Revised version that uses strings instead of object in map for comparison
This commit is contained in:
parent
ffccf37c06
commit
13dcfe2a0e
|
@ -41,7 +41,7 @@ public class UserSitesToGroupsAndRolesMapper {
|
||||||
protected GroupManager groupManager;
|
protected GroupManager groupManager;
|
||||||
protected RoleManager roleManager;
|
protected RoleManager roleManager;
|
||||||
protected String rootVOName;
|
protected String rootVOName;
|
||||||
protected Map<GCubeGroup, List<GCubeRole>> actualGroupAndRoles;
|
protected Map<Long, List<String>> actualGroupAndRoles;
|
||||||
protected Map<String, GCubeRole> roleNameToRole;
|
protected Map<String, GCubeRole> roleNameToRole;
|
||||||
|
|
||||||
public UserSitesToGroupsAndRolesMapper(User user, OIDCToSitesAndRolesMapper mapper) {
|
public UserSitesToGroupsAndRolesMapper(User user, OIDCToSitesAndRolesMapper mapper) {
|
||||||
|
@ -70,7 +70,17 @@ public class UserSitesToGroupsAndRolesMapper {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
actualGroupAndRoles = groupManager.listGroupsAndRolesByUser(user.getUserId());
|
Map<GCubeGroup, List<GCubeRole>> retrivedGroupAndRoles = groupManager
|
||||||
|
.listGroupsAndRolesByUser(user.getUserId());
|
||||||
|
|
||||||
|
actualGroupAndRoles = new TreeMap<Long, List<String>>();
|
||||||
|
for (GCubeGroup gCubeGroup : retrivedGroupAndRoles.keySet()) {
|
||||||
|
List<String> newList = new ArrayList<String>();
|
||||||
|
actualGroupAndRoles.put(gCubeGroup.getGroupId(), newList);
|
||||||
|
for (GCubeRole gCubeRole : retrivedGroupAndRoles.get(gCubeGroup)) {
|
||||||
|
newList.add(gCubeRole.getRoleName());
|
||||||
|
}
|
||||||
|
}
|
||||||
} catch (UserManagementSystemException e) {
|
} catch (UserManagementSystemException e) {
|
||||||
log.error("Cannot get sites and roles membership for user", e);
|
log.error("Cannot get sites and roles membership for user", e);
|
||||||
return;
|
return;
|
||||||
|
@ -96,7 +106,7 @@ public class UserSitesToGroupsAndRolesMapper {
|
||||||
if (log.isDebugEnabled()) {
|
if (log.isDebugEnabled()) {
|
||||||
log.debug("Check user to sites assignemnts");
|
log.debug("Check user to sites assignemnts");
|
||||||
}
|
}
|
||||||
rolesToSiteDescendant(gwSitesTree, null);
|
rolesToSiteDescendant(gwSitesTree);
|
||||||
}
|
}
|
||||||
if (log.isDebugEnabled()) {
|
if (log.isDebugEnabled()) {
|
||||||
log.debug("Check user to sites removal");
|
log.debug("Check user to sites removal");
|
||||||
|
@ -104,30 +114,29 @@ public class UserSitesToGroupsAndRolesMapper {
|
||||||
checkForSiteRemoval(gwSitesTree);
|
checkForSiteRemoval(gwSitesTree);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected void rolesToSiteDescendant(Site actualSite) {
|
||||||
protected void rolesToSiteDescendant(Site actualSite, GCubeGroup parentGroup) {
|
Long actualSiteGroupId = null;
|
||||||
GCubeGroup actualSiteGroup = null;
|
|
||||||
try {
|
try {
|
||||||
if (log.isDebugEnabled()) {
|
if (log.isDebugEnabled()) {
|
||||||
log.debug("Getting actual site group from group manager, actual site name=" + actualSite.getName());
|
log.debug("Getting actual site group from group manager, actual site: " + actualSite.getName());
|
||||||
}
|
}
|
||||||
actualSiteGroup = groupManager.getGroup(groupManager.getGroupId(actualSite.getName()));
|
actualSiteGroupId = groupManager.getGroupId(actualSite.getName());
|
||||||
} catch (UserManagementSystemException | GroupRetrievalFault e) {
|
} catch (UserManagementSystemException | GroupRetrievalFault e) {
|
||||||
log.error("Cannot retrieve group for site: " + actualSite.getName(), e);
|
log.error("Cannot retrieve group for site: " + actualSite.getName(), e);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
if (groupManager.isVRE(actualSiteGroup.getGroupId()) && !actualGroupAndRoles.containsKey(actualSiteGroup)) {
|
if (groupManager.isVRE(actualSiteGroupId) && !actualGroupAndRoles.containsKey(actualSiteGroupId)) {
|
||||||
log.info("Assigning user to new VRE site: " + actualSiteGroup.getGroupName());
|
log.info("Assigning user to new VRE site: " + actualSite.getName());
|
||||||
userManager.assignUserToGroup(actualSiteGroup.getGroupId(), user.getUserId());
|
userManager.assignUserToGroup(actualSiteGroupId, user.getUserId());
|
||||||
if (actualSite.getRoles() != null && !actualSite.getRoles().isEmpty()) {
|
if (actualSite.getRoles() != null && !actualSite.getRoles().isEmpty()) {
|
||||||
log.info("Assiging roles for the VRE site");
|
log.info("Assiging roles for the new assigned VRE site");
|
||||||
for (String roleName : actualSite.getRoles()) {
|
for (String roleName : actualSite.getRoles()) {
|
||||||
if (D4ScienceMappings.Role.MEMBER.asString().equals(roleName)) {
|
if (D4ScienceMappings.Role.MEMBER.asString().equals(roleName)) {
|
||||||
// Member role is only to assure that the user belongs to context
|
// Member role is only to assure that the user belongs to context, covered by the assign
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroup.getGroupId(),
|
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroupId,
|
||||||
roleNameToRole.get(roleName).getRoleId());
|
roleNameToRole.get(roleName).getRoleId());
|
||||||
}
|
}
|
||||||
// Since it's a VRE we can return
|
// Since it's a VRE we can return
|
||||||
|
@ -139,69 +148,72 @@ public class UserSitesToGroupsAndRolesMapper {
|
||||||
} catch (UserManagementSystemException | GroupRetrievalFault | UserRetrievalFault
|
} catch (UserManagementSystemException | GroupRetrievalFault | UserRetrievalFault
|
||||||
| UserManagementPortalException | RoleRetrievalFault | RuntimeException e) {
|
| UserManagementPortalException | RoleRetrievalFault | RuntimeException e) {
|
||||||
|
|
||||||
log.error("Assigning user to new VRE site: " + actualSiteGroup.getGroupName(), e);
|
log.error("Assigning user to new VRE site: " + actualSite.getName(), e);
|
||||||
}
|
}
|
||||||
if (actualSite.getRoles() != null) {
|
if (actualSite.getRoles() != null) {
|
||||||
List<GCubeRole> actualSiteGroupRoles = actualGroupAndRoles.get(actualSiteGroup);
|
List<String> actualSiteGroupRoles = actualGroupAndRoles.get(actualSiteGroupId);
|
||||||
List<String> newRoles = new ArrayList<>(actualSite.getRoles());
|
List<String> newRoles = new ArrayList<>(actualSite.getRoles());
|
||||||
// Removing the Member role that is not a real role in LR
|
// Removing the Member role that is not a real role in LR
|
||||||
newRoles.remove(D4ScienceMappings.Role.MEMBER.asString());
|
newRoles.remove(D4ScienceMappings.Role.MEMBER.asString());
|
||||||
if (actualSiteGroupRoles != null && !actualSiteGroupRoles.isEmpty()) {
|
if (actualSiteGroupRoles != null && !actualSiteGroupRoles.isEmpty()) {
|
||||||
log.info("Checking actual roles in the dite group");
|
log.info("Checking actual roles in the site's group");
|
||||||
for (GCubeRole gcRole : actualSiteGroupRoles) {
|
for (String gcRoleName : actualSiteGroupRoles) {
|
||||||
String actualSiteName = actualSite.getName();
|
String actualSiteName = actualSite.getName();
|
||||||
String gcRoleName = gcRole.getRoleName();
|
|
||||||
if (!actualSite.getRoles().contains(gcRoleName)) {
|
if (!actualSite.getRoles().contains(gcRoleName)) {
|
||||||
try {
|
try {
|
||||||
log.info("Removing '" + gcRoleName + "' user's role for site: " + actualSiteName);
|
log.info("Removing '" + gcRoleName + "' user's role for site: " + actualSiteName);
|
||||||
roleManager.removeRoleFromUser(user.getUserId(), actualSiteGroup.getGroupId(),
|
roleManager.removeRoleFromUser(user.getUserId(), actualSiteGroupId,
|
||||||
gcRole.getRoleId());
|
roleNameToRole.get(gcRoleName).getRoleId());
|
||||||
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault
|
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault
|
||||||
| RoleRetrievalFault e) {
|
| RoleRetrievalFault e) {
|
||||||
log.error(
|
|
||||||
"Cannot remove user's role '" + gcRoleName + "' for site: " + actualSite.getName(),
|
log.error("Can't remove user role '" + gcRoleName + "' from: " + actualSite.getName(), e);
|
||||||
e);
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (log.isDebugEnabled()) {
|
if (log.isTraceEnabled()) {
|
||||||
log.debug("Removing site role from the roles list: " + gcRoleName);
|
log.trace("User still have role in the site, emoving it from the new roles list: "
|
||||||
|
+ gcRoleName);
|
||||||
}
|
}
|
||||||
newRoles.remove(gcRoleName);
|
newRoles.remove(gcRoleName);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
log.info("User actually has no roles in the site group");
|
log.info("User actually has no roles different from Member in the site");
|
||||||
}
|
}
|
||||||
// Adding roles that remaining in newRoles list, if any, for the user in this
|
if (!newRoles.isEmpty()) {
|
||||||
// site
|
// Adding roles that remaining in newRoles list, if any, for the user in this site
|
||||||
for (String newRole : newRoles) {
|
for (String newRole : newRoles) {
|
||||||
if (log.isDebugEnabled()) {
|
if (log.isDebugEnabled()) {
|
||||||
log.debug("Adding new role to user. New role=" + newRole);
|
log.debug("Adding new role to user. New role: " + newRole);
|
||||||
}
|
|
||||||
GCubeRole newGcRole = roleNameToRole.get(newRole);
|
|
||||||
if (newGcRole != null) {
|
|
||||||
try {
|
|
||||||
log.info("Assinging new role '" + newRole + "' to user");
|
|
||||||
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroup.getGroupId(),
|
|
||||||
newGcRole.getRoleId());
|
|
||||||
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault
|
|
||||||
| RoleRetrievalFault e) {
|
|
||||||
log.error("Cannot assign new role '" + newRole + "' for site: " + actualSite.getName(), e);
|
|
||||||
continue;
|
|
||||||
}
|
}
|
||||||
} else {
|
GCubeRole newGcRole = roleNameToRole.get(newRole);
|
||||||
log.warn("New site's gc role is null (doesn't exist?) after getting it from role manager: "
|
if (newGcRole != null) {
|
||||||
+ newRole);
|
try {
|
||||||
|
log.info("Assinging new role '" + newRole + "' to user");
|
||||||
|
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroupId, newGcRole.getRoleId());
|
||||||
|
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault
|
||||||
|
| RoleRetrievalFault e) {
|
||||||
|
log.error("Cannot assign new role '" + newRole + "' for site: " + actualSite.getName(), e);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
log.warn("New site's gc role is null (doesn't exist?) after getting it from role manager: "
|
||||||
|
+ newRole);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("User has no new roles for the site");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
log.info("Roles were not set, continuing descending letting them untouched in site: "
|
log.info("Roles were not set, continuing descending letting them untouched in site: "
|
||||||
+ actualSite.getName());
|
+ actualSite.getName());
|
||||||
}
|
}
|
||||||
for (String childSite : actualSite.getChildren().keySet()) {
|
for (Site childSite : actualSite.getChildren().values()) {
|
||||||
log.info("Recursive call to child site: " + childSite);
|
log.info("Recursive call to child site: " + childSite.getName());
|
||||||
rolesToSiteDescendant(actualSite.getChildren().get(childSite), actualSiteGroup);
|
rolesToSiteDescendant(childSite);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -209,27 +221,30 @@ public class UserSitesToGroupsAndRolesMapper {
|
||||||
List<String> vreNames = new ArrayList<>();
|
List<String> vreNames = new ArrayList<>();
|
||||||
if (gwSitesTree != null) {
|
if (gwSitesTree != null) {
|
||||||
log.debug("Collecting VREs user belongs to");
|
log.debug("Collecting VREs user belongs to");
|
||||||
for (String voName : gwSitesTree.getChildren().keySet()) {
|
for (Site vo : gwSitesTree.getChildren().values()) {
|
||||||
for (String vreName : gwSitesTree.getChildren().get(voName).getChildren().keySet()) {
|
for (Site vre : vo.getChildren().values()) {
|
||||||
log.debug("Adding VRE to the list: " + vreName);
|
String vreName = vre.getName();
|
||||||
|
log.trace("Adding VRE to the list: " + vreName);
|
||||||
vreNames.add(vreName);
|
vreNames.add(vreName);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
log.info("User not belongs to any site");
|
log.info("User not belongs to any VRE");
|
||||||
}
|
}
|
||||||
for (GCubeGroup actualGroup : actualGroupAndRoles.keySet()) {
|
for (Long actualGroupId : actualGroupAndRoles.keySet()) {
|
||||||
try {
|
try {
|
||||||
if (groupManager.isVRE(actualGroup.getGroupId()) && !vreNames.contains(actualGroup.getGroupName())) {
|
String actualGroupName = groupManager.getGroup(actualGroupId).getGroupName();
|
||||||
log.info("Removing user from VRE: " + actualGroup.getGroupName());
|
if (groupManager.isVRE(actualGroupId) && !vreNames.contains(actualGroupName)) {
|
||||||
|
|
||||||
|
log.info("Removing user from VRE: " + actualGroupName);
|
||||||
try {
|
try {
|
||||||
userManager.dismissUserFromGroup(actualGroup.getGroupId(), user.getUserId());
|
userManager.dismissUserFromGroup(actualGroupId, user.getUserId());
|
||||||
} catch (UserRetrievalFault e) {
|
} catch (UserRetrievalFault e) {
|
||||||
log.error("Removing user from VRE: " + actualGroup.getGroupName(), e);
|
log.error("Removing user from VRE: " + actualGroupName, e);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (log.isDebugEnabled()) {
|
if (log.isDebugEnabled()) {
|
||||||
log.debug("User still belong to VRE: " + actualGroup.getGroupName());
|
log.debug("User still belong to VRE: " + actualGroupName);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (UserManagementSystemException | GroupRetrievalFault e) {
|
} catch (UserManagementSystemException | GroupRetrievalFault e) {
|
||||||
|
|
Loading…
Reference in New Issue