MaDgiK-CITE
/
argos
13
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

notification permissions changes

This commit is contained in:
amentis 2024-06-03 15:11:10 +03:00
parent 4dfb815dc9
commit e8d26a04e4
2 changed files with 41 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
notification-service/notification-web/src/main/resources/config/permissions.yml
View File

@ -4,20 +4,17 @@ permissions:
# Tenants # Tenants
BrowseTenant: BrowseTenant:
roles: roles: []
- Admin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditTenant: EditTenant:
roles: roles: []
- Admin
clients: [ "opencdmp-api-dev" ] clients: [ "opencdmp-api-dev" ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteTenant: DeleteTenant:
roles: roles: []
- Admin
claims: [ ] claims: [ ]
clients: [ "opencdmp-api-dev" ] clients: [ "opencdmp-api-dev" ]
allowAnonymous: false allowAnonymous: false
@ -25,6 +22,7 @@ permissions:
AllowNoTenant: AllowNoTenant:
roles: roles:
- Admin - Admin
- InstallationAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
@ -32,19 +30,17 @@ permissions:
# Users # Users
BrowseUser: BrowseUser:
roles: roles:
- TenantAdmin - Admin
clients: [ ] clients: [ ]
allowAnonymous: true allowAnonymous: true
allowAuthenticated: false allowAuthenticated: false
EditUser: EditUser:
roles: roles: []
- TenantAdmin
clients: [ "opencdmp-api-dev" ] clients: [ "opencdmp-api-dev" ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteUser: DeleteUser:
roles: roles: []
- TenantAdmin
claims: [ ] claims: [ ]
clients: [ "opencdmp-api-dev" ] clients: [ "opencdmp-api-dev" ]
allowAnonymous: false allowAnonymous: false
@ -52,19 +48,22 @@ permissions:
# UserContactInfo # UserContactInfo
BrowseUserContactInfo: BrowseUserContactInfo:
roles: roles:
- TenantAdmin - Admin
- InstallationAdmin
clients: [ "opencdmp-api-dev" ] clients: [ "opencdmp-api-dev" ]
allowAnonymous: true allowAnonymous: true
allowAuthenticated: false allowAuthenticated: false
EditUserContactInfo: EditUserContactInfo:
roles: roles:
- TenantAdmin - Admin
- InstallationAdmin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteUserContactInfo: DeleteUserContactInfo:
roles: roles:
- TenantAdmin - Admin
- InstallationAdmin
claims: [ ] claims: [ ]
clients: [ "opencdmp-api-dev" ] clients: [ "opencdmp-api-dev" ]
allowAnonymous: false allowAnonymous: false
@ -72,25 +71,26 @@ permissions:
#Notification #Notification
BrowseNotification: BrowseNotification:
roles: roles:
- TenantAdmin - Admin
clients: [ ] clients: [ ]
allowAnonymous: true allowAnonymous: true
allowAuthenticated: false allowAuthenticated: false
EditNotification: EditNotification:
roles: roles:
- TenantAdmin - Admin
clients: [ ] clients: [ ]
allowAnonymous: true allowAnonymous: true
allowAuthenticated: false allowAuthenticated: false
DeleteNotification: DeleteNotification:
roles: roles:
- TenantAdmin - Admin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
# TenantConfiguration # TenantConfiguration
BrowseTenantConfiguration: BrowseTenantConfiguration:
roles: roles:
- Admin
- TenantAdmin - TenantAdmin
claims: [ ] claims: [ ]
clients: [ ] clients: [ ]
@ -98,12 +98,14 @@ permissions:
allowAuthenticated: false allowAuthenticated: false
EditTenantConfiguration: EditTenantConfiguration:
roles: roles:
- Admin
- TenantAdmin - TenantAdmin
clients: [ "opencdmp-api-dev" ] clients: [ "opencdmp-api-dev" ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteTenantConfiguration: DeleteTenantConfiguration:
roles: roles:
- Admin
- TenantAdmin - TenantAdmin
clients: [ "opencdmp-api-dev" ] clients: [ "opencdmp-api-dev" ]
allowAnonymous: false allowAnonymous: false
@ -111,13 +113,13 @@ permissions:
#User Notification Preference #User Notification Preference
BrowseUserNotificationPreference: BrowseUserNotificationPreference:
roles: roles:
- TenantAdmin - Admin
clients: [ ] clients: [ ]
allowAnonymous: true allowAnonymous: true
allowAuthenticated: false allowAuthenticated: false
EditUserNotificationPreference: EditUserNotificationPreference:
roles: roles:
- TenantAdmin - Admin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
@ -125,25 +127,26 @@ permissions:
# ViewPage Permissions # ViewPage Permissions
ViewNotificationPage: ViewNotificationPage:
roles: roles:
- TenantAdmin - Admin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
ViewNotificationEventRulePage: ViewNotificationEventRulePage:
roles: roles:
- TenantAdmin - Admin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
ViewInAppNotificationPage: ViewInAppNotificationPage:
roles: roles:
- TenantAdmin - Admin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
ViewNotificationTemplatePage: ViewNotificationTemplatePage:
roles: roles:
- TenantAdmin - Admin
- TenantConfigManager
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
@ -151,19 +154,22 @@ permissions:
# Notification Template Permissions # Notification Template Permissions
BrowseNotificationTemplate: BrowseNotificationTemplate:
roles: roles:
- TenantAdmin - Admin
- TenantConfigManager
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
EditNotificationTemplate: EditNotificationTemplate:
roles: roles:
- TenantAdmin - Admin
- TenantConfigManager
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteNotificationTemplate: DeleteNotificationTemplate:
roles: roles:
- TenantAdmin - Admin
- TenantConfigManager
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
@ -171,13 +177,13 @@ permissions:
# In App Notification Permissions # In App Notification Permissions
BrowseInAppNotification: BrowseInAppNotification:
roles: roles:
- TenantAdmin - Admin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false
DeleteInAppNotification: DeleteInAppNotification:
roles: roles:
- TenantAdmin - Admin
clients: [ ] clients: [ ]
allowAnonymous: false allowAnonymous: false
allowAuthenticated: false allowAuthenticated: false

8
notification-service/notification/src/main/java/gr/cite/notification/model/censorship/InAppNotificationCensor.java
View File

@ -4,6 +4,8 @@ import gr.cite.commons.web.authz.service.AuthorizationService;
import gr.cite.notification.authorization.OwnedResource; import gr.cite.notification.authorization.OwnedResource;
import gr.cite.notification.authorization.Permission; import gr.cite.notification.authorization.Permission;
import gr.cite.notification.convention.ConventionService; import gr.cite.notification.convention.ConventionService;
import gr.cite.notification.model.InAppNotification;
import gr.cite.tools.data.censor.CensorFactory;
import gr.cite.tools.fieldset.FieldSet; import gr.cite.tools.fieldset.FieldSet;
import gr.cite.tools.logging.DataLogEntry; import gr.cite.tools.logging.DataLogEntry;
import gr.cite.tools.logging.LoggerService; import gr.cite.tools.logging.LoggerService;
@ -21,16 +23,20 @@ import java.util.UUID;
public class InAppNotificationCensor extends BaseCensor { public class InAppNotificationCensor extends BaseCensor {
private static final LoggerService logger = new LoggerService(LoggerFactory.getLogger(InAppNotificationCensor.class)); private static final LoggerService logger = new LoggerService(LoggerFactory.getLogger(InAppNotificationCensor.class));
private final AuthorizationService authService; private final AuthorizationService authService;
protected final CensorFactory censorFactory;
@Autowired @Autowired
public InAppNotificationCensor(ConventionService conventionService, AuthorizationService authService) { public InAppNotificationCensor(ConventionService conventionService, AuthorizationService authService, CensorFactory censorFactory) {
super(conventionService); super(conventionService);
this.authService = authService; this.authService = authService;
this.censorFactory = censorFactory;
} }
public void censor(FieldSet fields, UUID userId) { public void censor(FieldSet fields, UUID userId) {
logger.debug(new DataLogEntry("censoring fields", fields)); logger.debug(new DataLogEntry("censoring fields", fields));
if (this.isEmpty(fields)) return; if (this.isEmpty(fields)) return;
this.authService.authorizeAtLeastOneForce(userId != null ? List.of(new OwnedResource(userId)) : null, Permission.BrowseInAppNotification); this.authService.authorizeAtLeastOneForce(userId != null ? List.of(new OwnedResource(userId)) : null, Permission.BrowseInAppNotification);
FieldSet userFields = fields.extractPrefixed(this.asIndexerPrefix(InAppNotification.Field.USER));
this.censorFactory.censor(UserCensor.class).censor(userFields, userId);
} }
} }