diff --git a/src/main/java/com/databasepreservation/common/api/v1/CollectionResource.java b/src/main/java/com/databasepreservation/common/api/v1/CollectionResource.java index a449d57d..7a80af78 100644 --- a/src/main/java/com/databasepreservation/common/api/v1/CollectionResource.java +++ b/src/main/java/com/databasepreservation/common/api/v1/CollectionResource.java @@ -10,11 +10,8 @@ import static com.databasepreservation.common.client.ViewerConstants.SOLR_INDEX_ROW_COLLECTION_NAME_PREFIX; import static com.databasepreservation.common.client.ViewerConstants.SOLR_SEARCHES_DATABASE_UUID; -import com.databasepreservation.common.client.models.structure.ViewerLobStoreType; import java.io.BufferedInputStream; import java.io.ByteArrayInputStream; -import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.nio.file.Files; @@ -87,6 +84,7 @@ import com.databasepreservation.common.client.models.status.denormalization.DenormalizeConfiguration; import com.databasepreservation.common.client.models.structure.ViewerDatabase; import com.databasepreservation.common.client.models.structure.ViewerDatabaseStatus; +import com.databasepreservation.common.client.models.structure.ViewerLobStoreType; import com.databasepreservation.common.client.models.structure.ViewerRow; import com.databasepreservation.common.client.models.structure.ViewerTable; import com.databasepreservation.common.client.models.structure.ViewerType; @@ -560,7 +558,7 @@ private Response handleClobDownload(TableStatus tableConfiguration, ViewerRow ro } private Response handleExternalLobDownload(TableStatus tableConfiguration, ViewerRow row, int columnIndex) - throws IOException { + throws IOException { final String lobLocation = row.getCells().get(tableConfiguration.getColumnByIndex(columnIndex).getId()).getValue(); final java.nio.file.Path lobPath = Paths.get(lobLocation); final java.nio.file.Path completeLobPath = ViewerFactory.getViewerConfiguration().getSIARDFilesPath() @@ -612,9 +610,9 @@ private Response handleInternalLobDownload(String databasePath, TableStatus tabl throw new GenericException("Zip archive entry is missing"); } - return ApiUtils.okResponse(new StreamResponse(handlebarsFilename, handlebarsMimeType, - DownloadUtils.stream(new BufferedInputStream(zipFile.getInputStream(entry))))); - } + return ApiUtils.okResponse(new StreamResponse(handlebarsFilename, handlebarsMimeType, + DownloadUtils.stream(new BufferedInputStream(zipFile.getInputStream(entry))))); + } } @GET diff --git a/src/main/java/com/databasepreservation/common/api/v1/ContextResource.java b/src/main/java/com/databasepreservation/common/api/v1/ContextResource.java index c9f29cb6..b8aee389 100644 --- a/src/main/java/com/databasepreservation/common/api/v1/ContextResource.java +++ b/src/main/java/com/databasepreservation/common/api/v1/ContextResource.java @@ -23,7 +23,7 @@ import org.springframework.stereotype.Service; import com.databasepreservation.common.client.ViewerConstants; -import com.databasepreservation.common.client.models.authorization.AuthorizationGroups; +import com.databasepreservation.common.client.models.authorization.AuthorizationGroup; import com.databasepreservation.common.client.models.authorization.AuthorizationGroupsList; import com.databasepreservation.common.client.services.ContextService; import com.databasepreservation.common.server.ServerTools; @@ -64,7 +64,7 @@ public Map> getSharedProperties(String localeString) { } @Override - public Set getAuthorizationGroupsList() { + public Set getAuthorizationGroupsList() { ControllerAssistant controllerAssistant = new ControllerAssistant() {}; controllerAssistant.checkRoles(request); AuthorizationGroupsList authorizationGroupsList = ViewerConfiguration.getInstance() diff --git a/src/main/java/com/databasepreservation/common/api/v1/DatabaseResource.java b/src/main/java/com/databasepreservation/common/api/v1/DatabaseResource.java index cf4db0e8..07fa4373 100644 --- a/src/main/java/com/databasepreservation/common/api/v1/DatabaseResource.java +++ b/src/main/java/com/databasepreservation/common/api/v1/DatabaseResource.java @@ -26,7 +26,6 @@ import com.databasepreservation.common.client.index.FindRequest; import com.databasepreservation.common.client.index.IndexResult; import com.databasepreservation.common.client.index.filter.AndFiltersParameters; -import com.databasepreservation.common.client.index.filter.EmptyKeyFilterParameter; import com.databasepreservation.common.client.index.filter.Filter; import com.databasepreservation.common.client.index.filter.FilterParameter; import com.databasepreservation.common.client.index.filter.OrFiltersParameters; diff --git a/src/main/java/com/databasepreservation/common/client/common/visualization/manager/SIARDPanel/SIARDManagerPage.java b/src/main/java/com/databasepreservation/common/client/common/visualization/manager/SIARDPanel/SIARDManagerPage.java index 25d5be14..ac58e1c0 100644 --- a/src/main/java/com/databasepreservation/common/client/common/visualization/manager/SIARDPanel/SIARDManagerPage.java +++ b/src/main/java/com/databasepreservation/common/client/common/visualization/manager/SIARDPanel/SIARDManagerPage.java @@ -29,7 +29,7 @@ import com.databasepreservation.common.client.common.visualization.manager.SIARDPanel.navigation.SIARDNavigationPanel; import com.databasepreservation.common.client.common.visualization.manager.SIARDPanel.navigation.ValidationNavigationPanel; import com.databasepreservation.common.client.index.IsIndexed; -import com.databasepreservation.common.client.models.authorization.AuthorizationGroups; +import com.databasepreservation.common.client.models.authorization.AuthorizationGroup; import com.databasepreservation.common.client.models.structure.ViewerDatabase; import com.databasepreservation.common.client.models.structure.ViewerDatabaseStatus; import com.databasepreservation.common.client.services.ContextService; @@ -142,7 +142,7 @@ private void populateNavigationPanels() { if (ApplicationType.getType().equals(ViewerConstants.APPLICATION_ENV_SERVER)) { DatabaseService.Util.call((Set databasePermissions) -> { - ContextService.Util.call((Set authorizationGroups) -> { + ContextService.Util.call((Set authorizationGroups) -> { permissionsNavigationPanel = PermissionsNavigationPanel.getInstance(database, databasePermissions, authorizationGroups); if (permissionsNavigationPanel.hasPermissionsOrGroups()) { navigationPanels.add(permissionsNavigationPanel.build()); diff --git a/src/main/java/com/databasepreservation/common/client/common/visualization/manager/SIARDPanel/navigation/PermissionsNavigationPanel.java b/src/main/java/com/databasepreservation/common/client/common/visualization/manager/SIARDPanel/navigation/PermissionsNavigationPanel.java index e942fcae..1ebd3943 100644 --- a/src/main/java/com/databasepreservation/common/client/common/visualization/manager/SIARDPanel/navigation/PermissionsNavigationPanel.java +++ b/src/main/java/com/databasepreservation/common/client/common/visualization/manager/SIARDPanel/navigation/PermissionsNavigationPanel.java @@ -22,7 +22,7 @@ import com.databasepreservation.common.client.common.utils.CommonClientUtils; import com.databasepreservation.common.client.common.utils.html.LabelUtils; import com.databasepreservation.common.client.common.visualization.manager.SIARDPanel.SIARDManagerPage; -import com.databasepreservation.common.client.models.authorization.AuthorizationGroups; +import com.databasepreservation.common.client.models.authorization.AuthorizationGroup; import com.databasepreservation.common.client.models.structure.ViewerDatabase; import com.databasepreservation.common.client.services.DatabaseService; import com.databasepreservation.common.client.widgets.Alert; @@ -37,7 +37,6 @@ import com.google.gwt.user.client.ui.CheckBox; import com.google.gwt.user.client.ui.FlowPanel; -import com.google.gwt.user.client.ui.Widget; import config.i18n.client.ClientMessages; /** @@ -50,7 +49,7 @@ public class PermissionsNavigationPanel { private ViewerDatabase database; private Set databasePermissions; - private Set groups; + private Set groups; private boolean hasPermissionsOrGroups = true; private FlowPanel body; private FlowPanel bottom; @@ -59,13 +58,13 @@ public class PermissionsNavigationPanel { private boolean overrideMissingGroups = false; public static PermissionsNavigationPanel getInstance(ViewerDatabase database, Set databasePermissions, - Set authorizationGroups) { + Set authorizationGroups) { return instances.computeIfAbsent(database.getUuid(), k -> new PermissionsNavigationPanel(database, databasePermissions, authorizationGroups)); } public PermissionsNavigationPanel(ViewerDatabase database, Set databasePermissions, - Set authorizationGroups) { + Set authorizationGroups) { this.database = database; this.groups = authorizationGroups; this.databasePermissions = databasePermissions; @@ -104,9 +103,9 @@ private void updateBody() { } else { ArrayList permissionOrGroupsList = new ArrayList<>(); // Add the corresponding label to the permission - for (AuthorizationGroups authorizationGroups : groups) { - if (databasePermissions.contains(authorizationGroups.getAttributeValue())) { - permissionOrGroupsList.add(authorizationGroups.getLabel()); + for (AuthorizationGroup authorizationGroup : groups) { + if (databasePermissions.contains(authorizationGroup.getAttributeValue())) { + permissionOrGroupsList.add(authorizationGroup.getLabel()); } } @@ -166,10 +165,10 @@ private FlowPanel getGroupsTable() { permissionListPanel .add(new Alert(Alert.MessageAlertType.INFO, messages.SIARDHomePageDialogDetailsForPermissionsList())); - Column checkbox = new Column( + Column checkbox = new Column( new CheckboxCell(true, true)) { @Override - public Boolean getValue(AuthorizationGroups group) { + public Boolean getValue(AuthorizationGroup group) { return databasePermissions.contains(group.getAttributeValue()); } }; @@ -188,35 +187,35 @@ public Boolean getValue(AuthorizationGroups group) { } }); - BasicTablePanel cellTable = new BasicTablePanel<>(new FlowPanel(), + BasicTablePanel cellTable = new BasicTablePanel<>(new FlowPanel(), SafeHtmlUtils.EMPTY_SAFE_HTML, groups.iterator(), - new BasicTablePanel.ColumnInfo("", 3, checkbox), - new BasicTablePanel.ColumnInfo(messages.SIARDHomePageLabelForPermissionsTableGroupLabel(), 7, - new TooltipColumn() { + new BasicTablePanel.ColumnInfo("", 3, checkbox), + new BasicTablePanel.ColumnInfo(messages.SIARDHomePageLabelForPermissionsTableGroupLabel(), 7, + new TooltipColumn() { @Override - public SafeHtml getValue(AuthorizationGroups group) { + public SafeHtml getValue(AuthorizationGroup group) { return SafeHtmlUtils.fromString(group.getLabel()); } }, "force_column_ellipsis"), - new BasicTablePanel.ColumnInfo( - messages.SIARDHomePageLabelForPermissionsTableGroupAttributeName(), 7, new TooltipColumn() { + new BasicTablePanel.ColumnInfo( + messages.SIARDHomePageLabelForPermissionsTableGroupAttributeName(), 7, new TooltipColumn() { @Override - public SafeHtml getValue(AuthorizationGroups group) { + public SafeHtml getValue(AuthorizationGroup group) { return SafeHtmlUtils.fromString(group.getAttributeName()); } }, "force_column_ellipsis"), - new BasicTablePanel.ColumnInfo( + new BasicTablePanel.ColumnInfo( messages.SIARDHomePageLabelForPermissionsTableGroupAttributeOperator(), 7, - new TooltipColumn() { + new TooltipColumn() { @Override - public SafeHtml getValue(AuthorizationGroups group) { + public SafeHtml getValue(AuthorizationGroup group) { return SafeHtmlUtils.fromString(group.getAttributeOperator()); } }, "force_column_ellipsis"), - new BasicTablePanel.ColumnInfo( - messages.SIARDHomePageLabelForPermissionsTableGroupAttributeValue(), 0, new TooltipColumn() { + new BasicTablePanel.ColumnInfo( + messages.SIARDHomePageLabelForPermissionsTableGroupAttributeValue(), 0, new TooltipColumn() { @Override - public SafeHtml getValue(AuthorizationGroups group) { + public SafeHtml getValue(AuthorizationGroup group) { return SafeHtmlUtils.fromString(group.getAttributeValue()); } }, "force_column_ellipsis")); @@ -248,7 +247,7 @@ private Set retrieveMissingGroups() { Set missingGroups = new HashSet<>(); for (String permission : databasePermissions) { boolean foundGroup = false; - for (AuthorizationGroups group : groups) { + for (AuthorizationGroup group : groups) { if (group.getAttributeValue().equals(permission)) { foundGroup = true; break; diff --git a/src/main/java/com/databasepreservation/common/client/models/authorization/AuthorizationGroups.java b/src/main/java/com/databasepreservation/common/client/models/authorization/AuthorizationGroup.java similarity index 96% rename from src/main/java/com/databasepreservation/common/client/models/authorization/AuthorizationGroups.java rename to src/main/java/com/databasepreservation/common/client/models/authorization/AuthorizationGroup.java index 09803458..f8b9107d 100644 --- a/src/main/java/com/databasepreservation/common/client/models/authorization/AuthorizationGroups.java +++ b/src/main/java/com/databasepreservation/common/client/models/authorization/AuthorizationGroup.java @@ -12,7 +12,7 @@ /** * @author Gabriel Barros */ -public class AuthorizationGroups implements Serializable { +public class AuthorizationGroup implements Serializable { public enum Type { DEFAULT, CUSTOM } diff --git a/src/main/java/com/databasepreservation/common/client/models/authorization/AuthorizationGroupsList.java b/src/main/java/com/databasepreservation/common/client/models/authorization/AuthorizationGroupsList.java index 450d3de7..9ae40a26 100644 --- a/src/main/java/com/databasepreservation/common/client/models/authorization/AuthorizationGroupsList.java +++ b/src/main/java/com/databasepreservation/common/client/models/authorization/AuthorizationGroupsList.java @@ -9,9 +9,7 @@ import java.io.Serializable; import java.util.HashSet; -import java.util.List; import java.util.Set; -import java.util.stream.Collectors; import com.fasterxml.jackson.annotation.JsonIgnore; @@ -21,29 +19,24 @@ public class AuthorizationGroupsList implements Serializable { private static final long serialVersionUID = -3730186735554294942L; - private Set authorizationGroupsList = new HashSet<>(); + private Set authorizationGroupList = new HashSet<>(); - public Set getAuthorizationGroupsList() { - return authorizationGroupsList; + public Set getAuthorizationGroupsList() { + return authorizationGroupList; } @JsonIgnore - public AuthorizationGroups get(String permission) { - for (AuthorizationGroups authorizationGroups : authorizationGroupsList) { - if (authorizationGroups.getAttributeValue().equals(permission)) { - return authorizationGroups; + public AuthorizationGroup get(String permission) { + for (AuthorizationGroup authorizationGroup : authorizationGroupList) { + if (authorizationGroup.getAttributeValue().equals(permission)) { + return authorizationGroup; } } return null; } @JsonIgnore - public List getAllAttributeNames() { - return authorizationGroupsList.stream().map(AuthorizationGroups::getAttributeName).collect(Collectors.toList()); - } - - @JsonIgnore - public void add(AuthorizationGroups authorizationGroups) { - this.authorizationGroupsList.add(authorizationGroups); + public void add(AuthorizationGroup authorizationGroup) { + this.authorizationGroupList.add(authorizationGroup); } } diff --git a/src/main/java/com/databasepreservation/common/client/services/ContextService.java b/src/main/java/com/databasepreservation/common/client/services/ContextService.java index 0c0f4181..991225e9 100644 --- a/src/main/java/com/databasepreservation/common/client/services/ContextService.java +++ b/src/main/java/com/databasepreservation/common/client/services/ContextService.java @@ -24,7 +24,7 @@ import com.databasepreservation.common.client.ViewerConstants; import com.databasepreservation.common.client.common.DefaultMethodCallback; -import com.databasepreservation.common.client.models.authorization.AuthorizationGroups; +import com.databasepreservation.common.client.models.authorization.AuthorizationGroup; import com.google.gwt.core.client.GWT; import io.swagger.v3.oas.annotations.Operation; @@ -77,5 +77,5 @@ Map> getSharedProperties( @Path("/authorizations") @Operation(summary = "Gets the authorizations group list") @Produces(MediaType.APPLICATION_JSON) - Set getAuthorizationGroupsList(); + Set getAuthorizationGroupsList(); } diff --git a/src/main/java/com/databasepreservation/common/server/ViewerConfiguration.java b/src/main/java/com/databasepreservation/common/server/ViewerConfiguration.java index 03af1931..a5772493 100644 --- a/src/main/java/com/databasepreservation/common/server/ViewerConfiguration.java +++ b/src/main/java/com/databasepreservation/common/server/ViewerConfiguration.java @@ -48,7 +48,7 @@ import org.slf4j.LoggerFactory; import com.databasepreservation.common.client.ViewerConstants; -import com.databasepreservation.common.client.models.authorization.AuthorizationGroups; +import com.databasepreservation.common.client.models.authorization.AuthorizationGroup; import com.databasepreservation.common.client.models.authorization.AuthorizationGroupsList; import com.databasepreservation.common.server.controller.ReporterType; import com.databasepreservation.common.utils.FilenameUtils; @@ -486,22 +486,21 @@ public AuthorizationGroupsList getCollectionsAuthorizationGroups() { AuthorizationGroupsList authorizationGroupsList = new AuthorizationGroupsList(); for (String authorizationId : authorizationsIds) { - AuthorizationGroups authorizationGroups = new AuthorizationGroups(); + AuthorizationGroup authorizationGroup = new AuthorizationGroup(); - authorizationGroups.setId(authorizationId); - authorizationGroups.setLabel(getViewerConfigurationAsString("", PROPERTY_COLLECTIONS_AUTHORIZATION_GROUPS, + authorizationGroup.setId(authorizationId); + authorizationGroup.setLabel(getViewerConfigurationAsString("", PROPERTY_COLLECTIONS_AUTHORIZATION_GROUPS, authorizationId, PROPERTY_COLLECTIONS_AUTHORIZATION_GROUPS_LABEL)); - authorizationGroups.setAttributeName(getViewerConfigurationAsString(ViewerConstants.DEFAULT_ATTRIBUTE_ROLES, + authorizationGroup.setAttributeName(getViewerConfigurationAsString(ViewerConstants.DEFAULT_ATTRIBUTE_ROLES, PROPERTY_COLLECTIONS_AUTHORIZATION_GROUPS, authorizationId, PROPERTY_COLLECTIONS_AUTHORIZATION_GROUP_ATTRIBUTE_NAME)); - authorizationGroups + authorizationGroup .setAttributeOperator(getViewerConfigurationAsString("", PROPERTY_COLLECTIONS_AUTHORIZATION_GROUPS, authorizationId, PROPERTY_COLLECTIONS_AUTHORIZATION_GROUP_ATTRIBUTE_OPERATOR)); - authorizationGroups - .setAttributeValue(getViewerConfigurationAsString("", PROPERTY_COLLECTIONS_AUTHORIZATION_GROUPS, - authorizationId, PROPERTY_COLLECTIONS_AUTHORIZATION_GROUP_ATTRIBUTE_VALUE)); - authorizationGroups.setType(AuthorizationGroups.Type.CUSTOM); - authorizationGroupsList.add(authorizationGroups); + authorizationGroup.setAttributeValue(getViewerConfigurationAsString("", PROPERTY_COLLECTIONS_AUTHORIZATION_GROUPS, + authorizationId, PROPERTY_COLLECTIONS_AUTHORIZATION_GROUP_ATTRIBUTE_VALUE)); + authorizationGroup.setType(AuthorizationGroup.Type.CUSTOM); + authorizationGroupsList.add(authorizationGroup); } return authorizationGroupsList; } @@ -513,22 +512,55 @@ public AuthorizationGroupsList getCollectionsAuthorizationGroupsWithDefault() { if (!authorizationDefault.isEmpty()) { for (String defaultPermission : authorizationDefault) { if (authorizationGroupsList.get(defaultPermission) == null) { - AuthorizationGroups authorizationGroups = new AuthorizationGroups(); - authorizationGroups.setId(defaultPermission); - authorizationGroups.setLabel(defaultPermission); - authorizationGroups.setAttributeName(getViewerConfigurationAsString(ViewerConstants.DEFAULT_ATTRIBUTE_ROLES, + AuthorizationGroup authorizationGroup = new AuthorizationGroup(); + authorizationGroup.setId(defaultPermission); + authorizationGroup.setLabel(defaultPermission); + authorizationGroup.setAttributeName(getViewerConfigurationAsString(ViewerConstants.DEFAULT_ATTRIBUTE_ROLES, ViewerConfiguration.PROPERTY_AUTHORIZATION_ROLES_ATTRIBUTE)); - authorizationGroups.setAttributeOperator(PROPERTY_COLLECTIONS_AUTHORIZATION_GROUP_OPERATOR_EQUAL); - authorizationGroups.setAttributeValue(defaultPermission); - authorizationGroups.setType(AuthorizationGroups.Type.DEFAULT); + authorizationGroup.setAttributeOperator(PROPERTY_COLLECTIONS_AUTHORIZATION_GROUP_OPERATOR_EQUAL); + authorizationGroup.setAttributeValue(defaultPermission); + authorizationGroup.setType(AuthorizationGroup.Type.DEFAULT); - authorizationGroupsList.add(authorizationGroups); + authorizationGroupsList.add(authorizationGroup); } } } return authorizationGroupsList; } + public AuthorizationGroupsList getCollectionsAuthorizationGroupsWithAdminAndUserRoles() { + AuthorizationGroupsList authorizationGroupsList = getCollectionsAuthorizationGroups(); + + final List adminRoles = ViewerConfiguration.getInstance() + .getViewerConfigurationAsList(ViewerConfiguration.PROPERTY_AUTHORIZATION_ADMINISTRATORS); + + for (String adminRole : adminRoles) { + AuthorizationGroup authorizationGroup = new AuthorizationGroup(); + authorizationGroup.setId("roles.administrators." + adminRole); + authorizationGroup.setLabel("Administrators"); + authorizationGroup.setAttributeName(getViewerConfigurationAsString(ViewerConstants.DEFAULT_ATTRIBUTE_ROLES, + ViewerConfiguration.PROPERTY_AUTHORIZATION_ROLES_ATTRIBUTE)); + authorizationGroup.setAttributeOperator(PROPERTY_COLLECTIONS_AUTHORIZATION_GROUP_OPERATOR_EQUAL); + authorizationGroup.setAttributeValue(adminRole); + authorizationGroup.setType(AuthorizationGroup.Type.DEFAULT); + + authorizationGroupsList.add(authorizationGroup); + } + + AuthorizationGroup authorizationGroup = new AuthorizationGroup(); + authorizationGroup.setId("roles.users"); + authorizationGroup.setLabel("Users"); + authorizationGroup.setAttributeName(getViewerConfigurationAsString(ViewerConstants.DEFAULT_ATTRIBUTE_ROLES, + ViewerConfiguration.PROPERTY_AUTHORIZATION_ROLES_ATTRIBUTE)); + authorizationGroup.setAttributeOperator(PROPERTY_COLLECTIONS_AUTHORIZATION_GROUP_OPERATOR_EQUAL); + authorizationGroup.setAttributeValue(getViewerConfigurationAsString("users", "user.attribute.roles.users")); + authorizationGroup.setType(AuthorizationGroup.Type.DEFAULT); + + authorizationGroupsList.add(authorizationGroup); + + return authorizationGroupsList; + } + public String getDBPTKVersion() throws IOException { final Properties properties = new Properties(); properties.load(ViewerConfiguration.class.getClassLoader().getResourceAsStream("main.properties")); diff --git a/src/main/java/com/databasepreservation/common/server/controller/UserLoginHelper.java b/src/main/java/com/databasepreservation/common/server/controller/UserLoginHelper.java index 7148a69e..27b35eeb 100644 --- a/src/main/java/com/databasepreservation/common/server/controller/UserLoginHelper.java +++ b/src/main/java/com/databasepreservation/common/server/controller/UserLoginHelper.java @@ -20,7 +20,7 @@ import org.roda.core.data.v2.user.RodaPrincipal; import com.databasepreservation.common.client.ViewerConstants; -import com.databasepreservation.common.client.models.authorization.AuthorizationGroupsList; +import com.databasepreservation.common.client.models.authorization.AuthorizationGroup; import com.databasepreservation.common.client.models.user.User; import com.databasepreservation.common.server.ViewerConfiguration; import com.databasepreservation.common.utils.UserUtility; @@ -44,26 +44,19 @@ public static User casLogin(final String username, final HttpServletRequest requ final String emailConfigurationValue = ViewerConfiguration.getInstance().getViewerConfigurationAsString( ViewerConstants.DEFAULT_ATTRIBUTE_EMAIL, ViewerConfiguration.PROPERTY_AUTHORIZATION_EMAIL_ATTRIBUTE); - Set attributeRolesToCheck = new HashSet<>(); - attributeRolesToCheck.add(rolesConfigurationValue); - - AuthorizationGroupsList authorizationGroups = ViewerConfiguration.getInstance() - .getCollectionsAuthorizationGroups(); - attributeRolesToCheck.addAll(authorizationGroups.getAllAttributeNames()); - - for (String attributeRole : attributeRolesToCheck) { + if (attributes.get(rolesConfigurationValue) instanceof String) { Set roles = new HashSet<>(); - roles.addAll(user.getAllRoles()); - roles.addAll(user.getDirectRoles()); - if (attributes.get(attributeRole) instanceof String) { - mapCasAttributeString(attributes, attributeRole, roles::addAll); - } else if (attributes.get(attributeRole) instanceof List) { - mapCasAttributeList(attributes, attributeRole, roles::addAll); - } + mapCasAttributeString(attributes, rolesConfigurationValue, roles::addAll); user.setAllRoles(roles); user.setDirectRoles(roles); + } else if (attributes.get(rolesConfigurationValue) instanceof List) { + mapCasAttributeList(user, attributes, rolesConfigurationValue, RodaPrincipal::setAllRoles); + mapCasAttributeList(user, attributes, rolesConfigurationValue, RodaPrincipal::setDirectRoles); } + mapAuthorizedGroups(user, + ViewerConfiguration.getInstance().getCollectionsAuthorizationGroupsWithAdminAndUserRoles().getAuthorizationGroupsList()); + // Add default roles to authenticated user boolean addDefaultRoles = ViewerConfiguration.getInstance().getViewerConfigurationAsBoolean(false, ViewerConfiguration.PROPERTY_AUTHENTICATED_USER_ENABLE_DEFAULT_ATTRIBUTES); @@ -88,8 +81,28 @@ public static User casLogin(final String username, final HttpServletRequest requ return user; } - private static void mapCasAttributeList(Map attributes, String attributeKey, - Consumer> mapping) { + private static void mapAuthorizedGroups(User user, Set authorizationGroups) { + Set authorizedRoles = new HashSet<>(); + for (AuthorizationGroup group : authorizationGroups) { + String rolesAttribute = ViewerConfiguration.getInstance().getViewerConfigurationAsString( + ViewerConstants.DEFAULT_ATTRIBUTE_ROLES, ViewerConfiguration.PROPERTY_AUTHORIZATION_ROLES_ATTRIBUTE); + + if (ViewerConfiguration.PROPERTY_COLLECTIONS_AUTHORIZATION_GROUP_OPERATOR_EQUAL + .equals(group.getAttributeOperator())) { + if (rolesAttribute.equalsIgnoreCase(group.getAttributeName())) { + if (user.getAllRoles().stream().anyMatch(p -> p.equals(group.getAttributeValue()))) { + authorizedRoles.add(group.getAttributeValue()); + } + } + } + } + + user.setAllRoles(authorizedRoles); + user.setDirectRoles(authorizedRoles); + } + + private static void mapCasAttributeList(User user, Map attributes, String attributeKey, + BiConsumer> mapping) { Object attributeValue = attributes.get(attributeKey); Set result = new HashSet<>(); if (attributeValue instanceof List) { @@ -100,7 +113,7 @@ private static void mapCasAttributeList(Map attributes, String a } } - mapping.accept(result); + mapping.accept(user, result); } } diff --git a/src/main/java/com/databasepreservation/common/utils/UserUtility.java b/src/main/java/com/databasepreservation/common/utils/UserUtility.java index daa0b582..c7af42fd 100644 --- a/src/main/java/com/databasepreservation/common/utils/UserUtility.java +++ b/src/main/java/com/databasepreservation/common/utils/UserUtility.java @@ -52,7 +52,7 @@ import com.databasepreservation.common.client.index.IsIndexed; import com.databasepreservation.common.client.index.filter.Filter; import com.databasepreservation.common.client.index.filter.SimpleFilterParameter; -import com.databasepreservation.common.client.models.authorization.AuthorizationGroups; +import com.databasepreservation.common.client.models.authorization.AuthorizationGroup; import com.databasepreservation.common.client.models.authorization.AuthorizationGroupsList; import com.databasepreservation.common.client.models.status.database.DatabaseStatus; import com.databasepreservation.common.client.models.structure.ViewerDatabase; @@ -149,7 +149,7 @@ private static void checkAuthorizationGroups(final User user, Set databa } for (String permission : databasePermissions) { - AuthorizationGroups authorizationGroup = allAuthorizationGroups.get(permission); + AuthorizationGroup authorizationGroup = allAuthorizationGroups.get(permission); if (authorizationGroup != null) { // store permissions with associated groups. authorizationGroupsToCheck.add(authorizationGroup); @@ -159,10 +159,10 @@ private static void checkAuthorizationGroups(final User user, Set databa } } - for (AuthorizationGroups authorizationGroups : authorizationGroupsToCheck.getAuthorizationGroupsList()) { - if (authorizationGroups.getAttributeOperator() + for (AuthorizationGroup authorizationGroup : authorizationGroupsToCheck.getAuthorizationGroupsList()) { + if (authorizationGroup.getAttributeOperator() .equals(ViewerConfiguration.PROPERTY_COLLECTIONS_AUTHORIZATION_GROUP_OPERATOR_EQUAL)) { - if (user.getAllRoles().contains(authorizationGroups.getAttributeValue())) { + if (user.getAllRoles().contains(authorizationGroup.getAttributeValue())) { // User has permissions to access this database return; } diff --git a/src/main/resources/config/dbvtk-viewer.properties b/src/main/resources/config/dbvtk-viewer.properties index 8c7a5555..d1d2e14b 100644 --- a/src/main/resources/config/dbvtk-viewer.properties +++ b/src/main/resources/config/dbvtk-viewer.properties @@ -144,4 +144,4 @@ ui.blob.autoDetect.mimeType.onColumn=false ############################################## # BLOB ############################################## -ui.blob.prefix.name=record \ No newline at end of file +ui.blob.prefix.name=record