Merge branch 'dmp-refactoring' of https://code-repo.d4science.org/MaDgiK-CITE/argos into dmp-refactoring

2024-03-13 18:00:09 +02:00 · 2024-03-13 18:00:09 +02:00 · ea3b1b1558
parent 17071f9114 e9cbf27295
commit ea3b1b1558
9 changed files with 54 additions and 38 deletions
--- a/dmp-backend/core/src/main/java/eu/eudat/authorization/authorizationcontentresolver/AuthorizationContentResolver.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/authorization/authorizationcontentresolver/AuthorizationContentResolver.java
@ -9,5 +9,7 @@ import java.util.UUID;
 public interface AuthorizationContentResolver {
 	List<String> getPermissionNames();

-	Map<UUID, AffiliatedResource> dmpAffiliation(List<UUID> ids);
+	AffiliatedResource dmpAffiliation(UUID id);
+
+	Map<UUID, AffiliatedResource> dmpsAffiliation(List<UUID> ids);
 }
--- a/dmp-backend/core/src/main/java/eu/eudat/authorization/authorizationcontentresolver/AuthorizationContentResolverImpl.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/authorization/authorizationcontentresolver/AuthorizationContentResolverImpl.java
@ -33,8 +33,13 @@ public class AuthorizationContentResolverImpl implements AuthorizationContentRes
 	public List<String> getPermissionNames() {
 		return permissionNameProvider.getPermissions();
 	}
+
 	@Override
-	public Map<UUID, AffiliatedResource> dmpAffiliation(List<UUID> ids){
+	public AffiliatedResource dmpAffiliation(UUID id) {
+		return this.dmpsAffiliation(List.of(id)).getOrDefault(id, new AffiliatedResource());
+	}
+	@Override
+	public Map<UUID, AffiliatedResource> dmpsAffiliation(List<UUID> ids){
 		UUID userId = this.userScope.getUserIdSafe();
 		Map<UUID, AffiliatedResource> affiliatedResources = new HashMap<>();
 		for (UUID id : ids){
--- a/dmp-backend/core/src/main/java/eu/eudat/model/builder/DmpBuilder.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/model/builder/DmpBuilder.java
@ -2,17 +2,13 @@ package eu.eudat.model.builder;

 import eu.eudat.authorization.AffiliatedResource;
 import eu.eudat.authorization.AuthorizationFlags;
-import eu.eudat.authorization.Permission;
 import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
 import eu.eudat.commons.JsonHandlingService;
 import eu.eudat.commons.enums.EntityType;
-import eu.eudat.commons.types.description.PropertyDefinitionEntity;
 import eu.eudat.commons.types.dmp.DmpPropertiesEntity;
 import eu.eudat.convention.ConventionService;
-import eu.eudat.data.DmpDescriptionTemplateEntity;
 import eu.eudat.data.DmpEntity;
 import eu.eudat.model.*;
-import eu.eudat.model.builder.descriptionpropertiesdefinition.PropertyDefinitionBuilder;
 import eu.eudat.model.builder.dmpproperties.DmpPropertiesBuilder;
 import eu.eudat.query.*;
 import gr.cite.commons.web.authz.service.AuthorizationService;
@ -94,7 +90,7 @@ public class DmpBuilder extends BaseBuilder<Dmp, DmpEntity> {

        Set<String> authorizationFlags = this.extractAuthorizationFlags(fields, Dmp._authorizationFlags, this.authorizationContentResolver.getPermissionNames());

-        Map<UUID, AffiliatedResource>  affiliatedResourceMap = authorizationFlags == null || authorizationFlags.isEmpty() ? null : this.authorizationContentResolver.dmpAffiliation(data.stream().map(DmpEntity::getId).collect(Collectors.toList()));
+        Map<UUID, AffiliatedResource>  affiliatedResourceMap = authorizationFlags == null || authorizationFlags.isEmpty() ? null : this.authorizationContentResolver.dmpsAffiliation(data.stream().map(DmpEntity::getId).collect(Collectors.toList()));
        
        FieldSet propertiesFields = fields.extractPrefixed(this.asPrefix(Dmp._properties));
        for (DmpEntity d : data) {
--- a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/referencedefinition/DefinitionCensor.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/referencedefinition/DefinitionCensor.java
@ -38,7 +38,7 @@ public class DefinitionCensor extends BaseCensor {
        if (fields == null || fields.isEmpty())
            return;

-        this.authService.authorizeForce(Permission.BrowseReference);
+        this.authService.authorizeForce(Permission.BrowseReference, Permission.DeferredAffiliation);
        FieldSet fieldsFields = fields.extractPrefixed(this.asIndexerPrefix(Definition._fields));
        this.censorFactory.censor(FieldCensor.class).censor(fieldsFields, userId);
    }
--- a/dmp-backend/core/src/main/java/eu/eudat/model/censorship/referencedefinition/FieldCensor.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/model/censorship/referencedefinition/FieldCensor.java
@ -33,7 +33,7 @@ public class FieldCensor extends BaseCensor {
        if (fields == null || fields.isEmpty())
            return;

-        this.authService.authorizeForce(Permission.BrowseReference);
+        this.authService.authorizeForce(Permission.BrowseReference, Permission.DeferredAffiliation);
    }

 }
--- a/dmp-backend/core/src/main/java/eu/eudat/service/dmp/DmpServiceImpl.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/service/dmp/DmpServiceImpl.java
@ -3,6 +3,7 @@ package eu.eudat.service.dmp;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import eu.eudat.authorization.AuthorizationFlags;
 import eu.eudat.authorization.Permission;
+import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
 import eu.eudat.commons.JsonHandlingService;
 import eu.eudat.commons.XmlHandlingService;
 import eu.eudat.commons.enums.*;
@ -124,6 +125,7 @@ public class DmpServiceImpl implements DmpService {
    private final DmpTouchedIntegrationEventHandler dmpTouchedIntegrationEventHandler;

    private final AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler;
+    private final AuthorizationContentResolver authorizationContentResolver;

    @Autowired
    public DmpServiceImpl(
@ -147,7 +149,7 @@ public class DmpServiceImpl implements DmpService {
 		    ValidatorFactory validatorFactory,
 		    ElasticService elasticService,
 		    DmpTouchedIntegrationEventHandler dmpTouchedIntegrationEventHandler,
-            AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler) {
+		    AnnotationEntityTouchedIntegrationEventHandler annotationEntityTouchedIntegrationEventHandler, AuthorizationContentResolver authorizationContentResolver) {
        this.entityManager = entityManager;
        this.authorizationService = authorizationService;
        this.deleterFactory = deleterFactory;
@ -169,10 +171,14 @@ public class DmpServiceImpl implements DmpService {
 	    this.elasticService = elasticService;
        this.dmpTouchedIntegrationEventHandler = dmpTouchedIntegrationEventHandler;
        this.annotationEntityTouchedIntegrationEventHandler = annotationEntityTouchedIntegrationEventHandler;
+	    this.authorizationContentResolver = authorizationContentResolver;
    }

    public Dmp persist(DmpPersist model, FieldSet fields) throws MyForbiddenException, MyValidationException, MyApplicationException, MyNotFoundException, InvalidApplicationException, JAXBException, IOException {
-        this.authorizationService.authorizeForce(Permission.EditDmp);
+        
+        Boolean isUpdate = this.conventionService.isValidGuid(model.getId());
+        if (isUpdate) this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(model.getId())), Permission.EditDmp);
+        else this.authorizationService.authorizeForce(Permission.NewDmp);
        
        DmpEntity data = this.patchAndSave(model);

@ -196,8 +202,8 @@ public class DmpServiceImpl implements DmpService {
        if (!this.conventionService.isListNullOrEmpty(model.getUsers())){
            this.inviteUsers(data.getId(), model.getUsers());
        }else{
-            this.assignUsers(data.getId(), new ArrayList<>(), null);
            this.addOwner(data);
+            this.assignUsers(data.getId(), new ArrayList<>(), null);
        }
        
        this.elasticService.persistDmp(data);
@ -477,7 +483,7 @@ public class DmpServiceImpl implements DmpService {

    @Override
    public List<DmpUser> assignUsers(UUID dmpId, List<DmpUserPersist> model, FieldSet fieldSet) throws InvalidApplicationException, IOException {
-        this.authorizationService.authorizeForce(Permission.AssignDmpUsers);
+        this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(dmpId)), Permission.AssignDmpUsers);
        
        DmpEntity dmpEntity = this.entityManager.find(DmpEntity.class, dmpId);
        if (dmpEntity == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{dmpId, Dmp.class.getSimpleName()}, LocaleContextHolder.getLocale()));
--- a/dmp-backend/web/src/main/resources/config/permissions.yml
+++ b/dmp-backend/web/src/main/resources/config/permissions.yml
@ -377,6 +377,12 @@ permissions:
    AssignDmpUsers:
      roles:
        - Admin
+      dmp:
+        roles:
+          - Owner
+          - User
+          - DescriptionContributor
+          - Reviewer
      claims: [ ]
      clients: [ ]
      allowAnonymous: false
--- a/dmp-frontend/src/app/ui/dmp/dmp-editor-blueprint/dmp-editor.component.ts
+++ b/dmp-frontend/src/app/ui/dmp/dmp-editor-blueprint/dmp-editor.component.ts
@ -196,7 +196,8 @@ export class DmpEditorComponent extends BaseEditor<DmpEditorModel, Dmp> implemen
 	}

 	buildForm() {
-		this.formGroup = this.editorModel.buildForm(null, this.isDeleted || !this.authService.hasPermission(AppPermission.EditDmp));
+		const canedit = this.isNew ? this.authService.hasPermission(AppPermission.NewDmp) : this.authService.hasPermission(AppPermission.EditDmp);
+		this.formGroup = this.editorModel.buildForm(null, this.isDeleted || !canedit);

 		if (this.editorModel.status == DmpStatus.Finalized || this.isDeleted) {
 			this.formGroup.disable();
--- a/dmp-frontend/src/app/ui/dmp/dmp-editor-blueprint/dmp-editor.routing.ts
+++ b/dmp-frontend/src/app/ui/dmp/dmp-editor-blueprint/dmp-editor.routing.ts
@ -20,7 +20,7 @@ const routes: Routes = [
 				title: 'BREADCRUMBS.NEW-DMP'
 			}),
 			authContext: {
-				permissions: [AppPermission.EditDmp]
+				permissions: [AppPermission.NewDmp]
 			}
 		}
 	},