From 64d7c6c02dd32575aa1c1e287abce5b87c5febdc Mon Sep 17 00:00:00 2001 From: Massimiliano Assante Date: Wed, 3 Feb 2021 18:07:38 +0100 Subject: [PATCH] Implemented VRE Users Add and Remove from VREFolder via storage hub --- pom.xml | 13 ++- .../plugins/GCubeHookUserLocalService.java | 93 +++++++++++++++++-- .../portal/plugins/util/HookConstants.java | 8 ++ 3 files changed, 103 insertions(+), 11 deletions(-) create mode 100644 src/main/java/org/gcube/portal/plugins/util/HookConstants.java diff --git a/pom.xml b/pom.xml index 10bcfe3..0d9e675 100644 --- a/pom.xml +++ b/pom.xml @@ -12,7 +12,7 @@ org.gcube.portal.plugins VREFolder-hook VREFolder-hook Hook - 6.7.1 + 6.8.0-SNAPSHOT war VREFolder-hook handles the user adding/removal from the related Home Library VRE Folder @@ -42,6 +42,16 @@ + + org.gcube.common + storagehub-client-library + + + org.gcube.portal + oidc-library-portal + [1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT) + provided + org.gcube.common home-library @@ -57,6 +67,7 @@ home-library-jcr provided + org.gcube.core common-encryption diff --git a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java index 686f3ce..1302200 100644 --- a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java +++ b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java @@ -1,14 +1,27 @@ package org.gcube.portal.plugins; -import org.gcube.common.homelibrary.home.HomeLibrary; +import static org.gcube.common.authorization.client.Constants.authorizationService; + +import java.util.ArrayList; +import java.util.List; + +import org.gcube.common.authorization.library.provider.SecurityTokenProvider; +import org.gcube.common.authorization.library.provider.UmaJWTProvider; import org.gcube.common.portal.PortalContext; import org.gcube.common.scope.api.ScopeProvider; +import org.gcube.common.storagehub.client.plugins.AbstractPlugin; +import org.gcube.common.storagehub.client.proxies.GroupManagerClient; +import org.gcube.portal.oidc.lr62.OIDCUmaUtil; import org.gcube.portal.plugins.thread.CheckShareLatexUserThread; import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread; - +import org.gcube.portal.plugins.util.HookConstants; import org.gcube.vomanagement.usermanagement.GroupManager; +import org.gcube.vomanagement.usermanagement.UserManager; import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager; +import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager; import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager; +import org.gcube.vomanagement.usermanagement.model.GCubeRole; +import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames; import com.liferay.portal.kernel.exception.SystemException; import com.liferay.portal.kernel.log.Log; @@ -117,14 +130,13 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { try { if (gm.isVRE(groupId)) { _log.debug("Group is a VRE, proceeding with association ..."); - String scope = gm.getInfrastructureScope(groupId); + String contextOfVRE = gm.getInfrastructureScope(groupId); org.gcube.vomanagement.usermanagement.UserManager um = new LiferayUserManager(); String username = um.getUserById(userId).getUsername(); //add the user to shareLatex - Thread t = new Thread(new CheckShareLatexUserThread(username, scope)); + Thread t = new Thread(new CheckShareLatexUserThread(username, contextOfVRE)); t.start(); - org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager(); - hlUm.associateUserToGroup(scope, username); + setUser2VREFolder(gm, um, username, contextOfVRE, true); } else { _log.debug("Group is not a VRE, SKIP adding"); } @@ -134,6 +146,68 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { } ScopeProvider.instance.set(currScope); } + + /** + * + * @param gm + * @param uMan + * @param username2Add + * @param context + * @param add + * @return + * @throws Exception + */ + private boolean setUser2VREFolder(GroupManager gm, UserManager uMan, String username2Add, String context, boolean add) throws Exception { + String previousToken = SecurityTokenProvider.instance.get(); + String previousUMAToken = UmaJWTProvider.instance.get(); + //get the super user + _log.info("Getting super user with role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName()); + //get the super user + String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName(); + long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext); + User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER); + if (theAdmin == null) { + _log.error("Cannot add the user to the VRE Folder: there is no user having role " + HookConstants.AUTHORISED_INFRA_ROLE + " on context: " + infraContext); + return false; + } + String adminUsername = theAdmin.getScreenName(); + _log.info("Got the super user: " + adminUsername); + String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername); + List rolesString = new ArrayList(); + List theAdminRoles = new LiferayRoleManager().listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId); + for (GCubeRole gCubeRole : theAdminRoles) { + rolesString.add(gCubeRole.getRoleName()); + } + rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName()); + _log.info("legacy authorizationService().setTokenRoles done"); + authorizationService().setTokenRoles(theAdminToken, rolesString); + SecurityTokenProvider.instance.set(theAdminToken); + OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName()); + _log.info("\n\n\n*VREFolder-Hook** new authorizationService PortalClient UMA-Token In ThreadLocal done ****\n\n"); + + String vreFolderNameForsHub = getVREFolderNameFromContext(context); + System.out.println("-> VRE FOlder name to pass to shub: "+ vreFolderNameForsHub); + + GroupManagerClient client = AbstractPlugin.groups().build(); + if (add) + client.addUserToGroup(username2Add,vreFolderNameForsHub); + else + client.removeUserFromGroup(username2Add, vreFolderNameForsHub); + + _log.info("*VREFolder-Hook** " + username2Add + " was added or removed succefully from this VRE Folder. Added? (if false was removed)" + add); + UmaJWTProvider.instance.set(previousUMAToken); + SecurityTokenProvider.instance.set(previousToken); + return true; + + } + + private static String getVREFolderNameFromContext(String context) { + if (context.startsWith("/")) { + return context.substring(1).replace("/", "-"); + } + return null; + } + /** * * @param groupId @@ -158,12 +232,11 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { try { if (gm.isVRE(groupId)) { _log.debug("Group is a VRE, proceeding with removal ..."); - String scope = gm.getInfrastructureScope(groupId); + String contextOfVRE = gm.getInfrastructureScope(groupId); org.gcube.vomanagement.usermanagement.UserManager um = new LiferayUserManager(); String username = um.getUserById(userId).getUsername(); - org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager(); - hlUm.removeUserFromGroup(scope, username); - Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, scope)); + setUser2VREFolder(gm, um, username, contextOfVRE, false); + Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, contextOfVRE)); tToken.start(); } else { _log.debug("Group is not a VRE, SKIP removal"); diff --git a/src/main/java/org/gcube/portal/plugins/util/HookConstants.java b/src/main/java/org/gcube/portal/plugins/util/HookConstants.java new file mode 100644 index 0000000..a92c771 --- /dev/null +++ b/src/main/java/org/gcube/portal/plugins/util/HookConstants.java @@ -0,0 +1,8 @@ +package org.gcube.portal.plugins.util; + + +public class HookConstants { + + public static final String AUTHORISED_INFRA_ROLE = "Infrastructure-Manager"; + +} \ No newline at end of file