gCubeSystem
/
oidc-library-portal
18
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Revised version that uses strings instead of object in map for comparison

This commit is contained in:
Mauro Mugnaini 2021-01-19 18:16:16 +01:00
parent ffccf37c06
commit 13dcfe2a0e
1 changed files with 74 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
src/main/java/org/gcube/portal/oidc/lr62/UserSitesToGroupsAndRolesMapper.java
View File

@ -41,7 +41,7 @@ public class UserSitesToGroupsAndRolesMapper {
protected GroupManager groupManager;
protected RoleManager roleManager;
protected String rootVOName;
protected Map<GCubeGroup, List<GCubeRole>> actualGroupAndRoles;
protected Map<Long, List<String>> actualGroupAndRoles;
protected Map<String, GCubeRole> roleNameToRole;
public UserSitesToGroupsAndRolesMapper(User user, OIDCToSitesAndRolesMapper mapper) {
@ -70,7 +70,17 @@ public class UserSitesToGroupsAndRolesMapper {
return;
}
try {
actualGroupAndRoles = groupManager.listGroupsAndRolesByUser(user.getUserId());
Map<GCubeGroup, List<GCubeRole>> retrivedGroupAndRoles = groupManager
.listGroupsAndRolesByUser(user.getUserId());
actualGroupAndRoles = new TreeMap<Long, List<String>>();
for (GCubeGroup gCubeGroup : retrivedGroupAndRoles.keySet()) {
List<String> newList = new ArrayList<String>();
actualGroupAndRoles.put(gCubeGroup.getGroupId(), newList);
for (GCubeRole gCubeRole : retrivedGroupAndRoles.get(gCubeGroup)) {
newList.add(gCubeRole.getRoleName());
}
}
} catch (UserManagementSystemException e) {
log.error("Cannot get sites and roles membership for user", e);
return;
@ -96,7 +106,7 @@ public class UserSitesToGroupsAndRolesMapper {
if (log.isDebugEnabled()) {
log.debug("Check user to sites assignemnts");
}
rolesToSiteDescendant(gwSitesTree, null);
rolesToSiteDescendant(gwSitesTree);
}
if (log.isDebugEnabled()) {
log.debug("Check user to sites removal");
@ -104,30 +114,29 @@ public class UserSitesToGroupsAndRolesMapper {
checkForSiteRemoval(gwSitesTree);
}
protected void rolesToSiteDescendant(Site actualSite, GCubeGroup parentGroup) {
GCubeGroup actualSiteGroup = null;
protected void rolesToSiteDescendant(Site actualSite) {
Long actualSiteGroupId = null;
try {
if (log.isDebugEnabled()) {
log.debug("Getting actual site group from group manager, actual site name=" + actualSite.getName());
log.debug("Getting actual site group from group manager, actual site: " + actualSite.getName());
}
actualSiteGroup = groupManager.getGroup(groupManager.getGroupId(actualSite.getName()));
actualSiteGroupId = groupManager.getGroupId(actualSite.getName());
} catch (UserManagementSystemException | GroupRetrievalFault e) {
log.error("Cannot retrieve group for site: " + actualSite.getName(), e);
return;
}
try {
if (groupManager.isVRE(actualSiteGroup.getGroupId()) && !actualGroupAndRoles.containsKey(actualSiteGroup)) {
log.info("Assigning user to new VRE site: " + actualSiteGroup.getGroupName());
userManager.assignUserToGroup(actualSiteGroup.getGroupId(), user.getUserId());
if (groupManager.isVRE(actualSiteGroupId) && !actualGroupAndRoles.containsKey(actualSiteGroupId)) {
log.info("Assigning user to new VRE site: " + actualSite.getName());
userManager.assignUserToGroup(actualSiteGroupId, user.getUserId());
if (actualSite.getRoles() != null && !actualSite.getRoles().isEmpty()) {
log.info("Assiging roles for the VRE site");
log.info("Assiging roles for the new assigned VRE site");
for (String roleName : actualSite.getRoles()) {
if (D4ScienceMappings.Role.MEMBER.asString().equals(roleName)) {
// Member role is only to assure that the user belongs to context
// Member role is only to assure that the user belongs to context, covered by the assign
continue;
}
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroup.getGroupId(),
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroupId,
roleNameToRole.get(roleName).getRoleId());
}
// Since it's a VRE we can return
@ -139,69 +148,72 @@ public class UserSitesToGroupsAndRolesMapper {
} catch (UserManagementSystemException | GroupRetrievalFault | UserRetrievalFault
| UserManagementPortalException | RoleRetrievalFault | RuntimeException e) {
log.error("Assigning user to new VRE site: " + actualSiteGroup.getGroupName(), e);
log.error("Assigning user to new VRE site: " + actualSite.getName(), e);
}
if (actualSite.getRoles() != null) {
List<GCubeRole> actualSiteGroupRoles = actualGroupAndRoles.get(actualSiteGroup);
List<String> actualSiteGroupRoles = actualGroupAndRoles.get(actualSiteGroupId);
List<String> newRoles = new ArrayList<>(actualSite.getRoles());
// Removing the Member role that is not a real role in LR
newRoles.remove(D4ScienceMappings.Role.MEMBER.asString());
if (actualSiteGroupRoles != null && !actualSiteGroupRoles.isEmpty()) {
log.info("Checking actual roles in the dite group");
for (GCubeRole gcRole : actualSiteGroupRoles) {
log.info("Checking actual roles in the site's group");
for (String gcRoleName : actualSiteGroupRoles) {
String actualSiteName = actualSite.getName();
String gcRoleName = gcRole.getRoleName();
if (!actualSite.getRoles().contains(gcRoleName)) {
try {
log.info("Removing '" + gcRoleName + "' user's role for site: " + actualSiteName);
roleManager.removeRoleFromUser(user.getUserId(), actualSiteGroup.getGroupId(),
gcRole.getRoleId());
roleManager.removeRoleFromUser(user.getUserId(), actualSiteGroupId,
roleNameToRole.get(gcRoleName).getRoleId());
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault
| RoleRetrievalFault e) {
log.error(
"Cannot remove user's role '" + gcRoleName + "' for site: " + actualSite.getName(),
e);
log.error("Can't remove user role '" + gcRoleName + "' from: " + actualSite.getName(), e);
continue;
}
} else {
if (log.isDebugEnabled()) {
log.debug("Removing site role from the roles list: " + gcRoleName);
if (log.isTraceEnabled()) {
log.trace("User still have role in the site, emoving it from the new roles list: "
+ gcRoleName);
}
newRoles.remove(gcRoleName);
}
}
} else {
log.info("User actually has no roles in the site group");
log.info("User actually has no roles different from Member in the site");
}
// Adding roles that remaining in newRoles list, if any, for the user in this
// site
for (String newRole : newRoles) {
if (log.isDebugEnabled()) {
log.debug("Adding new role to user. New role=" + newRole);
}
GCubeRole newGcRole = roleNameToRole.get(newRole);
if (newGcRole != null) {
try {
log.info("Assinging new role '" + newRole + "' to user");
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroup.getGroupId(),
newGcRole.getRoleId());
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault
| RoleRetrievalFault e) {
log.error("Cannot assign new role '" + newRole + "' for site: " + actualSite.getName(), e);
continue;
if (!newRoles.isEmpty()) {
// Adding roles that remaining in newRoles list, if any, for the user in this site
for (String newRole : newRoles) {
if (log.isDebugEnabled()) {
log.debug("Adding new role to user. New role: " + newRole);
}
} else {
log.warn("New site's gc role is null (doesn't exist?) after getting it from role manager: "
+ newRole);
GCubeRole newGcRole = roleNameToRole.get(newRole);
if (newGcRole != null) {
try {
log.info("Assinging new role '" + newRole + "' to user");
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroupId, newGcRole.getRoleId());
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault
| RoleRetrievalFault e) {
log.error("Cannot assign new role '" + newRole + "' for site: " + actualSite.getName(), e);
continue;
}
} else {
log.warn("New site's gc role is null (doesn't exist?) after getting it from role manager: "
+ newRole);
}
}
} else {
if (log.isDebugEnabled()) {
log.debug("User has no new roles for the site");
}
}
} else {
log.info("Roles were not set, continuing descending letting them untouched in site: "
+ actualSite.getName());
}
for (String childSite : actualSite.getChildren().keySet()) {
log.info("Recursive call to child site: " + childSite);
rolesToSiteDescendant(actualSite.getChildren().get(childSite), actualSiteGroup);
for (Site childSite : actualSite.getChildren().values()) {
log.info("Recursive call to child site: " + childSite.getName());
rolesToSiteDescendant(childSite);
}
}
@ -209,27 +221,30 @@ public class UserSitesToGroupsAndRolesMapper {
List<String> vreNames = new ArrayList<>();
if (gwSitesTree != null) {
log.debug("Collecting VREs user belongs to");
for (String voName : gwSitesTree.getChildren().keySet()) {
for (String vreName : gwSitesTree.getChildren().get(voName).getChildren().keySet()) {
log.debug("Adding VRE to the list: " + vreName);
for (Site vo : gwSitesTree.getChildren().values()) {
for (Site vre : vo.getChildren().values()) {
String vreName = vre.getName();
log.trace("Adding VRE to the list: " + vreName);
vreNames.add(vreName);
}
}
} else {
log.info("User not belongs to any site");
log.info("User not belongs to any VRE");
}
for (GCubeGroup actualGroup : actualGroupAndRoles.keySet()) {
for (Long actualGroupId : actualGroupAndRoles.keySet()) {
try {
if (groupManager.isVRE(actualGroup.getGroupId()) && !vreNames.contains(actualGroup.getGroupName())) {
log.info("Removing user from VRE: " + actualGroup.getGroupName());
String actualGroupName = groupManager.getGroup(actualGroupId).getGroupName();
if (groupManager.isVRE(actualGroupId) && !vreNames.contains(actualGroupName)) {
log.info("Removing user from VRE: " + actualGroupName);
try {
userManager.dismissUserFromGroup(actualGroup.getGroupId(), user.getUserId());
userManager.dismissUserFromGroup(actualGroupId, user.getUserId());
} catch (UserRetrievalFault e) {
log.error("Removing user from VRE: " + actualGroup.getGroupName(), e);
log.error("Removing user from VRE: " + actualGroupName, e);
}
} else {
if (log.isDebugEnabled()) {
log.debug("User still belong to VRE: " + actualGroup.getGroupName());
log.debug("User still belong to VRE: " + actualGroupName);
}
}
} catch (UserManagementSystemException | GroupRetrievalFault e) {