Skip to content

Commit

Permalink
#3041 Add runtime groups (shib, ip) to MyData page
Browse files Browse the repository at this point in the history
  • Loading branch information
@sekmiller
sekmiller committed Apr 1, 2016
1 parent 28b65ea commit 56f14ee
Show file tree
Hide file tree
Showing 7 changed files with 133 additions and 67 deletions.
112 changes: 77 additions & 35 deletions src/main/java/edu/harvard/iq/dataverse/RoleAssigneeServiceBean.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@
import edu.harvard.iq.dataverse.authorization.groups.impl.explicit.ExplicitGroupServiceBean;
import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
import edu.harvard.iq.dataverse.authorization.users.GuestUser;
import edu.harvard.iq.dataverse.search.IndexServiceBean;
import edu.harvard.iq.dataverse.search.SearchFields;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
Expand Down Expand Up @@ -110,17 +112,19 @@ private String getRoleIdListClause(List<Long> roleIdList){
return " AND r.role_id IN (" + StringUtils.join(outputList, ",") + ")";
}

public List<DataverseRole> getAssigneeDataverseRoleFor(String roleAssigneeIdentifier){

public List<DataverseRole> getAssigneeDataverseRoleFor(AuthenticatedUser au ){
String roleAssigneeIdentifier = au.getUserIdentifier();
if (roleAssigneeIdentifier==null){
return null;
}
List <DataverseRole> retList = new ArrayList();
roleAssigneeIdentifier = roleAssigneeIdentifier.replaceAll("\\s",""); // remove spaces from string
List<String> userGroups = getUserGroups(roleAssigneeIdentifier.replace("@", ""));
List<String> userGroups = getUserExplicitGroups(roleAssigneeIdentifier.replace("@", ""));
List<String> userRunTimeGroups = getUserRuntimeGroups(au);
String identifierClause = " WHERE r.assigneeIdentifier= '" + roleAssigneeIdentifier + "'";
if (userGroups != null && !userGroups.isEmpty()){
identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups);
if (userGroups != null || userRunTimeGroups != null){

identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups, userRunTimeGroups);
}

String qstr = "SELECT distinct r.role_id";
Expand All @@ -129,7 +133,6 @@ public List<DataverseRole> getAssigneeDataverseRoleFor(String roleAssigneeIdenti
qstr += ";";
msg("qstr: " + qstr);


for (Object o :em.createNativeQuery(qstr).getResultList()){
retList.add(dataverseRoleService.find((Long) o));
}
Expand All @@ -140,16 +143,19 @@ public List<DataverseRole> getAssigneeDataverseRoleFor(String roleAssigneeIdenti



public List<Object[]> getAssigneeAndRoleIdListFor(String roleAssigneeIdentifier, List<Long> roleIdList){
public List<Object[]> getAssigneeAndRoleIdListFor(AuthenticatedUser au, List<Long> roleIdList){

String roleAssigneeIdentifier = au.getUserIdentifier();

if (roleAssigneeIdentifier==null){
return null;
}
roleAssigneeIdentifier = roleAssigneeIdentifier.replaceAll("\\s",""); // remove spaces from string
List<String> userGroups = getUserGroups(roleAssigneeIdentifier.replace("@", ""));
List<String> userExplicitGroups = getUserExplicitGroups(roleAssigneeIdentifier.replace("@", ""));
List<String> userRunTimeGroups = getUserRuntimeGroups(au);
String identifierClause = " WHERE r.assigneeIdentifier= '" + roleAssigneeIdentifier + "'";
if (userGroups != null && !userGroups.isEmpty()){
identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups);
if (userExplicitGroups != null || userRunTimeGroups != null){
identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userExplicitGroups, userRunTimeGroups);
}

String qstr = "SELECT r.definitionpoint_id, r.role_id";
Expand All @@ -158,22 +164,22 @@ public List<Object[]> getAssigneeAndRoleIdListFor(String roleAssigneeIdentifier,
qstr += getRoleIdListClause(roleIdList);
qstr += ";";
msg("qstr: " + qstr);

return em.createNativeQuery(qstr)
.getResultList();

}

public List<Long> getRoleIdListForGivenAssigneeDvObject(String roleAssigneeIdentifier, List<Long> roleIdList, Long defPointId){

public List<Long> getRoleIdListForGivenAssigneeDvObject(AuthenticatedUser au, List<Long> roleIdList, Long defPointId){
String roleAssigneeIdentifier = au.getUserIdentifier();
if (roleAssigneeIdentifier==null){
return null;
}
roleAssigneeIdentifier = roleAssigneeIdentifier.replaceAll("\\s",""); // remove spaces from string
List<String> userGroups = getUserGroups(roleAssigneeIdentifier.replace("@", ""));
List<String> userGroups = getUserExplicitGroups(roleAssigneeIdentifier.replace("@", ""));
List<String> userRunTimeGroups = getUserRuntimeGroups(au);
String identifierClause = " WHERE r.assigneeIdentifier= '" + roleAssigneeIdentifier + "'";
if (userGroups != null && !userGroups.isEmpty()){
identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups);
if (userGroups != null || userRunTimeGroups != null){
identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups, userRunTimeGroups);
}

String qstr = "SELECT r.role_id";
Expand All @@ -190,40 +196,59 @@ public List<Long> getRoleIdListForGivenAssigneeDvObject(String roleAssigneeIdent
}


private String getGroupIdentifierClause(String roleAssigneeIdentifier, List<String> userGroups) {
private String getGroupIdentifierClause(String roleAssigneeIdentifier, List<String> userExplicitGroups, List<String> userRunTimeGroups) {

if (userGroups == null) {
if (userExplicitGroups == null && userRunTimeGroups == null) {
return "";
}
List<String> outputList = new ArrayList<>();
List<String> outputExplicitList = new ArrayList<>();
String explicitString = "";

for (String r : userGroups) {
if (r != null) {
outputList.add(r);
if (userExplicitGroups != null) {
for (String r : userExplicitGroups) {
if (r != null) {
outputExplicitList.add(r);
}
}

if (!outputExplicitList.isEmpty()) {
explicitString = ",'&explicit/" + StringUtils.join(outputExplicitList, "','&explicit/") + "'";
}

}
if (outputList.isEmpty()) {
return "";

List<String> outputRuntimeList = new ArrayList<>();
String runTimeString = "";

if (userRunTimeGroups != null) {
for (String r : userRunTimeGroups) {
if (r != null) {
outputRuntimeList.add(r);
}
}

if (!outputRuntimeList.isEmpty()) {
runTimeString = ",'" + StringUtils.join(outputRuntimeList, "','") + "'";
}

}
return " WHERE r.assigneeIdentifier in ( '" + roleAssigneeIdentifier + "', '&explicit/" + StringUtils.join(outputList, "','&explicit/") + "')";
return " WHERE r.assigneeIdentifier in ( '" + roleAssigneeIdentifier + "'" + explicitString + runTimeString + ")";

}


public List<Object[]> getRoleIdsFor(String roleAssigneeIdentifier, List<Long> dvObjectIdList){

public List<Object[]> getRoleIdsFor(AuthenticatedUser au, List<Long> dvObjectIdList){
String roleAssigneeIdentifier = au.getUserIdentifier();
if (roleAssigneeIdentifier==null){
return null;
}
if ((dvObjectIdList==null)||(dvObjectIdList.isEmpty())){
return null;
}

roleAssigneeIdentifier = roleAssigneeIdentifier.replaceAll("\\s",""); // remove spaces from string
List<String> userGroups = getUserGroups(roleAssigneeIdentifier.replace("@", ""));

List<String> userGroups = getUserExplicitGroups(roleAssigneeIdentifier.replace("@", ""));
List<String> userRunTimeGroups = getUserRuntimeGroups(au);
String identifierClause = " WHERE r.assigneeIdentifier= '" + roleAssigneeIdentifier + "'";
if (userGroups != null && !userGroups.isEmpty()){
identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups);
if (userGroups != null || userRunTimeGroups != null){
identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups, userRunTimeGroups);
}


Expand Down Expand Up @@ -258,7 +283,7 @@ private String getDvObjectIdListClause(List<Long> dvObjectIdList){
}


private List<String> getUserGroups(String roleAssigneeIdentifier){
private List<String> getUserExplicitGroups(String roleAssigneeIdentifier){

String qstr = "select groupalias from explicitgroup";
qstr += " where id in ";
Expand All @@ -271,6 +296,23 @@ private List<String> getUserGroups(String roleAssigneeIdentifier){
.getResultList();
}

private List<String> getUserRuntimeGroups(AuthenticatedUser au) {
List <String> retVal = new ArrayList();

Set<Group> groups = groupSvc.groupsFor(au, null);
StringBuilder sb = new StringBuilder();
for (Group group : groups) {
logger.fine("found group " + group.getIdentifier() + " with alias " + group.getAlias());
if (group.getGroupProvider().getGroupProviderAlias().equals("shib") || group.getGroupProvider().getGroupProviderAlias().equals("ip")) {
String groupAlias = group.getAlias();
if (groupAlias != null && !groupAlias.isEmpty()) {
retVal.add('&' + groupAlias);
}
}
}
return retVal;
}


public List<RoleAssignee> filterRoleAssignees(String query, DvObject dvObject, List<RoleAssignee> roleAssignSelectedRoleAssignees) {
List<RoleAssignee> roleAssigneeList = new ArrayList<>();
Expand Down
6 changes: 3 additions & 3 deletions src/main/java/edu/harvard/iq/dataverse/authorization/MyDataQueryHelperServiceBean.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ public List<String> getRolesOnDVO(AuthenticatedUser user, Long dvoId, List<Long>

}

List<Long> roles = roleAssigneeService.getRoleIdListForGivenAssigneeDvObject(user.getIdentifier(), idsForSelect, dvoId);
List<Long> roles = roleAssigneeService.getRoleIdListForGivenAssigneeDvObject(user, idsForSelect, dvoId);

/* List<Object> results = em.createNativeQuery("Select distinct role.role_id FROM roleassignment role WHERE "
+ " role.definitionpoint_id = " + dvoId + " "
Expand Down Expand Up @@ -155,7 +155,7 @@ public List<String> getRolesOnDVO(AuthenticatedUser user, Long dvoId, List<Long>
+ ")"
+ roleClause
+ ";").getResultList();*/
List<Long> resultsParent = roleAssigneeService.getRoleIdListForGivenAssigneeDvObject(user.getIdentifier(), idsForSelect, parentId);
List<Long> resultsParent = roleAssigneeService.getRoleIdListForGivenAssigneeDvObject(user, idsForSelect, parentId);
if (resultsParent != null && !resultsParent.isEmpty()) {
for (Object result : resultsParent) {
Long role_id = (Long) result;
Expand All @@ -181,7 +181,7 @@ public List<String> getRolesOnDVO(AuthenticatedUser user, Long dvoId, List<Long>
+ roleClause
+ ";").getResultList();
*/
List<Long> resultsGrandParent = roleAssigneeService.getRoleIdListForGivenAssigneeDvObject(user.getIdentifier(), idsForSelect, grandParentId);
List<Long> resultsGrandParent = roleAssigneeService.getRoleIdListForGivenAssigneeDvObject(user, idsForSelect, grandParentId);
if (resultsGrandParent != null && !resultsGrandParent.isEmpty()) {
for (Object result : resultsGrandParent) {
Long role_id = (Long) result;
Expand Down
14 changes: 9 additions & 5 deletions src/main/java/edu/harvard/iq/dataverse/mydata/DataRetrieverAPI.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
import edu.harvard.iq.dataverse.authorization.DataverseRole;
import edu.harvard.iq.dataverse.authorization.DataverseRolePermissionHelper;
import edu.harvard.iq.dataverse.authorization.MyDataQueryHelperServiceBean;
import edu.harvard.iq.dataverse.authorization.groups.GroupServiceBean;
import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
import edu.harvard.iq.dataverse.search.SearchConstants;
import edu.harvard.iq.dataverse.search.SearchException;
Expand Down Expand Up @@ -67,8 +68,10 @@ public class DataRetrieverAPI extends AbstractApiBean {
SearchServiceBean searchService;
@EJB
AuthenticationServiceBean authenticationService;
@EJB
@EJB
MyDataQueryHelperServiceBean myDataQueryHelperServiceBean;
@EJB
GroupServiceBean groupService;

private List<DataverseRole> roleList;
private DataverseRolePermissionHelper rolePermissionHelper;
Expand Down Expand Up @@ -196,7 +199,7 @@ private SolrQueryResponse getTotalCountsFromSolr(AuthenticatedUser searchUser, M
// -------------------------------------------------------
// Create new filter params that only check by the User
// -------------------------------------------------------
MyDataFilterParams filterParams = new MyDataFilterParams(searchUser.getIdentifier(), myDataFinder.getRolePermissionHelper());
MyDataFilterParams filterParams = new MyDataFilterParams(searchUser, myDataFinder.getRolePermissionHelper());
if (filterParams.hasError()){
logger.severe("getTotalCountsFromSolr. filterParams error: " + filterParams.getErrorMessage());
return null;
Expand Down Expand Up @@ -348,7 +351,7 @@ public String retrieveMyDataAsJsonString(@QueryParam("dvobject_types") List<Stri
// ---------------------------------
// (1) Initialize filterParams and check for Errors
// ---------------------------------
MyDataFilterParams filterParams = new MyDataFilterParams(authUser.getIdentifier(), dtypes, pub_states, roleIds, searchTerm);
MyDataFilterParams filterParams = new MyDataFilterParams(authUser, dtypes, pub_states, roleIds, searchTerm);
if (filterParams.hasError()){
return this.getJSONErrorString(filterParams.getErrorMessage(), filterParams.getErrorMessage());
}
Expand All @@ -358,7 +361,8 @@ public String retrieveMyDataAsJsonString(@QueryParam("dvobject_types") List<Stri
// ---------------------------------
myDataFinder = new MyDataFinder(rolePermissionHelper,
roleAssigneeService,
dvObjectServiceBean);
dvObjectServiceBean,
groupService);
this.myDataFinder.runFindDataSteps(filterParams);
if (myDataFinder.hasError()){
return this.getJSONErrorString(myDataFinder.getErrorMessage(), myDataFinder.getErrorMessage());
Expand Down Expand Up @@ -437,7 +441,7 @@ public String retrieveMyDataAsJsonString(@QueryParam("dvobject_types") List<Stri
paginationStart);

RoleTagRetriever roleTagRetriever = new RoleTagRetriever(this.rolePermissionHelper, this.roleAssigneeSvc, this.dvObjectServiceBean);
roleTagRetriever.loadRoles(searchUser.getIdentifier(), solrQueryResponse);
roleTagRetriever.loadRoles(searchUser, solrQueryResponse);


jsonData.add(DataRetrieverAPI.JSON_SUCCESS_FIELD_NAME, true)
Expand Down
27 changes: 19 additions & 8 deletions src/main/java/edu/harvard/iq/dataverse/mydata/MyDataFilterParams.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import static edu.harvard.iq.dataverse.DvObject.DATAVERSE_DTYPE_STRING;
import edu.harvard.iq.dataverse.search.IndexServiceBean;
import edu.harvard.iq.dataverse.authorization.DataverseRolePermissionHelper;
import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
import edu.harvard.iq.dataverse.search.SearchConstants;
import edu.harvard.iq.dataverse.search.SearchFields;
import java.util.ArrayList;
Expand Down Expand Up @@ -73,6 +74,7 @@ public class MyDataFilterParams {
// -----------------------------------
// Filter parameters
// -----------------------------------
private AuthenticatedUser authenticatedUser;
private String userIdentifier;
private List<String> dvObjectTypes;
private List<String> publicationStatuses;
Expand All @@ -94,16 +96,19 @@ public class MyDataFilterParams {
/**
* Constructor used to get total counts
*
* @param authenticatedUser
* @param userIdentifier
*/
public MyDataFilterParams(String userIdentifier, DataverseRolePermissionHelper roleHelper){
if ((userIdentifier==null)||(userIdentifier.isEmpty())){
throw new NullPointerException("MyDataFilterParams constructor: userIdentifier cannot be null or an empty string");
public MyDataFilterParams(AuthenticatedUser authenticatedUser, DataverseRolePermissionHelper roleHelper){
if (authenticatedUser==null){
throw new NullPointerException("MyDataFilterParams constructor: authenticatedIUser cannot be null ");
}
this.authenticatedUser = authenticatedUser;
this.userIdentifier = authenticatedUser.getIdentifier();

if (roleHelper==null){
throw new NullPointerException("MyDataFilterParams constructor: roleHelper cannot be null");
}
this.userIdentifier = userIdentifier;
this.dvObjectTypes = MyDataFilterParams.allDvObjectTypes;
this.publicationStatuses = MyDataFilterParams.allPublishedStates;
this.searchTerm = MyDataFilterParams.defaultSearchTerm;
Expand All @@ -116,16 +121,17 @@ public MyDataFilterParams(String userIdentifier, DataverseRolePermissionHelper r
* @param publicationStatuses
* @param searchTerm
*/
public MyDataFilterParams(String userIdentifier, List<String> dvObjectTypes, List<String> publicationStatuses, List<Long> roleIds, String searchTerm){
if ((userIdentifier==null)||(userIdentifier.isEmpty())){
throw new NullPointerException("MyDataFilterParams constructor: userIdentifier cannot be null or an empty string");
public MyDataFilterParams(AuthenticatedUser authenticatedUser, List<String> dvObjectTypes, List<String> publicationStatuses, List<Long> roleIds, String searchTerm){
if (authenticatedUser==null){
throw new NullPointerException("MyDataFilterParams constructor: authenticatedIUser cannot be null ");
}
this.authenticatedUser = authenticatedUser;
this.userIdentifier = authenticatedUser.getIdentifier();

if (dvObjectTypes==null){
throw new NullPointerException("MyDataFilterParams constructor: dvObjectTypes cannot be null");
}

this.userIdentifier = userIdentifier;
this.dvObjectTypes = dvObjectTypes;

if (publicationStatuses == null){
Expand Down Expand Up @@ -192,6 +198,11 @@ public String getUserIdentifier(){
return this.userIdentifier;
}


public AuthenticatedUser getAuthenticatedUser() {
return authenticatedUser;
}

public String getErrorMessage(){
return this.errorMessage;
}
Expand Down
Loading

0 comments on commit 56f14ee

Please sign in to comment.