Revised version that uses strings instead of object in map for comparison
This commit is contained in:
parent
ffccf37c06
commit
13dcfe2a0e
|
@ -41,7 +41,7 @@ public class UserSitesToGroupsAndRolesMapper {
|
|||
protected GroupManager groupManager;
|
||||
protected RoleManager roleManager;
|
||||
protected String rootVOName;
|
||||
protected Map<GCubeGroup, List<GCubeRole>> actualGroupAndRoles;
|
||||
protected Map<Long, List<String>> actualGroupAndRoles;
|
||||
protected Map<String, GCubeRole> roleNameToRole;
|
||||
|
||||
public UserSitesToGroupsAndRolesMapper(User user, OIDCToSitesAndRolesMapper mapper) {
|
||||
|
@ -70,7 +70,17 @@ public class UserSitesToGroupsAndRolesMapper {
|
|||
return;
|
||||
}
|
||||
try {
|
||||
actualGroupAndRoles = groupManager.listGroupsAndRolesByUser(user.getUserId());
|
||||
Map<GCubeGroup, List<GCubeRole>> retrivedGroupAndRoles = groupManager
|
||||
.listGroupsAndRolesByUser(user.getUserId());
|
||||
|
||||
actualGroupAndRoles = new TreeMap<Long, List<String>>();
|
||||
for (GCubeGroup gCubeGroup : retrivedGroupAndRoles.keySet()) {
|
||||
List<String> newList = new ArrayList<String>();
|
||||
actualGroupAndRoles.put(gCubeGroup.getGroupId(), newList);
|
||||
for (GCubeRole gCubeRole : retrivedGroupAndRoles.get(gCubeGroup)) {
|
||||
newList.add(gCubeRole.getRoleName());
|
||||
}
|
||||
}
|
||||
} catch (UserManagementSystemException e) {
|
||||
log.error("Cannot get sites and roles membership for user", e);
|
||||
return;
|
||||
|
@ -96,7 +106,7 @@ public class UserSitesToGroupsAndRolesMapper {
|
|||
if (log.isDebugEnabled()) {
|
||||
log.debug("Check user to sites assignemnts");
|
||||
}
|
||||
rolesToSiteDescendant(gwSitesTree, null);
|
||||
rolesToSiteDescendant(gwSitesTree);
|
||||
}
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Check user to sites removal");
|
||||
|
@ -104,30 +114,29 @@ public class UserSitesToGroupsAndRolesMapper {
|
|||
checkForSiteRemoval(gwSitesTree);
|
||||
}
|
||||
|
||||
|
||||
protected void rolesToSiteDescendant(Site actualSite, GCubeGroup parentGroup) {
|
||||
GCubeGroup actualSiteGroup = null;
|
||||
protected void rolesToSiteDescendant(Site actualSite) {
|
||||
Long actualSiteGroupId = null;
|
||||
try {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Getting actual site group from group manager, actual site name=" + actualSite.getName());
|
||||
log.debug("Getting actual site group from group manager, actual site: " + actualSite.getName());
|
||||
}
|
||||
actualSiteGroup = groupManager.getGroup(groupManager.getGroupId(actualSite.getName()));
|
||||
actualSiteGroupId = groupManager.getGroupId(actualSite.getName());
|
||||
} catch (UserManagementSystemException | GroupRetrievalFault e) {
|
||||
log.error("Cannot retrieve group for site: " + actualSite.getName(), e);
|
||||
return;
|
||||
}
|
||||
try {
|
||||
if (groupManager.isVRE(actualSiteGroup.getGroupId()) && !actualGroupAndRoles.containsKey(actualSiteGroup)) {
|
||||
log.info("Assigning user to new VRE site: " + actualSiteGroup.getGroupName());
|
||||
userManager.assignUserToGroup(actualSiteGroup.getGroupId(), user.getUserId());
|
||||
if (groupManager.isVRE(actualSiteGroupId) && !actualGroupAndRoles.containsKey(actualSiteGroupId)) {
|
||||
log.info("Assigning user to new VRE site: " + actualSite.getName());
|
||||
userManager.assignUserToGroup(actualSiteGroupId, user.getUserId());
|
||||
if (actualSite.getRoles() != null && !actualSite.getRoles().isEmpty()) {
|
||||
log.info("Assiging roles for the VRE site");
|
||||
log.info("Assiging roles for the new assigned VRE site");
|
||||
for (String roleName : actualSite.getRoles()) {
|
||||
if (D4ScienceMappings.Role.MEMBER.asString().equals(roleName)) {
|
||||
// Member role is only to assure that the user belongs to context
|
||||
// Member role is only to assure that the user belongs to context, covered by the assign
|
||||
continue;
|
||||
}
|
||||
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroup.getGroupId(),
|
||||
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroupId,
|
||||
roleNameToRole.get(roleName).getRoleId());
|
||||
}
|
||||
// Since it's a VRE we can return
|
||||
|
@ -139,52 +148,50 @@ public class UserSitesToGroupsAndRolesMapper {
|
|||
} catch (UserManagementSystemException | GroupRetrievalFault | UserRetrievalFault
|
||||
| UserManagementPortalException | RoleRetrievalFault | RuntimeException e) {
|
||||
|
||||
log.error("Assigning user to new VRE site: " + actualSiteGroup.getGroupName(), e);
|
||||
log.error("Assigning user to new VRE site: " + actualSite.getName(), e);
|
||||
}
|
||||
if (actualSite.getRoles() != null) {
|
||||
List<GCubeRole> actualSiteGroupRoles = actualGroupAndRoles.get(actualSiteGroup);
|
||||
List<String> actualSiteGroupRoles = actualGroupAndRoles.get(actualSiteGroupId);
|
||||
List<String> newRoles = new ArrayList<>(actualSite.getRoles());
|
||||
// Removing the Member role that is not a real role in LR
|
||||
newRoles.remove(D4ScienceMappings.Role.MEMBER.asString());
|
||||
if (actualSiteGroupRoles != null && !actualSiteGroupRoles.isEmpty()) {
|
||||
log.info("Checking actual roles in the dite group");
|
||||
for (GCubeRole gcRole : actualSiteGroupRoles) {
|
||||
log.info("Checking actual roles in the site's group");
|
||||
for (String gcRoleName : actualSiteGroupRoles) {
|
||||
String actualSiteName = actualSite.getName();
|
||||
String gcRoleName = gcRole.getRoleName();
|
||||
if (!actualSite.getRoles().contains(gcRoleName)) {
|
||||
try {
|
||||
log.info("Removing '" + gcRoleName + "' user's role for site: " + actualSiteName);
|
||||
roleManager.removeRoleFromUser(user.getUserId(), actualSiteGroup.getGroupId(),
|
||||
gcRole.getRoleId());
|
||||
roleManager.removeRoleFromUser(user.getUserId(), actualSiteGroupId,
|
||||
roleNameToRole.get(gcRoleName).getRoleId());
|
||||
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault
|
||||
| RoleRetrievalFault e) {
|
||||
log.error(
|
||||
"Cannot remove user's role '" + gcRoleName + "' for site: " + actualSite.getName(),
|
||||
e);
|
||||
|
||||
log.error("Can't remove user role '" + gcRoleName + "' from: " + actualSite.getName(), e);
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Removing site role from the roles list: " + gcRoleName);
|
||||
if (log.isTraceEnabled()) {
|
||||
log.trace("User still have role in the site, emoving it from the new roles list: "
|
||||
+ gcRoleName);
|
||||
}
|
||||
newRoles.remove(gcRoleName);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
log.info("User actually has no roles in the site group");
|
||||
log.info("User actually has no roles different from Member in the site");
|
||||
}
|
||||
// Adding roles that remaining in newRoles list, if any, for the user in this
|
||||
// site
|
||||
if (!newRoles.isEmpty()) {
|
||||
// Adding roles that remaining in newRoles list, if any, for the user in this site
|
||||
for (String newRole : newRoles) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Adding new role to user. New role=" + newRole);
|
||||
log.debug("Adding new role to user. New role: " + newRole);
|
||||
}
|
||||
GCubeRole newGcRole = roleNameToRole.get(newRole);
|
||||
if (newGcRole != null) {
|
||||
try {
|
||||
log.info("Assinging new role '" + newRole + "' to user");
|
||||
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroup.getGroupId(),
|
||||
newGcRole.getRoleId());
|
||||
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroupId, newGcRole.getRoleId());
|
||||
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault
|
||||
| RoleRetrievalFault e) {
|
||||
log.error("Cannot assign new role '" + newRole + "' for site: " + actualSite.getName(), e);
|
||||
|
@ -195,13 +202,18 @@ public class UserSitesToGroupsAndRolesMapper {
|
|||
+ newRole);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("User has no new roles for the site");
|
||||
}
|
||||
}
|
||||
} else {
|
||||
log.info("Roles were not set, continuing descending letting them untouched in site: "
|
||||
+ actualSite.getName());
|
||||
}
|
||||
for (String childSite : actualSite.getChildren().keySet()) {
|
||||
log.info("Recursive call to child site: " + childSite);
|
||||
rolesToSiteDescendant(actualSite.getChildren().get(childSite), actualSiteGroup);
|
||||
for (Site childSite : actualSite.getChildren().values()) {
|
||||
log.info("Recursive call to child site: " + childSite.getName());
|
||||
rolesToSiteDescendant(childSite);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -209,27 +221,30 @@ public class UserSitesToGroupsAndRolesMapper {
|
|||
List<String> vreNames = new ArrayList<>();
|
||||
if (gwSitesTree != null) {
|
||||
log.debug("Collecting VREs user belongs to");
|
||||
for (String voName : gwSitesTree.getChildren().keySet()) {
|
||||
for (String vreName : gwSitesTree.getChildren().get(voName).getChildren().keySet()) {
|
||||
log.debug("Adding VRE to the list: " + vreName);
|
||||
for (Site vo : gwSitesTree.getChildren().values()) {
|
||||
for (Site vre : vo.getChildren().values()) {
|
||||
String vreName = vre.getName();
|
||||
log.trace("Adding VRE to the list: " + vreName);
|
||||
vreNames.add(vreName);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
log.info("User not belongs to any site");
|
||||
log.info("User not belongs to any VRE");
|
||||
}
|
||||
for (GCubeGroup actualGroup : actualGroupAndRoles.keySet()) {
|
||||
for (Long actualGroupId : actualGroupAndRoles.keySet()) {
|
||||
try {
|
||||
if (groupManager.isVRE(actualGroup.getGroupId()) && !vreNames.contains(actualGroup.getGroupName())) {
|
||||
log.info("Removing user from VRE: " + actualGroup.getGroupName());
|
||||
String actualGroupName = groupManager.getGroup(actualGroupId).getGroupName();
|
||||
if (groupManager.isVRE(actualGroupId) && !vreNames.contains(actualGroupName)) {
|
||||
|
||||
log.info("Removing user from VRE: " + actualGroupName);
|
||||
try {
|
||||
userManager.dismissUserFromGroup(actualGroup.getGroupId(), user.getUserId());
|
||||
userManager.dismissUserFromGroup(actualGroupId, user.getUserId());
|
||||
} catch (UserRetrievalFault e) {
|
||||
log.error("Removing user from VRE: " + actualGroup.getGroupName(), e);
|
||||
log.error("Removing user from VRE: " + actualGroupName, e);
|
||||
}
|
||||
} else {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("User still belong to VRE: " + actualGroup.getGroupName());
|
||||
log.debug("User still belong to VRE: " + actualGroupName);
|
||||
}
|
||||
}
|
||||
} catch (UserManagementSystemException | GroupRetrievalFault e) {
|
||||
|
|
Loading…
Reference in New Issue