getHighestRole changed. Now also the workspace can discover in another scope for the catalogue, according to the current url at which it is deplouyed

git-svn-id: http://svn.d4science-ii.research-infrastructures.eu/gcube/trunk/portlets/user/workspace-tree-widget@131437 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
Costantino Perciante 2016-09-16 09:12:03 +00:00
parent e55eb13007
commit 0afb6d804f
5 changed files with 63 additions and 75 deletions

View File

@ -2276,7 +2276,8 @@ public class AppControllerExplorer implements EventHandler, TreeAppControllerInt
*/
private void loadMyLogin(){
rpcWorkspaceService.getMyLogin(new AsyncCallback<UserBean>() {
String currentUrl = Window.Location.getHref().split("\\?")[0];
rpcWorkspaceService.getMyLogin(currentUrl, new AsyncCallback<UserBean>() {
@Override
public void onFailure(Throwable caught) {

View File

@ -528,10 +528,10 @@ public interface GWTWorkspaceService extends RemoteService{
/**
* Gets the my login.
*
* @param the current url of the portlet
* @return the my login
*/
UserBean getMyLogin();
UserBean getMyLogin(String currentPortletUrl);
/**
* Update acl for vr eby group name.
@ -694,13 +694,6 @@ public interface GWTWorkspaceService extends RemoteService{
FileModel getItemForFileTree(String itemId) throws Exception;
/**
* Allows the user to public onto the data catalogue if he has at least
* the role admin somewhere.
* @return true if he can publish, false otherwise
*/
boolean hasUserRoleAdmin();
/**
* Retrieve the username of the user into the session
* @return the username of the current user

View File

@ -525,11 +525,11 @@ public interface GWTWorkspaceServiceAsync {
/**
* Gets the my login.
*
* @param the current url of the portlet
* @param callback the callback
* @return the my login
*/
void getMyLogin(AsyncCallback<UserBean> callback);
void getMyLogin(String currentPortletUrl, AsyncCallback<UserBean> callback);
/**
* Update acl for vr eby group name.
@ -694,15 +694,6 @@ public interface GWTWorkspaceServiceAsync {
void setGcubeItemProperties(String itemId, Map<String, String> properties,
AsyncCallback<Void> callback);
/**
* Allows the user to public onto the data catalogue if he has at least
* the role admin somewhere.
*
* @param callback the callback
* @return true if he can publish, false otherwise
*/
void hasUserRoleAdmin(AsyncCallback<Boolean> callback);
/**
* Retrieve the username of the user into the session.
*
@ -727,6 +718,6 @@ public interface GWTWorkspaceServiceAsync {
* @param callback the callback
*/
void markFolderAsPublicForFolderItemId(
String itemId, boolean setPublic, AsyncCallback<PublicLink> callback);
String itemId, boolean setPublic, AsyncCallback<PublicLink> callback);
}

View File

@ -41,8 +41,11 @@ import org.gcube.common.homelibrary.home.workspace.search.SearchItem;
import org.gcube.common.homelibrary.home.workspace.trash.WorkspaceTrashFolder;
import org.gcube.common.homelibrary.home.workspace.trash.WorkspaceTrashItem;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.datacatalogue.ckanutillibrary.ApplicationProfileScopePerUrlReader;
import org.gcube.datacatalogue.ckanutillibrary.CKanUtils;
import org.gcube.datacatalogue.ckanutillibrary.CkanUtilsFactory;
import org.gcube.datacatalogue.ckanutillibrary.utils.SessionCatalogueAttributes;
import org.gcube.datacatalogue.ckanutillibrary.utils.UtilMethods;
import org.gcube.portlets.user.urlshortener.UrlShortener;
import org.gcube.portlets.user.workspace.client.ConstantsExplorer;
import org.gcube.portlets.user.workspace.client.interfaces.GXTCategoryItemInterface;
@ -1889,10 +1892,10 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
NotificationsProducer np = getNotificationProducer();
List<InfoContactModel> purgeMyContact = new ArrayList<InfoContactModel>(contacts.size()-1);
String myLogin = getMyLogin().getUsername();
String myLogin = getMyLogin(null).getUsername();
workspaceLogger.trace("Preparing list of contacts to send un share notification");
for (InfoContactModel infoContactModel : contacts) {
if(infoContactModel.getLogin().compareToIgnoreCase(getMyLogin().getUsername())==0)
if(infoContactModel.getLogin().compareToIgnoreCase(getMyLogin(null).getUsername())==0)
workspaceLogger.trace("skipping my login "+myLogin);
else
purgeMyContact.add(infoContactModel);
@ -2667,7 +2670,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
* @see org.gcube.portlets.user.workspace.client.rpc.GWTWorkspaceService#getMyLogin()
*/
@Override
public UserBean getMyLogin(){
public UserBean getMyLogin(String currentPortletUrl){
ASLSession asl = WsUtil.getAslSession(this.getThreadLocalRequest().getSession());
String username = asl.getUsername();
String email = username+"@isti.cnr.it";
@ -2684,7 +2687,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
email = user.getEmail();
// check if he has catalogue role
publishRights = hasUserRoleAdmin();
publishRights = enablePublishOnCatalogue(currentPortletUrl);
}catch (UserManagementSystemException e) {
workspaceLogger.error("UserManagementSystemException for username: "+username);
}
@ -3460,16 +3463,17 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
return instance;
}
/* (non-Javadoc)
* @see org.gcube.portlets.user.workspace.client.rpc.GWTWorkspaceService#hasUserRoleAdmin()
/**
* Check if the current user has publish rights on the data catalogue
* @param currentPortletUrl
* @return
*/
@Override
public boolean hasUserRoleAdmin() {
private boolean enablePublishOnCatalogue(String currentPortletUrl) {
HttpSession httpSession = this.getThreadLocalRequest().getSession();
ASLSession asl = WsUtil.getAslSession(httpSession);
String username = asl.getUsername();
String currentScope = asl.getScope();
String groupName = asl.getGroupName();
if(!isWithinPortal()){
workspaceLogger.warn("OUT FROM PORTAL DETECTED RETURNING TRUE");
@ -3481,12 +3485,19 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
return false;
}
// retrieve scope per current portlet url
String scopePerCurrentUrl = ApplicationProfileScopePerUrlReader.getScopePerUrl(currentPortletUrl);
// save it
this.getThreadLocalRequest().getSession().setAttribute(SessionCatalogueAttributes.SCOPE_CLIENT_PORTLET_URL, scopePerCurrentUrl);
// get key per scope
String keyPerScope = concatenateSessionKeyScope(CKAN_ROLE, asl.getScope());
String keyPerScopeRole = UtilMethods.concatenateSessionKeyScope(SessionCatalogueAttributes.CKAN_PUBLISH_WORKSPACE, scopePerCurrentUrl);
String keyPerScopeOrganizations = UtilMethods.concatenateSessionKeyScope(SessionCatalogueAttributes.CKAN_ORGANIZATIONS_PUBLISH_KEY, scopePerCurrentUrl);
// check if this information was already into the ASL Session (true means the user has at least in one org
// the role admin), false that he is just a member so he cannot publish
Boolean role = (Boolean)httpSession.getAttribute(keyPerScope);
// the role editor), false that he is just a member so he cannot publish
Boolean role = (Boolean)httpSession.getAttribute(keyPerScopeRole);
// if the attribute was already set..
if(role != null)
@ -3496,15 +3507,18 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
try{
role = false;
// we build up also a list that keeps track of the scopes (orgs) in which the user has role ADMIN
List<OrganizationBean> orgsInWhichAdminRole = new ArrayList<OrganizationBean>();
role = UserUtil.hasAdminRole(currentScope, username, groupName, this, orgsInWhichAdminRole);
GroupManager gm = new LiferayGroupManager();
String groupName = gm.getGroup(gm.getGroupIdFromInfrastructureScope(scopePerCurrentUrl)).getGroupName();
// if he is an admin preload:
// we build up also a list that keeps track of the scopes (orgs) in which the user has role ADMIN/EDITOR
List<OrganizationBean> orgsInWhichAtLeastEditorRole = new ArrayList<OrganizationBean>();
role = UserUtil.getHighestRole(scopePerCurrentUrl, username, groupName, this, orgsInWhichAtLeastEditorRole);
// if he is an admin/editor preload:
// 1) organizations in which he can publish (the widget will find these info in session)
if(role){
httpSession.setAttribute(concatenateSessionKeyScope(CKAN_ORGANIZATIONS_PUBLISH_KEY, currentScope), orgsInWhichAdminRole);
workspaceLogger.info("Set organizations in which he can publish to " + orgsInWhichAdminRole + " into session for user " + username);
httpSession.setAttribute(keyPerScopeOrganizations, orgsInWhichAtLeastEditorRole);
workspaceLogger.info("Set organizations in which he can publish to " + orgsInWhichAtLeastEditorRole + " into session for user " + username);
}
}catch(Exception e){
workspaceLogger.error("Unable to retrieve the role information for this user. Returning FALSE", e);
@ -3512,10 +3526,10 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
}
}
// set role in session
httpSession.setAttribute(CKAN_ROLE, role);
// set role in session for this scope
httpSession.setAttribute(keyPerScopeRole, role);
workspaceLogger.info("Do have the user the right to publish on the catalogue? " + role);
workspaceLogger.info("Does the user have the right to publish on the catalogue? " + role);
// return false
return role;
@ -3526,22 +3540,10 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
*/
@Override
public String getUser() {
HttpSession httpSession = this.getThreadLocalRequest().getSession();
ASLSession session = WsUtil.getAslSession(httpSession);
ASLSession session = WsUtil.getAslSession(this.getThreadLocalRequest().getSession());
return session.getUsername();
}
/**
* Builds a string made of key + scope.
*
* @param key the key
* @param scope the scope
* @return the string
*/
public static String concatenateSessionKeyScope(String key, String scope){
return key.concat(scope);
}
/* (non-Javadoc)
* @see org.gcube.portlets.user.workspace.client.rpc.GWTWorkspaceService#markFolderAsPublicForFolderItemId(java.lang.String, boolean)

View File

@ -162,16 +162,15 @@ public class UserUtil {
}
/**
* Retrieve the highest ckan role the user has and also retrieve the list of organizations (scopes) in which the user has the ckan-admin role.
*
* Retrieve the highest ckan role the user has and also retrieve the list of organizations (scopes) in which the user has the ckan-admin or ckan-editor role
* @param currentScope the current scope
* @param username the current username
* @param groupName the current groupName
* @param workspaceInstance the workspace instance
* @param orgsInWhichAdminRole the orgs in which admin role
* @param orgsInWhichAtLeastEditorRole the orgs in which admin/editor role
* @return true, if successful
*/
public static boolean hasAdminRole(String currentScope, String username, String groupName, GWTWorkspaceServiceImpl workspaceInstance, List<OrganizationBean> orgsInWhichAdminRole){
public static boolean getHighestRole(String currentScope, String username, String groupName, GWTWorkspaceServiceImpl workspaceInstance, List<OrganizationBean> orgsInWhichAtLeastEditorRole){
// base role as default value
boolean toReturn = false;
@ -214,7 +213,7 @@ public class UserUtil {
continue;
checkIfRoleIsSetInCkanInstance(username, gCubeGroupName, correspondentRoleToCheck, workspaceInstance,
groupManager, gCubeGroup.getGroupId(), orgsInWhichAdminRole);
groupManager, gCubeGroup.getGroupId(), orgsInWhichAtLeastEditorRole);
}
}else if(groupManager.isVO(currentGroupId)){
@ -239,7 +238,7 @@ public class UserUtil {
continue;
checkIfRoleIsSetInCkanInstance(username, gCubeGroupName, correspondentRoleToCheck, workspaceInstance,
groupManager, gCubeGroup.getGroupId(), orgsInWhichAdminRole);
groupManager, gCubeGroup.getGroupId(), orgsInWhichAtLeastEditorRole);
}
}else if(groupManager.isVRE(currentGroupId)){
@ -254,7 +253,7 @@ public class UserUtil {
if(correspondentRoleToCheck.equals(RolesIntoOrganization.ADMIN)){
checkIfRoleIsSetInCkanInstance(username, groupName, correspondentRoleToCheck, workspaceInstance,
groupManager, currentGroupId, orgsInWhichAdminRole);
groupManager, currentGroupId, orgsInWhichAtLeastEditorRole);
}
}
}catch(Exception e){
@ -262,8 +261,8 @@ public class UserUtil {
return false;
}
//ok, somewhere he is admin
if(orgsInWhichAdminRole.size() > 0)
//ok, somewhere he is admin/editor
if(orgsInWhichAtLeastEditorRole.size() > 0)
toReturn = true;
// return the role
@ -301,12 +300,11 @@ public class UserUtil {
// get the orgs of the user
List<CkanOrganization> ckanOrgs = ckanUtils.getOrganizationsByUser(username);
for (CkanOrganization ckanOrganization : ckanOrgs) {
/*TODO @COSTANTINO MUST CHECK*/
if(ckanOrganization.getName().equals(gCubeGroupName.toLowerCase())){//|| ckanOrganization.getName().equals(CKanUtilsImpl.PRODUCTION_CKAN_ORGNAME_ROOT)){
orgsInWhichAdminRole.add(new OrganizationBean(ckanOrganization.getTitle(), ckanOrganization.getName()));
break;
}
//if(ckanOrganization.getName().equals(gCubeGroupName.toLowerCase()) || ckanOrganization.getName().equals(CKanUtilsImpl.PRODUCTION_CKAN_ORGNAME_ROOT)){
// orgsInWhichAdminRole.add(new OrganizationBean(ckanOrganization.getTitle(), ckanOrganization.getName()));
// break;
//}
}
}
}else
@ -315,18 +313,21 @@ public class UserUtil {
}
/**
* Retrieve the ckan roles among a list of liferay roles.
*
* @param roles the roles
* @return the liferay highest role in org
* Retrieve the ckan role among a list of liferay roles
* @param roles
* @return MEMBER/EDITOR/ADMIN role
*/
private static RolesIntoOrganization getLiferayHighestRoleInOrg(
List<GCubeRole> roles) {
// NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog
for (GCubeRole gCubeRole : roles) {
if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){
return RolesIntoOrganization.ADMIN;
}
if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_EDITOR.getRoleName())){
return RolesIntoOrganization.EDITOR;
}
}
return RolesIntoOrganization.MEMBER;
}