gCubeSystem
/
VREFolder-hook
14
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

restored the code from SVN Branch Production (HL Calls) and removed the 

part where LDAP Groups are updated
This commit is contained in:
Massimiliano Assante 2020-11-18 17:43:27 +01:00
parent 4665e7c14d
commit b2e671e19b
4 changed files with 51 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -5,11 +5,11 @@ All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [v6.7.0] - 2020-11-17
## [v6.7.1] - 2020-11-17
Ported to git
Removed Home Library dependency, integrated support to send events to the Orchestrator service and Keycloak
Removed trigger that updates LDAP group upon users add/remove to VREs
## [v6.6.0] - 2018-03-02

17
pom.xml
View File

@ -12,7 +12,7 @@
<groupId>org.gcube.portal.plugins</groupId>
<artifactId>VREFolder-hook</artifactId>
<name>VREFolder-hook Hook</name>
<version>6.7.0</version>
<version>6.7.1-SNAPSHOT</version>
<packaging>war</packaging>
<description>
VREFolder-hook handles the user adding/removal from the related Home Library VRE Folder
@ -22,7 +22,7 @@
<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
<url>https://code-repo.d4science.org/gCubeSystem/${project.artifactId}</url>
</scm>
<properties>
<properties>
<liferay.version>6.2.5</liferay.version>
<liferay.maven.plugin.version>6.2.10.12</liferay.maven.plugin.version>
<liferay.auto.deploy.dir>/Users/massi/portal/liferay-portal-6.2-ce-ga6/deploy</liferay.auto.deploy.dir>
@ -44,7 +44,18 @@
<dependencies>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>storagehub-client-library</artifactId>
<artifactId>home-library</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>home-library-model</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>home-library-jcr</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.gcube.core</groupId>

116
src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java
View File

@ -1,58 +1,37 @@
package org.gcube.portal.plugins;
import static org.gcube.common.authorization.client.Constants.authorizationService;
import java.util.ArrayList;
import java.util.List;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
import org.gcube.common.homelibrary.home.HomeLibrary;
import org.gcube.common.homelibrary.home.workspace.usermanager.UserManager;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.storagehub.client.dsl.StorageHubClient;
import org.gcube.common.storagehub.client.dsl.Util;
import org.gcube.common.storagehub.client.dsl.VREFolderManager;
import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
import org.gcube.vomanagement.usermanagement.GroupManager;
import org.gcube.vomanagement.usermanagement.RoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.liferay.portal.model.Role;
import com.liferay.portal.model.User;
import com.liferay.portal.model.UserGroupRole;
import com.liferay.portal.service.RoleLocalServiceUtil;
import com.liferay.portal.service.UserGroupRoleLocalService;
import com.liferay.portal.service.UserGroupRoleLocalServiceWrapper;
import com.liferay.portal.service.UserLocalServiceUtil;
public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrapper {
/**
* logger
*/
private static final Logger _log = LoggerFactory.getLogger(GCubeHookSiteRoleLocalService.class);
private GroupManager gm;
private LiferayUserManager uMan;
public GCubeHookSiteRoleLocalService(UserGroupRoleLocalService userGroupRoleLocalService) {
super(userGroupRoleLocalService);
gm = new LiferayGroupManager();
uMan = new LiferayUserManager();
System.out.println("GCubeHookSiteRoleLocalService hook is UP & Listening ...");
}
//TODO: as soon as Feature https://support.d4science.org/issues/17726 is delivered take care of this also
@Override
public java.util.List<com.liferay.portal.model.UserGroupRole> addUserGroupRoles(long[] userIds, long groupId,
long roleId) throws com.liferay.portal.kernel.exception.SystemException {
List<UserGroupRole> toReturn = super.addUserGroupRoles(userIds, groupId, roleId);
return toReturn;
}
/**
* logger
*/
private static final Logger _log = LoggerFactory.getLogger(GCubeHookSiteRoleLocalService.class);
private GroupManager gm;
public GCubeHookSiteRoleLocalService(UserGroupRoleLocalService userGroupRoleLocalService) {
super(userGroupRoleLocalService);
gm = new LiferayGroupManager();
System.out.println("GCubeHookSiteRoleLocalService hook is UP & Listening ...");
}
@Override
public java.util.List<com.liferay.portal.model.UserGroupRole> addUserGroupRoles(
long userId, long groupId, long[] roleIds)
throws com.liferay.portal.kernel.exception.SystemException {
@ -81,61 +60,22 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
return toReturn;
}
private void setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception {
private boolean setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception {
String context = gm.getInfrastructureScope(groupId);
ScopeProvider.instance.set(context);
String vreFolderTitle = Util.getVREGroupFromContext(context);
_log.info("The vreFolderTitle on which the VREFolder role is being {} is {}", enable, vreFolderTitle);
_log.debug("Before StorageHubClient shc = new StorageHubClient();");
StorageHubClient shc = new StorageHubClient();
_log.debug("Before shc.getVreFolderManager(vreFolderTitle);");
VREFolderManager vreFolderManager = shc.getVreFolderManager(vreFolderTitle);
String scopeVREFolder = gm.getInfrastructureScope(groupId);
String previousToken = SecurityTokenProvider.instance.get();
String currScope = ScopeProvider.instance.get();
String scopeToset = "/"+PortalContext.getConfiguration().getInfrastructureName();
ScopeProvider.instance.set(scopeToset);
//get the super user
_log.debug("//get the super user");
String infraContext = "/" + PortalContext.getConfiguration().getInfrastructureName();
long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext);
User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
if (theAdmin == null) {
_log.warn("Cannot add the user as VRE Folder admin: there is no user having role "
+ GatewayRolesNames.INFRASTRUCTURE_MANAGER);
return false;
} else {
RoleManager rm = new LiferayRoleManager();
String adminUsername = theAdmin.getScreenName();
_log.info("Got the super user: " + adminUsername);
String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
List<String> rolesString = new ArrayList<String>();
List<GCubeRole> theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId);
for (GCubeRole gCubeRole : theAdminRoles) {
rolesString.add(gCubeRole.getRoleName());
}
rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
_log.info("authorizationService().setTokenRoles(theAdminToken, rolesString);" + theAdminToken);
authorizationService().setTokenRoles(theAdminToken, rolesString);
SecurityTokenProvider.instance.set(theAdminToken);
String previousUmaToken = UmaJWTProvider.instance.get();
OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal(infraContext);
String theUserToPromoteOrDeclass = uMan.getUserById(userId).getUsername();
_log.info("The {} is being promoted? {} ", theUserToPromoteOrDeclass, enable);
if (enable)
vreFolderManager.setAdmin(theUserToPromoteOrDeclass);
else
vreFolderManager.removeAdmin(theUserToPromoteOrDeclass);
SecurityTokenProvider.instance.set(previousToken);
if (previousUmaToken != null) {
UmaJWTProvider.instance.set(previousUmaToken);
}
return true;
}
}
String username = UserLocalServiceUtil.getUser(userId).getScreenName();
_log.debug("User " + username + " is going to be VRE Folder Admin?" + enable);
UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
if (enable)
hlUm.setAdministrator(scopeVREFolder, username);
else
hlUm.removeAdministrator(scopeVREFolder, username);
ScopeProvider.instance.set(currScope);
}
}

76
src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
View File

@ -1,27 +1,14 @@
package org.gcube.portal.plugins;
import static org.gcube.common.authorization.client.Constants.authorizationService;
import java.util.ArrayList;
import java.util.List;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
import org.gcube.common.homelibrary.home.HomeLibrary;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
import org.gcube.portal.plugins.thread.CheckShareLatexUserThread;
import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread;
import org.gcube.vomanagement.usermanagement.GroupManager;
import org.gcube.vomanagement.usermanagement.RoleManager;
import org.gcube.vomanagement.usermanagement.UserManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
@ -35,7 +22,6 @@ import com.liferay.portal.service.UserLocalServiceWrapper;
*
*/
public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
/**
* logger
*/
@ -137,7 +123,8 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
//add the user to shareLatex
Thread t = new Thread(new CheckShareLatexUserThread(username, scope));
t.start();
setUser2VREFolder(gm, um, username, scope, true);
org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
hlUm.associateUserToGroup(scope, username);
} else {
_log.debug("Group is not a VRE, SKIP adding");
}
@ -147,56 +134,6 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
}
ScopeProvider.instance.set(currScope);
}
private boolean setUser2VREFolder(GroupManager gm, UserManager uMan, String username2Add, String context, boolean add) throws Exception {
String previousToken = SecurityTokenProvider.instance.get();
//get the super user
String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext);
User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
if (theAdmin == null) {
_log.warn("Cannot add the user as VRE Folder admin: there is no user having role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER);
return false;
}
else {
RoleManager rm = new LiferayRoleManager();
String adminUsername = theAdmin.getScreenName();
_log.info("Got the super user: " +adminUsername);
String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
List<String> rolesString = new ArrayList<String>();
List<GCubeRole> theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId);
for (GCubeRole gCubeRole : theAdminRoles) {
rolesString.add(gCubeRole.getRoleName());
}
rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
_log.info("authorizationService().setTokenRoles(theAdminToken, rolesString);" +theAdminToken);
authorizationService().setTokenRoles(theAdminToken, rolesString);
SecurityTokenProvider.instance.set(theAdminToken);
String previousUmaToken = UmaJWTProvider.instance.get();
OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal(infraContext);
GroupManagerClient client = AbstractPlugin.groups().build();
if (add)
client.addUserToGroup(username2Add, getVREFolderNameFromContext(context));
else
client.removeUserFromGroup(username2Add, getVREFolderNameFromContext(context));
SecurityTokenProvider.instance.set(previousToken);
if (previousUmaToken != null) {
UmaJWTProvider.instance.set(previousUmaToken);
}
return true;
}
}
private static String getVREFolderNameFromContext(String context) {
if (context.startsWith("/")) {
return context.substring(1).replace("/", "-");
}
return null;
}
/**
*
* @param groupId
@ -223,8 +160,9 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
_log.debug("Group is a VRE, proceeding with removal ...");
String scope = gm.getInfrastructureScope(groupId);
org.gcube.vomanagement.usermanagement.UserManager um = new LiferayUserManager();
String username = um.getUserById(userId).getUsername();
setUser2VREFolder(gm, um, username, scope, false);
String username = um.getUserById(userId).getUsername();
org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager();
hlUm.removeUserFromGroup(scope, username);
Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, scope));
tToken.start();
} else {