changed the routine that checks if the the user has admin roles somewhere for the catalogue
git-svn-id: http://svn.d4science-ii.research-infrastructures.eu/gcube/trunk/portlets/user/workspace-tree-widget@130609 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
8181d4ce19
commit
a0a85f843b
|
@ -699,7 +699,7 @@ public interface GWTWorkspaceService extends RemoteService{
|
||||||
* the role admin somewhere.
|
* the role admin somewhere.
|
||||||
* @return true if he can publish, false otherwise
|
* @return true if he can publish, false otherwise
|
||||||
*/
|
*/
|
||||||
boolean hasUserRoleAdminOrSysadmin();
|
boolean hasUserRoleAdmin();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieve the username of the user into the session
|
* Retrieve the username of the user into the session
|
||||||
|
|
|
@ -688,7 +688,7 @@ public interface GWTWorkspaceServiceAsync {
|
||||||
* the role admin somewhere.
|
* the role admin somewhere.
|
||||||
* @return true if he can publish, false otherwise
|
* @return true if he can publish, false otherwise
|
||||||
*/
|
*/
|
||||||
void hasUserRoleAdminOrSysadmin(AsyncCallback<Boolean> callback);
|
void hasUserRoleAdmin(AsyncCallback<Boolean> callback);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieve the username of the user into the session
|
* Retrieve the username of the user into the session
|
||||||
|
|
|
@ -43,7 +43,6 @@ import org.gcube.common.homelibrary.home.workspace.trash.WorkspaceTrashItem;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
import org.gcube.datacatalogue.ckanutillibrary.CKanUtils;
|
import org.gcube.datacatalogue.ckanutillibrary.CKanUtils;
|
||||||
import org.gcube.datacatalogue.ckanutillibrary.CKanUtilsImpl;
|
import org.gcube.datacatalogue.ckanutillibrary.CKanUtilsImpl;
|
||||||
import org.gcube.datacatalogue.ckanutillibrary.models.RolesIntoOrganization;
|
|
||||||
import org.gcube.portlets.user.workspace.client.ConstantsExplorer;
|
import org.gcube.portlets.user.workspace.client.ConstantsExplorer;
|
||||||
import org.gcube.portlets.user.workspace.client.interfaces.GXTCategoryItemInterface;
|
import org.gcube.portlets.user.workspace.client.interfaces.GXTCategoryItemInterface;
|
||||||
import org.gcube.portlets.user.workspace.client.model.FileDetailsModel;
|
import org.gcube.portlets.user.workspace.client.model.FileDetailsModel;
|
||||||
|
@ -82,18 +81,14 @@ import org.gcube.portlets.user.workspace.shared.WorkspaceUserQuote;
|
||||||
import org.gcube.portlets.user.workspace.shared.accounting.GxtAccountingEntryType;
|
import org.gcube.portlets.user.workspace.shared.accounting.GxtAccountingEntryType;
|
||||||
import org.gcube.portlets.user.workspace.shared.accounting.GxtAccountingField;
|
import org.gcube.portlets.user.workspace.shared.accounting.GxtAccountingField;
|
||||||
import org.gcube.portlets.user.workspaceapplicationhandler.ApplicationReaderFromGenericResource;
|
import org.gcube.portlets.user.workspaceapplicationhandler.ApplicationReaderFromGenericResource;
|
||||||
|
import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.OrganizationBean;
|
||||||
import org.gcube.vomanagement.usermanagement.GroupManager;
|
import org.gcube.vomanagement.usermanagement.GroupManager;
|
||||||
import org.gcube.vomanagement.usermanagement.RoleManager;
|
|
||||||
import org.gcube.vomanagement.usermanagement.UserManager;
|
import org.gcube.vomanagement.usermanagement.UserManager;
|
||||||
import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException;
|
import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException;
|
||||||
import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault;
|
import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault;
|
||||||
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
||||||
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
|
|
||||||
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
||||||
import org.gcube.vomanagement.usermanagement.model.GCubeGroup;
|
|
||||||
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
|
|
||||||
import org.gcube.vomanagement.usermanagement.model.GCubeUser;
|
import org.gcube.vomanagement.usermanagement.model.GCubeUser;
|
||||||
import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
|
|
||||||
|
|
||||||
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
|
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
|
||||||
import com.liferay.portal.service.UserLocalServiceUtil;
|
import com.liferay.portal.service.UserLocalServiceUtil;
|
||||||
|
@ -114,32 +109,8 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
||||||
protected Logger workspaceLogger = Logger.getLogger(GWTWorkspaceServiceImpl.class);
|
protected Logger workspaceLogger = Logger.getLogger(GWTWorkspaceServiceImpl.class);
|
||||||
|
|
||||||
// for the data catalogue
|
// for the data catalogue
|
||||||
private static final String CKAN_TOKEN_KEY = "ckanToken";
|
private static final String CKAN_ROLE = "ckanRole"; // a true value means the user has admin role, false means member
|
||||||
private static final String CKAN_ROLE = "ckanRole"; // a true value means the user has editor/admin role, false means member
|
|
||||||
private static final String CKAN_LICENSES_KEY = "ckanLicenses"; // licenses
|
|
||||||
private static final String CKAN_ORGANIZATIONS_PUBLISH_KEY = "ckanOrganizationsPublish"; // here he can publish
|
private static final String CKAN_ORGANIZATIONS_PUBLISH_KEY = "ckanOrganizationsPublish"; // here he can publish
|
||||||
private static final String CKAN_PROFILES_KEY = "ckanProfiles"; // product profiles
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Since it needs the scope, we need to check if it is null or not
|
|
||||||
* @return
|
|
||||||
*/
|
|
||||||
private CKanUtils getCkanUtilsObj(){
|
|
||||||
|
|
||||||
// check into session
|
|
||||||
HttpSession httpSession = getThreadLocalRequest().getSession();
|
|
||||||
String currentScope = WsUtil.getAslSession(httpSession).getScope();
|
|
||||||
|
|
||||||
CKanUtils instance = null;
|
|
||||||
|
|
||||||
try{
|
|
||||||
workspaceLogger.debug("The ckan util object was null");
|
|
||||||
instance = new CKanUtilsImpl(currentScope);
|
|
||||||
}catch(Exception e){
|
|
||||||
workspaceLogger.error("Unable to retrieve ckan utils", e);
|
|
||||||
}
|
|
||||||
return instance;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the GWT workspace builder.
|
* Gets the GWT workspace builder.
|
||||||
|
@ -2706,7 +2677,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
||||||
email = user.getEmail();
|
email = user.getEmail();
|
||||||
|
|
||||||
// check if he has catalogue role
|
// check if he has catalogue role
|
||||||
publishRights = hasUserRoleAdminOrSysadmin();
|
publishRights = hasUserRoleAdmin();
|
||||||
}catch (UserManagementSystemException e) {
|
}catch (UserManagementSystemException e) {
|
||||||
workspaceLogger.error("UserManagementSystemException for username: "+username);
|
workspaceLogger.error("UserManagementSystemException for username: "+username);
|
||||||
}
|
}
|
||||||
|
@ -3428,13 +3399,33 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
||||||
throw new Exception(error);
|
throw new Exception(error);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retrieve an instance of the library for the scope
|
||||||
|
* @param scope if it is null it is evaluated from the session
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
public CKanUtils getCkanUtilsObj(String scope){
|
||||||
|
HttpSession httpSession = this.getThreadLocalRequest().getSession();
|
||||||
|
ASLSession asl = WsUtil.getAslSession(httpSession);
|
||||||
|
CKanUtils instance = null;
|
||||||
|
try{
|
||||||
|
String scopeInWhichDiscover = (scope != null && !scope.isEmpty()) ? scope : asl.getScope();
|
||||||
|
workspaceLogger.debug("Discovering ckan instance into scope " + scopeInWhichDiscover);
|
||||||
|
instance = new CKanUtilsImpl(scopeInWhichDiscover);
|
||||||
|
}catch(Exception e){
|
||||||
|
workspaceLogger.error("Unable to retrieve ckan utils", e);
|
||||||
|
}
|
||||||
|
return instance;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean hasUserRoleAdminOrSysadmin() {
|
public boolean hasUserRoleAdmin() {
|
||||||
HttpSession httpSession = this.getThreadLocalRequest().getSession();
|
HttpSession httpSession = this.getThreadLocalRequest().getSession();
|
||||||
ASLSession asl = WsUtil.getAslSession(httpSession);
|
ASLSession asl = WsUtil.getAslSession(httpSession);
|
||||||
String username = asl.getUsername();
|
String username = asl.getUsername();
|
||||||
String currentScope = asl.getScope();
|
String currentScope = asl.getScope();
|
||||||
|
String groupName = asl.getGroupName();
|
||||||
|
|
||||||
if(!isWithinPortal()){
|
if(!isWithinPortal()){
|
||||||
workspaceLogger.warn("OUT FROM PORTAL DETECTED RETURNING TRUE");
|
workspaceLogger.warn("OUT FROM PORTAL DETECTED RETURNING TRUE");
|
||||||
|
@ -3450,7 +3441,7 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
||||||
String keyPerScope = concatenateSessionKeyScope(CKAN_ROLE, asl.getScope());
|
String keyPerScope = concatenateSessionKeyScope(CKAN_ROLE, asl.getScope());
|
||||||
|
|
||||||
// check if this information was already into the ASL Session (true means the user has at least in one org
|
// check if this information was already into the ASL Session (true means the user has at least in one org
|
||||||
// the role editor/admin), false that he is just a member so he cannot publish
|
// the role admin), false that he is just a member so he cannot publish
|
||||||
Boolean role = (Boolean)httpSession.getAttribute(keyPerScope);
|
Boolean role = (Boolean)httpSession.getAttribute(keyPerScope);
|
||||||
|
|
||||||
// if the attribute was already set..
|
// if the attribute was already set..
|
||||||
|
@ -3458,148 +3449,32 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
|
||||||
return role;
|
return role;
|
||||||
else{
|
else{
|
||||||
|
|
||||||
CKanUtils ckanUtils = getCkanUtilsObj();
|
|
||||||
boolean result = false;
|
|
||||||
|
|
||||||
try{
|
try{
|
||||||
// first of all, check if the user is a sysadmin in the catalog (in this case he can do everything)
|
role = false;
|
||||||
boolean isSysAdmin = ckanUtils.isSysAdmin(username, getUserCKanTokenFromSession());
|
|
||||||
|
|
||||||
if(isSysAdmin){
|
// we build up also a list that keeps track of the scopes (orgs) in which the user has role ADMIN
|
||||||
|
List<OrganizationBean> orgsInWhichAdminRole = new ArrayList<OrganizationBean>();
|
||||||
|
role = UserUtil.hasAdminRole(currentScope, username, groupName, this, orgsInWhichAdminRole);
|
||||||
|
|
||||||
workspaceLogger.debug("The user is a sysadmin of the catalog -> he can edit/add");
|
// if he is an admin preload:
|
||||||
httpSession.setAttribute(keyPerScope, true);
|
// 1) organizations in which he can publish (the widget will find these info in session)
|
||||||
result = true;
|
if(role){
|
||||||
|
httpSession.setAttribute(concatenateSessionKeyScope(CKAN_ORGANIZATIONS_PUBLISH_KEY, currentScope), orgsInWhichAdminRole);
|
||||||
}else{
|
workspaceLogger.info("Set organizations in which he can publish to " + orgsInWhichAdminRole + " into session for user " + username);
|
||||||
|
|
||||||
// retrieve the liferay's roles for the user
|
|
||||||
UserManager userManager = new LiferayUserManager();
|
|
||||||
RoleManager roleManager = new LiferayRoleManager();
|
|
||||||
GroupManager groupManager = new LiferayGroupManager();
|
|
||||||
|
|
||||||
// we need to iterate over vres of the user
|
|
||||||
List<GCubeGroup> groups = groupManager.listGroupsByUser(userManager.getUserId(username));
|
|
||||||
|
|
||||||
// user id
|
|
||||||
long userid = userManager.getUserId(username);
|
|
||||||
|
|
||||||
workspaceLogger.debug("The list of organizations of the user " + username + " is " + groups);
|
|
||||||
|
|
||||||
boolean toReturn = false;
|
|
||||||
|
|
||||||
for (GCubeGroup gCubeGroup : groups) {
|
|
||||||
|
|
||||||
String groupName = gCubeGroup.getGroupName();
|
|
||||||
|
|
||||||
// skip if it is not a vre
|
|
||||||
if(!groupManager.isVRE(gCubeGroup.getGroupId()))
|
|
||||||
continue;
|
|
||||||
|
|
||||||
List<GCubeRole> roles = roleManager.listRolesByUserAndGroup(userid, groupManager.getGroupId(groupName));
|
|
||||||
|
|
||||||
// the default one
|
|
||||||
RolesIntoOrganization correspondentRoleToCheck = RolesIntoOrganization.MEMBER;
|
|
||||||
|
|
||||||
// NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog
|
|
||||||
for (GCubeRole gCubeRole : roles) {
|
|
||||||
|
|
||||||
workspaceLogger.debug("User " + username + " has role " + gCubeRole.getRoleName() + " in " + groupName);
|
|
||||||
if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){
|
|
||||||
correspondentRoleToCheck = RolesIntoOrganization.ADMIN;
|
|
||||||
toReturn = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
// }else if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_EDITOR.getRoleName())){
|
|
||||||
// correspondentRoleToCheck = RolesIntoOrganization.EDITOR;
|
|
||||||
// toReturn = true;
|
|
||||||
// break;
|
|
||||||
// }
|
|
||||||
}
|
|
||||||
|
|
||||||
// if the role is member, continue
|
|
||||||
if(correspondentRoleToCheck.equals(RolesIntoOrganization.MEMBER))
|
|
||||||
continue;
|
|
||||||
|
|
||||||
// with this invocation, we check if the role is present in ckan and if it is not it will be added
|
|
||||||
toReturn &= ckanUtils.checkRole(username, groupName, correspondentRoleToCheck);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
// set true in the asl session
|
|
||||||
workspaceLogger.debug("Setting CKAN_ROLE for " + username + " to " + toReturn);
|
|
||||||
result = toReturn;
|
|
||||||
httpSession.setAttribute(keyPerScope, result);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// if result is true, preload ckan licenses, organizations, profiles
|
|
||||||
if(result){
|
|
||||||
|
|
||||||
workspaceLogger.debug("It seems that the user has editor/admin roles");
|
|
||||||
UserUtil.getLicenses(httpSession, username, concatenateSessionKeyScope(CKAN_LICENSES_KEY, currentScope), ckanUtils);
|
|
||||||
UserUtil.getUserOrganizationsList(httpSession, username, isSysAdmin, concatenateSessionKeyScope(CKAN_ORGANIZATIONS_PUBLISH_KEY, currentScope), ckanUtils, getUserCKanTokenFromSession());
|
|
||||||
UserUtil.getMetadataProfilesList(httpSession, username, concatenateSessionKeyScope(CKAN_PROFILES_KEY, currentScope), ckanUtils);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
return result;
|
|
||||||
|
|
||||||
}catch(Exception e){
|
}catch(Exception e){
|
||||||
workspaceLogger.error("Unable to retrieve the role information for this user. Returning FALSE", e);
|
workspaceLogger.error("Unable to retrieve the role information for this user. Returning FALSE", e);
|
||||||
}
|
role = false;
|
||||||
|
|
||||||
// set the role member into the asl
|
|
||||||
httpSession.setAttribute(CKAN_ROLE, false);
|
|
||||||
|
|
||||||
// return false
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get current user's token
|
|
||||||
* @return String the ckan user's token
|
|
||||||
*/
|
|
||||||
private String getUserCKanTokenFromSession(){
|
|
||||||
|
|
||||||
String token = null;
|
|
||||||
|
|
||||||
if(!isWithinPortal()){
|
|
||||||
workspaceLogger.warn("You are running outside the portal");
|
|
||||||
}else{
|
|
||||||
|
|
||||||
// store info in the http session
|
|
||||||
HttpSession httpSession = getThreadLocalRequest().getSession();
|
|
||||||
|
|
||||||
ASLSession aslSession = WsUtil.getAslSession(httpSession);
|
|
||||||
String username = aslSession.getUsername();
|
|
||||||
|
|
||||||
// get the key per scope
|
|
||||||
String keyPerScope = concatenateSessionKeyScope(CKAN_TOKEN_KEY, aslSession.getScope());
|
|
||||||
|
|
||||||
// check if session expired
|
|
||||||
if(username.equals(WsUtil.TEST_USER)){
|
|
||||||
|
|
||||||
workspaceLogger.warn("Session expired, returning null token");
|
|
||||||
token = null;
|
|
||||||
|
|
||||||
}else{
|
|
||||||
try{
|
|
||||||
workspaceLogger.debug("User in session is " + username);
|
|
||||||
if(httpSession.getAttribute(keyPerScope) != null)
|
|
||||||
token = (String)httpSession.getAttribute(keyPerScope);
|
|
||||||
else{
|
|
||||||
token = getCkanUtilsObj().getApiKeyFromUsername(username);
|
|
||||||
httpSession.setAttribute(keyPerScope, token);
|
|
||||||
workspaceLogger.debug("Ckan token has been set for user " + username);
|
|
||||||
}
|
|
||||||
workspaceLogger.debug("Found ckan token " + token.substring(0, 3) + "************************" + " for user " + username);
|
|
||||||
}catch(Exception e){
|
|
||||||
workspaceLogger.error("Error while retrieving the key" , e);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return token;
|
|
||||||
|
// set role in session
|
||||||
|
httpSession.setAttribute(CKAN_ROLE, role);
|
||||||
|
|
||||||
|
workspaceLogger.info("Do have the user the right to publish on the catalogue? " + role);
|
||||||
|
|
||||||
|
// return false
|
||||||
|
return role;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -1,34 +1,27 @@
|
||||||
package org.gcube.portlets.user.workspace.server.util;
|
package org.gcube.portlets.user.workspace.server.util;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Iterator;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Map.Entry;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpSession;
|
|
||||||
|
|
||||||
import org.apache.log4j.Logger;
|
import org.apache.log4j.Logger;
|
||||||
import org.gcube.datacatalogue.ckanutillibrary.CKanUtils;
|
import org.gcube.datacatalogue.ckanutillibrary.CKanUtils;
|
||||||
import org.gcube.datacatalogue.ckanutillibrary.models.RolesIntoOrganization;
|
import org.gcube.datacatalogue.ckanutillibrary.models.RolesIntoOrganization;
|
||||||
import org.gcube.datacatalogue.metadatadiscovery.DataCalogueMetadataFormatReader;
|
|
||||||
import org.gcube.datacatalogue.metadatadiscovery.bean.MetadataType;
|
|
||||||
import org.gcube.datacatalogue.metadatadiscovery.bean.jaxb.MetadataField;
|
|
||||||
import org.gcube.datacatalogue.metadatadiscovery.bean.jaxb.MetadataFormat;
|
|
||||||
import org.gcube.datacatalogue.metadatadiscovery.bean.jaxb.MetadataValidator;
|
|
||||||
import org.gcube.datacatalogue.metadatadiscovery.bean.jaxb.MetadataVocabulary;
|
|
||||||
import org.gcube.portlets.user.workspace.client.model.InfoContactModel;
|
import org.gcube.portlets.user.workspace.client.model.InfoContactModel;
|
||||||
import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.LicensesBean;
|
import org.gcube.portlets.user.workspace.server.GWTWorkspaceServiceImpl;
|
||||||
import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.MetaDataProfileBean;
|
import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.OrganizationBean;
|
||||||
import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.MetaDataTypeWrapper;
|
import org.gcube.vomanagement.usermanagement.GroupManager;
|
||||||
import org.gcube.portlets.widgets.ckandatapublisherwidget.shared.MetadataFieldWrapper;
|
import org.gcube.vomanagement.usermanagement.RoleManager;
|
||||||
import org.gcube.vomanagement.usermanagement.UserManager;
|
import org.gcube.vomanagement.usermanagement.UserManager;
|
||||||
import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException;
|
import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException;
|
||||||
import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault;
|
import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault;
|
||||||
|
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
||||||
|
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
|
||||||
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
||||||
|
import org.gcube.vomanagement.usermanagement.model.GCubeGroup;
|
||||||
|
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
|
||||||
import org.gcube.vomanagement.usermanagement.model.GCubeUser;
|
import org.gcube.vomanagement.usermanagement.model.GCubeUser;
|
||||||
|
import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
|
||||||
import eu.trentorise.opendata.jackan.model.CkanLicense;
|
import eu.trentorise.opendata.jackan.model.CkanOrganization;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -173,145 +166,187 @@ public class UserUtil {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Load the licenses list and put them into the asl session (the publisher widget will use it)
|
* Retrieve the highest ckan role the user has and also retrieve the list of organizations (scopes) in which the user has the ckan-admin role
|
||||||
* @param session
|
* @param currentScope the current scope
|
||||||
* @param ckanLicensesKey
|
* @param username the current username
|
||||||
* @param ckanUtils
|
* @param groupName the current groupName
|
||||||
|
* @param gcubeCkanDataCatalogServiceImpl
|
||||||
|
* @param orgsInWhichAdminRole
|
||||||
|
* @param ckanUtils ckanUtils
|
||||||
*/
|
*/
|
||||||
public static void getLicenses(HttpSession session, String username, String ckanLicensesKey, CKanUtils ckanUtils) {
|
public static boolean hasAdminRole(String currentScope, String username, String groupName, GWTWorkspaceServiceImpl workspaceInstance, List<OrganizationBean> orgsInWhichAdminRole){
|
||||||
|
|
||||||
try{
|
// base role as default value
|
||||||
logger.debug("User in session is " + username);
|
boolean toReturn = false;
|
||||||
List<CkanLicense> titlesLicenses = ckanUtils.getLicenses();
|
|
||||||
List<String> titles = new ArrayList<String>();
|
|
||||||
List<String> urls = new ArrayList<String>();
|
|
||||||
for (CkanLicense license : titlesLicenses) {
|
|
||||||
titles.add(license.getTitle());
|
|
||||||
String url = (license.getUrl() != null && !license.getUrl().isEmpty()) ? license.getUrl() : "";
|
|
||||||
urls.add(url);
|
|
||||||
}
|
|
||||||
LicensesBean licensesBean = new LicensesBean(titles, urls);
|
|
||||||
|
|
||||||
session.setAttribute(ckanLicensesKey, licensesBean);
|
|
||||||
logger.info("List of licenses has been saved into session" + licensesBean);
|
|
||||||
}
|
|
||||||
catch(Exception e){
|
|
||||||
logger.error("Failed to preload licenses list", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Load the list of organizations in which he can publish and put them into the asl session (the publisher widget will use it)
|
|
||||||
* @param session
|
|
||||||
* @param ckanOrganizationsPublishKey
|
|
||||||
* @param ckanUtils
|
|
||||||
*/
|
|
||||||
public static void getUserOrganizationsList(HttpSession session, String username, boolean isSysAdmin,
|
|
||||||
String ckanOrganizationsPublishKey, CKanUtils ckanUtils, String token) {
|
|
||||||
|
|
||||||
try{
|
|
||||||
logger.debug("Request for user " + username + " organizations list");
|
|
||||||
List<String> orgsName = new ArrayList<String>();
|
|
||||||
|
|
||||||
if(isSysAdmin){
|
|
||||||
|
|
||||||
logger.info("The user " + username + " is a sysadmin. He can publish everywhere");
|
|
||||||
orgsName = ckanUtils.getOrganizationsNames(); // get all organizations' names
|
|
||||||
|
|
||||||
}else{
|
|
||||||
|
|
||||||
// We need to retrieve orgs in which the user has the roles ADMIN
|
|
||||||
List<RolesIntoOrganization> rolesToMatch = new ArrayList<RolesIntoOrganization>();
|
|
||||||
rolesToMatch.add(RolesIntoOrganization.ADMIN);
|
|
||||||
|
|
||||||
Map<String, List<RolesIntoOrganization>> orgsAndRoles = ckanUtils.getGroupsAndRolesByUser(username, rolesToMatch);
|
|
||||||
logger.debug("Result is " + orgsAndRoles);
|
|
||||||
Iterator<Entry<String, List<RolesIntoOrganization>>> iterator = orgsAndRoles.entrySet().iterator();
|
|
||||||
|
|
||||||
// get the names
|
|
||||||
while (iterator.hasNext()) {
|
|
||||||
Map.Entry<String, List<RolesIntoOrganization>> entry = (Map.Entry<String, List<RolesIntoOrganization>>) iterator
|
|
||||||
.next();
|
|
||||||
orgsName.add(entry.getKey());
|
|
||||||
logger.debug("The user has a role ADMIN into org " + entry.getKey());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
session.setAttribute(ckanOrganizationsPublishKey, orgsName);
|
|
||||||
logger.info("Organizations name for user " + username + " has been saved into session");
|
|
||||||
}catch(Exception e){
|
|
||||||
logger.error("Failed to preload list of organizations in which the user can publish", e);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Load the list of product profiles and put them into the asl session (the publisher widget will use it)
|
|
||||||
* @param session
|
|
||||||
* @param ckanOrganizationsPublishKey
|
|
||||||
* @param ckanUtils
|
|
||||||
*/
|
|
||||||
public static void getMetadataProfilesList(HttpSession session, String username,
|
|
||||||
String ckanProfilesKey, CKanUtils ckanUtils) {
|
|
||||||
|
|
||||||
try{
|
try{
|
||||||
|
|
||||||
logger.debug("User in session is " + username);
|
UserManager userManager = new LiferayUserManager();
|
||||||
|
RoleManager roleManager = new LiferayRoleManager();
|
||||||
|
GroupManager groupManager = new LiferayGroupManager();
|
||||||
|
|
||||||
List<MetaDataProfileBean> beans = new ArrayList<MetaDataProfileBean>();
|
// user id
|
||||||
|
long userid = userManager.getUserId(username);
|
||||||
|
|
||||||
try {
|
// retrieve current group id
|
||||||
|
long currentGroupId = groupManager.getGroupIdFromInfrastructureScope(currentScope);
|
||||||
|
|
||||||
DataCalogueMetadataFormatReader reader = new DataCalogueMetadataFormatReader();
|
logger.debug("Group id is " + currentGroupId + " and scope is " + currentScope);
|
||||||
|
|
||||||
for (MetadataType mt : reader.getListOfMetadataTypes()) {
|
// retrieve the flat list of organizations for the current user
|
||||||
MetadataFormat metadata = reader.getMetadataFormatForMetadataType(mt);
|
List<GCubeGroup> groups = groupManager.listGroupsByUser(userid);
|
||||||
|
|
||||||
// we need to wrap the list of metadata
|
// root (so check into the root, the VOs and the VRES)
|
||||||
List<MetadataFieldWrapper> wrapperList = new ArrayList<MetadataFieldWrapper>();
|
if(groupManager.isRootVO(currentGroupId)){
|
||||||
List<MetadataField> toWrap = metadata.getMetadataFields();
|
|
||||||
for(MetadataField metadataField: toWrap){
|
|
||||||
|
|
||||||
MetadataFieldWrapper wrapperObj = new MetadataFieldWrapper();
|
logger.info("The current scope is the Root Vo, so the list of organizations of the user " + username + " is " + groups);
|
||||||
wrapperObj.setDefaulValue(metadataField.getDefaulValue());
|
|
||||||
wrapperObj.setFieldName(metadataField.getFieldName());
|
|
||||||
wrapperObj.setIsBoolean(metadataField.getIsBoolean());
|
|
||||||
wrapperObj.setMandatory(metadataField.getMandatory());
|
|
||||||
wrapperObj.setNote(metadataField.getNote());
|
|
||||||
|
|
||||||
MetadataValidator validator = metadataField.getValidator();
|
for (GCubeGroup gCubeGroup : groups) {
|
||||||
if(validator != null)
|
|
||||||
wrapperObj.setValidator(validator.getRegularExpression());
|
|
||||||
|
|
||||||
MetadataVocabulary vocabulary = metadataField.getVocabulary();
|
// get the name of this group
|
||||||
if(vocabulary != null)
|
String gCubeGroupName = gCubeGroup.getGroupName();
|
||||||
wrapperObj.setVocabulary(vocabulary.getVocabularyFields());
|
|
||||||
|
|
||||||
// add to the list
|
// get the role of the users in this group
|
||||||
wrapperList.add(wrapperObj);
|
List<GCubeRole> roles = roleManager.listRolesByUserAndGroup(userid, groupManager.getGroupId(gCubeGroupName));
|
||||||
|
|
||||||
|
// the default one
|
||||||
|
RolesIntoOrganization correspondentRoleToCheck = RolesIntoOrganization.MEMBER;
|
||||||
|
|
||||||
|
// NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog
|
||||||
|
for (GCubeRole gCubeRole : roles) {
|
||||||
|
if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){
|
||||||
|
logger.debug("User " + username + " has role " + gCubeRole.getRoleName() + " in " + gCubeGroupName);
|
||||||
|
correspondentRoleToCheck = RolesIntoOrganization.ADMIN;
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// wrap the mt as well
|
// if the role is member, continue
|
||||||
MetaDataTypeWrapper typeWrapper = new MetaDataTypeWrapper();
|
if(correspondentRoleToCheck.equals(RolesIntoOrganization.MEMBER))
|
||||||
typeWrapper.setDescription(mt.getDescription());
|
continue;
|
||||||
typeWrapper.setId(mt.getId());
|
|
||||||
typeWrapper.setName(mt.getName());
|
// with this invocation, we check if the role is present in ckan and if it is not it will be added
|
||||||
MetaDataProfileBean bean = new MetaDataProfileBean(typeWrapper, wrapperList);
|
CKanUtils ckanUtils = workspaceInstance.getCkanUtilsObj(groupManager.getInfrastructureScope(gCubeGroup.getGroupId()));
|
||||||
beans.add(bean);
|
|
||||||
|
// if there is an instance of ckan in this scope..
|
||||||
|
if(ckanUtils != null){
|
||||||
|
boolean res = ckanUtils.checkRole(username, gCubeGroupName, correspondentRoleToCheck);
|
||||||
|
if(res){
|
||||||
|
|
||||||
|
// get the orgs of the user
|
||||||
|
List<CkanOrganization> ckanOrgs = ckanUtils.getOrganizationsByUser(username);
|
||||||
|
for (CkanOrganization ckanOrganization : ckanOrgs) {
|
||||||
|
if(ckanOrganization.getName().equals(gCubeGroupName.toLowerCase())){
|
||||||
|
orgsInWhichAdminRole.add(new OrganizationBean(ckanOrganization.getTitle(), ckanOrganization.getName()));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}else
|
||||||
|
logger.error("It seems there is no ckan instance into scope " + groupManager.getInfrastructureScope(gCubeGroup.getGroupId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
logger.info("List of beans is " + beans);
|
}else if(groupManager.isVO(currentGroupId)){
|
||||||
session.setAttribute(ckanProfilesKey, beans);
|
|
||||||
logger.debug("List of profiles has been saved into session");
|
|
||||||
|
|
||||||
} catch (Exception e) {
|
logger.debug("The list of organizations of the user " + username + " to scan is the one under the VO " + groupName);
|
||||||
logger.error("Error while retrieving metadata beans ", e);
|
|
||||||
|
for (GCubeGroup gCubeGroup : groups) {
|
||||||
|
|
||||||
|
// if the gCubeGroup is not under the VO or it is not the VO continue
|
||||||
|
if(currentGroupId != gCubeGroup.getParentGroupId() || currentGroupId != gCubeGroup.getGroupId())
|
||||||
|
continue;
|
||||||
|
|
||||||
|
String gCubeGroupName = gCubeGroup.getGroupName();
|
||||||
|
|
||||||
|
List<GCubeRole> roles = roleManager.listRolesByUserAndGroup(userid, groupManager.getGroupId(gCubeGroupName));
|
||||||
|
|
||||||
|
// the default one
|
||||||
|
RolesIntoOrganization correspondentRoleToCheck = RolesIntoOrganization.MEMBER;
|
||||||
|
|
||||||
|
// NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog
|
||||||
|
for (GCubeRole gCubeRole : roles) {
|
||||||
|
|
||||||
|
logger.debug("User " + username + " has role " + gCubeRole.getRoleName() + " in " + gCubeGroupName);
|
||||||
|
if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){
|
||||||
|
correspondentRoleToCheck = RolesIntoOrganization.ADMIN;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// if the role is member, continue
|
||||||
|
if(correspondentRoleToCheck.equals(RolesIntoOrganization.MEMBER))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
// with this invocation, we check if the role is present in ckan and if it is not it will be added
|
||||||
|
CKanUtils ckanUtils = workspaceInstance.getCkanUtilsObj(groupManager.getInfrastructureScope(gCubeGroup.getGroupId()));
|
||||||
|
|
||||||
|
// if there is an instance of ckan in this scope..
|
||||||
|
if(ckanUtils != null){
|
||||||
|
boolean res = ckanUtils.checkRole(username, gCubeGroupName, correspondentRoleToCheck);
|
||||||
|
if(res){
|
||||||
|
// get the orgs of the user
|
||||||
|
List<CkanOrganization> ckanOrgs = ckanUtils.getOrganizationsByUser(username);
|
||||||
|
for (CkanOrganization ckanOrganization : ckanOrgs) {
|
||||||
|
if(ckanOrganization.getName().equals(gCubeGroupName.toLowerCase())){
|
||||||
|
orgsInWhichAdminRole.add(new OrganizationBean(ckanOrganization.getTitle(), ckanOrganization.getName()));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}else
|
||||||
|
logger.error("It seems there is no ckan instance into scope " + groupManager.getInfrastructureScope(gCubeGroup.getGroupId()));
|
||||||
|
}
|
||||||
|
|
||||||
|
}else if(groupManager.isVRE(currentGroupId)){
|
||||||
|
List<GCubeRole> roles = roleManager.listRolesByUserAndGroup(userManager.getUserId(username), groupManager.getGroupId(groupName));
|
||||||
|
|
||||||
|
logger.debug("The current scope is the vre " + groupName);
|
||||||
|
|
||||||
|
// the default one
|
||||||
|
String mainRole = "Catalogue-Member";
|
||||||
|
RolesIntoOrganization correspondentRoleToCheck = RolesIntoOrganization.MEMBER;
|
||||||
|
|
||||||
|
// NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog
|
||||||
|
for (GCubeRole role : roles) {
|
||||||
|
|
||||||
|
logger.debug("User " + username + " has role " + role.getRoleName() + " in " + currentScope);
|
||||||
|
if(role.getRoleName().equalsIgnoreCase(GatewayRolesNames.CATALOGUE_ADMIN.getRoleName())){
|
||||||
|
mainRole = GatewayRolesNames.CATALOGUE_ADMIN.getRoleName();
|
||||||
|
correspondentRoleToCheck = RolesIntoOrganization.ADMIN;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// if it the role is ADMIN we have to be sure to set it
|
||||||
|
if(correspondentRoleToCheck.equals(RolesIntoOrganization.ADMIN)){
|
||||||
|
|
||||||
|
// with this invocation, we check if the role is present in ckan and if it is not it will be added
|
||||||
|
CKanUtils ckanUtils = workspaceInstance.getCkanUtilsObj(groupManager.getInfrastructureScope(currentGroupId));
|
||||||
|
boolean res = ckanUtils.checkRole(username, groupName, correspondentRoleToCheck);
|
||||||
|
|
||||||
|
if(res){
|
||||||
|
// get the orgs of the user
|
||||||
|
List<CkanOrganization> ckanOrgs = ckanUtils.getOrganizationsByUser(username);
|
||||||
|
for (CkanOrganization ckanOrganization : ckanOrgs) {
|
||||||
|
if(ckanOrganization.getName().equals(groupName.toLowerCase())){
|
||||||
|
orgsInWhichAdminRole.add(new OrganizationBean(ckanOrganization.getTitle(), ckanOrganization.getName()));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}catch(Exception e){
|
||||||
catch(Exception e){
|
logger.error("Unable to retrieve the role information for this user. Returning false", e);
|
||||||
logger.error("Failed to retrieve the list of product profiles", e);
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//ok, somewhere he is admin
|
||||||
|
if(orgsInWhichAdminRole.size() > 0)
|
||||||
|
toReturn = true;
|
||||||
|
|
||||||
|
// return the role
|
||||||
|
logger.debug("Returning role " + toReturn + " for user " + username);
|
||||||
|
return toReturn;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue