diff --git a/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java b/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java index 38c0fd1..81dfe68 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java +++ b/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceService.java @@ -699,7 +699,7 @@ public interface GWTWorkspaceService extends RemoteService{ * the role admin somewhere. * @return true if he can publish, false otherwise */ - boolean hasUserRoleAdminOrSysadmin(); + boolean hasUserRoleAdmin(); /** * Retrieve the username of the user into the session diff --git a/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java b/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java index 1ee334b..90aa006 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java +++ b/src/main/java/org/gcube/portlets/user/workspace/client/rpc/GWTWorkspaceServiceAsync.java @@ -688,7 +688,7 @@ public interface GWTWorkspaceServiceAsync { * the role admin somewhere. * @return true if he can publish, false otherwise */ - void hasUserRoleAdminOrSysadmin(AsyncCallback callback); + void hasUserRoleAdmin(AsyncCallback callback); /** * Retrieve the username of the user into the session diff --git a/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java b/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java index 737ff4e..dadf517 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java +++ b/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java @@ -43,7 +43,6 @@ import org.gcube.common.homelibrary.home.workspace.trash.WorkspaceTrashItem; import org.gcube.common.scope.api.ScopeProvider; import org.gcube.datacatalogue.ckanutillibrary.CKanUtils; import org.gcube.datacatalogue.ckanutillibrary.CKanUtilsImpl; -import org.gcube.datacatalogue.ckanutillibrary.models.RolesIntoOrganization; import org.gcube.portlets.user.workspace.client.ConstantsExplorer; import org.gcube.portlets.user.workspace.client.interfaces.GXTCategoryItemInterface; import org.gcube.portlets.user.workspace.client.model.FileDetailsModel; @@ -82,18 +81,14 @@ import org.gcube.portlets.user.workspace.shared.WorkspaceUserQuote; import org.gcube.portlets.user.workspace.shared.accounting.GxtAccountingEntryType; import org.gcube.portlets.user.workspace.shared.accounting.GxtAccountingField; import org.gcube.portlets.user.workspaceapplicationhandler.ApplicationReaderFromGenericResource; +import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.OrganizationBean; import org.gcube.vomanagement.usermanagement.GroupManager; -import org.gcube.vomanagement.usermanagement.RoleManager; import org.gcube.vomanagement.usermanagement.UserManager; import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException; import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault; import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager; -import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager; import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager; -import org.gcube.vomanagement.usermanagement.model.GCubeGroup; -import org.gcube.vomanagement.usermanagement.model.GCubeRole; import org.gcube.vomanagement.usermanagement.model.GCubeUser; -import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames; import com.google.gwt.user.server.rpc.RemoteServiceServlet; import com.liferay.portal.service.UserLocalServiceUtil; @@ -114,32 +109,8 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT protected Logger workspaceLogger = Logger.getLogger(GWTWorkspaceServiceImpl.class); // for the data catalogue - private static final String CKAN_TOKEN_KEY = "ckanToken"; - private static final String CKAN_ROLE = "ckanRole"; // a true value means the user has editor/admin role, false means member - private static final String CKAN_LICENSES_KEY = "ckanLicenses"; // licenses + private static final String CKAN_ROLE = "ckanRole"; // a true value means the user has admin role, false means member private static final String CKAN_ORGANIZATIONS_PUBLISH_KEY = "ckanOrganizationsPublish"; // here he can publish - private static final String CKAN_PROFILES_KEY = "ckanProfiles"; // product profiles - - /** - * Since it needs the scope, we need to check if it is null or not - * @return - */ - private CKanUtils getCkanUtilsObj(){ - - // check into session - HttpSession httpSession = getThreadLocalRequest().getSession(); - String currentScope = WsUtil.getAslSession(httpSession).getScope(); - - CKanUtils instance = null; - - try{ - workspaceLogger.debug("The ckan util object was null"); - instance = new CKanUtilsImpl(currentScope); - }catch(Exception e){ - workspaceLogger.error("Unable to retrieve ckan utils", e); - } - return instance; - } /** * Gets the GWT workspace builder. @@ -2706,7 +2677,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT email = user.getEmail(); // check if he has catalogue role - publishRights = hasUserRoleAdminOrSysadmin(); + publishRights = hasUserRoleAdmin(); }catch (UserManagementSystemException e) { workspaceLogger.error("UserManagementSystemException for username: "+username); } @@ -3428,13 +3399,33 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT throw new Exception(error); } } + + /** + * Retrieve an instance of the library for the scope + * @param scope if it is null it is evaluated from the session + * @return + */ + public CKanUtils getCkanUtilsObj(String scope){ + HttpSession httpSession = this.getThreadLocalRequest().getSession(); + ASLSession asl = WsUtil.getAslSession(httpSession); + CKanUtils instance = null; + try{ + String scopeInWhichDiscover = (scope != null && !scope.isEmpty()) ? scope : asl.getScope(); + workspaceLogger.debug("Discovering ckan instance into scope " + scopeInWhichDiscover); + instance = new CKanUtilsImpl(scopeInWhichDiscover); + }catch(Exception e){ + workspaceLogger.error("Unable to retrieve ckan utils", e); + } + return instance; + } @Override - public boolean hasUserRoleAdminOrSysadmin() { + public boolean hasUserRoleAdmin() { HttpSession httpSession = this.getThreadLocalRequest().getSession(); ASLSession asl = WsUtil.getAslSession(httpSession); String username = asl.getUsername(); String currentScope = asl.getScope(); + String groupName = asl.getGroupName(); if(!isWithinPortal()){ workspaceLogger.warn("OUT FROM PORTAL DETECTED RETURNING TRUE"); @@ -3450,7 +3441,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT String keyPerScope = concatenateSessionKeyScope(CKAN_ROLE, asl.getScope()); // check if this information was already into the ASL Session (true means the user has at least in one org - // the role editor/admin), false that he is just a member so he cannot publish + // the role admin), false that he is just a member so he cannot publish Boolean role = (Boolean)httpSession.getAttribute(keyPerScope); // if the attribute was already set.. @@ -3458,148 +3449,32 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT return role; else{ - CKanUtils ckanUtils = getCkanUtilsObj(); - boolean result = false; - try{ - // first of all, check if the user is a sysadmin in the catalog (in this case he can do everything) - boolean isSysAdmin = ckanUtils.isSysAdmin(username, getUserCKanTokenFromSession()); + role = false; - if(isSysAdmin){ + // we build up also a list that keeps track of the scopes (orgs) in which the user has role ADMIN + List orgsInWhichAdminRole = new ArrayList(); + role = UserUtil.hasAdminRole(currentScope, username, groupName, this, orgsInWhichAdminRole); - workspaceLogger.debug("The user is a sysadmin of the catalog -> he can edit/add"); - httpSession.setAttribute(keyPerScope, true); - result = true; - - }else{ - - // retrieve the liferay's roles for the user - UserManager userManager = new LiferayUserManager(); - RoleManager roleManager = new LiferayRoleManager(); - GroupManager groupManager = new LiferayGroupManager(); - - // we need to iterate over vres of the user - List groups = groupManager.listGroupsByUser(userManager.getUserId(username)); - - // user id - long userid = userManager.getUserId(username); - - workspaceLogger.debug("The list of organizations of the user " + username + " is " + groups); - - boolean toReturn = false; - - for (GCubeGroup gCubeGroup : groups) { - - String groupName = gCubeGroup.getGroupName(); - - // skip if it is not a vre - if(!groupManager.isVRE(gCubeGroup.getGroupId())) - continue; - - List roles = roleManager.listRolesByUserAndGroup(userid, groupManager.getGroupId(groupName)); - - // the default one - RolesIntoOrganization correspondentRoleToCheck = RolesIntoOrganization.MEMBER; - - // NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog - for (GCubeRole gCubeRole : roles) { - - workspaceLogger.debug("User " + username + " has role " + gCubeRole.getRoleName() + " in " + groupName); - if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){ - correspondentRoleToCheck = RolesIntoOrganization.ADMIN; - toReturn = true; - break; - } - // }else if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_EDITOR.getRoleName())){ - // correspondentRoleToCheck = RolesIntoOrganization.EDITOR; - // toReturn = true; - // break; - // } - } - - // if the role is member, continue - if(correspondentRoleToCheck.equals(RolesIntoOrganization.MEMBER)) - continue; - - // with this invocation, we check if the role is present in ckan and if it is not it will be added - toReturn &= ckanUtils.checkRole(username, groupName, correspondentRoleToCheck); - - } - - // set true in the asl session - workspaceLogger.debug("Setting CKAN_ROLE for " + username + " to " + toReturn); - result = toReturn; - httpSession.setAttribute(keyPerScope, result); + // if he is an admin preload: + // 1) organizations in which he can publish (the widget will find these info in session) + if(role){ + httpSession.setAttribute(concatenateSessionKeyScope(CKAN_ORGANIZATIONS_PUBLISH_KEY, currentScope), orgsInWhichAdminRole); + workspaceLogger.info("Set organizations in which he can publish to " + orgsInWhichAdminRole + " into session for user " + username); } - - // if result is true, preload ckan licenses, organizations, profiles - if(result){ - - workspaceLogger.debug("It seems that the user has editor/admin roles"); - UserUtil.getLicenses(httpSession, username, concatenateSessionKeyScope(CKAN_LICENSES_KEY, currentScope), ckanUtils); - UserUtil.getUserOrganizationsList(httpSession, username, isSysAdmin, concatenateSessionKeyScope(CKAN_ORGANIZATIONS_PUBLISH_KEY, currentScope), ckanUtils, getUserCKanTokenFromSession()); - UserUtil.getMetadataProfilesList(httpSession, username, concatenateSessionKeyScope(CKAN_PROFILES_KEY, currentScope), ckanUtils); - - } - - return result; - }catch(Exception e){ workspaceLogger.error("Unable to retrieve the role information for this user. Returning FALSE", e); - } - - // set the role member into the asl - httpSession.setAttribute(CKAN_ROLE, false); - - // return false - return false; - } - } - - /** - * Get current user's token - * @return String the ckan user's token - */ - private String getUserCKanTokenFromSession(){ - - String token = null; - - if(!isWithinPortal()){ - workspaceLogger.warn("You are running outside the portal"); - }else{ - - // store info in the http session - HttpSession httpSession = getThreadLocalRequest().getSession(); - - ASLSession aslSession = WsUtil.getAslSession(httpSession); - String username = aslSession.getUsername(); - - // get the key per scope - String keyPerScope = concatenateSessionKeyScope(CKAN_TOKEN_KEY, aslSession.getScope()); - - // check if session expired - if(username.equals(WsUtil.TEST_USER)){ - - workspaceLogger.warn("Session expired, returning null token"); - token = null; - - }else{ - try{ - workspaceLogger.debug("User in session is " + username); - if(httpSession.getAttribute(keyPerScope) != null) - token = (String)httpSession.getAttribute(keyPerScope); - else{ - token = getCkanUtilsObj().getApiKeyFromUsername(username); - httpSession.setAttribute(keyPerScope, token); - workspaceLogger.debug("Ckan token has been set for user " + username); - } - workspaceLogger.debug("Found ckan token " + token.substring(0, 3) + "************************" + " for user " + username); - }catch(Exception e){ - workspaceLogger.error("Error while retrieving the key" , e); - } + role = false; } } - return token; + + // set role in session + httpSession.setAttribute(CKAN_ROLE, role); + + workspaceLogger.info("Do have the user the right to publish on the catalogue? " + role); + + // return false + return role; } @Override diff --git a/src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java b/src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java index d8cae9a..95d5f36 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java +++ b/src/main/java/org/gcube/portlets/user/workspace/server/util/UserUtil.java @@ -1,34 +1,27 @@ package org.gcube.portlets.user.workspace.server.util; import java.util.ArrayList; -import java.util.Iterator; import java.util.List; -import java.util.Map; -import java.util.Map.Entry; - -import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; import org.gcube.datacatalogue.ckanutillibrary.CKanUtils; import org.gcube.datacatalogue.ckanutillibrary.models.RolesIntoOrganization; -import org.gcube.datacatalogue.metadatadiscovery.DataCalogueMetadataFormatReader; -import org.gcube.datacatalogue.metadatadiscovery.bean.MetadataType; -import org.gcube.datacatalogue.metadatadiscovery.bean.jaxb.MetadataField; -import org.gcube.datacatalogue.metadatadiscovery.bean.jaxb.MetadataFormat; -import org.gcube.datacatalogue.metadatadiscovery.bean.jaxb.MetadataValidator; -import org.gcube.datacatalogue.metadatadiscovery.bean.jaxb.MetadataVocabulary; import org.gcube.portlets.user.workspace.client.model.InfoContactModel; -import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.LicensesBean; -import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.MetaDataProfileBean; -import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.MetaDataTypeWrapper; -import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.MetadataFieldWrapper; +import org.gcube.portlets.user.workspace.server.GWTWorkspaceServiceImpl; +import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.OrganizationBean; +import org.gcube.vomanagement.usermanagement.GroupManager; +import org.gcube.vomanagement.usermanagement.RoleManager; import org.gcube.vomanagement.usermanagement.UserManager; import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException; import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault; +import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager; +import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager; import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager; +import org.gcube.vomanagement.usermanagement.model.GCubeGroup; +import org.gcube.vomanagement.usermanagement.model.GCubeRole; import org.gcube.vomanagement.usermanagement.model.GCubeUser; - -import eu.trentorise.opendata.jackan.model.CkanLicense; +import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames; +import eu.trentorise.opendata.jackan.model.CkanOrganization; /** @@ -173,145 +166,187 @@ public class UserUtil { } /** - * Load the licenses list and put them into the asl session (the publisher widget will use it) - * @param session - * @param ckanLicensesKey - * @param ckanUtils + * Retrieve the highest ckan role the user has and also retrieve the list of organizations (scopes) in which the user has the ckan-admin role + * @param currentScope the current scope + * @param username the current username + * @param groupName the current groupName + * @param gcubeCkanDataCatalogServiceImpl + * @param orgsInWhichAdminRole + * @param ckanUtils ckanUtils */ - public static void getLicenses(HttpSession session, String username, String ckanLicensesKey, CKanUtils ckanUtils) { + public static boolean hasAdminRole(String currentScope, String username, String groupName, GWTWorkspaceServiceImpl workspaceInstance, List orgsInWhichAdminRole){ - try{ - logger.debug("User in session is " + username); - List titlesLicenses = ckanUtils.getLicenses(); - List titles = new ArrayList(); - List urls = new ArrayList(); - for (CkanLicense license : titlesLicenses) { - titles.add(license.getTitle()); - String url = (license.getUrl() != null && !license.getUrl().isEmpty()) ? license.getUrl() : ""; - urls.add(url); - } - LicensesBean licensesBean = new LicensesBean(titles, urls); - - session.setAttribute(ckanLicensesKey, licensesBean); - logger.info("List of licenses has been saved into session" + licensesBean); - } - catch(Exception e){ - logger.error("Failed to preload licenses list", e); - } - } - - /** - * Load the list of organizations in which he can publish and put them into the asl session (the publisher widget will use it) - * @param session - * @param ckanOrganizationsPublishKey - * @param ckanUtils - */ - public static void getUserOrganizationsList(HttpSession session, String username, boolean isSysAdmin, - String ckanOrganizationsPublishKey, CKanUtils ckanUtils, String token) { - - try{ - logger.debug("Request for user " + username + " organizations list"); - List orgsName = new ArrayList(); - - if(isSysAdmin){ - - logger.info("The user " + username + " is a sysadmin. He can publish everywhere"); - orgsName = ckanUtils.getOrganizationsNames(); // get all organizations' names - - }else{ - - // We need to retrieve orgs in which the user has the roles ADMIN - List rolesToMatch = new ArrayList(); - rolesToMatch.add(RolesIntoOrganization.ADMIN); - - Map> orgsAndRoles = ckanUtils.getGroupsAndRolesByUser(username, rolesToMatch); - logger.debug("Result is " + orgsAndRoles); - Iterator>> iterator = orgsAndRoles.entrySet().iterator(); - - // get the names - while (iterator.hasNext()) { - Map.Entry> entry = (Map.Entry>) iterator - .next(); - orgsName.add(entry.getKey()); - logger.debug("The user has a role ADMIN into org " + entry.getKey()); - } - } - session.setAttribute(ckanOrganizationsPublishKey, orgsName); - logger.info("Organizations name for user " + username + " has been saved into session"); - }catch(Exception e){ - logger.error("Failed to preload list of organizations in which the user can publish", e); - } - - } - - /** - * Load the list of product profiles and put them into the asl session (the publisher widget will use it) - * @param session - * @param ckanOrganizationsPublishKey - * @param ckanUtils - */ - public static void getMetadataProfilesList(HttpSession session, String username, - String ckanProfilesKey, CKanUtils ckanUtils) { + // base role as default value + boolean toReturn = false; try{ - logger.debug("User in session is " + username); + UserManager userManager = new LiferayUserManager(); + RoleManager roleManager = new LiferayRoleManager(); + GroupManager groupManager = new LiferayGroupManager(); - List beans = new ArrayList(); + // user id + long userid = userManager.getUserId(username); - try { + // retrieve current group id + long currentGroupId = groupManager.getGroupIdFromInfrastructureScope(currentScope); - DataCalogueMetadataFormatReader reader = new DataCalogueMetadataFormatReader(); + logger.debug("Group id is " + currentGroupId + " and scope is " + currentScope); - for (MetadataType mt : reader.getListOfMetadataTypes()) { - MetadataFormat metadata = reader.getMetadataFormatForMetadataType(mt); + // retrieve the flat list of organizations for the current user + List groups = groupManager.listGroupsByUser(userid); - // we need to wrap the list of metadata - List wrapperList = new ArrayList(); - List toWrap = metadata.getMetadataFields(); - for(MetadataField metadataField: toWrap){ + // root (so check into the root, the VOs and the VRES) + if(groupManager.isRootVO(currentGroupId)){ - MetadataFieldWrapper wrapperObj = new MetadataFieldWrapper(); - wrapperObj.setDefaulValue(metadataField.getDefaulValue()); - wrapperObj.setFieldName(metadataField.getFieldName()); - wrapperObj.setIsBoolean(metadataField.getIsBoolean()); - wrapperObj.setMandatory(metadataField.getMandatory()); - wrapperObj.setNote(metadataField.getNote()); + logger.info("The current scope is the Root Vo, so the list of organizations of the user " + username + " is " + groups); - MetadataValidator validator = metadataField.getValidator(); - if(validator != null) - wrapperObj.setValidator(validator.getRegularExpression()); + for (GCubeGroup gCubeGroup : groups) { - MetadataVocabulary vocabulary = metadataField.getVocabulary(); - if(vocabulary != null) - wrapperObj.setVocabulary(vocabulary.getVocabularyFields()); + // get the name of this group + String gCubeGroupName = gCubeGroup.getGroupName(); - // add to the list - wrapperList.add(wrapperObj); + // get the role of the users in this group + List roles = roleManager.listRolesByUserAndGroup(userid, groupManager.getGroupId(gCubeGroupName)); + // the default one + RolesIntoOrganization correspondentRoleToCheck = RolesIntoOrganization.MEMBER; + + // NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog + for (GCubeRole gCubeRole : roles) { + if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){ + logger.debug("User " + username + " has role " + gCubeRole.getRoleName() + " in " + gCubeGroupName); + correspondentRoleToCheck = RolesIntoOrganization.ADMIN; + break; + } } - // wrap the mt as well - MetaDataTypeWrapper typeWrapper = new MetaDataTypeWrapper(); - typeWrapper.setDescription(mt.getDescription()); - typeWrapper.setId(mt.getId()); - typeWrapper.setName(mt.getName()); - MetaDataProfileBean bean = new MetaDataProfileBean(typeWrapper, wrapperList); - beans.add(bean); + // if the role is member, continue + if(correspondentRoleToCheck.equals(RolesIntoOrganization.MEMBER)) + continue; + + // with this invocation, we check if the role is present in ckan and if it is not it will be added + CKanUtils ckanUtils = workspaceInstance.getCkanUtilsObj(groupManager.getInfrastructureScope(gCubeGroup.getGroupId())); + + // if there is an instance of ckan in this scope.. + if(ckanUtils != null){ + boolean res = ckanUtils.checkRole(username, gCubeGroupName, correspondentRoleToCheck); + if(res){ + + // get the orgs of the user + List ckanOrgs = ckanUtils.getOrganizationsByUser(username); + for (CkanOrganization ckanOrganization : ckanOrgs) { + if(ckanOrganization.getName().equals(gCubeGroupName.toLowerCase())){ + orgsInWhichAdminRole.add(new OrganizationBean(ckanOrganization.getTitle(), ckanOrganization.getName())); + break; + } + } + } + }else + logger.error("It seems there is no ckan instance into scope " + groupManager.getInfrastructureScope(gCubeGroup.getGroupId())); } - logger.info("List of beans is " + beans); - session.setAttribute(ckanProfilesKey, beans); - logger.debug("List of profiles has been saved into session"); + }else if(groupManager.isVO(currentGroupId)){ - } catch (Exception e) { - logger.error("Error while retrieving metadata beans ", e); + logger.debug("The list of organizations of the user " + username + " to scan is the one under the VO " + groupName); + + for (GCubeGroup gCubeGroup : groups) { + + // if the gCubeGroup is not under the VO or it is not the VO continue + if(currentGroupId != gCubeGroup.getParentGroupId() || currentGroupId != gCubeGroup.getGroupId()) + continue; + + String gCubeGroupName = gCubeGroup.getGroupName(); + + List roles = roleManager.listRolesByUserAndGroup(userid, groupManager.getGroupId(gCubeGroupName)); + + // the default one + RolesIntoOrganization correspondentRoleToCheck = RolesIntoOrganization.MEMBER; + + // NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog + for (GCubeRole gCubeRole : roles) { + + logger.debug("User " + username + " has role " + gCubeRole.getRoleName() + " in " + gCubeGroupName); + if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){ + correspondentRoleToCheck = RolesIntoOrganization.ADMIN; + break; + } + } + + // if the role is member, continue + if(correspondentRoleToCheck.equals(RolesIntoOrganization.MEMBER)) + continue; + + // with this invocation, we check if the role is present in ckan and if it is not it will be added + CKanUtils ckanUtils = workspaceInstance.getCkanUtilsObj(groupManager.getInfrastructureScope(gCubeGroup.getGroupId())); + + // if there is an instance of ckan in this scope.. + if(ckanUtils != null){ + boolean res = ckanUtils.checkRole(username, gCubeGroupName, correspondentRoleToCheck); + if(res){ + // get the orgs of the user + List ckanOrgs = ckanUtils.getOrganizationsByUser(username); + for (CkanOrganization ckanOrganization : ckanOrgs) { + if(ckanOrganization.getName().equals(gCubeGroupName.toLowerCase())){ + orgsInWhichAdminRole.add(new OrganizationBean(ckanOrganization.getTitle(), ckanOrganization.getName())); + break; + } + } + } + }else + logger.error("It seems there is no ckan instance into scope " + groupManager.getInfrastructureScope(gCubeGroup.getGroupId())); + } + + }else if(groupManager.isVRE(currentGroupId)){ + List roles = roleManager.listRolesByUserAndGroup(userManager.getUserId(username), groupManager.getGroupId(groupName)); + + logger.debug("The current scope is the vre " + groupName); + + // the default one + String mainRole = "Catalogue-Member"; + RolesIntoOrganization correspondentRoleToCheck = RolesIntoOrganization.MEMBER; + + // NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog + for (GCubeRole role : roles) { + + logger.debug("User " + username + " has role " + role.getRoleName() + " in " + currentScope); + if(role.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){ + mainRole = GatewayRolesNames.CATALOGUE_ADMIN.getRoleName(); + correspondentRoleToCheck = RolesIntoOrganization.ADMIN; + break; + } + } + + // if it the role is ADMIN we have to be sure to set it + if(correspondentRoleToCheck.equals(RolesIntoOrganization.ADMIN)){ + + // with this invocation, we check if the role is present in ckan and if it is not it will be added + CKanUtils ckanUtils = workspaceInstance.getCkanUtilsObj(groupManager.getInfrastructureScope(currentGroupId)); + boolean res = ckanUtils.checkRole(username, groupName, correspondentRoleToCheck); + + if(res){ + // get the orgs of the user + List ckanOrgs = ckanUtils.getOrganizationsByUser(username); + for (CkanOrganization ckanOrganization : ckanOrgs) { + if(ckanOrganization.getName().equals(groupName.toLowerCase())){ + orgsInWhichAdminRole.add(new OrganizationBean(ckanOrganization.getTitle(), ckanOrganization.getName())); + break; + } + } + } + } } - } - catch(Exception e){ - logger.error("Failed to retrieve the list of product profiles", e); + }catch(Exception e){ + logger.error("Unable to retrieve the role information for this user. Returning false", e); + return false; } + //ok, somewhere he is admin + if(orgsInWhichAdminRole.size() > 0) + toReturn = true; + + // return the role + logger.debug("Returning role " + toReturn + " for user " + username); + return toReturn; } - }