gCubeSystem
/
storagehub
15
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

added client method for User and Group management

This commit is contained in:
lucio 2019-10-10 18:15:38 +02:00
parent 74bace0042
commit 18cba6c067
5 changed files with 45 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.settings/org.eclipse.wst.common.component
View File

@ -4,7 +4,7 @@
<wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/> <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/> <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/> <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
<dependent-module archiveName="authorization-control-library-1.0.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/authorization-control-library/authorization-control-library"> <dependent-module archiveName="authorization-control-library-1.1.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/authorization-control-library/authorization-control-library">
<dependency-type>uses</dependency-type> <dependency-type>uses</dependency-type>
</dependent-module> </dependent-module>
<dependent-module archiveName="storagehub-model-1.0.5.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/storagehub-model/storagehub-model"> <dependent-module archiveName="storagehub-model-1.0.5.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/storagehub-model/storagehub-model">

38
src/main/java/org/gcube/data/access/storagehub/services/GroupManager.java
View File

@ -34,9 +34,11 @@ import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils
import org.gcube.common.authorization.control.annotations.AuthorizationControl; import org.gcube.common.authorization.control.annotations.AuthorizationControl;
import org.gcube.common.authorization.library.provider.AuthorizationProvider; import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse; import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.storagehub.model.acls.AccessType; import org.gcube.common.storagehub.model.acls.AccessType;
import org.gcube.common.storagehub.model.exceptions.BackendGenericError; import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
import org.gcube.common.storagehub.model.exceptions.InvalidItemException; import org.gcube.common.storagehub.model.exceptions.InvalidItemException;
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
import org.gcube.common.storagehub.model.types.NodeProperty; import org.gcube.common.storagehub.model.types.NodeProperty;
import org.gcube.common.storagehub.model.types.PrimaryNodeType; import org.gcube.common.storagehub.model.types.PrimaryNodeType;
import org.gcube.data.access.storagehub.Constants; import org.gcube.data.access.storagehub.Constants;
@ -51,6 +53,8 @@ public class GroupManager {
@Context ServletContext context; @Context ServletContext context;
private static final String VREMANAGER_ROLE = "VRE-Manager";
private static final Logger log = LoggerFactory.getLogger(GroupManager.class); private static final Logger log = LoggerFactory.getLogger(GroupManager.class);
@Inject @Inject
@ -59,7 +63,6 @@ public class GroupManager {
@GET @GET
@Path("") @Path("")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
public List<String> getGroups(){ public List<String> getGroups(){
JackrabbitSession session = null; JackrabbitSession session = null;
@ -93,12 +96,16 @@ public class GroupManager {
@POST @POST
@Path("") @Path("")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) @AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
public String createGroup(@FormParam("group") String group, @FormParam("accessType") AccessType accessType){ public String createGroup(@FormParam("group") String group, @FormParam("accessType") AccessType accessType){
JackrabbitSession session = null; JackrabbitSession session = null;
String groupId = null; String groupId = null;
try { try {
checkGroupValidity(group);
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
@ -122,11 +129,13 @@ public class GroupManager {
@DELETE @DELETE
@Path("{group}") @Path("{group}")
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) @AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
public String deleteGroup(@PathParam("group") String group){ public String deleteGroup(@PathParam("group") String group){
JackrabbitSession session = null; JackrabbitSession session = null;
try { try {
checkGroupValidity(group);
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
@ -154,12 +163,15 @@ public class GroupManager {
@PUT @PUT
@Path("{id}") @Path("{id}")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) @AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
public boolean addUserToGroup(@PathParam("id") String groupId, @FormParam("userId") String userId){ public boolean addUserToGroup(@PathParam("id") String groupId, @FormParam("userId") String userId){
JackrabbitSession session = null; JackrabbitSession session = null;
boolean success = false; boolean success = false;
try { try {
checkGroupValidity(groupId);
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
@ -190,12 +202,15 @@ public class GroupManager {
@DELETE @DELETE
@Path("{groupId}/users/{userId}") @Path("{groupId}/users/{userId}")
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) @AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
public boolean removeUserFromGroup(@PathParam("groupId") String groupId, @PathParam("userId") String userId){ public boolean removeUserFromGroup(@PathParam("groupId") String groupId, @PathParam("userId") String userId){
JackrabbitSession session = null; JackrabbitSession session = null;
boolean success = false; boolean success = false;
try { try {
checkGroupValidity(groupId);
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
@ -233,12 +248,15 @@ public class GroupManager {
@GET @GET
@Path("{groupId}/users") @Path("{groupId}/users")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) @AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
public List<String> getUsersOfGroup(@PathParam("groupId") String groupId){ public List<String> getUsersOfGroup(@PathParam("groupId") String groupId){
JackrabbitSession session = null; JackrabbitSession session = null;
List<String> users = new ArrayList<>(); List<String> users = new ArrayList<>();
try { try {
checkGroupValidity(groupId);
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context)); session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager(); org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
@ -313,4 +331,12 @@ public class GroupManager {
return vreFolder; return vreFolder;
} }
private void checkGroupValidity(String group) throws UserNotAuthorizedException{
String currentContext = ScopeProvider.instance.get();
String expectedGroupId= currentContext.replace("/", "-").substring(1);
if (!group.equals(expectedGroupId))
throw new UserNotAuthorizedException("only VREManager can execute this operation");
}
} }

2
src/main/java/org/gcube/data/access/storagehub/services/ItemsManager.java
View File

@ -280,7 +280,7 @@ public class ItemsManager {
@GET @GET
@Path("publiclink/{id}") @Path("publiclink/{id}")
@AuthorizationControl(allowed={"URIResolver"}, exception=MyAuthException.class) @AuthorizationControl(allowedUsers={"URIResolver"}, exception=MyAuthException.class)
public Response resolvePublicLink() { public Response resolvePublicLink() {
InnerMethodName.instance.set("resolvePubliclink"); InnerMethodName.instance.set("resolvePubliclink");

5
src/main/java/org/gcube/data/access/storagehub/services/UserManager.java
View File

@ -55,7 +55,6 @@ public class UserManager {
@GET @GET
@Path("") @Path("")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
public List<String> getUsers(){ public List<String> getUsers(){
JackrabbitSession session = null; JackrabbitSession session = null;
@ -89,7 +88,7 @@ public class UserManager {
@POST @POST
@Path("") @Path("")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) @AuthorizationControl(allowedUsers={"lucio.lelii"}, exception=MyAuthException.class)
public String createUser(@FormParam("user") String user, @FormParam("password") String password){ public String createUser(@FormParam("user") String user, @FormParam("password") String password){
JackrabbitSession session = null; JackrabbitSession session = null;
@ -127,7 +126,7 @@ public class UserManager {
@DELETE @DELETE
@Path("{id}") @Path("{id}")
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class) @AuthorizationControl(allowedUsers={"lucio.lelii"}, exception=MyAuthException.class)
public String deleteUser(@PathParam("id") String id){ public String deleteUser(@PathParam("id") String id){
JackrabbitSession session = null; JackrabbitSession session = null;

7
src/main/webapp/WEB-INF/gcube-app.xml
View File

@ -0,0 +1,7 @@
<application mode='online'>
<name>StorageHub</name>
<group>DataAccess</group>
<version>1.0.0-SNAPSHOT</version>
<description>Storage Hub webapp</description>
<local-persistence location='target' />
</application>