authz changes

This commit is contained in:
Efstratios Giannopoulos 2024-03-19 12:48:17 +02:00
parent f19ac6c45e
commit b49975931b
7 changed files with 30 additions and 18 deletions

View File

@ -70,7 +70,7 @@ public final class Permission {
public static String BrowseDmp = "BrowseDmp";
public static String EditDmp = "EditDmp";
public static String NewDmp = "NewDmp";
public static String DepositDmp = "DepositDmp";
public static String DeleteDmp = "DeleteDmp";
public static String CloneDmp = "CloneDmp";
public static String CreateNewVersionDmp = "CreateNewVersionDmp";

View File

@ -2,6 +2,7 @@ package eu.eudat.service.deposit;
import eu.eudat.authorization.AuthorizationFlags;
import eu.eudat.authorization.Permission;
import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
import eu.eudat.commonmodels.models.FileEnvelopeModel;
import eu.eudat.commonmodels.models.dmp.DmpModel;
import eu.eudat.commons.enums.StorageType;
@ -69,6 +70,7 @@ public class DepositServiceImpl implements DepositService {
private final ValidatorFactory validatorFactory;
private final StorageFileProperties storageFileProperties;
private final ConventionService conventionService;
private final AuthorizationContentResolver authorizationContentResolver;
@Autowired
public DepositServiceImpl(DepositProperties depositProperties,
TokenExchangeCacheService tokenExchangeCacheService,
@ -77,7 +79,7 @@ public class DepositServiceImpl implements DepositService {
EntityDoiService doiService,
QueryFactory queryFactory,
MessageSource messageSource,
BuilderFactory builderFactory, DepositConfigurationCacheService depositConfigurationCacheService, FileTransformerService fileTransformerService, StorageFileService storageFileService, UserScope userScope, ValidatorFactory validatorFactory, StorageFileProperties storageFileProperties, ConventionService conventionService) {
BuilderFactory builderFactory, DepositConfigurationCacheService depositConfigurationCacheService, FileTransformerService fileTransformerService, StorageFileService storageFileService, UserScope userScope, ValidatorFactory validatorFactory, StorageFileProperties storageFileProperties, ConventionService conventionService, AuthorizationContentResolver authorizationContentResolver) {
this.depositProperties = depositProperties;
this.tokenExchangeCacheService = tokenExchangeCacheService;
this.authorizationService = authorizationService;
@ -93,6 +95,7 @@ public class DepositServiceImpl implements DepositService {
this.validatorFactory = validatorFactory;
this.storageFileProperties = storageFileProperties;
this.conventionService = conventionService;
this.authorizationContentResolver = authorizationContentResolver;
this.clients = new HashMap<>();
}
@ -139,9 +142,7 @@ public class DepositServiceImpl implements DepositService {
@Override
public EntityDoi deposit(DepositRequest dmpDepositModel) throws Exception {
this.authorizationService.authorizeForce(Permission.EditDeposit);
this.authorizationService.authorize(Permission.EditDmp);
this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(dmpDepositModel.getDmpId())), Permission.DepositDmp);
//GK: First get the right client
DepositClient depositClient = getDepositClient(dmpDepositModel.getRepositoryId());
if (depositClient == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{dmpDepositModel.getRepositoryId(), DepositClient.class.getSimpleName()}, LocaleContextHolder.getLocale()));

View File

@ -387,6 +387,19 @@ permissions:
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
DepositDmp:
roles:
- Admin
dmp:
roles:
- Owner
- User
- DescriptionContributor
- Reviewer
claims: [ ]
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
CloneDmp:
roles:
- Admin

View File

@ -20,7 +20,8 @@ export enum AppPermission {
BrowseDmp = "BrowseDmp",
EditDmp = "EditDmp",
NewDmp = "NewDmp",
DeleteDmp= "DeleteDmp",
DeleteDmp = "DeleteDmp",
DepositDmp = "DepositDmp",
CloneDmp = "CloneDmp",
CreateNewVersionDmp = "CreateNewVersionDmp",
ExportDmp = "ExportDmp",

View File

@ -248,8 +248,4 @@ export class DmpService {
}
return dmpUserRoles;
}
isDmpOwner(dmpUsers: DmpUser[]): Boolean {
return this.getCurrentUserRolesInDmp(dmpUsers).includes(DmpUserRole.Owner);
}
}

View File

@ -144,8 +144,8 @@
<hr class="hr-line">
</div>
</div>
<app-dmp-deposit-dropdown *ngIf="(hasDoi(dmp) || moreDeposit()) && isFinalizedDmp(dmp) && !this.isPublicView && isDmpOwner(dmp) && inputRepos.length > 0" [inputRepos]="inputRepos" [dmp]="dmp" (outputReposEmitter)="afterDeposit($event)"></app-dmp-deposit-dropdown>
<div *ngIf="isFinalizedDmp(dmp) && hasDoi(dmp) && !isPublishedDmp(dmp) && isDmpOwner(dmp)" (click)="reverseFinalization()" class="row ml-0 mr-0 pl-4 pb-3 d-flex align-items-center">
<app-dmp-deposit-dropdown *ngIf="(hasDoi(dmp) || moreDeposit()) && isFinalizedDmp(dmp) && !this.isPublicView && canDepositDmp(dmp) && inputRepos.length > 0" [inputRepos]="inputRepos" [dmp]="dmp" (outputReposEmitter)="afterDeposit($event)"></app-dmp-deposit-dropdown>
<div *ngIf="isFinalizedDmp(dmp) && hasDoi(dmp) && !isPublishedDmp(dmp) && canFinalizeDmp(dmp)" (click)="reverseFinalization()" class="row ml-0 mr-0 pl-4 pb-3 d-flex align-items-center">
<button mat-mini-fab class="frame-btn">
<mat-icon class="mat-mini-fab-icon">unarchive</mat-icon>
</button>

View File

@ -202,11 +202,6 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
} else return false;
}
isDmpOwner(): boolean {
const principalId: Guid = this.authentication.userId();
if (principalId) return !!this.dmp.dmpUsers?.find(x => (x.role === DmpUserRole.Owner) && (principalId === x.user?.id));
}
canEditDmp(): boolean{
return (this.isDraftDmp()) && (this.dmp.authorizationFlags?.some(x => x === AppPermission.EditDmp) || this.authentication.hasPermission(AppPermission.EditDmp)) && this.isPublicView == false;
}
@ -239,6 +234,11 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
return this.dmp.authorizationFlags?.some(x => x === AppPermission.AssignDmpUsers) || this.authentication.hasPermission(AppPermission.AssignDmpUsers) && this.isPublicView == false;
}
canDepositDmp(): boolean {
return this.dmp.authorizationFlags?.some(x => x === AppPermission.DepositDmp) || this.authentication.hasPermission(AppPermission.DepositDmp) && this.isPublicView == false;
}
editClicked() {
this.router.navigate(['/plans/edit/', this.dmp.id]);
}
@ -741,6 +741,7 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.InviteDmpUsers].join('.'),
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.AssignDmpUsers].join('.'),
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.EditDmp].join('.'),
[nameof<Dmp>(x => x.authorizationFlags), AppPermission.DepositDmp].join('.'),
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.id)].join('.'),
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.repositoryId)].join('.'),
[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.doi)].join('.'),