gCubeSystem
/
VREFolder-hook
15
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Implemented VRE Users Add and Remove from VREFolder via storage hub

This commit is contained in:
Massimiliano Assante 2021-02-03 18:07:38 +01:00
parent cd42d39575
commit 64d7c6c02d
3 changed files with 103 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pom.xml
View File

@ -12,7 +12,7 @@
<groupId>org.gcube.portal.plugins</groupId>
<artifactId>VREFolder-hook</artifactId>
<name>VREFolder-hook Hook</name>
<version>6.7.1</version>
<version>6.8.0-SNAPSHOT</version>
<packaging>war</packaging>
<description>
VREFolder-hook handles the user adding/removal from the related Home Library VRE Folder
@ -42,6 +42,16 @@
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>storagehub-client-library</artifactId>
</dependency>
<dependency>
<groupId>org.gcube.portal</groupId>
<artifactId>oidc-library-portal</artifactId>
<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>home-library</artifactId>
@ -57,6 +67,7 @@
<artifactId>home-library-jcr</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.gcube.core</groupId>
<artifactId>common-encryption</artifactId>

93
src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
View File

@ -1,14 +1,27 @@
package org.gcube.portal.plugins;
import org.gcube.common.homelibrary.home.HomeLibrary;
import static org.gcube.common.authorization.client.Constants.authorizationService;
import java.util.ArrayList;
import java.util.List;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
import org.gcube.portal.plugins.thread.CheckShareLatexUserThread;
import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread;
import org.gcube.portal.plugins.util.HookConstants;
import org.gcube.vomanagement.usermanagement.GroupManager;
import org.gcube.vomanagement.usermanagement.UserManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
@ -117,14 +130,13 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
try {
if (gm.isVRE(groupId)) {
_log.debug("Group is a VRE, proceeding with association ...");
String scope = gm.getInfrastructureScope(groupId);
String contextOfVRE = gm.getInfrastructureScope(groupId);
org.gcube.vomanagement.usermanagement.UserManager um = new LiferayUserManager();
String username = um.getUserById(userId).getUsername();
//add the user to shareLatex
Thread t = new Thread(new CheckShareLatexUserThread(username, scope));
Thread t = new Thread(new CheckShareLatexUserThread(username, contextOfVRE));
t.start();
org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
hlUm.associateUserToGroup(scope, username);
setUser2VREFolder(gm, um, username, contextOfVRE, true);
} else {
_log.debug("Group is not a VRE, SKIP adding");
}
@ -134,6 +146,68 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
}
ScopeProvider.instance.set(currScope);
}
/**
*
* @param gm
* @param uMan
* @param username2Add
* @param context
* @param add
* @return
* @throws Exception
*/
private boolean setUser2VREFolder(GroupManager gm, UserManager uMan, String username2Add, String context, boolean add) throws Exception {
String previousToken = SecurityTokenProvider.instance.get();
String previousUMAToken = UmaJWTProvider.instance.get();
//get the super user
_log.info("Getting super user with role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
//get the super user
String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext);
User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
if (theAdmin == null) {
_log.error("Cannot add the user to the VRE Folder: there is no user having role " + HookConstants.AUTHORISED_INFRA_ROLE + " on context: " + infraContext);
return false;
}
String adminUsername = theAdmin.getScreenName();
_log.info("Got the super user: " + adminUsername);
String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
List<String> rolesString = new ArrayList<String>();
List<GCubeRole> theAdminRoles = new LiferayRoleManager().listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId);
for (GCubeRole gCubeRole : theAdminRoles) {
rolesString.add(gCubeRole.getRoleName());
}
rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
_log.info("legacy authorizationService().setTokenRoles done");
authorizationService().setTokenRoles(theAdminToken, rolesString);
SecurityTokenProvider.instance.set(theAdminToken);
OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName());
_log.info("\n\n\n*VREFolder-Hook** new authorizationService PortalClient UMA-Token In ThreadLocal done ****\n\n");
String vreFolderNameForsHub = getVREFolderNameFromContext(context);
System.out.println("-> VRE FOlder name to pass to shub: "+ vreFolderNameForsHub);
GroupManagerClient client = AbstractPlugin.groups().build();
if (add)
client.addUserToGroup(username2Add,vreFolderNameForsHub);
else
client.removeUserFromGroup(username2Add, vreFolderNameForsHub);
_log.info("*VREFolder-Hook** " + username2Add + " was added or removed succefully from this VRE Folder. Added? (if false was removed)" + add);
UmaJWTProvider.instance.set(previousUMAToken);
SecurityTokenProvider.instance.set(previousToken);
return true;
}
private static String getVREFolderNameFromContext(String context) {
if (context.startsWith("/")) {
return context.substring(1).replace("/", "-");
}
return null;
}
/**
*
* @param groupId
@ -158,12 +232,11 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
try {
if (gm.isVRE(groupId)) {
_log.debug("Group is a VRE, proceeding with removal ...");
String scope = gm.getInfrastructureScope(groupId);
String contextOfVRE = gm.getInfrastructureScope(groupId);
org.gcube.vomanagement.usermanagement.UserManager um = new LiferayUserManager();
String username = um.getUserById(userId).getUsername();
org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
hlUm.removeUserFromGroup(scope, username);
Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, scope));
setUser2VREFolder(gm, um, username, contextOfVRE, false);
Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, contextOfVRE));
tToken.start();
} else {
_log.debug("Group is not a VRE, SKIP removal");

8
src/main/java/org/gcube/portal/plugins/util/HookConstants.java Normal file
View File

@ -0,0 +1,8 @@
package org.gcube.portal.plugins.util;
public class HookConstants {
public static final String AUTHORISED_INFRA_ROLE = "Infrastructure-Manager";
}