From 5bd5d9b47ff632e9e597aa7ea1ce417f413df58b Mon Sep 17 00:00:00 2001 From: Massimiliano Assante Date: Fri, 11 Oct 2019 14:47:23 +0000 Subject: [PATCH] migrated add and remove users from VRE Folder to storage hub, also the roles are set to the auth service when roles are assigned / removed to users in a VRE git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/portal/liferay62-plugins/VREFolder-hook@182008 82a268e6-3cf1-43bd-a215-b396298e98cf --- .classpath | 3 +- .settings/org.eclipse.jdt.core.prefs | 7 ++- ....eclipse.wst.common.project.facet.core.xml | 2 +- distro/changelog.xml | 3 + pom.xml | 17 ++++-- .../GCubeHookSiteRoleLocalService.java | 28 +++++++++ .../plugins/GCubeHookUserLocalService.java | 59 +++++++++++++++++-- .../gcube/portal/plugins/util/LDAPUtil.java | 2 +- .../WEB-INF/liferay-plugin-package.properties | 2 +- 9 files changed, 107 insertions(+), 16 deletions(-) diff --git a/.classpath b/.classpath index 91f2707..04023d0 100644 --- a/.classpath +++ b/.classpath @@ -15,6 +15,7 @@ + @@ -23,7 +24,7 @@ - + diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs index 443e085..4e4a3ad 100644 --- a/.settings/org.eclipse.jdt.core.prefs +++ b/.settings/org.eclipse.jdt.core.prefs @@ -1,8 +1,9 @@ eclipse.preferences.version=1 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled -org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7 -org.eclipse.jdt.core.compiler.compliance=1.7 +org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8 +org.eclipse.jdt.core.compiler.compliance=1.8 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error org.eclipse.jdt.core.compiler.problem.enumIdentifier=error org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning -org.eclipse.jdt.core.compiler.source=1.7 +org.eclipse.jdt.core.compiler.release=disabled +org.eclipse.jdt.core.compiler.source=1.8 diff --git a/.settings/org.eclipse.wst.common.project.facet.core.xml b/.settings/org.eclipse.wst.common.project.facet.core.xml index 05c4f95..a2e86a5 100644 --- a/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -4,5 +4,5 @@ - + diff --git a/distro/changelog.xml b/distro/changelog.xml index d4c45ba..f7d0220 100644 --- a/distro/changelog.xml +++ b/distro/changelog.xml @@ -1,4 +1,7 @@ + + Feature #17556, Modify liferay TomcatValve and Hook to set roles on Authorization + Feature #6094 User export to LDAP on create account and join/leave VRE diff --git a/pom.xml b/pom.xml index 7c51aaa..f6934d2 100644 --- a/pom.xml +++ b/pom.xml @@ -1,5 +1,6 @@ - 4.0.0 @@ -11,7 +12,7 @@ org.gcube.portal.plugins VREFolder-hook VREFolder-hook Hook - 6.6.0-SNAPSHOT + 6.7.0-SNAPSHOT war VREFolder-hook handles the user adding/removal from the related Home Library VRE Folder @@ -33,6 +34,14 @@ + + org.gcube.common + storagehub-client-library + + + org.gcube.core + common-encryption + org.gcube.common home-library @@ -124,8 +133,8 @@ 2.5 UTF-8 - 1.7 - 1.7 + 1.8 + 1.8 diff --git a/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java b/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java index e501ead..bec6777 100644 --- a/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java +++ b/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java @@ -1,17 +1,28 @@ package org.gcube.portal.plugins; +import static org.gcube.common.authorization.client.Constants.authorizationService; + +import java.util.ArrayList; import java.util.List; +import org.gcube.common.authorization.library.provider.SecurityTokenProvider; import org.gcube.common.homelibrary.home.HomeLibrary; import org.gcube.common.homelibrary.home.workspace.usermanager.UserManager; import org.gcube.common.portal.PortalContext; import org.gcube.common.scope.api.ScopeProvider; +import org.gcube.common.storagehub.client.plugins.AbstractPlugin; +import org.gcube.common.storagehub.client.proxies.GroupManagerClient; import org.gcube.vomanagement.usermanagement.GroupManager; +import org.gcube.vomanagement.usermanagement.RoleManager; import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager; +import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager; import org.gcube.vomanagement.usermanagement.model.GCubeRole; +import org.gcube.vomanagement.usermanagement.model.GCubeUser; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.liferay.portal.kernel.exception.PortalException; +import com.liferay.portal.kernel.exception.SystemException; import com.liferay.portal.model.Role; import com.liferay.portal.model.UserGroupRole; import com.liferay.portal.service.RoleLocalServiceUtil; @@ -36,7 +47,13 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap long userId, long groupId, long[] roleIds) throws com.liferay.portal.kernel.exception.SystemException { List toReturn = super.addUserGroupRoles(userId, groupId, roleIds); + try { + String context = gm.getInfrastructureScope(groupId); + String username = UserLocalServiceUtil.getUser(userId).getScreenName(); + String userToken = authorizationService().resolveTokenByUserAndContext(username, context); + List userRoles = getUserRoles(roleIds); + authorizationService().setTokenRoles(userToken, userRoles); _log.debug("Check if addUserGroupRoles is done in a VRE"); if (gm.isVRE(groupId)) { _log.debug("addUserGroupRoles performed in a VRE, groupId=" + groupId); @@ -60,6 +77,15 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap return toReturn; } + private List getUserRoles(long[] roleIds) throws PortalException, SystemException { + List toReturn = new ArrayList<>(); + for (int i = 0; i < roleIds.length; i++) { + Role role = RoleLocalServiceUtil.getRole(roleIds[i]); + toReturn.add(role.getName()); + } + return toReturn; + } + private void setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception { String scopeVREFolder = gm.getInfrastructureScope(groupId); @@ -78,4 +104,6 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap ScopeProvider.instance.set(currScope); } + + } diff --git a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java index 37a73af..0479859 100644 --- a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java +++ b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java @@ -1,14 +1,26 @@ package org.gcube.portal.plugins; -import org.gcube.common.homelibrary.home.HomeLibrary; +import static org.gcube.common.authorization.client.Constants.authorizationService; + +import java.util.ArrayList; +import java.util.List; + +import org.gcube.common.authorization.library.provider.SecurityTokenProvider; import org.gcube.common.portal.PortalContext; import org.gcube.common.scope.api.ScopeProvider; +import org.gcube.common.storagehub.client.plugins.AbstractPlugin; +import org.gcube.common.storagehub.client.proxies.GroupManagerClient; import org.gcube.portal.plugins.thread.CheckShareLatexUserThread; import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread; import org.gcube.portal.plugins.thread.UpdateUserToLDAPGroupThread; import org.gcube.vomanagement.usermanagement.GroupManager; +import org.gcube.vomanagement.usermanagement.RoleManager; +import org.gcube.vomanagement.usermanagement.UserManager; import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager; +import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager; import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager; +import org.gcube.vomanagement.usermanagement.model.GCubeRole; +import org.gcube.vomanagement.usermanagement.model.GCubeUser; import com.liferay.portal.kernel.exception.SystemException; import com.liferay.portal.kernel.log.Log; @@ -22,6 +34,7 @@ import com.liferay.portal.service.UserLocalServiceWrapper; * */ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { + public static final String AUTORISED_INFRA_ROLE = "Infrastructure-Manager"; /** * logger */ @@ -126,8 +139,7 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { //add the user to shareLatex Thread t = new Thread(new CheckShareLatexUserThread(username, scope)); t.start(); - org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager(); - hlUm.associateUserToGroup(scope, username); + setUser2VREFolder(gm, um, username, scope, true); } else { _log.debug("Group is not a VRE, SKIP adding"); } @@ -137,6 +149,44 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { } ScopeProvider.instance.set(currScope); } + + private boolean setUser2VREFolder(GroupManager gm, UserManager uMan, String username2Add, String context, boolean add) throws Exception { + //get the super user + String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName(); + long groupId = gm.getGroupIdFromInfrastructureScope(infraContext); + RoleManager rm = new LiferayRoleManager(); + long roleId = rm.getRoleId(AUTORISED_INFRA_ROLE, groupId); + List users = uMan.listUsersByGroupAndRole(groupId, roleId); + if (users.isEmpty()) { + _log.error("Cannot add the user to the VRE Folder: there is no user having role " + AUTORISED_INFRA_ROLE + " on context: " + infraContext); + return false; + } + else { + GCubeUser theAdmin = users.get(0); + String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, theAdmin.getUsername()); + List theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), groupId); + List rolesString = new ArrayList(); + for (GCubeRole gCubeRole : theAdminRoles) { + rolesString.add(gCubeRole.getRoleName()); + } + authorizationService().setTokenRoles(theAdminToken, rolesString); + SecurityTokenProvider.instance.set(theAdminToken); + GroupManagerClient client = AbstractPlugin.groups().build(); + if (add) + client.addUserToGroup(username2Add, getVREFolderNameFromContext(context)); + else + client.removeUserFromGroup(username2Add, getVREFolderNameFromContext(context)); + return true; + } + } + + private static String getVREFolderNameFromContext(String context) { + if (context.startsWith("/")) { + return context.substring(1).replace("/", "-"); + } + return null; + } + /** * * @param groupId @@ -167,8 +217,7 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { //remove the user to LDAP Group Thread tLdap = new Thread(new UpdateUserToLDAPGroupThread(username, scope, groupId, true)); tLdap.start(); - org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager(); - hlUm.removeUserFromGroup(scope, username); + setUser2VREFolder(gm, um, username, scope, false); Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, scope)); tToken.start(); } else { diff --git a/src/main/java/org/gcube/portal/plugins/util/LDAPUtil.java b/src/main/java/org/gcube/portal/plugins/util/LDAPUtil.java index cb02ddd..7e13d81 100644 --- a/src/main/java/org/gcube/portal/plugins/util/LDAPUtil.java +++ b/src/main/java/org/gcube/portal/plugins/util/LDAPUtil.java @@ -16,7 +16,7 @@ import javax.naming.directory.DirContext; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; -import org.gcube.common.encryption.StringEncrypter; +import org.gcube.common.encryption.encrypter.StringEncrypter; import org.gcube.common.portal.PortalContext; import org.gcube.common.resources.gcore.ServiceEndpoint; import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint; diff --git a/src/main/webapp/WEB-INF/liferay-plugin-package.properties b/src/main/webapp/WEB-INF/liferay-plugin-package.properties index 1f6d959..4bdcc2a 100644 --- a/src/main/webapp/WEB-INF/liferay-plugin-package.properties +++ b/src/main/webapp/WEB-INF/liferay-plugin-package.properties @@ -1,6 +1,6 @@ name=VREFolder-hook module-group-id=liferay -module-incremental-version=4 +module-incremental-version=6 tags= short-description= change-log=