@ -1,14 +1,26 @@
package org.gcube.portal.plugins ;
import org.gcube.common.homelibrary.home.HomeLibrary ;
import static org.gcube.common.authorization.client.Constants.authorizationService ;
import java.util.ArrayList ;
import java.util.List ;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider ;
import org.gcube.common.portal.PortalContext ;
import org.gcube.common.scope.api.ScopeProvider ;
import org.gcube.common.storagehub.client.plugins.AbstractPlugin ;
import org.gcube.common.storagehub.client.proxies.GroupManagerClient ;
import org.gcube.portal.plugins.thread.CheckShareLatexUserThread ;
import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread ;
import org.gcube.portal.plugins.thread.UpdateUserToLDAPGroupThread ;
import org.gcube.vomanagement.usermanagement.GroupManager ;
import org.gcube.vomanagement.usermanagement.RoleManager ;
import org.gcube.vomanagement.usermanagement.UserManager ;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager ;
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager ;
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager ;
import org.gcube.vomanagement.usermanagement.model.GCubeRole ;
import org.gcube.vomanagement.usermanagement.model.GCubeUser ;
import com.liferay.portal.kernel.exception.SystemException ;
import com.liferay.portal.kernel.log.Log ;
@ -22,6 +34,7 @@ import com.liferay.portal.service.UserLocalServiceWrapper;
*
* /
public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
public static final String AUTORISED_INFRA_ROLE = "Infrastructure-Manager" ;
/ * *
* logger
* /
@ -126,8 +139,7 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
//add the user to shareLatex
Thread t = new Thread ( new CheckShareLatexUserThread ( username , scope ) ) ;
t . start ( ) ;
org . gcube . common . homelibrary . home . workspace . usermanager . UserManager hlUm = HomeLibrary . getHomeManagerFactory ( ) . getUserManager ( ) ;
hlUm . associateUserToGroup ( scope , username ) ;
setUser2VREFolder ( gm , um , username , scope , true ) ;
} else {
_log . debug ( "Group is not a VRE, SKIP adding" ) ;
}
@ -137,6 +149,44 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
}
ScopeProvider . instance . set ( currScope ) ;
}
private boolean setUser2VREFolder ( GroupManager gm , UserManager uMan , String username2Add , String context , boolean add ) throws Exception {
//get the super user
String infraContext = "/" + PortalContext . getConfiguration ( ) . getInfrastructureName ( ) ;
long groupId = gm . getGroupIdFromInfrastructureScope ( infraContext ) ;
RoleManager rm = new LiferayRoleManager ( ) ;
long roleId = rm . getRoleId ( AUTORISED_INFRA_ROLE , groupId ) ;
List < GCubeUser > users = uMan . listUsersByGroupAndRole ( groupId , roleId ) ;
if ( users . isEmpty ( ) ) {
_log . error ( "Cannot add the user to the VRE Folder: there is no user having role " + AUTORISED_INFRA_ROLE + " on context: " + infraContext ) ;
return false ;
}
else {
GCubeUser theAdmin = users . get ( 0 ) ;
String theAdminToken = PortalContext . getConfiguration ( ) . getCurrentUserToken ( infraContext , theAdmin . getUsername ( ) ) ;
List < GCubeRole > theAdminRoles = rm . listRolesByUserAndGroup ( theAdmin . getUserId ( ) , groupId ) ;
List < String > rolesString = new ArrayList < String > ( ) ;
for ( GCubeRole gCubeRole : theAdminRoles ) {
rolesString . add ( gCubeRole . getRoleName ( ) ) ;
}
authorizationService ( ) . setTokenRoles ( theAdminToken , rolesString ) ;
SecurityTokenProvider . instance . set ( theAdminToken ) ;
GroupManagerClient client = AbstractPlugin . groups ( ) . build ( ) ;
if ( add )
client . addUserToGroup ( username2Add , getVREFolderNameFromContext ( context ) ) ;
else
client . removeUserFromGroup ( username2Add , getVREFolderNameFromContext ( context ) ) ;
return true ;
}
}
private static String getVREFolderNameFromContext ( String context ) {
if ( context . startsWith ( "/" ) ) {
return context . substring ( 1 ) . replace ( "/" , "-" ) ;
}
return null ;
}
/ * *
*
* @param groupId
@ -167,8 +217,7 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
//remove the user to LDAP Group
Thread tLdap = new Thread ( new UpdateUserToLDAPGroupThread ( username , scope , groupId , true ) ) ;
tLdap . start ( ) ;
org . gcube . common . homelibrary . home . workspace . usermanager . UserManager hlUm = HomeLibrary . getHomeManagerFactory ( ) . getUserManager ( ) ;
hlUm . removeUserFromGroup ( scope , username ) ;
setUser2VREFolder ( gm , um , username , scope , false ) ;
Thread tToken = new Thread ( new RemoveUserTokenFromVREThread ( username , scope ) ) ;
tToken . start ( ) ;
} else {