diff --git a/pom.xml b/pom.xml
index 10bcfe3..0d9e675 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
org.gcube.portal.plugins
VREFolder-hook
VREFolder-hook Hook
- 6.7.1
+ 6.8.0-SNAPSHOT
war
VREFolder-hook handles the user adding/removal from the related Home Library VRE Folder
@@ -42,6 +42,16 @@
+
+ org.gcube.common
+ storagehub-client-library
+
+
+ org.gcube.portal
+ oidc-library-portal
+ [1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)
+ provided
+
org.gcube.common
home-library
@@ -57,6 +67,7 @@
home-library-jcr
provided
+
org.gcube.core
common-encryption
diff --git a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
index 686f3ce..1302200 100644
--- a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
+++ b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
@@ -1,14 +1,27 @@
package org.gcube.portal.plugins;
-import org.gcube.common.homelibrary.home.HomeLibrary;
+import static org.gcube.common.authorization.client.Constants.authorizationService;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.authorization.library.provider.UmaJWTProvider;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
+import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
+import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
import org.gcube.portal.plugins.thread.CheckShareLatexUserThread;
import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread;
-
+import org.gcube.portal.plugins.util.HookConstants;
import org.gcube.vomanagement.usermanagement.GroupManager;
+import org.gcube.vomanagement.usermanagement.UserManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
+import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
+import org.gcube.vomanagement.usermanagement.model.GCubeRole;
+import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
@@ -117,14 +130,13 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
try {
if (gm.isVRE(groupId)) {
_log.debug("Group is a VRE, proceeding with association ...");
- String scope = gm.getInfrastructureScope(groupId);
+ String contextOfVRE = gm.getInfrastructureScope(groupId);
org.gcube.vomanagement.usermanagement.UserManager um = new LiferayUserManager();
String username = um.getUserById(userId).getUsername();
//add the user to shareLatex
- Thread t = new Thread(new CheckShareLatexUserThread(username, scope));
+ Thread t = new Thread(new CheckShareLatexUserThread(username, contextOfVRE));
t.start();
- org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
- hlUm.associateUserToGroup(scope, username);
+ setUser2VREFolder(gm, um, username, contextOfVRE, true);
} else {
_log.debug("Group is not a VRE, SKIP adding");
}
@@ -134,6 +146,68 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
}
ScopeProvider.instance.set(currScope);
}
+
+ /**
+ *
+ * @param gm
+ * @param uMan
+ * @param username2Add
+ * @param context
+ * @param add
+ * @return
+ * @throws Exception
+ */
+ private boolean setUser2VREFolder(GroupManager gm, UserManager uMan, String username2Add, String context, boolean add) throws Exception {
+ String previousToken = SecurityTokenProvider.instance.get();
+ String previousUMAToken = UmaJWTProvider.instance.get();
+ //get the super user
+ _log.info("Getting super user with role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
+ //get the super user
+ String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
+ long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext);
+ User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
+ if (theAdmin == null) {
+ _log.error("Cannot add the user to the VRE Folder: there is no user having role " + HookConstants.AUTHORISED_INFRA_ROLE + " on context: " + infraContext);
+ return false;
+ }
+ String adminUsername = theAdmin.getScreenName();
+ _log.info("Got the super user: " + adminUsername);
+ String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
+ List rolesString = new ArrayList();
+ List theAdminRoles = new LiferayRoleManager().listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId);
+ for (GCubeRole gCubeRole : theAdminRoles) {
+ rolesString.add(gCubeRole.getRoleName());
+ }
+ rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
+ _log.info("legacy authorizationService().setTokenRoles done");
+ authorizationService().setTokenRoles(theAdminToken, rolesString);
+ SecurityTokenProvider.instance.set(theAdminToken);
+ OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName());
+ _log.info("\n\n\n*VREFolder-Hook** new authorizationService PortalClient UMA-Token In ThreadLocal done ****\n\n");
+
+ String vreFolderNameForsHub = getVREFolderNameFromContext(context);
+ System.out.println("-> VRE FOlder name to pass to shub: "+ vreFolderNameForsHub);
+
+ GroupManagerClient client = AbstractPlugin.groups().build();
+ if (add)
+ client.addUserToGroup(username2Add,vreFolderNameForsHub);
+ else
+ client.removeUserFromGroup(username2Add, vreFolderNameForsHub);
+
+ _log.info("*VREFolder-Hook** " + username2Add + " was added or removed succefully from this VRE Folder. Added? (if false was removed)" + add);
+ UmaJWTProvider.instance.set(previousUMAToken);
+ SecurityTokenProvider.instance.set(previousToken);
+ return true;
+
+ }
+
+ private static String getVREFolderNameFromContext(String context) {
+ if (context.startsWith("/")) {
+ return context.substring(1).replace("/", "-");
+ }
+ return null;
+ }
+
/**
*
* @param groupId
@@ -158,12 +232,11 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
try {
if (gm.isVRE(groupId)) {
_log.debug("Group is a VRE, proceeding with removal ...");
- String scope = gm.getInfrastructureScope(groupId);
+ String contextOfVRE = gm.getInfrastructureScope(groupId);
org.gcube.vomanagement.usermanagement.UserManager um = new LiferayUserManager();
String username = um.getUserById(userId).getUsername();
- org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
- hlUm.removeUserFromGroup(scope, username);
- Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, scope));
+ setUser2VREFolder(gm, um, username, contextOfVRE, false);
+ Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, contextOfVRE));
tToken.start();
} else {
_log.debug("Group is not a VRE, SKIP removal");
diff --git a/src/main/java/org/gcube/portal/plugins/util/HookConstants.java b/src/main/java/org/gcube/portal/plugins/util/HookConstants.java
new file mode 100644
index 0000000..a92c771
--- /dev/null
+++ b/src/main/java/org/gcube/portal/plugins/util/HookConstants.java
@@ -0,0 +1,8 @@
+package org.gcube.portal.plugins.util;
+
+
+public class HookConstants {
+
+ public static final String AUTHORISED_INFRA_ROLE = "Infrastructure-Manager";
+
+}
\ No newline at end of file