authz changes
This commit is contained in:
parent
f19ac6c45e
commit
b49975931b
|
|
@ -70,7 +70,7 @@ public final class Permission {
|
|||
public static String BrowseDmp = "BrowseDmp";
|
||||
public static String EditDmp = "EditDmp";
|
||||
public static String NewDmp = "NewDmp";
|
||||
|
||||
public static String DepositDmp = "DepositDmp";
|
||||
public static String DeleteDmp = "DeleteDmp";
|
||||
public static String CloneDmp = "CloneDmp";
|
||||
public static String CreateNewVersionDmp = "CreateNewVersionDmp";
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package eu.eudat.service.deposit;
|
|||
|
||||
import eu.eudat.authorization.AuthorizationFlags;
|
||||
import eu.eudat.authorization.Permission;
|
||||
import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
|
||||
import eu.eudat.commonmodels.models.FileEnvelopeModel;
|
||||
import eu.eudat.commonmodels.models.dmp.DmpModel;
|
||||
import eu.eudat.commons.enums.StorageType;
|
||||
|
|
@ -69,6 +70,7 @@ public class DepositServiceImpl implements DepositService {
|
|||
private final ValidatorFactory validatorFactory;
|
||||
private final StorageFileProperties storageFileProperties;
|
||||
private final ConventionService conventionService;
|
||||
private final AuthorizationContentResolver authorizationContentResolver;
|
||||
@Autowired
|
||||
public DepositServiceImpl(DepositProperties depositProperties,
|
||||
TokenExchangeCacheService tokenExchangeCacheService,
|
||||
|
|
@ -77,7 +79,7 @@ public class DepositServiceImpl implements DepositService {
|
|||
EntityDoiService doiService,
|
||||
QueryFactory queryFactory,
|
||||
MessageSource messageSource,
|
||||
BuilderFactory builderFactory, DepositConfigurationCacheService depositConfigurationCacheService, FileTransformerService fileTransformerService, StorageFileService storageFileService, UserScope userScope, ValidatorFactory validatorFactory, StorageFileProperties storageFileProperties, ConventionService conventionService) {
|
||||
BuilderFactory builderFactory, DepositConfigurationCacheService depositConfigurationCacheService, FileTransformerService fileTransformerService, StorageFileService storageFileService, UserScope userScope, ValidatorFactory validatorFactory, StorageFileProperties storageFileProperties, ConventionService conventionService, AuthorizationContentResolver authorizationContentResolver) {
|
||||
this.depositProperties = depositProperties;
|
||||
this.tokenExchangeCacheService = tokenExchangeCacheService;
|
||||
this.authorizationService = authorizationService;
|
||||
|
|
@ -93,6 +95,7 @@ public class DepositServiceImpl implements DepositService {
|
|||
this.validatorFactory = validatorFactory;
|
||||
this.storageFileProperties = storageFileProperties;
|
||||
this.conventionService = conventionService;
|
||||
this.authorizationContentResolver = authorizationContentResolver;
|
||||
this.clients = new HashMap<>();
|
||||
}
|
||||
|
||||
|
|
@ -139,9 +142,7 @@ public class DepositServiceImpl implements DepositService {
|
|||
|
||||
@Override
|
||||
public EntityDoi deposit(DepositRequest dmpDepositModel) throws Exception {
|
||||
this.authorizationService.authorizeForce(Permission.EditDeposit);
|
||||
|
||||
this.authorizationService.authorize(Permission.EditDmp);
|
||||
this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(dmpDepositModel.getDmpId())), Permission.DepositDmp);
|
||||
//GK: First get the right client
|
||||
DepositClient depositClient = getDepositClient(dmpDepositModel.getRepositoryId());
|
||||
if (depositClient == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{dmpDepositModel.getRepositoryId(), DepositClient.class.getSimpleName()}, LocaleContextHolder.getLocale()));
|
||||
|
|
|
|||
|
|
@ -387,6 +387,19 @@ permissions:
|
|||
clients: [ ]
|
||||
allowAnonymous: false
|
||||
allowAuthenticated: false
|
||||
DepositDmp:
|
||||
roles:
|
||||
- Admin
|
||||
dmp:
|
||||
roles:
|
||||
- Owner
|
||||
- User
|
||||
- DescriptionContributor
|
||||
- Reviewer
|
||||
claims: [ ]
|
||||
clients: [ ]
|
||||
allowAnonymous: false
|
||||
allowAuthenticated: false
|
||||
CloneDmp:
|
||||
roles:
|
||||
- Admin
|
||||
|
|
|
|||
|
|
@ -20,7 +20,8 @@ export enum AppPermission {
|
|||
BrowseDmp = "BrowseDmp",
|
||||
EditDmp = "EditDmp",
|
||||
NewDmp = "NewDmp",
|
||||
DeleteDmp= "DeleteDmp",
|
||||
DeleteDmp = "DeleteDmp",
|
||||
DepositDmp = "DepositDmp",
|
||||
CloneDmp = "CloneDmp",
|
||||
CreateNewVersionDmp = "CreateNewVersionDmp",
|
||||
ExportDmp = "ExportDmp",
|
||||
|
|
|
|||
|
|
@ -248,8 +248,4 @@ export class DmpService {
|
|||
}
|
||||
return dmpUserRoles;
|
||||
}
|
||||
|
||||
isDmpOwner(dmpUsers: DmpUser[]): Boolean {
|
||||
return this.getCurrentUserRolesInDmp(dmpUsers).includes(DmpUserRole.Owner);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -144,8 +144,8 @@
|
|||
<hr class="hr-line">
|
||||
</div>
|
||||
</div>
|
||||
<app-dmp-deposit-dropdown *ngIf="(hasDoi(dmp) || moreDeposit()) && isFinalizedDmp(dmp) && !this.isPublicView && isDmpOwner(dmp) && inputRepos.length > 0" [inputRepos]="inputRepos" [dmp]="dmp" (outputReposEmitter)="afterDeposit($event)"></app-dmp-deposit-dropdown>
|
||||
<div *ngIf="isFinalizedDmp(dmp) && hasDoi(dmp) && !isPublishedDmp(dmp) && isDmpOwner(dmp)" (click)="reverseFinalization()" class="row ml-0 mr-0 pl-4 pb-3 d-flex align-items-center">
|
||||
<app-dmp-deposit-dropdown *ngIf="(hasDoi(dmp) || moreDeposit()) && isFinalizedDmp(dmp) && !this.isPublicView && canDepositDmp(dmp) && inputRepos.length > 0" [inputRepos]="inputRepos" [dmp]="dmp" (outputReposEmitter)="afterDeposit($event)"></app-dmp-deposit-dropdown>
|
||||
<div *ngIf="isFinalizedDmp(dmp) && hasDoi(dmp) && !isPublishedDmp(dmp) && canFinalizeDmp(dmp)" (click)="reverseFinalization()" class="row ml-0 mr-0 pl-4 pb-3 d-flex align-items-center">
|
||||
<button mat-mini-fab class="frame-btn">
|
||||
<mat-icon class="mat-mini-fab-icon">unarchive</mat-icon>
|
||||
</button>
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
|
|||
if (this.dmp.descriptions) {
|
||||
if (this.dmp.status == DmpStatus.Finalized) {
|
||||
this.dmp.descriptions = data.descriptions.filter(x => x.isActive === IsActive.Active && x.status === DescriptionStatus.Finalized);
|
||||
} else {
|
||||
} else {
|
||||
this.dmp.descriptions = data.descriptions.filter(x => x.isActive === IsActive.Active && x.status !== DescriptionStatus.Canceled);
|
||||
}
|
||||
}
|
||||
|
|
@ -202,11 +202,6 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
|
|||
} else return false;
|
||||
}
|
||||
|
||||
isDmpOwner(): boolean {
|
||||
const principalId: Guid = this.authentication.userId();
|
||||
if (principalId) return !!this.dmp.dmpUsers?.find(x => (x.role === DmpUserRole.Owner) && (principalId === x.user?.id));
|
||||
}
|
||||
|
||||
canEditDmp(): boolean{
|
||||
return (this.isDraftDmp()) && (this.dmp.authorizationFlags?.some(x => x === AppPermission.EditDmp) || this.authentication.hasPermission(AppPermission.EditDmp)) && this.isPublicView == false;
|
||||
}
|
||||
|
|
@ -239,6 +234,11 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
|
|||
return this.dmp.authorizationFlags?.some(x => x === AppPermission.AssignDmpUsers) || this.authentication.hasPermission(AppPermission.AssignDmpUsers) && this.isPublicView == false;
|
||||
}
|
||||
|
||||
canDepositDmp(): boolean {
|
||||
return this.dmp.authorizationFlags?.some(x => x === AppPermission.DepositDmp) || this.authentication.hasPermission(AppPermission.DepositDmp) && this.isPublicView == false;
|
||||
}
|
||||
|
||||
|
||||
editClicked() {
|
||||
this.router.navigate(['/plans/edit/', this.dmp.id]);
|
||||
}
|
||||
|
|
@ -741,6 +741,7 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
|
|||
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.InviteDmpUsers].join('.'),
|
||||
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.AssignDmpUsers].join('.'),
|
||||
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.EditDmp].join('.'),
|
||||
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.DepositDmp].join('.'),
|
||||
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.id)].join('.'),
|
||||
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.repositoryId)].join('.'),
|
||||
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.doi)].join('.'),
|
||||
|
|
|
|||
Loading…
Reference in New Issue