authz changes

This commit is contained in:
Efstratios Giannopoulos 2024-03-13 17:45:25 +02:00
parent 9aaaf226bb
commit e9cbf27295
9 changed files with 54 additions and 38 deletions

View File

@ -9,5 +9,7 @@ import java.util.UUID;
public interface AuthorizationContentResolver {
List<String> getPermissionNames();
Map<UUID, AffiliatedResource> dmpAffiliation(List<UUID> ids);
AffiliatedResource dmpAffiliation(UUID id);
Map<UUID, AffiliatedResource> dmpsAffiliation(List<UUID> ids);
}

View File

@ -33,8 +33,13 @@ public class AuthorizationContentResolverImpl implements AuthorizationContentRes
public List<String> getPermissionNames() {
return permissionNameProvider.getPermissions();
}
@Override
public Map<UUID, AffiliatedResource> dmpAffiliation(List<UUID> ids){
public AffiliatedResource dmpAffiliation(UUID id) {
return this.dmpsAffiliation(List.of(id)).getOrDefault(id, new AffiliatedResource());
}
@Override
public Map<UUID, AffiliatedResource> dmpsAffiliation(List<UUID> ids){
UUID userId = this.userScope.getUserIdSafe();
Map<UUID, AffiliatedResource> affiliatedResources = new HashMap<>();
for (UUID id : ids){

View File

@ -2,17 +2,13 @@ package eu.eudat.model.builder;
import eu.eudat.authorization.AffiliatedResource;
import eu.eudat.authorization.AuthorizationFlags;
import eu.eudat.authorization.Permission;
import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
import eu.eudat.commons.JsonHandlingService;
import eu.eudat.commons.enums.EntityType;
import eu.eudat.commons.types.description.PropertyDefinitionEntity;
import eu.eudat.commons.types.dmp.DmpPropertiesEntity;
import eu.eudat.convention.ConventionService;
import eu.eudat.data.DmpDescriptionTemplateEntity;
import eu.eudat.data.DmpEntity;
import eu.eudat.model.*;
import eu.eudat.model.builder.descriptionpropertiesdefinition.PropertyDefinitionBuilder;
import eu.eudat.model.builder.dmpproperties.DmpPropertiesBuilder;
import eu.eudat.query.*;
import gr.cite.commons.web.authz.service.AuthorizationService;
@ -94,7 +90,7 @@ public class DmpBuilder extends BaseBuilder<Dmp, DmpEntity> {
Set<String> authorizationFlags = this.extractAuthorizationFlags(fields, Dmp._authorizationFlags, this.authorizationContentResolver.getPermissionNames());
Map<UUID, AffiliatedResource> affiliatedResourceMap = authorizationFlags == null || authorizationFlags.isEmpty() ? null : this.authorizationContentResolver.dmpAffiliation(data.stream().map(DmpEntity::getId).collect(Collectors.toList()));
Map<UUID, AffiliatedResource> affiliatedResourceMap = authorizationFlags == null || authorizationFlags.isEmpty() ? null : this.authorizationContentResolver.dmpsAffiliation(data.stream().map(DmpEntity::getId).collect(Collectors.toList()));
FieldSet propertiesFields = fields.extractPrefixed(this.asPrefix(Dmp._properties));
for (DmpEntity d : data) {

View File

@ -38,7 +38,7 @@ public class DefinitionCensor extends BaseCensor {
if (fields == null || fields.isEmpty())
return;
this.authService.authorizeForce(Permission.BrowseReference);
this.authService.authorizeForce(Permission.BrowseReference, Permission.DeferredAffiliation);
FieldSet fieldsFields = fields.extractPrefixed(this.asIndexerPrefix(Definition._fields));
this.censorFactory.censor(FieldCensor.class).censor(fieldsFields, userId);
}

View File

@ -33,7 +33,7 @@ public class FieldCensor extends BaseCensor {
if (fields == null || fields.isEmpty())
return;
this.authService.authorizeForce(Permission.BrowseReference);
this.authService.authorizeForce(Permission.BrowseReference, Permission.DeferredAffiliation);
}
}

View File

@ -3,6 +3,7 @@ package eu.eudat.service.dmp;
import com.fasterxml.jackson.core.JsonProcessingException;
import eu.eudat.authorization.AuthorizationFlags;
import eu.eudat.authorization.Permission;
import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
import eu.eudat.commons.JsonHandlingService;
import eu.eudat.commons.XmlHandlingService;
import eu.eudat.commons.enums.*;
@ -124,30 +125,31 @@ public class DmpServiceImpl implements DmpService {
private final DmpTouchedIntegrationEventHandler dmpTouchedIntegrationEventHandler;
private final AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler;
private final AuthorizationContentResolver authorizationContentResolver;
@Autowired
public DmpServiceImpl(
EntityManager entityManager,
AuthorizationService authorizationService,
DeleterFactory deleterFactory,
BuilderFactory builderFactory,
QueryFactory queryFactory,
ConventionService conventionService,
ErrorThesaurusProperties errors,
MessageSource messageSource,
XmlHandlingService xmlHandlingService,
JsonHandlingService jsonHandlingService,
UserScope userScope,
EventBroker eventBroker,
DescriptionService descriptionService,
NotifyIntegrationEventHandler eventHandler,
NotificationProperties notificationProperties,
ActionConfirmationService actionConfirmationService,
FileTransformerService fileTransformerService,
ValidatorFactory validatorFactory,
ElasticService elasticService,
DmpTouchedIntegrationEventHandler dmpTouchedIntegrationEventHandler,
AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler) {
EntityManager entityManager,
AuthorizationService authorizationService,
DeleterFactory deleterFactory,
BuilderFactory builderFactory,
QueryFactory queryFactory,
ConventionService conventionService,
ErrorThesaurusProperties errors,
MessageSource messageSource,
XmlHandlingService xmlHandlingService,
JsonHandlingService jsonHandlingService,
UserScope userScope,
EventBroker eventBroker,
DescriptionService descriptionService,
NotifyIntegrationEventHandler eventHandler,
NotificationProperties notificationProperties,
ActionConfirmationService actionConfirmationService,
FileTransformerService fileTransformerService,
ValidatorFactory validatorFactory,
ElasticService elasticService,
DmpTouchedIntegrationEventHandler dmpTouchedIntegrationEventHandler,
AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler, AuthorizationContentResolver authorizationContentResolver) {
this.entityManager = entityManager;
this.authorizationService = authorizationService;
this.deleterFactory = deleterFactory;
@ -169,10 +171,14 @@ public class DmpServiceImpl implements DmpService {
this.elasticService = elasticService;
this.dmpTouchedIntegrationEventHandler = dmpTouchedIntegrationEventHandler;
this.annotationEntityTouchedIntegrationEventHandler = annotationEntityTouchedIntegrationEventHandler;
this.authorizationContentResolver = authorizationContentResolver;
}
public Dmp persist(DmpPersist model, FieldSet fields) throws MyForbiddenException, MyValidationException, MyApplicationException, MyNotFoundException, InvalidApplicationException, JAXBException, IOException {
this.authorizationService.authorizeForce(Permission.EditDmp);
Boolean isUpdate = this.conventionService.isValidGuid(model.getId());
if (isUpdate) this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(model.getId())), Permission.EditDmp);
else this.authorizationService.authorizeForce(Permission.NewDmp);
DmpEntity data = this.patchAndSave(model);
@ -196,8 +202,8 @@ public class DmpServiceImpl implements DmpService {
if (!this.conventionService.isListNullOrEmpty(model.getUsers())){
this.inviteUsers(data.getId(), model.getUsers());
}else{
this.assignUsers(data.getId(), new ArrayList<>(), null);
this.addOwner(data);
this.assignUsers(data.getId(), new ArrayList<>(), null);
}
this.elasticService.persistDmp(data);
@ -477,7 +483,7 @@ public class DmpServiceImpl implements DmpService {
@Override
public List<DmpUser> assignUsers(UUID dmpId, List<DmpUserPersist> model, FieldSet fieldSet) throws InvalidApplicationException, IOException {
this.authorizationService.authorizeForce(Permission.AssignDmpUsers);
this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(dmpId)), Permission.AssignDmpUsers);
DmpEntity dmpEntity = this.entityManager.find(DmpEntity.class, dmpId);
if (dmpEntity == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{dmpId, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale()));

View File

@ -377,6 +377,12 @@ permissions:
AssignDmpUsers:
roles:
- Admin
dmp:
roles:
- Owner
- User
- DescriptionContributor
- Reviewer
claims: [ ]
clients: [ ]
allowAnonymous: false

View File

@ -196,7 +196,8 @@ export class DmpEditorComponent extends BaseEditor<DmpEditorModel, Dmp> implemen
}
buildForm() {
this.formGroup = this.editorModel.buildForm(null, this.isDeleted || !this.authService.hasPermission(AppPermission.EditDmp));
const canedit = this.isNew ? this.authService.hasPermission(AppPermission.NewDmp) : this.authService.hasPermission(AppPermission.EditDmp);
this.formGroup = this.editorModel.buildForm(null, this.isDeleted || !canedit);
if (this.editorModel.status == DmpStatus.Finalized || this.isDeleted) {
this.formGroup.disable();

View File

@ -20,7 +20,7 @@ const routes: Routes = [
title: 'BREADCRUMBS.NEW-DMP'
}),
authContext: {
permissions: [AppPermission.EditDmp]
permissions: [AppPermission.NewDmp]
}
}
},