Merge branch 'dmp-refactoring' of https://code-repo.d4science.org/MaDgiK-CITE/argos into dmp-refactoring
# Conflicts: # dmp-frontend/src/assets/i18n/en.json
This commit is contained in:
commit
9aaaf226bb
|
|
@ -72,7 +72,7 @@ public class AnnotationController {
|
|||
this.censorFactory.censor(AnnotationCensor.class).censor(lookup.getProject(), null);
|
||||
|
||||
AnnotationQuery query = lookup.enrich(this.queryFactory);
|
||||
List<AnnotationEntity> data = query.collectAs(lookup.getProject());
|
||||
List<AnnotationEntity> data = query.collect();
|
||||
List<Annotation> models = this.builderFactory.builder(AnnotationBuilder.class).build(lookup.getProject(), data);
|
||||
long count = (lookup.getMetadata() != null && lookup.getMetadata().getCountAll()) ? query.count() : models.size();
|
||||
|
||||
|
|
|
|||
|
|
@ -51,6 +51,10 @@ public class Annotation {
|
|||
|
||||
public static final String _timeStamp = "timeStamp";
|
||||
|
||||
private AnnotationAuthor author;
|
||||
|
||||
public static final String _author = "author";
|
||||
|
||||
private Instant createdAt;
|
||||
|
||||
public static final String _createdAt = "createdAt";
|
||||
|
|
@ -111,6 +115,14 @@ public class Annotation {
|
|||
this.subjectId = subjectId;
|
||||
}
|
||||
|
||||
public AnnotationAuthor getAuthor() {
|
||||
return author;
|
||||
}
|
||||
|
||||
public void setAuthor(AnnotationAuthor author) {
|
||||
this.author = author;
|
||||
}
|
||||
|
||||
public UUID getThreadId() {
|
||||
return threadId;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,31 @@
|
|||
package gr.cite.annotation.model;
|
||||
|
||||
import java.util.UUID;
|
||||
|
||||
public class AnnotationAuthor {
|
||||
|
||||
private UUID id;
|
||||
|
||||
public static final String _id = "id";
|
||||
|
||||
private String name;
|
||||
|
||||
public static final String _name = "name";
|
||||
|
||||
public UUID getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
public void setId(UUID id) {
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -4,7 +4,13 @@ import gr.cite.annotation.authorization.AuthorizationFlags;
|
|||
import gr.cite.annotation.convention.ConventionService;
|
||||
import gr.cite.annotation.data.AnnotationEntity;
|
||||
import gr.cite.annotation.model.Annotation;
|
||||
import gr.cite.annotation.model.AnnotationAuthor;
|
||||
import gr.cite.annotation.model.User;
|
||||
import gr.cite.annotation.query.UserQuery;
|
||||
import gr.cite.tools.data.builder.BuilderFactory;
|
||||
import gr.cite.tools.data.query.QueryFactory;
|
||||
import gr.cite.tools.exception.MyApplicationException;
|
||||
import gr.cite.tools.fieldset.BaseFieldSet;
|
||||
import gr.cite.tools.fieldset.FieldSet;
|
||||
import gr.cite.tools.logging.DataLogEntry;
|
||||
import gr.cite.tools.logging.LoggerService;
|
||||
|
|
@ -14,15 +20,22 @@ import org.springframework.context.annotation.Scope;
|
|||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.*;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@Component
|
||||
@Scope(value = ConfigurableBeanFactory.SCOPE_PROTOTYPE)
|
||||
public class AnnotationBuilder extends BaseBuilder<Annotation, AnnotationEntity> {
|
||||
|
||||
private final QueryFactory queryFactory;
|
||||
|
||||
private final BuilderFactory builderFactory;
|
||||
|
||||
private EnumSet<AuthorizationFlags> authorize = EnumSet.of(AuthorizationFlags.None);
|
||||
|
||||
public AnnotationBuilder(ConventionService conventionService) {
|
||||
public AnnotationBuilder(ConventionService conventionService, QueryFactory queryFactory, BuilderFactory builderFactory) {
|
||||
super(conventionService, new LoggerService(LoggerFactory.getLogger(AnnotationBuilder.class)));
|
||||
this.queryFactory = queryFactory;
|
||||
this.builderFactory = builderFactory;
|
||||
}
|
||||
|
||||
public AnnotationBuilder authorize(EnumSet<AuthorizationFlags> values) {
|
||||
|
|
@ -39,6 +52,9 @@ public class AnnotationBuilder extends BaseBuilder<Annotation, AnnotationEntity>
|
|||
|
||||
List<Annotation> models = new ArrayList<>();
|
||||
|
||||
FieldSet authorFields = fields.extractPrefixed(this.asPrefix(Annotation._author));
|
||||
Map<UUID, AnnotationAuthor> authorsMap = this.collectAuthors(authorFields, data);
|
||||
|
||||
if (data == null)
|
||||
return models;
|
||||
for (AnnotationEntity d : data) {
|
||||
|
|
@ -55,6 +71,8 @@ public class AnnotationBuilder extends BaseBuilder<Annotation, AnnotationEntity>
|
|||
m.setPayload(d.getPayload());
|
||||
if (fields.hasField(this.asIndexer(Annotation._subjectId)))
|
||||
m.setSubjectId(d.getSubjectId());
|
||||
if (authorsMap != null && authorsMap.containsKey(d.getSubjectId()))
|
||||
m.setAuthor(authorsMap.get(d.getSubjectId()));
|
||||
if (fields.hasField(this.asIndexer(Annotation._threadId)))
|
||||
m.setThreadId(d.getThreadId());
|
||||
if (fields.hasField(this.asIndexer(Annotation._parentId)))
|
||||
|
|
@ -75,4 +93,31 @@ public class AnnotationBuilder extends BaseBuilder<Annotation, AnnotationEntity>
|
|||
return models;
|
||||
}
|
||||
|
||||
private Map<UUID, AnnotationAuthor> collectAuthors(FieldSet fields, List<AnnotationEntity> data) {
|
||||
if (fields.isEmpty() || data.isEmpty()) return null;
|
||||
this.logger.debug("checking related - {}", User.class.getSimpleName());
|
||||
|
||||
Map<UUID, AnnotationAuthor> itemMap = new HashMap<>();
|
||||
FieldSet clone = new BaseFieldSet(fields.getFields()).ensure(this.asIndexer(User._id), this.asIndexer(User._name));
|
||||
List<UUID> userIds = data.stream()
|
||||
.map(AnnotationEntity::getSubjectId)
|
||||
.distinct()
|
||||
.collect(Collectors.toList());
|
||||
UserQuery query = this.queryFactory.query(UserQuery.class).authorize(this.authorize).ids(userIds);
|
||||
Map<UUID, List<User>> users = this.builderFactory.builder(UserBuilder.class).authorize(this.authorize).asMasterKey(query, clone, User::getId);
|
||||
|
||||
users.forEach((key, val) -> {
|
||||
itemMap.put(key, this.authorFromUser(val.getFirst()));
|
||||
});
|
||||
|
||||
return itemMap;
|
||||
}
|
||||
|
||||
private AnnotationAuthor authorFromUser(User user) {
|
||||
AnnotationAuthor author = new AnnotationAuthor();
|
||||
author.setId(user.getId());
|
||||
author.setName(user.getName());
|
||||
return author;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,40 @@
|
|||
package eu.eudat.authorization;
|
||||
|
||||
import gr.cite.commons.web.authz.policy.AuthorizationRequirement;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
public class AffiliatedAuthorizationRequirement implements AuthorizationRequirement {
|
||||
private final Set<String> requiredPermissions;
|
||||
private final boolean matchAll;
|
||||
|
||||
public AffiliatedAuthorizationRequirement(Set<String> requiredPermissions) {
|
||||
this(false, requiredPermissions);
|
||||
}
|
||||
|
||||
public AffiliatedAuthorizationRequirement(String... requiredPermissions) {
|
||||
this(false, requiredPermissions);
|
||||
|
||||
}
|
||||
|
||||
public AffiliatedAuthorizationRequirement(boolean matchAll, Set<String> requiredPermissions) {
|
||||
this.matchAll = matchAll;
|
||||
this.requiredPermissions = requiredPermissions;
|
||||
}
|
||||
|
||||
public AffiliatedAuthorizationRequirement(boolean matchAll, String... requiredPermissions) {
|
||||
this.requiredPermissions = new HashSet<>();
|
||||
this.matchAll = matchAll;
|
||||
this.requiredPermissions.addAll(Arrays.stream(requiredPermissions).distinct().toList());
|
||||
}
|
||||
|
||||
public Set<String> getRequiredPermissions() {
|
||||
return requiredPermissions;
|
||||
}
|
||||
|
||||
public boolean getMatchAll() {
|
||||
return matchAll;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
package eu.eudat.authorization;
|
||||
|
||||
import eu.eudat.commons.enums.DmpUserRole;
|
||||
import gr.cite.commons.web.authz.policy.AuthorizationResource;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
|
||||
public class AffiliatedResource extends AuthorizationResource {
|
||||
private HashSet<DmpUserRole> dmpUserRoles;
|
||||
|
||||
public AffiliatedResource() {
|
||||
dmpUserRoles = new HashSet<>();
|
||||
}
|
||||
|
||||
public AffiliatedResource(DmpUserRole dmpUserRole) {
|
||||
this(List.of(dmpUserRole));
|
||||
}
|
||||
|
||||
public AffiliatedResource(List<DmpUserRole> dmpUserRoles) {
|
||||
this.dmpUserRoles = new HashSet<>(dmpUserRoles);
|
||||
}
|
||||
|
||||
public HashSet<DmpUserRole> getDmpUserRoles() {
|
||||
return dmpUserRoles;
|
||||
}
|
||||
|
||||
public void setDmpUserRoles(HashSet<DmpUserRole> dmpUserRoles) {
|
||||
this.dmpUserRoles = dmpUserRoles;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
package eu.eudat.authorization;
|
||||
|
||||
import eu.eudat.convention.ConventionService;
|
||||
import eu.eudat.service.deposit.DepositServiceImpl;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.config.ConfigurableBeanFactory;
|
||||
import org.springframework.context.annotation.Scope;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.lang.reflect.Field;
|
||||
import java.lang.reflect.Modifier;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
@Service
|
||||
@Scope(value = ConfigurableBeanFactory.SCOPE_SINGLETON)
|
||||
public class PermissionNameProvider {
|
||||
private static final Logger logger = LoggerFactory.getLogger(DepositServiceImpl.class);
|
||||
private final List<String> permissions;
|
||||
|
||||
public PermissionNameProvider(ConventionService conventionService) {
|
||||
this.permissions = new ArrayList<>();
|
||||
Class<Permission> clazz = Permission.class;
|
||||
for (Field f : clazz.getDeclaredFields()) {
|
||||
if (Modifier.isStatic(f.getModifiers())) {
|
||||
try {
|
||||
Object value = f.get(null);
|
||||
if (value != null && !conventionService.isNullOrEmpty((String)value)) this.permissions.add((String)value);
|
||||
} catch (Exception e) {
|
||||
logger.error("Can not load permission " + f.getName() + " " + e.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public List<String> getPermissions() {
|
||||
return permissions;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
package eu.eudat.authorization.authorizationcontentresolver;
|
||||
|
||||
import gr.cite.tools.cache.CacheOptions;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
@Configuration
|
||||
@ConfigurationProperties(prefix = "cache.affiliation")
|
||||
public class AffiliationCacheOptions extends CacheOptions {
|
||||
}
|
||||
|
|
@ -0,0 +1,97 @@
|
|||
package eu.eudat.authorization.authorizationcontentresolver;
|
||||
|
||||
import eu.eudat.authorization.AffiliatedResource;
|
||||
import eu.eudat.convention.ConventionService;
|
||||
import gr.cite.tools.cache.CacheService;
|
||||
import gr.cite.tools.exception.MyApplicationException;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.UUID;
|
||||
|
||||
@Service
|
||||
public class AffiliationCacheService extends CacheService<AffiliationCacheService.AffiliationCacheValue> {
|
||||
|
||||
public static class AffiliationCacheValue {
|
||||
|
||||
public AffiliationCacheValue() {
|
||||
}
|
||||
|
||||
public AffiliationCacheValue(UUID userId, UUID entityId, String entityType, AffiliatedResource affiliatedResource) {
|
||||
this.userId = userId;
|
||||
this.entityId = entityId;
|
||||
this.entityType = entityType;
|
||||
this.affiliatedResource = affiliatedResource;
|
||||
}
|
||||
|
||||
private UUID userId;
|
||||
private UUID entityId;
|
||||
private String entityType;
|
||||
private AffiliatedResource affiliatedResource;
|
||||
|
||||
public UUID getUserId() {
|
||||
return userId;
|
||||
}
|
||||
|
||||
public void setUserId(UUID userId) {
|
||||
this.userId = userId;
|
||||
}
|
||||
|
||||
public UUID getEntityId() {
|
||||
return entityId;
|
||||
}
|
||||
|
||||
public void setEntityId(UUID entityId) {
|
||||
this.entityId = entityId;
|
||||
}
|
||||
|
||||
public String getEntityType() {
|
||||
return entityType;
|
||||
}
|
||||
|
||||
public void setEntityType(String entityType) {
|
||||
this.entityType = entityType;
|
||||
}
|
||||
|
||||
public AffiliatedResource getAffiliatedResource() {
|
||||
return affiliatedResource;
|
||||
}
|
||||
|
||||
public void setAffiliatedResource(AffiliatedResource affiliatedResource) {
|
||||
this.affiliatedResource = affiliatedResource;
|
||||
}
|
||||
}
|
||||
|
||||
private final ConventionService conventionService;
|
||||
@Autowired
|
||||
public AffiliationCacheService(AffiliationCacheOptions options, ConventionService conventionService) {
|
||||
super(options);
|
||||
this.conventionService = conventionService;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Class<AffiliationCacheValue> valueClass() {
|
||||
return AffiliationCacheValue.class;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String keyOf(AffiliationCacheValue value) {
|
||||
return this.buildKey(value.getUserId(), value.getEntityId(), value.getEntityType());
|
||||
}
|
||||
|
||||
|
||||
public String buildKey(UUID userId, UUID entityId, String entityType) {
|
||||
if (userId == null) throw new IllegalArgumentException("userId id is required");
|
||||
if (entityId == null) throw new IllegalArgumentException("entityId id is required");
|
||||
if (this.conventionService.isNullOrEmpty(entityType)) throw new IllegalArgumentException("entityType id is required");
|
||||
|
||||
HashMap<String, String> keyParts = new HashMap<>();
|
||||
keyParts.put("$user$", userId.toString().replace("-", "").toLowerCase(Locale.ROOT));
|
||||
keyParts.put("$entity$", entityId.toString().replace("-", "").toLowerCase(Locale.ROOT));
|
||||
keyParts.put("$type$", entityType);
|
||||
return this.generateKey(keyParts);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
package eu.eudat.authorization.authorizationcontentresolver;
|
||||
|
||||
import eu.eudat.authorization.AffiliatedResource;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
public interface AuthorizationContentResolver {
|
||||
List<String> getPermissionNames();
|
||||
|
||||
Map<UUID, AffiliatedResource> dmpAffiliation(List<UUID> ids);
|
||||
}
|
||||
|
|
@ -0,0 +1,77 @@
|
|||
package eu.eudat.authorization.authorizationcontentresolver;
|
||||
|
||||
import eu.eudat.authorization.AffiliatedResource;
|
||||
import eu.eudat.authorization.PermissionNameProvider;
|
||||
import eu.eudat.commons.enums.IsActive;
|
||||
import eu.eudat.commons.scope.user.UserScope;
|
||||
import eu.eudat.data.DmpEntity;
|
||||
import eu.eudat.data.DmpUserEntity;
|
||||
import eu.eudat.model.DmpUser;
|
||||
import eu.eudat.query.DmpUserQuery;
|
||||
import gr.cite.tools.data.query.QueryFactory;
|
||||
import gr.cite.tools.fieldset.BaseFieldSet;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.web.context.annotation.RequestScope;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
@Service
|
||||
@RequestScope
|
||||
public class AuthorizationContentResolverImpl implements AuthorizationContentResolver {
|
||||
private final QueryFactory queryFactory;
|
||||
private final UserScope userScope;
|
||||
private final AffiliationCacheService affiliationCacheService;
|
||||
private final PermissionNameProvider permissionNameProvider;
|
||||
public AuthorizationContentResolverImpl(QueryFactory queryFactory, UserScope userScope, AffiliationCacheService affiliationCacheService, PermissionNameProvider permissionNameProvider) {
|
||||
this.queryFactory = queryFactory;
|
||||
this.userScope = userScope;
|
||||
this.affiliationCacheService = affiliationCacheService;
|
||||
this.permissionNameProvider = permissionNameProvider;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> getPermissionNames() {
|
||||
return permissionNameProvider.getPermissions();
|
||||
}
|
||||
@Override
|
||||
public Map<UUID, AffiliatedResource> dmpAffiliation(List<UUID> ids){
|
||||
UUID userId = this.userScope.getUserIdSafe();
|
||||
Map<UUID, AffiliatedResource> affiliatedResources = new HashMap<>();
|
||||
for (UUID id : ids){
|
||||
affiliatedResources.put(id, new AffiliatedResource());
|
||||
}
|
||||
if (userId == null || !userScope.isSet()) return affiliatedResources;
|
||||
|
||||
List<UUID> idsToResolve = this.getAffiliatedFromCache(ids, userId, affiliatedResources, DmpEntity.class.getSimpleName());
|
||||
if (idsToResolve.isEmpty()) return affiliatedResources;
|
||||
|
||||
List<DmpUserEntity> dmpUsers = this.queryFactory.query(DmpUserQuery.class).dmpIds(ids).userIds(userId).isActives(IsActive.Active).collectAs(new BaseFieldSet().ensure(DmpUser._role).ensure(DmpUser._dmp));
|
||||
|
||||
for (DmpUserEntity dmpUser : dmpUsers){
|
||||
affiliatedResources.get(dmpUser.getDmpId()).getDmpUserRoles().add(dmpUser.getRole());
|
||||
}
|
||||
|
||||
this.ensureAffiliatedInCache(idsToResolve, userId, affiliatedResources, DmpEntity.class.getSimpleName());
|
||||
return affiliatedResources;
|
||||
}
|
||||
|
||||
private List<UUID> getAffiliatedFromCache(List<UUID> ids, UUID userId, Map<UUID, AffiliatedResource> affiliatedResources, String entityType){
|
||||
List<UUID> idsToResolve = new ArrayList<>();
|
||||
for (UUID id : ids){
|
||||
AffiliationCacheService.AffiliationCacheValue cacheValue = this.affiliationCacheService.lookup(this.affiliationCacheService.buildKey(userId, id, entityType));
|
||||
if (cacheValue != null) affiliatedResources.put(id, cacheValue.getAffiliatedResource());
|
||||
else idsToResolve.add(id);
|
||||
}
|
||||
return idsToResolve;
|
||||
}
|
||||
|
||||
private void ensureAffiliatedInCache(List<UUID> idsToResolve, UUID userId, Map<UUID, AffiliatedResource> affiliatedResources, String entityType){
|
||||
for (UUID id : idsToResolve){
|
||||
AffiliatedResource affiliatedResource = affiliatedResources.getOrDefault(id, null);
|
||||
if (affiliatedResource != null) {
|
||||
AffiliationCacheService.AffiliationCacheValue cacheValue = new AffiliationCacheService.AffiliationCacheValue(userId, id, entityType, affiliatedResource);
|
||||
this.affiliationCacheService.put(cacheValue);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -51,7 +51,7 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
EntityTransaction transaction = null;
|
||||
EntityManager entityManager = null;
|
||||
CandidateInfo candidate = null;
|
||||
try (FakeRequestScope fakeRequestScope = new FakeRequestScope()) {
|
||||
try (FakeRequestScope ignored = new FakeRequestScope()) {
|
||||
try {
|
||||
QueryFactory queryFactory = this.applicationContext.getBean(QueryFactory.class);
|
||||
EntityManagerFactory entityManagerFactory = this.applicationContext.getBean(EntityManagerFactory.class);
|
||||
|
|
@ -108,9 +108,9 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
public Boolean shouldOmit(CandidateInfo candidate, Function<QueueInbox, Boolean> shouldOmit) {
|
||||
EntityTransaction transaction = null;
|
||||
EntityManager entityManager = null;
|
||||
Boolean success = false;
|
||||
boolean success = false;
|
||||
|
||||
try (FakeRequestScope fakeRequestScope = new FakeRequestScope()) {
|
||||
try (FakeRequestScope ignored = new FakeRequestScope()) {
|
||||
try {
|
||||
EntityManagerFactory entityManagerFactory = this.applicationContext.getBean(EntityManagerFactory.class);
|
||||
|
||||
|
|
@ -123,7 +123,7 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
QueueInboxEntity item = queryFactory.query(QueueInboxQuery.class).ids(candidate.getId()).first();
|
||||
|
||||
if (item == null) {
|
||||
this.logger.warn("Could not lookup queue inbox {} to process. Continuing...", candidate.getId());
|
||||
logger.warn("Could not lookup queue inbox {} to process. Continuing...", candidate.getId());
|
||||
} else {
|
||||
if (shouldOmit.apply(item)) {
|
||||
item.setStatus(QueueInboxStatus.OMITTED);
|
||||
|
|
@ -136,7 +136,7 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
|
||||
transaction.commit();
|
||||
} catch (Exception ex) {
|
||||
this.logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
if (transaction != null)
|
||||
transaction.rollback();
|
||||
success = false;
|
||||
|
|
@ -145,7 +145,7 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
entityManager.close();
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
this.logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
}
|
||||
return success;
|
||||
}
|
||||
|
|
@ -154,9 +154,9 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
public boolean shouldWait(CandidateInfo candidate, Function<QueueInbox, Boolean> itIsTimeFunc) {
|
||||
EntityTransaction transaction = null;
|
||||
EntityManager entityManager = null;
|
||||
Boolean success = false;
|
||||
boolean success = false;
|
||||
|
||||
try (FakeRequestScope fakeRequestScope = new FakeRequestScope()) {
|
||||
try (FakeRequestScope ignored = new FakeRequestScope()) {
|
||||
try {
|
||||
EntityManagerFactory entityManagerFactory = this.applicationContext.getBean(EntityManagerFactory.class);
|
||||
|
||||
|
|
@ -183,7 +183,7 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
}
|
||||
transaction.commit();
|
||||
} catch (Exception ex) {
|
||||
this.logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
if (transaction != null)
|
||||
transaction.rollback();
|
||||
success = false;
|
||||
|
|
@ -192,7 +192,7 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
entityManager.close();
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
this.logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
}
|
||||
return success;
|
||||
}
|
||||
|
|
@ -201,9 +201,9 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
public QueueInbox create(InboxCreatorParams inboxCreatorParams) {
|
||||
EntityTransaction transaction = null;
|
||||
EntityManager entityManager = null;
|
||||
Boolean success = false;
|
||||
boolean success = false;
|
||||
QueueInboxEntity queueMessage = null;
|
||||
try (FakeRequestScope fakeRequestScope = new FakeRequestScope()) {
|
||||
try (FakeRequestScope ignored = new FakeRequestScope()) {
|
||||
try {
|
||||
queueMessage = this.createQueueInboxEntity(inboxCreatorParams);
|
||||
EntityManagerFactory entityManagerFactory = this.applicationContext.getBean(EntityManagerFactory.class);
|
||||
|
|
@ -218,7 +218,7 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
|
||||
transaction.commit();
|
||||
} catch (Exception ex) {
|
||||
this.logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
if (transaction != null)
|
||||
transaction.rollback();
|
||||
success = false;
|
||||
|
|
@ -227,7 +227,7 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
entityManager.close();
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
this.logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
}
|
||||
return queueMessage;
|
||||
}
|
||||
|
|
@ -255,9 +255,9 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
public Boolean emit(CandidateInfo candidateInfo) {
|
||||
EntityTransaction transaction = null;
|
||||
EntityManager entityManager = null;
|
||||
Boolean success = false;
|
||||
boolean success = false;
|
||||
|
||||
try (FakeRequestScope fakeRequestScope = new FakeRequestScope()) {
|
||||
try (FakeRequestScope ignored = new FakeRequestScope()) {
|
||||
try {
|
||||
|
||||
EntityManagerFactory entityManagerFactory = this.applicationContext.getBean(EntityManagerFactory.class);
|
||||
|
|
@ -270,7 +270,7 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
QueueInboxEntity queueInboxMessage = queryFactory.query(QueueInboxQuery.class).ids(candidateInfo.getId()).first();
|
||||
|
||||
if (queueInboxMessage == null) {
|
||||
this.logger.warn("Could not lookup queue inbox {} to process. Continuing...", candidateInfo.getId());
|
||||
logger.warn("Could not lookup queue inbox {} to process. Continuing...", candidateInfo.getId());
|
||||
} else {
|
||||
|
||||
EventProcessingStatus status = this.processMessage(queueInboxMessage.getRoute(), queueInboxMessage.getMessageId().toString(), queueInboxMessage.getApplicationId(), queueInboxMessage.getMessage());
|
||||
|
|
@ -302,7 +302,7 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
|
||||
transaction.commit();
|
||||
} catch (Exception ex) {
|
||||
this.logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
if (transaction != null)
|
||||
transaction.rollback();
|
||||
success = false;
|
||||
|
|
@ -311,7 +311,7 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
entityManager.close();
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
this.logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
logger.error("Problem executing purge. rolling back any db changes and marking error. Continuing...", ex);
|
||||
}
|
||||
return success;
|
||||
}
|
||||
|
|
@ -339,7 +339,7 @@ public class InboxRepositoryImpl implements InboxRepository {
|
|||
}
|
||||
|
||||
private Boolean RoutingKeyMatched(String routingKey, List<String> topics) {
|
||||
if (topics == null || topics.size() == 0)
|
||||
if (topics == null || topics.isEmpty())
|
||||
return false;
|
||||
return topics.stream().anyMatch(x -> x.equals(routingKey));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -84,6 +84,9 @@ public class Dmp {
|
|||
private List<EntityDoi> entityDois;
|
||||
public static final String _entityDois = "entityDois";
|
||||
|
||||
private List<String> authorizationFlags;
|
||||
public static final String _authorizationFlags = "authorizationFlags";
|
||||
|
||||
public UUID getId() {
|
||||
return id;
|
||||
}
|
||||
|
|
@ -275,4 +278,12 @@ public class Dmp {
|
|||
public void setEntityDois(List<EntityDoi> entityDois) {
|
||||
this.entityDois = entityDois;
|
||||
}
|
||||
|
||||
public List<String> getAuthorizationFlags() {
|
||||
return authorizationFlags;
|
||||
}
|
||||
|
||||
public void setAuthorizationFlags(List<String> authorizationFlags) {
|
||||
this.authorizationFlags = authorizationFlags;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,12 +1,18 @@
|
|||
package eu.eudat.model.builder;
|
||||
|
||||
import eu.eudat.authorization.AffiliatedResource;
|
||||
import eu.eudat.authorization.Permission;
|
||||
import eu.eudat.authorization.PermissionNameProvider;
|
||||
import eu.eudat.convention.ConventionService;
|
||||
import gr.cite.commons.web.authz.service.AuthorizationService;
|
||||
import gr.cite.tools.data.builder.Builder;
|
||||
import gr.cite.tools.data.query.QueryBase;
|
||||
import gr.cite.tools.exception.MyApplicationException;
|
||||
import gr.cite.tools.fieldset.FieldSet;
|
||||
import gr.cite.tools.logging.LoggerService;
|
||||
|
||||
import java.lang.reflect.Field;
|
||||
import java.lang.reflect.Modifier;
|
||||
import java.time.Instant;
|
||||
import java.util.*;
|
||||
import java.util.function.Function;
|
||||
|
|
@ -92,5 +98,28 @@ public abstract class BaseBuilder<M, D> implements Builder {
|
|||
return this.conventionService.asIndexer(names);
|
||||
}
|
||||
|
||||
|
||||
protected Set<String> extractAuthorizationFlags(FieldSet fields, String propertyName, List<String> permissionNames){
|
||||
if (fields == null) return new HashSet<>();
|
||||
if (permissionNames == null) return new HashSet<>();
|
||||
|
||||
FieldSet authorizationFlags = fields.extractPrefixed(this.asPrefix(propertyName));
|
||||
List<String> permissions = new ArrayList<>();
|
||||
for (String fieldValue : authorizationFlags.getFields()) permissions.addAll(permissionNames.stream().filter(x-> x.equalsIgnoreCase(fieldValue)).toList());
|
||||
return new HashSet<>(permissions);
|
||||
}
|
||||
|
||||
protected List<String> evaluateAuthorizationFlags(AuthorizationService authorizationService, Set<String> authorizationFlags, AffiliatedResource affiliatedResource) {
|
||||
List<String> allowed = new ArrayList<>();
|
||||
if (authorizationFlags == null) return allowed;
|
||||
if (authorizationService == null) return allowed;
|
||||
|
||||
for (String permission : authorizationFlags) {
|
||||
Boolean isAllowed = affiliatedResource == null ? authorizationService.authorize(permission) : authorizationService.authorizeAtLeastOne(List.of(affiliatedResource), permission);
|
||||
if (isAllowed) allowed.add(permission);
|
||||
}
|
||||
return allowed;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
package eu.eudat.model.builder;
|
||||
|
||||
import eu.eudat.authorization.AffiliatedResource;
|
||||
import eu.eudat.authorization.AuthorizationFlags;
|
||||
import eu.eudat.authorization.Permission;
|
||||
import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
|
||||
import eu.eudat.commons.JsonHandlingService;
|
||||
import eu.eudat.commons.enums.EntityType;
|
||||
import eu.eudat.commons.types.description.PropertyDefinitionEntity;
|
||||
|
|
@ -12,6 +15,7 @@ import eu.eudat.model.*;
|
|||
import eu.eudat.model.builder.descriptionpropertiesdefinition.PropertyDefinitionBuilder;
|
||||
import eu.eudat.model.builder.dmpproperties.DmpPropertiesBuilder;
|
||||
import eu.eudat.query.*;
|
||||
import gr.cite.commons.web.authz.service.AuthorizationService;
|
||||
import gr.cite.tools.data.builder.BuilderFactory;
|
||||
import gr.cite.tools.data.query.QueryFactory;
|
||||
import gr.cite.tools.exception.MyApplicationException;
|
||||
|
|
@ -36,17 +40,21 @@ public class DmpBuilder extends BaseBuilder<Dmp, DmpEntity> {
|
|||
|
||||
private final BuilderFactory builderFactory;
|
||||
private final JsonHandlingService jsonHandlingService;
|
||||
private final AuthorizationService authorizationService;
|
||||
private final AuthorizationContentResolver authorizationContentResolver;
|
||||
|
||||
private EnumSet<AuthorizationFlags> authorize = EnumSet.of(AuthorizationFlags.None);
|
||||
|
||||
@Autowired
|
||||
public DmpBuilder(ConventionService conventionService,
|
||||
QueryFactory queryFactory,
|
||||
BuilderFactory builderFactory, JsonHandlingService jsonHandlingService) {
|
||||
BuilderFactory builderFactory, JsonHandlingService jsonHandlingService, AuthorizationService authorizationService, AuthorizationContentResolver authorizationContentResolver) {
|
||||
super(conventionService, new LoggerService(LoggerFactory.getLogger(DmpBuilder.class)));
|
||||
this.queryFactory = queryFactory;
|
||||
this.builderFactory = builderFactory;
|
||||
this.jsonHandlingService = jsonHandlingService;
|
||||
this.authorizationService = authorizationService;
|
||||
this.authorizationContentResolver = authorizationContentResolver;
|
||||
}
|
||||
|
||||
public DmpBuilder authorize(EnumSet<AuthorizationFlags> values) {
|
||||
|
|
@ -84,6 +92,10 @@ public class DmpBuilder extends BaseBuilder<Dmp, DmpEntity> {
|
|||
FieldSet dmpDescriptionTemplatesFields = fields.extractPrefixed(this.asPrefix(Dmp._dmpDescriptionTemplates));
|
||||
Map<UUID, List<DmpDescriptionTemplate>> dmpDescriptionTemplatesMap = this.collectDmpDescriptionTemplates(dmpDescriptionTemplatesFields, data);
|
||||
|
||||
Set<String> authorizationFlags = this.extractAuthorizationFlags(fields, Dmp._authorizationFlags, this.authorizationContentResolver.getPermissionNames());
|
||||
|
||||
Map<UUID, AffiliatedResource> affiliatedResourceMap = authorizationFlags == null || authorizationFlags.isEmpty() ? null : this.authorizationContentResolver.dmpAffiliation(data.stream().map(DmpEntity::getId).collect(Collectors.toList()));
|
||||
|
||||
FieldSet propertiesFields = fields.extractPrefixed(this.asPrefix(Dmp._properties));
|
||||
for (DmpEntity d : data) {
|
||||
Dmp m = new Dmp();
|
||||
|
|
@ -113,6 +125,7 @@ public class DmpBuilder extends BaseBuilder<Dmp, DmpEntity> {
|
|||
DmpPropertiesEntity propertyDefinition = this.jsonHandlingService.fromJsonSafe(DmpPropertiesEntity.class, d.getProperties());
|
||||
m.setProperties(this.builderFactory.builder(DmpPropertiesBuilder.class).authorize(this.authorize).build(propertiesFields, propertyDefinition));
|
||||
}
|
||||
if (authorizationFlags != null && !authorizationFlags.isEmpty()) m.setAuthorizationFlags(this.evaluateAuthorizationFlags(this.authorizationService, authorizationFlags, affiliatedResourceMap.getOrDefault(d.getId(), null)));
|
||||
models.add(m);
|
||||
}
|
||||
this.logger.debug("build {} items", Optional.of(models).map(List::size).orElse(0));
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ public class ReferenceCensor extends BaseCensor {
|
|||
if (fields == null || fields.isEmpty())
|
||||
return;
|
||||
|
||||
this.authService.authorizeForce(Permission.BrowseReference);
|
||||
this.authService.authorizeForce(Permission.BrowseReference, Permission.DeferredAffiliation);
|
||||
FieldSet definitionFields = fields.extractPrefixed(this.asIndexerPrefix(Reference._definition));
|
||||
this.censorFactory.censor(DefinitionCensor.class).censor(definitionFields, userId);
|
||||
FieldSet dmpReferencesFields = fields.extractPrefixed(this.asIndexerPrefix(Reference._dmpReferences));
|
||||
|
|
|
|||
|
|
@ -259,6 +259,8 @@ public class DmpUserQuery extends QueryBase<DmpUserEntity> {
|
|||
else if (item.match(DmpUser._updatedAt)) return DmpUserEntity._updatedAt;
|
||||
else if (item.match(DmpUser._isActive)) return DmpUserEntity._isActive;
|
||||
else if (item.match(DmpUser._hash)) return DmpUserEntity._updatedAt;
|
||||
else if (item.match(DmpUser._dmp)) return DmpUserEntity._dmpId;
|
||||
else if (item.match(DmpUser._user)) return DmpUserEntity._userId;
|
||||
else return null;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,69 @@
|
|||
package eu.eudat.authorization;
|
||||
|
||||
import eu.eudat.commons.enums.DmpUserRole;
|
||||
import gr.cite.commons.web.authz.handler.AuthorizationHandler;
|
||||
import gr.cite.commons.web.authz.handler.AuthorizationHandlerContext;
|
||||
import gr.cite.commons.web.authz.policy.AuthorizationRequirement;
|
||||
import gr.cite.commons.web.oidc.principal.MyPrincipal;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.HashSet;
|
||||
|
||||
@Component("affiliatedAuthorizationHandler")
|
||||
public class AffiliatedAuthorizationHandler extends AuthorizationHandler<AffiliatedAuthorizationRequirement> {
|
||||
|
||||
private final CustomPermissionAttributesConfiguration myConfiguration;
|
||||
|
||||
@Autowired
|
||||
public AffiliatedAuthorizationHandler(CustomPermissionAttributesConfiguration myConfiguration) {
|
||||
this.myConfiguration = myConfiguration;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int handleRequirement(AuthorizationHandlerContext context, Object resource, AuthorizationRequirement requirement) {
|
||||
AffiliatedAuthorizationRequirement req = (AffiliatedAuthorizationRequirement) requirement;
|
||||
if (req.getRequiredPermissions() == null)
|
||||
return ACCESS_NOT_DETERMINED;
|
||||
|
||||
AffiliatedResource rs = (AffiliatedResource) resource;
|
||||
|
||||
boolean isAuthenticated = ((MyPrincipal) context.getPrincipal()).isAuthenticated();
|
||||
if (!isAuthenticated)
|
||||
return ACCESS_NOT_DETERMINED;
|
||||
|
||||
if (myConfiguration.getMyPolicies() == null)
|
||||
return ACCESS_NOT_DETERMINED;
|
||||
|
||||
int hits = 0;
|
||||
HashSet<DmpUserRole> roles = rs != null && rs.getDmpUserRoles() != null ? rs.getDmpUserRoles() : null;
|
||||
|
||||
for (String permission : req.getRequiredPermissions()) {
|
||||
CustomPermissionAttributesProperties.MyPermission policy = myConfiguration.getMyPolicies().get(permission);
|
||||
boolean hasPermission = policy != null && hasPermission(policy.getDmp(), roles);
|
||||
if (hasPermission) hits += 1;
|
||||
}
|
||||
if ((req.getMatchAll() && req.getRequiredPermissions().size() == hits) || (!req.getMatchAll() && hits > 0))
|
||||
return ACCESS_GRANTED;
|
||||
|
||||
return ACCESS_NOT_DETERMINED;
|
||||
}
|
||||
|
||||
private Boolean hasPermission(DmpRole dmpRole, HashSet<DmpUserRole> roles) {
|
||||
if (roles == null)
|
||||
return Boolean.FALSE;
|
||||
if (dmpRole == null || dmpRole.getRoles() == null)
|
||||
return Boolean.FALSE;
|
||||
for (DmpUserRole role : dmpRole.getRoles()) {
|
||||
if (roles.contains(role))
|
||||
return Boolean.TRUE;
|
||||
}
|
||||
return Boolean.FALSE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Class<? extends AuthorizationRequirement> supporting() {
|
||||
return AffiliatedAuthorizationRequirement.class;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
package eu.eudat.authorization;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
import java.util.HashMap;
|
||||
|
||||
@Configuration
|
||||
@EnableConfigurationProperties(CustomPermissionAttributesProperties.class)
|
||||
public class CustomPermissionAttributesConfiguration {
|
||||
|
||||
private final CustomPermissionAttributesProperties properties;
|
||||
|
||||
@Autowired
|
||||
public CustomPermissionAttributesConfiguration(CustomPermissionAttributesProperties properties) {
|
||||
this.properties = properties;
|
||||
}
|
||||
|
||||
public HashMap<String, CustomPermissionAttributesProperties.MyPermission> getMyPolicies() {
|
||||
return properties.getPolicies();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
package eu.eudat.authorization;
|
||||
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
import org.springframework.boot.context.properties.bind.ConstructorBinding;
|
||||
|
||||
import java.util.HashMap;
|
||||
|
||||
@ConfigurationProperties(prefix = "permissions")
|
||||
@ConditionalOnProperty(prefix = "permissions", name = "enabled", havingValue = "true")
|
||||
public class CustomPermissionAttributesProperties {
|
||||
|
||||
private final HashMap<String, MyPermission> policies;
|
||||
|
||||
@ConstructorBinding
|
||||
public CustomPermissionAttributesProperties(HashMap<String, MyPermission> policies) {
|
||||
this.policies = policies;
|
||||
}
|
||||
|
||||
public HashMap<String, MyPermission> getPolicies() {
|
||||
return policies;
|
||||
}
|
||||
|
||||
public static class MyPermission {
|
||||
|
||||
private final DmpRole dmp;
|
||||
|
||||
@ConstructorBinding
|
||||
public MyPermission(DmpRole dmp) {
|
||||
this.dmp = dmp;
|
||||
}
|
||||
|
||||
|
||||
public DmpRole getDmp() {
|
||||
return dmp;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
package eu.eudat.authorization;
|
||||
|
||||
|
||||
import eu.eudat.commons.enums.DmpUserRole;
|
||||
import org.springframework.boot.context.properties.bind.ConstructorBinding;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
public class DmpRole {
|
||||
private final Set<DmpUserRole> roles;
|
||||
|
||||
@ConstructorBinding
|
||||
public DmpRole(Set<DmpUserRole> roles) {
|
||||
this.roles = roles;
|
||||
}
|
||||
|
||||
public Set<DmpUserRole> getRoles() {
|
||||
return roles;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,5 +1,6 @@
|
|||
package eu.eudat.authorization;
|
||||
|
||||
import eu.eudat.commons.enums.DmpUserRole;
|
||||
import eu.eudat.commons.scope.user.UserScope;
|
||||
import gr.cite.commons.web.authz.handler.AuthorizationHandler;
|
||||
import gr.cite.commons.web.authz.handler.AuthorizationHandlerContext;
|
||||
|
|
@ -8,6 +9,9 @@ import gr.cite.commons.web.oidc.principal.MyPrincipal;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
|
||||
@Component("ownedAuthorizationHandler")
|
||||
public class OwnedAuthorizationHandler extends AuthorizationHandler<OwnedAuthorizationRequirement> {
|
||||
|
||||
|
|
@ -40,3 +44,4 @@ public class OwnedAuthorizationHandler extends AuthorizationHandler<OwnedAuthori
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,9 +1,7 @@
|
|||
package eu.eudat.configurations;
|
||||
|
||||
|
||||
import eu.eudat.authorization.OwnedAuthorizationHandler;
|
||||
import eu.eudat.authorization.OwnedAuthorizationRequirement;
|
||||
import eu.eudat.authorization.OwnedResource;
|
||||
import eu.eudat.authorization.*;
|
||||
import gr.cite.commons.web.authz.handler.AuthorizationHandler;
|
||||
import gr.cite.commons.web.authz.handler.PermissionClientAuthorizationHandler;
|
||||
import gr.cite.commons.web.authz.policy.AuthorizationRequirement;
|
||||
|
|
@ -39,16 +37,19 @@ public class SecurityConfiguration {
|
|||
private final AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver;
|
||||
private final Filter apiKeyFilter;
|
||||
private final OwnedAuthorizationHandler ownedAuthorizationHandler;
|
||||
private final AffiliatedAuthorizationHandler affiliatedAuthorizationHandler;
|
||||
|
||||
@Autowired
|
||||
public SecurityConfiguration(WebSecurityProperties webSecurityProperties,
|
||||
@Qualifier("tokenAuthenticationResolver") AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver,
|
||||
@Qualifier("apiKeyFilter") Filter apiKeyFilter,
|
||||
@Qualifier("ownedAuthorizationHandler") OwnedAuthorizationHandler ownedAuthorizationHandler) {
|
||||
@Qualifier("ownedAuthorizationHandler") OwnedAuthorizationHandler ownedAuthorizationHandler,
|
||||
@Qualifier("affiliatedAuthorizationHandler") AffiliatedAuthorizationHandler affiliatedAuthorizationHandler) {
|
||||
this.webSecurityProperties = webSecurityProperties;
|
||||
this.authenticationManagerResolver = authenticationManagerResolver;
|
||||
this.apiKeyFilter = apiKeyFilter;
|
||||
this.ownedAuthorizationHandler = ownedAuthorizationHandler;
|
||||
this.affiliatedAuthorizationHandler = affiliatedAuthorizationHandler;
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
@ -80,7 +81,7 @@ public class SecurityConfiguration {
|
|||
//If not set / set to null, only the default authorization handlers will be used
|
||||
@Override
|
||||
public List<AuthorizationHandler<? extends AuthorizationRequirement>> addCustomHandlers() {
|
||||
return List.of( ownedAuthorizationHandler);
|
||||
return List.of(affiliatedAuthorizationHandler, ownedAuthorizationHandler);
|
||||
}
|
||||
|
||||
//Here you can register your custom authorization requirements (if any)
|
||||
|
|
@ -116,6 +117,9 @@ public class SecurityConfiguration {
|
|||
if (OwnedResource.class.equals(type)) {
|
||||
return new OwnedAuthorizationRequirement();
|
||||
}
|
||||
if (AffiliatedResource.class.equals(type)) {
|
||||
return new AffiliatedAuthorizationRequirement(matchAll, permissions);
|
||||
}
|
||||
throw new IllegalArgumentException("resource");
|
||||
}
|
||||
};
|
||||
|
|
|
|||
|
|
@ -34,6 +34,14 @@ cache:
|
|||
expireAfterWriteMinutes: 10
|
||||
expireAfterAccessMinutes: 10
|
||||
refreshAfterWriteMinutes: 10
|
||||
- names: [ "affiliation" ]
|
||||
allowNullValues: true
|
||||
initialCapacity: 100
|
||||
maximumSize: 500
|
||||
enableRecordStats: false
|
||||
expireAfterWriteMinutes: 1
|
||||
expireAfterAccessMinutes: 1
|
||||
refreshAfterWriteMinutes: 1
|
||||
- names: [ "dashboardStatisticsByUserId" ]
|
||||
allowNullValues: true
|
||||
initialCapacity: 100
|
||||
|
|
@ -79,4 +87,7 @@ cache:
|
|||
keyPattern: base:v0
|
||||
token-exchange-key:
|
||||
name: tokenExchangeKey
|
||||
keyPattern: resolve_$keyhash$:v0
|
||||
keyPattern: resolve_$keyhash$:v0
|
||||
affiliation:
|
||||
name: affiliation
|
||||
keyPattern: affiliation_$entity$_$user$_$type$:v0
|
||||
|
|
@ -206,9 +206,6 @@ permissions:
|
|||
BrowseDmpAssociatedUser:
|
||||
roles:
|
||||
- Admin
|
||||
- DescriptionTemplateEditor
|
||||
- Manager
|
||||
- User
|
||||
claims: [ ]
|
||||
clients: [ ]
|
||||
allowAnonymous: false
|
||||
|
|
@ -217,6 +214,9 @@ permissions:
|
|||
BrowseDescriptionTemplateType:
|
||||
roles:
|
||||
- Admin
|
||||
- User
|
||||
- Manager
|
||||
- DescriptionTemplateEditor
|
||||
clients: [ ]
|
||||
allowAnonymous: false
|
||||
allowAuthenticated: false
|
||||
|
|
@ -321,6 +321,12 @@ permissions:
|
|||
EditDmp:
|
||||
roles:
|
||||
- Admin
|
||||
dmp:
|
||||
roles:
|
||||
- Owner
|
||||
- User
|
||||
- DescriptionContributor
|
||||
- Reviewer
|
||||
clients: [ ]
|
||||
allowAnonymous: false
|
||||
allowAuthenticated: false
|
||||
|
|
@ -463,7 +469,6 @@ permissions:
|
|||
BrowseReference:
|
||||
roles:
|
||||
- Admin
|
||||
- User
|
||||
clients: [ ]
|
||||
allowAnonymous: false
|
||||
allowAuthenticated: false
|
||||
|
|
@ -527,6 +532,9 @@ permissions:
|
|||
BrowseSupportiveMaterial:
|
||||
roles:
|
||||
- Admin
|
||||
- User
|
||||
- Manager
|
||||
- DescriptionTemplateEditor
|
||||
clients: [ ]
|
||||
allowAnonymous: yes
|
||||
allowAuthenticated: yes
|
||||
|
|
@ -548,6 +556,9 @@ permissions:
|
|||
BrowseReferenceType:
|
||||
roles:
|
||||
- Admin
|
||||
- User
|
||||
- Manager
|
||||
- DescriptionTemplateEditor
|
||||
clients: [ ]
|
||||
allowAnonymous: false
|
||||
allowAuthenticated: false
|
||||
|
|
@ -691,25 +702,24 @@ permissions:
|
|||
# Lock Permissions
|
||||
BrowseLock:
|
||||
roles:
|
||||
- User
|
||||
- Admin
|
||||
clients: [ ]
|
||||
allowAnonymous: false
|
||||
allowAuthenticated: false
|
||||
EditLock:
|
||||
roles:
|
||||
- User
|
||||
- Admin
|
||||
clients: [ ]
|
||||
allowAnonymous: false
|
||||
allowAuthenticated: false
|
||||
DeleteLock:
|
||||
roles:
|
||||
- User
|
||||
- Admin
|
||||
claims: [ ]
|
||||
clients: [ ]
|
||||
allowAnonymous: false
|
||||
allowAuthenticated: false
|
||||
# Lock Permissions
|
||||
# Contact Permissions
|
||||
SendContactSupport:
|
||||
roles: []
|
||||
clients: [ ]
|
||||
|
|
@ -740,6 +750,9 @@ permissions:
|
|||
BrowsePrefillingSource:
|
||||
roles:
|
||||
- Admin
|
||||
- DescriptionTemplateEditor
|
||||
- Manager
|
||||
- User
|
||||
clients: [ ]
|
||||
allowAnonymous: false
|
||||
allowAuthenticated: false
|
||||
|
|
|
|||
|
|
@ -10,12 +10,12 @@
|
|||
<!-- <div *ngIf="this.canEdit && !this.isDeleted" class="col-12"> -->
|
||||
<div class="col-12">
|
||||
<form class="row p-2 mt-2 mb-3 ml-0 pr-3 mr-0 new-thread" [formGroup]="threadFormGroup">
|
||||
<mat-form-field class="col msg-input">
|
||||
<mat-form-field class="col-6 msg-input">
|
||||
<textarea matInput matTextareaAutosize matAutosizeMinRows="1" name="thread-text" formControlName="text" placeholder="{{'ANNOTATION-DIALOG.THREADS.NEW-THREAD' | translate}}" required></textarea>
|
||||
<mat-error *ngIf="threadFormGroup.get('text').hasError('backendError')">{{threadFormGroup.get('text').getError('backendError')?.message}}</mat-error>
|
||||
<mat-error *ngIf="threadFormGroup.get('text').hasError('required')">{{'COMMONS.VALIDATION.REQUIRED' | translate}}</mat-error>
|
||||
</mat-form-field>
|
||||
<mat-form-field class="col-auto pl-0 pr-0 protection-input">
|
||||
<mat-form-field class="col-6 pl-0 pr-0 protection-input">
|
||||
<mat-label>{{'ANNOTATION-DIALOG.THREADS.PROTECTION.TITLE' | translate}}</mat-label>
|
||||
<mat-select name="thread-protectionType" formControlName="protectionType" required>
|
||||
<mat-option *ngFor="let enumValue of annotationProtectionTypeEnumValues" [value]="enumValue">{{enumUtils.toAnnotationProtectionTypeString(enumValue)}}</mat-option>
|
||||
|
|
@ -44,9 +44,9 @@
|
|||
<div class="col-12">
|
||||
<div class="row h-100">
|
||||
<div class="col annotation-time">{{thread.timeStamp | date:'EEEE, MMMM d, y, h:mm a'}}</div>
|
||||
<div class="col-auto" *ngIf="thread.protectionType === annotationProtectionTypeEnum.Private" matTooltip="{{'ANNOTATION-DIALOG.PROTECTION.PRIVATE' | translate}}"><i class="material-icons protection-icon icon-{{getAnnotationProtectionType(thread)}}">{{getAnnotationProtectionType(thread)}}</i></div>
|
||||
<div class="col-auto" *ngIf="thread.protectionType === annotationProtectionTypeEnum.EntityAccessors" matTooltip="{{'ANNOTATION-DIALOG.PROTECTION.ENTITY-ACCESSORS' | translate}}"><i class="material-icons protection-icon icon-{{getAnnotationProtectionType(thread)}}">{{getAnnotationProtectionType(thread)}}</i></div>
|
||||
<div class="col-md-12 annotation-full-text">{{thread.text}}</div>
|
||||
<div class="col-auto" *ngIf="thread.protectionType === annotationProtectionTypeEnum.Private" matTooltip="{{'ANNOTATION-DIALOG.PROTECTION.PRIVATE' | translate}}"><i class="material-icons protection-icon icon-{{getAnnotationProtectionType(thread)}}"></i>{{getAnnotationProtectionType(thread)}}</div>
|
||||
<div class="col-auto" *ngIf="thread.protectionType === annotationProtectionTypeEnum.EntityAccessors" matTooltip="{{'ANNOTATION-DIALOG.PROTECTION.ENTITY-ACCESSORS' | translate}}"><i class="material-icons protection-icon icon-{{getAnnotationProtectionType(thread)}}"></i>{{getAnnotationProtectionType(thread)}}</div>
|
||||
<div class="col-md-12 annotation-full-text">{{thread.payload}}</div>
|
||||
<div class="col-md-12">
|
||||
<em class="user">{{'ANNOTATION-DIALOG.THREADS.FROM-USER' | translate}} {{thread.author.name}}</em>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
}
|
||||
|
||||
.form-container {
|
||||
width: 33rem;
|
||||
width: 100%;
|
||||
min-height: 14rem;
|
||||
padding: 0.28rem 0.34rem 0.875rem 0.625rem;
|
||||
padding: 1rem;
|
||||
}
|
||||
|
||||
.logo {
|
||||
|
|
|
|||
|
|
@ -123,12 +123,11 @@ export class AnnotationDialogComponent extends BaseComponent {
|
|||
lookup.project = {
|
||||
fields: [
|
||||
nameof<Annotation>(x => x.id),
|
||||
// nameof<Annotation>(x => x.threadId),
|
||||
// nameof<Annotation>(x => x.threadId),
|
||||
// nameof<Annotation>(x => x.timeStamp),
|
||||
// nameof<Annotation>(x => x.author.name),
|
||||
nameof<Annotation>(x => x.threadId),
|
||||
nameof<Annotation>(x => x.timeStamp),
|
||||
nameof<Annotation>(x => x.author.name),
|
||||
nameof<Annotation>(x => x.payload),
|
||||
// nameof<Annotation>(x => x.protection),
|
||||
nameof<Annotation>(x => x.protectionType),
|
||||
]
|
||||
};
|
||||
|
||||
|
|
@ -146,6 +145,8 @@ export class AnnotationDialogComponent extends BaseComponent {
|
|||
// this.annotationsPerThread[element.id.toString()] = data.items.filter(x => x.threadId === element.id && x.id !== element.id).sort((a1, a2) => new Date(a1.timeStamp).getTime() - new Date(a2.timeStamp).getTime());
|
||||
// });
|
||||
// // this.annotationsChanged.emit(this.threads);
|
||||
|
||||
this.threads = data.items;
|
||||
},
|
||||
error => this.onCallbackError(error),
|
||||
);
|
||||
|
|
@ -190,6 +191,11 @@ export class AnnotationDialogComponent extends BaseComponent {
|
|||
}
|
||||
|
||||
|
||||
getAnnotationProtectionType(thread: Annotation): string {
|
||||
return this.enumUtils.toAnnotationProtectionTypeString(thread.protectionType);
|
||||
}
|
||||
|
||||
|
||||
cancel() {
|
||||
this.dialogRef.close();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -125,7 +125,8 @@ export class DescriptionFormFieldSetComponent extends BaseComponent {
|
|||
//
|
||||
showAnnotations(fieldSetId: string) {
|
||||
const dialogRef = this.dialog.open(AnnotationDialogComponent, {
|
||||
width: '528px',
|
||||
width: '40rem',
|
||||
maxWidth: '90vw',
|
||||
data: {
|
||||
entityId: this.descriptionId,
|
||||
anchor: fieldSetId,
|
||||
|
|
|
|||
|
|
@ -203,7 +203,10 @@
|
|||
},
|
||||
"COMMONS": {
|
||||
"ERRORS": {
|
||||
"DEFAULT": ""
|
||||
"DEFAULT": "An Unexpected Error Has Occurred"
|
||||
},
|
||||
"VALIDATION": {
|
||||
"REQUIRED": "Required"
|
||||
},
|
||||
"LISTING-COMPONENT": {
|
||||
"SEARCH-FILTER-BTN": "Filter Results",
|
||||
|
|
@ -379,6 +382,21 @@
|
|||
"DESCRIPTION-TEMPLATE-PREVIEW" : {
|
||||
"TEMPLATE": "Template"
|
||||
},
|
||||
"ANNOTATION-DIALOG": {
|
||||
"TITLE": "Comments",
|
||||
"THREADS": {
|
||||
"NEW-THREAD": "New comment",
|
||||
"FROM-USER": "From",
|
||||
"SEND": "Send comment",
|
||||
"PROTECTION": {
|
||||
"TITLE": "Visibility"
|
||||
}
|
||||
},
|
||||
"PROTECTION": {
|
||||
"ENTITY-ACCESSORS": "Visible",
|
||||
"PRIVATE": "Hidden"
|
||||
}
|
||||
},
|
||||
"DESCRIPTION-TEMPLATE-EDITOR": {
|
||||
"TITLE": {
|
||||
"NEW": "New API Client",
|
||||
|
|
@ -2256,6 +2274,10 @@
|
|||
"INTERNAL-SOURCE": "Not bind with source"
|
||||
},
|
||||
"TYPES": {
|
||||
"ANNOTATION-PROTECTION-TYPE": {
|
||||
"PRIVATE": "Hidden",
|
||||
"ENTITY-ACCESSORS": "Visible"
|
||||
},
|
||||
"APP-ROLE": {
|
||||
"ADMIN": "Admin",
|
||||
"USER": "User",
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ public class FunderMigrationService {
|
|||
ReferenceEntity data = new ReferenceEntity();
|
||||
data.setId(item.getId());
|
||||
data.setLabel(item.getLabel());
|
||||
data.setIsActive(Funder.Status.fromInteger(item.getStatus()).equals(Funder.Status.ACTIVE) ? IsActive.Active : IsActive.Inactive);
|
||||
data.setIsActive(IsActive.Active);
|
||||
data.setTypeId(ReferenceTypeIds.Funder);
|
||||
data.setCreatedAt(item.getCreated().toInstant());
|
||||
data.setUpdatedAt(item.getModified().toInstant());
|
||||
|
|
|
|||
|
|
@ -21,7 +21,8 @@ import java.util.List;
|
|||
import java.util.Locale;
|
||||
|
||||
@Service
|
||||
public class GrantMigrationService {
|
||||
public class
|
||||
GrantMigrationService {
|
||||
private static final LoggerService logger = new LoggerService(LoggerFactory.getLogger(GrantMigrationService.class));
|
||||
|
||||
private static final int PageSize = 500;
|
||||
|
|
@ -63,7 +64,7 @@ public class GrantMigrationService {
|
|||
data.setLabel(item.getLabel());
|
||||
data.setDescription(item.getDescription());
|
||||
data.setAbbreviation(item.getAbbreviation());
|
||||
data.setIsActive(Grant.Status.fromInteger(item.getStatus()).equals(Grant.Status.ACTIVE) ? IsActive.Active : IsActive.Inactive);
|
||||
data.setIsActive(IsActive.Active);
|
||||
data.setTypeId(ReferenceTypeIds.Grants);
|
||||
data.setCreatedAt(item.getCreated().toInstant());
|
||||
data.setUpdatedAt(item.getModified().toInstant());
|
||||
|
|
|
|||
|
|
@ -64,8 +64,8 @@ public class ProjectMigrationService {
|
|||
data.setLabel(item.getLabel());
|
||||
data.setAbbreviation(item.getAbbreviation());
|
||||
data.setDescription(item.getDescription());
|
||||
data.setIsActive(Project.Status.ACTIVE.equals(Project.Status.fromInteger(item.getStatus())) ? IsActive.Active : IsActive.Inactive);
|
||||
data.setTypeId(ReferenceTypeIds.DataRepositories);
|
||||
data.setIsActive(IsActive.Active);
|
||||
data.setTypeId(ReferenceTypeIds.Project);
|
||||
data.setCreatedAt(item.getCreated().toInstant());
|
||||
data.setUpdatedAt(item.getModified().toInstant());
|
||||
if (item.getCreationUser() != null) data.setCreatedById(item.getCreationUser().getId());
|
||||
|
|
|
|||
|
|
@ -63,9 +63,9 @@ public class StorageFileMigrationService {
|
|||
logger.debug("Migrate FileUpload " + page * PageSize + " of " + total);
|
||||
for (FileUpload item : items) {
|
||||
entityManager.detach(item);
|
||||
File file = new File(this.environment.getProperty("file.storage") + item.getId().toString());
|
||||
if (!file.exists()) file = new File(this.environment.getProperty("temp.temp") + item.getId().toString());
|
||||
if (!file.exists()) throw new MyApplicationException("Storage file not exist " + item.getId().toString());
|
||||
// File file = new File(this.environment.getProperty("file.storage") + item.getId().toString());
|
||||
// if (!file.exists()) file = new File(this.environment.getProperty("temp.temp") + item.getId().toString());
|
||||
// if (!file.exists()) throw new MyApplicationException("Storage file not exist " + item.getId().toString());
|
||||
|
||||
StorageFileEntity data = new StorageFileEntity();
|
||||
data.setId(item.getId());
|
||||
|
|
@ -80,11 +80,11 @@ public class StorageFileMigrationService {
|
|||
data.setPurgedAt(null);
|
||||
if (item.getCreator() == null) data.setOwnerId(item.getCreator().getId());
|
||||
|
||||
File destinationFile = new File(Paths.get(this.environment.getProperty("file.mainstorage"), data.getFileRef()).toString());
|
||||
boolean fileCopied = FileCopyUtils.copy(file, destinationFile) > 0;
|
||||
if (!fileCopied) throw new MyApplicationException("Storage file not copied " + data.getId().toString());
|
||||
|
||||
filesToDelete.add(file);
|
||||
// File destinationFile = new File(Paths.get(this.environment.getProperty("file.mainstorage"), data.getFileRef()).toString());
|
||||
// boolean fileCopied = FileCopyUtils.copy(file, destinationFile) > 0;
|
||||
// if (!fileCopied) throw new MyApplicationException("Storage file not copied " + data.getId().toString());
|
||||
//
|
||||
// filesToDelete.add(file);
|
||||
|
||||
this.entityManager.persist(data);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue