gCubeSystem
/
workspace-tree-widget
15
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

publish on data catalogue is only allowed to admins and sysadmins 

git-svn-id: http://svn.d4science-ii.research-infrastructures.eu/gcube/trunk/portlets/user/workspace-tree-widget@130559 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
Costantino Perciante 2016-07-19 15:56:50 +00:00
parent f2c95d4cdd
commit 8181d4ce19
4 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java
View File

@ -696,10 +696,10 @@ public interface GWTWorkspaceService extends RemoteService{
/**
* Allows the user to public onto the data catalogue if he has at least
* the role editor somewhere.
* the role admin somewhere.
* @return true if he can publish, false otherwise
*/
boolean hasUserRoleAdminOrEditor();
boolean hasUserRoleAdminOrSysadmin();
/**
* Retrieve the username of the user into the session

4
src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java
View File

@ -685,10 +685,10 @@ public interface GWTWorkspaceServiceAsync {
/**
* Allows the user to public onto the data catalogue if he has at least
* the role editor somewhere.
* the role admin somewhere.
* @return true if he can publish, false otherwise
*/
void hasUserRoleAdminOrEditor(AsyncCallback<Boolean> callback);
void hasUserRoleAdminOrSysadmin(AsyncCallback<Boolean> callback);
/**
* Retrieve the username of the user into the session

37
src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java
View File

@ -119,7 +119,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
private static final String CKAN_LICENSES_KEY = "ckanLicenses"; // licenses
private static final String CKAN_ORGANIZATIONS_PUBLISH_KEY = "ckanOrganizationsPublish"; // here he can publish
private static final String CKAN_PROFILES_KEY = "ckanProfiles"; // product profiles
/**
* Since it needs the scope, we need to check if it is null or not
* @return
@ -2695,7 +2695,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
String email = username+"@isti.cnr.it";
String firstName = "Testing";
String lastName = "User";
boolean catalogueEditor = false;
boolean publishRights = false;
if (isWithinPortal() && username.compareTo(WsUtil.TEST_USER) != 0) {
try {
@ -2706,7 +2706,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
email = user.getEmail();
// check if he has catalogue role
catalogueEditor = hasUserRoleAdminOrEditor();
publishRights = hasUserRoleAdminOrSysadmin();
}catch (UserManagementSystemException e) {
workspaceLogger.error("UserManagementSystemException for username: "+username);
}
@ -2715,7 +2715,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
}
}
return new UserBean(username, firstName, lastName, email, catalogueEditor);
return new UserBean(username, firstName, lastName, email, publishRights);
}
/**
@ -3430,12 +3430,12 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
}
@Override
public boolean hasUserRoleAdminOrEditor() {
public boolean hasUserRoleAdminOrSysadmin() {
HttpSession httpSession = this.getThreadLocalRequest().getSession();
ASLSession asl = WsUtil.getAslSession(httpSession);
String username = asl.getUsername();
String currentScope = asl.getScope();
if(!isWithinPortal()){
workspaceLogger.warn("OUT FROM PORTAL DETECTED RETURNING TRUE");
return false;
@ -3445,7 +3445,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
workspaceLogger.warn("Session expired");
return false;
}
// get key per scope
String keyPerScope = concatenateSessionKeyScope(CKAN_ROLE, asl.getScope());
@ -3480,7 +3480,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
// we need to iterate over vres of the user
List<GCubeGroup> groups = groupManager.listGroupsByUser(userManager.getUserId(username));
// user id
long userid = userManager.getUserId(username);
@ -3509,11 +3509,12 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
correspondentRoleToCheck = RolesIntoOrganization.ADMIN;
toReturn = true;
break;
}else if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_EDITOR.getRoleName())){
correspondentRoleToCheck = RolesIntoOrganization.EDITOR;
toReturn = true;
break;
}
// }else if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_EDITOR.getRoleName())){
// correspondentRoleToCheck = RolesIntoOrganization.EDITOR;
// toReturn = true;
// break;
// }
}
// if the role is member, continue
@ -3530,17 +3531,17 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
result = toReturn;
httpSession.setAttribute(keyPerScope, result);
}
// if result is true, preload ckan licenses, organizations, profiles
if(result){
workspaceLogger.debug("It seems that the user has editor/admin roles");
UserUtil.getLicenses(httpSession, username, concatenateSessionKeyScope(CKAN_LICENSES_KEY, currentScope), ckanUtils);
UserUtil.getUserOrganizationsList(httpSession, username, isSysAdmin, concatenateSessionKeyScope(CKAN_ORGANIZATIONS_PUBLISH_KEY, currentScope), ckanUtils, getUserCKanTokenFromSession());
UserUtil.getMetadataProfilesList(httpSession, username, concatenateSessionKeyScope(CKAN_PROFILES_KEY, currentScope), ckanUtils);
}
return result;
}catch(Exception e){
@ -3554,7 +3555,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
return false;
}
}
/**
* Get current user's token
* @return String the ckan user's token
@ -3607,7 +3608,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
ASLSession session = WsUtil.getAslSession(httpSession);
return session.getUsername();
}
/**
* Builds a string made of key + scope
* @param key

5
src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java
View File

@ -220,9 +220,8 @@ public class UserUtil {
}else{
// We need to retrieve orgs in which the user has the roles ADMIN or EDITOR
// We need to retrieve orgs in which the user has the roles ADMIN
List<RolesIntoOrganization> rolesToMatch = new ArrayList<RolesIntoOrganization>();
rolesToMatch.add(RolesIntoOrganization.EDITOR);
rolesToMatch.add(RolesIntoOrganization.ADMIN);
Map<String, List<RolesIntoOrganization>> orgsAndRoles = ckanUtils.getGroupsAndRolesByUser(username, rolesToMatch);
@ -234,7 +233,7 @@ public class UserUtil {
Map.Entry<String, List<RolesIntoOrganization>> entry = (Map.Entry<String, List<RolesIntoOrganization>>) iterator
.next();
orgsName.add(entry.getKey());
logger.debug("The user has a role ADMIN/EDITOR into org " + entry.getKey());
logger.debug("The user has a role ADMIN into org " + entry.getKey());
}
}
session.setAttribute(ckanOrganizationsPublishKey, orgsName);