|
|
|
@ -34,9 +34,11 @@ import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils
|
|
|
|
|
import org.gcube.common.authorization.control.annotations.AuthorizationControl;
|
|
|
|
|
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
|
|
|
|
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse;
|
|
|
|
|
import org.gcube.common.scope.api.ScopeProvider;
|
|
|
|
|
import org.gcube.common.storagehub.model.acls.AccessType;
|
|
|
|
|
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
|
|
|
|
|
import org.gcube.common.storagehub.model.exceptions.InvalidItemException;
|
|
|
|
|
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
|
|
|
|
|
import org.gcube.common.storagehub.model.types.NodeProperty;
|
|
|
|
|
import org.gcube.common.storagehub.model.types.PrimaryNodeType;
|
|
|
|
|
import org.gcube.data.access.storagehub.Constants;
|
|
|
|
@ -51,6 +53,8 @@ public class GroupManager {
|
|
|
|
|
|
|
|
|
|
@Context ServletContext context;
|
|
|
|
|
|
|
|
|
|
private static final String VREMANAGER_ROLE = "VRE-Manager";
|
|
|
|
|
|
|
|
|
|
private static final Logger log = LoggerFactory.getLogger(GroupManager.class);
|
|
|
|
|
|
|
|
|
|
@Inject
|
|
|
|
@ -59,7 +63,6 @@ public class GroupManager {
|
|
|
|
|
@GET
|
|
|
|
|
@Path("")
|
|
|
|
|
@Produces(MediaType.APPLICATION_JSON)
|
|
|
|
|
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
|
|
|
|
public List<String> getGroups(){
|
|
|
|
|
|
|
|
|
|
JackrabbitSession session = null;
|
|
|
|
@ -93,14 +96,18 @@ public class GroupManager {
|
|
|
|
|
@POST
|
|
|
|
|
@Path("")
|
|
|
|
|
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
|
|
|
|
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
|
|
|
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
|
|
|
|
public String createGroup(@FormParam("group") String group, @FormParam("accessType") AccessType accessType){
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
JackrabbitSession session = null;
|
|
|
|
|
String groupId = null;
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
|
|
checkGroupValidity(group);
|
|
|
|
|
|
|
|
|
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
|
|
|
|
|
|
|
|
|
Group createdGroup = usrManager.createGroup(group);
|
|
|
|
@ -122,11 +129,13 @@ public class GroupManager {
|
|
|
|
|
|
|
|
|
|
@DELETE
|
|
|
|
|
@Path("{group}")
|
|
|
|
|
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
|
|
|
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
|
|
|
|
public String deleteGroup(@PathParam("group") String group){
|
|
|
|
|
|
|
|
|
|
JackrabbitSession session = null;
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
|
|
checkGroupValidity(group);
|
|
|
|
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
|
|
|
|
|
|
|
|
|
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
|
|
|
@ -154,12 +163,15 @@ public class GroupManager {
|
|
|
|
|
@PUT
|
|
|
|
|
@Path("{id}")
|
|
|
|
|
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
|
|
|
|
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
|
|
|
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
|
|
|
|
public boolean addUserToGroup(@PathParam("id") String groupId, @FormParam("userId") String userId){
|
|
|
|
|
|
|
|
|
|
JackrabbitSession session = null;
|
|
|
|
|
boolean success = false;
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
|
|
checkGroupValidity(groupId);
|
|
|
|
|
|
|
|
|
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
|
|
|
|
|
|
|
|
|
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
|
|
|
@ -190,12 +202,15 @@ public class GroupManager {
|
|
|
|
|
|
|
|
|
|
@DELETE
|
|
|
|
|
@Path("{groupId}/users/{userId}")
|
|
|
|
|
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
|
|
|
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
|
|
|
|
public boolean removeUserFromGroup(@PathParam("groupId") String groupId, @PathParam("userId") String userId){
|
|
|
|
|
|
|
|
|
|
JackrabbitSession session = null;
|
|
|
|
|
boolean success = false;
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
|
|
checkGroupValidity(groupId);
|
|
|
|
|
|
|
|
|
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
|
|
|
|
|
|
|
|
|
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
|
|
|
@ -233,12 +248,15 @@ public class GroupManager {
|
|
|
|
|
@GET
|
|
|
|
|
@Path("{groupId}/users")
|
|
|
|
|
@Produces(MediaType.APPLICATION_JSON)
|
|
|
|
|
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
|
|
|
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
|
|
|
|
public List<String> getUsersOfGroup(@PathParam("groupId") String groupId){
|
|
|
|
|
|
|
|
|
|
JackrabbitSession session = null;
|
|
|
|
|
List<String> users = new ArrayList<>();
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
|
|
checkGroupValidity(groupId);
|
|
|
|
|
|
|
|
|
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
|
|
|
|
|
|
|
|
|
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
|
|
|
@ -313,4 +331,12 @@ public class GroupManager {
|
|
|
|
|
return vreFolder;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private void checkGroupValidity(String group) throws UserNotAuthorizedException{
|
|
|
|
|
String currentContext = ScopeProvider.instance.get();
|
|
|
|
|
String expectedGroupId= currentContext.replace("/", "-").substring(1);
|
|
|
|
|
if (!group.equals(expectedGroupId))
|
|
|
|
|
throw new UserNotAuthorizedException("only VREManager can execute this operation");
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|