migrated add and remove users from VRE Folder to storage hub, also the roles are set to the auth service when roles are assigned / removed to users in a VRE
git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/portal/liferay62-plugins/VREFolder-hook@182008 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
00d6f48100
commit
5bd5d9b47f
|
|
@ -15,6 +15,7 @@
|
|||
<attributes>
|
||||
<attribute name="optional" value="true"/>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
<attribute name="test" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
|
||||
|
|
@ -23,7 +24,7 @@
|
|||
<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7">
|
||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
|
||||
<attributes>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
</attributes>
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
eclipse.preferences.version=1
|
||||
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
|
||||
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
|
||||
org.eclipse.jdt.core.compiler.compliance=1.7
|
||||
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
|
||||
org.eclipse.jdt.core.compiler.compliance=1.8
|
||||
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
|
||||
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
|
||||
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
|
||||
org.eclipse.jdt.core.compiler.source=1.7
|
||||
org.eclipse.jdt.core.compiler.release=disabled
|
||||
org.eclipse.jdt.core.compiler.source=1.8
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@
|
|||
<installed facet="jst.web" version="2.4"/>
|
||||
<installed facet="liferay.hook" version="6.0"/>
|
||||
<installed facet="wst.jsdt.web" version="1.0"/>
|
||||
<installed facet="java" version="1.7"/>
|
||||
<installed facet="java" version="1.8"/>
|
||||
</faceted-project>
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
<ReleaseNotes>
|
||||
<Changeset component="org.gcube.portal.plugins.VREFolder-hook.6-7-0" date="2019-10-10">
|
||||
<Change>Feature #17556, Modify liferay TomcatValve and Hook to set roles on Authorization</Change>
|
||||
</Changeset>
|
||||
<Changeset component="org.gcube.portal.plugins.VREFolder-hook.6-6-0" date="2018-03-02">
|
||||
<Change>Feature #6094 User export to LDAP on create account and join/leave VRE</Change>
|
||||
</Changeset>
|
||||
|
|
|
|||
17
pom.xml
17
pom.xml
|
|
@ -1,5 +1,6 @@
|
|||
<?xml version="1.0"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
|
|
@ -11,7 +12,7 @@
|
|||
<groupId>org.gcube.portal.plugins</groupId>
|
||||
<artifactId>VREFolder-hook</artifactId>
|
||||
<name>VREFolder-hook Hook</name>
|
||||
<version>6.6.0-SNAPSHOT</version>
|
||||
<version>6.7.0-SNAPSHOT</version>
|
||||
<packaging>war</packaging>
|
||||
<description>
|
||||
VREFolder-hook handles the user adding/removal from the related Home Library VRE Folder
|
||||
|
|
@ -33,6 +34,14 @@
|
|||
</dependencies>
|
||||
</dependencyManagement>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>storagehub-client-library</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.gcube.core</groupId>
|
||||
<artifactId>common-encryption</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>home-library</artifactId>
|
||||
|
|
@ -124,8 +133,8 @@
|
|||
<version>2.5</version>
|
||||
<configuration>
|
||||
<encoding>UTF-8</encoding>
|
||||
<source>1.7</source>
|
||||
<target>1.7</target>
|
||||
<source>1.8</source>
|
||||
<target>1.8</target>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
|
|
|
|||
|
|
@ -1,17 +1,28 @@
|
|||
package org.gcube.portal.plugins;
|
||||
|
||||
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.homelibrary.home.HomeLibrary;
|
||||
import org.gcube.common.homelibrary.home.workspace.usermanager.UserManager;
|
||||
import org.gcube.common.portal.PortalContext;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
|
||||
import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
|
||||
import org.gcube.vomanagement.usermanagement.GroupManager;
|
||||
import org.gcube.vomanagement.usermanagement.RoleManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
|
||||
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
|
||||
import org.gcube.vomanagement.usermanagement.model.GCubeUser;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import com.liferay.portal.kernel.exception.PortalException;
|
||||
import com.liferay.portal.kernel.exception.SystemException;
|
||||
import com.liferay.portal.model.Role;
|
||||
import com.liferay.portal.model.UserGroupRole;
|
||||
import com.liferay.portal.service.RoleLocalServiceUtil;
|
||||
|
|
@ -36,7 +47,13 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
|
|||
long userId, long groupId, long[] roleIds)
|
||||
throws com.liferay.portal.kernel.exception.SystemException {
|
||||
List<UserGroupRole> toReturn = super.addUserGroupRoles(userId, groupId, roleIds);
|
||||
|
||||
try {
|
||||
String context = gm.getInfrastructureScope(groupId);
|
||||
String username = UserLocalServiceUtil.getUser(userId).getScreenName();
|
||||
String userToken = authorizationService().resolveTokenByUserAndContext(username, context);
|
||||
List<String> userRoles = getUserRoles(roleIds);
|
||||
authorizationService().setTokenRoles(userToken, userRoles);
|
||||
_log.debug("Check if addUserGroupRoles is done in a VRE");
|
||||
if (gm.isVRE(groupId)) {
|
||||
_log.debug("addUserGroupRoles performed in a VRE, groupId=" + groupId);
|
||||
|
|
@ -60,6 +77,15 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
|
|||
return toReturn;
|
||||
}
|
||||
|
||||
private List<String> getUserRoles(long[] roleIds) throws PortalException, SystemException {
|
||||
List<String> toReturn = new ArrayList<>();
|
||||
for (int i = 0; i < roleIds.length; i++) {
|
||||
Role role = RoleLocalServiceUtil.getRole(roleIds[i]);
|
||||
toReturn.add(role.getName());
|
||||
}
|
||||
return toReturn;
|
||||
}
|
||||
|
||||
private void setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception {
|
||||
|
||||
String scopeVREFolder = gm.getInfrastructureScope(groupId);
|
||||
|
|
@ -78,4 +104,6 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
|
|||
|
||||
ScopeProvider.instance.set(currScope);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,14 +1,26 @@
|
|||
package org.gcube.portal.plugins;
|
||||
|
||||
import org.gcube.common.homelibrary.home.HomeLibrary;
|
||||
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.portal.PortalContext;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
|
||||
import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
|
||||
import org.gcube.portal.plugins.thread.CheckShareLatexUserThread;
|
||||
import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread;
|
||||
import org.gcube.portal.plugins.thread.UpdateUserToLDAPGroupThread;
|
||||
import org.gcube.vomanagement.usermanagement.GroupManager;
|
||||
import org.gcube.vomanagement.usermanagement.RoleManager;
|
||||
import org.gcube.vomanagement.usermanagement.UserManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
||||
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
|
||||
import org.gcube.vomanagement.usermanagement.model.GCubeUser;
|
||||
|
||||
import com.liferay.portal.kernel.exception.SystemException;
|
||||
import com.liferay.portal.kernel.log.Log;
|
||||
|
|
@ -22,6 +34,7 @@ import com.liferay.portal.service.UserLocalServiceWrapper;
|
|||
*
|
||||
*/
|
||||
public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
|
||||
public static final String AUTORISED_INFRA_ROLE = "Infrastructure-Manager";
|
||||
/**
|
||||
* logger
|
||||
*/
|
||||
|
|
@ -126,8 +139,7 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
|
|||
//add the user to shareLatex
|
||||
Thread t = new Thread(new CheckShareLatexUserThread(username, scope));
|
||||
t.start();
|
||||
org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
|
||||
hlUm.associateUserToGroup(scope, username);
|
||||
setUser2VREFolder(gm, um, username, scope, true);
|
||||
} else {
|
||||
_log.debug("Group is not a VRE, SKIP adding");
|
||||
}
|
||||
|
|
@ -137,6 +149,44 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
|
|||
}
|
||||
ScopeProvider.instance.set(currScope);
|
||||
}
|
||||
|
||||
private boolean setUser2VREFolder(GroupManager gm, UserManager uMan, String username2Add, String context, boolean add) throws Exception {
|
||||
//get the super user
|
||||
String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
|
||||
long groupId = gm.getGroupIdFromInfrastructureScope(infraContext);
|
||||
RoleManager rm = new LiferayRoleManager();
|
||||
long roleId = rm.getRoleId(AUTORISED_INFRA_ROLE, groupId);
|
||||
List<GCubeUser> users = uMan.listUsersByGroupAndRole(groupId, roleId);
|
||||
if (users.isEmpty()) {
|
||||
_log.error("Cannot add the user to the VRE Folder: there is no user having role " + AUTORISED_INFRA_ROLE + " on context: " + infraContext);
|
||||
return false;
|
||||
}
|
||||
else {
|
||||
GCubeUser theAdmin = users.get(0);
|
||||
String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, theAdmin.getUsername());
|
||||
List<GCubeRole> theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), groupId);
|
||||
List<String> rolesString = new ArrayList<String>();
|
||||
for (GCubeRole gCubeRole : theAdminRoles) {
|
||||
rolesString.add(gCubeRole.getRoleName());
|
||||
}
|
||||
authorizationService().setTokenRoles(theAdminToken, rolesString);
|
||||
SecurityTokenProvider.instance.set(theAdminToken);
|
||||
GroupManagerClient client = AbstractPlugin.groups().build();
|
||||
if (add)
|
||||
client.addUserToGroup(username2Add, getVREFolderNameFromContext(context));
|
||||
else
|
||||
client.removeUserFromGroup(username2Add, getVREFolderNameFromContext(context));
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
private static String getVREFolderNameFromContext(String context) {
|
||||
if (context.startsWith("/")) {
|
||||
return context.substring(1).replace("/", "-");
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param groupId
|
||||
|
|
@ -167,8 +217,7 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
|
|||
//remove the user to LDAP Group
|
||||
Thread tLdap = new Thread(new UpdateUserToLDAPGroupThread(username, scope, groupId, true));
|
||||
tLdap.start();
|
||||
org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
|
||||
hlUm.removeUserFromGroup(scope, username);
|
||||
setUser2VREFolder(gm, um, username, scope, false);
|
||||
Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, scope));
|
||||
tToken.start();
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ import javax.naming.directory.DirContext;
|
|||
import javax.naming.directory.SearchControls;
|
||||
import javax.naming.directory.SearchResult;
|
||||
|
||||
import org.gcube.common.encryption.StringEncrypter;
|
||||
import org.gcube.common.encryption.encrypter.StringEncrypter;
|
||||
import org.gcube.common.portal.PortalContext;
|
||||
import org.gcube.common.resources.gcore.ServiceEndpoint;
|
||||
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
name=VREFolder-hook
|
||||
module-group-id=liferay
|
||||
module-incremental-version=4
|
||||
module-incremental-version=6
|
||||
tags=
|
||||
short-description=
|
||||
change-log=
|
||||
|
|
|
|||
Loading…
Reference in New Issue