DescriptionServiceImpl implements DescriptionService { this.annotationEntityTouchedIntegrationEventHandler.handleDescription(data.getId()); if (data.getStatus().equals(DescriptionStatus.Finalized)) this.sendNotification(data, true); } - return this.builderFactory.builder(DescriptionBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Description._id), data); + return this.builderFactory.builder(DescriptionBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, Description._id), data); } public List validate(List descriptionIds) throws InvalidApplicationException { List descriptionValidationResults = new ArrayList<>(); - List descriptions = this.queryFactory.query(DescriptionQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(descriptionIds).isActive(IsActive.Active).collect(); + List descriptions = this.queryFactory.query(DescriptionQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(descriptionIds).isActive(IsActive.Active).collect(); if (descriptions == null){ return null; } @@ -588,7 +588,7 @@ public class DescriptionServiceImpl implements DescriptionService { } else if (FieldType.isTagType(fieldType)) { if (!this.conventionService.isListNullOrEmpty(persist.getTags())){ - List existingTags = this.queryFactory.query(TagQuery.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).disableTracking().tags(persist.getTags().stream().distinct().toList()).collectAs(new BaseFieldSet().ensure(Tag._id).ensure(Tag._label)); + List existingTags = this.queryFactory.query(TagQuery.class).authorize(AuthorizationFlags.AllExceptPublic).disableTracking().tags(persist.getTags().stream().distinct().toList()).collectAs(new BaseFieldSet().ensure(Tag._id).ensure(Tag._label)); List values = new ArrayList<>(); for (String tag : persist.getTags().stream().distinct().toList()){ @@ -879,7 +879,7 @@ public class DescriptionServiceImpl implements DescriptionService { //this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.descriptionAffiliation(descriptionId)), Permission.CloneDescription); this.authorizationService.authorizeForce(Permission.EditDescription);//TODO: Missing Description or dmp for authz - DescriptionTemplateEntity descriptionTemplate = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().ids(model.getDescriptionTemplateId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).first(); + DescriptionTemplateEntity descriptionTemplate = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().ids(model.getDescriptionTemplateId()).authorize(AuthorizationFlags.AllExceptPublic).first(); if (descriptionTemplate == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{model.getDescriptionTemplateId(), DescriptionTemplate.class.getSimpleName()}, LocaleContextHolder.getLocale())); org.opencdmp.commons.types.descriptiontemplate.DefinitionEntity definition = this.xmlHandlingService.fromXmlSafe(org.opencdmp.commons.types.descriptiontemplate.DefinitionEntity.class, descriptionTemplate.getDefinition()); @@ -1066,7 +1066,7 @@ public class DescriptionServiceImpl implements DescriptionService { if (!this.conventionService.isListNullOrEmpty(data.getTextListValue())){ List tagIdsInField = data.getTextListValue().stream().filter(x -> this.conventionService.isValidGuid(UUID.fromString(x))).toList().stream().map(UUID::fromString).collect(Collectors.toList()); if (!this.conventionService.isListNullOrEmpty(tagIdsInField)){ - List tagsInField = this.queryFactory.query(TagQuery.class).isActive(IsActive.Active).ids(tagIdsInField).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).collect(); + List tagsInField = this.queryFactory.query(TagQuery.class).isActive(IsActive.Active).ids(tagIdsInField).disableTracking().authorize(AuthorizationFlags.All).collect(); if (!this.conventionService.isListNullOrEmpty(tagsInField)){ persist.setTags(tagsInField.stream().map(TagEntity::getLabel).toList()); } @@ -1115,7 +1115,7 @@ public class DescriptionServiceImpl implements DescriptionService { logger.debug(new MapLogEntry("export xml").And("id", id)); if (!ignoreAuthorize) this.authorizationService.authorizeForce(Permission.ExportDescription); - DescriptionEntity data = this.queryFactory.query(DescriptionQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).first(); + DescriptionEntity data = this.queryFactory.query(DescriptionQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.All).isActive(IsActive.Active).first(); if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Description.class.getSimpleName()}, LocaleContextHolder.getLocale())); PropertyDefinitionEntity definition = this.jsonHandlingService.fromJson(PropertyDefinitionEntity.class, data.getProperties()); @@ -1127,7 +1127,7 @@ public class DescriptionServiceImpl implements DescriptionService { logger.debug(new MapLogEntry("export xml").And("id", id)); this.authorizationService.authorizeForce(Permission.ExportDescription); - DescriptionEntity data = this.queryFactory.query(DescriptionQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).first(); + DescriptionEntity data = this.queryFactory.query(DescriptionQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.All).isActive(IsActive.Active).first(); if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Description.class.getSimpleName()}, LocaleContextHolder.getLocale())); String xml = this.xmlHandlingService.toXml(this.exportXmlEntity(data.getId(), false)); @@ -1141,17 +1141,17 @@ public class DescriptionServiceImpl implements DescriptionService { xml.setLabel(data.getLabel()); xml.setFinalizedAt(data.getFinalizedAt()); - DmpDescriptionTemplateEntity dmpDescriptionTemplateEntity = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().ids(data.getDmpDescriptionTemplateId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).first(); + DmpDescriptionTemplateEntity dmpDescriptionTemplateEntity = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().ids(data.getDmpDescriptionTemplateId()).authorize(AuthorizationFlags.All).isActive(IsActive.Active).first(); if (dmpDescriptionTemplateEntity != null) xml.setSectionId(dmpDescriptionTemplateEntity.getSectionId()); DescriptionTagQuery descriptionTagQuery = this.queryFactory.query(DescriptionTagQuery.class); descriptionTagQuery.descriptionIds(data.getId()); descriptionTagQuery.isActive(IsActive.Active); - List tagsEntities = this.queryFactory.query(TagQuery.class).disableTracking().descriptionTagSubQuery(descriptionTagQuery).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).collect(); + List tagsEntities = this.queryFactory.query(TagQuery.class).disableTracking().descriptionTagSubQuery(descriptionTagQuery).authorize(AuthorizationFlags.All).isActive(IsActive.Active).collect(); if (!this.conventionService.isListNullOrEmpty(tagsEntities)) xml.setTags(tagsEntities.stream().map(TagEntity::getLabel).collect(Collectors.toList())); - DescriptionTemplateEntity descriptionTemplateEntity = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().ids(data.getDescriptionTemplateId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).first(); + DescriptionTemplateEntity descriptionTemplateEntity = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().ids(data.getDescriptionTemplateId()).authorize(AuthorizationFlags.All).first(); if (descriptionTemplateEntity != null) { xml.setDescriptionTemplate(this.descriptionTemplateService.exportXmlEntity(descriptionTemplateEntity.getId(), true)); } @@ -1160,11 +1160,11 @@ public class DescriptionServiceImpl implements DescriptionService { xml.setProperties(this.descriptionPropertyDefinitionToExport(propertiesEntity)); } - List dmpReferences = this.queryFactory.query(DescriptionReferenceQuery.class).disableTracking().descriptionIds(data.getId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).collect(); + List dmpReferences = this.queryFactory.query(DescriptionReferenceQuery.class).disableTracking().descriptionIds(data.getId()).authorize(AuthorizationFlags.All).isActive(IsActive.Active).collect(); if (!this.conventionService.isListNullOrEmpty(dmpReferences)) { - List references = this.queryFactory.query(ReferenceQuery.class).disableTracking().ids(dmpReferences.stream().map(DescriptionReferenceEntity::getReferenceId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).collect(); + List references = this.queryFactory.query(ReferenceQuery.class).disableTracking().ids(dmpReferences.stream().map(DescriptionReferenceEntity::getReferenceId).distinct().toList()).authorize(AuthorizationFlags.All).isActive(IsActive.Active).collect(); Map referenceEntityMap = references == null ? new HashMap<>() : references.stream().collect(Collectors.toMap(ReferenceEntity::getId, x-> x)); - List referenceTypes = references == null ? new ArrayList<>() : this.queryFactory.query(ReferenceTypeQuery.class).disableTracking().ids(references.stream().map(ReferenceEntity::getTypeId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).collect(); + List referenceTypes = references == null ? new ArrayList<>() : this.queryFactory.query(ReferenceTypeQuery.class).disableTracking().ids(references.stream().map(ReferenceEntity::getTypeId).distinct().toList()).authorize(AuthorizationFlags.All).isActive(IsActive.Active).collect(); Map referenceTypeEntityMap = referenceTypes == null ? new HashMap<>() : referenceTypes.stream().collect(Collectors.toMap(ReferenceTypeEntity::getId, x-> x)); List dmpReferenceImportExports = new LinkedList<>(); for (DescriptionReferenceEntity descriptionReferenceEntity : dmpReferences) { diff --git a/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateServiceImpl.java index e20609c5c..1704b2290 100644 --- a/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/descriptiontemplate/DescriptionTemplateServiceImpl.java @@ -20,6 +20,7 @@ import org.apache.commons.lang3.NotImplementedException; import org.jetbrains.annotations.NotNull; import org.opencdmp.authorization.AuthorizationFlags; import org.opencdmp.authorization.Permission; +import org.opencdmp.authorization.authorizationcontentresolver.AuthorizationContentResolver; import org.opencdmp.commonmodels.models.DescriptionTemplateTypeModel; import org.opencdmp.commonmodels.models.descriptiotemplate.*; import org.opencdmp.commons.JsonHandlingService; @@ -118,6 +119,7 @@ public class DescriptionTemplateServiceImpl implements DescriptionTemplateServic private final ValidatorFactory validatorFactory; private final DescriptionTemplateTypeService descriptionTemplateTypeService; + private final AuthorizationContentResolver authorizationContentResolver; @Autowired public DescriptionTemplateServiceImpl( @@ -135,7 +137,7 @@ public class DescriptionTemplateServiceImpl implements DescriptionTemplateServic JsonHandlingService jsonHandlingService, NotifyIntegrationEventHandler eventHandler, NotificationProperties notificationProperties, - ValidatorFactory validatorFactory, DescriptionTemplateTypeService descriptionTemplateTypeService) { + ValidatorFactory validatorFactory, DescriptionTemplateTypeService descriptionTemplateTypeService, AuthorizationContentResolver authorizationContentResolver) { this.entityManager = entityManager; this.userScope = userScope; this.authorizationService = authorizationService; @@ -154,6 +156,7 @@ public class DescriptionTemplateServiceImpl implements DescriptionTemplateServic this.notificationProperties = notificationProperties; this.validatorFactory = validatorFactory; this.descriptionTemplateTypeService = descriptionTemplateTypeService; + this.authorizationContentResolver = authorizationContentResolver; } //region Persist @@ -161,10 +164,10 @@ public class DescriptionTemplateServiceImpl implements DescriptionTemplateServic public DescriptionTemplate persist(DescriptionTemplatePersist model, UUID groupId, FieldSet fields) throws MyForbiddenException, MyValidationException, MyApplicationException, MyNotFoundException, InvalidApplicationException, JAXBException, ParserConfigurationException, JsonProcessingException, TransformerException { logger.debug(new MapLogEntry("persisting data descriptionTemplate").And("model", model).And("fields", fields)); - this.authorizationService.authorizeForce(Permission.EditDescriptionTemplate); - Boolean isUpdate = this.conventionService.isValidGuid(model.getId()); - + if (isUpdate) this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(model.getId())), Permission.EditDescriptionTemplate); + else this.authorizationService.authorizeForce(Permission.EditDescriptionTemplate); + DescriptionTemplateEntity data; if (isUpdate) { data = this.entityManager.find(DescriptionTemplateEntity.class, model.getId()); @@ -214,7 +217,7 @@ public class DescriptionTemplateServiceImpl implements DescriptionTemplateServic this.entityManager.flush(); - return this.builderFactory.builder(DescriptionTemplateBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, DescriptionTemplate._id), data); + return this.builderFactory.builder(DescriptionTemplateBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, DescriptionTemplate._id), data); } private void updateVersionStatusAndSave(DescriptionTemplateEntity data, DescriptionTemplateStatus previousStatus, DescriptionTemplateStatus newStatus) throws InvalidApplicationException { @@ -527,8 +530,8 @@ public class DescriptionTemplateServiceImpl implements DescriptionTemplateServic this.authorizationService.authorizeForce(Permission.CloneDescriptionTemplate); - DescriptionTemplateQuery query = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - DescriptionTemplate model = this.builderFactory.builder(DescriptionTemplateBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fields, query.firstAs(fields)); + DescriptionTemplateQuery query = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + DescriptionTemplate model = this.builderFactory.builder(DescriptionTemplateBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fields, query.firstAs(fields)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DescriptionTemplate.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -662,7 +665,7 @@ public class DescriptionTemplateServiceImpl implements DescriptionTemplateServic this.entityManager.flush(); - return this.builderFactory.builder(DescriptionTemplateBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, DescriptionTemplate._id), data); + return this.builderFactory.builder(DescriptionTemplateBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, DescriptionTemplate._id), data); } //endregion @@ -867,7 +870,7 @@ public class DescriptionTemplateServiceImpl implements DescriptionTemplateServic logger.debug(new MapLogEntry("exportXml").And("id", id)); if (!ignoreAuthorize) this.authorizationService.authorizeForce(Permission.ExportDescriptionTemplate); - DescriptionTemplateEntity data = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).first(); + DescriptionTemplateEntity data = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.AllExceptPublic).first(); if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DescriptionTemplate.class.getSimpleName()}, LocaleContextHolder.getLocale())); DefinitionEntity definition = this.xmlHandlingService.fromXml(DefinitionEntity.class, data.getDefinition()); @@ -880,7 +883,7 @@ public class DescriptionTemplateServiceImpl implements DescriptionTemplateServic logger.debug(new MapLogEntry("exportXml").And("id", id)); this.authorizationService.authorizeForce(Permission.ExportDescriptionTemplate); - DescriptionTemplateEntity data = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).first(); + DescriptionTemplateEntity data = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.AllExceptPublic).first(); if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DescriptionTemplate.class.getSimpleName()}, LocaleContextHolder.getLocale())); String xml = this.xmlHandlingService.toXml(this.exportXmlEntity(id, false)); diff --git a/backend/core/src/main/java/org/opencdmp/service/descriptiontemplatetype/DescriptionTemplateTypeServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/descriptiontemplatetype/DescriptionTemplateTypeServiceImpl.java index 923518565..eb01477ed 100644 --- a/backend/core/src/main/java/org/opencdmp/service/descriptiontemplatetype/DescriptionTemplateTypeServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/descriptiontemplatetype/DescriptionTemplateTypeServiceImpl.java @@ -106,7 +106,7 @@ public class DescriptionTemplateTypeServiceImpl implements DescriptionTemplateTy this.entityManager.flush(); this.eventBroker.emit(new DescriptionTemplateTypeTouchedEvent(data.getId())); - return this.builderFactory.builder(DescriptionTemplateTypeBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, DescriptionTemplateType._id), data); + return this.builderFactory.builder(DescriptionTemplateTypeBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, DescriptionTemplateType._id), data); } public void deleteAndSave(UUID id) throws MyForbiddenException, InvalidApplicationException { diff --git a/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java index 9f4428fac..6b2599ec8 100644 --- a/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java @@ -260,15 +260,15 @@ public class DmpServiceImpl implements DmpService { this.annotationEntityTouchedIntegrationEventHandler.handleDmp(data.getId()); - return this.builderFactory.builder(DmpBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Dmp._id, Dmp._hash), data); + return this.builderFactory.builder(DmpBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, Dmp._id, Dmp._hash), data); } private void checkIfDescriptionTemplateIsUse (List descriptionTemplates, UUID id){ - List existingDmpDescriptionTemplates = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).dmpIds(id).isActive(IsActive.Active).collect(); + List existingDmpDescriptionTemplates = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).dmpIds(id).isActive(IsActive.Active).collect(); List removedDescriptionTemplates = existingDmpDescriptionTemplates.stream().filter(x -> descriptionTemplates.stream().noneMatch(y -> y.getDescriptionTemplateGroupId().equals(x.getDescriptionTemplateGroupId()))).toList(); DmpDescriptionTemplateQuery dmpDescriptionTemplateQuery = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().isActive(IsActive.Active).dmpIds(id).descriptionTemplateGroupIds(removedDescriptionTemplates.stream().map(DmpDescriptionTemplateEntity::getDescriptionTemplateGroupId).collect(Collectors.toList())); - DescriptionQuery query = this.queryFactory.query(DescriptionQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).dmpDescriptionTemplateSubQuery(dmpDescriptionTemplateQuery).isActive(IsActive.Active); + DescriptionQuery query = this.queryFactory.query(DescriptionQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).dmpDescriptionTemplateSubQuery(dmpDescriptionTemplateQuery).isActive(IsActive.Active); if (query != null && query.count() > 0) throw new MyValidationException(this.errors.getDmpDescriptionTemplateCanNotRemove().getCode(), this.errors.getDmpDescriptionTemplateCanNotRemove().getMessage()); @@ -354,7 +354,7 @@ public class DmpServiceImpl implements DmpService { DmpEntity data = this.entityManager.find(DmpEntity.class, id); if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale())); - EntityDoiQuery entityDoiQuery = this.queryFactory.query(EntityDoiQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).types(EntityType.DMP).entityIds(data.getId()); + EntityDoiQuery entityDoiQuery = this.queryFactory.query(EntityDoiQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).types(EntityType.DMP).entityIds(data.getId()); if (entityDoiQuery.count() > 0) throw new MyApplicationException("DMP is deposited can not deleted"); DmpEntity previousDmp = null; @@ -493,7 +493,7 @@ public class DmpServiceImpl implements DmpService { List descriptionEntities = this.queryFactory.query(DescriptionQuery.class).disableTracking().ids(model.getDescriptions().stream().map(NewVersionDmpDescriptionPersist::getDescriptionId).distinct().collect(Collectors.toList())).isActive(IsActive.Active).collect(); FieldSet fieldSet = new BaseFieldSet(Description._id, BaseFieldSet.asIndexer(Description._descriptionTemplate, DescriptionTemplate._groupId)); - List models = this.builderFactory.builder(DescriptionBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, descriptionEntities); + List models = this.builderFactory.builder(DescriptionBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, descriptionEntities); if (!oldDmpEntity.getBlueprintId().equals(blueprintEntity.getId())){ // add description templates if exists in new blueprint @@ -673,7 +673,7 @@ public class DmpServiceImpl implements DmpService { public Dmp buildClone(CloneDmpPersist model, FieldSet fields) throws MyForbiddenException, MyValidationException, MyApplicationException, MyNotFoundException, IOException, InvalidApplicationException { this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation( model.getId())), Permission.CloneDmp); - DmpEntity existingDmpEntity = this.queryFactory.query(DmpQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(model.getId()).firstAs(fields); + DmpEntity existingDmpEntity = this.queryFactory.query(DmpQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(model.getId()).firstAs(fields); if (!this.conventionService.isValidGuid(model.getId()) || existingDmpEntity == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -813,7 +813,7 @@ public class DmpServiceImpl implements DmpService { this.annotationEntityTouchedIntegrationEventHandler.handleDmp(dmpEntity.getId()); - return this.builderFactory.builder(DmpUserBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fieldSet, DmpUser._id, DmpUser._hash), persisted); + return this.builderFactory.builder(DmpUserBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fieldSet, DmpUser._id, DmpUser._hash), persisted); } private void checkDuplicateDmpUser(List model){ @@ -850,7 +850,7 @@ public class DmpServiceImpl implements DmpService { this.annotationEntityTouchedIntegrationEventHandler.handleDmp(dmpEntity.getId()); - return this.builderFactory.builder(DmpBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Dmp._id, Dmp._hash), data); + return this.builderFactory.builder(DmpBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, Dmp._id, Dmp._hash), data); } @Override @@ -1137,7 +1137,7 @@ public class DmpServiceImpl implements DmpService { public void finalize(UUID id, List descriptionIds) throws MyForbiddenException, MyValidationException, MyApplicationException, MyNotFoundException, InvalidApplicationException, IOException { this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(id)), Permission.FinalizeDmp); - DmpEntity dmp = this.queryFactory.query(DmpQuery.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id).isActive(IsActive.Active).first(); + DmpEntity dmp = this.queryFactory.query(DmpQuery.class).authorize(AuthorizationFlags.AllExceptPublic).ids(id).isActive(IsActive.Active).first(); if (dmp == null){ throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -1152,7 +1152,7 @@ public class DmpServiceImpl implements DmpService { } List descriptions = this.queryFactory.query(DescriptionQuery.class) - .authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).dmpIds(id).isActive(IsActive.Active).collect(); + .authorize(AuthorizationFlags.AllExceptPublic).dmpIds(id).isActive(IsActive.Active).collect(); for (DescriptionEntity description: descriptions) { if (descriptionIds.contains(description.getId())){ @@ -1193,13 +1193,13 @@ public class DmpServiceImpl implements DmpService { public void undoFinalize(UUID id, FieldSet fields) throws MyForbiddenException, MyValidationException, MyApplicationException, MyNotFoundException, InvalidApplicationException { this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(id)), Permission.UndoFinalizeDmp); - DmpEntity dmp = this.queryFactory.query(DmpQuery.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id).isActive(IsActive.Active).firstAs(fields); + DmpEntity dmp = this.queryFactory.query(DmpQuery.class).authorize(AuthorizationFlags.AllExceptPublic).ids(id).isActive(IsActive.Active).firstAs(fields); if (dmp == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale())); if (!dmp.getStatus().equals(DmpStatus.Finalized)) throw new MyApplicationException("DMP is already drafted"); - EntityDoiQuery entityDoiQuery = this.queryFactory.query(EntityDoiQuery.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).types(EntityType.DMP).entityIds(dmp.getId()).isActive(IsActive.Active); + EntityDoiQuery entityDoiQuery = this.queryFactory.query(EntityDoiQuery.class).authorize(AuthorizationFlags.AllExceptPublic).types(EntityType.DMP).entityIds(dmp.getId()).isActive(IsActive.Active); if (entityDoiQuery.count() > 0) throw new MyApplicationException("DMP is deposited"); dmp.setStatus(DmpStatus.Draft); @@ -1232,7 +1232,7 @@ public class DmpServiceImpl implements DmpService { public DmpValidationResult validate(UUID id) throws InvalidApplicationException { - DmpEntity dmp = this.queryFactory.query(DmpQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id).isActive(IsActive.Active).first(); + DmpEntity dmp = this.queryFactory.query(DmpQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id).isActive(IsActive.Active).first(); if (dmp == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -1264,7 +1264,7 @@ public class DmpServiceImpl implements DmpService { persist.setAccessType(data.getAccessType()); persist.setLanguage(data.getLanguage()); - List dmpUserEntities = this.queryFactory.query(DmpUserQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).dmpIds(data.getId()).isActives(IsActive.Active).collect(); + List dmpUserEntities = this.queryFactory.query(DmpUserQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).dmpIds(data.getId()).isActives(IsActive.Active).collect(); if (!this.conventionService.isListNullOrEmpty(dmpUserEntities)){ persist.setUsers(new ArrayList<>()); @@ -1273,11 +1273,11 @@ public class DmpServiceImpl implements DmpService { } } - List dmpReferenceEntities = this.queryFactory.query(DmpReferenceQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).dmpIds(data.getId()).isActives(IsActive.Active).collect(); + List dmpReferenceEntities = this.queryFactory.query(DmpReferenceQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).dmpIds(data.getId()).isActives(IsActive.Active).collect(); org.opencdmp.commons.types.dmpblueprint.DefinitionEntity definition = this.xmlHandlingService.fromXmlSafe(org.opencdmp.commons.types.dmpblueprint.DefinitionEntity.class, dmpBlueprintEntity.getDefinition()); - List dmpDescriptionTemplateEntities = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).dmpIds(data.getId()).isActive(IsActive.Active).collect(); + List dmpDescriptionTemplateEntities = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).dmpIds(data.getId()).isActive(IsActive.Active).collect(); if (!this.conventionService.isListNullOrEmpty(dmpDescriptionTemplateEntities)){ persist.setDescriptionTemplates(new ArrayList<>()); for (DmpDescriptionTemplateEntity descriptionTemplateEntity: dmpDescriptionTemplateEntities) { @@ -1301,7 +1301,7 @@ public class DmpServiceImpl implements DmpService { List referencesFromAllFields = new ArrayList<>(); if (!this.conventionService.isListNullOrEmpty(dmpReferenceEntities)) { - referencesFromAllFields = this.queryFactory.query(ReferenceQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(dmpReferenceEntities.stream().map(DmpReferenceEntity::getReferenceId).collect(Collectors.toList())).isActive(IsActive.Active).collect(); + referencesFromAllFields = this.queryFactory.query(ReferenceQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(dmpReferenceEntities.stream().map(DmpReferenceEntity::getReferenceId).collect(Collectors.toList())).isActive(IsActive.Active).collect(); } Map dmpBlueprintValues = new HashMap<>(); @@ -1578,7 +1578,7 @@ public class DmpServiceImpl implements DmpService { logger.debug(new MapLogEntry("export xml").And("id", id)); if (!ignoreAuthorize) this.authorizationService.authorizeForce(Permission.ExportDmp); - DmpEntity data = this.queryFactory.query(DmpQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).first(); + DmpEntity data = this.queryFactory.query(DmpQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.All).isActive(IsActive.Active).first(); if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale())); DmpPropertiesEntity definition = this.jsonHandlingService.fromJson(DmpPropertiesEntity.class, data.getProperties()); @@ -1590,7 +1590,7 @@ public class DmpServiceImpl implements DmpService { logger.debug(new MapLogEntry("export xml").And("id", id)); this.authorizationService.authorizeForce(Permission.ExportDmp); - DmpEntity data = this.queryFactory.query(DmpQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).first(); + DmpEntity data = this.queryFactory.query(DmpQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.All).isActive(IsActive.Active).first(); if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale())); String xml = this.xmlHandlingService.toXml(this.exportXmlEntity(data.getId(), false)); @@ -1598,7 +1598,7 @@ public class DmpServiceImpl implements DmpService { } private DmpImportExport definitionXmlToExport(DmpEntity data, DmpPropertiesEntity propertiesEntity) throws InvalidApplicationException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException { - DmpBlueprintEntity blueprintEntity = this.queryFactory.query(DmpBlueprintQuery.class).disableTracking().ids(data.getBlueprintId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).first(); + DmpBlueprintEntity blueprintEntity = this.queryFactory.query(DmpBlueprintQuery.class).disableTracking().ids(data.getBlueprintId()).authorize(AuthorizationFlags.All).first(); if (blueprintEntity == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{data.getBlueprintId(), DmpBlueprint.class.getSimpleName()}, LocaleContextHolder.getLocale())); DmpImportExport xml = new DmpImportExport(); @@ -1622,7 +1622,7 @@ public class DmpServiceImpl implements DmpService { } private List descriptionsToExport(DmpEntity data) throws JAXBException, InvalidApplicationException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException { - List descriptions = this.queryFactory.query(DescriptionQuery.class).disableTracking().dmpIds(data.getId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).dmpIds(data.getId()).isActive(IsActive.Active).collect(); + List descriptions = this.queryFactory.query(DescriptionQuery.class).disableTracking().dmpIds(data.getId()).authorize(AuthorizationFlags.All).dmpIds(data.getId()).isActive(IsActive.Active).collect(); if (!this.conventionService.isListNullOrEmpty(descriptions)) { List descriptionImportExports = new LinkedList<>(); for (DescriptionEntity description : descriptions) { @@ -1634,11 +1634,11 @@ public class DmpServiceImpl implements DmpService { } private List dmpReferencesToExport(DmpEntity data){ - List dmpReferences = this.queryFactory.query(DmpReferenceQuery.class).disableTracking().dmpIds(data.getId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActives(IsActive.Active).collect(); + List dmpReferences = this.queryFactory.query(DmpReferenceQuery.class).disableTracking().dmpIds(data.getId()).authorize(AuthorizationFlags.All).isActives(IsActive.Active).collect(); if (!this.conventionService.isListNullOrEmpty(dmpReferences)) { - List references = this.queryFactory.query(ReferenceQuery.class).disableTracking().ids(dmpReferences.stream().map(DmpReferenceEntity::getReferenceId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).collect(); + List references = this.queryFactory.query(ReferenceQuery.class).disableTracking().ids(dmpReferences.stream().map(DmpReferenceEntity::getReferenceId).distinct().toList()).authorize(AuthorizationFlags.All).isActive(IsActive.Active).collect(); Map referenceEntityMap = references == null ? new HashMap<>() : references.stream().collect(Collectors.toMap(ReferenceEntity::getId, x-> x)); - List referenceTypes = references == null ? new ArrayList<>() : this.queryFactory.query(ReferenceTypeQuery.class).disableTracking().ids(references.stream().map(ReferenceEntity::getTypeId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).collect(); + List referenceTypes = references == null ? new ArrayList<>() : this.queryFactory.query(ReferenceTypeQuery.class).disableTracking().ids(references.stream().map(ReferenceEntity::getTypeId).distinct().toList()).authorize(AuthorizationFlags.AllExceptPublic).isActive(IsActive.Active).collect(); Map referenceTypeEntityMap = referenceTypes == null ? new HashMap<>() : referenceTypes.stream().collect(Collectors.toMap(ReferenceTypeEntity::getId, x-> x)); List dmpReferenceImportExports = new LinkedList<>(); for (DmpReferenceEntity descriptionTemplateEntity : dmpReferences) { @@ -1715,7 +1715,7 @@ public class DmpServiceImpl implements DmpService { private List dmpDescriptionTemplatesToExport(DmpEntity data){ - List dmpDescriptionTemplateEntities = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).dmpIds(data.getId()).isActive(IsActive.Active).collect(); + List dmpDescriptionTemplateEntities = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.All).dmpIds(data.getId()).isActive(IsActive.Active).collect(); if (!this.conventionService.isListNullOrEmpty(dmpDescriptionTemplateEntities)) { List dmpDescriptionTemplateImportExports = new LinkedList<>(); for (DmpDescriptionTemplateEntity descriptionTemplateEntity : dmpDescriptionTemplateEntities) { @@ -1737,9 +1737,9 @@ public class DmpServiceImpl implements DmpService { } private ListdmpUsersToExport(DmpEntity data){ - List dmpUsers = this.queryFactory.query(DmpUserQuery.class).disableTracking().dmpIds(data.getId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActives(IsActive.Active).collect(); + List dmpUsers = this.queryFactory.query(DmpUserQuery.class).disableTracking().dmpIds(data.getId()).authorize(AuthorizationFlags.All).isActives(IsActive.Active).collect(); if (!this.conventionService.isListNullOrEmpty(dmpUsers)) { - List users = this.queryFactory.query(UserQuery.class).disableTracking().ids(dmpUsers.stream().map(DmpUserEntity::getUserId).distinct().toList()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).isActive(IsActive.Active).collect(); + List users = this.queryFactory.query(UserQuery.class).disableTracking().ids(dmpUsers.stream().map(DmpUserEntity::getUserId).distinct().toList()).authorize(AuthorizationFlags.All).isActive(IsActive.Active).collect(); Map usersMap = users == null ? new HashMap<>() : users.stream().collect(Collectors.toMap(UserEntity::getId, x -> x)); List dmpUserImportExports = new LinkedList<>(); for (DmpUserEntity dmpUserEntity : dmpUsers) { diff --git a/backend/core/src/main/java/org/opencdmp/service/dmpblueprint/DmpBlueprintServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/dmpblueprint/DmpBlueprintServiceImpl.java index 7e9bc9ef4..f51ec06d1 100644 --- a/backend/core/src/main/java/org/opencdmp/service/dmpblueprint/DmpBlueprintServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/dmpblueprint/DmpBlueprintServiceImpl.java @@ -173,7 +173,7 @@ public class DmpBlueprintServiceImpl implements DmpBlueprintService { this.entityManager.flush(); - return this.builderFactory.builder(DmpBlueprintBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, DmpBlueprint._id), data); + return this.builderFactory.builder(DmpBlueprintBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, DmpBlueprint._id), data); } private void updateVersionStatusAndSave(DmpBlueprintEntity data, DmpBlueprintStatus previousStatus, DmpBlueprintStatus newStatus) throws InvalidApplicationException { @@ -351,8 +351,8 @@ public class DmpBlueprintServiceImpl implements DmpBlueprintService { this.authorizationService.authorizeForce(Permission.CloneDmpBlueprint); - DmpBlueprintQuery query = this.queryFactory.query(DmpBlueprintQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - DmpBlueprint model = this.builderFactory.builder(DmpBlueprintBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fields, query.firstAs(fields)); + DmpBlueprintQuery query = this.queryFactory.query(DmpBlueprintQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + DmpBlueprint model = this.builderFactory.builder(DmpBlueprintBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fields, query.firstAs(fields)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DmpBlueprint.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -450,7 +450,7 @@ public class DmpBlueprintServiceImpl implements DmpBlueprintService { this.entityManager.flush(); - return this.builderFactory.builder(DmpBlueprintBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, DmpBlueprint._id), data); + return this.builderFactory.builder(DmpBlueprintBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, DmpBlueprint._id), data); } //endregion @@ -463,7 +463,7 @@ public class DmpBlueprintServiceImpl implements DmpBlueprintService { logger.debug(new MapLogEntry("export xml").And("id", id)); if (!ignoreAuthorize) this.authorizationService.authorizeForce(Permission.ExportDmpBlueprint); - DmpBlueprintEntity data = this.queryFactory.query(DmpBlueprintQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).first(); + DmpBlueprintEntity data = this.queryFactory.query(DmpBlueprintQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.AllExceptPublic).isActive(IsActive.Active).first(); if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DmpBlueprint.class.getSimpleName()}, LocaleContextHolder.getLocale())); return this.definitionXmlToExport(data); @@ -473,7 +473,7 @@ public class DmpBlueprintServiceImpl implements DmpBlueprintService { @Override public ResponseEntity exportXml(UUID id) throws MyForbiddenException, MyNotFoundException, JAXBException, ParserConfigurationException, IOException, InstantiationException, IllegalAccessException, SAXException, TransformerException, InvalidApplicationException { logger.debug(new MapLogEntry("export xml").And("id", id)); - DmpBlueprintEntity data = this.queryFactory.query(DmpBlueprintQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).first(); + DmpBlueprintEntity data = this.queryFactory.query(DmpBlueprintQuery.class).disableTracking().ids(id).authorize(AuthorizationFlags.AllExceptPublic).isActive(IsActive.Active).first(); if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DmpBlueprint.class.getSimpleName()}, LocaleContextHolder.getLocale())); String xml = this.xmlHandlingService.toXml(this.getExportXmlEntity(id, false)); diff --git a/backend/core/src/main/java/org/opencdmp/service/entitydoi/EntityDoiServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/entitydoi/EntityDoiServiceImpl.java index 5bd593baa..a23fc4add 100644 --- a/backend/core/src/main/java/org/opencdmp/service/entitydoi/EntityDoiServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/entitydoi/EntityDoiServiceImpl.java @@ -109,7 +109,7 @@ public class EntityDoiServiceImpl implements EntityDoiService { this.entityManager.flush(); this.eventBroker.emit(new EntityDoiTouchedEvent(data.getId())); - return this.builderFactory.builder(EntityDoiBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, EntityDoi._id), data); + return this.builderFactory.builder(EntityDoiBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, EntityDoi._id), data); } public void deleteAndSave(UUID id) throws MyForbiddenException, InvalidApplicationException { diff --git a/backend/core/src/main/java/org/opencdmp/service/filetransformer/FileTransformerServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/filetransformer/FileTransformerServiceImpl.java index 31d0d0d41..8af2748ef 100644 --- a/backend/core/src/main/java/org/opencdmp/service/filetransformer/FileTransformerServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/filetransformer/FileTransformerServiceImpl.java @@ -258,8 +258,8 @@ public class FileTransformerServiceImpl implements FileTransformerService { FileTransformerRepository repository = this.getRepository(repositoryId); if (repository == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{format, FileTransformerRepository.class.getSimpleName()}, LocaleContextHolder.getLocale())); //GK: Second get the Target Data Management Plan - DmpQuery query = this.queryFactory.query(DmpQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(dmpId); - DmpModel dmpFileTransformerModel = this.builderFactory.builder(DmpCommonModelBuilder.class).useSharedStorage(repository.getConfiguration().isUseSharedStorage()).setRepositoryId(repository.getConfiguration().getFileTransformerId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(query.first()); + DmpQuery query = this.queryFactory.query(DmpQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(dmpId); + DmpModel dmpFileTransformerModel = this.builderFactory.builder(DmpCommonModelBuilder.class).useSharedStorage(repository.getConfiguration().isUseSharedStorage()).setRepositoryId(repository.getConfiguration().getFileTransformerId()).authorize(AuthorizationFlags.AllExceptPublic).build(query.first()); if (dmpFileTransformerModel == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{dmpId, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale())); FileEnvelopeModel fileEnvelope = repository.exportDmp(dmpFileTransformerModel, format); @@ -279,8 +279,8 @@ public class FileTransformerServiceImpl implements FileTransformerService { if (repository == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{format, FileTransformerRepository.class.getSimpleName()}, LocaleContextHolder.getLocale())); //GK: Second get the Target Data Management Plan - DescriptionQuery query = this.queryFactory.query(DescriptionQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(descriptionId); - DescriptionModel descriptionFileTransformerModel = this.builderFactory.builder(DescriptionCommonModelBuilder.class).setRepositoryId(repository.getConfiguration().getFileTransformerId()).useSharedStorage(repository.getConfiguration().isUseSharedStorage()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(query.first()); + DescriptionQuery query = this.queryFactory.query(DescriptionQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(descriptionId); + DescriptionModel descriptionFileTransformerModel = this.builderFactory.builder(DescriptionCommonModelBuilder.class).setRepositoryId(repository.getConfiguration().getFileTransformerId()).useSharedStorage(repository.getConfiguration().isUseSharedStorage()).authorize(AuthorizationFlags.AllExceptPublic).build(query.first()); if (descriptionFileTransformerModel == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{descriptionId, Description.class.getSimpleName()}, LocaleContextHolder.getLocale())); FileEnvelopeModel fileEnvelope = repository.exportDescription(descriptionFileTransformerModel, format); @@ -316,7 +316,7 @@ public class FileTransformerServiceImpl implements FileTransformerService { public DmpModel importDmp(DmpCommonModelConfig dmpCommonModelConfig) throws InvalidAlgorithmParameterException, NoSuchPaddingException, IllegalBlockSizeException, InvalidApplicationException, NoSuchAlgorithmException, BadPaddingException, InvalidKeyException, IOException, JAXBException { this.authorizationService.authorizeForce(Permission.NewDmp); - StorageFileEntity tempFile = this.queryFactory.query(StorageFileQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(dmpCommonModelConfig.getFileId()).first(); + StorageFileEntity tempFile = this.queryFactory.query(StorageFileQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(dmpCommonModelConfig.getFileId()).first(); if (tempFile == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{dmpCommonModelConfig.getFileId(), StorageFile.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -324,15 +324,15 @@ public class FileTransformerServiceImpl implements FileTransformerService { FileTransformerRepository repository = this.getRepository(dmpCommonModelConfig.getRepositoryId()); if (repository == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{dmpCommonModelConfig.getRepositoryId(), FileTransformerRepository.class.getSimpleName()}, LocaleContextHolder.getLocale())); - DmpBlueprintQuery dmpBlueprintQuery = this.queryFactory.query(DmpBlueprintQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(dmpCommonModelConfig.getBlueprintId()); - DmpBlueprintModel dmpBlueprintModel = this.builderFactory.builder(DmpBlueprintCommonModelBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(dmpBlueprintQuery.first()); + DmpBlueprintQuery dmpBlueprintQuery = this.queryFactory.query(DmpBlueprintQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(dmpCommonModelConfig.getBlueprintId()); + DmpBlueprintModel dmpBlueprintModel = this.builderFactory.builder(DmpBlueprintCommonModelBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(dmpBlueprintQuery.first()); if (dmpBlueprintModel == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{dmpCommonModelConfig.getBlueprintId(), DmpBlueprint.class.getSimpleName()}, LocaleContextHolder.getLocale())); DmpImportModel dmpImportModel = new DmpImportModel(); dmpImportModel.setBlueprintModel(dmpBlueprintModel); if (!this.conventionService.isListNullOrEmpty(dmpCommonModelConfig.getDescriptions())){ - List descriptionTemplateEntities = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(dmpCommonModelConfig.getDescriptions().stream().map(x -> x.getTemplateId()).distinct().collect(Collectors.toList())).collect(); + List descriptionTemplateEntities = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(dmpCommonModelConfig.getDescriptions().stream().map(x -> x.getTemplateId()).distinct().collect(Collectors.toList())).collect(); if (descriptionTemplateEntities == null) throw new MyApplicationException("Description Templates Not Exist!"); @@ -340,7 +340,7 @@ public class FileTransformerServiceImpl implements FileTransformerService { for (DescriptionCommonModelConfig descriptionCommonModelConfig : dmpCommonModelConfig.getDescriptions()) { DescriptionTemplateEntity descriptionTemplateEntity = descriptionTemplateEntities.stream().filter(x -> x.getId().equals(descriptionCommonModelConfig.getTemplateId())).findFirst().orElse(null); if (descriptionTemplateEntity != null){ - DescriptionTemplateModel descriptionTemplateModel = this.builderFactory.builder(DescriptionTemplateCommonModelBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(descriptionTemplateEntity); + DescriptionTemplateModel descriptionTemplateModel = this.builderFactory.builder(DescriptionTemplateCommonModelBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(descriptionTemplateEntity); DescriptionImportModel descriptionImportModel = new DescriptionImportModel(); descriptionImportModel.setId(descriptionCommonModelConfig.getId()); @@ -383,7 +383,7 @@ public class FileTransformerServiceImpl implements FileTransformerService { public PreprocessingDmpModel preprocessingDmp(UUID fileId, String repositoryId) throws InvalidAlgorithmParameterException, NoSuchPaddingException, IllegalBlockSizeException, InvalidApplicationException, NoSuchAlgorithmException, BadPaddingException, InvalidKeyException, IOException { this.authorizationService.authorizeForce(Permission.NewDmp); - StorageFileEntity tempFile = this.queryFactory.query(StorageFileQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(fileId).first(); + StorageFileEntity tempFile = this.queryFactory.query(StorageFileQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(fileId).first(); if (tempFile == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{fileId, StorageFile.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/core/src/main/java/org/opencdmp/service/language/LanguageServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/language/LanguageServiceImpl.java index 630c88f13..e4e0931d4 100644 --- a/backend/core/src/main/java/org/opencdmp/service/language/LanguageServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/language/LanguageServiceImpl.java @@ -93,7 +93,7 @@ public class LanguageServiceImpl implements LanguageService { this.entityManager.flush(); - return this.builderFactory.builder(LanguageBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Language._id), data); + return this.builderFactory.builder(LanguageBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, Language._id), data); } public String getPayload(String code) throws IOException { diff --git a/backend/core/src/main/java/org/opencdmp/service/lock/LockServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/lock/LockServiceImpl.java index a0eeac010..a21958526 100644 --- a/backend/core/src/main/java/org/opencdmp/service/lock/LockServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/lock/LockServiceImpl.java @@ -87,7 +87,8 @@ public class LockServiceImpl implements LockService { AffiliatedResource affiliatedResourceDmp = this.authorizationContentResolver.dmpAffiliation(model.getTarget()); AffiliatedResource affiliatedResourceDescription = this.authorizationContentResolver.descriptionAffiliation(model.getTarget()); - this.authorizationService.authorizeAtLeastOneForce(List.of(affiliatedResourceDmp, affiliatedResourceDescription), Permission.EditLock); + AffiliatedResource affiliatedResourceDescriptionTemplate = this.authorizationContentResolver.descriptionTemplateAffiliation(model.getTarget()); + this.authorizationService.authorizeAtLeastOneForce(List.of(affiliatedResourceDmp, affiliatedResourceDescription, affiliatedResourceDescriptionTemplate), Permission.EditLock); Boolean isUpdate = this.conventionService.isValidGuid(model.getId()); @@ -113,12 +114,12 @@ public class LockServiceImpl implements LockService { this.entityManager.flush(); - return this.builderFactory.builder(LockBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Lock._id), data); + return this.builderFactory.builder(LockBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, Lock._id), data); } public LockStatus isLocked(UUID target, FieldSet fields) throws InvalidApplicationException { LockStatus lockStatus = new LockStatus(); - LockEntity lock = this.queryFactory.query(LockQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).targetIds(target).first(); + LockEntity lock = this.queryFactory.query(LockQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).targetIds(target).first(); if (lock == null) { lockStatus.setStatus(false); @@ -134,12 +135,12 @@ public class LockServiceImpl implements LockService { } else lockStatus.setStatus(true); } - lockStatus.setLock(this.builderFactory.builder(LockBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Lock._id), lock)); + lockStatus.setLock(this.builderFactory.builder(LockBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, Lock._id), lock)); return lockStatus; } public void lock(UUID target, LockTargetType targetType) throws InvalidApplicationException { - LockEntity lock = this.queryFactory.query(LockQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).targetIds(target).first(); + LockEntity lock = this.queryFactory.query(LockQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).targetIds(target).first(); if (lock == null) { this.persist(new LockPersist(target, targetType), null); }else{ @@ -150,7 +151,7 @@ public class LockServiceImpl implements LockService { } public void touch(UUID target) throws InvalidApplicationException { - LockEntity lock = this.queryFactory.query(LockQuery.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).targetIds(target).first(); + LockEntity lock = this.queryFactory.query(LockQuery.class).authorize(AuthorizationFlags.AllExceptPublic).targetIds(target).first(); if (lock == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{target, Lock.class.getSimpleName()}, LocaleContextHolder.getLocale())); if (!lock.getLockedBy().equals(this.userScope.getUserId())) throw new MyApplicationException("Only the user who created that lock can touch it"); @@ -161,7 +162,7 @@ public class LockServiceImpl implements LockService { } public void unlock(UUID target) throws InvalidApplicationException { - LockEntity lock = this.queryFactory.query(LockQuery.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).targetIds(target).first(); + LockEntity lock = this.queryFactory.query(LockQuery.class).authorize(AuthorizationFlags.AllExceptPublic).targetIds(target).first(); if (lock == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{target, Lock.class.getSimpleName()}, LocaleContextHolder.getLocale())); if (!lock.getLockedBy().equals(this.userScope.getUserId())) { @@ -175,7 +176,8 @@ public class LockServiceImpl implements LockService { AffiliatedResource affiliatedResourceDmp = this.authorizationContentResolver.dmpAffiliation(target); AffiliatedResource affiliatedResourceDescription = this.authorizationContentResolver.descriptionAffiliation(target); - this.authorizationService.authorizeAtLeastOneForce(List.of(affiliatedResourceDmp, affiliatedResourceDescription), Permission.DeleteLock); + AffiliatedResource affiliatedResourceDescriptionTemplate = this.authorizationContentResolver.descriptionTemplateAffiliation(target); + this.authorizationService.authorizeAtLeastOneForce(List.of(affiliatedResourceDmp, affiliatedResourceDescription, affiliatedResourceDescriptionTemplate), Permission.DeleteLock); this.deleterFactory.deleter(LockDeleter.class).deleteAndSaveByIds(List.of(id)); } diff --git a/backend/core/src/main/java/org/opencdmp/service/prefillingsource/PrefillingSourceServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/prefillingsource/PrefillingSourceServiceImpl.java index c809e79ba..cef1626e7 100644 --- a/backend/core/src/main/java/org/opencdmp/service/prefillingsource/PrefillingSourceServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/prefillingsource/PrefillingSourceServiceImpl.java @@ -155,7 +155,7 @@ public class PrefillingSourceServiceImpl implements PrefillingSourceService { Long prefillingSourcesWithThisCode = this.queryFactory.query(PrefillingSourceQuery.class).codes(data.getCode()).count(); if (prefillingSourcesWithThisCode > 1) throw new MyValidationException(this.errors.getPrefillingSourceCodeExists().getCode(), this.errors.getPrefillingSourceCodeExists().getMessage()); - return this.builderFactory.builder(PrefillingSourceBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, PrefillingSource._id), data); + return this.builderFactory.builder(PrefillingSourceBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, PrefillingSource._id), data); } private @NotNull PrefillingSourceDefinitionEntity buildDefinitionEntity(PrefillingSourceDefinitionPersist persist) { @@ -381,7 +381,7 @@ public class PrefillingSourceServiceImpl implements PrefillingSourceService { Description description = new Description(); FieldSet descriptionTemplateFields = fieldSet.extractPrefixed(this.conventionService.asPrefix(Description._descriptionTemplate)); - description.setDescriptionTemplate(this.builderFactory.builder(DescriptionTemplateBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(descriptionTemplateFields, descriptionTemplateEntity)); + description.setDescriptionTemplate(this.builderFactory.builder(DescriptionTemplateBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(descriptionTemplateFields, descriptionTemplateEntity)); return this.mapPrefilledEntityToDescription(description, descriptionTemplateDefinition, prefillingSourceDefinition, prefillingSourceEntity.getLabel(), data); } @@ -549,7 +549,7 @@ public class PrefillingSourceServiceImpl implements PrefillingSourceService { case TAGS -> { String[] valuesParsed = this.tryParseJsonAsObjectString(String[].class, value); List finalValue = valuesParsed == null ? List.of(value) : Arrays.stream(valuesParsed).toList(); - List existingTags = this.queryFactory.query(TagQuery.class).isActive(IsActive.Active).tags(finalValue).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermissionOrPublic).collect(); + List existingTags = this.queryFactory.query(TagQuery.class).isActive(IsActive.Active).tags(finalValue).disableTracking().authorize(AuthorizationFlags.All).collect(); List tags = new ArrayList<>(); for (String like : finalValue) { Tag tag = new Tag(); diff --git a/backend/core/src/main/java/org/opencdmp/service/reference/ReferenceServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/reference/ReferenceServiceImpl.java index 0dbbdd8f9..857c064cf 100644 --- a/backend/core/src/main/java/org/opencdmp/service/reference/ReferenceServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/reference/ReferenceServiceImpl.java @@ -122,7 +122,7 @@ public class ReferenceServiceImpl implements ReferenceService { this.entityManager.flush(); - return this.builderFactory.builder(ReferenceBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Reference._id), data); + return this.builderFactory.builder(ReferenceBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, Reference._id), data); } private @NotNull DefinitionEntity buildDefinitionEntity(DefinitionPersist persist){ @@ -195,7 +195,7 @@ public class ReferenceServiceImpl implements ReferenceService { ReferenceEntity referenceEntity = this.buildReferenceEntityFromExternalData(result, data); referenceEntities.add(referenceEntity); } - externalModels = this.builderFactory.builder(ReferenceBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), referenceEntities); + externalModels = this.builderFactory.builder(ReferenceBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), referenceEntities); } List models = this.fetchReferenceFromDb(lookup); @@ -239,10 +239,10 @@ public class ReferenceServiceImpl implements ReferenceService { } private List fetchReferenceFromDb(ReferenceSearchLookup lookup){ - ReferenceQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).sourceTypes(ReferenceSourceType.Internal).typeIds(lookup.getTypeId()); + ReferenceQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic).sourceTypes(ReferenceSourceType.Internal).typeIds(lookup.getTypeId()); if (!this.conventionService.isNullOrEmpty(lookup.getLike())) query.like(lookup.getLike()); List data = query.collectAs(lookup.getProject()); - return this.builderFactory.builder(ReferenceBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + return this.builderFactory.builder(ReferenceBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); } private ExternalDataResult getReferenceData(ReferenceTypeEntity referenceType, ExternalReferenceCriteria externalReferenceCriteria, String key) { diff --git a/backend/core/src/main/java/org/opencdmp/service/referencetype/ReferenceTypeServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/referencetype/ReferenceTypeServiceImpl.java index baa7151d3..7ac2b5553 100644 --- a/backend/core/src/main/java/org/opencdmp/service/referencetype/ReferenceTypeServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/referencetype/ReferenceTypeServiceImpl.java @@ -110,7 +110,7 @@ public class ReferenceTypeServiceImpl implements ReferenceTypeService { Long referenceTypesWithThisCode = this.queryFactory.query(ReferenceTypeQuery.class).codes(data.getCode()).count(); if (referenceTypesWithThisCode > 1) throw new MyValidationException(this.errors.getReferenceTypeCodeExists().getCode(), this.errors.getReferenceTypeCodeExists().getMessage()); - return this.builderFactory.builder(ReferenceTypeBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, ReferenceType._id), data); + return this.builderFactory.builder(ReferenceTypeBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, ReferenceType._id), data); } private @NotNull ReferenceTypeDefinitionEntity buildDefinitionEntity(ReferenceTypeDefinitionPersist persist){ diff --git a/backend/core/src/main/java/org/opencdmp/service/storage/StorageFileServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/storage/StorageFileServiceImpl.java index b0866334f..310d4c9a1 100644 --- a/backend/core/src/main/java/org/opencdmp/service/storage/StorageFileServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/storage/StorageFileServiceImpl.java @@ -94,7 +94,7 @@ public class StorageFileServiceImpl implements StorageFileService { this.entityManager.persist(storageFile); this.entityManager.flush(); - return this.builderFactory.builder(StorageFileBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, StorageFile._id), storageFile); + return this.builderFactory.builder(StorageFileBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, StorageFile._id), storageFile); } @Override @@ -142,7 +142,7 @@ public class StorageFileServiceImpl implements StorageFileService { file.delete(); this.entityManager.merge(storageFile); - return this.builderFactory.builder(StorageFileBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, StorageFile._id), storageFile); + return this.builderFactory.builder(StorageFileBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, StorageFile._id), storageFile); } catch (Exception ex) { logger.warn("problem reading byte content of storage file " + fileId, ex); @@ -181,7 +181,7 @@ public class StorageFileServiceImpl implements StorageFileService { this.entityManager.persist(data); this.entityManager.merge(storageFile); - return this.builderFactory.builder(StorageFileBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, StorageFile._id), data); + return this.builderFactory.builder(StorageFileBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, StorageFile._id), data); } catch (Exception ex) { diff --git a/backend/core/src/main/java/org/opencdmp/service/supportivematerial/SupportiveMaterialServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/supportivematerial/SupportiveMaterialServiceImpl.java index 556f73785..2fa163b22 100644 --- a/backend/core/src/main/java/org/opencdmp/service/supportivematerial/SupportiveMaterialServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/supportivematerial/SupportiveMaterialServiceImpl.java @@ -95,7 +95,7 @@ public class SupportiveMaterialServiceImpl implements SupportiveMaterialService{ if (d == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), SupportiveMaterial.class.getSimpleName()}, LocaleContextHolder.getLocale())); } else { - List data = this.queryFactory.query(SupportiveMaterialQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).languageCodes(model.getLanguageCode()).types(model.getType()).collect(); + List data = this.queryFactory.query(SupportiveMaterialQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).languageCodes(model.getLanguageCode()).types(model.getType()).collect(); if(data != null && !data.isEmpty()){ throw new MyApplicationException("Could not create a new Data with same type and lang code !"); @@ -117,7 +117,7 @@ public class SupportiveMaterialServiceImpl implements SupportiveMaterialService{ this.entityManager.flush(); - return this.builderFactory.builder(SupportiveMaterialBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, SupportiveMaterial._id), d); + return this.builderFactory.builder(SupportiveMaterialBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, SupportiveMaterial._id), d); } public void deleteAndSave(UUID id) throws MyForbiddenException, InvalidApplicationException { diff --git a/backend/core/src/main/java/org/opencdmp/service/tag/TagServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/tag/TagServiceImpl.java index f3396796a..fa560c28b 100644 --- a/backend/core/src/main/java/org/opencdmp/service/tag/TagServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/tag/TagServiceImpl.java @@ -112,7 +112,7 @@ public class TagServiceImpl implements TagService { this.entityManager.flush(); this.eventBroker.emit(new TagTouchedEvent(data.getId())); - return this.builderFactory.builder(TagBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Tag._id), data); + return this.builderFactory.builder(TagBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, Tag._id), data); } public void deleteAndSave(UUID id) throws MyForbiddenException, InvalidApplicationException { diff --git a/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java index 35a114b38..cb2059550 100644 --- a/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java @@ -16,8 +16,8 @@ import gr.cite.tools.fieldset.BaseFieldSet; import gr.cite.tools.fieldset.FieldSet; import gr.cite.tools.logging.LoggerService; import gr.cite.tools.logging.MapLogEntry; +import org.opencdmp.authorization.AuthorizationConfiguration; import org.opencdmp.authorization.AuthorizationFlags; -import org.opencdmp.authorization.AuthorizationProperties; import org.opencdmp.authorization.ClaimNames; import org.opencdmp.authorization.Permission; import org.opencdmp.commons.enums.IsActive; @@ -77,7 +77,7 @@ public class TenantServiceImpl implements TenantService { private final TenantRemovalIntegrationEventHandler tenantRemovalIntegrationEventHandler; private final UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler; private final KeycloakService keycloakService; - private final AuthorizationProperties authorizationProperties; + private final AuthorizationConfiguration authorizationConfiguration; private final TenantScope tenantScope; private final QueryFactory queryFactory; private final CurrentPrincipalResolver currentPrincipalResolver; @@ -93,7 +93,7 @@ public class TenantServiceImpl implements TenantService { BuilderFactory builderFactory, ConventionService conventionService, MessageSource messageSource, - ErrorThesaurusProperties errors, TenantTouchedIntegrationEventHandler tenantTouchedIntegrationEventHandler, TenantRemovalIntegrationEventHandler tenantRemovalIntegrationEventHandler, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler, KeycloakService keycloakService, AuthorizationProperties authorizationProperties, TenantScope tenantScope, QueryFactory queryFactory, CurrentPrincipalResolver currentPrincipalResolver, ClaimExtractor claimExtractor, EventBroker eventBroker) { + ErrorThesaurusProperties errors, TenantTouchedIntegrationEventHandler tenantTouchedIntegrationEventHandler, TenantRemovalIntegrationEventHandler tenantRemovalIntegrationEventHandler, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler, KeycloakService keycloakService, AuthorizationConfiguration authorizationConfiguration, TenantScope tenantScope, QueryFactory queryFactory, CurrentPrincipalResolver currentPrincipalResolver, ClaimExtractor claimExtractor, EventBroker eventBroker) { this.entityManager = entityManager; this.authorizationService = authorizationService; this.deleterFactory = deleterFactory; @@ -105,7 +105,7 @@ public class TenantServiceImpl implements TenantService { this.tenantRemovalIntegrationEventHandler = tenantRemovalIntegrationEventHandler; this.userTouchedIntegrationEventHandler = userTouchedIntegrationEventHandler; this.keycloakService = keycloakService; - this.authorizationProperties = authorizationProperties; + this.authorizationConfiguration = authorizationConfiguration; this.tenantScope = tenantScope; this.queryFactory = queryFactory; this.currentPrincipalResolver = currentPrincipalResolver; @@ -160,17 +160,17 @@ public class TenantServiceImpl implements TenantService { this.eventBroker.emit(new TenantTouchedEvent(data.getId(), data.getCode())); - return this.builderFactory.builder(TenantBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, Tenant._id), data); + return this.builderFactory.builder(TenantBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, Tenant._id), data); } private void autoAssignGlobalAdminsToNewTenant(TenantEntity tenant) throws InvalidApplicationException { - if (!this.authorizationProperties.getAutoAssignGlobalAdminToNewTenants()) return; + if (!this.authorizationConfiguration.getAuthorizationProperties().getAutoAssignGlobalAdminToNewTenants()) return; List existingItems; List userCredentialEntities; try { this.entityManager.disableTenantFilters(); - existingItems = this.queryFactory.query(UserRoleQuery.class).disableTracking().tenantIsSet(false).roles(this.authorizationProperties.getGlobalAdminRoles()).collect(); + existingItems = this.queryFactory.query(UserRoleQuery.class).disableTracking().tenantIsSet(false).roles(this.authorizationConfiguration.getAuthorizationProperties().getGlobalAdminRoles()).collect(); userCredentialEntities = this.queryFactory.query(UserCredentialQuery.class).disableTracking().userIds(existingItems.stream().map(UserRoleEntity::getUserId).distinct().toList()).collect(); List keycloakIdsToAddToTenantGroup = new ArrayList<>(); @@ -191,10 +191,10 @@ public class TenantServiceImpl implements TenantService { item.setId(UUID.randomUUID()); item.setUserId(userId); item.setTenantId(tenant.getId()); - if (existingItems.stream().filter(x -> x.getUserId().equals(userId) && x.getRole().equals(this.authorizationProperties.getAdminRole())).findFirst().orElse(null) != null){ - item.setRole(this.authorizationProperties.getTenantAdminRole()); // admin + if (existingItems.stream().filter(x -> x.getUserId().equals(userId) && x.getRole().equals(this.authorizationConfiguration.getAuthorizationProperties().getAdminRole())).findFirst().orElse(null) != null){ + item.setRole(this.authorizationConfiguration.getAuthorizationProperties().getTenantAdminRole()); // admin } else { - item.setRole(this.authorizationProperties.getTenantUserRole()); // installation admin + item.setRole(this.authorizationConfiguration.getAuthorizationProperties().getTenantUserRole()); // installation admin } item.setCreatedAt(Instant.now()); this.entityManager.persist(item); @@ -214,7 +214,7 @@ public class TenantServiceImpl implements TenantService { this.entityManager.flush(); for (String externalId : keycloakIdsToAddToTenantGroup) { - this.keycloakService.addUserToTenantRoleGroup(externalId, tenant.getCode(), this.authorizationProperties.getTenantAdminRole()); + this.keycloakService.addUserToTenantRoleGroup(externalId, tenant.getCode(), this.authorizationConfiguration.getAuthorizationProperties().getTenantAdminRole()); } } finally { this.entityManager.reloadTenantFilters(); diff --git a/backend/core/src/main/java/org/opencdmp/service/tenantconfiguration/TenantConfigurationServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/tenantconfiguration/TenantConfigurationServiceImpl.java index c3399a514..7d8a112c5 100644 --- a/backend/core/src/main/java/org/opencdmp/service/tenantconfiguration/TenantConfigurationServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/tenantconfiguration/TenantConfigurationServiceImpl.java @@ -185,7 +185,7 @@ public class TenantConfigurationServiceImpl implements TenantConfigurationServic this.tenantDefaultLocaleTouchedIntegrationEventHandler.handle(event); } - return this.builderFactory.builder(TenantConfigurationBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, TenantConfiguration._id), data); + return this.builderFactory.builder(TenantConfigurationBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, TenantConfiguration._id), data); } private @NotNull DepositTenantConfigurationEntity buildDepositTenantConfigurationEntity(DepositTenantConfigurationPersist persist) throws InvalidAlgorithmParameterException, NoSuchPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException, BadPaddingException, InvalidKeyException { diff --git a/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java index df466dd1e..65978f6e3 100644 --- a/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java @@ -20,8 +20,8 @@ import org.apache.commons.csv.CSVFormat; import org.apache.commons.csv.CSVPrinter; import org.apache.commons.csv.QuoteMode; import org.jetbrains.annotations.NotNull; +import org.opencdmp.authorization.AuthorizationConfiguration; import org.opencdmp.authorization.AuthorizationFlags; -import org.opencdmp.authorization.AuthorizationProperties; import org.opencdmp.authorization.OwnedResource; import org.opencdmp.authorization.Permission; import org.opencdmp.commons.JsonHandlingService; @@ -112,22 +112,22 @@ public class UserServiceImpl implements UserService { private final ElasticService elasticService; private final UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler; private final UserRemovalIntegrationEventHandler userRemovalIntegrationEventHandler; - private final AuthorizationProperties authorizationProperties; + private final AuthorizationConfiguration authorizationConfiguration; private final TenantScope tenantScope; private final AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler; @Autowired public UserServiceImpl( - TenantEntityManager entityManager, - AuthorizationService authorizationService, - DeleterFactory deleterFactory, - BuilderFactory builderFactory, - ConventionService conventionService, - ErrorThesaurusProperties errors, - MessageSource messageSource, - EventBroker eventBroker, - JsonHandlingService jsonHandlingService, - XmlHandlingService xmlHandlingService, QueryFactory queryFactory, - UserScope userScope, KeycloakService keycloakService, ActionConfirmationService actionConfirmationService, NotificationProperties notificationProperties, NotifyIntegrationEventHandler eventHandler, ValidatorFactory validatorFactory, ElasticService elasticService, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler, UserRemovalIntegrationEventHandler userRemovalIntegrationEventHandler, AuthorizationProperties authorizationProperties, TenantScope tenantScope, AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler) { + TenantEntityManager entityManager, + AuthorizationService authorizationService, + DeleterFactory deleterFactory, + BuilderFactory builderFactory, + ConventionService conventionService, + ErrorThesaurusProperties errors, + MessageSource messageSource, + EventBroker eventBroker, + JsonHandlingService jsonHandlingService, + XmlHandlingService xmlHandlingService, QueryFactory queryFactory, + UserScope userScope, KeycloakService keycloakService, ActionConfirmationService actionConfirmationService, NotificationProperties notificationProperties, NotifyIntegrationEventHandler eventHandler, ValidatorFactory validatorFactory, ElasticService elasticService, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler, UserRemovalIntegrationEventHandler userRemovalIntegrationEventHandler, AuthorizationConfiguration authorizationConfiguration, TenantScope tenantScope, AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler) { this.entityManager = entityManager; this.authorizationService = authorizationService; this.deleterFactory = deleterFactory; @@ -148,7 +148,7 @@ public class UserServiceImpl implements UserService { this.elasticService = elasticService; this.userTouchedIntegrationEventHandler = userTouchedIntegrationEventHandler; this.userRemovalIntegrationEventHandler = userRemovalIntegrationEventHandler; - this.authorizationProperties = authorizationProperties; + this.authorizationConfiguration = authorizationConfiguration; this.tenantScope = tenantScope; this.annotationEntityTouchedIntegrationEventHandler = annotationEntityTouchedIntegrationEventHandler; } @@ -187,7 +187,7 @@ public class UserServiceImpl implements UserService { this.eventBroker.emit(new UserTouchedEvent(data.getId())); this.userTouchedIntegrationEventHandler.handle(data.getId()); - return this.builderFactory.builder(UserBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, User._id), data); + return this.builderFactory.builder(UserBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, User._id), data); } private @NotNull AdditionalInfoEntity buildAdditionalInfoEntity(UserAdditionalInfoPersist persist) throws InvalidApplicationException { @@ -343,16 +343,16 @@ public class UserServiceImpl implements UserService { this.syncKeycloakRoles(data.getId()); this.userTouchedIntegrationEventHandler.handle(data.getId()); - return this.builderFactory.builder(UserBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, User._id), data); + return this.builderFactory.builder(UserBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, User._id), data); } private void applyGlobalRoles(UUID userId, UserRolePatchPersist model) throws InvalidApplicationException { try { this.entityManager.disableTenantFilters(); - List existingItems = this.queryFactory.query(UserRoleQuery.class).userIds(userId).tenantIsSet(false).roles(this.authorizationProperties.getAllowedGlobalRoles()).collect(); + List existingItems = this.queryFactory.query(UserRoleQuery.class).userIds(userId).tenantIsSet(false).roles(this.authorizationConfiguration.getAuthorizationProperties().getAllowedGlobalRoles()).collect(); List foundIds = new ArrayList<>(); - for (String roleName : model.getRoles().stream().filter(x -> x != null && !x.isBlank() && this.authorizationProperties.getAllowedGlobalRoles().contains(x)).distinct().toList()) { + for (String roleName : model.getRoles().stream().filter(x -> x != null && !x.isBlank() && this.authorizationConfiguration.getAuthorizationProperties().getAllowedGlobalRoles().contains(x)).distinct().toList()) { UserRoleEntity item = existingItems.stream().filter(x -> x.getRole().equals(roleName)).findFirst().orElse(null); if (item == null) { item = new UserRoleEntity(); @@ -379,7 +379,7 @@ public class UserServiceImpl implements UserService { private void applyTenantRoles(UUID userId, UserRolePatchPersist model) throws InvalidApplicationException { if (!this.tenantScope.isSet()) throw new MyForbiddenException("tenant scope required"); - UserRoleQuery userRoleQuery = this.queryFactory.query(UserRoleQuery.class).userIds(userId).roles(this.authorizationProperties.getAllowedTenantRoles()); + UserRoleQuery userRoleQuery = this.queryFactory.query(UserRoleQuery.class).userIds(userId).roles(this.authorizationConfiguration.getAuthorizationProperties().getAllowedTenantRoles()); if (this.tenantScope.isDefaultTenant()) userRoleQuery.tenantIsSet(false); else userRoleQuery.tenantIsSet(true).tenantIds(this.tenantScope.getTenant()); @@ -387,7 +387,7 @@ public class UserServiceImpl implements UserService { List existingItems = userRoleQuery.collect(); List foundIds = new ArrayList<>(); - for (String roleName : model.getRoles().stream().filter(x-> x != null && !x.isBlank() && this.authorizationProperties.getAllowedTenantRoles().contains(x)).distinct().toList()) { + for (String roleName : model.getRoles().stream().filter(x-> x != null && !x.isBlank() && this.authorizationConfiguration.getAuthorizationProperties().getAllowedTenantRoles().contains(x)).distinct().toList()) { UserRoleEntity item = existingItems.stream().filter(x-> x.getRole().equals(roleName)).findFirst().orElse(null); if (item == null) { item = new UserRoleEntity(); @@ -700,9 +700,9 @@ public class UserServiceImpl implements UserService { for (UserCredentialEntity userCredential : userCredentials){ this.keycloakService.removeFromAllGroups(userCredential.getExternalId()); for (UserRoleEntity userRole : userRoles) { - if (this.authorizationProperties.getAllowedGlobalRoles().contains(userRole.getRole())){ + if (this.authorizationConfiguration.getAuthorizationProperties().getAllowedGlobalRoles().contains(userRole.getRole())){ this.keycloakService.addUserToGlobalRoleGroup(userCredential.getExternalId(), userRole.getRole()); - } else if (this.authorizationProperties.getAllowedTenantRoles().contains(userRole.getRole())){ + } else if (this.authorizationConfiguration.getAuthorizationProperties().getAllowedTenantRoles().contains(userRole.getRole())){ String tenantCode = userRole.getTenantId() == null ? this.tenantScope.getDefaultTenantCode() : tenants.stream().filter(x-> x.getId().equals(userRole.getTenantId())).map(TenantEntity::getCode).findFirst().orElse(null); if (!this.conventionService.isNullOrEmpty(tenantCode)) this.keycloakService.addUserToTenantRoleGroup(userCredential.getExternalId(), tenantCode, userRole.getRole()); } @@ -900,8 +900,8 @@ public class UserServiceImpl implements UserService { } private void addToDefaultUserGroups(String subjectId){ - this.keycloakService.addUserToGlobalRoleGroup(subjectId, this.authorizationProperties.getGlobalUserRole()); - this.keycloakService.addUserToTenantRoleGroup(subjectId, this.tenantScope.getDefaultTenantCode(), this.authorizationProperties.getTenantUserRole()); + this.keycloakService.addUserToGlobalRoleGroup(subjectId, this.authorizationConfiguration.getAuthorizationProperties().getGlobalUserRole()); + this.keycloakService.addUserToTenantRoleGroup(subjectId, this.tenantScope.getDefaultTenantCode(), this.authorizationConfiguration.getAuthorizationProperties().getTenantUserRole()); } private void checkActionState(ActionConfirmationEntity action) throws MyApplicationException { diff --git a/backend/core/src/main/java/org/opencdmp/service/user/settings/UserSettingsServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/user/settings/UserSettingsServiceImpl.java index e5166c243..2062ef2f2 100644 --- a/backend/core/src/main/java/org/opencdmp/service/user/settings/UserSettingsServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/user/settings/UserSettingsServiceImpl.java @@ -84,7 +84,7 @@ public class UserSettingsServiceImpl implements UserSettingsService { this.entityManager.flush(); - return this.builderFactory.builder(UserSettingsBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(BaseFieldSet.build(fields, UserSettings._id, UserSettings._key), data); + return this.builderFactory.builder(UserSettingsBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(BaseFieldSet.build(fields, UserSettings._id, UserSettings._key), data); } } diff --git a/backend/web/src/main/java/org/opencdmp/authorization/AffiliatedAuthorizationHandler.java b/backend/web/src/main/java/org/opencdmp/authorization/AffiliatedAuthorizationHandler.java index d97b46b91..b12ed64d6 100644 --- a/backend/web/src/main/java/org/opencdmp/authorization/AffiliatedAuthorizationHandler.java +++ b/backend/web/src/main/java/org/opencdmp/authorization/AffiliatedAuthorizationHandler.java @@ -1,10 +1,11 @@ package org.opencdmp.authorization; -import org.opencdmp.commons.enums.DmpUserRole; import gr.cite.commons.web.authz.handler.AuthorizationHandler; import gr.cite.commons.web.authz.handler.AuthorizationHandlerContext; import gr.cite.commons.web.authz.policy.AuthorizationRequirement; import gr.cite.commons.web.oidc.principal.MyPrincipal; +import org.opencdmp.commons.enums.DmpUserRole; +import org.opencdmp.commons.enums.UserDescriptionTemplateRole; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -32,16 +33,18 @@ public class AffiliatedAuthorizationHandler extends AuthorizationHandler roles = rs != null && rs.getDmpUserRoles() != null ? rs.getDmpUserRoles() : null; + HashSet dmpUserRoles = rs != null && rs.getDmpUserRoles() != null ? rs.getDmpUserRoles() : null; + HashSet userDescriptionTemplateRoles = rs != null && rs.getUserDescriptionTemplateRoles() != null ? rs.getUserDescriptionTemplateRoles() : null; for (String permission : req.getRequiredPermissions()) { - CustomPermissionAttributesProperties.MyPermission policy = myConfiguration.getMyPolicies().get(permission); - boolean hasPermission = policy != null && hasPermission(policy.getDmp(), roles); - if (hasPermission) hits += 1; + CustomPermissionAttributesProperties.MyPermission policy = this.myConfiguration.getMyPolicies().get(permission); + boolean hasDmpPermission = policy != null && this.hasPermission(policy.getDmp(), dmpUserRoles); + boolean hasDescriptionTemplatePermission = policy != null && this.hasPermission(policy.getDescriptionTemplate(), userDescriptionTemplateRoles); + if (hasDmpPermission || hasDescriptionTemplatePermission) hits += 1; } if ((req.getMatchAll() && req.getRequiredPermissions().size() == hits) || (!req.getMatchAll() && hits > 0)) return ACCESS_GRANTED; @@ -49,6 +52,18 @@ public class AffiliatedAuthorizationHandler extends AuthorizationHandler roles) { + if (roles == null) + return Boolean.FALSE; + if (descriptionTemplateRole == null || descriptionTemplateRole.getRoles() == null) + return Boolean.FALSE; + for (UserDescriptionTemplateRole role : descriptionTemplateRole.getRoles()) { + if (roles.contains(role)) + return Boolean.TRUE; + } + return Boolean.FALSE; + } + private Boolean hasPermission(DmpRole dmpRole, HashSet roles) { if (roles == null) return Boolean.FALSE; diff --git a/backend/web/src/main/java/org/opencdmp/authorization/CustomPermissionAttributesProperties.java b/backend/web/src/main/java/org/opencdmp/authorization/CustomPermissionAttributesProperties.java index 28cc7d6b1..5e6474aa3 100644 --- a/backend/web/src/main/java/org/opencdmp/authorization/CustomPermissionAttributesProperties.java +++ b/backend/web/src/main/java/org/opencdmp/authorization/CustomPermissionAttributesProperties.java @@ -18,21 +18,27 @@ public class CustomPermissionAttributesProperties { } public HashMap getPolicies() { - return policies; + return this.policies; } public static class MyPermission { private final DmpRole dmp; + private final DescriptionTemplateRole descriptionTemplate; @ConstructorBinding - public MyPermission(DmpRole dmp) { + public MyPermission(DmpRole dmp, DescriptionTemplateRole descriptionTemplate) { this.dmp = dmp; + this.descriptionTemplate = descriptionTemplate; } public DmpRole getDmp() { - return dmp; + return this.dmp; + } + + public DescriptionTemplateRole getDescriptionTemplate() { + return this.descriptionTemplate; } } diff --git a/backend/web/src/main/java/org/opencdmp/authorization/DescriptionTemplateRole.java b/backend/web/src/main/java/org/opencdmp/authorization/DescriptionTemplateRole.java new file mode 100644 index 000000000..9c55eb0fb --- /dev/null +++ b/backend/web/src/main/java/org/opencdmp/authorization/DescriptionTemplateRole.java @@ -0,0 +1,20 @@ +package org.opencdmp.authorization; + +import org.opencdmp.commons.enums.UserDescriptionTemplateRole; +import org.springframework.boot.context.properties.bind.ConstructorBinding; + +import java.util.Set; + +public class DescriptionTemplateRole { + private final Set roles; + + @ConstructorBinding + public DescriptionTemplateRole(Set roles) { + this.roles = roles; + } + + public Set getRoles() { + return this.roles; + } + +} diff --git a/backend/web/src/main/java/org/opencdmp/authorization/DmpRole.java b/backend/web/src/main/java/org/opencdmp/authorization/DmpRole.java index dfb081bad..7e65e09fd 100644 --- a/backend/web/src/main/java/org/opencdmp/authorization/DmpRole.java +++ b/backend/web/src/main/java/org/opencdmp/authorization/DmpRole.java @@ -15,7 +15,7 @@ public class DmpRole { } public Set getRoles() { - return roles; + return this.roles; } } diff --git a/backend/web/src/main/java/org/opencdmp/controllers/DescriptionController.java b/backend/web/src/main/java/org/opencdmp/controllers/DescriptionController.java index bf7dd2b80..77784be83 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/DescriptionController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/DescriptionController.java @@ -155,47 +155,25 @@ public class DescriptionController { } @PostMapping("query") - @Operation( - summary = "Query all descriptions", - description = SwaggerHelpers.Description.endpoint_query, - requestBody = @io.swagger.v3.oas.annotations.parameters.RequestBody( - description = SwaggerHelpers.Description.endpoint_query_request_body, - content = { - @Content( - examples = { - @ExampleObject( - name = "Pagination and projection", - description = "Simple paginated request using a property projection list and pagination info", - value = SwaggerHelpers.Description.endpoint_query_request_body_example - ) - } - ) - } - ), - responses = { - @ApiResponse( - description = "OK", - responseCode = "200", - content = { - @Content( - examples = { - @ExampleObject( - name = "First page", - description = "Example with the first page of paginated results", - value = SwaggerHelpers.Description.endpoint_query_response_example - ) - } - ) - } - ) - } - ) + @Operation(summary = "Query all descriptions", description = SwaggerHelpers.Description.endpoint_query, requestBody = @io.swagger.v3.oas.annotations.parameters.RequestBody(description = SwaggerHelpers.Description.endpoint_query_request_body, content = @Content( + examples = { + @ExampleObject( + name = "Pagination and projection", + description = "Simple paginated request using a property projection list and pagination info", + value = SwaggerHelpers.Description.endpoint_query_request_body_example + ) + } + )), responses = @ApiResponse(description = "OK", responseCode = "200", content = @Content(examples = @ExampleObject( + name = "First page", + description = "Example with the first page of paginated results", + value = SwaggerHelpers.Description.endpoint_query_response_example + )))) public QueryResult query(@RequestBody DescriptionLookup lookup) throws MyApplicationException, MyForbiddenException { logger.debug("querying {}", Description.class.getSimpleName()); this.censorFactory.censor(DescriptionCensor.class).censor(lookup.getProject(), null); - QueryResult queryResult = this.elasticQueryHelperService.collect(lookup, AuthorizationFlags.OwnerOrDmpAssociatedOrPermission, null); + QueryResult queryResult = this.elasticQueryHelperService.collect(lookup, AuthorizationFlags.AllExceptPublic, null); this.auditService.track(AuditableAction.Description_Query, "lookup", lookup); @@ -215,8 +193,8 @@ public class DescriptionController { this.censorFactory.censor(DescriptionCensor.class).censor(fieldSet, null); - DescriptionQuery query = this.queryFactory.query(DescriptionQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).ids(id); - Description model = this.builderFactory.builder(DescriptionBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + DescriptionQuery query = this.queryFactory.query(DescriptionQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).isActive(IsActive.Active).ids(id); + Description model = this.builderFactory.builder(DescriptionBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Description.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/DescriptionTemplateController.java b/backend/web/src/main/java/org/opencdmp/controllers/DescriptionTemplateController.java index 8641f5e04..692c7f6c1 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/DescriptionTemplateController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/DescriptionTemplateController.java @@ -88,10 +88,10 @@ public class DescriptionTemplateController { this.censorFactory.censor(DescriptionTemplateCensor.class).censor(lookup.getProject(), null); - DescriptionTemplateQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + DescriptionTemplateQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(DescriptionTemplateBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(DescriptionTemplateBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.DescriptionTemplate_Query, "lookup", lookup); @@ -106,8 +106,8 @@ public class DescriptionTemplateController { this.censorFactory.censor(DescriptionTemplateCensor.class).censor(fieldSet, null); - DescriptionTemplateQuery query = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - DescriptionTemplate model = this.builderFactory.builder(DescriptionTemplateBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + DescriptionTemplateQuery query = this.queryFactory.query(DescriptionTemplateQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + DescriptionTemplate model = this.builderFactory.builder(DescriptionTemplateBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DescriptionTemplate.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/DescriptionTemplateTypeController.java b/backend/web/src/main/java/org/opencdmp/controllers/DescriptionTemplateTypeController.java index 180217c00..45e4741bd 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/DescriptionTemplateTypeController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/DescriptionTemplateTypeController.java @@ -68,10 +68,10 @@ public class DescriptionTemplateTypeController { this.censorFactory.censor(DescriptionTemplateTypeCensor.class).censor(lookup.getProject(), null); - DescriptionTemplateTypeQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + DescriptionTemplateTypeQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(DescriptionTemplateTypeBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(DescriptionTemplateTypeBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.DescriptionTemplateType_Query, "lookup", lookup); @@ -86,8 +86,8 @@ public class DescriptionTemplateTypeController { this.censorFactory.censor(DescriptionTemplateTypeCensor.class).censor(fieldSet, null); - DescriptionTemplateTypeQuery query = this.queryFactory.query(DescriptionTemplateTypeQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - DescriptionTemplateType model = this.builderFactory.builder(DescriptionTemplateTypeBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + DescriptionTemplateTypeQuery query = this.queryFactory.query(DescriptionTemplateTypeQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + DescriptionTemplateType model = this.builderFactory.builder(DescriptionTemplateTypeBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DescriptionTemplateType.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/DmpBlueprintController.java b/backend/web/src/main/java/org/opencdmp/controllers/DmpBlueprintController.java index d974da817..1785db11d 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/DmpBlueprintController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/DmpBlueprintController.java @@ -81,10 +81,10 @@ public class DmpBlueprintController { logger.debug("querying {}", DmpBlueprint.class.getSimpleName()); this.censorFactory.censor(DmpBlueprintCensor.class).censor(lookup.getProject(), null); - DmpBlueprintQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + DmpBlueprintQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(DmpBlueprintBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(DmpBlueprintBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.DmpBlueprint_Query, "lookup", lookup); @@ -98,8 +98,8 @@ public class DmpBlueprintController { this.censorFactory.censor(DmpBlueprintCensor.class).censor(fieldSet, null); - DmpBlueprintQuery query = this.queryFactory.query(DmpBlueprintQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - DmpBlueprint model = this.builderFactory.builder(DmpBlueprintBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + DmpBlueprintQuery query = this.queryFactory.query(DmpBlueprintQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + DmpBlueprint model = this.builderFactory.builder(DmpBlueprintBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, DmpBlueprint.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/DmpController.java b/backend/web/src/main/java/org/opencdmp/controllers/DmpController.java index 87b1ef9ea..ce2bc8372 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/DmpController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/DmpController.java @@ -159,7 +159,7 @@ public class DmpController { this.censorFactory.censor(DmpCensor.class).censor(lookup.getProject(), null); - QueryResult queryResult = this.elasticQueryHelperService.collect(lookup, AuthorizationFlags.OwnerOrDmpAssociatedOrPermission, null); + QueryResult queryResult = this.elasticQueryHelperService.collect(lookup, AuthorizationFlags.AllExceptPublic, null); this.auditService.track(AuditableAction.Dmp_Query, "lookup", lookup); @@ -178,8 +178,8 @@ public class DmpController { this.censorFactory.censor(DmpCensor.class).censor(fieldSet, null); - DmpQuery query = this.queryFactory.query(DmpQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - Dmp model = this.builderFactory.builder(DmpBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + DmpQuery query = this.queryFactory.query(DmpQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + Dmp model = this.builderFactory.builder(DmpBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/EntityDoiController.java b/backend/web/src/main/java/org/opencdmp/controllers/EntityDoiController.java index 16f48a3b1..616e473c6 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/EntityDoiController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/EntityDoiController.java @@ -70,10 +70,10 @@ public class EntityDoiController { this.censorFactory.censor(EntityDoiCensor.class).censor(lookup.getProject(), null); - EntityDoiQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + EntityDoiQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(EntityDoiBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(EntityDoiBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.EntityDoi_Query, "lookup", lookup); @@ -87,8 +87,8 @@ public class EntityDoiController { this.censorFactory.censor(EntityDoiCensor.class).censor(fieldSet, null); - EntityDoiQuery query = this.queryFactory.query(EntityDoiQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - EntityDoi model = this.builderFactory.builder(EntityDoiBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + EntityDoiQuery query = this.queryFactory.query(EntityDoiQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + EntityDoi model = this.builderFactory.builder(EntityDoiBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, EntityDoi.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/LanguageController.java b/backend/web/src/main/java/org/opencdmp/controllers/LanguageController.java index 6013480c6..8823337db 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/LanguageController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/LanguageController.java @@ -79,9 +79,9 @@ public class LanguageController { this.censorFactory.censor(LanguageCensor.class).censor(lookup.getProject(), null); - LanguageQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + LanguageQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(LanguageBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(LanguageBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.Language_Query, "lookup", lookup); @@ -95,8 +95,8 @@ public class LanguageController { this.censorFactory.censor(LanguageCensor.class).censor(fieldSet, null); - LanguageQuery query = this.queryFactory.query(LanguageQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - Language model = this.builderFactory.builder(LanguageBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + LanguageQuery query = this.queryFactory.query(LanguageQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + Language model = this.builderFactory.builder(LanguageBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Language.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/LockController.java b/backend/web/src/main/java/org/opencdmp/controllers/LockController.java index c25e27ff6..ec7af113a 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/LockController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/LockController.java @@ -90,9 +90,9 @@ public class LockController { this.censorFactory.censor(LockCensor.class).censor(lookup.getProject(), null); - LockQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + LockQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(LockBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(LockBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.Lock_Query, "lookup", lookup); @@ -106,8 +106,8 @@ public class LockController { this.censorFactory.censor(LockCensor.class).censor(fieldSet, null); - LockQuery query = this.queryFactory.query(LockQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - Lock model = this.builderFactory.builder(LockBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + LockQuery query = this.queryFactory.query(LockQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + Lock model = this.builderFactory.builder(LockBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Lock.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -142,8 +142,8 @@ public class LockController { this.censorFactory.censor(LockCensor.class).censor(fieldSet, null); - LockQuery query = this.queryFactory.query(LockQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).targetIds(targetId); - Lock model = this.builderFactory.builder(LockBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + LockQuery query = this.queryFactory.query(LockQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).targetIds(targetId); + Lock model = this.builderFactory.builder(LockBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{targetId, Lock.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -174,7 +174,8 @@ public class LockController { public boolean lock(@PathVariable("id") UUID targetId, @PathVariable("targetType") int targetType) throws Exception { AffiliatedResource affiliatedResourceDmp = this.authorizationContentResolver.dmpAffiliation(targetId); AffiliatedResource affiliatedResourceDescription = this.authorizationContentResolver.descriptionAffiliation(targetId); - this.authService.authorizeAtLeastOneForce(List.of(affiliatedResourceDmp, affiliatedResourceDescription), Permission.EditLock); + AffiliatedResource affiliatedResourceDescriptionTemplate = this.authorizationContentResolver.descriptionTemplateAffiliation(targetId); + this.authService.authorizeAtLeastOneForce(List.of(affiliatedResourceDmp, affiliatedResourceDescription, affiliatedResourceDescriptionTemplate), Permission.EditLock); this.lockService.lock(targetId, LockTargetType.of((short) targetType)); this.auditService.track(AuditableAction.Lock_Locked, Map.ofEntries( @@ -189,7 +190,8 @@ public class LockController { public boolean touch(@PathVariable("id") UUID targetId) throws Exception { AffiliatedResource affiliatedResourceDmp = this.authorizationContentResolver.dmpAffiliation(targetId); AffiliatedResource affiliatedResourceDescription = this.authorizationContentResolver.descriptionAffiliation(targetId); - this.authService.authorizeAtLeastOneForce(List.of(affiliatedResourceDmp, affiliatedResourceDescription), Permission.EditLock); + AffiliatedResource affiliatedResourceDescriptionTemplate = this.authorizationContentResolver.descriptionTemplateAffiliation(targetId); + this.authService.authorizeAtLeastOneForce(List.of(affiliatedResourceDmp, affiliatedResourceDescription, affiliatedResourceDescriptionTemplate), Permission.EditLock); this.lockService.touch(targetId); this.auditService.track(AuditableAction.Lock_Touched, Map.ofEntries( @@ -203,7 +205,8 @@ public class LockController { public boolean unlock(@PathVariable("id") UUID targetId) throws Exception { AffiliatedResource affiliatedResourceDmp = this.authorizationContentResolver.dmpAffiliation(targetId); AffiliatedResource affiliatedResourceDescription = this.authorizationContentResolver.descriptionAffiliation(targetId); - this.authService.authorizeAtLeastOneForce(List.of(affiliatedResourceDmp, affiliatedResourceDescription), Permission.EditLock); + AffiliatedResource affiliatedResourceDescriptionTemplate = this.authorizationContentResolver.descriptionTemplateAffiliation(targetId); + this.authService.authorizeAtLeastOneForce(List.of(affiliatedResourceDmp, affiliatedResourceDescription, affiliatedResourceDescriptionTemplate), Permission.EditLock); this.lockService.unlock(targetId); this.auditService.track(AuditableAction.Lock_UnLocked, Map.ofEntries( diff --git a/backend/web/src/main/java/org/opencdmp/controllers/PrefillingSourceController.java b/backend/web/src/main/java/org/opencdmp/controllers/PrefillingSourceController.java index db68b6e93..2894d02a6 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/PrefillingSourceController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/PrefillingSourceController.java @@ -87,9 +87,9 @@ public class PrefillingSourceController { this.censorFactory.censor(PrefillingSourceCensor.class).censor(lookup.getProject(), null); - PrefillingSourceQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + PrefillingSourceQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(PrefillingSourceBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(PrefillingSourceBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.PrefillingSource_Query, "lookup", lookup); @@ -104,8 +104,8 @@ public class PrefillingSourceController { this.censorFactory.censor(PrefillingSourceCensor.class).censor(fieldSet, null); - PrefillingSourceQuery query = this.queryFactory.query(PrefillingSourceQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - PrefillingSource model = this.builderFactory.builder(PrefillingSourceBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + PrefillingSourceQuery query = this.queryFactory.query(PrefillingSourceQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + PrefillingSource model = this.builderFactory.builder(PrefillingSourceBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, PrefillingSource.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/ReferenceController.java b/backend/web/src/main/java/org/opencdmp/controllers/ReferenceController.java index adf808e49..403515e62 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/ReferenceController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/ReferenceController.java @@ -81,9 +81,9 @@ public class ReferenceController { this.censorFactory.censor(ReferenceCensor.class).censor(lookup.getProject(), null); - ReferenceQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + ReferenceQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(ReferenceBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(ReferenceBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.Reference_Query, "lookup", lookup); @@ -124,8 +124,8 @@ public class ReferenceController { this.censorFactory.censor(ReferenceCensor.class).censor(fieldSet, null); - ReferenceQuery query = this.queryFactory.query(ReferenceQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - Reference model = this.builderFactory.builder(ReferenceBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + ReferenceQuery query = this.queryFactory.query(ReferenceQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + Reference model = this.builderFactory.builder(ReferenceBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Reference.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/ReferenceTypeController.java b/backend/web/src/main/java/org/opencdmp/controllers/ReferenceTypeController.java index 4d62fbc7e..78c430869 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/ReferenceTypeController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/ReferenceTypeController.java @@ -80,9 +80,9 @@ public class ReferenceTypeController{ this.censorFactory.censor(ReferenceTypeCensor.class).censor(lookup.getProject(), null); - ReferenceTypeQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + ReferenceTypeQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(ReferenceTypeBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(ReferenceTypeBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.ReferenceType_Query, "lookup", lookup); @@ -96,8 +96,8 @@ public class ReferenceTypeController{ this.censorFactory.censor(ReferenceTypeCensor.class).censor(fieldSet, null); - ReferenceTypeQuery query = this.queryFactory.query(ReferenceTypeQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - ReferenceType model = this.builderFactory.builder(ReferenceTypeBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + ReferenceTypeQuery query = this.queryFactory.query(ReferenceTypeQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + ReferenceType model = this.builderFactory.builder(ReferenceTypeBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, ReferenceType.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -115,8 +115,8 @@ public class ReferenceTypeController{ this.censorFactory.censor(ReferenceTypeCensor.class).censor(fieldSet, null); - ReferenceTypeQuery query = this.queryFactory.query(ReferenceTypeQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).codes(code); - ReferenceType model = this.builderFactory.builder(ReferenceTypeBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + ReferenceTypeQuery query = this.queryFactory.query(ReferenceTypeQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).codes(code); + ReferenceType model = this.builderFactory.builder(ReferenceTypeBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{code, ReferenceType.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/StorageFileController.java b/backend/web/src/main/java/org/opencdmp/controllers/StorageFileController.java index 1cac1f4a1..d3d9f3946 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/StorageFileController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/StorageFileController.java @@ -83,8 +83,8 @@ public class StorageFileController { this.authorizationService.authorizeForce(Permission.BrowseStorageFile, Permission.DeferredAffiliation); - StorageFileQuery query = this.queryFactory.query(StorageFileQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - StorageFile model = this.builderFactory.builder(StorageFileBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + StorageFileQuery query = this.queryFactory.query(StorageFileQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + StorageFile model = this.builderFactory.builder(StorageFileBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, StorageFile.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/SupportiveMaterialController.java b/backend/web/src/main/java/org/opencdmp/controllers/SupportiveMaterialController.java index 517525769..94f99f74b 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/SupportiveMaterialController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/SupportiveMaterialController.java @@ -80,9 +80,9 @@ public class SupportiveMaterialController { this.censorFactory.censor(SupportiveMaterialCensor.class).censor(lookup.getProject(), null); - SupportiveMaterialQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + SupportiveMaterialQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(SupportiveMaterialBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(SupportiveMaterialBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.SupportiveMaterial_Query, "lookup", lookup); @@ -96,8 +96,8 @@ public class SupportiveMaterialController { this.censorFactory.censor(SupportiveMaterialCensor.class).censor(fieldSet, null); - SupportiveMaterialQuery query = this.queryFactory.query(SupportiveMaterialQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - SupportiveMaterial model = this.builderFactory.builder(SupportiveMaterialBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + SupportiveMaterialQuery query = this.queryFactory.query(SupportiveMaterialQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + SupportiveMaterial model = this.builderFactory.builder(SupportiveMaterialBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, SupportiveMaterial.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -114,7 +114,7 @@ public class SupportiveMaterialController { logger.debug("querying {}", SupportiveMaterial.class.getSimpleName()); - SupportiveMaterialQuery query = this.queryFactory.query(SupportiveMaterialQuery.class).disableTracking().types(SupportiveMaterialFieldType.of(type)).languageCodes(language).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + SupportiveMaterialQuery query = this.queryFactory.query(SupportiveMaterialQuery.class).disableTracking().types(SupportiveMaterialFieldType.of(type)).languageCodes(language).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(new BaseFieldSet().ensure(SupportiveMaterial._id).ensure(SupportiveMaterial._payload)); byte[] content; if (data.size() == 1) content = data.getFirst().getPayload().getBytes(); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/TagController.java b/backend/web/src/main/java/org/opencdmp/controllers/TagController.java index 0236acd78..f45248617 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/TagController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/TagController.java @@ -70,10 +70,10 @@ public class TagController { this.censorFactory.censor(TagCensor.class).censor(lookup.getProject(), null); - TagQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + TagQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(TagBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(TagBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.Tag_Query, "lookup", lookup); @@ -87,8 +87,8 @@ public class TagController { this.censorFactory.censor(TagCensor.class).censor(fieldSet, null); - TagQuery query = this.queryFactory.query(TagQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - Tag model = this.builderFactory.builder(TagBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + TagQuery query = this.queryFactory.query(TagQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + Tag model = this.builderFactory.builder(TagBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Tag.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/TenantConfigurationController.java b/backend/web/src/main/java/org/opencdmp/controllers/TenantConfigurationController.java index bedd067c0..8caad954f 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/TenantConfigurationController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/TenantConfigurationController.java @@ -84,10 +84,10 @@ public class TenantConfigurationController { this.censorFactory.censor(TenantConfigurationCensor.class).censor(lookup.getProject(), null); - TenantConfigurationQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + TenantConfigurationQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(TenantConfigurationBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(TenantConfigurationBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.TenantConfiguration_Query, "lookup", lookup); @@ -101,8 +101,8 @@ public class TenantConfigurationController { this.censorFactory.censor(TenantConfigurationCensor.class).censor(fieldSet, null); - TenantConfigurationQuery query = this.queryFactory.query(TenantConfigurationQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - TenantConfiguration model = this.builderFactory.builder(TenantConfigurationBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + TenantConfigurationQuery query = this.queryFactory.query(TenantConfigurationQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + TenantConfiguration model = this.builderFactory.builder(TenantConfigurationBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, TenantConfiguration.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -120,11 +120,11 @@ public class TenantConfigurationController { this.censorFactory.censor(TenantConfigurationCensor.class).censor(fieldSet, null); - TenantConfigurationQuery query = this.queryFactory.query(TenantConfigurationQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).isActive(IsActive.Active).types(TenantConfigurationType.of(type)); + TenantConfigurationQuery query = this.queryFactory.query(TenantConfigurationQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).isActive(IsActive.Active).types(TenantConfigurationType.of(type)); if (this.tenantScope.isDefaultTenant()) query.tenantIsSet(false); else query.tenantIsSet(true).tenantIds(this.tenantScope.getTenant()); - TenantConfiguration model = this.builderFactory.builder(TenantConfigurationBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + TenantConfiguration model = this.builderFactory.builder(TenantConfigurationBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); this.auditService.track(AuditableAction.TenantConfiguration_LookupByType, Map.ofEntries( new AbstractMap.SimpleEntry("type", type), diff --git a/backend/web/src/main/java/org/opencdmp/controllers/TenantController.java b/backend/web/src/main/java/org/opencdmp/controllers/TenantController.java index e881cac14..e1a4e65b2 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/TenantController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/TenantController.java @@ -82,10 +82,10 @@ public class TenantController { logger.debug("querying {}", Tenant.class.getSimpleName()); this.censorFactory.censor(TenantCensor.class).censor(lookup.getProject(), null); - TenantQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + TenantQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(TenantBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(TenantBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.Tenant_Query, "lookup", lookup); @@ -99,8 +99,8 @@ public class TenantController { this.censorFactory.censor(TenantCensor.class).censor(fieldSet, null); - TenantQuery query = this.queryFactory.query(TenantQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - Tenant model = this.builderFactory.builder(TenantBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + TenantQuery query = this.queryFactory.query(TenantQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + Tenant model = this.builderFactory.builder(TenantBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, Tenant.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/UserController.java b/backend/web/src/main/java/org/opencdmp/controllers/UserController.java index fcf262973..0068f976b 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/UserController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/UserController.java @@ -98,10 +98,10 @@ public class UserController { this.censorFactory.censor(UserCensor.class).censor(lookup.getProject(), null); - UserQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + UserQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(UserBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(UserBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.User_Query, "lookup", lookup); @@ -118,7 +118,7 @@ public class UserController { UserQuery query = lookup.enrich(this.queryFactory).dmpAssociated(true).isActive(IsActive.Active); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(DmpAssociatedUserBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(DmpAssociatedUserBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.User_DmpAssociatedQuery, "lookup", lookup); @@ -132,8 +132,8 @@ public class UserController { this.censorFactory.censor(UserCensor.class).censor(fieldSet, id); - UserQuery query = this.queryFactory.query(UserQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).ids(id); - User model = this.builderFactory.builder(UserBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + UserQuery query = this.queryFactory.query(UserQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).ids(id); + User model = this.builderFactory.builder(UserBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{id, User.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -151,8 +151,8 @@ public class UserController { this.censorFactory.censor(UserCensor.class).censor(fieldSet, null); - UserQuery query = this.queryFactory.query(UserQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).emails(email); - User model = this.builderFactory.builder(UserBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + UserQuery query = this.queryFactory.query(UserQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).emails(email); + User model = this.builderFactory.builder(UserBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{email, User.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -183,8 +183,8 @@ public class UserController { this.censorFactory.censor(UserCensor.class).censor(fieldSet, this.userScope.getUserId()); - UserQuery query = this.queryFactory.query(UserQuery.class).disableTracking().ids(this.userScope.getUserId()).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); - User model = this.builderFactory.builder(UserBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + UserQuery query = this.queryFactory.query(UserQuery.class).disableTracking().ids(this.userScope.getUserId()).authorize(AuthorizationFlags.AllExceptPublic); + User model = this.builderFactory.builder(UserBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); if (model == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{this.userScope.getUserId(), User.class.getSimpleName()}, LocaleContextHolder.getLocale())); diff --git a/backend/web/src/main/java/org/opencdmp/controllers/UserSettingsController.java b/backend/web/src/main/java/org/opencdmp/controllers/UserSettingsController.java index f33b7a045..7f82d6ce9 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/UserSettingsController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/UserSettingsController.java @@ -73,9 +73,9 @@ public class UserSettingsController { public QueryResult Query(@RequestBody UserSettingsLookup lookup) throws MyApplicationException, MyForbiddenException { logger.debug("querying {}", UserSettings.class.getSimpleName()); this.censorFactory.censor(UserSettingsCensor.class).censor(lookup.getProject(), null); - UserSettingsQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission); + UserSettingsQuery query = lookup.enrich(this.queryFactory).authorize(AuthorizationFlags.AllExceptPublic); List data = query.collectAs(lookup.getProject()); - List models = this.builderFactory.builder(UserSettingsBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(lookup.getProject(), data); + List models = this.builderFactory.builder(UserSettingsBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(lookup.getProject(), data); long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size(); this.auditService.track(AuditableAction.User_Settings_Query, "lookup", lookup); @@ -98,8 +98,8 @@ public class UserSettingsController { UserSettings._updatedAt, UserSettings._type )); - UserSettingsQuery query = this.queryFactory.query(UserSettingsQuery.class).disableTracking().authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).keys(key); - UserSettings model = this.builderFactory.builder(UserSettingsBuilder.class).authorize(AuthorizationFlags.OwnerOrDmpAssociatedOrPermission).build(fieldSet, query.firstAs(fieldSet)); + UserSettingsQuery query = this.queryFactory.query(UserSettingsQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).keys(key); + UserSettings model = this.builderFactory.builder(UserSettingsBuilder.class).authorize(AuthorizationFlags.AllExceptPublic).build(fieldSet, query.firstAs(fieldSet)); this.auditService.track(AuditableAction.User_Settings_Lookup, Map.ofEntries( new AbstractMap.SimpleEntry("key", key) diff --git a/backend/web/src/main/java/org/opencdmp/interceptors/tenant/TenantInterceptor.java b/backend/web/src/main/java/org/opencdmp/interceptors/tenant/TenantInterceptor.java index c6a45ba0f..d4bd37381 100644 --- a/backend/web/src/main/java/org/opencdmp/interceptors/tenant/TenantInterceptor.java +++ b/backend/web/src/main/java/org/opencdmp/interceptors/tenant/TenantInterceptor.java @@ -12,7 +12,7 @@ import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.CriteriaQuery; import jakarta.persistence.criteria.Root; import org.jetbrains.annotations.NotNull; -import org.opencdmp.authorization.AuthorizationProperties; +import org.opencdmp.authorization.AuthorizationConfiguration; import org.opencdmp.authorization.ClaimNames; import org.opencdmp.authorization.Permission; import org.opencdmp.commons.enums.IsActive; @@ -67,7 +67,7 @@ public class TenantInterceptor implements WebRequestInterceptor { private final LockByKeyManager lockByKeyManager; private final ConventionService conventionService; private final UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler; - private final AuthorizationProperties authorizationProperties; + private final AuthorizationConfiguration authorizationConfiguration; private final UserTenantRolesCacheService userTenantRolesCacheService; public final TenantEntityManager tenantEntityManager; @@ -84,7 +84,7 @@ public class TenantInterceptor implements WebRequestInterceptor { TenantScopeProperties tenantScopeProperties, UserAllowedTenantCacheService userAllowedTenantCacheService, PlatformTransactionManager transactionManager, - ErrorThesaurusProperties errors, QueryUtilsService queryUtilsService, LockByKeyManager lockByKeyManager, ConventionService conventionService, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler, AuthorizationProperties authorizationProperties, UserTenantRolesCacheService userTenantRolesCacheService, TenantEntityManager tenantEntityManager) { + ErrorThesaurusProperties errors, QueryUtilsService queryUtilsService, LockByKeyManager lockByKeyManager, ConventionService conventionService, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler, AuthorizationConfiguration authorizationConfiguration, UserTenantRolesCacheService userTenantRolesCacheService, TenantEntityManager tenantEntityManager) { this.tenantScope = tenantScope; this.userScope = userScope; this.currentPrincipalResolver = currentPrincipalResolver; @@ -98,7 +98,7 @@ public class TenantInterceptor implements WebRequestInterceptor { this.lockByKeyManager = lockByKeyManager; this.conventionService = conventionService; this.userTouchedIntegrationEventHandler = userTouchedIntegrationEventHandler; - this.authorizationProperties = authorizationProperties; + this.authorizationConfiguration = authorizationConfiguration; this.userTenantRolesCacheService = userTenantRolesCacheService; this.tenantEntityManager = tenantEntityManager; } @@ -287,7 +287,7 @@ public class TenantInterceptor implements WebRequestInterceptor { private List getRolesFromClaims() { List claimsRoles = this.claimExtractor.asStrings(this.currentPrincipalResolver.currentPrincipal(), ClaimNames.TenantRolesClaimName); if (claimsRoles == null) claimsRoles = new ArrayList<>(); - claimsRoles = claimsRoles.stream().filter(x -> x != null && !x.isBlank() && (this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedTenantRoles()) || this.authorizationProperties.getAllowedTenantRoles().contains(x))).distinct().toList(); + claimsRoles = claimsRoles.stream().filter(x -> x != null && !x.isBlank() && (this.conventionService.isListNullOrEmpty(this.authorizationConfiguration.getAuthorizationProperties().getAllowedTenantRoles()) || this.authorizationConfiguration.getAuthorizationProperties().getAllowedTenantRoles().contains(x))).distinct().toList(); return claimsRoles; } @@ -297,11 +297,11 @@ public class TenantInterceptor implements WebRequestInterceptor { Root root = query.from(UserRoleEntity.class); CriteriaBuilder.In inRolesClause = criteriaBuilder.in(root.get(UserRoleEntity._role)); - for (String item : this.authorizationProperties.getAllowedTenantRoles()) inRolesClause.value(item); + for (String item : this.authorizationConfiguration.getAuthorizationProperties().getAllowedTenantRoles()) inRolesClause.value(item); query.where(criteriaBuilder.and( criteriaBuilder.equal(root.get(UserRoleEntity._userId), this.userScope.getUserId()), - this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedTenantRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause, + this.conventionService.isListNullOrEmpty(this.authorizationConfiguration.getAuthorizationProperties().getAllowedTenantRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause, this.tenantScope.isDefaultTenant() ? criteriaBuilder.isNull(root.get(UserRoleEntity._tenantId)) : criteriaBuilder.equal(root.get(UserRoleEntity._tenantId), this.tenantScope.getTenant()) )).multiselect(root.get(UserRoleEntity._role).alias(UserRoleEntity._role)); List results = this.entityManager.createQuery(query).getResultList(); @@ -327,10 +327,10 @@ public class TenantInterceptor implements WebRequestInterceptor { Root root = query.from(UserRoleEntity.class); CriteriaBuilder.In inRolesClause = criteriaBuilder.in(root.get(UserRoleEntity._role)); - for (String item : this.authorizationProperties.getAllowedTenantRoles()) inRolesClause.value(item); + for (String item : this.authorizationConfiguration.getAuthorizationProperties().getAllowedTenantRoles()) inRolesClause.value(item); query.where(criteriaBuilder.and( criteriaBuilder.equal(root.get(UserRoleEntity._userId), this.userScope.getUserId()), - this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedTenantRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause, + this.conventionService.isListNullOrEmpty(this.authorizationConfiguration.getAuthorizationProperties().getAllowedTenantRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause, this.tenantScope.isDefaultTenant() ? criteriaBuilder.isNull(root.get(UserRoleEntity._tenantId)) : criteriaBuilder.equal(root.get(UserRoleEntity._tenantId), this.tenantScope.getTenant()) )); List existingUserRoles = this.entityManager.createQuery(query).getResultList(); diff --git a/backend/web/src/main/java/org/opencdmp/interceptors/user/UserInterceptor.java b/backend/web/src/main/java/org/opencdmp/interceptors/user/UserInterceptor.java index f21c79ce4..f9d88cb16 100644 --- a/backend/web/src/main/java/org/opencdmp/interceptors/user/UserInterceptor.java +++ b/backend/web/src/main/java/org/opencdmp/interceptors/user/UserInterceptor.java @@ -13,7 +13,7 @@ import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.CriteriaQuery; import jakarta.persistence.criteria.Root; import org.apache.commons.validator.routines.EmailValidator; -import org.opencdmp.authorization.AuthorizationProperties; +import org.opencdmp.authorization.AuthorizationConfiguration; import org.opencdmp.authorization.ClaimNames; import org.opencdmp.commons.JsonHandlingService; import org.opencdmp.commons.enums.ContactInfoType; @@ -62,7 +62,7 @@ public class UserInterceptor implements WebRequestInterceptor { private final LockByKeyManager lockByKeyManager; private final LocaleProperties localeProperties; private final UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler; - private final AuthorizationProperties authorizationProperties; + private final AuthorizationConfiguration authorizationConfiguration; private final ConventionService conventionService; @PersistenceContext public EntityManager entityManager; @@ -79,7 +79,7 @@ public class UserInterceptor implements WebRequestInterceptor { JsonHandlingService jsonHandlingService, QueryFactory queryFactory, LockByKeyManager lockByKeyManager, - LocaleProperties localeProperties, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler, AuthorizationProperties authorizationProperties, ConventionService conventionService, TenantEntityManager tenantEntityManager) { + LocaleProperties localeProperties, UserTouchedIntegrationEventHandler userTouchedIntegrationEventHandler, AuthorizationConfiguration authorizationConfiguration, ConventionService conventionService, TenantEntityManager tenantEntityManager) { this.userScope = userScope; this.currentPrincipalResolver = currentPrincipalResolver; this.claimExtractor = claimExtractor; @@ -90,7 +90,7 @@ public class UserInterceptor implements WebRequestInterceptor { this.lockByKeyManager = lockByKeyManager; this.localeProperties = localeProperties; this.userTouchedIntegrationEventHandler = userTouchedIntegrationEventHandler; - this.authorizationProperties = authorizationProperties; + this.authorizationConfiguration = authorizationConfiguration; this.conventionService = conventionService; this.tenantEntityManager = tenantEntityManager; } @@ -243,7 +243,7 @@ public class UserInterceptor implements WebRequestInterceptor { private List getRolesFromClaims() { List claimsRoles = this.claimExtractor.asStrings(this.currentPrincipalResolver.currentPrincipal(), ClaimNames.GlobalRolesClaimName); if (claimsRoles == null) claimsRoles = new ArrayList<>(); - claimsRoles = claimsRoles.stream().filter(x -> x != null && !x.isBlank() && (this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedGlobalRoles()) || this.authorizationProperties.getAllowedGlobalRoles().contains(x))).distinct().toList(); + claimsRoles = claimsRoles.stream().filter(x -> x != null && !x.isBlank() && (this.conventionService.isListNullOrEmpty(this.authorizationConfiguration.getAuthorizationProperties().getAllowedGlobalRoles()) || this.authorizationConfiguration.getAuthorizationProperties().getAllowedGlobalRoles().contains(x))).distinct().toList(); claimsRoles = claimsRoles.stream().filter(x -> x != null && !x.isBlank()).distinct().toList(); return claimsRoles; } @@ -254,10 +254,10 @@ public class UserInterceptor implements WebRequestInterceptor { Root root = query.from(UserRoleEntity.class); CriteriaBuilder.In inRolesClause = criteriaBuilder.in(root.get(UserRoleEntity._role)); - for (String item : this.authorizationProperties.getAllowedGlobalRoles()) inRolesClause.value(item); + for (String item : this.authorizationConfiguration.getAuthorizationProperties().getAllowedGlobalRoles()) inRolesClause.value(item); query.where(criteriaBuilder.and( criteriaBuilder.equal(root.get(UserRoleEntity._userId), userId), - this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedGlobalRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause, + this.conventionService.isListNullOrEmpty(this.authorizationConfiguration.getAuthorizationProperties().getAllowedGlobalRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause, criteriaBuilder.isNull(root.get(UserRoleEntity._tenantId)) )); List existingUserRoles = this.entityManager.createQuery(query).getResultList(); @@ -284,11 +284,11 @@ public class UserInterceptor implements WebRequestInterceptor { Root root = query.from(UserRoleEntity.class); CriteriaBuilder.In inRolesClause = criteriaBuilder.in(root.get(UserRoleEntity._role)); - for (String item : this.authorizationProperties.getAllowedGlobalRoles()) inRolesClause.value(item); + for (String item : this.authorizationConfiguration.getAuthorizationProperties().getAllowedGlobalRoles()) inRolesClause.value(item); query.where(criteriaBuilder.and( criteriaBuilder.equal(root.get(UserRoleEntity._userId), userId), - this.conventionService.isListNullOrEmpty(this.authorizationProperties.getAllowedGlobalRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause, + this.conventionService.isListNullOrEmpty(this.authorizationConfiguration.getAuthorizationProperties().getAllowedGlobalRoles()) ? criteriaBuilder.isNotNull(root.get(UserRoleEntity._role)) : inRolesClause, criteriaBuilder.isNull(root.get(UserRoleEntity._tenantId)) )).multiselect(root.get(UserRoleEntity._role).alias(UserRoleEntity._role)); List results = this.entityManager.createQuery(query).getResultList(); diff --git a/backend/web/src/main/java/org/opencdmp/models/AccountBuilder.java b/backend/web/src/main/java/org/opencdmp/models/AccountBuilder.java index 0913f6b3e..6a58e7e5b 100644 --- a/backend/web/src/main/java/org/opencdmp/models/AccountBuilder.java +++ b/backend/web/src/main/java/org/opencdmp/models/AccountBuilder.java @@ -10,18 +10,14 @@ import gr.cite.tools.data.builder.BuilderFactory; import gr.cite.tools.data.query.QueryFactory; import gr.cite.tools.fieldset.BaseFieldSet; import gr.cite.tools.fieldset.FieldSet; +import org.opencdmp.authorization.authorizationcontentresolver.AuthorizationContentResolver; import org.opencdmp.commons.JsonHandlingService; import org.opencdmp.commons.scope.tenant.TenantScope; import org.opencdmp.commons.scope.user.UserScope; import org.opencdmp.commons.types.user.AdditionalInfoEntity; -import org.opencdmp.data.DmpEntity; import org.opencdmp.data.TenantEntityManager; import org.opencdmp.data.UserEntity; -import org.opencdmp.model.builder.BaseBuilder; import org.opencdmp.model.builder.TenantBuilder; -import org.opencdmp.model.builder.dmpreference.DmpReferenceBuilder; -import org.opencdmp.model.dmp.Dmp; -import org.opencdmp.query.DmpReferenceQuery; import org.opencdmp.query.TenantQuery; import org.springframework.beans.factory.config.ConfigurableBeanFactory; import org.springframework.context.annotation.Scope; @@ -29,7 +25,6 @@ import org.springframework.stereotype.Component; import javax.management.InvalidApplicationException; import java.util.*; -import java.util.stream.Collectors; @Component @Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE) @@ -39,6 +34,7 @@ public class AccountBuilder { private final Set excludeMoreClaim; private final CurrentPrincipalResolver currentPrincipalResolver; private final AuthorizationConfiguration authorizationConfiguration; + private final AuthorizationContentResolver authorizationContentResolver; private final JsonHandlingService jsonHandlingService; private final UserScope userScope; private final TenantEntityManager entityManager; @@ -46,11 +42,12 @@ public class AccountBuilder { private final QueryFactory queryFactory; private final BuilderFactory builderFactory; - public AccountBuilder(ClaimExtractor claimExtractor, CurrentPrincipalResolver currentPrincipalResolver, AuthorizationConfiguration authorizationConfiguration, JsonHandlingService jsonHandlingService, UserScope userScope, TenantEntityManager entityManager, TenantScope tenantScope, QueryFactory queryFactory, BuilderFactory builderFactory) { + public AccountBuilder(ClaimExtractor claimExtractor, CurrentPrincipalResolver currentPrincipalResolver, AuthorizationConfiguration authorizationConfiguration, AuthorizationContentResolver authorizationContentResolver, JsonHandlingService jsonHandlingService, UserScope userScope, TenantEntityManager entityManager, TenantScope tenantScope, QueryFactory queryFactory, BuilderFactory builderFactory) { this.claimExtractor = claimExtractor; this.currentPrincipalResolver = currentPrincipalResolver; this.authorizationConfiguration = authorizationConfiguration; - this.jsonHandlingService = jsonHandlingService; + this.authorizationContentResolver = authorizationContentResolver; + this.jsonHandlingService = jsonHandlingService; this.userScope = userScope; this.entityManager = entityManager; this.tenantScope = tenantScope; @@ -116,6 +113,9 @@ public class AccountBuilder { permissions.add(permissionEntry.getKey()); } } + if (!permissions.contains(org.opencdmp.authorization.Permission.ViewDescriptionTemplatePage)){ + if (this.authorizationContentResolver.hasAtLeastOneDescriptionTemplateAffiliation()) permissions.add(org.opencdmp.authorization.Permission.ViewDescriptionTemplatePage); + } model.setPermissions(new ArrayList<>(permissions)); } diff --git a/backend/web/src/main/resources/config/permissions.yml b/backend/web/src/main/resources/config/permissions.yml index 973572fcd..8da64e490 100644 --- a/backend/web/src/main/resources/config/permissions.yml +++ b/backend/web/src/main/resources/config/permissions.yml @@ -405,6 +405,10 @@ permissions: - Admin - TenantAdmin - TenantPlanManager + descriptionTemplate: + roles: + - Owner + - Member clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -958,6 +962,10 @@ permissions: - Viewer - DescriptionContributor - Reviewer + descriptionTemplate: + roles: + - Owner + - Member clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -971,6 +979,10 @@ permissions: - Viewer - DescriptionContributor - Reviewer + descriptionTemplate: + roles: + - Owner + - Member claims: [ ] clients: [ ] allowAnonymous: false diff --git a/dmp-frontend/src/app/core/model/description-template/description-template.ts b/dmp-frontend/src/app/core/model/description-template/description-template.ts index 96dc842a9..1474a37fc 100644 --- a/dmp-frontend/src/app/core/model/description-template/description-template.ts +++ b/dmp-frontend/src/app/core/model/description-template/description-template.ts @@ -10,6 +10,7 @@ import { ReferenceType } from "../reference-type/reference-type"; import { User } from "../user/user"; import { Reference } from "../reference/reference"; import { DescriptionTemplateVersionStatus } from "@app/core/common/enum/description-template-version-status"; +import { AppPermission } from "@app/core/common/enum/permission.enum"; export interface DescriptionTemplate extends BaseEntity { @@ -23,6 +24,7 @@ export interface DescriptionTemplate extends BaseEntity { definition?: DescriptionTemplateDefinition; users?: UserDescriptionTemplate[]; versionStatus?: DescriptionTemplateVersionStatus; + authorizationFlags?: AppPermission[]; } export interface UserDescriptionTemplate extends BaseEntity { diff --git a/dmp-frontend/src/app/core/query/description-template.lookup.ts b/dmp-frontend/src/app/core/query/description-template.lookup.ts index ce7337126..5f529afca 100644 --- a/dmp-frontend/src/app/core/query/description-template.lookup.ts +++ b/dmp-frontend/src/app/core/query/description-template.lookup.ts @@ -14,7 +14,7 @@ export class DescriptionTemplateLookup extends Lookup implements DescriptionTemp groupIds: Guid[]; excludedGroupIds: Guid[]; versionStatuses: DescriptionTemplateVersionStatus[]; - + onlyCanEdit: boolean; constructor() { super(); } @@ -30,4 +30,6 @@ export interface DescriptionTemplateFilter { groupIds: Guid[]; excludedGroupIds: Guid[]; versionStatuses: DescriptionTemplateVersionStatus[]; + onlyCanEdit: boolean; + } diff --git a/dmp-frontend/src/app/ui/admin/description-template/description-template.routing.ts b/dmp-frontend/src/app/ui/admin/description-template/description-template.routing.ts index 29efdb82d..b0677a8b2 100644 --- a/dmp-frontend/src/app/ui/admin/description-template/description-template.routing.ts +++ b/dmp-frontend/src/app/ui/admin/description-template/description-template.routing.ts @@ -84,9 +84,6 @@ const routes: Routes = [ 'entity': DescriptionTemplateEditorResolver }, data: { - authContext: { - permissions: [AppPermission.EditDescriptionTemplate] - }, getFromTitleService: true, usePrefix: false } diff --git a/dmp-frontend/src/app/ui/admin/description-template/editor/description-template-editor.component.ts b/dmp-frontend/src/app/ui/admin/description-template/editor/description-template-editor.component.ts index 844272e03..57051594d 100644 --- a/dmp-frontend/src/app/ui/admin/description-template/editor/description-template-editor.component.ts +++ b/dmp-frontend/src/app/ui/admin/description-template/editor/description-template-editor.component.ts @@ -104,19 +104,19 @@ export class DescriptionTemplateEditorComponent extends BaseEditor x === AppPermission.DeleteDescriptionTemplate)); } protected get canSave(): boolean { - return !this.isDeleted && this.hasPermission(this.authService.permissionEnum.EditDescriptionTemplate); + return !this.isDeleted && (this.hasPermission(this.authService.permissionEnum.EditDescriptionTemplate) || this.item?.authorizationFlags?.some(x => x === AppPermission.EditDescriptionTemplate)); } protected get canFinalize(): boolean { - return !this.isDeleted && this.hasPermission(this.authService.permissionEnum.EditDescriptionTemplate); + return !this.isDeleted && (this.hasPermission(this.authService.permissionEnum.EditDescriptionTemplate) || this.item?.authorizationFlags?.some(x => x === AppPermission.EditDescriptionTemplate)); } private hasPermission(permission: AppPermission): boolean { - return this.authService.hasPermission(permission) || this.editorModel?.permissions?.includes(permission); + return this.authService.hasPermission(permission) || this.editorModel?.permissions?.includes(permission) || this.item?.authorizationFlags?.some(x => x === permission); } constructor( @@ -211,7 +211,7 @@ export class DescriptionTemplateEditorComponent extends BaseEditor x === AppPermission.EditDescriptionTemplate))); this.descriptionTemplateEditorService.setValidationErrorModel(this.editorModel.validationErrorModel); this.isFinalized = this.editorModel.status == DescriptionTemplateStatus.Finalized; if (this.isFinalized || this.isDeleted) { diff --git a/dmp-frontend/src/app/ui/admin/description-template/editor/description-template-editor.resolver.ts b/dmp-frontend/src/app/ui/admin/description-template/editor/description-template-editor.resolver.ts index f99af8339..143319a6b 100644 --- a/dmp-frontend/src/app/ui/admin/description-template/editor/description-template-editor.resolver.ts +++ b/dmp-frontend/src/app/ui/admin/description-template/editor/description-template-editor.resolver.ts @@ -1,5 +1,6 @@ import { Injectable } from '@angular/core'; import { ActivatedRouteSnapshot, RouterStateSnapshot } from '@angular/router'; +import { AppPermission } from '@app/core/common/enum/permission.enum'; import { DescriptionTemplateType } from '@app/core/model/description-template-type/description-template-type'; import { DescriptionTemplate, DescriptionTemplateBaseFieldData, DescriptionTemplateDefaultValue, DescriptionTemplateDefinition, DescriptionTemplateExternalDatasetData, DescriptionTemplateField, DescriptionTemplateFieldSet, DescriptionTemplateLabelAndMultiplicityData, DescriptionTemplateMultiplicity, DescriptionTemplatePage, DescriptionTemplateReferenceTypeData, DescriptionTemplateRule, DescriptionTemplateSection, DescriptionTemplateSelectData, DescriptionTemplateSelectOption, DescriptionTemplateUploadData, DescriptionTemplateUploadOption, UserDescriptionTemplate } from '@app/core/model/description-template/description-template'; import { ReferenceType } from '@app/core/model/reference-type/reference-type'; @@ -29,6 +30,13 @@ export class DescriptionTemplateEditorResolver extends BaseEditorResolver { nameof(x => x.language), nameof(x => x.status), + [nameof(x => x.authorizationFlags), AppPermission.EditDescriptionTemplate].join('.'), + [nameof(x => x.authorizationFlags), AppPermission.DeleteDescriptionTemplate].join('.'), + [nameof(x => x.authorizationFlags), AppPermission.CloneDescriptionTemplate].join('.'), + [nameof(x => x.authorizationFlags), AppPermission.CreateNewVersionDescriptionTemplate].join('.'), + [nameof(x => x.authorizationFlags), AppPermission.ImportDescriptionTemplate].join('.'), + [nameof(x => x.authorizationFlags), AppPermission.ExportDescriptionTemplate].join('.'), + [nameof(x => x.type), nameof(x => x.id)].join('.'), [nameof(x => x.type), nameof(x => x.name)].join('.'), diff --git a/dmp-frontend/src/app/ui/admin/description-template/listing/description-template-listing.component.html b/dmp-frontend/src/app/ui/admin/description-template/listing/description-template-listing.component.html index de6d70087..4e3d3127a 100644 --- a/dmp-frontend/src/app/ui/admin/description-template/listing/description-template-listing.component.html +++ b/dmp-frontend/src/app/ui/admin/description-template/listing/description-template-listing.component.html @@ -92,23 +92,23 @@ more_horiz - - - - - - diff --git a/dmp-frontend/src/app/ui/admin/description-template/listing/description-template-listing.component.ts b/dmp-frontend/src/app/ui/admin/description-template/listing/description-template-listing.component.ts index 8282121c1..697777afc 100644 --- a/dmp-frontend/src/app/ui/admin/description-template/listing/description-template-listing.component.ts +++ b/dmp-frontend/src/app/ui/admin/description-template/listing/description-template-listing.component.ts @@ -31,6 +31,7 @@ import { takeUntil } from 'rxjs/operators'; import { nameof } from 'ts-simple-nameof'; import { ImportDescriptionTemplateDialogComponent } from './import-description-template/import-description-template.dialog.component'; import { RouterUtilsService } from '@app/core/services/router/router-utils.service'; +import { AppPermission } from '@app/core/common/enum/permission.enum'; @Component({ @@ -45,6 +46,9 @@ export class DescriptionTemplateListingComponent extends BaseListingComponent; @ViewChild('actions', { static: true }) actions?: TemplateRef; @ViewChild(HybridListingComponent, { static: true }) hybridListingComponent: HybridListingComponent; @@ -60,11 +64,26 @@ export class DescriptionTemplateListingComponent extends BaseListingComponent(x => x.createdAt), nameof(x => x.hash), nameof(x => x.belongsToCurrentTenant), - nameof(x => x.isActive) + nameof(x => x.isActive), + [nameof(x => x.authorizationFlags), AppPermission.EditDescriptionTemplate].join('.'), + [nameof(x => x.authorizationFlags), AppPermission.DeleteDescriptionTemplate].join('.'), + [nameof(x => x.authorizationFlags), AppPermission.CloneDescriptionTemplate].join('.'), + [nameof(x => x.authorizationFlags), AppPermission.CreateNewVersionDescriptionTemplate].join('.'), + [nameof(x => x.authorizationFlags), AppPermission.ImportDescriptionTemplate].join('.'), + [nameof(x => x.authorizationFlags), AppPermission.ExportDescriptionTemplate].join('.'), ]; rowIdentity = x => x.id; + + public hasPermission(permission: AppPermission, row: DescriptionTemplate): boolean { + return this.authService.hasPermission(permission) || row?.authorizationFlags?.some(x => x === permission); + } + + public hasExplicitPermission(permission: AppPermission): boolean { + return this.authService.hasPermission(permission); + } + constructor( protected router: Router, protected route: ActivatedRoute, @@ -186,6 +205,7 @@ export class DescriptionTemplateListingComponent extends BaseListingComponent> { + this.lookup.onlyCanEdit = true; return this.descriptionTemplateService.query(this.lookup); } @@ -254,4 +274,4 @@ export class DescriptionTemplateListingComponent extends BaseListingComponent