authz changes

This commit is contained in:
Efstratios Giannopoulos 2024-03-19 12:48:17 +02:00
parent f19ac6c45e
commit b49975931b
7 changed files with 30 additions and 18 deletions

View File

@ -70,7 +70,7 @@ public final class Permission {
public static String BrowseDmp = "BrowseDmp"; public static String BrowseDmp = "BrowseDmp";
public static String EditDmp = "EditDmp"; public static String EditDmp = "EditDmp";
public static String NewDmp = "NewDmp"; public static String NewDmp = "NewDmp";
public static String DepositDmp = "DepositDmp";
public static String DeleteDmp = "DeleteDmp"; public static String DeleteDmp = "DeleteDmp";
public static String CloneDmp = "CloneDmp"; public static String CloneDmp = "CloneDmp";
public static String CreateNewVersionDmp = "CreateNewVersionDmp"; public static String CreateNewVersionDmp = "CreateNewVersionDmp";

View File

@ -2,6 +2,7 @@ package eu.eudat.service.deposit;
import eu.eudat.authorization.AuthorizationFlags; import eu.eudat.authorization.AuthorizationFlags;
import eu.eudat.authorization.Permission; import eu.eudat.authorization.Permission;
import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
import eu.eudat.commonmodels.models.FileEnvelopeModel; import eu.eudat.commonmodels.models.FileEnvelopeModel;
import eu.eudat.commonmodels.models.dmp.DmpModel; import eu.eudat.commonmodels.models.dmp.DmpModel;
import eu.eudat.commons.enums.StorageType; import eu.eudat.commons.enums.StorageType;
@ -69,6 +70,7 @@ public class DepositServiceImpl implements DepositService {
private final ValidatorFactory validatorFactory; private final ValidatorFactory validatorFactory;
private final StorageFileProperties storageFileProperties; private final StorageFileProperties storageFileProperties;
private final ConventionService conventionService; private final ConventionService conventionService;
private final AuthorizationContentResolver authorizationContentResolver;
@Autowired @Autowired
public DepositServiceImpl(DepositProperties depositProperties, public DepositServiceImpl(DepositProperties depositProperties,
TokenExchangeCacheService tokenExchangeCacheService, TokenExchangeCacheService tokenExchangeCacheService,
@ -77,7 +79,7 @@ public class DepositServiceImpl implements DepositService {
EntityDoiService doiService, EntityDoiService doiService,
QueryFactory queryFactory, QueryFactory queryFactory,
MessageSource messageSource, MessageSource messageSource,
BuilderFactory builderFactory, DepositConfigurationCacheService depositConfigurationCacheService, FileTransformerService fileTransformerService, StorageFileService storageFileService, UserScope userScope, ValidatorFactory validatorFactory, StorageFileProperties storageFileProperties, ConventionService conventionService) { BuilderFactory builderFactory, DepositConfigurationCacheService depositConfigurationCacheService, FileTransformerService fileTransformerService, StorageFileService storageFileService, UserScope userScope, ValidatorFactory validatorFactory, StorageFileProperties storageFileProperties, ConventionService conventionService, AuthorizationContentResolver authorizationContentResolver) {
this.depositProperties = depositProperties; this.depositProperties = depositProperties;
this.tokenExchangeCacheService = tokenExchangeCacheService; this.tokenExchangeCacheService = tokenExchangeCacheService;
this.authorizationService = authorizationService; this.authorizationService = authorizationService;
@ -93,6 +95,7 @@ public class DepositServiceImpl implements DepositService {
this.validatorFactory = validatorFactory; this.validatorFactory = validatorFactory;
this.storageFileProperties = storageFileProperties; this.storageFileProperties = storageFileProperties;
this.conventionService = conventionService; this.conventionService = conventionService;
this.authorizationContentResolver = authorizationContentResolver;
this.clients = new HashMap<>(); this.clients = new HashMap<>();
} }
@ -139,9 +142,7 @@ public class DepositServiceImpl implements DepositService {
@Override @Override
public EntityDoi deposit(DepositRequest dmpDepositModel) throws Exception { public EntityDoi deposit(DepositRequest dmpDepositModel) throws Exception {
this.authorizationService.authorizeForce(Permission.EditDeposit); this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(dmpDepositModel.getDmpId())), Permission.DepositDmp);
this.authorizationService.authorize(Permission.EditDmp);
//GK: First get the right client //GK: First get the right client
DepositClient depositClient = getDepositClient(dmpDepositModel.getRepositoryId()); DepositClient depositClient = getDepositClient(dmpDepositModel.getRepositoryId());
if (depositClient == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{dmpDepositModel.getRepositoryId(), DepositClient.class.getSimpleName()}, LocaleContextHolder.getLocale())); if (depositClient == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{dmpDepositModel.getRepositoryId(), DepositClient.class.getSimpleName()}, LocaleContextHolder.getLocale()));

View File

@ -387,6 +387,19 @@ permissions:
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DepositDmp:
roles:
- Admin
dmp:
roles:
- Owner
- User
- DescriptionContributor
- Reviewer
claims: [ ]
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
CloneDmp: CloneDmp:
roles: roles:
- Admin - Admin

View File

@ -20,7 +20,8 @@ export enum AppPermission {
BrowseDmp = "BrowseDmp", BrowseDmp = "BrowseDmp",
EditDmp = "EditDmp", EditDmp = "EditDmp",
NewDmp = "NewDmp", NewDmp = "NewDmp",
DeleteDmp= "DeleteDmp", DeleteDmp = "DeleteDmp",
DepositDmp = "DepositDmp",
CloneDmp = "CloneDmp", CloneDmp = "CloneDmp",
CreateNewVersionDmp = "CreateNewVersionDmp", CreateNewVersionDmp = "CreateNewVersionDmp",
ExportDmp = "ExportDmp", ExportDmp = "ExportDmp",

View File

@ -248,8 +248,4 @@ export class DmpService {
} }
return dmpUserRoles; return dmpUserRoles;
} }
isDmpOwner(dmpUsers: DmpUser[]): Boolean {
return this.getCurrentUserRolesInDmp(dmpUsers).includes(DmpUserRole.Owner);
}
} }

View File

@ -144,8 +144,8 @@
<hr class="hr-line"> <hr class="hr-line">
</div> </div>
</div> </div>
<app-dmp-deposit-dropdown *ngIf="(hasDoi(dmp) || moreDeposit()) && isFinalizedDmp(dmp) && !this.isPublicView && isDmpOwner(dmp) && inputRepos.length > 0" [inputRepos]="inputRepos" [dmp]="dmp" (outputReposEmitter)="afterDeposit($event)"></app-dmp-deposit-dropdown> <app-dmp-deposit-dropdown *ngIf="(hasDoi(dmp) || moreDeposit()) && isFinalizedDmp(dmp) && !this.isPublicView && canDepositDmp(dmp) && inputRepos.length > 0" [inputRepos]="inputRepos" [dmp]="dmp" (outputReposEmitter)="afterDeposit($event)"></app-dmp-deposit-dropdown>
<div *ngIf="isFinalizedDmp(dmp) && hasDoi(dmp) && !isPublishedDmp(dmp) && isDmpOwner(dmp)" (click)="reverseFinalization()" class="row ml-0 mr-0 pl-4 pb-3 d-flex align-items-center"> <div *ngIf="isFinalizedDmp(dmp) && hasDoi(dmp) && !isPublishedDmp(dmp) && canFinalizeDmp(dmp)" (click)="reverseFinalization()" class="row ml-0 mr-0 pl-4 pb-3 d-flex align-items-center">
<button mat-mini-fab class="frame-btn"> <button mat-mini-fab class="frame-btn">
<mat-icon class="mat-mini-fab-icon">unarchive</mat-icon> <mat-icon class="mat-mini-fab-icon">unarchive</mat-icon>
</button> </button>

View File

@ -202,11 +202,6 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
} else return false; } else return false;
} }
isDmpOwner(): boolean {
const principalId: Guid = this.authentication.userId();
if (principalId) return !!this.dmp.dmpUsers?.find(x => (x.role === DmpUserRole.Owner) && (principalId === x.user?.id));
}
canEditDmp(): boolean{ canEditDmp(): boolean{
return (this.isDraftDmp()) && (this.dmp.authorizationFlags?.some(x => x === AppPermission.EditDmp) || this.authentication.hasPermission(AppPermission.EditDmp)) && this.isPublicView == false; return (this.isDraftDmp()) && (this.dmp.authorizationFlags?.some(x => x === AppPermission.EditDmp) || this.authentication.hasPermission(AppPermission.EditDmp)) && this.isPublicView == false;
} }
@ -239,6 +234,11 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
return this.dmp.authorizationFlags?.some(x => x === AppPermission.AssignDmpUsers) || this.authentication.hasPermission(AppPermission.AssignDmpUsers) && this.isPublicView == false; return this.dmp.authorizationFlags?.some(x => x === AppPermission.AssignDmpUsers) || this.authentication.hasPermission(AppPermission.AssignDmpUsers) && this.isPublicView == false;
} }
canDepositDmp(): boolean {
return this.dmp.authorizationFlags?.some(x => x === AppPermission.DepositDmp) || this.authentication.hasPermission(AppPermission.DepositDmp) && this.isPublicView == false;
}
editClicked() { editClicked() {
this.router.navigate(['/plans/edit/', this.dmp.id]); this.router.navigate(['/plans/edit/', this.dmp.id]);
} }
@ -741,6 +741,7 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.InviteDmpUsers].join('.'), [nameof<Dmp>(x => x.authorizationFlags), AppPermission.InviteDmpUsers].join('.'),
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.AssignDmpUsers].join('.'), [nameof<Dmp>(x => x.authorizationFlags), AppPermission.AssignDmpUsers].join('.'),
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.EditDmp].join('.'), [nameof<Dmp>(x => x.authorizationFlags), AppPermission.EditDmp].join('.'),
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.DepositDmp].join('.'),
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.id)].join('.'), [nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.id)].join('.'),
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.repositoryId)].join('.'), [nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.repositoryId)].join('.'),
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.doi)].join('.'), [nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.doi)].join('.'),