migrated add and remove users from VRE Folder to storage hub, also the roles are set to the auth service when roles are assigned / removed to users in a VRE

git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/portal/liferay62-plugins/VREFolder-hook@182008 82a268e6-3cf1-43bd-a215-b396298e98cf
5 years ago · 5bd5d9b47f
parent 00d6f48100
commit 5bd5d9b47f
9 changed files with 107 additions and 16 deletions
--- a/.classpath
+++ b/.classpath
@ -15,6 +15,7 @@
 		<attributes>
 			<attribute name="optional" value="true"/>
 			<attribute name="maven.pomderived" value="true"/>
+			<attribute name="test" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
@ -23,7 +24,7 @@
 			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7">
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
--- a/.settings/org.eclipse.jdt.core.prefs
+++ b/.settings/org.eclipse.jdt.core.prefs
@ -1,8 +1,9 @@
 eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
-org.eclipse.jdt.core.compiler.compliance=1.7
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
+org.eclipse.jdt.core.compiler.compliance=1.8
 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
 org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.7
+org.eclipse.jdt.core.compiler.release=disabled
+org.eclipse.jdt.core.compiler.source=1.8
--- a/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/.settings/org.eclipse.wst.common.project.facet.core.xml
@ -4,5 +4,5 @@
  <installed facet="jst.web" version="2.4"/>
  <installed facet="liferay.hook" version="6.0"/>
  <installed facet="wst.jsdt.web" version="1.0"/>
-  <installed facet="java" version="1.7"/>
+  <installed facet="java" version="1.8"/>
 </faceted-project>
--- a/distro/changelog.xml
+++ b/distro/changelog.xml
@ -1,4 +1,7 @@
 <ReleaseNotes>	
+	<Changeset component="org.gcube.portal.plugins.VREFolder-hook.6-7-0" date="2019-10-10">
+		<Change>Feature #17556, Modify liferay TomcatValve and Hook to set roles on Authorization</Change>
+	</Changeset>
 	<Changeset component="org.gcube.portal.plugins.VREFolder-hook.6-6-0" date="2018-03-02">
 		<Change>Feature #6094 User export to LDAP on create account and join/leave VRE</Change>
 	</Changeset>
--- a/pom.xml
+++ b/pom.xml
@ -1,5 +1,6 @@
 <?xml version="1.0"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
@ -11,7 +12,7 @@
 	<groupId>org.gcube.portal.plugins</groupId>
 	<artifactId>VREFolder-hook</artifactId>
 	<name>VREFolder-hook Hook</name>
-	<version>6.6.0-SNAPSHOT</version>
+	<version>6.7.0-SNAPSHOT</version>
 	<packaging>war</packaging>
 	<description>
 		VREFolder-hook handles the user adding/removal from the related Home Library VRE Folder
@ -33,6 +34,14 @@
 		</dependencies>
 	</dependencyManagement>
 	<dependencies>
+		<dependency>
+			<groupId>org.gcube.common</groupId>
+			<artifactId>storagehub-client-library</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.gcube.core</groupId>
+			<artifactId>common-encryption</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.gcube.common</groupId>
 			<artifactId>home-library</artifactId>
@ -124,8 +133,8 @@
 				<version>2.5</version>
 				<configuration>
 					<encoding>UTF-8</encoding>
-					<source>1.7</source>
-					<target>1.7</target>
+					<source>1.8</source>
+					<target>1.8</target>
 				</configuration>
 			</plugin>
 			<plugin>
--- a/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java
+++ b/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java
@ -1,17 +1,28 @@
 package org.gcube.portal.plugins;

+import static org.gcube.common.authorization.client.Constants.authorizationService;
+
+import java.util.ArrayList;
 import java.util.List;

+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.homelibrary.home.HomeLibrary;
 import org.gcube.common.homelibrary.home.workspace.usermanager.UserManager;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
+import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
 import org.gcube.vomanagement.usermanagement.GroupManager;
+import org.gcube.vomanagement.usermanagement.RoleManager;
 import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
+import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
 import org.gcube.vomanagement.usermanagement.model.GCubeRole;
+import org.gcube.vomanagement.usermanagement.model.GCubeUser;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

+import com.liferay.portal.kernel.exception.PortalException;
+import com.liferay.portal.kernel.exception.SystemException;
 import com.liferay.portal.model.Role;
 import com.liferay.portal.model.UserGroupRole;
 import com.liferay.portal.service.RoleLocalServiceUtil;
@ -36,7 +47,13 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
 			long userId, long groupId, long[] roleIds)
 					throws com.liferay.portal.kernel.exception.SystemException {			
 		List<UserGroupRole> toReturn = super.addUserGroupRoles(userId, groupId,	roleIds);
+		
 		try {
+			String context = gm.getInfrastructureScope(groupId);
+			String username = UserLocalServiceUtil.getUser(userId).getScreenName();
+			String userToken = authorizationService().resolveTokenByUserAndContext(username, context);	
+			List<String> userRoles = getUserRoles(roleIds);
+			authorizationService().setTokenRoles(userToken, userRoles);
 			_log.debug("Check if addUserGroupRoles is done in a VRE");
 			if (gm.isVRE(groupId)) {
 				_log.debug("addUserGroupRoles performed in a VRE, groupId=" + groupId);
@ -60,6 +77,15 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
 		return toReturn;
 	}

+	private List<String> getUserRoles(long[] roleIds) throws PortalException, SystemException {
+		List<String> toReturn = new ArrayList<>();
+		for (int i = 0; i < roleIds.length; i++) {
+			Role role = RoleLocalServiceUtil.getRole(roleIds[i]);
+			toReturn.add(role.getName());			
+		} 
+		return toReturn;
+	}
+
 	private void setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception {

 		String scopeVREFolder = gm.getInfrastructureScope(groupId);
@ -78,4 +104,6 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap

 		ScopeProvider.instance.set(currScope);
 	}
+	
+	
 }
--- a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
+++ b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
@ -1,14 +1,26 @@
 package org.gcube.portal.plugins;

-import org.gcube.common.homelibrary.home.HomeLibrary;
+import static org.gcube.common.authorization.client.Constants.authorizationService;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
+import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
 import org.gcube.portal.plugins.thread.CheckShareLatexUserThread;
 import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread;
 import org.gcube.portal.plugins.thread.UpdateUserToLDAPGroupThread;
 import org.gcube.vomanagement.usermanagement.GroupManager;
+import org.gcube.vomanagement.usermanagement.RoleManager;
+import org.gcube.vomanagement.usermanagement.UserManager;
 import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
+import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
 import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
+import org.gcube.vomanagement.usermanagement.model.GCubeRole;
+import org.gcube.vomanagement.usermanagement.model.GCubeUser;

 import com.liferay.portal.kernel.exception.SystemException;
 import com.liferay.portal.kernel.log.Log;
@ -22,6 +34,7 @@ import com.liferay.portal.service.UserLocalServiceWrapper;
 *
 */
 public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
+	public static final String AUTORISED_INFRA_ROLE = "Infrastructure-Manager";
 	/**
 	 * logger
 	 */
@ -126,8 +139,7 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
 				//add the user to shareLatex
 				Thread t = new Thread(new CheckShareLatexUserThread(username, scope));
 				t.start();
-				org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
-				hlUm.associateUserToGroup(scope, username);	
+				setUser2VREFolder(gm, um, username, scope, true);
 			} else {
 				_log.debug("Group is not a VRE, SKIP adding");
 			}
@ -137,6 +149,44 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
 		}
 		ScopeProvider.instance.set(currScope);
 	}
+
+	private boolean setUser2VREFolder(GroupManager gm, UserManager uMan, String username2Add, String context, boolean add) throws Exception {
+		//get the super user
+		String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
+		long groupId = gm.getGroupIdFromInfrastructureScope(infraContext);
+		RoleManager rm = new LiferayRoleManager();
+		long roleId = rm.getRoleId(AUTORISED_INFRA_ROLE, groupId);
+		List<GCubeUser> users = uMan.listUsersByGroupAndRole(groupId, roleId);
+		if (users.isEmpty()) {
+			_log.error("Cannot add the user to the VRE Folder: there is no user having role " + AUTORISED_INFRA_ROLE + " on context: " + infraContext);
+			return false;
+		}
+		else {
+			GCubeUser theAdmin = users.get(0);
+			String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, theAdmin.getUsername());
+			List<GCubeRole> theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), groupId);			
+			List<String> rolesString = new ArrayList<String>();
+			for (GCubeRole gCubeRole : theAdminRoles) {
+				rolesString.add(gCubeRole.getRoleName());
+			}
+			authorizationService().setTokenRoles(theAdminToken, rolesString);
+			SecurityTokenProvider.instance.set(theAdminToken);
+			GroupManagerClient client = AbstractPlugin.groups().build();
+			if (add)
+				client.addUserToGroup(username2Add, getVREFolderNameFromContext(context));
+			else 
+				client.removeUserFromGroup(username2Add, getVREFolderNameFromContext(context));
+			return true;
+		}
+	}
+
+	private static String getVREFolderNameFromContext(String context) {
+		if (context.startsWith("/")) {
+			return context.substring(1).replace("/", "-");
+		}
+		return null;
+	}
+
 	/**
 	 * 
 	 * @param groupId
@ -167,8 +217,7 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
 				//remove the user to LDAP Group
 				Thread tLdap = new Thread(new UpdateUserToLDAPGroupThread(username, scope, groupId, true));
 				tLdap.start();				
-				org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
-				hlUm.removeUserFromGroup(scope, username);
+				setUser2VREFolder(gm, um, username, scope, false);
 				Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, scope));
 				tToken.start();			
 			} else {
--- a/src/main/java/org/gcube/portal/plugins/util/LDAPUtil.java
+++ b/src/main/java/org/gcube/portal/plugins/util/LDAPUtil.java
@ -16,7 +16,7 @@ import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;

-import org.gcube.common.encryption.StringEncrypter;
+import org.gcube.common.encryption.encrypter.StringEncrypter;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.resources.gcore.ServiceEndpoint;
 import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
--- a/src/main/webapp/WEB-INF/liferay-plugin-package.properties
+++ b/src/main/webapp/WEB-INF/liferay-plugin-package.properties
@ -1,6 +1,6 @@
 name=VREFolder-hook
 module-group-id=liferay
-module-incremental-version=4
+module-incremental-version=6
 tags=
 short-description=
 change-log=