diff --git a/.classpath b/.classpath
index 91f2707..04023d0 100644
--- a/.classpath
+++ b/.classpath
@@ -15,6 +15,7 @@
+
@@ -23,7 +24,7 @@
-
+
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
index 443e085..4e4a3ad 100644
--- a/.settings/org.eclipse.jdt.core.prefs
+++ b/.settings/org.eclipse.jdt.core.prefs
@@ -1,8 +1,9 @@
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
-org.eclipse.jdt.core.compiler.compliance=1.7
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
+org.eclipse.jdt.core.compiler.compliance=1.8
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.7
+org.eclipse.jdt.core.compiler.release=disabled
+org.eclipse.jdt.core.compiler.source=1.8
diff --git a/.settings/org.eclipse.wst.common.project.facet.core.xml b/.settings/org.eclipse.wst.common.project.facet.core.xml
index 05c4f95..a2e86a5 100644
--- a/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -4,5 +4,5 @@
-
+
diff --git a/distro/changelog.xml b/distro/changelog.xml
index d4c45ba..f7d0220 100644
--- a/distro/changelog.xml
+++ b/distro/changelog.xml
@@ -1,4 +1,7 @@
+
+ Feature #17556, Modify liferay TomcatValve and Hook to set roles on Authorization
+
Feature #6094 User export to LDAP on create account and join/leave VRE
diff --git a/pom.xml b/pom.xml
index 7c51aaa..f6934d2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,5 +1,6 @@
-
4.0.0
@@ -11,7 +12,7 @@
org.gcube.portal.plugins
VREFolder-hook
VREFolder-hook Hook
- 6.6.0-SNAPSHOT
+ 6.7.0-SNAPSHOT
war
VREFolder-hook handles the user adding/removal from the related Home Library VRE Folder
@@ -33,6 +34,14 @@
+
+ org.gcube.common
+ storagehub-client-library
+
+
+ org.gcube.core
+ common-encryption
+
org.gcube.common
home-library
@@ -124,8 +133,8 @@
2.5
UTF-8
-
- 1.7
+
+ 1.8
diff --git a/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java b/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java
index e501ead..bec6777 100644
--- a/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java
+++ b/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java
@@ -1,17 +1,28 @@
package org.gcube.portal.plugins;
+import static org.gcube.common.authorization.client.Constants.authorizationService;
+
+import java.util.ArrayList;
import java.util.List;
+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.homelibrary.home.HomeLibrary;
import org.gcube.common.homelibrary.home.workspace.usermanager.UserManager;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
+import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
import org.gcube.vomanagement.usermanagement.GroupManager;
+import org.gcube.vomanagement.usermanagement.RoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
+import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
+import org.gcube.vomanagement.usermanagement.model.GCubeUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.liferay.portal.kernel.exception.PortalException;
+import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.model.Role;
import com.liferay.portal.model.UserGroupRole;
import com.liferay.portal.service.RoleLocalServiceUtil;
@@ -36,7 +47,13 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
long userId, long groupId, long[] roleIds)
throws com.liferay.portal.kernel.exception.SystemException {
List toReturn = super.addUserGroupRoles(userId, groupId, roleIds);
+
try {
+ String context = gm.getInfrastructureScope(groupId);
+ String username = UserLocalServiceUtil.getUser(userId).getScreenName();
+ String userToken = authorizationService().resolveTokenByUserAndContext(username, context);
+ List userRoles = getUserRoles(roleIds);
+ authorizationService().setTokenRoles(userToken, userRoles);
_log.debug("Check if addUserGroupRoles is done in a VRE");
if (gm.isVRE(groupId)) {
_log.debug("addUserGroupRoles performed in a VRE, groupId=" + groupId);
@@ -60,6 +77,15 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
return toReturn;
}
+ private List getUserRoles(long[] roleIds) throws PortalException, SystemException {
+ List toReturn = new ArrayList<>();
+ for (int i = 0; i < roleIds.length; i++) {
+ Role role = RoleLocalServiceUtil.getRole(roleIds[i]);
+ toReturn.add(role.getName());
+ }
+ return toReturn;
+ }
+
private void setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception {
String scopeVREFolder = gm.getInfrastructureScope(groupId);
@@ -78,4 +104,6 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
ScopeProvider.instance.set(currScope);
}
+
+
}
diff --git a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
index 37a73af..0479859 100644
--- a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
+++ b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
@@ -1,14 +1,26 @@
package org.gcube.portal.plugins;
-import org.gcube.common.homelibrary.home.HomeLibrary;
+import static org.gcube.common.authorization.client.Constants.authorizationService;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
+import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
import org.gcube.portal.plugins.thread.CheckShareLatexUserThread;
import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread;
import org.gcube.portal.plugins.thread.UpdateUserToLDAPGroupThread;
import org.gcube.vomanagement.usermanagement.GroupManager;
+import org.gcube.vomanagement.usermanagement.RoleManager;
+import org.gcube.vomanagement.usermanagement.UserManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
+import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
+import org.gcube.vomanagement.usermanagement.model.GCubeRole;
+import org.gcube.vomanagement.usermanagement.model.GCubeUser;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
@@ -22,6 +34,7 @@ import com.liferay.portal.service.UserLocalServiceWrapper;
*
*/
public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
+ public static final String AUTORISED_INFRA_ROLE = "Infrastructure-Manager";
/**
* logger
*/
@@ -126,8 +139,7 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
//add the user to shareLatex
Thread t = new Thread(new CheckShareLatexUserThread(username, scope));
t.start();
- org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
- hlUm.associateUserToGroup(scope, username);
+ setUser2VREFolder(gm, um, username, scope, true);
} else {
_log.debug("Group is not a VRE, SKIP adding");
}
@@ -137,6 +149,44 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
}
ScopeProvider.instance.set(currScope);
}
+
+ private boolean setUser2VREFolder(GroupManager gm, UserManager uMan, String username2Add, String context, boolean add) throws Exception {
+ //get the super user
+ String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
+ long groupId = gm.getGroupIdFromInfrastructureScope(infraContext);
+ RoleManager rm = new LiferayRoleManager();
+ long roleId = rm.getRoleId(AUTORISED_INFRA_ROLE, groupId);
+ List users = uMan.listUsersByGroupAndRole(groupId, roleId);
+ if (users.isEmpty()) {
+ _log.error("Cannot add the user to the VRE Folder: there is no user having role " + AUTORISED_INFRA_ROLE + " on context: " + infraContext);
+ return false;
+ }
+ else {
+ GCubeUser theAdmin = users.get(0);
+ String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, theAdmin.getUsername());
+ List theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), groupId);
+ List rolesString = new ArrayList();
+ for (GCubeRole gCubeRole : theAdminRoles) {
+ rolesString.add(gCubeRole.getRoleName());
+ }
+ authorizationService().setTokenRoles(theAdminToken, rolesString);
+ SecurityTokenProvider.instance.set(theAdminToken);
+ GroupManagerClient client = AbstractPlugin.groups().build();
+ if (add)
+ client.addUserToGroup(username2Add, getVREFolderNameFromContext(context));
+ else
+ client.removeUserFromGroup(username2Add, getVREFolderNameFromContext(context));
+ return true;
+ }
+ }
+
+ private static String getVREFolderNameFromContext(String context) {
+ if (context.startsWith("/")) {
+ return context.substring(1).replace("/", "-");
+ }
+ return null;
+ }
+
/**
*
* @param groupId
@@ -167,8 +217,7 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
//remove the user to LDAP Group
Thread tLdap = new Thread(new UpdateUserToLDAPGroupThread(username, scope, groupId, true));
tLdap.start();
- org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
- hlUm.removeUserFromGroup(scope, username);
+ setUser2VREFolder(gm, um, username, scope, false);
Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, scope));
tToken.start();
} else {
diff --git a/src/main/java/org/gcube/portal/plugins/util/LDAPUtil.java b/src/main/java/org/gcube/portal/plugins/util/LDAPUtil.java
index cb02ddd..7e13d81 100644
--- a/src/main/java/org/gcube/portal/plugins/util/LDAPUtil.java
+++ b/src/main/java/org/gcube/portal/plugins/util/LDAPUtil.java
@@ -16,7 +16,7 @@ import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
-import org.gcube.common.encryption.StringEncrypter;
+import org.gcube.common.encryption.encrypter.StringEncrypter;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.resources.gcore.ServiceEndpoint;
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
diff --git a/src/main/webapp/WEB-INF/liferay-plugin-package.properties b/src/main/webapp/WEB-INF/liferay-plugin-package.properties
index 1f6d959..4bdcc2a 100644
--- a/src/main/webapp/WEB-INF/liferay-plugin-package.properties
+++ b/src/main/webapp/WEB-INF/liferay-plugin-package.properties
@@ -1,6 +1,6 @@
name=VREFolder-hook
module-group-id=liferay
-module-incremental-version=4
+module-incremental-version=6
tags=
short-description=
change-log=