Added portal role in ckan user
This commit is contained in:
parent
00d60021fc
commit
cf150065d0
|
@ -193,7 +193,7 @@ Roles
|
||||||
-----
|
-----
|
||||||
|
|
||||||
Any user has one or more roles in the catalogue.
|
Any user has one or more roles in the catalogue.
|
||||||
The VRE Manager can only assign roles.
|
Only the VRE Manager can assign roles to VRE users.
|
||||||
|
|
||||||
|
|
||||||
The catalogue uses the following hierarchic roles:
|
The catalogue uses the following hierarchic roles:
|
||||||
|
@ -213,7 +213,7 @@ The catalogue uses the following hierarchic roles:
|
||||||
|
|
||||||
Another role that is not in the role hierarchy:
|
Another role that is not in the role hierarchy:
|
||||||
|
|
||||||
Catalogue-Moderator:
|
**Catalogue-Moderator**:
|
||||||
A user with such a role is capable of invoking the item moderation APIs.
|
A user with such a role is capable of invoking the item moderation APIs.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -352,7 +352,7 @@ public class CKANPackage extends CKAN implements Moderated {
|
||||||
return objectNode;
|
return objectNode;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected JsonNode validateJso(String json) {
|
protected JsonNode validateJson(String json) {
|
||||||
try {
|
try {
|
||||||
// check base information (and set them if needed)
|
// check base information (and set them if needed)
|
||||||
ObjectNode objectNode = checkBaseInformation(json);
|
ObjectNode objectNode = checkBaseInformation(json);
|
||||||
|
|
|
@ -6,6 +6,7 @@ import javax.ws.rs.InternalServerErrorException;
|
||||||
import javax.ws.rs.WebApplicationException;
|
import javax.ws.rs.WebApplicationException;
|
||||||
import javax.ws.rs.core.Response.Status;
|
import javax.ws.rs.core.Response.Status;
|
||||||
|
|
||||||
|
import org.gcube.com.fasterxml.jackson.databind.node.ArrayNode;
|
||||||
import org.gcube.com.fasterxml.jackson.databind.node.ObjectNode;
|
import org.gcube.com.fasterxml.jackson.databind.node.ObjectNode;
|
||||||
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
||||||
import org.gcube.common.authorization.utils.user.User;
|
import org.gcube.common.authorization.utils.user.User;
|
||||||
|
@ -47,6 +48,8 @@ public class CKANUser extends CKAN {
|
||||||
|
|
||||||
private static final String API_KEY = "apikey";
|
private static final String API_KEY = "apikey";
|
||||||
|
|
||||||
|
public static final String PORTAL_ROLES = "portal_roles";
|
||||||
|
|
||||||
protected Role role;
|
protected Role role;
|
||||||
protected Boolean catalogueModerator;
|
protected Boolean catalogueModerator;
|
||||||
|
|
||||||
|
@ -187,15 +190,32 @@ public class CKANUser extends CKAN {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void parseResult() {
|
protected String parseResult() {
|
||||||
name = result.get(NAME).asText();
|
name = result.get(NAME).asText();
|
||||||
try {
|
|
||||||
apiKey = result.get(API_KEY).asText();
|
// Only managers can read Ckan API key
|
||||||
}catch (Exception e) {
|
if(getRole().ordinal()<Role.MANAGER.ordinal()) {
|
||||||
if(name.compareTo(getCKANUsername())==0) {
|
try {
|
||||||
throw e;
|
apiKey = result.get(API_KEY).asText();
|
||||||
|
}catch (Exception e) {
|
||||||
|
// The user reading its own Ckan profile must be able to read its API key
|
||||||
|
if(name.compareTo(getCKANUsername())==0) {
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}else {
|
||||||
|
((ObjectNode) result).remove(API_KEY);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(name.compareTo(getCKANUsername())==0) {
|
||||||
|
ArrayNode roles = ((ObjectNode) result).putArray(PORTAL_ROLES);
|
||||||
|
roles.add(getRole().getPortalRole());
|
||||||
|
if(isCatalogueModerator()) {
|
||||||
|
roles.add(Moderated.CATALOGUE_MODERATOR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return getAsString(result);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected static String getCKANUsername(String username) {
|
protected static String getCKANUsername(String username) {
|
||||||
|
@ -218,9 +238,21 @@ public class CKANUser extends CKAN {
|
||||||
return getCKANUsername(username);
|
return getCKANUsername(username);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String create(String json) {
|
||||||
|
super.create(json);
|
||||||
|
String ret = parseResult();
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
public String read() {
|
public String read() {
|
||||||
String ret = super.read();
|
super.read();
|
||||||
parseResult();
|
String ret = parseResult();
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String update(String json) {
|
||||||
|
super.update(json);
|
||||||
|
String ret = parseResult();
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -99,6 +99,13 @@ public class User extends REST<CKANUser> implements org.gcube.gcat.api.interface
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Read the profile of the user in Ckan
|
||||||
|
* The <code>apikey</code> to interact directly with Ckan are returned only for Catalogue-Managers
|
||||||
|
* and only for its own profile.
|
||||||
|
*
|
||||||
|
* The service add the user's role in <code>portal_role</code> property when the user read its own profile.
|
||||||
|
* See <a href="../docs/index.html#roles">Roles</a> section for more information.
|
||||||
|
*
|
||||||
* @pathExample /users/luca_frosini
|
* @pathExample /users/luca_frosini
|
||||||
* @responseExample application/json;charset=UTF-8 classpath:/api-docs-examples/user/read-user-response.json
|
* @responseExample application/json;charset=UTF-8 classpath:/api-docs-examples/user/read-user-response.json
|
||||||
*/
|
*/
|
||||||
|
|
Loading…
Reference in New Issue