added client method for User and Group management
This commit is contained in:
parent
74bace0042
commit
18cba6c067
|
@ -4,7 +4,7 @@
|
|||
<wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
|
||||
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
|
||||
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
|
||||
<dependent-module archiveName="authorization-control-library-1.0.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/authorization-control-library/authorization-control-library">
|
||||
<dependent-module archiveName="authorization-control-library-1.1.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/authorization-control-library/authorization-control-library">
|
||||
<dependency-type>uses</dependency-type>
|
||||
</dependent-module>
|
||||
<dependent-module archiveName="storagehub-model-1.0.5.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/storagehub-model/storagehub-model">
|
||||
|
|
|
@ -34,9 +34,11 @@ import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils
|
|||
import org.gcube.common.authorization.control.annotations.AuthorizationControl;
|
||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.common.storagehub.model.acls.AccessType;
|
||||
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
|
||||
import org.gcube.common.storagehub.model.exceptions.InvalidItemException;
|
||||
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
|
||||
import org.gcube.common.storagehub.model.types.NodeProperty;
|
||||
import org.gcube.common.storagehub.model.types.PrimaryNodeType;
|
||||
import org.gcube.data.access.storagehub.Constants;
|
||||
|
@ -51,6 +53,8 @@ public class GroupManager {
|
|||
|
||||
@Context ServletContext context;
|
||||
|
||||
private static final String VREMANAGER_ROLE = "VRE-Manager";
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(GroupManager.class);
|
||||
|
||||
@Inject
|
||||
|
@ -59,7 +63,6 @@ public class GroupManager {
|
|||
@GET
|
||||
@Path("")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
||||
public List<String> getGroups(){
|
||||
|
||||
JackrabbitSession session = null;
|
||||
|
@ -93,12 +96,16 @@ public class GroupManager {
|
|||
@POST
|
||||
@Path("")
|
||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
||||
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
||||
public String createGroup(@FormParam("group") String group, @FormParam("accessType") AccessType accessType){
|
||||
|
||||
|
||||
JackrabbitSession session = null;
|
||||
String groupId = null;
|
||||
try {
|
||||
|
||||
checkGroupValidity(group);
|
||||
|
||||
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
||||
|
||||
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
||||
|
@ -122,11 +129,13 @@ public class GroupManager {
|
|||
|
||||
@DELETE
|
||||
@Path("{group}")
|
||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
||||
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
||||
public String deleteGroup(@PathParam("group") String group){
|
||||
|
||||
JackrabbitSession session = null;
|
||||
try {
|
||||
|
||||
checkGroupValidity(group);
|
||||
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
||||
|
||||
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
||||
|
@ -154,12 +163,15 @@ public class GroupManager {
|
|||
@PUT
|
||||
@Path("{id}")
|
||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
||||
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
||||
public boolean addUserToGroup(@PathParam("id") String groupId, @FormParam("userId") String userId){
|
||||
|
||||
JackrabbitSession session = null;
|
||||
boolean success = false;
|
||||
try {
|
||||
|
||||
checkGroupValidity(groupId);
|
||||
|
||||
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
||||
|
||||
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
||||
|
@ -190,12 +202,15 @@ public class GroupManager {
|
|||
|
||||
@DELETE
|
||||
@Path("{groupId}/users/{userId}")
|
||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
||||
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
||||
public boolean removeUserFromGroup(@PathParam("groupId") String groupId, @PathParam("userId") String userId){
|
||||
|
||||
JackrabbitSession session = null;
|
||||
boolean success = false;
|
||||
try {
|
||||
|
||||
checkGroupValidity(groupId);
|
||||
|
||||
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
||||
|
||||
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
||||
|
@ -233,12 +248,15 @@ public class GroupManager {
|
|||
@GET
|
||||
@Path("{groupId}/users")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
||||
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
||||
public List<String> getUsersOfGroup(@PathParam("groupId") String groupId){
|
||||
|
||||
JackrabbitSession session = null;
|
||||
List<String> users = new ArrayList<>();
|
||||
try {
|
||||
|
||||
checkGroupValidity(groupId);
|
||||
|
||||
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
||||
|
||||
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
||||
|
@ -313,4 +331,12 @@ public class GroupManager {
|
|||
return vreFolder;
|
||||
}
|
||||
|
||||
private void checkGroupValidity(String group) throws UserNotAuthorizedException{
|
||||
String currentContext = ScopeProvider.instance.get();
|
||||
String expectedGroupId= currentContext.replace("/", "-").substring(1);
|
||||
if (!group.equals(expectedGroupId))
|
||||
throw new UserNotAuthorizedException("only VREManager can execute this operation");
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -280,7 +280,7 @@ public class ItemsManager {
|
|||
|
||||
@GET
|
||||
@Path("publiclink/{id}")
|
||||
@AuthorizationControl(allowed={"URIResolver"}, exception=MyAuthException.class)
|
||||
@AuthorizationControl(allowedUsers={"URIResolver"}, exception=MyAuthException.class)
|
||||
public Response resolvePublicLink() {
|
||||
InnerMethodName.instance.set("resolvePubliclink");
|
||||
|
||||
|
|
|
@ -55,7 +55,6 @@ public class UserManager {
|
|||
@GET
|
||||
@Path("")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
||||
public List<String> getUsers(){
|
||||
|
||||
JackrabbitSession session = null;
|
||||
|
@ -89,7 +88,7 @@ public class UserManager {
|
|||
@POST
|
||||
@Path("")
|
||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
||||
@AuthorizationControl(allowedUsers={"lucio.lelii"}, exception=MyAuthException.class)
|
||||
public String createUser(@FormParam("user") String user, @FormParam("password") String password){
|
||||
|
||||
JackrabbitSession session = null;
|
||||
|
@ -127,7 +126,7 @@ public class UserManager {
|
|||
|
||||
@DELETE
|
||||
@Path("{id}")
|
||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
||||
@AuthorizationControl(allowedUsers={"lucio.lelii"}, exception=MyAuthException.class)
|
||||
public String deleteUser(@PathParam("id") String id){
|
||||
|
||||
JackrabbitSession session = null;
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
<application mode='online'>
|
||||
<name>StorageHub</name>
|
||||
<group>DataAccess</group>
|
||||
<version>1.0.0-SNAPSHOT</version>
|
||||
<description>Storage Hub webapp</description>
|
||||
<local-persistence location='target' />
|
||||
</application>
|
Loading…
Reference in New Issue