AuthorizationContentResolver resolve only login tenant permissions

This commit is contained in:
Efstratios Giannopoulos 2024-06-19 17:17:03 +03:00
parent 789d9c5c5c
commit d2d96b128a
1 changed files with 95 additions and 11 deletions

View File

@ -1,7 +1,9 @@
package org.opencdmp.authorization.authorizationcontentresolver; package org.opencdmp.authorization.authorizationcontentresolver;
import gr.cite.tools.data.query.QueryFactory; import gr.cite.tools.data.query.QueryFactory;
import gr.cite.tools.exception.MyApplicationException;
import gr.cite.tools.fieldset.BaseFieldSet; import gr.cite.tools.fieldset.BaseFieldSet;
import gr.cite.tools.logging.LoggerService;
import org.opencdmp.authorization.AffiliatedResource; import org.opencdmp.authorization.AffiliatedResource;
import org.opencdmp.authorization.PermissionNameProvider; import org.opencdmp.authorization.PermissionNameProvider;
import org.opencdmp.commons.enums.IsActive; import org.opencdmp.commons.enums.IsActive;
@ -16,6 +18,8 @@ import org.opencdmp.query.DescriptionQuery;
import org.opencdmp.query.DmpDescriptionTemplateQuery; import org.opencdmp.query.DmpDescriptionTemplateQuery;
import org.opencdmp.query.DmpUserQuery; import org.opencdmp.query.DmpUserQuery;
import org.opencdmp.query.UserDescriptionTemplateQuery; import org.opencdmp.query.UserDescriptionTemplateQuery;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import org.springframework.web.context.annotation.RequestScope; import org.springframework.web.context.annotation.RequestScope;
@ -26,17 +30,21 @@ import java.util.stream.Collectors;
@Service @Service
@RequestScope @RequestScope
public class AuthorizationContentResolverImpl implements AuthorizationContentResolver { public class AuthorizationContentResolverImpl implements AuthorizationContentResolver {
private static final LoggerService logger = new LoggerService(LoggerFactory.getLogger(AuthorizationContentResolverImpl.class));
private static final Logger log = LoggerFactory.getLogger(AuthorizationContentResolverImpl.class);
private final QueryFactory queryFactory; private final QueryFactory queryFactory;
private final UserScope userScope; private final UserScope userScope;
private final TenantScope tenantScope; private final TenantScope tenantScope;
private final AffiliationCacheService affiliationCacheService; private final AffiliationCacheService affiliationCacheService;
private final PermissionNameProvider permissionNameProvider; private final PermissionNameProvider permissionNameProvider;
public AuthorizationContentResolverImpl(QueryFactory queryFactory, UserScope userScope, TenantScope tenantScope, AffiliationCacheService affiliationCacheService, PermissionNameProvider permissionNameProvider) { private final TenantEntityManager tenantEntityManager;
public AuthorizationContentResolverImpl(QueryFactory queryFactory, UserScope userScope, TenantScope tenantScope, AffiliationCacheService affiliationCacheService, PermissionNameProvider permissionNameProvider, TenantEntityManager tenantEntityManager) {
this.queryFactory = queryFactory; this.queryFactory = queryFactory;
this.userScope = userScope; this.userScope = userScope;
this.tenantScope = tenantScope; this.tenantScope = tenantScope;
this.affiliationCacheService = affiliationCacheService; this.affiliationCacheService = affiliationCacheService;
this.permissionNameProvider = permissionNameProvider; this.permissionNameProvider = permissionNameProvider;
this.tenantEntityManager = tenantEntityManager;
} }
@Override @Override
@ -59,9 +67,21 @@ public class AuthorizationContentResolverImpl implements AuthorizationContentRes
List<UUID> idsToResolve = this.getAffiliatedFromCache(ids, userId, affiliatedResources, DmpEntity.class.getSimpleName()); List<UUID> idsToResolve = this.getAffiliatedFromCache(ids, userId, affiliatedResources, DmpEntity.class.getSimpleName());
if (idsToResolve.isEmpty()) return affiliatedResources; if (idsToResolve.isEmpty()) return affiliatedResources;
List<DmpUserEntity> dmpUsers;
List<DmpUserEntity> dmpUsers = this.queryFactory.query(DmpUserQuery.class).disableTracking().dmpIds(ids).sectionIsEmpty(true).userIds(userId).isActives(IsActive.Active).collectAs(new BaseFieldSet().ensure(DmpUser._role).ensure(DmpUser._dmp)); try {
this.tenantEntityManager.loadExplictTenantFilters();
dmpUsers = this.queryFactory.query(DmpUserQuery.class).disableTracking().dmpIds(ids).sectionIsEmpty(true).userIds(userId).isActives(IsActive.Active).collectAs(new BaseFieldSet().ensure(DmpUser._role).ensure(DmpUser._dmp));
} catch (InvalidApplicationException e) {
log.error(e.getMessage(), e);
throw new MyApplicationException(e.getMessage());
} finally {
try {
this.tenantEntityManager.reloadTenantFilters();
} catch (InvalidApplicationException e) {
log.error(e.getMessage(), e);
throw new MyApplicationException(e.getMessage());
}
}
for (DmpUserEntity dmpUser : dmpUsers){ for (DmpUserEntity dmpUser : dmpUsers){
affiliatedResources.get(dmpUser.getDmpId()).getDmpUserRoles().add(dmpUser.getRole()); affiliatedResources.get(dmpUser.getDmpId()).getDmpUserRoles().add(dmpUser.getRole());
} }
@ -87,7 +107,21 @@ public class AuthorizationContentResolverImpl implements AuthorizationContentRes
List<UUID> idsToResolve = this.getAffiliatedFromCache(ids, userId, affiliatedResources, DescriptionTemplateEntity.class.getSimpleName()); List<UUID> idsToResolve = this.getAffiliatedFromCache(ids, userId, affiliatedResources, DescriptionTemplateEntity.class.getSimpleName());
if (idsToResolve.isEmpty()) return affiliatedResources; if (idsToResolve.isEmpty()) return affiliatedResources;
List<UserDescriptionTemplateEntity> userDescriptionTemplates = this.queryFactory.query(UserDescriptionTemplateQuery.class).disableTracking().descriptionTemplateIds(ids).userIds(userId).isActive(IsActive.Active).collectAs(new BaseFieldSet().ensure(UserDescriptionTemplate._role).ensure(UserDescriptionTemplate._descriptionTemplate)); List<UserDescriptionTemplateEntity> userDescriptionTemplates;
try {
this.tenantEntityManager.loadExplictTenantFilters();
userDescriptionTemplates = this.queryFactory.query(UserDescriptionTemplateQuery.class).disableTracking().descriptionTemplateIds(ids).userIds(userId).isActive(IsActive.Active).collectAs(new BaseFieldSet().ensure(UserDescriptionTemplate._role).ensure(UserDescriptionTemplate._descriptionTemplate));
} catch (InvalidApplicationException e) {
log.error(e.getMessage(), e);
throw new MyApplicationException(e.getMessage());
} finally {
try {
this.tenantEntityManager.reloadTenantFilters();
} catch (InvalidApplicationException e) {
log.error(e.getMessage(), e);
throw new MyApplicationException(e.getMessage());
}
}
for (UserDescriptionTemplateEntity dmpUser : userDescriptionTemplates){ for (UserDescriptionTemplateEntity dmpUser : userDescriptionTemplates){
affiliatedResources.get(dmpUser.getDescriptionTemplateId()).getUserDescriptionTemplateRoles().add(dmpUser.getRole()); affiliatedResources.get(dmpUser.getDescriptionTemplateId()).getUserDescriptionTemplateRoles().add(dmpUser.getRole());
@ -103,7 +137,23 @@ public class AuthorizationContentResolverImpl implements AuthorizationContentRes
if (userId == null || !this.userScope.isSet()) return false; if (userId == null || !this.userScope.isSet()) return false;
//TODO: investigate if we want to use cache //TODO: investigate if we want to use cache
return this.queryFactory.query(UserDescriptionTemplateQuery.class).disableTracking().userIds(userId).isActive(IsActive.Active).count() > 0; boolean hasAny;
try {
this.tenantEntityManager.loadExplictTenantFilters();
hasAny = this.queryFactory.query(UserDescriptionTemplateQuery.class).disableTracking().userIds(userId).isActive(IsActive.Active).count() > 0;
} catch (InvalidApplicationException e) {
log.error(e.getMessage(), e);
throw new MyApplicationException(e.getMessage());
} finally {
try {
this.tenantEntityManager.reloadTenantFilters();
} catch (InvalidApplicationException e) {
log.error(e.getMessage(), e);
throw new MyApplicationException(e.getMessage());
}
}
return hasAny;
} }
@Override @Override
@ -122,11 +172,30 @@ public class AuthorizationContentResolverImpl implements AuthorizationContentRes
List<UUID> idsToResolve = this.getAffiliatedFromCache(ids, userId, affiliatedResources, DescriptionEntity.class.getSimpleName()); List<UUID> idsToResolve = this.getAffiliatedFromCache(ids, userId, affiliatedResources, DescriptionEntity.class.getSimpleName());
if (idsToResolve.isEmpty()) return affiliatedResources; if (idsToResolve.isEmpty()) return affiliatedResources;
List<DescriptionEntity> descriptionEntities = this.queryFactory.query(DescriptionQuery.class).disableTracking().ids(ids).collectAs(new BaseFieldSet().ensure(Description._id).ensure(Description._dmpDescriptionTemplate).ensure(Description._dmp)); List<DmpDescriptionTemplateEntity> dmpDescriptionTemplateEntities;
List<DmpDescriptionTemplateEntity> dmpDescriptionTemplateEntities = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().ids(descriptionEntities.stream().map(DescriptionEntity::getDmpDescriptionTemplateId).distinct().toList()).collectAs(new BaseFieldSet().ensure(DmpDescriptionTemplate._id).ensure(DmpDescriptionTemplate._sectionId)); List<DmpUserEntity> dmpUsers;
List<DescriptionEntity> descriptionEntities;
try {
this.tenantEntityManager.loadExplictTenantFilters();
descriptionEntities = this.queryFactory.query(DescriptionQuery.class).disableTracking().ids(ids).collectAs(new BaseFieldSet().ensure(Description._id).ensure(Description._dmpDescriptionTemplate).ensure(Description._dmp));
dmpDescriptionTemplateEntities = this.queryFactory.query(DmpDescriptionTemplateQuery.class).disableTracking().ids(descriptionEntities.stream().map(DescriptionEntity::getDmpDescriptionTemplateId).distinct().toList()).collectAs(new BaseFieldSet().ensure(DmpDescriptionTemplate._id).ensure(DmpDescriptionTemplate._sectionId));
dmpUsers = this.queryFactory.query(DmpUserQuery.class).disableTracking().descriptionIds(ids).userIds(userId).isActives(IsActive.Active).collectAs(new BaseFieldSet().ensure(DmpUser._role).ensure(DmpUser._sectionId).ensure(DmpUser._dmp));
} catch (InvalidApplicationException e) {
log.error(e.getMessage(), e);
throw new MyApplicationException(e.getMessage());
} finally {
try {
this.tenantEntityManager.reloadTenantFilters();
} catch (InvalidApplicationException e) {
log.error(e.getMessage(), e);
throw new MyApplicationException(e.getMessage());
}
}
Map<UUID, DmpDescriptionTemplateEntity> dmpDescriptionTemplateEntityMap = dmpDescriptionTemplateEntities == null ? new HashMap<>() : dmpDescriptionTemplateEntities.stream().collect(Collectors.toMap(DmpDescriptionTemplateEntity::getId, x-> x)); Map<UUID, DmpDescriptionTemplateEntity> dmpDescriptionTemplateEntityMap = dmpDescriptionTemplateEntities == null ? new HashMap<>() : dmpDescriptionTemplateEntities.stream().collect(Collectors.toMap(DmpDescriptionTemplateEntity::getId, x-> x));
List<DmpUserEntity> dmpUsers = this.queryFactory.query(DmpUserQuery.class).disableTracking().descriptionIds(ids).userIds(userId).isActives(IsActive.Active).collectAs(new BaseFieldSet().ensure(DmpUser._role).ensure(DmpUser._sectionId).ensure(DmpUser._dmp));
Map<UUID, List<DmpUserEntity>> dmpUsersMap = dmpUsers.stream().collect(Collectors.groupingBy(DmpUserEntity::getDmpId)); Map<UUID, List<DmpUserEntity>> dmpUsersMap = dmpUsers.stream().collect(Collectors.groupingBy(DmpUserEntity::getDmpId));
for (DescriptionEntity description : descriptionEntities){ for (DescriptionEntity description : descriptionEntities){
@ -160,7 +229,22 @@ public class AuthorizationContentResolverImpl implements AuthorizationContentRes
} }
if (userId == null || !this.userScope.isSet()) return affiliatedResources; if (userId == null || !this.userScope.isSet()) return affiliatedResources;
List<DmpUserEntity> dmpUsers = this.queryFactory.query(DmpUserQuery.class).disableTracking().dmpIds(dmpId).userIds(userId).isActives(IsActive.Active).collectAs(new BaseFieldSet().ensure(DmpUser._role).ensure(DmpUser._sectionId).ensure(DmpUser._dmp));
List<DmpUserEntity> dmpUsers;
try {
this.tenantEntityManager.loadExplictTenantFilters();
dmpUsers = this.queryFactory.query(DmpUserQuery.class).disableTracking().dmpIds(dmpId).userIds(userId).isActives(IsActive.Active).collectAs(new BaseFieldSet().ensure(DmpUser._role).ensure(DmpUser._sectionId).ensure(DmpUser._dmp));
} catch (InvalidApplicationException e) {
log.error(e.getMessage(), e);
throw new MyApplicationException(e.getMessage());
} finally {
try {
this.tenantEntityManager.reloadTenantFilters();
} catch (InvalidApplicationException e) {
log.error(e.getMessage(), e);
throw new MyApplicationException(e.getMessage());
}
}
for (UUID sectionId : sectionIds.stream().distinct().toList()){ for (UUID sectionId : sectionIds.stream().distinct().toList()){
List<DmpUserEntity> dmpSectionUsers = dmpUsers.stream().filter(x-> x.getSectionId() == null || x.getSectionId().equals(sectionId)).toList(); List<DmpUserEntity> dmpSectionUsers = dmpUsers.stream().filter(x-> x.getSectionId() == null || x.getSectionId().equals(sectionId)).toList();