authz changes
This commit is contained in:
parent
f19ac6c45e
commit
b49975931b
|
@ -70,7 +70,7 @@ public final class Permission {
|
||||||
public static String BrowseDmp = "BrowseDmp";
|
public static String BrowseDmp = "BrowseDmp";
|
||||||
public static String EditDmp = "EditDmp";
|
public static String EditDmp = "EditDmp";
|
||||||
public static String NewDmp = "NewDmp";
|
public static String NewDmp = "NewDmp";
|
||||||
|
public static String DepositDmp = "DepositDmp";
|
||||||
public static String DeleteDmp = "DeleteDmp";
|
public static String DeleteDmp = "DeleteDmp";
|
||||||
public static String CloneDmp = "CloneDmp";
|
public static String CloneDmp = "CloneDmp";
|
||||||
public static String CreateNewVersionDmp = "CreateNewVersionDmp";
|
public static String CreateNewVersionDmp = "CreateNewVersionDmp";
|
||||||
|
|
|
@ -2,6 +2,7 @@ package eu.eudat.service.deposit;
|
||||||
|
|
||||||
import eu.eudat.authorization.AuthorizationFlags;
|
import eu.eudat.authorization.AuthorizationFlags;
|
||||||
import eu.eudat.authorization.Permission;
|
import eu.eudat.authorization.Permission;
|
||||||
|
import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
|
||||||
import eu.eudat.commonmodels.models.FileEnvelopeModel;
|
import eu.eudat.commonmodels.models.FileEnvelopeModel;
|
||||||
import eu.eudat.commonmodels.models.dmp.DmpModel;
|
import eu.eudat.commonmodels.models.dmp.DmpModel;
|
||||||
import eu.eudat.commons.enums.StorageType;
|
import eu.eudat.commons.enums.StorageType;
|
||||||
|
@ -69,6 +70,7 @@ public class DepositServiceImpl implements DepositService {
|
||||||
private final ValidatorFactory validatorFactory;
|
private final ValidatorFactory validatorFactory;
|
||||||
private final StorageFileProperties storageFileProperties;
|
private final StorageFileProperties storageFileProperties;
|
||||||
private final ConventionService conventionService;
|
private final ConventionService conventionService;
|
||||||
|
private final AuthorizationContentResolver authorizationContentResolver;
|
||||||
@Autowired
|
@Autowired
|
||||||
public DepositServiceImpl(DepositProperties depositProperties,
|
public DepositServiceImpl(DepositProperties depositProperties,
|
||||||
TokenExchangeCacheService tokenExchangeCacheService,
|
TokenExchangeCacheService tokenExchangeCacheService,
|
||||||
|
@ -77,7 +79,7 @@ public class DepositServiceImpl implements DepositService {
|
||||||
EntityDoiService doiService,
|
EntityDoiService doiService,
|
||||||
QueryFactory queryFactory,
|
QueryFactory queryFactory,
|
||||||
MessageSource messageSource,
|
MessageSource messageSource,
|
||||||
BuilderFactory builderFactory, DepositConfigurationCacheService depositConfigurationCacheService, FileTransformerService fileTransformerService, StorageFileService storageFileService, UserScope userScope, ValidatorFactory validatorFactory, StorageFileProperties storageFileProperties, ConventionService conventionService) {
|
BuilderFactory builderFactory, DepositConfigurationCacheService depositConfigurationCacheService, FileTransformerService fileTransformerService, StorageFileService storageFileService, UserScope userScope, ValidatorFactory validatorFactory, StorageFileProperties storageFileProperties, ConventionService conventionService, AuthorizationContentResolver authorizationContentResolver) {
|
||||||
this.depositProperties = depositProperties;
|
this.depositProperties = depositProperties;
|
||||||
this.tokenExchangeCacheService = tokenExchangeCacheService;
|
this.tokenExchangeCacheService = tokenExchangeCacheService;
|
||||||
this.authorizationService = authorizationService;
|
this.authorizationService = authorizationService;
|
||||||
|
@ -93,6 +95,7 @@ public class DepositServiceImpl implements DepositService {
|
||||||
this.validatorFactory = validatorFactory;
|
this.validatorFactory = validatorFactory;
|
||||||
this.storageFileProperties = storageFileProperties;
|
this.storageFileProperties = storageFileProperties;
|
||||||
this.conventionService = conventionService;
|
this.conventionService = conventionService;
|
||||||
|
this.authorizationContentResolver = authorizationContentResolver;
|
||||||
this.clients = new HashMap<>();
|
this.clients = new HashMap<>();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -139,9 +142,7 @@ public class DepositServiceImpl implements DepositService {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public EntityDoi deposit(DepositRequest dmpDepositModel) throws Exception {
|
public EntityDoi deposit(DepositRequest dmpDepositModel) throws Exception {
|
||||||
this.authorizationService.authorizeForce(Permission.EditDeposit);
|
this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(dmpDepositModel.getDmpId())), Permission.DepositDmp);
|
||||||
|
|
||||||
this.authorizationService.authorize(Permission.EditDmp);
|
|
||||||
//GK: First get the right client
|
//GK: First get the right client
|
||||||
DepositClient depositClient = getDepositClient(dmpDepositModel.getRepositoryId());
|
DepositClient depositClient = getDepositClient(dmpDepositModel.getRepositoryId());
|
||||||
if (depositClient == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{dmpDepositModel.getRepositoryId(), DepositClient.class.getSimpleName()}, LocaleContextHolder.getLocale()));
|
if (depositClient == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{dmpDepositModel.getRepositoryId(), DepositClient.class.getSimpleName()}, LocaleContextHolder.getLocale()));
|
||||||
|
|
|
@ -387,6 +387,19 @@ permissions:
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
allowAuthenticated: false
|
allowAuthenticated: false
|
||||||
|
DepositDmp:
|
||||||
|
roles:
|
||||||
|
- Admin
|
||||||
|
dmp:
|
||||||
|
roles:
|
||||||
|
- Owner
|
||||||
|
- User
|
||||||
|
- DescriptionContributor
|
||||||
|
- Reviewer
|
||||||
|
claims: [ ]
|
||||||
|
clients: [ ]
|
||||||
|
allowAnonymous: false
|
||||||
|
allowAuthenticated: false
|
||||||
CloneDmp:
|
CloneDmp:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- Admin
|
||||||
|
|
|
@ -20,7 +20,8 @@ export enum AppPermission {
|
||||||
BrowseDmp = "BrowseDmp",
|
BrowseDmp = "BrowseDmp",
|
||||||
EditDmp = "EditDmp",
|
EditDmp = "EditDmp",
|
||||||
NewDmp = "NewDmp",
|
NewDmp = "NewDmp",
|
||||||
DeleteDmp= "DeleteDmp",
|
DeleteDmp = "DeleteDmp",
|
||||||
|
DepositDmp = "DepositDmp",
|
||||||
CloneDmp = "CloneDmp",
|
CloneDmp = "CloneDmp",
|
||||||
CreateNewVersionDmp = "CreateNewVersionDmp",
|
CreateNewVersionDmp = "CreateNewVersionDmp",
|
||||||
ExportDmp = "ExportDmp",
|
ExportDmp = "ExportDmp",
|
||||||
|
|
|
@ -248,8 +248,4 @@ export class DmpService {
|
||||||
}
|
}
|
||||||
return dmpUserRoles;
|
return dmpUserRoles;
|
||||||
}
|
}
|
||||||
|
|
||||||
isDmpOwner(dmpUsers: DmpUser[]): Boolean {
|
|
||||||
return this.getCurrentUserRolesInDmp(dmpUsers).includes(DmpUserRole.Owner);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -144,8 +144,8 @@
|
||||||
<hr class="hr-line">
|
<hr class="hr-line">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<app-dmp-deposit-dropdown *ngIf="(hasDoi(dmp) || moreDeposit()) && isFinalizedDmp(dmp) && !this.isPublicView && isDmpOwner(dmp) && inputRepos.length > 0" [inputRepos]="inputRepos" [dmp]="dmp" (outputReposEmitter)="afterDeposit($event)"></app-dmp-deposit-dropdown>
|
<app-dmp-deposit-dropdown *ngIf="(hasDoi(dmp) || moreDeposit()) && isFinalizedDmp(dmp) && !this.isPublicView && canDepositDmp(dmp) && inputRepos.length > 0" [inputRepos]="inputRepos" [dmp]="dmp" (outputReposEmitter)="afterDeposit($event)"></app-dmp-deposit-dropdown>
|
||||||
<div *ngIf="isFinalizedDmp(dmp) && hasDoi(dmp) && !isPublishedDmp(dmp) && isDmpOwner(dmp)" (click)="reverseFinalization()" class="row ml-0 mr-0 pl-4 pb-3 d-flex align-items-center">
|
<div *ngIf="isFinalizedDmp(dmp) && hasDoi(dmp) && !isPublishedDmp(dmp) && canFinalizeDmp(dmp)" (click)="reverseFinalization()" class="row ml-0 mr-0 pl-4 pb-3 d-flex align-items-center">
|
||||||
<button mat-mini-fab class="frame-btn">
|
<button mat-mini-fab class="frame-btn">
|
||||||
<mat-icon class="mat-mini-fab-icon">unarchive</mat-icon>
|
<mat-icon class="mat-mini-fab-icon">unarchive</mat-icon>
|
||||||
</button>
|
</button>
|
||||||
|
|
|
@ -202,11 +202,6 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
|
||||||
} else return false;
|
} else return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
isDmpOwner(): boolean {
|
|
||||||
const principalId: Guid = this.authentication.userId();
|
|
||||||
if (principalId) return !!this.dmp.dmpUsers?.find(x => (x.role === DmpUserRole.Owner) && (principalId === x.user?.id));
|
|
||||||
}
|
|
||||||
|
|
||||||
canEditDmp(): boolean{
|
canEditDmp(): boolean{
|
||||||
return (this.isDraftDmp()) && (this.dmp.authorizationFlags?.some(x => x === AppPermission.EditDmp) || this.authentication.hasPermission(AppPermission.EditDmp)) && this.isPublicView == false;
|
return (this.isDraftDmp()) && (this.dmp.authorizationFlags?.some(x => x === AppPermission.EditDmp) || this.authentication.hasPermission(AppPermission.EditDmp)) && this.isPublicView == false;
|
||||||
}
|
}
|
||||||
|
@ -239,6 +234,11 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
|
||||||
return this.dmp.authorizationFlags?.some(x => x === AppPermission.AssignDmpUsers) || this.authentication.hasPermission(AppPermission.AssignDmpUsers) && this.isPublicView == false;
|
return this.dmp.authorizationFlags?.some(x => x === AppPermission.AssignDmpUsers) || this.authentication.hasPermission(AppPermission.AssignDmpUsers) && this.isPublicView == false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
canDepositDmp(): boolean {
|
||||||
|
return this.dmp.authorizationFlags?.some(x => x === AppPermission.DepositDmp) || this.authentication.hasPermission(AppPermission.DepositDmp) && this.isPublicView == false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
editClicked() {
|
editClicked() {
|
||||||
this.router.navigate(['/plans/edit/', this.dmp.id]);
|
this.router.navigate(['/plans/edit/', this.dmp.id]);
|
||||||
}
|
}
|
||||||
|
@ -741,6 +741,7 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
|
||||||
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.InviteDmpUsers].join('.'),
|
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.InviteDmpUsers].join('.'),
|
||||||
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.AssignDmpUsers].join('.'),
|
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.AssignDmpUsers].join('.'),
|
||||||
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.EditDmp].join('.'),
|
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.EditDmp].join('.'),
|
||||||
|
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.DepositDmp].join('.'),
|
||||||
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.id)].join('.'),
|
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.id)].join('.'),
|
||||||
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.repositoryId)].join('.'),
|
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.repositoryId)].join('.'),
|
||||||
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.doi)].join('.'),
|
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.doi)].join('.'),
|
||||||
|
|
Loading…
Reference in New Issue