both the VRE User adding/removal and roles are handled via shub
This commit is contained in:
parent
11473f7ef9
commit
ac5dae9fbb
|
|
@ -2,12 +2,15 @@ package org.gcube.portal.plugins;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.gcube.common.homelibrary.home.HomeLibrary;
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
import org.gcube.common.homelibrary.home.workspace.usermanager.UserManager;
|
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
|
||||||
import org.gcube.common.portal.PortalContext;
|
import org.gcube.common.storagehub.client.dsl.StorageHubClient;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.storagehub.client.dsl.Util;
|
||||||
|
import org.gcube.common.storagehub.client.dsl.VREFolderManager;
|
||||||
|
import org.gcube.portal.plugins.util.AuthUtil;
|
||||||
import org.gcube.vomanagement.usermanagement.GroupManager;
|
import org.gcube.vomanagement.usermanagement.GroupManager;
|
||||||
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
||||||
|
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
||||||
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
|
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
@ -17,7 +20,6 @@ import com.liferay.portal.model.UserGroupRole;
|
||||||
import com.liferay.portal.service.RoleLocalServiceUtil;
|
import com.liferay.portal.service.RoleLocalServiceUtil;
|
||||||
import com.liferay.portal.service.UserGroupRoleLocalService;
|
import com.liferay.portal.service.UserGroupRoleLocalService;
|
||||||
import com.liferay.portal.service.UserGroupRoleLocalServiceWrapper;
|
import com.liferay.portal.service.UserGroupRoleLocalServiceWrapper;
|
||||||
import com.liferay.portal.service.UserLocalServiceUtil;
|
|
||||||
|
|
||||||
public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrapper {
|
public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrapper {
|
||||||
/**
|
/**
|
||||||
|
|
@ -61,21 +63,25 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
|
||||||
}
|
}
|
||||||
|
|
||||||
private void setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception {
|
private void setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception {
|
||||||
|
String previousToken = SecurityTokenProvider.instance.get();
|
||||||
String scopeVREFolder = gm.getInfrastructureScope(groupId);
|
String previousUMAToken = UmaJWTProvider.instance.get();
|
||||||
|
//this put the necessary auth tokens (legacy e UMA) in ThreadLocal
|
||||||
String currScope = ScopeProvider.instance.get();
|
AuthUtil.setInfraManagerLegacyAndUMATokenInThreadLocal();
|
||||||
String scopeToset = "/"+PortalContext.getConfiguration().getInfrastructureName();
|
String context = gm.getInfrastructureScope(groupId);
|
||||||
ScopeProvider.instance.set(scopeToset);
|
String vreFolderTitle = Util.getVREGroupFromContext(context);
|
||||||
|
_log.debug("The vreFolderTitle on which the VREFolder role is being {} is {}", enable, vreFolderTitle);
|
||||||
String username = UserLocalServiceUtil.getUser(userId).getScreenName();
|
StorageHubClient shc = new StorageHubClient();
|
||||||
_log.debug("User " + username + " is going to be VRE Folder Admin?" + enable);
|
VREFolderManager vreFolderManager = shc.getVreFolderManager(vreFolderTitle);
|
||||||
UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
|
|
||||||
if (enable)
|
String theUserToPromoteOrDeclass = new LiferayUserManager().getUserById(userId).getUsername();
|
||||||
hlUm.setAdministrator(scopeVREFolder, username);
|
_log.info("The {} is being promoted? {} ", theUserToPromoteOrDeclass, enable);
|
||||||
else
|
if (enable)
|
||||||
hlUm.removeAdministrator(scopeVREFolder, username);
|
vreFolderManager.setAdmin(theUserToPromoteOrDeclass);
|
||||||
|
else
|
||||||
ScopeProvider.instance.set(currScope);
|
vreFolderManager.removeAdmin(theUserToPromoteOrDeclass);
|
||||||
|
_log.info("*VREFolder-Hook** add/remove role operation complete");
|
||||||
|
|
||||||
|
UmaJWTProvider.instance.set(previousUMAToken);
|
||||||
|
SecurityTokenProvider.instance.set(previousToken);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,27 +1,18 @@
|
||||||
package org.gcube.portal.plugins;
|
package org.gcube.portal.plugins;
|
||||||
|
|
||||||
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
|
||||||
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
|
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
|
||||||
import org.gcube.common.portal.PortalContext;
|
import org.gcube.common.portal.PortalContext;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
|
import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
|
||||||
import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
|
import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
|
||||||
import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
|
|
||||||
import org.gcube.portal.plugins.thread.CheckShareLatexUserThread;
|
import org.gcube.portal.plugins.thread.CheckShareLatexUserThread;
|
||||||
import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread;
|
import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread;
|
||||||
import org.gcube.portal.plugins.util.HookConstants;
|
import org.gcube.portal.plugins.util.AuthUtil;
|
||||||
import org.gcube.vomanagement.usermanagement.GroupManager;
|
import org.gcube.vomanagement.usermanagement.GroupManager;
|
||||||
import org.gcube.vomanagement.usermanagement.UserManager;
|
import org.gcube.vomanagement.usermanagement.UserManager;
|
||||||
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
||||||
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
|
|
||||||
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
||||||
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
|
|
||||||
import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
|
|
||||||
|
|
||||||
import com.liferay.portal.kernel.exception.SystemException;
|
import com.liferay.portal.kernel.exception.SystemException;
|
||||||
import com.liferay.portal.kernel.log.Log;
|
import com.liferay.portal.kernel.log.Log;
|
||||||
|
|
@ -160,34 +151,9 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
|
||||||
private boolean setUser2VREFolder(GroupManager gm, UserManager uMan, String username2Add, String context, boolean add) throws Exception {
|
private boolean setUser2VREFolder(GroupManager gm, UserManager uMan, String username2Add, String context, boolean add) throws Exception {
|
||||||
String previousToken = SecurityTokenProvider.instance.get();
|
String previousToken = SecurityTokenProvider.instance.get();
|
||||||
String previousUMAToken = UmaJWTProvider.instance.get();
|
String previousUMAToken = UmaJWTProvider.instance.get();
|
||||||
//get the super user
|
AuthUtil.setInfraManagerLegacyAndUMATokenInThreadLocal();
|
||||||
_log.info("Getting super user with role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
|
_log.info("\n*VREFolder-Hook** new authorizationService PortalClient UMA-Token In ThreadLocal done ****\n\n");
|
||||||
//get the super user
|
String vreFolderNameForsHub = getVREFolderNameFromContext(context);
|
||||||
String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
|
|
||||||
long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext);
|
|
||||||
User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
|
|
||||||
if (theAdmin == null) {
|
|
||||||
_log.error("Cannot add the user to the VRE Folder: there is no user having role " + HookConstants.AUTHORISED_INFRA_ROLE + " on context: " + infraContext);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
String adminUsername = theAdmin.getScreenName();
|
|
||||||
_log.info("Got the super user: " + adminUsername);
|
|
||||||
String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
|
|
||||||
List<String> rolesString = new ArrayList<String>();
|
|
||||||
List<GCubeRole> theAdminRoles = new LiferayRoleManager().listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId);
|
|
||||||
for (GCubeRole gCubeRole : theAdminRoles) {
|
|
||||||
rolesString.add(gCubeRole.getRoleName());
|
|
||||||
}
|
|
||||||
rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
|
|
||||||
_log.info("legacy authorizationService().setTokenRoles done");
|
|
||||||
authorizationService().setTokenRoles(theAdminToken, rolesString);
|
|
||||||
SecurityTokenProvider.instance.set(theAdminToken);
|
|
||||||
OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName());
|
|
||||||
_log.info("\n\n\n*VREFolder-Hook** new authorizationService PortalClient UMA-Token In ThreadLocal done ****\n\n");
|
|
||||||
|
|
||||||
String vreFolderNameForsHub = getVREFolderNameFromContext(context);
|
|
||||||
System.out.println("-> VRE FOlder name to pass to shub: "+ vreFolderNameForsHub);
|
|
||||||
|
|
||||||
GroupManagerClient client = AbstractPlugin.groups().build();
|
GroupManagerClient client = AbstractPlugin.groups().build();
|
||||||
if (add)
|
if (add)
|
||||||
client.addUserToGroup(username2Add,vreFolderNameForsHub);
|
client.addUserToGroup(username2Add,vreFolderNameForsHub);
|
||||||
|
|
@ -198,7 +164,6 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
|
||||||
UmaJWTProvider.instance.set(previousUMAToken);
|
UmaJWTProvider.instance.set(previousUMAToken);
|
||||||
SecurityTokenProvider.instance.set(previousToken);
|
SecurityTokenProvider.instance.set(previousToken);
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private static String getVREFolderNameFromContext(String context) {
|
private static String getVREFolderNameFromContext(String context) {
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,52 @@
|
||||||
|
package org.gcube.portal.plugins.util;
|
||||||
|
|
||||||
|
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
|
import org.gcube.common.portal.PortalContext;
|
||||||
|
import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
|
||||||
|
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
||||||
|
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
|
||||||
|
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
||||||
|
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
|
||||||
|
import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
|
||||||
|
|
||||||
|
import com.liferay.portal.kernel.log.Log;
|
||||||
|
import com.liferay.portal.kernel.log.LogFactoryUtil;
|
||||||
|
import com.liferay.portal.model.User;
|
||||||
|
|
||||||
|
public class AuthUtil {
|
||||||
|
private static Log _log = LogFactoryUtil.getLog(AuthUtil.class);
|
||||||
|
public AuthUtil() {
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void setInfraManagerLegacyAndUMATokenInThreadLocal() throws Exception {
|
||||||
|
//get the super user
|
||||||
|
_log.info("Getting super user with role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
|
||||||
|
//get the super user
|
||||||
|
String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
|
||||||
|
long rootgroupId = new LiferayGroupManager().getGroupIdFromInfrastructureScope(infraContext);
|
||||||
|
User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
|
||||||
|
if (theAdmin == null) {
|
||||||
|
_log.error("Cannot add the user to the VRE Folder: there is no user having role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER + " on context: " + infraContext);
|
||||||
|
}
|
||||||
|
String adminUsername = theAdmin.getScreenName();
|
||||||
|
_log.info("Got the super user: " + adminUsername);
|
||||||
|
String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
|
||||||
|
List<String> rolesString = new ArrayList<String>();
|
||||||
|
List<GCubeRole> theAdminRoles = new LiferayRoleManager().listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId);
|
||||||
|
for (GCubeRole gCubeRole : theAdminRoles) {
|
||||||
|
rolesString.add(gCubeRole.getRoleName());
|
||||||
|
}
|
||||||
|
rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
|
||||||
|
_log.debug("legacy authorizationService().setTokenRoles done");
|
||||||
|
authorizationService().setTokenRoles(theAdminToken, rolesString);
|
||||||
|
SecurityTokenProvider.instance.set(theAdminToken);
|
||||||
|
OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName());
|
||||||
|
_log.debug("new authorizationService PortalClient set UMA-Token done");
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -1,8 +0,0 @@
|
||||||
package org.gcube.portal.plugins.util;
|
|
||||||
|
|
||||||
|
|
||||||
public class HookConstants {
|
|
||||||
|
|
||||||
public static final String AUTHORISED_INFRA_ROLE = "Infrastructure-Manager";
|
|
||||||
|
|
||||||
}
|
|
||||||
Loading…
Reference in New Issue