diff --git a/pom.xml b/pom.xml
index a565ef3..8b3b3e7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -65,6 +65,11 @@
gcat-api
[2.0.0,3.0.0-SNAPSHOT)
+
+ org.gcube.common
+ authorization-control-library
+ [1.0.0,2.0.0-SNAPSHOT)
+
org.gcube.common
authorization-utils
diff --git a/src/main/java/org/gcube/gcat/profile/ISProfile.java b/src/main/java/org/gcube/gcat/profile/ISProfile.java
index 2a55f14..2e08417 100644
--- a/src/main/java/org/gcube/gcat/profile/ISProfile.java
+++ b/src/main/java/org/gcube/gcat/profile/ISProfile.java
@@ -197,7 +197,7 @@ public class ISProfile {
public boolean delete(String name) {
try {
CKANUser ckanUser = CKANUserCache.getCurrrentCKANUser();
- if(ckanUser.getRole().ordinal() implements org.gcube.gcat.api.interfa
@GET
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public String list(@QueryParam(GCatConstants.LIMIT_PARAMETER) @DefaultValue("10") int limit,
@QueryParam(GCatConstants.OFFSET_PARAMETER) @DefaultValue("0") int offset,
@QueryParam(GCatConstants.COUNT_PARAMETER) @DefaultValue("false") Boolean countOnly) {
@@ -65,6 +69,7 @@ public class Group extends REST implements org.gcube.gcat.api.interfa
@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response create(String json) {
return super.create(json);
}
@@ -73,6 +78,7 @@ public class Group extends REST implements org.gcube.gcat.api.interfa
@Path("/{" + GROUP_ID_PARAMETER + "}")
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR}, exception=NotAuthorizedException.class)
public String read(@PathParam(GROUP_ID_PARAMETER) String id) {
return super.read(id);
}
@@ -82,6 +88,7 @@ public class Group extends REST implements org.gcube.gcat.api.interfa
@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public String update(@PathParam(GROUP_ID_PARAMETER) String id, String json) {
return super.update(id, json);
}
@@ -91,6 +98,7 @@ public class Group extends REST implements org.gcube.gcat.api.interfa
@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public String patch(@PathParam(GROUP_ID_PARAMETER) String id, String json) {
return super.patch(id, json);
}
@@ -98,6 +106,7 @@ public class Group extends REST implements org.gcube.gcat.api.interfa
@DELETE
@Path("/{" + GROUP_ID_PARAMETER + "}")
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response delete(@PathParam(GROUP_ID_PARAMETER) String id,
@QueryParam(GCatConstants.PURGE_QUERY_PARAMETER) @DefaultValue("false") Boolean purge) {
return super.delete(id, purge);
@@ -106,11 +115,13 @@ public class Group extends REST implements org.gcube.gcat.api.interfa
@PURGE
@Path("/{" + GROUP_ID_PARAMETER + "}")
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response purge(@PathParam(GROUP_ID_PARAMETER) String id) {
return delete(id, true);
}
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response delete(String name, boolean purge) {
return delete(name, new Boolean(purge));
}
diff --git a/src/main/java/org/gcube/gcat/rest/Item.java b/src/main/java/org/gcube/gcat/rest/Item.java
index 6cd6b37..465e155 100644
--- a/src/main/java/org/gcube/gcat/rest/Item.java
+++ b/src/main/java/org/gcube/gcat/rest/Item.java
@@ -4,6 +4,7 @@ import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
+import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
@@ -15,9 +16,12 @@ import javax.ws.rs.core.Response.ResponseBuilder;
import javax.ws.rs.core.Response.Status;
import javax.xml.ws.WebServiceException;
+import org.gcube.common.authorization.control.annotations.AuthorizationControl;
import org.gcube.gcat.annotation.PATCH;
import org.gcube.gcat.annotation.PURGE;
import org.gcube.gcat.api.GCatConstants;
+import org.gcube.gcat.api.moderation.Moderated;
+import org.gcube.gcat.api.roles.Role;
import org.gcube.gcat.persistence.ckan.CKANPackage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -40,6 +44,7 @@ public class Item extends REST implements org.gcube.gcat.api.interf
@GET
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MEMBER, Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public String list(@QueryParam(GCatConstants.LIMIT_PARAMETER) @DefaultValue("10") int limit,
@QueryParam(GCatConstants.OFFSET_PARAMETER) @DefaultValue("0") int offset,
@QueryParam(GCatConstants.COUNT_PARAMETER) @DefaultValue("false") Boolean countOnly) {
@@ -65,6 +70,7 @@ public class Item extends REST implements org.gcube.gcat.api.interf
@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response create(String json) {
return super.create(json);
}
@@ -73,6 +79,7 @@ public class Item extends REST implements org.gcube.gcat.api.interf
@Path("/{" + ITEM_ID_PARAMETER + "}")
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MEMBER, Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public String read(@PathParam(ITEM_ID_PARAMETER) String id) {
return super.read(id);
}
@@ -82,6 +89,7 @@ public class Item extends REST implements org.gcube.gcat.api.interf
@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public String update(@PathParam(ITEM_ID_PARAMETER) String id, String json) {
return super.update(id, json);
}
@@ -91,6 +99,7 @@ public class Item extends REST implements org.gcube.gcat.api.interf
@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public String patch(@PathParam(ITEM_ID_PARAMETER) String id, String json) {
return super.patch(id, json);
}
@@ -98,6 +107,7 @@ public class Item extends REST implements org.gcube.gcat.api.interf
@DELETE
@Path("/{" + ITEM_ID_PARAMETER + "}")
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response delete(@PathParam(ITEM_ID_PARAMETER) String id,
@QueryParam(GCatConstants.PURGE_QUERY_PARAMETER) @DefaultValue("false") Boolean purge) {
return super.delete(id, purge);
@@ -106,6 +116,7 @@ public class Item extends REST implements org.gcube.gcat.api.interf
@PURGE
@Path("/{" + ITEM_ID_PARAMETER + "}")
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response purge(@PathParam(ITEM_ID_PARAMETER) String id) {
return super.purge(id);
}
@@ -146,6 +157,7 @@ public class Item extends REST implements org.gcube.gcat.api.interf
@Path("/{" + ITEM_ID_PARAMETER + "}")
@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER, Moderated.CATALOGUE_MODERATOR }, exception=NotAuthorizedException.class)
public Response moderate(@PathParam(ITEM_ID_PARAMETER) String id, String json) {
setCalledMethod("POST /" + COLLECTION_PARAMETER + "/{" + ID_PARAMETER + "}");
CKANPackage ckanPackage = getInstance();
diff --git a/src/main/java/org/gcube/gcat/rest/Organization.java b/src/main/java/org/gcube/gcat/rest/Organization.java
index db26c4a..032b59e 100644
--- a/src/main/java/org/gcube/gcat/rest/Organization.java
+++ b/src/main/java/org/gcube/gcat/rest/Organization.java
@@ -4,6 +4,7 @@ import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
+import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
@@ -13,9 +14,11 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import javax.xml.ws.WebServiceException;
+import org.gcube.common.authorization.control.annotations.AuthorizationControl;
import org.gcube.gcat.annotation.PATCH;
import org.gcube.gcat.annotation.PURGE;
import org.gcube.gcat.api.GCatConstants;
+import org.gcube.gcat.api.roles.Role;
import org.gcube.gcat.persistence.ckan.CKANOrganization;
/**
@@ -66,6 +69,7 @@ public class Organization extends REST
@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response create(String json) {
return super.create(json);
}
@@ -83,6 +87,7 @@ public class Organization extends REST
@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public String update(@PathParam(ORGANIZATION_ID_PARAMETER) String id, String json) {
return super.update(id, json);
}
@@ -92,6 +97,7 @@ public class Organization extends REST
@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public String patch(@PathParam(ORGANIZATION_ID_PARAMETER) String id, String json) {
return super.patch(id, json);
}
@@ -99,6 +105,7 @@ public class Organization extends REST
@DELETE
@Path("/{" + ORGANIZATION_ID_PARAMETER + "}")
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response delete(@PathParam(ORGANIZATION_ID_PARAMETER) String id,
@QueryParam(GCatConstants.PURGE_QUERY_PARAMETER) @DefaultValue("false") Boolean purge) {
return super.delete(id, purge);
@@ -106,6 +113,7 @@ public class Organization extends REST
@PURGE
@Path("/{" + ORGANIZATION_ID_PARAMETER + "}")
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response purge(@PathParam(ORGANIZATION_ID_PARAMETER) String id) {
return super.purge(id);
}
diff --git a/src/main/java/org/gcube/gcat/rest/Profile.java b/src/main/java/org/gcube/gcat/rest/Profile.java
index 0e70308..99c8f1a 100644
--- a/src/main/java/org/gcube/gcat/rest/Profile.java
+++ b/src/main/java/org/gcube/gcat/rest/Profile.java
@@ -9,6 +9,7 @@ import javax.ws.rs.HeaderParam;
import javax.ws.rs.HttpMethod;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.NotAllowedException;
+import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
@@ -23,8 +24,10 @@ import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriInfo;
import org.gcube.com.fasterxml.jackson.databind.node.ArrayNode;
+import org.gcube.common.authorization.control.annotations.AuthorizationControl;
import org.gcube.datacatalogue.metadatadiscovery.DataCalogueMetadataFormatReader;
import org.gcube.gcat.api.GCatConstants;
+import org.gcube.gcat.api.roles.Role;
import org.gcube.gcat.profile.ISProfile;
import org.xml.sax.SAXException;
@@ -135,6 +138,7 @@ public class Profile extends BaseREST implements org.gcube.gcat.api.interfaces.P
@Path("/{" + PROFILE_NAME_PARAMETER + "}")
@Consumes(MediaType.APPLICATION_XML)
@Produces(MediaType.APPLICATION_XML)
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_ADMIN}, exception=NotAuthorizedException.class)
public Response createOrUpdate(@PathParam(PROFILE_NAME_PARAMETER) String name, String xml) {
setCalledMethod("PUT /" + PROFILES + "/{" + PROFILE_NAME_PARAMETER + "}");
try {
@@ -165,6 +169,7 @@ public class Profile extends BaseREST implements org.gcube.gcat.api.interfaces.P
@DELETE
@Path("/{" + PROFILE_NAME_PARAMETER + "}")
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_ADMIN}, exception=NotAuthorizedException.class)
public Response delete(@PathParam(PROFILE_NAME_PARAMETER) String name) {
setCalledMethod("DELETE /" + PROFILES + "/{" + PROFILE_NAME_PARAMETER + "}");
try {
diff --git a/src/main/java/org/gcube/gcat/rest/Trash.java b/src/main/java/org/gcube/gcat/rest/Trash.java
index 0f8d231..0d2e475 100644
--- a/src/main/java/org/gcube/gcat/rest/Trash.java
+++ b/src/main/java/org/gcube/gcat/rest/Trash.java
@@ -3,6 +3,7 @@ package org.gcube.gcat.rest;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
+import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
@@ -10,8 +11,10 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.xml.ws.WebServiceException;
+import org.gcube.common.authorization.control.annotations.AuthorizationControl;
import org.gcube.gcat.annotation.PURGE;
import org.gcube.gcat.api.GCatConstants;
+import org.gcube.gcat.api.roles.Role;
import org.gcube.gcat.persistence.ckan.CKANPackageTrash;
/**
@@ -24,6 +27,7 @@ public class Trash extends BaseREST implements org.gcube.gcat.api.interfaces.Tra
@GET
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public String list(@QueryParam(GCatConstants.OWN_ONLY_QUERY_PARAMETER) @DefaultValue("true") Boolean ownOnly) throws WebServiceException {
CKANPackageTrash ckanPackageTrash = new CKANPackageTrash();
ckanPackageTrash.setOwnOnly(ownOnly);
@@ -32,6 +36,7 @@ public class Trash extends BaseREST implements org.gcube.gcat.api.interfaces.Tra
@DELETE
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response empty(@QueryParam(GCatConstants.OWN_ONLY_QUERY_PARAMETER) @DefaultValue("true") Boolean ownOnly) throws WebServiceException {
Thread thread = new Thread(new Runnable() {
@Override
@@ -46,10 +51,9 @@ public class Trash extends BaseREST implements org.gcube.gcat.api.interfaces.Tra
}
@PURGE
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_EDITOR, Role.CATALOGUE_ADMIN, Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response emptyViaPurge(@QueryParam(GCatConstants.OWN_ONLY_QUERY_PARAMETER) @DefaultValue("true") Boolean ownOnly) throws WebServiceException {
return empty(ownOnly);
}
-}
-
-
+}
\ No newline at end of file
diff --git a/src/main/java/org/gcube/gcat/rest/User.java b/src/main/java/org/gcube/gcat/rest/User.java
index 0a8a27b..7af4948 100644
--- a/src/main/java/org/gcube/gcat/rest/User.java
+++ b/src/main/java/org/gcube/gcat/rest/User.java
@@ -3,6 +3,7 @@ package org.gcube.gcat.rest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
+import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
@@ -10,7 +11,9 @@ import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
+import org.gcube.common.authorization.control.annotations.AuthorizationControl;
import org.gcube.gcat.api.GCatConstants;
+import org.gcube.gcat.api.roles.Role;
import org.gcube.gcat.persistence.ckan.CKANUser;
/**
@@ -27,6 +30,7 @@ public class User extends REST implements org.gcube.gcat.api.interface
@GET
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_ADMIN}, exception=NotAuthorizedException.class)
public String list() {
return super.list(-1, -1);
}
@@ -35,6 +39,7 @@ public class User extends REST implements org.gcube.gcat.api.interface
@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response create(String json) {
return super.create(json);
}
@@ -43,6 +48,7 @@ public class User extends REST implements org.gcube.gcat.api.interface
@Path("/{" + USER_ID_PARAMETER + "}")
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_ADMIN}, exception=NotAuthorizedException.class)
public String read(@PathParam(USER_ID_PARAMETER) String username) {
return super.read(username);
}
@@ -52,12 +58,14 @@ public class User extends REST implements org.gcube.gcat.api.interface
@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
@Override
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public String update(@PathParam(USER_ID_PARAMETER) String username, String json) {
return super.update(username, json);
}
@DELETE
@Path("/{" + USER_ID_PARAMETER + "}")
+ @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
public Response delete(@PathParam(USER_ID_PARAMETER) String username) {
return super.delete(username, false);
}