publish on data catalogue is only allowed to admins and sysadmins
git-svn-id: http://svn.d4science-ii.research-infrastructures.eu/gcube/trunk/portlets/user/workspace-tree-widget@130559 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
f2c95d4cdd
commit
8181d4ce19
|
@ -696,10 +696,10 @@ public interface GWTWorkspaceService extends RemoteService{
|
|||
|
||||
/**
|
||||
* Allows the user to public onto the data catalogue if he has at least
|
||||
* the role editor somewhere.
|
||||
* the role admin somewhere.
|
||||
* @return true if he can publish, false otherwise
|
||||
*/
|
||||
boolean hasUserRoleAdminOrEditor();
|
||||
boolean hasUserRoleAdminOrSysadmin();
|
||||
|
||||
/**
|
||||
* Retrieve the username of the user into the session
|
||||
|
|
|
@ -685,10 +685,10 @@ public interface GWTWorkspaceServiceAsync {
|
|||
|
||||
/**
|
||||
* Allows the user to public onto the data catalogue if he has at least
|
||||
* the role editor somewhere.
|
||||
* the role admin somewhere.
|
||||
* @return true if he can publish, false otherwise
|
||||
*/
|
||||
void hasUserRoleAdminOrEditor(AsyncCallback<Boolean> callback);
|
||||
void hasUserRoleAdminOrSysadmin(AsyncCallback<Boolean> callback);
|
||||
|
||||
/**
|
||||
* Retrieve the username of the user into the session
|
||||
|
|
|
@ -119,7 +119,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
|||
private static final String CKAN_LICENSES_KEY = "ckanLicenses"; // licenses
|
||||
private static final String CKAN_ORGANIZATIONS_PUBLISH_KEY = "ckanOrganizationsPublish"; // here he can publish
|
||||
private static final String CKAN_PROFILES_KEY = "ckanProfiles"; // product profiles
|
||||
|
||||
|
||||
/**
|
||||
* Since it needs the scope, we need to check if it is null or not
|
||||
* @return
|
||||
|
@ -2695,7 +2695,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
|||
String email = username+"@isti.cnr.it";
|
||||
String firstName = "Testing";
|
||||
String lastName = "User";
|
||||
boolean catalogueEditor = false;
|
||||
boolean publishRights = false;
|
||||
|
||||
if (isWithinPortal() && username.compareTo(WsUtil.TEST_USER) != 0) {
|
||||
try {
|
||||
|
@ -2706,7 +2706,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
|||
email = user.getEmail();
|
||||
|
||||
// check if he has catalogue role
|
||||
catalogueEditor = hasUserRoleAdminOrEditor();
|
||||
publishRights = hasUserRoleAdminOrSysadmin();
|
||||
}catch (UserManagementSystemException e) {
|
||||
workspaceLogger.error("UserManagementSystemException for username: "+username);
|
||||
}
|
||||
|
@ -2715,7 +2715,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
|||
}
|
||||
|
||||
}
|
||||
return new UserBean(username, firstName, lastName, email, catalogueEditor);
|
||||
return new UserBean(username, firstName, lastName, email, publishRights);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -3430,12 +3430,12 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
|||
}
|
||||
|
||||
@Override
|
||||
public boolean hasUserRoleAdminOrEditor() {
|
||||
public boolean hasUserRoleAdminOrSysadmin() {
|
||||
HttpSession httpSession = this.getThreadLocalRequest().getSession();
|
||||
ASLSession asl = WsUtil.getAslSession(httpSession);
|
||||
String username = asl.getUsername();
|
||||
String currentScope = asl.getScope();
|
||||
|
||||
|
||||
if(!isWithinPortal()){
|
||||
workspaceLogger.warn("OUT FROM PORTAL DETECTED RETURNING TRUE");
|
||||
return false;
|
||||
|
@ -3445,7 +3445,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
|||
workspaceLogger.warn("Session expired");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
// get key per scope
|
||||
String keyPerScope = concatenateSessionKeyScope(CKAN_ROLE, asl.getScope());
|
||||
|
||||
|
@ -3480,7 +3480,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
|||
|
||||
// we need to iterate over vres of the user
|
||||
List<GCubeGroup> groups = groupManager.listGroupsByUser(userManager.getUserId(username));
|
||||
|
||||
|
||||
// user id
|
||||
long userid = userManager.getUserId(username);
|
||||
|
||||
|
@ -3509,11 +3509,12 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
|||
correspondentRoleToCheck = RolesIntoOrganization.ADMIN;
|
||||
toReturn = true;
|
||||
break;
|
||||
}else if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_EDITOR.getRoleName())){
|
||||
correspondentRoleToCheck = RolesIntoOrganization.EDITOR;
|
||||
toReturn = true;
|
||||
break;
|
||||
}
|
||||
// }else if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_EDITOR.getRoleName())){
|
||||
// correspondentRoleToCheck = RolesIntoOrganization.EDITOR;
|
||||
// toReturn = true;
|
||||
// break;
|
||||
// }
|
||||
}
|
||||
|
||||
// if the role is member, continue
|
||||
|
@ -3530,17 +3531,17 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
|||
result = toReturn;
|
||||
httpSession.setAttribute(keyPerScope, result);
|
||||
}
|
||||
|
||||
|
||||
// if result is true, preload ckan licenses, organizations, profiles
|
||||
if(result){
|
||||
|
||||
|
||||
workspaceLogger.debug("It seems that the user has editor/admin roles");
|
||||
UserUtil.getLicenses(httpSession, username, concatenateSessionKeyScope(CKAN_LICENSES_KEY, currentScope), ckanUtils);
|
||||
UserUtil.getUserOrganizationsList(httpSession, username, isSysAdmin, concatenateSessionKeyScope(CKAN_ORGANIZATIONS_PUBLISH_KEY, currentScope), ckanUtils, getUserCKanTokenFromSession());
|
||||
UserUtil.getMetadataProfilesList(httpSession, username, concatenateSessionKeyScope(CKAN_PROFILES_KEY, currentScope), ckanUtils);
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
return result;
|
||||
|
||||
}catch(Exception e){
|
||||
|
@ -3554,7 +3555,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
|||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get current user's token
|
||||
* @return String the ckan user's token
|
||||
|
@ -3607,7 +3608,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
|||
ASLSession session = WsUtil.getAslSession(httpSession);
|
||||
return session.getUsername();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Builds a string made of key + scope
|
||||
* @param key
|
||||
|
|
|
@ -220,9 +220,8 @@ public class UserUtil {
|
|||
|
||||
}else{
|
||||
|
||||
// We need to retrieve orgs in which the user has the roles ADMIN or EDITOR
|
||||
// We need to retrieve orgs in which the user has the roles ADMIN
|
||||
List<RolesIntoOrganization> rolesToMatch = new ArrayList<RolesIntoOrganization>();
|
||||
rolesToMatch.add(RolesIntoOrganization.EDITOR);
|
||||
rolesToMatch.add(RolesIntoOrganization.ADMIN);
|
||||
|
||||
Map<String, List<RolesIntoOrganization>> orgsAndRoles = ckanUtils.getGroupsAndRolesByUser(username, rolesToMatch);
|
||||
|
@ -234,7 +233,7 @@ public class UserUtil {
|
|||
Map.Entry<String, List<RolesIntoOrganization>> entry = (Map.Entry<String, List<RolesIntoOrganization>>) iterator
|
||||
.next();
|
||||
orgsName.add(entry.getKey());
|
||||
logger.debug("The user has a role ADMIN/EDITOR into org " + entry.getKey());
|
||||
logger.debug("The user has a role ADMIN into org " + entry.getKey());
|
||||
}
|
||||
}
|
||||
session.setAttribute(ckanOrganizationsPublishKey, orgsName);
|
||||
|
|
Loading…
Reference in New Issue