Added management to support the roles of THREDDS Admin and THREDDS

Publisher
3 years ago · b0ce8ac5e3
parent e438b0084b
commit b0ce8ac5e3
7 changed files with 244 additions and 96 deletions
--- a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/WsThreddsWidget.java
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/WsThreddsWidget.java
@ -2,6 +2,7 @@ package org.gcube.portlets.widgets.wsthreddssync.client;

 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;

 import org.gcube.portal.wssynclibrary.shared.WorkspaceFolderLocked;
 import org.gcube.portal.wssynclibrary.shared.thredds.ThSyncStatus;
@ -19,17 +20,21 @@ import org.gcube.portlets.widgets.wsthreddssync.client.rpc.ThreddsWorkspaceSyncS
 import org.gcube.portlets.widgets.wsthreddssync.client.view.LoaderIcon;
 import org.gcube.portlets.widgets.wsthreddssync.client.view.WsThreddsWidgetViewManager;
 import org.gcube.portlets.widgets.wsthreddssync.client.view.binder.MonitorFolderSyncStatusView;
+import org.gcube.portlets.widgets.wsthreddssync.shared.GatewayRolesThredds;
 import org.gcube.portlets.widgets.wsthreddssync.shared.WsFolder;
 import org.gcube.portlets.widgets.wsthreddssync.shared.WsThreddsSynchFolderConfiguration;
 import org.gcube.portlets.widgets.wsthreddssync.shared.WsThreddsSynchFolderDescriptor;

+import com.github.gwtbootstrap.client.ui.Alert;
 import com.github.gwtbootstrap.client.ui.Modal;
+import com.github.gwtbootstrap.client.ui.constants.AlertType;
 import com.google.gwt.core.client.GWT;
 import com.google.gwt.event.dom.client.ClickEvent;
 import com.google.gwt.event.dom.client.ClickHandler;
 import com.google.gwt.event.shared.HandlerManager;
 import com.google.gwt.user.client.Window;
 import com.google.gwt.user.client.rpc.AsyncCallback;
+import com.google.gwt.user.client.ui.HorizontalPanel;


 // TODO: Auto-generated Javadoc
@ -51,10 +56,12 @@ public class WsThreddsWidget implements HasWsSyncNotificationListner {

 	private final List<SyncCompletedNotificationListner> syncEventsListeners = new ArrayList<SyncCompletedNotificationListner>();
 	
-	public static final String MISSING_THREDDS_ADMIN_RIGHTS = "It seems you are not authorized to create a configuration with Thredds Catalogue. Request it to the VRE manager or the portal administrator.";
+	public static final String MISSING_THREDDS_ADMIN_RIGHTS = "It seems you are not authorized to create a configuration towards THREDDS Catalogue. Request it to the VRE manager or the portal administrator.";
+	
+	public static final String MISSING_THREDDS_PUBLISHER_RIGHTS = "It seems you are not authorized to run a syncronization task towards THREDDS Catalogue. Request it to the VRE manager or the portal administrator.";
+	
+	public static final String MISSING_THREDDS_RIGHTS = "It seems you are not authorized to interact with the facility 'Sync with THREDDS'. Request authorization to the VRE manager or the portal administrator.";
 	
-	public static final String MISSING_THREDDS_PUBLISHER_RIGHTS = "It seems you are not authorized to run a syncronization task with Thredds Catalogue. Request it to the VRE manager or the portal administrator.";
-
 	/**
 	 * This is the entry point method.
 	 */
@ -146,38 +153,96 @@ public class WsThreddsWidget implements HasWsSyncNotificationListner {

 		final Modal box = new Modal(true);
 		box.setTitle("Checking configurations...");
-		LoaderIcon loader = new LoaderIcon("Checking folder configurations...");
-		box.add(loader);
-
-		GWT.log("Performing isItemSynched: "+folder.getFolderId());
-		WsThreddsWidget.wsThreddsSyncService.isItemSynched(folder.getFolderId(), new AsyncCallback<WsThreddsSynchFolderDescriptor>() {
+		final HorizontalPanel hpLoader = new HorizontalPanel();
+		LoaderIcon loader = new LoaderIcon("Checking authorizations and folder configurations...");
+		hpLoader.add(loader);
+		box.add(hpLoader);
+		
+		//LAOADING ROLES
+		WsThreddsWidget.wsThreddsSyncService.getScopesWithThreddsRolesForLoggedUser(new AsyncCallback<Map<String,GatewayRolesThredds>>() {

 			@Override
-			public void onSuccess(WsThreddsSynchFolderDescriptor result) {
-				box.hide();
-				//GWT.log("WsThreddsSynchFolderDescriptor result: "+result);
-				viewManager.showThreddsFolderInfo(folder, result);
-
+			public void onFailure(Throwable caught) {
+				hpLoader.clear();
+				hpLoader.setVisible(false);
+				Alert alert = new Alert();
+				alert.setType(AlertType.INFO);
+				alert.setText(caught.getMessage());
+				box.add(alert);
 			}

 			@Override
-			public void onFailure(Throwable caught) {
-				box.hide();
+			public void onSuccess(Map<String, GatewayRolesThredds> result) {
+				try {
+					hpLoader.clear();
+					hpLoader.setVisible(false);
+				}catch (Exception e) {
+					//Silent
+				}
+				
+				if(result!=null) {
+				
+					GWT.log("Returned Map(Scope,Role): "+result);
+					final boolean isThreddsPubliser = result.containsValue(GatewayRolesThredds.THREDDS_PUBLISHER);
+					final boolean isThreddsAdmin = result.containsValue(GatewayRolesThredds.THREDDS_ADMIN);
+					
+					//no rights assigned
+					if(!isThreddsAdmin && !isThreddsPubliser) {
+						showMissingRights(box);
+						return;
+					}
+					
+					//at least one THREDDS rights is assigned
+					GWT.log("Performing isItemSynched: "+folder.getFolderId());
+					WsThreddsWidget.wsThreddsSyncService.isItemSynched(folder.getFolderId(), new AsyncCallback<WsThreddsSynchFolderDescriptor>() {
+
+						@Override
+						public void onSuccess(WsThreddsSynchFolderDescriptor result) {
+							box.hide();
+							//GWT.log("WsThreddsSynchFolderDescriptor result: "+result);
+							viewManager.showThreddsFolderInfo(folder, result, isThreddsAdmin, isThreddsPubliser);

-				if(caught instanceof WorkspaceFolderLocked){
-					viewManager.showMonitorSyncToFolder(folder,syncEventsListeners);
+						}
+
+						@Override
+						public void onFailure(Throwable caught) {
+							box.hide();
+
+							if(caught instanceof WorkspaceFolderLocked){
+								viewManager.showMonitorSyncToFolder(folder,syncEventsListeners);
+								return;
+							}
+
+							viewManager.cancelMonitor(folder);
+							Window.alert(caught.getMessage());
+						}
+					});
+
+					
+					
+					
+				}else {
+					//no rights detected
+					showMissingRights(box);
 					return;
 				}
-
-				viewManager.cancelMonitor(folder);
-				// TODO Auto-generated method stub
-				Window.alert(caught.getMessage());
+				
 			}
+			
 		});

+
 		box.show();

 	}
+	
+	private void showMissingRights(Modal box) {
+		Alert alert = new Alert();
+		alert.setType(AlertType.WARNING);
+		alert.setText(MISSING_THREDDS_RIGHTS);
+		alert.setClose(false);
+		box.add(alert);
+	}

 	private void performFolderUnSync(final WsFolder folder) {
 		GWT.log("Performing doSyncFolder on: "+folder);
--- a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/rpc/ThreddsWorkspaceSyncService.java
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/rpc/ThreddsWorkspaceSyncService.java
@ -1,11 +1,13 @@
 package org.gcube.portlets.widgets.wsthreddssync.client.rpc;

 import java.util.List;
+import java.util.Map;

 import org.gcube.portal.wssynclibrary.shared.ItemNotSynched;
 import org.gcube.portal.wssynclibrary.shared.WorkspaceFolderLocked;
 import org.gcube.portal.wssynclibrary.shared.thredds.ThCatalogueBean;
 import org.gcube.portal.wssynclibrary.shared.thredds.ThSyncStatus;
+import org.gcube.portlets.widgets.wsthreddssync.shared.GatewayRolesThredds;
 import org.gcube.portlets.widgets.wsthreddssync.shared.GcubeScope;
 import org.gcube.portlets.widgets.wsthreddssync.shared.WsThreddsSynchFolderConfiguration;
 import org.gcube.portlets.widgets.wsthreddssync.shared.WsThreddsSynchFolderDescriptor;
@ -79,4 +81,13 @@ public interface ThreddsWorkspaceSyncService extends RemoteService {
 	 * @throws Exception the exception
 	 */
 	Boolean doUnSyncFolder(String folderId) throws Exception;
+
+	/**
+	 * Gets the list of Scopes (Root-VO, VOs and VREs) for user and the Thredds roles that user has in them.
+	 *
+	 * @param user the user
+	 * @return the VREs and Thredds roles for a given user
+	 * @throws Exception 
+	 */
+	Map<String, GatewayRolesThredds> getScopesWithThreddsRolesForLoggedUser() throws Exception;
 }
--- a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/rpc/ThreddsWorkspaceSyncServiceAsync.java
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/rpc/ThreddsWorkspaceSyncServiceAsync.java
@ -1,9 +1,11 @@
 package org.gcube.portlets.widgets.wsthreddssync.client.rpc;

 import java.util.List;
+import java.util.Map;

 import org.gcube.portal.wssynclibrary.shared.thredds.ThCatalogueBean;
 import org.gcube.portal.wssynclibrary.shared.thredds.ThSyncStatus;
+import org.gcube.portlets.widgets.wsthreddssync.shared.GatewayRolesThredds;
 import org.gcube.portlets.widgets.wsthreddssync.shared.GcubeScope;
 import org.gcube.portlets.widgets.wsthreddssync.shared.WsThreddsSynchFolderConfiguration;
 import org.gcube.portlets.widgets.wsthreddssync.shared.WsThreddsSynchFolderDescriptor;
@ -109,4 +111,7 @@ public interface ThreddsWorkspaceSyncServiceAsync
 	 * @param callback the callback
 	 */
 	void doUnSyncFolder(String folderId, AsyncCallback<Boolean> callback);
+
+
+	void getScopesWithThreddsRolesForLoggedUser(AsyncCallback<Map<String, GatewayRolesThredds>> callback);
 }
--- a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/view/WsThreddsWidgetViewManager.java
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/view/WsThreddsWidgetViewManager.java
@ -1,7 +1,5 @@
 package org.gcube.portlets.widgets.wsthreddssync.client.view;

-
-
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@ -34,8 +32,6 @@ import com.google.gwt.user.client.rpc.AsyncCallback;
 import com.google.gwt.user.client.ui.Button;
 import com.google.gwt.user.client.ui.VerticalPanel;

-
-// TODO: Auto-generated Javadoc
 /**
 * The Class WsThreddsWidgetViewManager.
 *
@ -44,9 +40,11 @@ import com.google.gwt.user.client.ui.VerticalPanel;
 */
 public class WsThreddsWidgetViewManager {

+	public static final String CREATE_CONFIGURATION = "Create Configuration";
+	public static final String THIS_FOLDER_IS_NOT_CONFIGURED_DO_YOU_WANT_CREATE_A_CONFIGURATION = "This Folder is not configured. Do you want create a configuration?";
+	
 	private Map<String, MonitorFolderSyncStatusView> mapMonitor = new HashMap<String, MonitorFolderSyncStatusView>();

-
 	/**
 	 * Instantiates a new ws thredds widget view manager.
 	 */
@ -332,8 +330,10 @@ public class WsThreddsWidgetViewManager {
 	 *
 	 * @param folder the folder
 	 * @param folderDescriptor the folder descriptor
+	 * @param isThreddsAdmin the is thredds admin
+	 * @param isThreddsPubliser the is thredds publiser
 	 */
-	public void showThreddsFolderInfo(final WsFolder folder, final WsThreddsSynchFolderDescriptor folderDescriptor){
+	public void showThreddsFolderInfo(final WsFolder folder, final WsThreddsSynchFolderDescriptor folderDescriptor, final boolean isThreddsAdmin, final boolean isThreddsPubliser){
 		GWT.log("ShowThreddsFolderInfo folder: "+folder);
 		//GWT.log("WsThreddsSynchFolderDescriptor is: "+folderDescriptor);

@ -358,10 +358,10 @@ public class WsThreddsWidgetViewManager {
 			}
 		};

-		boolean isCreateConfiguration = folderDescriptor==null?true:false;
+		final boolean isCreateConfiguration = folderDescriptor==null?true:false;


-		ShowThreddsFolderInfoView folderInfo = new ShowThreddsFolderInfoView(folder.getFolderId(), isCreateConfiguration) {
+		final ShowThreddsFolderInfoView folderInfo = new ShowThreddsFolderInfoView(folder.getFolderId(), isCreateConfiguration) {

 			@Override
 			public void submitHandler(SUBMIT_ACTION action) {
@ -410,37 +410,59 @@ public class WsThreddsWidgetViewManager {
 		};

 		folderInfo.updateViewToResult(folder, folderDescriptor);
-
+		
 		if(isCreateConfiguration) {
 			folderInfo.getMainPanel().setVisible(false);
-			folderInfo.setError(true, "This Folder is not configured. Do you want create a configuration?");
-			folderInfo.getPager().getLeft().setText("Create Configuration");
+			
+			if(isThreddsAdmin) {
+				folderInfo.setError(true, THIS_FOLDER_IS_NOT_CONFIGURED_DO_YOU_WANT_CREATE_A_CONFIGURATION);
+				folderInfo.getPager().getLeft().setText(CREATE_CONFIGURATION);
+			}else {
+				//Create Configuration button
+				folderInfo.getPager().getLeft().setVisible(false);
+				folderInfo.setError(true, WsThreddsWidget.MISSING_THREDDS_ADMIN_RIGHTS);
+			}
+
 		}else {
 			//USER CAN PERFORM DO SYNC
 			//MOREOVER, HE/SHE COULD UPDATE THE CONFIGURATION BUT IT IS NOT SUPPORTED SERVER-SIDE
+			
+			//hiding create/update configuration
 			folderInfo.getPager().getLeft().setVisible(false);
+			
+			if(isThreddsPubliser || isThreddsAdmin) {
+				
+				//hiding unsync button if the user is a publisher
+				if(isThreddsPubliser)
+					folderInfo.showUnsyncButton(false);
+
+				if(folderDescriptor.getServerFolderDescriptor().isLocked()) {
+					VerticalPanel v = new VerticalPanel();
+					Alert alert = new Alert("Current Folder synchronization is locked by another proccess. Do you want see synchronization status?");
+					alert.setClose(true);
+					alert.setType(AlertType.INFO);
+
+					Button butt = new Button("Show Status");
+					butt.addClickHandler(new ClickHandler() {

-			if(folderDescriptor.getServerFolderDescriptor().isLocked()) {
-				VerticalPanel v = new VerticalPanel();
-				Alert alert = new Alert("Current Folder synchronization is locked by another proccess. Do you want see synchronization status?");
-				alert.setClose(true);
-				alert.setType(AlertType.INFO);
-
-				Button butt = new Button("Show Status");
-				butt.addClickHandler(new ClickHandler() {
-
-					@Override
-					public void onClick(ClickEvent event) {
-						WsThreddsWidget.eventBus.fireEvent(new ShowMonitorSyncStatusEvent(folder));
-					}
-				});
+						@Override
+						public void onClick(ClickEvent event) {
+							WsThreddsWidget.eventBus.fireEvent(new ShowMonitorSyncStatusEvent(folder));
+						}
+					});

-				v.add(alert);
-				v.add(butt);
-				box.add(v);
+					v.add(alert);
+					v.add(butt);
+					box.add(v);
+				}
+			}else {
+				//DoSync button
+				folderInfo.getPager().getRight().setVisible(false);
+				folderInfo.setError(true, WsThreddsWidget.MISSING_THREDDS_PUBLISHER_RIGHTS);
 			}

 		}
+		

 		panelView.addViewAsWidget(folderInfo);
 		box.add(panelView);
--- a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/view/binder/ShowThreddsFolderInfoView.java
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/view/binder/ShowThreddsFolderInfoView.java
@ -355,6 +355,16 @@ public abstract class ShowThreddsFolderInfoView extends Composite {
 	public HTMLPanel getMainPanel(){
 		return form_unit_fields;
 	}
+	
+	
+	/**
+	 * Show unsync.
+	 *
+	 * @param show the show
+	 */
+	public void showUnsyncButton(boolean show) {
+		button_do_unsync.setVisible(show);
+	}



--- a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/ThreddsWorkspaceSyncServiceImpl.java
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/ThreddsWorkspaceSyncServiceImpl.java
@ -2,7 +2,9 @@ package org.gcube.portlets.widgets.wsthreddssync.server;

 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;

 import org.gcube.common.portal.PortalContext;
@ -73,7 +75,7 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
 			return true;
 		}
 		catch (Exception ex) {
-			logger.trace("Development Mode ON");
+			logger.warn("Development Mode ON");
 			return false;
 		}
 	}
@ -148,6 +150,44 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem

 		return listCtlgs;
 	}
+	
+	
+	/**
+	 * Gets the list of Scopes (Root-VO, VOs and VREs) for user and the Thredds roles that user has in them.
+	 *
+	 * @param user the user
+	 * @return the VREs and Thredds roles for a given user
+	 * @throws Exception 
+	 */
+	@Override
+	public Map<String, GatewayRolesThredds> getScopesWithThreddsRolesForLoggedUser() throws Exception{
+		logger.info("called getScopesWithThreddsRolesForLoggedUser");
+		
+		GCubeUser user = null;
+		Map<String, GatewayRolesThredds> mapScopesRoles = null;
+		
+		//DEV MODE
+		if (!isWithinPortal()){
+			mapScopesRoles = new HashMap<String, GatewayRolesThredds>();
+//			mapScopesRoles.put( "/gcube/devsec/devVRE", GatewayRolesThredds.THREDDS_PUBLISHER);
+//			mapScopesRoles.put( "/gcube", GatewayRolesThredds.THREDDS_PUBLISHER);
+//			mapScopesRoles.put( "/gcube/devNext/NextNext", GatewayRolesThredds.THREDDS_PUBLISHER);
+			return mapScopesRoles;
+		}
+		
+		try {
+
+			user = PortalContext.getConfiguration().getCurrentUser(this.getThreadLocalRequest());
+			mapScopesRoles = WsUtil.getScopesWithThreddsRolesForUser(user);
+		
+			logger.info("returning Map(scopes,roles): "+mapScopesRoles);
+			return mapScopesRoles;
+		}catch (Exception e) {
+			String errorMsg = "An error occurred on checking user roles. Refresh the page and try again.";
+			logger.error("An error occurred on checking user roles for user: "+user, e);
+			throw new Exception(errorMsg);
+		} 
+	}


 	/**
@ -165,7 +205,8 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
 		// Instanciate the manager
 		GroupManager groupManager = new LiferayGroupManager();
 		List<GcubeScope> listOfScopes = new ArrayList<GcubeScope>();
-
+		
+		//DEV MODE
 		if (!isWithinPortal()){
 			listOfScopes.add(new GcubeScope("devVRE", "/gcube/devsec/devVRE", GcubeScopeType.VRE));
 			listOfScopes.add(new GcubeScope("NextNext", "/gcube/devNext/NextNext", GcubeScopeType.VRE));
@ -197,15 +238,9 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
 //				}

 				if(scopeType!=null){
-					List<GatewayRolesThredds> roles = WsUtil.getThreddsRoleFor(user, gCubeGroup);
-					//Adding only the scope where the user has the (GatewayRolesThredds.THREDDS_ADMIN role
-					/*if(roles!=null && roles.size()>0 && roles.contains(GatewayRolesThredds.THREDDS_ADMIN)) {
-						GcubeScope gcubeScope = new GcubeScope(gCubeGroup.getGroupName(), groupManager.getInfrastructureScope(gCubeGroup.getGroupId()), scopeType);
-						listOfScopes.add(gcubeScope);
-					}*/
-					
+					GatewayRolesThredds roles = WsUtil.getThreddsRoleFor(user, gCubeGroup);
 					//Adding only the scope where the user has the THREDDS_ADMIN role
-					GcubeScope gcubeScope = availableScopeForRole(roles, gCubeGroup, groupManager, scopeType);
+					GcubeScope gcubeScope = availableScopeForRoleAndCatalogue(roles, gCubeGroup, groupManager, scopeType);
 					if(gcubeScope!=null) {
 						listOfScopes.add(gcubeScope);
 					}
@ -213,15 +248,9 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
 			}
 			
 			GCubeGroup theRootVO = groupManager.getRootVO();
-			List<GatewayRolesThredds> roles = WsUtil.getThreddsRoleFor(user, theRootVO);
-			//ADDING THE ROOT SCOPE
-			/*if(roles!=null && roles.size()>0 && roles.contains(GatewayRolesThredds.THREDDS_ADMIN)) {
-				GcubeScope gcubeScope = new GcubeScope(theRootVO.getGroupName(), groupManager.getInfrastructureScope(theRootVO.getGroupId()), GcubeScopeType.ROOT);
-				listOfScopes.add(gcubeScope);
-			}*/
-			
-			///ADDING THE ROOT SCOPE if the user has the THREDDS_ADMIN role in the scope
-			GcubeScope gcubeScope = availableScopeForRole(roles, theRootVO, groupManager, GcubeScopeType.ROOT);
+			GatewayRolesThredds roles = WsUtil.getThreddsRoleFor(user, theRootVO);
+			///ADDING THE ROOT SCOPE if the user has the THREDDS_ADMIN role in the ROOT-VO
+			GcubeScope gcubeScope = availableScopeForRoleAndCatalogue(roles, theRootVO, groupManager, GcubeScopeType.ROOT);
 			if(gcubeScope!=null) {
 				listOfScopes.add(gcubeScope);
 			}
@ -244,29 +273,29 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
 		}

 		Collections.sort(listOfScopes);
-		logger.info("Returning list of VREs: "+listOfScopes);
+		logger.info("Returning list of allowed scope/s with: "+GatewayRolesThredds.THREDDS_ADMIN + " role/s: "+listOfScopes);
 		return listOfScopes;
 	}
 	
 	
 	/**
 	 * Available scope for role and catalogue, checks if for the input scope:
-	 * - the user has the role {@link GatewayRolesThredds.#THREDDS_ADMIN}alid catalogue configured for thredds 
-	 * - the scope has an available thredds catalogue configured (by calling the service) 
-	 * 
-	 * @param roles the roles
+	 * - the user has the role {@link GatewayRolesThredds.#THREDDS_ADMIN}
+	 * - the scope has an available thredds catalogue configured
+	 *
+	 * @param role the role
 	 * @param scope the scope
 	 * @param groupManager the group manager
 	 * @param scopeType the scope type
 	 * @return the gcube scope {@link GcubeScope} if the two conditions (see description) are satisfied, null otherwise
 	 * @throws Exception the exception
 	 */
-	private GcubeScope availableScopeForRoleAndCatalogue(List<GatewayRolesThredds> roles, GCubeGroup scope, GroupManager groupManager, GcubeScopeType scopeType) throws Exception {
+	private GcubeScope availableScopeForRoleAndCatalogue(GatewayRolesThredds role, GCubeGroup scope, GroupManager groupManager, GcubeScopeType scopeType) throws Exception {
 		
-		if(roles!=null && roles.size()>0 && roles.contains(GatewayRolesThredds.THREDDS_ADMIN)) {
+		if(role!=null && role.equals(GatewayRolesThredds.THREDDS_ADMIN)) {
 			try {
 				List<ThCatalogueBean> list = getAvailableCataloguesForScope(scope.getGroupName());
-				if(list!=null && list.size()>0) {
+				if(list!=null) {
 					return new GcubeScope(scope.getGroupName(), groupManager.getInfrastructureScope(scope.getGroupId()), scopeType);
 				}
 			}catch (Exception e) {
@ -279,17 +308,17 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
 	
 	/**
 	 * Available scope for role , checks if for the input scope the user has the role of {@link GatewayRolesThredds.#THREDDS_ADMIN}
-	 * 
-	 * @param roles the roles
+	 *
+	 * @param role the role
 	 * @param scope the scope
 	 * @param groupManager the group manager
 	 * @param scopeType the scope type
 	 * @return the gcube scope {@link GcubeScope} if the user has the role of {@link GatewayRolesThredds.#THREDDS_ADMIN}, null otherwise
 	 * @throws Exception the exception
 	 */
-	private GcubeScope availableScopeForRole(List<GatewayRolesThredds> roles, GCubeGroup scope, GroupManager groupManager, GcubeScopeType scopeType) throws Exception {
+	private GcubeScope availableScopeForRole(GatewayRolesThredds role, GCubeGroup scope, GroupManager groupManager, GcubeScopeType scopeType) throws Exception {
 		
-		if(roles!=null && roles.size()>0 && roles.contains(GatewayRolesThredds.THREDDS_ADMIN)) {
+		if(role!=null && role.equals(GatewayRolesThredds.THREDDS_ADMIN)) {
 			return new GcubeScope(scope.getGroupName(), groupManager.getInfrastructureScope(scope.getGroupId()), scopeType);
 		}
 		return null;
--- a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/WsUtil.java
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/WsUtil.java
@ -114,18 +114,16 @@ public class WsUtil {
 	}

 	/**
-	 * Gets the list of Scopes (Root-VO, VOs and VREs) for user and the thredds roles the user has in them.
-	 * retrieve the VREs to whom a given user 
+	 * Gets the list of Scopes (Root-VO, VOs and VREs) for user and the Thredds roles that user has in them.
 	 *
 	 * @param user the user
-	 * @return the list vre for user
+	 * @return the VREs and Thredds roles for a given user
 	 */
-	public static Map<String, List<GatewayRolesThredds>> getScopesThreddsRolesForUser(GCubeUser user){
+	public static Map<String, GatewayRolesThredds> getScopesWithThreddsRolesForUser(GCubeUser user){
 		logger.info("called getScopesThreddsRolesForUser user: "+user+", in all contexts");
 		
 		GroupManager groupManager = new LiferayGroupManager();
-		Map<String, List<GatewayRolesThredds>> mapRoleByGroupSingleVre = new HashMap<String, List<GatewayRolesThredds>>();
-		//GCubeUser user;
+		Map<String, GatewayRolesThredds> mapRoleByGroupSingleVre = new HashMap<String, GatewayRolesThredds>();
 		try {
 			
 			//Retrieving the list of VOs and VREs
@ -133,9 +131,9 @@ public class WsUtil {
 			//adding also the ROOT-VO
 			listOfGroups.add(groupManager.getRootVO());
 			for (GCubeGroup gCubeGroup : listOfGroups) {
-				List<GatewayRolesThredds> threddsRoles = getThreddsRoleFor(user, gCubeGroup);
-				if(threddsRoles.size()>0) {
-					mapRoleByGroupSingleVre.put(gCubeGroup.getGroupName(), threddsRoles);
+				GatewayRolesThredds threddsRole = getThreddsRoleFor(user, gCubeGroup);
+				if(threddsRole != null) {
+					mapRoleByGroupSingleVre.put(gCubeGroup.getGroupName(), threddsRole);
 				}
 			}
 			
@ -149,17 +147,17 @@ public class WsUtil {
 	

 	/**
-	 * Gets the thredds role for the user in the vre
+	 * Gets the (highest) thredds role for the user in the scope
 	 *
 	 * @param user the user
-	 * @param vre the vre
+	 * @param scope the vre
 	 * @return the thredds role for
 	 */
-	public static List<GatewayRolesThredds> getThreddsRoleFor(GCubeUser user, GCubeGroup vre){
-		logger.info("called getThreddsRoleFor user: "+user+", in the scope: "+vre.getGroupName());
+	public static GatewayRolesThredds getThreddsRoleFor(GCubeUser user, GCubeGroup scope){
+		logger.info("called getThreddsRoleFor user: "+user+", in the scope: "+scope.getGroupName());
 		try {
 			RoleManager roleManager = new LiferayRoleManager();
-			List<GCubeRole> roles = roleManager.listRolesByUserAndGroup(user.getUserId(), vre.getGroupId());
+			List<GCubeRole> roles = roleManager.listRolesByUserAndGroup(user.getUserId(), scope.getGroupId());
 			List<GatewayRolesThredds> threddsRoles = new ArrayList<GatewayRolesThredds>();
 			for (GCubeRole gCubeRole : roles) {
 				if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesThredds.THREDDS_ADMIN.getRoleName())){
@ -170,8 +168,16 @@ public class WsUtil {
 				}
 			}
 			
-			logger.info("For user: "+user+" in the scope: "+vre.getGroupName()+" returning roles: " + threddsRoles);
-			return threddsRoles;
+			logger.info("For user: "+user+" in the scope: "+scope.getGroupName()+" read the role/s: " + threddsRoles);
+			
+			GatewayRolesThredds toReturn = null;
+			if (threddsRoles.contains(GatewayRolesThredds.THREDDS_ADMIN))
+				toReturn = GatewayRolesThredds.THREDDS_ADMIN;
+			else if (threddsRoles.contains(GatewayRolesThredds.THREDDS_PUBLISHER))
+				toReturn = GatewayRolesThredds.THREDDS_PUBLISHER;
+			
+			logger.info("returning role: " + toReturn);
+			return toReturn;
 		}catch (UserRetrievalFault | GroupRetrievalFault e) {
 			logger.error("An error occurred during getVreRoleForUser: "+user, e);
 			return null;