MaDgiK-CITE
/
argos
13
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

notification permissions changes

This commit is contained in:
amentis 2024-06-03 15:11:10 +03:00
parent 4dfb815dc9
commit e8d26a04e4
2 changed files with 41 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
notification-service/notification-web/src/main/resources/config/permissions.yml
View File

@ -4,20 +4,17 @@ permissions:
# Tenants
BrowseTenant:
roles:
- Admin
roles: []
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
EditTenant:
roles:
- Admin
roles: []
clients: [ "opencdmp-api-dev" ]
allowAnonymous: false
allowAuthenticated: false
DeleteTenant:
roles:
- Admin
roles: []
claims: [ ]
clients: [ "opencdmp-api-dev" ]
allowAnonymous: false
@ -25,6 +22,7 @@ permissions:
AllowNoTenant:
roles:
- Admin
- InstallationAdmin
claims: [ ]
clients: [ ]
allowAnonymous: false
@ -32,19 +30,17 @@ permissions:
# Users
BrowseUser:
roles:
- TenantAdmin
- Admin
clients: [ ]
allowAnonymous: true
allowAuthenticated: false
EditUser:
roles:
- TenantAdmin
roles: []
clients: [ "opencdmp-api-dev" ]
allowAnonymous: false
allowAuthenticated: false
DeleteUser:
roles:
- TenantAdmin
roles: []
claims: [ ]
clients: [ "opencdmp-api-dev" ]
allowAnonymous: false
@ -52,19 +48,22 @@ permissions:
# UserContactInfo
BrowseUserContactInfo:
roles:
- TenantAdmin
- Admin
- InstallationAdmin
clients: [ "opencdmp-api-dev" ]
allowAnonymous: true
allowAuthenticated: false
EditUserContactInfo:
roles:
- TenantAdmin
- Admin
- InstallationAdmin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
DeleteUserContactInfo:
roles:
- TenantAdmin
- Admin
- InstallationAdmin
claims: [ ]
clients: [ "opencdmp-api-dev" ]
allowAnonymous: false
@ -72,25 +71,26 @@ permissions:
#Notification
BrowseNotification:
roles:
- TenantAdmin
- Admin
clients: [ ]
allowAnonymous: true
allowAuthenticated: false
EditNotification:
roles:
- TenantAdmin
- Admin
clients: [ ]
allowAnonymous: true
allowAuthenticated: false
DeleteNotification:
roles:
- TenantAdmin
- Admin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
# TenantConfiguration
BrowseTenantConfiguration:
roles:
- Admin
- TenantAdmin
claims: [ ]
clients: [ ]
@ -98,12 +98,14 @@ permissions:
allowAuthenticated: false
EditTenantConfiguration:
roles:
- Admin
- TenantAdmin
clients: [ "opencdmp-api-dev" ]
allowAnonymous: false
allowAuthenticated: false
DeleteTenantConfiguration:
roles:
- Admin
- TenantAdmin
clients: [ "opencdmp-api-dev" ]
allowAnonymous: false
@ -111,13 +113,13 @@ permissions:
#User Notification Preference
BrowseUserNotificationPreference:
roles:
- TenantAdmin
- Admin
clients: [ ]
allowAnonymous: true
allowAuthenticated: false
EditUserNotificationPreference:
roles:
- TenantAdmin
- Admin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
@ -125,25 +127,26 @@ permissions:
# ViewPage Permissions
ViewNotificationPage:
roles:
- TenantAdmin
- Admin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewNotificationEventRulePage:
roles:
- TenantAdmin
- Admin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewInAppNotificationPage:
roles:
- TenantAdmin
- Admin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
ViewNotificationTemplatePage:
roles:
- TenantAdmin
- Admin
- TenantConfigManager
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
@ -151,19 +154,22 @@ permissions:
# Notification Template Permissions
BrowseNotificationTemplate:
roles:
- TenantAdmin
- Admin
- TenantConfigManager
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
EditNotificationTemplate:
roles:
- TenantAdmin
- Admin
- TenantConfigManager
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
DeleteNotificationTemplate:
roles:
- TenantAdmin
- Admin
- TenantConfigManager
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
@ -171,13 +177,13 @@ permissions:
# In App Notification Permissions
BrowseInAppNotification:
roles:
- TenantAdmin
- Admin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false
DeleteInAppNotification:
roles:
- TenantAdmin
- Admin
clients: [ ]
allowAnonymous: false
allowAuthenticated: false

8
notification-service/notification/src/main/java/gr/cite/notification/model/censorship/InAppNotificationCensor.java
View File

@ -4,6 +4,8 @@ import gr.cite.commons.web.authz.service.AuthorizationService;
import gr.cite.notification.authorization.OwnedResource;
import gr.cite.notification.authorization.Permission;
import gr.cite.notification.convention.ConventionService;
import gr.cite.notification.model.InAppNotification;
import gr.cite.tools.data.censor.CensorFactory;
import gr.cite.tools.fieldset.FieldSet;
import gr.cite.tools.logging.DataLogEntry;
import gr.cite.tools.logging.LoggerService;
@ -21,16 +23,20 @@ import java.util.UUID;
public class InAppNotificationCensor extends BaseCensor {
private static final LoggerService logger = new LoggerService(LoggerFactory.getLogger(InAppNotificationCensor.class));
private final AuthorizationService authService;
protected final CensorFactory censorFactory;
@Autowired
public InAppNotificationCensor(ConventionService conventionService, AuthorizationService authService) {
public InAppNotificationCensor(ConventionService conventionService, AuthorizationService authService, CensorFactory censorFactory) {
super(conventionService);
this.authService = authService;
this.censorFactory = censorFactory;
}
public void censor(FieldSet fields, UUID userId) {
logger.debug(new DataLogEntry("censoring fields", fields));
if (this.isEmpty(fields)) return;
this.authService.authorizeAtLeastOneForce(userId != null ? List.of(new OwnedResource(userId)) : null, Permission.BrowseInAppNotification);
FieldSet userFields = fields.extractPrefixed(this.asIndexerPrefix(InAppNotification.Field.USER));
this.censorFactory.censor(UserCensor.class).censor(userFields, userId);
}
}