both the VRE User adding/removal and roles are handled via shub

3 years ago · ac5dae9fbb
parent 11473f7ef9
commit ac5dae9fbb
4 changed files with 83 additions and 68 deletions
--- a/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java
+++ b/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java
@ -2,12 +2,15 @@ package org.gcube.portal.plugins;

 import java.util.List;

-import org.gcube.common.homelibrary.home.HomeLibrary;
-import org.gcube.common.homelibrary.home.workspace.usermanager.UserManager;
-import org.gcube.common.portal.PortalContext;
-import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.authorization.library.provider.UmaJWTProvider;
+import org.gcube.common.storagehub.client.dsl.StorageHubClient;
+import org.gcube.common.storagehub.client.dsl.Util;
+import org.gcube.common.storagehub.client.dsl.VREFolderManager;
+import org.gcube.portal.plugins.util.AuthUtil;
 import org.gcube.vomanagement.usermanagement.GroupManager;
 import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
+import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
 import org.gcube.vomanagement.usermanagement.model.GCubeRole;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@ -17,7 +20,6 @@ import com.liferay.portal.model.UserGroupRole;
 import com.liferay.portal.service.RoleLocalServiceUtil;
 import com.liferay.portal.service.UserGroupRoleLocalService;
 import com.liferay.portal.service.UserGroupRoleLocalServiceWrapper;
-import com.liferay.portal.service.UserLocalServiceUtil;

 public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrapper {
 	/**
@ -61,21 +63,25 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
 	}

 	private void setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception {
-
-		String scopeVREFolder = gm.getInfrastructureScope(groupId);
-
-		String currScope = ScopeProvider.instance.get();
-		String scopeToset = "/"+PortalContext.getConfiguration().getInfrastructureName();
-		ScopeProvider.instance.set(scopeToset);		
-
-		String username = UserLocalServiceUtil.getUser(userId).getScreenName();
-		_log.debug("User " + username + " is going to be VRE Folder Admin?" + enable);
-		UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
-		if (enable)
-			hlUm.setAdministrator(scopeVREFolder, username);
-		else
-			hlUm.removeAdministrator(scopeVREFolder, username);
-
-		ScopeProvider.instance.set(currScope);
+		String previousToken = SecurityTokenProvider.instance.get();
+		String previousUMAToken = UmaJWTProvider.instance.get();
+		//this put the necessary auth tokens (legacy e UMA) in ThreadLocal
+		AuthUtil.setInfraManagerLegacyAndUMATokenInThreadLocal();
+		String context = gm.getInfrastructureScope(groupId);
+		String vreFolderTitle = Util.getVREGroupFromContext(context);
+		_log.debug("The vreFolderTitle on which the VREFolder role is being {} is {}", enable, vreFolderTitle);
+		StorageHubClient shc = new StorageHubClient();
+		VREFolderManager vreFolderManager = shc.getVreFolderManager(vreFolderTitle);
+		
+		String theUserToPromoteOrDeclass = new LiferayUserManager().getUserById(userId).getUsername();
+		_log.info("The {} is being promoted? {} ", theUserToPromoteOrDeclass, enable);
+		if (enable) 
+			vreFolderManager.setAdmin(theUserToPromoteOrDeclass);
+		else 	
+			vreFolderManager.removeAdmin(theUserToPromoteOrDeclass);
+		_log.info("*VREFolder-Hook** add/remove role operation complete");
+		
+		UmaJWTProvider.instance.set(previousUMAToken);
+		SecurityTokenProvider.instance.set(previousToken);
 	}
 }
--- a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
+++ b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
@ -1,27 +1,18 @@
 package org.gcube.portal.plugins;

-import static org.gcube.common.authorization.client.Constants.authorizationService;
-
-import java.util.ArrayList;
-import java.util.List;
-
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.authorization.library.provider.UmaJWTProvider;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
 import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
-import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
 import org.gcube.portal.plugins.thread.CheckShareLatexUserThread;
 import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread;
-import org.gcube.portal.plugins.util.HookConstants;
+import org.gcube.portal.plugins.util.AuthUtil;
 import org.gcube.vomanagement.usermanagement.GroupManager;
 import org.gcube.vomanagement.usermanagement.UserManager;
 import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
-import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
 import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
-import org.gcube.vomanagement.usermanagement.model.GCubeRole;
-import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;

 import com.liferay.portal.kernel.exception.SystemException;
 import com.liferay.portal.kernel.log.Log;
@ -160,34 +151,9 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
 	private boolean setUser2VREFolder(GroupManager gm, UserManager uMan, String username2Add, String context, boolean add) throws Exception {
 		String previousToken = SecurityTokenProvider.instance.get();
 		String previousUMAToken = UmaJWTProvider.instance.get();
-		//get the super user
-		_log.info("Getting super user with role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
-		//get the super user
-		String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
-		long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext);			
-		User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
-		if (theAdmin == null) {
-			_log.error("Cannot add the user to the VRE Folder: there is no user having role " + HookConstants.AUTHORISED_INFRA_ROLE + " on context: " + infraContext);
-			return false;
-		}
-		String adminUsername = theAdmin.getScreenName();
-		_log.info("Got the super user: " + adminUsername);
-		String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
-		List<String> rolesString = new ArrayList<String>();
-		List<GCubeRole> theAdminRoles = new LiferayRoleManager().listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId);			
-		for (GCubeRole gCubeRole : theAdminRoles) {
-			rolesString.add(gCubeRole.getRoleName());
-		}
-		rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
-		_log.info("legacy authorizationService().setTokenRoles done");
-		authorizationService().setTokenRoles(theAdminToken, rolesString);
-		SecurityTokenProvider.instance.set(theAdminToken);
-		OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName());
-		_log.info("\n\n\n*VREFolder-Hook** new authorizationService PortalClient UMA-Token In ThreadLocal done  ****\n\n");
-		
-		String vreFolderNameForsHub = getVREFolderNameFromContext(context);
-		System.out.println("-> VRE FOlder name to pass to shub: "+ vreFolderNameForsHub);
-		
+		AuthUtil.setInfraManagerLegacyAndUMATokenInThreadLocal();
+		_log.info("\n*VREFolder-Hook** new authorizationService PortalClient UMA-Token In ThreadLocal done  ****\n\n");
+		String vreFolderNameForsHub = getVREFolderNameFromContext(context);		
 		GroupManagerClient client = AbstractPlugin.groups().build();
 		if (add)
 			client.addUserToGroup(username2Add,vreFolderNameForsHub);
@ -198,7 +164,6 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
 		UmaJWTProvider.instance.set(previousUMAToken);
 		SecurityTokenProvider.instance.set(previousToken);
 		return true;
-
 	}

 	private static String getVREFolderNameFromContext(String context) {
--- a/src/main/java/org/gcube/portal/plugins/util/AuthUtil.java
+++ b/src/main/java/org/gcube/portal/plugins/util/AuthUtil.java
@ -0,0 +1,52 @@
+package org.gcube.portal.plugins.util;
+
+import static org.gcube.common.authorization.client.Constants.authorizationService;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.portal.PortalContext;
+import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
+import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
+import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
+import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
+import org.gcube.vomanagement.usermanagement.model.GCubeRole;
+import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
+
+import com.liferay.portal.kernel.log.Log;
+import com.liferay.portal.kernel.log.LogFactoryUtil;
+import com.liferay.portal.model.User;
+
+public class AuthUtil {
+	private static Log _log = LogFactoryUtil.getLog(AuthUtil.class);
+	public AuthUtil() {
+	}
+
+	public static void setInfraManagerLegacyAndUMATokenInThreadLocal() throws Exception {
+		//get the super user
+		_log.info("Getting super user with role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
+		//get the super user
+		String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
+		long rootgroupId = new LiferayGroupManager().getGroupIdFromInfrastructureScope(infraContext);			
+		User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
+		if (theAdmin == null) {
+			_log.error("Cannot add the user to the VRE Folder: there is no user having role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER + " on context: " + infraContext);
+		}
+		String adminUsername = theAdmin.getScreenName();
+		_log.info("Got the super user: " + adminUsername);
+		String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
+		List<String> rolesString = new ArrayList<String>();
+		List<GCubeRole> theAdminRoles = new LiferayRoleManager().listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId);			
+		for (GCubeRole gCubeRole : theAdminRoles) {
+			rolesString.add(gCubeRole.getRoleName());
+		}
+		rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
+		_log.debug("legacy authorizationService().setTokenRoles done");
+		authorizationService().setTokenRoles(theAdminToken, rolesString);
+		SecurityTokenProvider.instance.set(theAdminToken);
+		OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName());
+		_log.debug("new authorizationService PortalClient set UMA-Token done");
+	}
+
+}
--- a/src/main/java/org/gcube/portal/plugins/util/HookConstants.java
+++ b/src/main/java/org/gcube/portal/plugins/util/HookConstants.java
@ -1,8 +0,0 @@
-package org.gcube.portal.plugins.util;
-
-
-public class HookConstants {
-
-	public static final String AUTHORISED_INFRA_ROLE = "Infrastructure-Manager";
-
-}