diff --git a/src/main/java/edu/harvard/iq/dataverse/RoleAssigneeServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/RoleAssigneeServiceBean.java index de286c1dec1..c9314abfda5 100644 --- a/src/main/java/edu/harvard/iq/dataverse/RoleAssigneeServiceBean.java +++ b/src/main/java/edu/harvard/iq/dataverse/RoleAssigneeServiceBean.java @@ -11,6 +11,8 @@ import edu.harvard.iq.dataverse.authorization.groups.impl.explicit.ExplicitGroupServiceBean; import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser; import edu.harvard.iq.dataverse.authorization.users.GuestUser; +import edu.harvard.iq.dataverse.search.IndexServiceBean; +import edu.harvard.iq.dataverse.search.SearchFields; import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -110,17 +112,19 @@ private String getRoleIdListClause(List roleIdList){ return " AND r.role_id IN (" + StringUtils.join(outputList, ",") + ")"; } - public List getAssigneeDataverseRoleFor(String roleAssigneeIdentifier){ - + public List getAssigneeDataverseRoleFor(AuthenticatedUser au ){ + String roleAssigneeIdentifier = au.getUserIdentifier(); if (roleAssigneeIdentifier==null){ return null; } List retList = new ArrayList(); roleAssigneeIdentifier = roleAssigneeIdentifier.replaceAll("\\s",""); // remove spaces from string - List userGroups = getUserGroups(roleAssigneeIdentifier.replace("@", "")); + List userGroups = getUserExplicitGroups(roleAssigneeIdentifier.replace("@", "")); + List userRunTimeGroups = getUserRuntimeGroups(au); String identifierClause = " WHERE r.assigneeIdentifier= '" + roleAssigneeIdentifier + "'"; - if (userGroups != null && !userGroups.isEmpty()){ - identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups); + if (userGroups != null || userRunTimeGroups != null){ + + identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups, userRunTimeGroups); } String qstr = "SELECT distinct r.role_id"; @@ -129,7 +133,6 @@ public List getAssigneeDataverseRoleFor(String roleAssigneeIdenti qstr += ";"; msg("qstr: " + qstr); - for (Object o :em.createNativeQuery(qstr).getResultList()){ retList.add(dataverseRoleService.find((Long) o)); } @@ -140,16 +143,19 @@ public List getAssigneeDataverseRoleFor(String roleAssigneeIdenti - public List getAssigneeAndRoleIdListFor(String roleAssigneeIdentifier, List roleIdList){ + public List getAssigneeAndRoleIdListFor(AuthenticatedUser au, List roleIdList){ + String roleAssigneeIdentifier = au.getUserIdentifier(); + if (roleAssigneeIdentifier==null){ return null; } roleAssigneeIdentifier = roleAssigneeIdentifier.replaceAll("\\s",""); // remove spaces from string - List userGroups = getUserGroups(roleAssigneeIdentifier.replace("@", "")); + List userExplicitGroups = getUserExplicitGroups(roleAssigneeIdentifier.replace("@", "")); + List userRunTimeGroups = getUserRuntimeGroups(au); String identifierClause = " WHERE r.assigneeIdentifier= '" + roleAssigneeIdentifier + "'"; - if (userGroups != null && !userGroups.isEmpty()){ - identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups); + if (userExplicitGroups != null || userRunTimeGroups != null){ + identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userExplicitGroups, userRunTimeGroups); } String qstr = "SELECT r.definitionpoint_id, r.role_id"; @@ -158,22 +164,22 @@ public List getAssigneeAndRoleIdListFor(String roleAssigneeIdentifier, qstr += getRoleIdListClause(roleIdList); qstr += ";"; msg("qstr: " + qstr); - return em.createNativeQuery(qstr) .getResultList(); } - public List getRoleIdListForGivenAssigneeDvObject(String roleAssigneeIdentifier, List roleIdList, Long defPointId){ - + public List getRoleIdListForGivenAssigneeDvObject(AuthenticatedUser au, List roleIdList, Long defPointId){ + String roleAssigneeIdentifier = au.getUserIdentifier(); if (roleAssigneeIdentifier==null){ return null; } roleAssigneeIdentifier = roleAssigneeIdentifier.replaceAll("\\s",""); // remove spaces from string - List userGroups = getUserGroups(roleAssigneeIdentifier.replace("@", "")); + List userGroups = getUserExplicitGroups(roleAssigneeIdentifier.replace("@", "")); + List userRunTimeGroups = getUserRuntimeGroups(au); String identifierClause = " WHERE r.assigneeIdentifier= '" + roleAssigneeIdentifier + "'"; - if (userGroups != null && !userGroups.isEmpty()){ - identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups); + if (userGroups != null || userRunTimeGroups != null){ + identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups, userRunTimeGroups); } String qstr = "SELECT r.role_id"; @@ -190,40 +196,59 @@ public List getRoleIdListForGivenAssigneeDvObject(String roleAssigneeIdent } - private String getGroupIdentifierClause(String roleAssigneeIdentifier, List userGroups) { + private String getGroupIdentifierClause(String roleAssigneeIdentifier, List userExplicitGroups, List userRunTimeGroups) { - if (userGroups == null) { + if (userExplicitGroups == null && userRunTimeGroups == null) { return ""; } - List outputList = new ArrayList<>(); + List outputExplicitList = new ArrayList<>(); + String explicitString = ""; - for (String r : userGroups) { - if (r != null) { - outputList.add(r); + if (userExplicitGroups != null) { + for (String r : userExplicitGroups) { + if (r != null) { + outputExplicitList.add(r); + } } + + if (!outputExplicitList.isEmpty()) { + explicitString = ",'&explicit/" + StringUtils.join(outputExplicitList, "','&explicit/") + "'"; + } + } - if (outputList.isEmpty()) { - return ""; + + List outputRuntimeList = new ArrayList<>(); + String runTimeString = ""; + + if (userRunTimeGroups != null) { + for (String r : userRunTimeGroups) { + if (r != null) { + outputRuntimeList.add(r); + } + } + + if (!outputRuntimeList.isEmpty()) { + runTimeString = ",'" + StringUtils.join(outputRuntimeList, "','") + "'"; + } + } - return " WHERE r.assigneeIdentifier in ( '" + roleAssigneeIdentifier + "', '&explicit/" + StringUtils.join(outputList, "','&explicit/") + "')"; + return " WHERE r.assigneeIdentifier in ( '" + roleAssigneeIdentifier + "'" + explicitString + runTimeString + ")"; } - public List getRoleIdsFor(String roleAssigneeIdentifier, List dvObjectIdList){ - + public List getRoleIdsFor(AuthenticatedUser au, List dvObjectIdList){ + String roleAssigneeIdentifier = au.getUserIdentifier(); if (roleAssigneeIdentifier==null){ return null; } - if ((dvObjectIdList==null)||(dvObjectIdList.isEmpty())){ - return null; - } + roleAssigneeIdentifier = roleAssigneeIdentifier.replaceAll("\\s",""); // remove spaces from string - List userGroups = getUserGroups(roleAssigneeIdentifier.replace("@", "")); - + List userGroups = getUserExplicitGroups(roleAssigneeIdentifier.replace("@", "")); + List userRunTimeGroups = getUserRuntimeGroups(au); String identifierClause = " WHERE r.assigneeIdentifier= '" + roleAssigneeIdentifier + "'"; - if (userGroups != null && !userGroups.isEmpty()){ - identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups); + if (userGroups != null || userRunTimeGroups != null){ + identifierClause = getGroupIdentifierClause(roleAssigneeIdentifier, userGroups, userRunTimeGroups); } @@ -258,7 +283,7 @@ private String getDvObjectIdListClause(List dvObjectIdList){ } - private List getUserGroups(String roleAssigneeIdentifier){ + private List getUserExplicitGroups(String roleAssigneeIdentifier){ String qstr = "select groupalias from explicitgroup"; qstr += " where id in "; @@ -271,6 +296,23 @@ private List getUserGroups(String roleAssigneeIdentifier){ .getResultList(); } + private List getUserRuntimeGroups(AuthenticatedUser au) { + List retVal = new ArrayList(); + + Set groups = groupSvc.groupsFor(au, null); + StringBuilder sb = new StringBuilder(); + for (Group group : groups) { + logger.fine("found group " + group.getIdentifier() + " with alias " + group.getAlias()); + if (group.getGroupProvider().getGroupProviderAlias().equals("shib") || group.getGroupProvider().getGroupProviderAlias().equals("ip")) { + String groupAlias = group.getAlias(); + if (groupAlias != null && !groupAlias.isEmpty()) { + retVal.add('&' + groupAlias); + } + } + } + return retVal; + } + public List filterRoleAssignees(String query, DvObject dvObject, List roleAssignSelectedRoleAssignees) { List roleAssigneeList = new ArrayList<>(); diff --git a/src/main/java/edu/harvard/iq/dataverse/authorization/MyDataQueryHelperServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/authorization/MyDataQueryHelperServiceBean.java index 41139fb8fd6..2bd577ceb5d 100644 --- a/src/main/java/edu/harvard/iq/dataverse/authorization/MyDataQueryHelperServiceBean.java +++ b/src/main/java/edu/harvard/iq/dataverse/authorization/MyDataQueryHelperServiceBean.java @@ -123,7 +123,7 @@ public List getRolesOnDVO(AuthenticatedUser user, Long dvoId, List } - List roles = roleAssigneeService.getRoleIdListForGivenAssigneeDvObject(user.getIdentifier(), idsForSelect, dvoId); + List roles = roleAssigneeService.getRoleIdListForGivenAssigneeDvObject(user, idsForSelect, dvoId); /* List results = em.createNativeQuery("Select distinct role.role_id FROM roleassignment role WHERE " + " role.definitionpoint_id = " + dvoId + " " @@ -155,7 +155,7 @@ public List getRolesOnDVO(AuthenticatedUser user, Long dvoId, List + ")" + roleClause + ";").getResultList();*/ - List resultsParent = roleAssigneeService.getRoleIdListForGivenAssigneeDvObject(user.getIdentifier(), idsForSelect, parentId); + List resultsParent = roleAssigneeService.getRoleIdListForGivenAssigneeDvObject(user, idsForSelect, parentId); if (resultsParent != null && !resultsParent.isEmpty()) { for (Object result : resultsParent) { Long role_id = (Long) result; @@ -181,7 +181,7 @@ public List getRolesOnDVO(AuthenticatedUser user, Long dvoId, List + roleClause + ";").getResultList(); */ - List resultsGrandParent = roleAssigneeService.getRoleIdListForGivenAssigneeDvObject(user.getIdentifier(), idsForSelect, grandParentId); + List resultsGrandParent = roleAssigneeService.getRoleIdListForGivenAssigneeDvObject(user, idsForSelect, grandParentId); if (resultsGrandParent != null && !resultsGrandParent.isEmpty()) { for (Object result : resultsGrandParent) { Long role_id = (Long) result; diff --git a/src/main/java/edu/harvard/iq/dataverse/mydata/DataRetrieverAPI.java b/src/main/java/edu/harvard/iq/dataverse/mydata/DataRetrieverAPI.java index 3343c0f1b0f..3744a90241a 100644 --- a/src/main/java/edu/harvard/iq/dataverse/mydata/DataRetrieverAPI.java +++ b/src/main/java/edu/harvard/iq/dataverse/mydata/DataRetrieverAPI.java @@ -17,6 +17,7 @@ import edu.harvard.iq.dataverse.authorization.DataverseRole; import edu.harvard.iq.dataverse.authorization.DataverseRolePermissionHelper; import edu.harvard.iq.dataverse.authorization.MyDataQueryHelperServiceBean; +import edu.harvard.iq.dataverse.authorization.groups.GroupServiceBean; import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser; import edu.harvard.iq.dataverse.search.SearchConstants; import edu.harvard.iq.dataverse.search.SearchException; @@ -67,8 +68,10 @@ public class DataRetrieverAPI extends AbstractApiBean { SearchServiceBean searchService; @EJB AuthenticationServiceBean authenticationService; - @EJB + @EJB MyDataQueryHelperServiceBean myDataQueryHelperServiceBean; + @EJB + GroupServiceBean groupService; private List roleList; private DataverseRolePermissionHelper rolePermissionHelper; @@ -196,7 +199,7 @@ private SolrQueryResponse getTotalCountsFromSolr(AuthenticatedUser searchUser, M // ------------------------------------------------------- // Create new filter params that only check by the User // ------------------------------------------------------- - MyDataFilterParams filterParams = new MyDataFilterParams(searchUser.getIdentifier(), myDataFinder.getRolePermissionHelper()); + MyDataFilterParams filterParams = new MyDataFilterParams(searchUser, myDataFinder.getRolePermissionHelper()); if (filterParams.hasError()){ logger.severe("getTotalCountsFromSolr. filterParams error: " + filterParams.getErrorMessage()); return null; @@ -348,7 +351,7 @@ public String retrieveMyDataAsJsonString(@QueryParam("dvobject_types") List dvObjectTypes; private List publicationStatuses; @@ -94,16 +96,19 @@ public class MyDataFilterParams { /** * Constructor used to get total counts * + * @param authenticatedUser * @param userIdentifier */ - public MyDataFilterParams(String userIdentifier, DataverseRolePermissionHelper roleHelper){ - if ((userIdentifier==null)||(userIdentifier.isEmpty())){ - throw new NullPointerException("MyDataFilterParams constructor: userIdentifier cannot be null or an empty string"); + public MyDataFilterParams(AuthenticatedUser authenticatedUser, DataverseRolePermissionHelper roleHelper){ + if (authenticatedUser==null){ + throw new NullPointerException("MyDataFilterParams constructor: authenticatedIUser cannot be null "); } + this.authenticatedUser = authenticatedUser; + this.userIdentifier = authenticatedUser.getIdentifier(); + if (roleHelper==null){ throw new NullPointerException("MyDataFilterParams constructor: roleHelper cannot be null"); } - this.userIdentifier = userIdentifier; this.dvObjectTypes = MyDataFilterParams.allDvObjectTypes; this.publicationStatuses = MyDataFilterParams.allPublishedStates; this.searchTerm = MyDataFilterParams.defaultSearchTerm; @@ -116,16 +121,17 @@ public MyDataFilterParams(String userIdentifier, DataverseRolePermissionHelper r * @param publicationStatuses * @param searchTerm */ - public MyDataFilterParams(String userIdentifier, List dvObjectTypes, List publicationStatuses, List roleIds, String searchTerm){ - if ((userIdentifier==null)||(userIdentifier.isEmpty())){ - throw new NullPointerException("MyDataFilterParams constructor: userIdentifier cannot be null or an empty string"); + public MyDataFilterParams(AuthenticatedUser authenticatedUser, List dvObjectTypes, List publicationStatuses, List roleIds, String searchTerm){ + if (authenticatedUser==null){ + throw new NullPointerException("MyDataFilterParams constructor: authenticatedIUser cannot be null "); } + this.authenticatedUser = authenticatedUser; + this.userIdentifier = authenticatedUser.getIdentifier(); if (dvObjectTypes==null){ throw new NullPointerException("MyDataFilterParams constructor: dvObjectTypes cannot be null"); } - this.userIdentifier = userIdentifier; this.dvObjectTypes = dvObjectTypes; if (publicationStatuses == null){ @@ -192,6 +198,11 @@ public String getUserIdentifier(){ return this.userIdentifier; } + + public AuthenticatedUser getAuthenticatedUser() { + return authenticatedUser; + } + public String getErrorMessage(){ return this.errorMessage; } diff --git a/src/main/java/edu/harvard/iq/dataverse/mydata/MyDataFinder.java b/src/main/java/edu/harvard/iq/dataverse/mydata/MyDataFinder.java index a50cf93c11f..548878f5814 100644 --- a/src/main/java/edu/harvard/iq/dataverse/mydata/MyDataFinder.java +++ b/src/main/java/edu/harvard/iq/dataverse/mydata/MyDataFinder.java @@ -9,6 +9,7 @@ import edu.harvard.iq.dataverse.DvObjectServiceBean; import edu.harvard.iq.dataverse.RoleAssigneeServiceBean; import edu.harvard.iq.dataverse.authorization.DataverseRolePermissionHelper; +import edu.harvard.iq.dataverse.authorization.groups.GroupServiceBean; import edu.harvard.iq.dataverse.search.SearchFields; import java.util.ArrayList; import java.util.HashMap; @@ -31,7 +32,7 @@ */ //@Stateless public class MyDataFinder { - + private static final Logger logger = Logger.getLogger(MyDataFinder.class.getCanonicalName()); private String userIdentifier; @@ -45,6 +46,7 @@ public class MyDataFinder { private DataverseRolePermissionHelper rolePermissionHelper; private RoleAssigneeServiceBean roleAssigneeService; private DvObjectServiceBean dvObjectServiceBean; + private GroupServiceBean groupService; //private RoleAssigneeServiceBean roleService = new RoleAssigneeServiceBean(); //private MyDataQueryHelperServiceBean myDataQueryHelperService; // -------------------- @@ -83,11 +85,12 @@ public class MyDataFinder { private List fileGrandparentFileIds = new ArrayList<>(); // dataverse has file permissions - public MyDataFinder(DataverseRolePermissionHelper rolePermissionHelper, RoleAssigneeServiceBean roleAssigneeService, DvObjectServiceBean dvObjectServiceBean) { + public MyDataFinder(DataverseRolePermissionHelper rolePermissionHelper, RoleAssigneeServiceBean roleAssigneeService, DvObjectServiceBean dvObjectServiceBean, GroupServiceBean groupService) { this.msgt("MyDataFinder, constructor"); this.rolePermissionHelper = rolePermissionHelper; this.roleAssigneeService = roleAssigneeService; this.dvObjectServiceBean = dvObjectServiceBean; + this.groupService = groupService; this.loadHarvestedDataverseIds(); } @@ -234,7 +237,6 @@ private List getSolrFilterQueries(boolean totalCountsOnly){ return null; } filterQueries.add(dvObjectFQ); - // ----------------------------------------------------------------- // For total counts, don't filter by publicationStatus or DvObjectType // ----------------------------------------------------------------- @@ -255,12 +257,12 @@ private List getSolrFilterQueries(boolean totalCountsOnly){ // ----------------------------------------------------------------- filterQueries.add(this.filterParams.getSolrFragmentForPublicationStatus()); //fq=publicationStatus:"Unpublished"&fq=publicationStatus:"Draft" - + return filterQueries; } - - + + @@ -444,7 +446,7 @@ public JsonArrayBuilder getListofSelectedRoles(){ private boolean runStep1RoleAssignments(){ - List results = this.roleAssigneeService.getAssigneeAndRoleIdListFor(MyDataUtil.formatUserIdentifierAsAssigneeIdentifier(this.userIdentifier) + List results = this.roleAssigneeService.getAssigneeAndRoleIdListFor(filterParams.getAuthenticatedUser() , this.filterParams.getRoleIds()); //msgt("runStep1RoleAssignments results: " + results.toString()); diff --git a/src/main/java/edu/harvard/iq/dataverse/mydata/MyDataPage.java b/src/main/java/edu/harvard/iq/dataverse/mydata/MyDataPage.java index c082cb906fd..f280cb1ff22 100644 --- a/src/main/java/edu/harvard/iq/dataverse/mydata/MyDataPage.java +++ b/src/main/java/edu/harvard/iq/dataverse/mydata/MyDataPage.java @@ -182,7 +182,7 @@ public String init() { // Initialize a filterParams object to buid the Publication Status checkboxes // - this.filterParams = new MyDataFilterParams(authUser.getIdentifier(), MyDataFilterParams.defaultDvObjectTypes, null, null, null); + this.filterParams = new MyDataFilterParams(authUser, MyDataFilterParams.defaultDvObjectTypes, null, null, null); // Temp DataverseRolePermissionHelper -- not in its normal role but for creating initial checkboxes @@ -259,7 +259,7 @@ private List getRolesUsedToCreateCheckboxes(AuthenticatedUser aut roleList = dataverseRoleService.findAll(); }else{ // (2) For a regular users - roleList = roleAssigneeService.getAssigneeDataverseRoleFor(this.filterParams.getUserIdentifier()); + roleList = roleAssigneeService.getAssigneeDataverseRoleFor(authUser); // If there are no assigned roles, show them all? // This may not make sense diff --git a/src/main/java/edu/harvard/iq/dataverse/mydata/RoleTagRetriever.java b/src/main/java/edu/harvard/iq/dataverse/mydata/RoleTagRetriever.java index 5160152b698..17477dda014 100644 --- a/src/main/java/edu/harvard/iq/dataverse/mydata/RoleTagRetriever.java +++ b/src/main/java/edu/harvard/iq/dataverse/mydata/RoleTagRetriever.java @@ -11,6 +11,7 @@ import edu.harvard.iq.dataverse.search.SolrQueryResponse; import edu.harvard.iq.dataverse.search.SolrSearchResult; import edu.harvard.iq.dataverse.authorization.DataverseRolePermissionHelper; +import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser; import edu.harvard.iq.dataverse.search.SearchConstants; import java.util.ArrayList; import java.util.Collections; @@ -68,8 +69,13 @@ public RoleTagRetriever(DataverseRolePermissionHelper rolePermissionHelper this.dvObjectServiceBean = dvObjectServiceBean; } - public void loadRoles(String userIdentifier, SolrQueryResponse solrQueryResponse){ - + public void loadRoles(AuthenticatedUser au , SolrQueryResponse solrQueryResponse){ + + if (au == null){ + throw new NullPointerException("RoleTagRetriever.constructor. au cannot be null"); + } + + String userIdentifier = au.getUserIdentifier(); if (userIdentifier == null){ throw new NullPointerException("RoleTagRetriever.constructor. userIdentifier cannot be null"); } @@ -88,7 +94,7 @@ public void loadRoles(String userIdentifier, SolrQueryResponse solrQueryResponse findDataverseIdsForFiles(); // (4) Retrieve the role ids - retrieveRoleIdsForDvObjects(userIdentifier); + retrieveRoleIdsForDvObjects(au); // (5) Prepare final role lists prepareFinalRoleLists(); @@ -343,8 +349,9 @@ private void findDataverseIdsForFiles(){ } - private boolean retrieveRoleIdsForDvObjects(String userIdentifier){ - + private boolean retrieveRoleIdsForDvObjects(AuthenticatedUser au ){ + + String userIdentifier = au.getUserIdentifier(); if (userIdentifier == null){ throw new NullPointerException("RoleTagRetriever.constructor. userIdentifier cannot be null"); } @@ -358,8 +365,8 @@ private boolean retrieveRoleIdsForDvObjects(String userIdentifier){ return true; } //msg("dvObjectIdList: " + dvObjectIdList.toString()); - String assigneeIdentifer = MyDataUtil.formatUserIdentifierAsAssigneeIdentifier(userIdentifier); - List results = this.roleAssigneeService.getRoleIdsFor(assigneeIdentifer, dvObjectIdList); + + List results = this.roleAssigneeService.getRoleIdsFor(au, dvObjectIdList); //msgt("runStep1RoleAssignments results: " + results.toString());