gCubeSystem
/
storagehub
15
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

added client method for User and Group management

This commit is contained in:
lucio 2019-10-10 18:15:38 +02:00
parent 74bace0042
commit 18cba6c067
5 changed files with 45 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.settings/org.eclipse.wst.common.component
View File

@ -4,7 +4,7 @@
<wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
<dependent-module archiveName="authorization-control-library-1.0.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/authorization-control-library/authorization-control-library">
<dependent-module archiveName="authorization-control-library-1.1.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/authorization-control-library/authorization-control-library">
<dependency-type>uses</dependency-type>
</dependent-module>
<dependent-module archiveName="storagehub-model-1.0.5.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/storagehub-model/storagehub-model">

40
src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java
View File

@ -34,9 +34,11 @@ import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils
import org.gcube.common.authorization.control.annotations.AuthorizationControl;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.storagehub.model.acls.AccessType;
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
import org.gcube.common.storagehub.model.exceptions.InvalidItemException;
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
import org.gcube.common.storagehub.model.types.NodeProperty;
import org.gcube.common.storagehub.model.types.PrimaryNodeType;
import org.gcube.data.access.storagehub.Constants;
@ -51,6 +53,8 @@ public class GroupManager {
@Context ServletContext context;
private static final String VREMANAGER_ROLE = "VRE-Manager";
private static final Logger log = LoggerFactory.getLogger(GroupManager.class);
@Inject
@ -59,7 +63,6 @@ public class GroupManager {
@GET
@Path("")
@Produces(MediaType.APPLICATION_JSON)
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
public List<String> getGroups(){
JackrabbitSession session = null;
@ -93,14 +96,18 @@ public class GroupManager {
@POST
@Path("")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
public String createGroup(@FormParam("group") String group, @FormParam("accessType") AccessType accessType){
JackrabbitSession session = null;
String groupId = null;
try {
checkGroupValidity(group);
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
Group createdGroup = usrManager.createGroup(group);
@ -122,11 +129,13 @@ public class GroupManager {
@DELETE
@Path("{group}")
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
public String deleteGroup(@PathParam("group") String group){
JackrabbitSession session = null;
try {
checkGroupValidity(group);
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
@ -154,12 +163,15 @@ public class GroupManager {
@PUT
@Path("{id}")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
public boolean addUserToGroup(@PathParam("id") String groupId, @FormParam("userId") String userId){
JackrabbitSession session = null;
boolean success = false;
try {
checkGroupValidity(groupId);
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
@ -190,12 +202,15 @@ public class GroupManager {
@DELETE
@Path("{groupId}/users/{userId}")
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
public boolean removeUserFromGroup(@PathParam("groupId") String groupId, @PathParam("userId") String userId){
JackrabbitSession session = null;
boolean success = false;
try {
checkGroupValidity(groupId);
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
@ -233,12 +248,15 @@ public class GroupManager {
@GET
@Path("{groupId}/users")
@Produces(MediaType.APPLICATION_JSON)
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
public List<String> getUsersOfGroup(@PathParam("groupId") String groupId){
JackrabbitSession session = null;
List<String> users = new ArrayList<>();
try {
checkGroupValidity(groupId);
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
@ -313,4 +331,12 @@ public class GroupManager {
return vreFolder;
}
private void checkGroupValidity(String group) throws UserNotAuthorizedException{
String currentContext = ScopeProvider.instance.get();
String expectedGroupId= currentContext.replace("/", "-").substring(1);
if (!group.equals(expectedGroupId))
throw new UserNotAuthorizedException("only VREManager can execute this operation");
}
}

2
src/main/java/org/gcube/data/access/storagehub/services/ItemsManager.java
View File

@ -280,7 +280,7 @@ public class ItemsManager {
@GET
@Path("publiclink/{id}")
@AuthorizationControl(allowed={"URIResolver"}, exception=MyAuthException.class)
@AuthorizationControl(allowedUsers={"URIResolver"}, exception=MyAuthException.class)
public Response resolvePublicLink() {
InnerMethodName.instance.set("resolvePubliclink");

7
src/main/java/org/gcube/data/access/storagehub/services/UserManager.java
View File

@ -43,7 +43,7 @@ import org.slf4j.LoggerFactory;
public class UserManager {
@Context ServletContext context;
private static final Logger log = LoggerFactory.getLogger(UserManager.class);
@Inject
@ -55,7 +55,6 @@ public class UserManager {
@GET
@Path("")
@Produces(MediaType.APPLICATION_JSON)
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
public List<String> getUsers(){
JackrabbitSession session = null;
@ -89,7 +88,7 @@ public class UserManager {
@POST
@Path("")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
@AuthorizationControl(allowedUsers={"lucio.lelii"}, exception=MyAuthException.class)
public String createUser(@FormParam("user") String user, @FormParam("password") String password){
JackrabbitSession session = null;
@ -127,7 +126,7 @@ public class UserManager {
@DELETE
@Path("{id}")
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
@AuthorizationControl(allowedUsers={"lucio.lelii"}, exception=MyAuthException.class)
public String deleteUser(@PathParam("id") String id){
JackrabbitSession session = null;

7
src/main/webapp/WEB-INF/gcube-app.xml
View File

@ -0,0 +1,7 @@
<application mode='online'>
<name>StorageHub</name>
<group>DataAccess</group>
<version>1.0.0-SNAPSHOT</version>
<description>Storage Hub webapp</description>
<local-persistence location='target' />
</application>