From 0afb6d804fc203175133953e853fa07af2ea4e2a Mon Sep 17 00:00:00 2001 From: Costantino Perciante Date: Fri, 16 Sep 2016 09:12:03 +0000 Subject: [PATCH] getHighestRole changed. Now also the workspace can discover in another scope for the catalogue, according to the current url at which it is deplouyed git-svn-id: http://svn.d4science-ii.research-infrastructures.eu/gcube/trunk/portlets/user/workspace-tree-widget@131437 82a268e6-3cf1-43bd-a215-b396298e98cf --- .../client/AppControllerExplorer.java | 3 +- .../client/rpc/GWTWorkspaceService.java | 11 +-- .../client/rpc/GWTWorkspaceServiceAsync.java | 15 +--- .../server/GWTWorkspaceServiceImpl.java | 72 ++++++++++--------- .../user/workspace/server/util/UserUtil.java | 37 +++++----- 5 files changed, 63 insertions(+), 75 deletions(-) diff --git a/src/main/java/org/gcube/portlets/user/workspace/client/AppControllerExplorer.java b/src/main/java/org/gcube/portlets/user/workspace/client/AppControllerExplorer.java index 6afd5c0..e2a5e2c 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/client/AppControllerExplorer.java +++ b/src/main/java/org/gcube/portlets/user/workspace/client/AppControllerExplorer.java @@ -2276,7 +2276,8 @@ public class AppControllerExplorer implements EventHandler, TreeAppControllerInt */ private void loadMyLogin(){ - rpcWorkspaceService.getMyLogin(new AsyncCallback() { + String currentUrl = Window.Location.getHref().split("\\?")[0]; + rpcWorkspaceService.getMyLogin(currentUrl, new AsyncCallback() { @Override public void onFailure(Throwable caught) { diff --git a/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java b/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java index 79bffbb..9ef1601 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java +++ b/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java @@ -528,10 +528,10 @@ public interface GWTWorkspaceService extends RemoteService{ /** * Gets the my login. - * + * @param the current url of the portlet * @return the my login */ - UserBean getMyLogin(); + UserBean getMyLogin(String currentPortletUrl); /** * Update acl for vr eby group name. @@ -694,13 +694,6 @@ public interface GWTWorkspaceService extends RemoteService{ FileModel getItemForFileTree(String itemId) throws Exception; - /** - * Allows the user to public onto the data catalogue if he has at least - * the role admin somewhere. - * @return true if he can publish, false otherwise - */ - boolean hasUserRoleAdmin(); - /** * Retrieve the username of the user into the session * @return the username of the current user diff --git a/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java b/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java index ccc8b3d..bc85f3a 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java +++ b/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java @@ -525,11 +525,11 @@ public interface GWTWorkspaceServiceAsync { /** * Gets the my login. - * + * @param the current url of the portlet * @param callback the callback * @return the my login */ - void getMyLogin(AsyncCallback callback); + void getMyLogin(String currentPortletUrl, AsyncCallback callback); /** * Update acl for vr eby group name. @@ -694,15 +694,6 @@ public interface GWTWorkspaceServiceAsync { void setGcubeItemProperties(String itemId, Map properties, AsyncCallback callback); - /** - * Allows the user to public onto the data catalogue if he has at least - * the role admin somewhere. - * - * @param callback the callback - * @return true if he can publish, false otherwise - */ - void hasUserRoleAdmin(AsyncCallback callback); - /** * Retrieve the username of the user into the session. * @@ -727,6 +718,6 @@ public interface GWTWorkspaceServiceAsync { * @param callback the callback */ void markFolderAsPublicForFolderItemId( - String itemId, boolean setPublic, AsyncCallback callback); + String itemId, boolean setPublic, AsyncCallback callback); } diff --git a/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java b/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java index 2a5b70f..f126583 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java +++ b/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java @@ -41,8 +41,11 @@ import org.gcube.common.homelibrary.home.workspace.search.SearchItem; import org.gcube.common.homelibrary.home.workspace.trash.WorkspaceTrashFolder; import org.gcube.common.homelibrary.home.workspace.trash.WorkspaceTrashItem; import org.gcube.common.scope.api.ScopeProvider; +import org.gcube.datacatalogue.ckanutillibrary.ApplicationProfileScopePerUrlReader; import org.gcube.datacatalogue.ckanutillibrary.CKanUtils; import org.gcube.datacatalogue.ckanutillibrary.CkanUtilsFactory; +import org.gcube.datacatalogue.ckanutillibrary.utils.SessionCatalogueAttributes; +import org.gcube.datacatalogue.ckanutillibrary.utils.UtilMethods; import org.gcube.portlets.user.urlshortener.UrlShortener; import org.gcube.portlets.user.workspace.client.ConstantsExplorer; import org.gcube.portlets.user.workspace.client.interfaces.GXTCategoryItemInterface; @@ -1889,10 +1892,10 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT NotificationsProducer np = getNotificationProducer(); List purgeMyContact = new ArrayList(contacts.size()-1); - String myLogin = getMyLogin().getUsername(); + String myLogin = getMyLogin(null).getUsername(); workspaceLogger.trace("Preparing list of contacts to send un share notification"); for (InfoContactModel infoContactModel : contacts) { - if(infoContactModel.getLogin().compareToIgnoreCase(getMyLogin().getUsername())==0) + if(infoContactModel.getLogin().compareToIgnoreCase(getMyLogin(null).getUsername())==0) workspaceLogger.trace("skipping my login "+myLogin); else purgeMyContact.add(infoContactModel); @@ -2667,7 +2670,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT * @see org.gcube.portlets.user.workspace.client.rpc.GWTWorkspaceService#getMyLogin() */ @Override - public UserBean getMyLogin(){ + public UserBean getMyLogin(String currentPortletUrl){ ASLSession asl = WsUtil.getAslSession(this.getThreadLocalRequest().getSession()); String username = asl.getUsername(); String email = username+"@isti.cnr.it"; @@ -2684,7 +2687,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT email = user.getEmail(); // check if he has catalogue role - publishRights = hasUserRoleAdmin(); + publishRights = enablePublishOnCatalogue(currentPortletUrl); }catch (UserManagementSystemException e) { workspaceLogger.error("UserManagementSystemException for username: "+username); } @@ -3460,16 +3463,17 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT return instance; } - /* (non-Javadoc) - * @see org.gcube.portlets.user.workspace.client.rpc.GWTWorkspaceService#hasUserRoleAdmin() + + /** + * Check if the current user has publish rights on the data catalogue + * @param currentPortletUrl + * @return */ - @Override - public boolean hasUserRoleAdmin() { + private boolean enablePublishOnCatalogue(String currentPortletUrl) { + HttpSession httpSession = this.getThreadLocalRequest().getSession(); ASLSession asl = WsUtil.getAslSession(httpSession); String username = asl.getUsername(); - String currentScope = asl.getScope(); - String groupName = asl.getGroupName(); if(!isWithinPortal()){ workspaceLogger.warn("OUT FROM PORTAL DETECTED RETURNING TRUE"); @@ -3481,12 +3485,19 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT return false; } + // retrieve scope per current portlet url + String scopePerCurrentUrl = ApplicationProfileScopePerUrlReader.getScopePerUrl(currentPortletUrl); + + // save it + this.getThreadLocalRequest().getSession().setAttribute(SessionCatalogueAttributes.SCOPE_CLIENT_PORTLET_URL, scopePerCurrentUrl); + // get key per scope - String keyPerScope = concatenateSessionKeyScope(CKAN_ROLE, asl.getScope()); + String keyPerScopeRole = UtilMethods.concatenateSessionKeyScope(SessionCatalogueAttributes.CKAN_PUBLISH_WORKSPACE, scopePerCurrentUrl); + String keyPerScopeOrganizations = UtilMethods.concatenateSessionKeyScope(SessionCatalogueAttributes.CKAN_ORGANIZATIONS_PUBLISH_KEY, scopePerCurrentUrl); // check if this information was already into the ASL Session (true means the user has at least in one org - // the role admin), false that he is just a member so he cannot publish - Boolean role = (Boolean)httpSession.getAttribute(keyPerScope); + // the role editor), false that he is just a member so he cannot publish + Boolean role = (Boolean)httpSession.getAttribute(keyPerScopeRole); // if the attribute was already set.. if(role != null) @@ -3496,15 +3507,18 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT try{ role = false; - // we build up also a list that keeps track of the scopes (orgs) in which the user has role ADMIN - List orgsInWhichAdminRole = new ArrayList(); - role = UserUtil.hasAdminRole(currentScope, username, groupName, this, orgsInWhichAdminRole); + GroupManager gm = new LiferayGroupManager(); + String groupName = gm.getGroup(gm.getGroupIdFromInfrastructureScope(scopePerCurrentUrl)).getGroupName(); - // if he is an admin preload: + // we build up also a list that keeps track of the scopes (orgs) in which the user has role ADMIN/EDITOR + List orgsInWhichAtLeastEditorRole = new ArrayList(); + role = UserUtil.getHighestRole(scopePerCurrentUrl, username, groupName, this, orgsInWhichAtLeastEditorRole); + + // if he is an admin/editor preload: // 1) organizations in which he can publish (the widget will find these info in session) if(role){ - httpSession.setAttribute(concatenateSessionKeyScope(CKAN_ORGANIZATIONS_PUBLISH_KEY, currentScope), orgsInWhichAdminRole); - workspaceLogger.info("Set organizations in which he can publish to " + orgsInWhichAdminRole + " into session for user " + username); + httpSession.setAttribute(keyPerScopeOrganizations, orgsInWhichAtLeastEditorRole); + workspaceLogger.info("Set organizations in which he can publish to " + orgsInWhichAtLeastEditorRole + " into session for user " + username); } }catch(Exception e){ workspaceLogger.error("Unable to retrieve the role information for this user. Returning FALSE", e); @@ -3512,10 +3526,10 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT } } - // set role in session - httpSession.setAttribute(CKAN_ROLE, role); + // set role in session for this scope + httpSession.setAttribute(keyPerScopeRole, role); - workspaceLogger.info("Do have the user the right to publish on the catalogue? " + role); + workspaceLogger.info("Does the user have the right to publish on the catalogue? " + role); // return false return role; @@ -3526,22 +3540,10 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT */ @Override public String getUser() { - HttpSession httpSession = this.getThreadLocalRequest().getSession(); - ASLSession session = WsUtil.getAslSession(httpSession); + ASLSession session = WsUtil.getAslSession(this.getThreadLocalRequest().getSession()); return session.getUsername(); } - /** - * Builds a string made of key + scope. - * - * @param key the key - * @param scope the scope - * @return the string - */ - public static String concatenateSessionKeyScope(String key, String scope){ - return key.concat(scope); - } - /* (non-Javadoc) * @see org.gcube.portlets.user.workspace.client.rpc.GWTWorkspaceService#markFolderAsPublicForFolderItemId(java.lang.String, boolean) diff --git a/src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java b/src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java index 340202f..569acdf 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java +++ b/src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java @@ -162,16 +162,15 @@ public class UserUtil { } /** - * Retrieve the highest ckan role the user has and also retrieve the list of organizations (scopes) in which the user has the ckan-admin role. - * + * Retrieve the highest ckan role the user has and also retrieve the list of organizations (scopes) in which the user has the ckan-admin or ckan-editor role * @param currentScope the current scope * @param username the current username * @param groupName the current groupName * @param workspaceInstance the workspace instance - * @param orgsInWhichAdminRole the orgs in which admin role + * @param orgsInWhichAtLeastEditorRole the orgs in which admin/editor role * @return true, if successful */ - public static boolean hasAdminRole(String currentScope, String username, String groupName, GWTWorkspaceServiceImpl workspaceInstance, List orgsInWhichAdminRole){ + public static boolean getHighestRole(String currentScope, String username, String groupName, GWTWorkspaceServiceImpl workspaceInstance, List orgsInWhichAtLeastEditorRole){ // base role as default value boolean toReturn = false; @@ -214,7 +213,7 @@ public class UserUtil { continue; checkIfRoleIsSetInCkanInstance(username, gCubeGroupName, correspondentRoleToCheck, workspaceInstance, - groupManager, gCubeGroup.getGroupId(), orgsInWhichAdminRole); + groupManager, gCubeGroup.getGroupId(), orgsInWhichAtLeastEditorRole); } }else if(groupManager.isVO(currentGroupId)){ @@ -239,7 +238,7 @@ public class UserUtil { continue; checkIfRoleIsSetInCkanInstance(username, gCubeGroupName, correspondentRoleToCheck, workspaceInstance, - groupManager, gCubeGroup.getGroupId(), orgsInWhichAdminRole); + groupManager, gCubeGroup.getGroupId(), orgsInWhichAtLeastEditorRole); } }else if(groupManager.isVRE(currentGroupId)){ @@ -254,7 +253,7 @@ public class UserUtil { if(correspondentRoleToCheck.equals(RolesIntoOrganization.ADMIN)){ checkIfRoleIsSetInCkanInstance(username, groupName, correspondentRoleToCheck, workspaceInstance, - groupManager, currentGroupId, orgsInWhichAdminRole); + groupManager, currentGroupId, orgsInWhichAtLeastEditorRole); } } }catch(Exception e){ @@ -262,8 +261,8 @@ public class UserUtil { return false; } - //ok, somewhere he is admin - if(orgsInWhichAdminRole.size() > 0) + //ok, somewhere he is admin/editor + if(orgsInWhichAtLeastEditorRole.size() > 0) toReturn = true; // return the role @@ -301,12 +300,11 @@ public class UserUtil { // get the orgs of the user List ckanOrgs = ckanUtils.getOrganizationsByUser(username); for (CkanOrganization ckanOrganization : ckanOrgs) { - /*TODO @COSTANTINO MUST CHECK*/ + if(ckanOrganization.getName().equals(gCubeGroupName.toLowerCase())){//|| ckanOrganization.getName().equals(CKanUtilsImpl.PRODUCTION_CKAN_ORGNAME_ROOT)){ + orgsInWhichAdminRole.add(new OrganizationBean(ckanOrganization.getTitle(), ckanOrganization.getName())); + break; + } - //if(ckanOrganization.getName().equals(gCubeGroupName.toLowerCase()) || ckanOrganization.getName().equals(CKanUtilsImpl.PRODUCTION_CKAN_ORGNAME_ROOT)){ - // orgsInWhichAdminRole.add(new OrganizationBean(ckanOrganization.getTitle(), ckanOrganization.getName())); - // break; - //} } } }else @@ -315,18 +313,21 @@ public class UserUtil { } /** - * Retrieve the ckan roles among a list of liferay roles. - * - * @param roles the roles - * @return the liferay highest role in org + * Retrieve the ckan role among a list of liferay roles + * @param roles + * @return MEMBER/EDITOR/ADMIN role */ private static RolesIntoOrganization getLiferayHighestRoleInOrg( List roles) { + // NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog for (GCubeRole gCubeRole : roles) { if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){ return RolesIntoOrganization.ADMIN; } + if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_EDITOR.getRoleName())){ + return RolesIntoOrganization.EDITOR; + } } return RolesIntoOrganization.MEMBER; }