authz changes
This commit is contained in:
parent
9aaaf226bb
commit
e9cbf27295
|
@ -9,5 +9,7 @@ import java.util.UUID;
|
||||||
public interface AuthorizationContentResolver {
|
public interface AuthorizationContentResolver {
|
||||||
List<String> getPermissionNames();
|
List<String> getPermissionNames();
|
||||||
|
|
||||||
Map<UUID, AffiliatedResource> dmpAffiliation(List<UUID> ids);
|
AffiliatedResource dmpAffiliation(UUID id);
|
||||||
|
|
||||||
|
Map<UUID, AffiliatedResource> dmpsAffiliation(List<UUID> ids);
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,8 +33,13 @@ public class AuthorizationContentResolverImpl implements AuthorizationContentRes
|
||||||
public List<String> getPermissionNames() {
|
public List<String> getPermissionNames() {
|
||||||
return permissionNameProvider.getPermissions();
|
return permissionNameProvider.getPermissions();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Map<UUID, AffiliatedResource> dmpAffiliation(List<UUID> ids){
|
public AffiliatedResource dmpAffiliation(UUID id) {
|
||||||
|
return this.dmpsAffiliation(List.of(id)).getOrDefault(id, new AffiliatedResource());
|
||||||
|
}
|
||||||
|
@Override
|
||||||
|
public Map<UUID, AffiliatedResource> dmpsAffiliation(List<UUID> ids){
|
||||||
UUID userId = this.userScope.getUserIdSafe();
|
UUID userId = this.userScope.getUserIdSafe();
|
||||||
Map<UUID, AffiliatedResource> affiliatedResources = new HashMap<>();
|
Map<UUID, AffiliatedResource> affiliatedResources = new HashMap<>();
|
||||||
for (UUID id : ids){
|
for (UUID id : ids){
|
||||||
|
|
|
@ -2,17 +2,13 @@ package eu.eudat.model.builder;
|
||||||
|
|
||||||
import eu.eudat.authorization.AffiliatedResource;
|
import eu.eudat.authorization.AffiliatedResource;
|
||||||
import eu.eudat.authorization.AuthorizationFlags;
|
import eu.eudat.authorization.AuthorizationFlags;
|
||||||
import eu.eudat.authorization.Permission;
|
|
||||||
import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
|
import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
|
||||||
import eu.eudat.commons.JsonHandlingService;
|
import eu.eudat.commons.JsonHandlingService;
|
||||||
import eu.eudat.commons.enums.EntityType;
|
import eu.eudat.commons.enums.EntityType;
|
||||||
import eu.eudat.commons.types.description.PropertyDefinitionEntity;
|
|
||||||
import eu.eudat.commons.types.dmp.DmpPropertiesEntity;
|
import eu.eudat.commons.types.dmp.DmpPropertiesEntity;
|
||||||
import eu.eudat.convention.ConventionService;
|
import eu.eudat.convention.ConventionService;
|
||||||
import eu.eudat.data.DmpDescriptionTemplateEntity;
|
|
||||||
import eu.eudat.data.DmpEntity;
|
import eu.eudat.data.DmpEntity;
|
||||||
import eu.eudat.model.*;
|
import eu.eudat.model.*;
|
||||||
import eu.eudat.model.builder.descriptionpropertiesdefinition.PropertyDefinitionBuilder;
|
|
||||||
import eu.eudat.model.builder.dmpproperties.DmpPropertiesBuilder;
|
import eu.eudat.model.builder.dmpproperties.DmpPropertiesBuilder;
|
||||||
import eu.eudat.query.*;
|
import eu.eudat.query.*;
|
||||||
import gr.cite.commons.web.authz.service.AuthorizationService;
|
import gr.cite.commons.web.authz.service.AuthorizationService;
|
||||||
|
@ -94,7 +90,7 @@ public class DmpBuilder extends BaseBuilder<Dmp, DmpEntity> {
|
||||||
|
|
||||||
Set<String> authorizationFlags = this.extractAuthorizationFlags(fields, Dmp._authorizationFlags, this.authorizationContentResolver.getPermissionNames());
|
Set<String> authorizationFlags = this.extractAuthorizationFlags(fields, Dmp._authorizationFlags, this.authorizationContentResolver.getPermissionNames());
|
||||||
|
|
||||||
Map<UUID, AffiliatedResource> affiliatedResourceMap = authorizationFlags == null || authorizationFlags.isEmpty() ? null : this.authorizationContentResolver.dmpAffiliation(data.stream().map(DmpEntity::getId).collect(Collectors.toList()));
|
Map<UUID, AffiliatedResource> affiliatedResourceMap = authorizationFlags == null || authorizationFlags.isEmpty() ? null : this.authorizationContentResolver.dmpsAffiliation(data.stream().map(DmpEntity::getId).collect(Collectors.toList()));
|
||||||
|
|
||||||
FieldSet propertiesFields = fields.extractPrefixed(this.asPrefix(Dmp._properties));
|
FieldSet propertiesFields = fields.extractPrefixed(this.asPrefix(Dmp._properties));
|
||||||
for (DmpEntity d : data) {
|
for (DmpEntity d : data) {
|
||||||
|
|
|
@ -38,7 +38,7 @@ public class DefinitionCensor extends BaseCensor {
|
||||||
if (fields == null || fields.isEmpty())
|
if (fields == null || fields.isEmpty())
|
||||||
return;
|
return;
|
||||||
|
|
||||||
this.authService.authorizeForce(Permission.BrowseReference);
|
this.authService.authorizeForce(Permission.BrowseReference, Permission.DeferredAffiliation);
|
||||||
FieldSet fieldsFields = fields.extractPrefixed(this.asIndexerPrefix(Definition._fields));
|
FieldSet fieldsFields = fields.extractPrefixed(this.asIndexerPrefix(Definition._fields));
|
||||||
this.censorFactory.censor(FieldCensor.class).censor(fieldsFields, userId);
|
this.censorFactory.censor(FieldCensor.class).censor(fieldsFields, userId);
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,7 +33,7 @@ public class FieldCensor extends BaseCensor {
|
||||||
if (fields == null || fields.isEmpty())
|
if (fields == null || fields.isEmpty())
|
||||||
return;
|
return;
|
||||||
|
|
||||||
this.authService.authorizeForce(Permission.BrowseReference);
|
this.authService.authorizeForce(Permission.BrowseReference, Permission.DeferredAffiliation);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,7 @@ package eu.eudat.service.dmp;
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||||
import eu.eudat.authorization.AuthorizationFlags;
|
import eu.eudat.authorization.AuthorizationFlags;
|
||||||
import eu.eudat.authorization.Permission;
|
import eu.eudat.authorization.Permission;
|
||||||
|
import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
|
||||||
import eu.eudat.commons.JsonHandlingService;
|
import eu.eudat.commons.JsonHandlingService;
|
||||||
import eu.eudat.commons.XmlHandlingService;
|
import eu.eudat.commons.XmlHandlingService;
|
||||||
import eu.eudat.commons.enums.*;
|
import eu.eudat.commons.enums.*;
|
||||||
|
@ -124,30 +125,31 @@ public class DmpServiceImpl implements DmpService {
|
||||||
private final DmpTouchedIntegrationEventHandler dmpTouchedIntegrationEventHandler;
|
private final DmpTouchedIntegrationEventHandler dmpTouchedIntegrationEventHandler;
|
||||||
|
|
||||||
private final AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler;
|
private final AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler;
|
||||||
|
private final AuthorizationContentResolver authorizationContentResolver;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
public DmpServiceImpl(
|
public DmpServiceImpl(
|
||||||
EntityManager entityManager,
|
EntityManager entityManager,
|
||||||
AuthorizationService authorizationService,
|
AuthorizationService authorizationService,
|
||||||
DeleterFactory deleterFactory,
|
DeleterFactory deleterFactory,
|
||||||
BuilderFactory builderFactory,
|
BuilderFactory builderFactory,
|
||||||
QueryFactory queryFactory,
|
QueryFactory queryFactory,
|
||||||
ConventionService conventionService,
|
ConventionService conventionService,
|
||||||
ErrorThesaurusProperties errors,
|
ErrorThesaurusProperties errors,
|
||||||
MessageSource messageSource,
|
MessageSource messageSource,
|
||||||
XmlHandlingService xmlHandlingService,
|
XmlHandlingService xmlHandlingService,
|
||||||
JsonHandlingService jsonHandlingService,
|
JsonHandlingService jsonHandlingService,
|
||||||
UserScope userScope,
|
UserScope userScope,
|
||||||
EventBroker eventBroker,
|
EventBroker eventBroker,
|
||||||
DescriptionService descriptionService,
|
DescriptionService descriptionService,
|
||||||
NotifyIntegrationEventHandler eventHandler,
|
NotifyIntegrationEventHandler eventHandler,
|
||||||
NotificationProperties notificationProperties,
|
NotificationProperties notificationProperties,
|
||||||
ActionConfirmationService actionConfirmationService,
|
ActionConfirmationService actionConfirmationService,
|
||||||
FileTransformerService fileTransformerService,
|
FileTransformerService fileTransformerService,
|
||||||
ValidatorFactory validatorFactory,
|
ValidatorFactory validatorFactory,
|
||||||
ElasticService elasticService,
|
ElasticService elasticService,
|
||||||
DmpTouchedIntegrationEventHandler dmpTouchedIntegrationEventHandler,
|
DmpTouchedIntegrationEventHandler dmpTouchedIntegrationEventHandler,
|
||||||
AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler) {
|
AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler, AuthorizationContentResolver authorizationContentResolver) {
|
||||||
this.entityManager = entityManager;
|
this.entityManager = entityManager;
|
||||||
this.authorizationService = authorizationService;
|
this.authorizationService = authorizationService;
|
||||||
this.deleterFactory = deleterFactory;
|
this.deleterFactory = deleterFactory;
|
||||||
|
@ -169,11 +171,15 @@ public class DmpServiceImpl implements DmpService {
|
||||||
this.elasticService = elasticService;
|
this.elasticService = elasticService;
|
||||||
this.dmpTouchedIntegrationEventHandler = dmpTouchedIntegrationEventHandler;
|
this.dmpTouchedIntegrationEventHandler = dmpTouchedIntegrationEventHandler;
|
||||||
this.annotationEntityTouchedIntegrationEventHandler = annotationEntityTouchedIntegrationEventHandler;
|
this.annotationEntityTouchedIntegrationEventHandler = annotationEntityTouchedIntegrationEventHandler;
|
||||||
|
this.authorizationContentResolver = authorizationContentResolver;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Dmp persist(DmpPersist model, FieldSet fields) throws MyForbiddenException, MyValidationException, MyApplicationException, MyNotFoundException, InvalidApplicationException, JAXBException, IOException {
|
public Dmp persist(DmpPersist model, FieldSet fields) throws MyForbiddenException, MyValidationException, MyApplicationException, MyNotFoundException, InvalidApplicationException, JAXBException, IOException {
|
||||||
this.authorizationService.authorizeForce(Permission.EditDmp);
|
|
||||||
|
Boolean isUpdate = this.conventionService.isValidGuid(model.getId());
|
||||||
|
if (isUpdate) this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(model.getId())), Permission.EditDmp);
|
||||||
|
else this.authorizationService.authorizeForce(Permission.NewDmp);
|
||||||
|
|
||||||
DmpEntity data = this.patchAndSave(model);
|
DmpEntity data = this.patchAndSave(model);
|
||||||
|
|
||||||
DmpBlueprintEntity blueprintEntity = this.entityManager.find(DmpBlueprintEntity.class, data.getBlueprintId());
|
DmpBlueprintEntity blueprintEntity = this.entityManager.find(DmpBlueprintEntity.class, data.getBlueprintId());
|
||||||
|
@ -196,8 +202,8 @@ public class DmpServiceImpl implements DmpService {
|
||||||
if (!this.conventionService.isListNullOrEmpty(model.getUsers())){
|
if (!this.conventionService.isListNullOrEmpty(model.getUsers())){
|
||||||
this.inviteUsers(data.getId(), model.getUsers());
|
this.inviteUsers(data.getId(), model.getUsers());
|
||||||
}else{
|
}else{
|
||||||
this.assignUsers(data.getId(), new ArrayList<>(), null);
|
|
||||||
this.addOwner(data);
|
this.addOwner(data);
|
||||||
|
this.assignUsers(data.getId(), new ArrayList<>(), null);
|
||||||
}
|
}
|
||||||
|
|
||||||
this.elasticService.persistDmp(data);
|
this.elasticService.persistDmp(data);
|
||||||
|
@ -477,8 +483,8 @@ public class DmpServiceImpl implements DmpService {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<DmpUser> assignUsers(UUID dmpId, List<DmpUserPersist> model, FieldSet fieldSet) throws InvalidApplicationException, IOException {
|
public List<DmpUser> assignUsers(UUID dmpId, List<DmpUserPersist> model, FieldSet fieldSet) throws InvalidApplicationException, IOException {
|
||||||
this.authorizationService.authorizeForce(Permission.AssignDmpUsers);
|
this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(dmpId)), Permission.AssignDmpUsers);
|
||||||
|
|
||||||
DmpEntity dmpEntity = this.entityManager.find(DmpEntity.class, dmpId);
|
DmpEntity dmpEntity = this.entityManager.find(DmpEntity.class, dmpId);
|
||||||
if (dmpEntity == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{dmpId, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale()));
|
if (dmpEntity == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{dmpId, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale()));
|
||||||
|
|
||||||
|
|
|
@ -377,6 +377,12 @@ permissions:
|
||||||
AssignDmpUsers:
|
AssignDmpUsers:
|
||||||
roles:
|
roles:
|
||||||
- Admin
|
- Admin
|
||||||
|
dmp:
|
||||||
|
roles:
|
||||||
|
- Owner
|
||||||
|
- User
|
||||||
|
- DescriptionContributor
|
||||||
|
- Reviewer
|
||||||
claims: [ ]
|
claims: [ ]
|
||||||
clients: [ ]
|
clients: [ ]
|
||||||
allowAnonymous: false
|
allowAnonymous: false
|
||||||
|
|
|
@ -196,7 +196,8 @@ export class DmpEditorComponent extends BaseEditor<DmpEditorModel, Dmp> implemen
|
||||||
}
|
}
|
||||||
|
|
||||||
buildForm() {
|
buildForm() {
|
||||||
this.formGroup = this.editorModel.buildForm(null, this.isDeleted || !this.authService.hasPermission(AppPermission.EditDmp));
|
const canedit = this.isNew ? this.authService.hasPermission(AppPermission.NewDmp) : this.authService.hasPermission(AppPermission.EditDmp);
|
||||||
|
this.formGroup = this.editorModel.buildForm(null, this.isDeleted || !canedit);
|
||||||
|
|
||||||
if (this.editorModel.status == DmpStatus.Finalized || this.isDeleted) {
|
if (this.editorModel.status == DmpStatus.Finalized || this.isDeleted) {
|
||||||
this.formGroup.disable();
|
this.formGroup.disable();
|
||||||
|
|
|
@ -20,7 +20,7 @@ const routes: Routes = [
|
||||||
title: 'BREADCRUMBS.NEW-DMP'
|
title: 'BREADCRUMBS.NEW-DMP'
|
||||||
}),
|
}),
|
||||||
authContext: {
|
authContext: {
|
||||||
permissions: [AppPermission.EditDmp]
|
permissions: [AppPermission.NewDmp]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -41,7 +41,7 @@ const routes: Routes = [
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
// {
|
// {
|
||||||
// path: 'edit/:id',
|
// path: 'edit/:id',
|
||||||
// component: DmpEditorBlueprintComponent,
|
// component: DmpEditorBlueprintComponent,
|
||||||
|
|
Loading…
Reference in New Issue