gCubeSystem
/
workspace-tree-widget
16
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

changed the routine that checks if the the user has admin roles somewhere for the catalogue 

git-svn-id: http://svn.d4science-ii.research-infrastructures.eu/gcube/trunk/portlets/user/workspace-tree-widget@130609 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
Costantino Perciante 2016-07-20 21:17:32 +00:00
parent 8181d4ce19
commit a0a85f843b
4 changed files with 214 additions and 304 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java
View File

@ -699,7 +699,7 @@ public interface GWTWorkspaceService extends RemoteService{
* the role admin somewhere.
* @return true if he can publish, false otherwise
*/
boolean hasUserRoleAdminOrSysadmin();
boolean hasUserRoleAdmin();
/**
* Retrieve the username of the user into the session

2
src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java
View File

@ -688,7 +688,7 @@ public interface GWTWorkspaceServiceAsync {
* the role admin somewhere.
* @return true if he can publish, false otherwise
*/
void hasUserRoleAdminOrSysadmin(AsyncCallback<Boolean> callback);
void hasUserRoleAdmin(AsyncCallback<Boolean> callback);
/**
* Retrieve the username of the user into the session

211
src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java
View File

@ -43,7 +43,6 @@ import org.gcube.common.homelibrary.home.workspace.trash.WorkspaceTrashItem;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.datacatalogue.ckanutillibrary.CKanUtils;
import org.gcube.datacatalogue.ckanutillibrary.CKanUtilsImpl;
import org.gcube.datacatalogue.ckanutillibrary.models.RolesIntoOrganization;
import org.gcube.portlets.user.workspace.client.ConstantsExplorer;
import org.gcube.portlets.user.workspace.client.interfaces.GXTCategoryItemInterface;
import org.gcube.portlets.user.workspace.client.model.FileDetailsModel;
@ -82,18 +81,14 @@ import org.gcube.portlets.user.workspace.shared.WorkspaceUserQuote;
import org.gcube.portlets.user.workspace.shared.accounting.GxtAccountingEntryType;
import org.gcube.portlets.user.workspace.shared.accounting.GxtAccountingField;
import org.gcube.portlets.user.workspaceapplicationhandler.ApplicationReaderFromGenericResource;
import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.OrganizationBean;
import org.gcube.vomanagement.usermanagement.GroupManager;
import org.gcube.vomanagement.usermanagement.RoleManager;
import org.gcube.vomanagement.usermanagement.UserManager;
import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException;
import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
import org.gcube.vomanagement.usermanagement.model.GCubeGroup;
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
import org.gcube.vomanagement.usermanagement.model.GCubeUser;
import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
import com.liferay.portal.service.UserLocalServiceUtil;
@ -114,32 +109,8 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
protected Logger workspaceLogger = Logger.getLogger(GWTWorkspaceServiceImpl.class);
// for the data catalogue
private static final String CKAN_TOKEN_KEY = "ckanToken";
private static final String CKAN_ROLE = "ckanRole"; // a true value means the user has editor/admin role, false means member
private static final String CKAN_LICENSES_KEY = "ckanLicenses"; // licenses
private static final String CKAN_ROLE = "ckanRole"; // a true value means the user has admin role, false means member
private static final String CKAN_ORGANIZATIONS_PUBLISH_KEY = "ckanOrganizationsPublish"; // here he can publish
private static final String CKAN_PROFILES_KEY = "ckanProfiles"; // product profiles
/**
* Since it needs the scope, we need to check if it is null or not
* @return
*/
private CKanUtils getCkanUtilsObj(){
// check into session
HttpSession httpSession = getThreadLocalRequest().getSession();
String currentScope = WsUtil.getAslSession(httpSession).getScope();
CKanUtils instance = null;
try{
workspaceLogger.debug("The ckan util object was null");
instance = new CKanUtilsImpl(currentScope);
}catch(Exception e){
workspaceLogger.error("Unable to retrieve ckan utils", e);
}
return instance;
}
/**
* Gets the GWT workspace builder.
@ -2706,7 +2677,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
email = user.getEmail();
// check if he has catalogue role
publishRights = hasUserRoleAdminOrSysadmin();
publishRights = hasUserRoleAdmin();
}catch (UserManagementSystemException e) {
workspaceLogger.error("UserManagementSystemException for username: "+username);
}
@ -3428,13 +3399,33 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
throw new Exception(error);
}
}
/**
* Retrieve an instance of the library for the scope
* @param scope if it is null it is evaluated from the session
* @return
*/
public CKanUtils getCkanUtilsObj(String scope){
HttpSession httpSession = this.getThreadLocalRequest().getSession();
ASLSession asl = WsUtil.getAslSession(httpSession);
CKanUtils instance = null;
try{
String scopeInWhichDiscover = (scope != null && !scope.isEmpty()) ? scope : asl.getScope();
workspaceLogger.debug("Discovering ckan instance into scope " + scopeInWhichDiscover);
instance = new CKanUtilsImpl(scopeInWhichDiscover);
}catch(Exception e){
workspaceLogger.error("Unable to retrieve ckan utils", e);
}
return instance;
}
@Override
public boolean hasUserRoleAdminOrSysadmin() {
public boolean hasUserRoleAdmin() {
HttpSession httpSession = this.getThreadLocalRequest().getSession();
ASLSession asl = WsUtil.getAslSession(httpSession);
String username = asl.getUsername();
String currentScope = asl.getScope();
String groupName = asl.getGroupName();
if(!isWithinPortal()){
workspaceLogger.warn("OUT FROM PORTAL DETECTED RETURNING TRUE");
@ -3450,7 +3441,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
String keyPerScope = concatenateSessionKeyScope(CKAN_ROLE, asl.getScope());
// check if this information was already into the ASL Session (true means the user has at least in one org
// the role editor/admin), false that he is just a member so he cannot publish
// the role admin), false that he is just a member so he cannot publish
Boolean role = (Boolean)httpSession.getAttribute(keyPerScope);
// if the attribute was already set..
@ -3458,148 +3449,32 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
return role;
else{
CKanUtils ckanUtils = getCkanUtilsObj();
boolean result = false;
try{
// first of all, check if the user is a sysadmin in the catalog (in this case he can do everything)
boolean isSysAdmin = ckanUtils.isSysAdmin(username, getUserCKanTokenFromSession());
role = false;
if(isSysAdmin){
// we build up also a list that keeps track of the scopes (orgs) in which the user has role ADMIN
List<OrganizationBean> orgsInWhichAdminRole = new ArrayList<OrganizationBean>();
role = UserUtil.hasAdminRole(currentScope, username, groupName, this, orgsInWhichAdminRole);
workspaceLogger.debug("The user is a sysadmin of the catalog -> he can edit/add");
httpSession.setAttribute(keyPerScope, true);
result = true;
}else{
// retrieve the liferay's roles for the user
UserManager userManager = new LiferayUserManager();
RoleManager roleManager = new LiferayRoleManager();
GroupManager groupManager = new LiferayGroupManager();
// we need to iterate over vres of the user
List<GCubeGroup> groups = groupManager.listGroupsByUser(userManager.getUserId(username));
// user id
long userid = userManager.getUserId(username);
workspaceLogger.debug("The list of organizations of the user " + username + " is " + groups);
boolean toReturn = false;
for (GCubeGroup gCubeGroup : groups) {
String groupName = gCubeGroup.getGroupName();
// skip if it is not a vre
if(!groupManager.isVRE(gCubeGroup.getGroupId()))
continue;
List<GCubeRole> roles = roleManager.listRolesByUserAndGroup(userid, groupManager.getGroupId(groupName));
// the default one
RolesIntoOrganization correspondentRoleToCheck = RolesIntoOrganization.MEMBER;
// NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog
for (GCubeRole gCubeRole : roles) {
workspaceLogger.debug("User " + username + " has role " + gCubeRole.getRoleName() + " in " + groupName);
if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){
correspondentRoleToCheck = RolesIntoOrganization.ADMIN;
toReturn = true;
break;
}
// }else if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_EDITOR.getRoleName())){
// correspondentRoleToCheck = RolesIntoOrganization.EDITOR;
// toReturn = true;
// break;
// }
}
// if the role is member, continue
if(correspondentRoleToCheck.equals(RolesIntoOrganization.MEMBER))
continue;
// with this invocation, we check if the role is present in ckan and if it is not it will be added
toReturn &= ckanUtils.checkRole(username, groupName, correspondentRoleToCheck);
}
// set true in the asl session
workspaceLogger.debug("Setting CKAN_ROLE for " + username + " to " + toReturn);
result = toReturn;
httpSession.setAttribute(keyPerScope, result);
// if he is an admin preload:
// 1) organizations in which he can publish (the widget will find these info in session)
if(role){
httpSession.setAttribute(concatenateSessionKeyScope(CKAN_ORGANIZATIONS_PUBLISH_KEY, currentScope), orgsInWhichAdminRole);
workspaceLogger.info("Set organizations in which he can publish to " + orgsInWhichAdminRole + " into session for user " + username);
}
// if result is true, preload ckan licenses, organizations, profiles
if(result){
workspaceLogger.debug("It seems that the user has editor/admin roles");
UserUtil.getLicenses(httpSession, username, concatenateSessionKeyScope(CKAN_LICENSES_KEY, currentScope), ckanUtils);
UserUtil.getUserOrganizationsList(httpSession, username, isSysAdmin, concatenateSessionKeyScope(CKAN_ORGANIZATIONS_PUBLISH_KEY, currentScope), ckanUtils, getUserCKanTokenFromSession());
UserUtil.getMetadataProfilesList(httpSession, username, concatenateSessionKeyScope(CKAN_PROFILES_KEY, currentScope), ckanUtils);
}
return result;
}catch(Exception e){
workspaceLogger.error("Unable to retrieve the role information for this user. Returning FALSE", e);
}
// set the role member into the asl
httpSession.setAttribute(CKAN_ROLE, false);
// return false
return false;
}
}
/**
* Get current user's token
* @return String the ckan user's token
*/
private String getUserCKanTokenFromSession(){
String token = null;
if(!isWithinPortal()){
workspaceLogger.warn("You are running outside the portal");
}else{
// store info in the http session
HttpSession httpSession = getThreadLocalRequest().getSession();
ASLSession aslSession = WsUtil.getAslSession(httpSession);
String username = aslSession.getUsername();
// get the key per scope
String keyPerScope = concatenateSessionKeyScope(CKAN_TOKEN_KEY, aslSession.getScope());
// check if session expired
if(username.equals(WsUtil.TEST_USER)){
workspaceLogger.warn("Session expired, returning null token");
token = null;
}else{
try{
workspaceLogger.debug("User in session is " + username);
if(httpSession.getAttribute(keyPerScope) != null)
token = (String)httpSession.getAttribute(keyPerScope);
else{
token = getCkanUtilsObj().getApiKeyFromUsername(username);
httpSession.setAttribute(keyPerScope, token);
workspaceLogger.debug("Ckan token has been set for user " + username);
}
workspaceLogger.debug("Found ckan token " + token.substring(0, 3) + "************************" + " for user " + username);
}catch(Exception e){
workspaceLogger.error("Error while retrieving the key" , e);
}
role = false;
}
}
return token;
// set role in session
httpSession.setAttribute(CKAN_ROLE, role);
workspaceLogger.info("Do have the user the right to publish on the catalogue? " + role);
// return false
return role;
}
@Override

303
src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java
View File

@ -1,34 +1,27 @@
package org.gcube.portlets.user.workspace.server.util;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.gcube.datacatalogue.ckanutillibrary.CKanUtils;
import org.gcube.datacatalogue.ckanutillibrary.models.RolesIntoOrganization;
import org.gcube.datacatalogue.metadatadiscovery.DataCalogueMetadataFormatReader;
import org.gcube.datacatalogue.metadatadiscovery.bean.MetadataType;
import org.gcube.datacatalogue.metadatadiscovery.bean.jaxb.MetadataField;
import org.gcube.datacatalogue.metadatadiscovery.bean.jaxb.MetadataFormat;
import org.gcube.datacatalogue.metadatadiscovery.bean.jaxb.MetadataValidator;
import org.gcube.datacatalogue.metadatadiscovery.bean.jaxb.MetadataVocabulary;
import org.gcube.portlets.user.workspace.client.model.InfoContactModel;
import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.LicensesBean;
import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.MetaDataProfileBean;
import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.MetaDataTypeWrapper;
import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.MetadataFieldWrapper;
import org.gcube.portlets.user.workspace.server.GWTWorkspaceServiceImpl;
import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.OrganizationBean;
import org.gcube.vomanagement.usermanagement.GroupManager;
import org.gcube.vomanagement.usermanagement.RoleManager;
import org.gcube.vomanagement.usermanagement.UserManager;
import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException;
import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
import org.gcube.vomanagement.usermanagement.model.GCubeGroup;
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
import org.gcube.vomanagement.usermanagement.model.GCubeUser;
import eu.trentorise.opendata.jackan.model.CkanLicense;
import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
import eu.trentorise.opendata.jackan.model.CkanOrganization;
/**
@ -173,145 +166,187 @@ public class UserUtil {
}
/**
* Load the licenses list and put them into the asl session (the publisher widget will use it)
* @param session
* @param ckanLicensesKey
* @param ckanUtils
* Retrieve the highest ckan role the user has and also retrieve the list of organizations (scopes) in which the user has the ckan-admin role
* @param currentScope the current scope
* @param username the current username
* @param groupName the current groupName
* @param gcubeCkanDataCatalogServiceImpl
* @param orgsInWhichAdminRole
* @param ckanUtils ckanUtils
*/
public static void getLicenses(HttpSession session, String username, String ckanLicensesKey, CKanUtils ckanUtils) {
public static boolean hasAdminRole(String currentScope, String username, String groupName, GWTWorkspaceServiceImpl workspaceInstance, List<OrganizationBean> orgsInWhichAdminRole){
try{
logger.debug("User in session is " + username);
List<CkanLicense> titlesLicenses = ckanUtils.getLicenses();
List<String> titles = new ArrayList<String>();
List<String> urls = new ArrayList<String>();
for (CkanLicense license : titlesLicenses) {
titles.add(license.getTitle());
String url = (license.getUrl() != null && !license.getUrl().isEmpty()) ? license.getUrl() : "";
urls.add(url);
}
LicensesBean licensesBean = new LicensesBean(titles, urls);
session.setAttribute(ckanLicensesKey, licensesBean);
logger.info("List of licenses has been saved into session" + licensesBean);
}
catch(Exception e){
logger.error("Failed to preload licenses list", e);
}
}
/**
* Load the list of organizations in which he can publish and put them into the asl session (the publisher widget will use it)
* @param session
* @param ckanOrganizationsPublishKey
* @param ckanUtils
*/
public static void getUserOrganizationsList(HttpSession session, String username, boolean isSysAdmin,
String ckanOrganizationsPublishKey, CKanUtils ckanUtils, String token) {
try{
logger.debug("Request for user " + username + " organizations list");
List<String> orgsName = new ArrayList<String>();
if(isSysAdmin){
logger.info("The user " + username + " is a sysadmin. He can publish everywhere");
orgsName = ckanUtils.getOrganizationsNames(); // get all organizations' names
}else{
// We need to retrieve orgs in which the user has the roles ADMIN
List<RolesIntoOrganization> rolesToMatch = new ArrayList<RolesIntoOrganization>();
rolesToMatch.add(RolesIntoOrganization.ADMIN);
Map<String, List<RolesIntoOrganization>> orgsAndRoles = ckanUtils.getGroupsAndRolesByUser(username, rolesToMatch);
logger.debug("Result is " + orgsAndRoles);
Iterator<Entry<String, List<RolesIntoOrganization>>> iterator = orgsAndRoles.entrySet().iterator();
// get the names
while (iterator.hasNext()) {
Map.Entry<String, List<RolesIntoOrganization>> entry = (Map.Entry<String, List<RolesIntoOrganization>>) iterator
.next();
orgsName.add(entry.getKey());
logger.debug("The user has a role ADMIN into org " + entry.getKey());
}
}
session.setAttribute(ckanOrganizationsPublishKey, orgsName);
logger.info("Organizations name for user " + username + " has been saved into session");
}catch(Exception e){
logger.error("Failed to preload list of organizations in which the user can publish", e);
}
}
/**
* Load the list of product profiles and put them into the asl session (the publisher widget will use it)
* @param session
* @param ckanOrganizationsPublishKey
* @param ckanUtils
*/
public static void getMetadataProfilesList(HttpSession session, String username,
String ckanProfilesKey, CKanUtils ckanUtils) {
// base role as default value
boolean toReturn = false;
try{
logger.debug("User in session is " + username);
UserManager userManager = new LiferayUserManager();
RoleManager roleManager = new LiferayRoleManager();
GroupManager groupManager = new LiferayGroupManager();
List<MetaDataProfileBean> beans = new ArrayList<MetaDataProfileBean>();
// user id
long userid = userManager.getUserId(username);
try {
// retrieve current group id
long currentGroupId = groupManager.getGroupIdFromInfrastructureScope(currentScope);
DataCalogueMetadataFormatReader reader = new DataCalogueMetadataFormatReader();
logger.debug("Group id is " + currentGroupId + " and scope is " + currentScope);
for (MetadataType mt : reader.getListOfMetadataTypes()) {
MetadataFormat metadata = reader.getMetadataFormatForMetadataType(mt);
// retrieve the flat list of organizations for the current user
List<GCubeGroup> groups = groupManager.listGroupsByUser(userid);
// we need to wrap the list of metadata
List<MetadataFieldWrapper> wrapperList = new ArrayList<MetadataFieldWrapper>();
List<MetadataField> toWrap = metadata.getMetadataFields();
for(MetadataField metadataField: toWrap){
// root (so check into the root, the VOs and the VRES)
if(groupManager.isRootVO(currentGroupId)){
MetadataFieldWrapper wrapperObj = new MetadataFieldWrapper();
wrapperObj.setDefaulValue(metadataField.getDefaulValue());
wrapperObj.setFieldName(metadataField.getFieldName());
wrapperObj.setIsBoolean(metadataField.getIsBoolean());
wrapperObj.setMandatory(metadataField.getMandatory());
wrapperObj.setNote(metadataField.getNote());
logger.info("The current scope is the Root Vo, so the list of organizations of the user " + username + " is " + groups);
MetadataValidator validator = metadataField.getValidator();
if(validator != null)
wrapperObj.setValidator(validator.getRegularExpression());
for (GCubeGroup gCubeGroup : groups) {
MetadataVocabulary vocabulary = metadataField.getVocabulary();
if(vocabulary != null)
wrapperObj.setVocabulary(vocabulary.getVocabularyFields());
// get the name of this group
String gCubeGroupName = gCubeGroup.getGroupName();
// add to the list
wrapperList.add(wrapperObj);
// get the role of the users in this group
List<GCubeRole> roles = roleManager.listRolesByUserAndGroup(userid, groupManager.getGroupId(gCubeGroupName));
// the default one
RolesIntoOrganization correspondentRoleToCheck = RolesIntoOrganization.MEMBER;
// NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog
for (GCubeRole gCubeRole : roles) {
if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){
logger.debug("User " + username + " has role " + gCubeRole.getRoleName() + " in " + gCubeGroupName);
correspondentRoleToCheck = RolesIntoOrganization.ADMIN;
break;
}
}
// wrap the mt as well
MetaDataTypeWrapper typeWrapper = new MetaDataTypeWrapper();
typeWrapper.setDescription(mt.getDescription());
typeWrapper.setId(mt.getId());
typeWrapper.setName(mt.getName());
MetaDataProfileBean bean = new MetaDataProfileBean(typeWrapper, wrapperList);
beans.add(bean);
// if the role is member, continue
if(correspondentRoleToCheck.equals(RolesIntoOrganization.MEMBER))
continue;
// with this invocation, we check if the role is present in ckan and if it is not it will be added
CKanUtils ckanUtils = workspaceInstance.getCkanUtilsObj(groupManager.getInfrastructureScope(gCubeGroup.getGroupId()));
// if there is an instance of ckan in this scope..
if(ckanUtils != null){
boolean res = ckanUtils.checkRole(username, gCubeGroupName, correspondentRoleToCheck);
if(res){
// get the orgs of the user
List<CkanOrganization> ckanOrgs = ckanUtils.getOrganizationsByUser(username);
for (CkanOrganization ckanOrganization : ckanOrgs) {
if(ckanOrganization.getName().equals(gCubeGroupName.toLowerCase())){
orgsInWhichAdminRole.add(new OrganizationBean(ckanOrganization.getTitle(), ckanOrganization.getName()));
break;
}
}
}
}else
logger.error("It seems there is no ckan instance into scope " + groupManager.getInfrastructureScope(gCubeGroup.getGroupId()));
}
logger.info("List of beans is " + beans);
session.setAttribute(ckanProfilesKey, beans);
logger.debug("List of profiles has been saved into session");
}else if(groupManager.isVO(currentGroupId)){
} catch (Exception e) {
logger.error("Error while retrieving metadata beans ", e);
logger.debug("The list of organizations of the user " + username + " to scan is the one under the VO " + groupName);
for (GCubeGroup gCubeGroup : groups) {
// if the gCubeGroup is not under the VO or it is not the VO continue
if(currentGroupId != gCubeGroup.getParentGroupId() || currentGroupId != gCubeGroup.getGroupId())
continue;
String gCubeGroupName = gCubeGroup.getGroupName();
List<GCubeRole> roles = roleManager.listRolesByUserAndGroup(userid, groupManager.getGroupId(gCubeGroupName));
// the default one
RolesIntoOrganization correspondentRoleToCheck = RolesIntoOrganization.MEMBER;
// NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog
for (GCubeRole gCubeRole : roles) {
logger.debug("User " + username + " has role " + gCubeRole.getRoleName() + " in " + gCubeGroupName);
if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){
correspondentRoleToCheck = RolesIntoOrganization.ADMIN;
break;
}
}
// if the role is member, continue
if(correspondentRoleToCheck.equals(RolesIntoOrganization.MEMBER))
continue;
// with this invocation, we check if the role is present in ckan and if it is not it will be added
CKanUtils ckanUtils = workspaceInstance.getCkanUtilsObj(groupManager.getInfrastructureScope(gCubeGroup.getGroupId()));
// if there is an instance of ckan in this scope..
if(ckanUtils != null){
boolean res = ckanUtils.checkRole(username, gCubeGroupName, correspondentRoleToCheck);
if(res){
// get the orgs of the user
List<CkanOrganization> ckanOrgs = ckanUtils.getOrganizationsByUser(username);
for (CkanOrganization ckanOrganization : ckanOrgs) {
if(ckanOrganization.getName().equals(gCubeGroupName.toLowerCase())){
orgsInWhichAdminRole.add(new OrganizationBean(ckanOrganization.getTitle(), ckanOrganization.getName()));
break;
}
}
}
}else
logger.error("It seems there is no ckan instance into scope " + groupManager.getInfrastructureScope(gCubeGroup.getGroupId()));
}
}else if(groupManager.isVRE(currentGroupId)){
List<GCubeRole> roles = roleManager.listRolesByUserAndGroup(userManager.getUserId(username), groupManager.getGroupId(groupName));
logger.debug("The current scope is the vre " + groupName);
// the default one
String mainRole = "Catalogue-Member";
RolesIntoOrganization correspondentRoleToCheck = RolesIntoOrganization.MEMBER;
// NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog
for (GCubeRole role : roles) {
logger.debug("User " + username + " has role " + role.getRoleName() + " in " + currentScope);
if(role.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){
mainRole = GatewayRolesNames.CATALOGUE_ADMIN.getRoleName();
correspondentRoleToCheck = RolesIntoOrganization.ADMIN;
break;
}
}
// if it the role is ADMIN we have to be sure to set it
if(correspondentRoleToCheck.equals(RolesIntoOrganization.ADMIN)){
// with this invocation, we check if the role is present in ckan and if it is not it will be added
CKanUtils ckanUtils = workspaceInstance.getCkanUtilsObj(groupManager.getInfrastructureScope(currentGroupId));
boolean res = ckanUtils.checkRole(username, groupName, correspondentRoleToCheck);
if(res){
// get the orgs of the user
List<CkanOrganization> ckanOrgs = ckanUtils.getOrganizationsByUser(username);
for (CkanOrganization ckanOrganization : ckanOrgs) {
if(ckanOrganization.getName().equals(groupName.toLowerCase())){
orgsInWhichAdminRole.add(new OrganizationBean(ckanOrganization.getTitle(), ckanOrganization.getName()));
break;
}
}
}
}
}
}
catch(Exception e){
logger.error("Failed to retrieve the list of product profiles", e);
}catch(Exception e){
logger.error("Unable to retrieve the role information for this user. Returning false", e);
return false;
}
//ok, somewhere he is admin
if(orgsInWhichAdminRole.size() > 0)
toReturn = true;
// return the role
logger.debug("Returning role " + toReturn + " for user " + username);
return toReturn;
}
}