authz changes

This commit is contained in:
Efstratios Giannopoulos 2024-03-13 17:45:25 +02:00
parent 9aaaf226bb
commit e9cbf27295
9 changed files with 54 additions and 38 deletions

View File

@ -9,5 +9,7 @@ import java.util.UUID;
public interface AuthorizationContentResolver {
List<String> getPermissionNames();
Map<UUID, AffiliatedResource> dmpAffiliation(List<UUID> ids);
AffiliatedResource dmpAffiliation(UUID id);
Map<UUID, AffiliatedResource> dmpsAffiliation(List<UUID> ids);
}

View File

@ -33,8 +33,13 @@ public class AuthorizationContentResolverImpl implements AuthorizationContentRes
public List<String> getPermissionNames() {
return permissionNameProvider.getPermissions();
}
@Override
public Map<UUID, AffiliatedResource> dmpAffiliation(List<UUID> ids){
public AffiliatedResource dmpAffiliation(UUID id) {
return this.dmpsAffiliation(List.of(id)).getOrDefault(id, new AffiliatedResource());
}
@Override
public Map<UUID, AffiliatedResource> dmpsAffiliation(List<UUID> ids){
UUID userId = this.userScope.getUserIdSafe();
Map<UUID, AffiliatedResource> affiliatedResources = new HashMap<>();
for (UUID id : ids){

View File

@ -2,17 +2,13 @@ package eu.eudat.model.builder;
import eu.eudat.authorization.AffiliatedResource;
import eu.eudat.authorization.AuthorizationFlags;
import eu.eudat.authorization.Permission;
import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
import eu.eudat.commons.JsonHandlingService;
import eu.eudat.commons.enums.EntityType;
import eu.eudat.commons.types.description.PropertyDefinitionEntity;
import eu.eudat.commons.types.dmp.DmpPropertiesEntity;
import eu.eudat.convention.ConventionService;
import eu.eudat.data.DmpDescriptionTemplateEntity;
import eu.eudat.data.DmpEntity;
import eu.eudat.model.*;
import eu.eudat.model.builder.descriptionpropertiesdefinition.PropertyDefinitionBuilder;
import eu.eudat.model.builder.dmpproperties.DmpPropertiesBuilder;
import eu.eudat.query.*;
import gr.cite.commons.web.authz.service.AuthorizationService;
@ -94,7 +90,7 @@ public class DmpBuilder extends BaseBuilder<Dmp, DmpEntity> {
Set<String> authorizationFlags = this.extractAuthorizationFlags(fields, Dmp._authorizationFlags, this.authorizationContentResolver.getPermissionNames());
Map<UUID, AffiliatedResource> affiliatedResourceMap = authorizationFlags == null || authorizationFlags.isEmpty() ? null : this.authorizationContentResolver.dmpAffiliation(data.stream().map(DmpEntity::getId).collect(Collectors.toList()));
Map<UUID, AffiliatedResource> affiliatedResourceMap = authorizationFlags == null || authorizationFlags.isEmpty() ? null : this.authorizationContentResolver.dmpsAffiliation(data.stream().map(DmpEntity::getId).collect(Collectors.toList()));
FieldSet propertiesFields = fields.extractPrefixed(this.asPrefix(Dmp._properties));
for (DmpEntity d : data) {

View File

@ -38,7 +38,7 @@ public class DefinitionCensor extends BaseCensor {
if (fields == null || fields.isEmpty())
return;
this.authService.authorizeForce(Permission.BrowseReference);
this.authService.authorizeForce(Permission.BrowseReference, Permission.DeferredAffiliation);
FieldSet fieldsFields = fields.extractPrefixed(this.asIndexerPrefix(Definition._fields));
this.censorFactory.censor(FieldCensor.class).censor(fieldsFields, userId);
}

View File

@ -33,7 +33,7 @@ public class FieldCensor extends BaseCensor {
if (fields == null || fields.isEmpty())
return;
this.authService.authorizeForce(Permission.BrowseReference);
this.authService.authorizeForce(Permission.BrowseReference, Permission.DeferredAffiliation);
}
}

View File

@ -3,6 +3,7 @@ package eu.eudat.service.dmp;
import com.fasterxml.jackson.core.JsonProcessingException;
import eu.eudat.authorization.AuthorizationFlags;
import eu.eudat.authorization.Permission;
import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
import eu.eudat.commons.JsonHandlingService;
import eu.eudat.commons.XmlHandlingService;
import eu.eudat.commons.enums.*;
@ -124,6 +125,7 @@ public class DmpServiceImpl implements DmpService {
private final DmpTouchedIntegrationEventHandler dmpTouchedIntegrationEventHandler;
private final AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler;
private final AuthorizationContentResolver authorizationContentResolver;
@Autowired
public DmpServiceImpl(
@ -147,7 +149,7 @@ public class DmpServiceImpl implements DmpService {
ValidatorFactory validatorFactory,
ElasticService elasticService,
DmpTouchedIntegrationEventHandler dmpTouchedIntegrationEventHandler,
AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler) {
AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler, AuthorizationContentResolver authorizationContentResolver) {
this.entityManager = entityManager;
this.authorizationService = authorizationService;
this.deleterFactory = deleterFactory;
@ -169,10 +171,14 @@ public class DmpServiceImpl implements DmpService {
this.elasticService = elasticService;
this.dmpTouchedIntegrationEventHandler = dmpTouchedIntegrationEventHandler;
this.annotationEntityTouchedIntegrationEventHandler = annotationEntityTouchedIntegrationEventHandler;
this.authorizationContentResolver = authorizationContentResolver;
}
public Dmp persist(DmpPersist model, FieldSet fields) throws MyForbiddenException, MyValidationException, MyApplicationException, MyNotFoundException, InvalidApplicationException, JAXBException, IOException {
this.authorizationService.authorizeForce(Permission.EditDmp);
Boolean isUpdate = this.conventionService.isValidGuid(model.getId());
if (isUpdate) this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(model.getId())), Permission.EditDmp);
else this.authorizationService.authorizeForce(Permission.NewDmp);
DmpEntity data = this.patchAndSave(model);
@ -196,8 +202,8 @@ public class DmpServiceImpl implements DmpService {
if (!this.conventionService.isListNullOrEmpty(model.getUsers())){
this.inviteUsers(data.getId(), model.getUsers());
}else{
this.assignUsers(data.getId(), new ArrayList<>(), null);
this.addOwner(data);
this.assignUsers(data.getId(), new ArrayList<>(), null);
}
this.elasticService.persistDmp(data);
@ -477,7 +483,7 @@ public class DmpServiceImpl implements DmpService {
@Override
public List<DmpUser> assignUsers(UUID dmpId, List<DmpUserPersist> model, FieldSet fieldSet) throws InvalidApplicationException, IOException {
this.authorizationService.authorizeForce(Permission.AssignDmpUsers);
this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(dmpId)), Permission.AssignDmpUsers);
DmpEntity dmpEntity = this.entityManager.find(DmpEntity.class, dmpId);
if (dmpEntity == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{dmpId, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale()));

View File

@ -377,6 +377,12 @@ permissions:
AssignDmpUsers:
roles:
- Admin
dmp:
roles:
- Owner
- User
- DescriptionContributor
- Reviewer
claims: [ ]
clients: [ ]
allowAnonymous: false

View File

@ -196,7 +196,8 @@ export class DmpEditorComponent extends BaseEditor<DmpEditorModel, Dmp> implemen
}
buildForm() {
this.formGroup = this.editorModel.buildForm(null, this.isDeleted || !this.authService.hasPermission(AppPermission.EditDmp));
const canedit = this.isNew ? this.authService.hasPermission(AppPermission.NewDmp) : this.authService.hasPermission(AppPermission.EditDmp);
this.formGroup = this.editorModel.buildForm(null, this.isDeleted || !canedit);
if (this.editorModel.status == DmpStatus.Finalized || this.isDeleted) {
this.formGroup.disable();

View File

@ -20,7 +20,7 @@ const routes: Routes = [
title: 'BREADCRUMBS.NEW-DMP'
}),
authContext: {
permissions: [AppPermission.EditDmp]
permissions: [AppPermission.NewDmp]
}
}
},