From 8181d4ce19f295f987fc5cffa7b5884d994f898f Mon Sep 17 00:00:00 2001 From: Costantino Perciante Date: Tue, 19 Jul 2016 15:56:50 +0000 Subject: [PATCH] publish on data catalogue is only allowed to admins and sysadmins git-svn-id: http://svn.d4science-ii.research-infrastructures.eu/gcube/trunk/portlets/user/workspace-tree-widget@130559 82a268e6-3cf1-43bd-a215-b396298e98cf --- .../client/rpc/GWTWorkspaceService.java | 4 +- .../client/rpc/GWTWorkspaceServiceAsync.java | 4 +- .../server/GWTWorkspaceServiceImpl.java | 37 ++++++++++--------- .../user/workspace/server/util/UserUtil.java | 5 +-- 4 files changed, 25 insertions(+), 25 deletions(-) diff --git a/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java b/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java index c801cf3..38c0fd1 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java +++ b/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java @@ -696,10 +696,10 @@ public interface GWTWorkspaceService extends RemoteService{ /** * Allows the user to public onto the data catalogue if he has at least - * the role editor somewhere. + * the role admin somewhere. * @return true if he can publish, false otherwise */ - boolean hasUserRoleAdminOrEditor(); + boolean hasUserRoleAdminOrSysadmin(); /** * Retrieve the username of the user into the session diff --git a/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java b/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java index e79ac18..1ee334b 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java +++ b/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java @@ -685,10 +685,10 @@ public interface GWTWorkspaceServiceAsync { /** * Allows the user to public onto the data catalogue if he has at least - * the role editor somewhere. + * the role admin somewhere. * @return true if he can publish, false otherwise */ - void hasUserRoleAdminOrEditor(AsyncCallback callback); + void hasUserRoleAdminOrSysadmin(AsyncCallback callback); /** * Retrieve the username of the user into the session diff --git a/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java b/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java index 7ad5758..737ff4e 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java +++ b/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java @@ -119,7 +119,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT private static final String CKAN_LICENSES_KEY = "ckanLicenses"; // licenses private static final String CKAN_ORGANIZATIONS_PUBLISH_KEY = "ckanOrganizationsPublish"; // here he can publish private static final String CKAN_PROFILES_KEY = "ckanProfiles"; // product profiles - + /** * Since it needs the scope, we need to check if it is null or not * @return @@ -2695,7 +2695,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT String email = username+"@isti.cnr.it"; String firstName = "Testing"; String lastName = "User"; - boolean catalogueEditor = false; + boolean publishRights = false; if (isWithinPortal() && username.compareTo(WsUtil.TEST_USER) != 0) { try { @@ -2706,7 +2706,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT email = user.getEmail(); // check if he has catalogue role - catalogueEditor = hasUserRoleAdminOrEditor(); + publishRights = hasUserRoleAdminOrSysadmin(); }catch (UserManagementSystemException e) { workspaceLogger.error("UserManagementSystemException for username: "+username); } @@ -2715,7 +2715,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT } } - return new UserBean(username, firstName, lastName, email, catalogueEditor); + return new UserBean(username, firstName, lastName, email, publishRights); } /** @@ -3430,12 +3430,12 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT } @Override - public boolean hasUserRoleAdminOrEditor() { + public boolean hasUserRoleAdminOrSysadmin() { HttpSession httpSession = this.getThreadLocalRequest().getSession(); ASLSession asl = WsUtil.getAslSession(httpSession); String username = asl.getUsername(); String currentScope = asl.getScope(); - + if(!isWithinPortal()){ workspaceLogger.warn("OUT FROM PORTAL DETECTED RETURNING TRUE"); return false; @@ -3445,7 +3445,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT workspaceLogger.warn("Session expired"); return false; } - + // get key per scope String keyPerScope = concatenateSessionKeyScope(CKAN_ROLE, asl.getScope()); @@ -3480,7 +3480,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT // we need to iterate over vres of the user List groups = groupManager.listGroupsByUser(userManager.getUserId(username)); - + // user id long userid = userManager.getUserId(username); @@ -3509,11 +3509,12 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT correspondentRoleToCheck = RolesIntoOrganization.ADMIN; toReturn = true; break; - }else if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_EDITOR.getRoleName())){ - correspondentRoleToCheck = RolesIntoOrganization.EDITOR; - toReturn = true; - break; } + // }else if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_EDITOR.getRoleName())){ + // correspondentRoleToCheck = RolesIntoOrganization.EDITOR; + // toReturn = true; + // break; + // } } // if the role is member, continue @@ -3530,17 +3531,17 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT result = toReturn; httpSession.setAttribute(keyPerScope, result); } - + // if result is true, preload ckan licenses, organizations, profiles if(result){ - + workspaceLogger.debug("It seems that the user has editor/admin roles"); UserUtil.getLicenses(httpSession, username, concatenateSessionKeyScope(CKAN_LICENSES_KEY, currentScope), ckanUtils); UserUtil.getUserOrganizationsList(httpSession, username, isSysAdmin, concatenateSessionKeyScope(CKAN_ORGANIZATIONS_PUBLISH_KEY, currentScope), ckanUtils, getUserCKanTokenFromSession()); UserUtil.getMetadataProfilesList(httpSession, username, concatenateSessionKeyScope(CKAN_PROFILES_KEY, currentScope), ckanUtils); - + } - + return result; }catch(Exception e){ @@ -3554,7 +3555,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT return false; } } - + /** * Get current user's token * @return String the ckan user's token @@ -3607,7 +3608,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT ASLSession session = WsUtil.getAslSession(httpSession); return session.getUsername(); } - + /** * Builds a string made of key + scope * @param key diff --git a/src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java b/src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java index 522e7ae..d8cae9a 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java +++ b/src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java @@ -220,9 +220,8 @@ public class UserUtil { }else{ - // We need to retrieve orgs in which the user has the roles ADMIN or EDITOR + // We need to retrieve orgs in which the user has the roles ADMIN List rolesToMatch = new ArrayList(); - rolesToMatch.add(RolesIntoOrganization.EDITOR); rolesToMatch.add(RolesIntoOrganization.ADMIN); Map> orgsAndRoles = ckanUtils.getGroupsAndRolesByUser(username, rolesToMatch); @@ -234,7 +233,7 @@ public class UserUtil { Map.Entry> entry = (Map.Entry>) iterator .next(); orgsName.add(entry.getKey()); - logger.debug("The user has a role ADMIN/EDITOR into org " + entry.getKey()); + logger.debug("The user has a role ADMIN into org " + entry.getKey()); } } session.setAttribute(ckanOrganizationsPublishKey, orgsName);