From b67d338516c239ab733a25d23def64dfb265a2f4 Mon Sep 17 00:00:00 2001 From: Alice Boizet Date: Tue, 3 Sep 2024 10:30:04 +0200 Subject: [PATCH] add function to check if the user can edit calls and display snpclust button also for reader role --- .../fr/cirad/tools/security/TokenManager.java | 42 +++++++++++++++++++ .../controller/gigwa/GigwaRestController.java | 11 ++--- 2 files changed, 48 insertions(+), 5 deletions(-) diff --git a/src/main/java/fr/cirad/tools/security/TokenManager.java b/src/main/java/fr/cirad/tools/security/TokenManager.java index 743a7566..d8f3cf4c 100644 --- a/src/main/java/fr/cirad/tools/security/TokenManager.java +++ b/src/main/java/fr/cirad/tools/security/TokenManager.java @@ -436,4 +436,46 @@ public String generateToken(Authentication auth/*, int nMaxInactiveSeconds*/) th updateToken(token, System.currentTimeMillis()); return token; } + + @Override + public boolean canUserEditCallsInProject(String token, String sModule, int projectId) { + Authentication authentication = getAuthenticationFromToken(token); + boolean fResult = canUserEditCallsInProject(authentication == null ? null : userDao.getUserAuthorities(authentication), sModule, projectId); + if (fResult) + updateToken(token, System.currentTimeMillis()); + return fResult; + } + + @Override + public boolean canUserEditCallsInProject(Collection authorities, String sModule, int projectId) { + if (authorities != null && authorities.contains(new SimpleGrantedAuthority(IRoleDefinition.ROLE_ADMIN))) + return true; + + if (authorities == null) + return false; + + if (userDao.getSupervisedModules(authorities).contains(sModule)) + return true; + + Map>> customRolesByEntityType = userDao.getCustomRolesByModuleAndEntityType(authorities).get(sModule); + if (customRolesByEntityType != null) { + Map> customRolesOnProjects = customRolesByEntityType.get(ENTITY_PROJECT); + if (customRolesOnProjects != null) { + Collection snpClustEditionRoles = customRolesOnProjects.get(ENTITY_SNPCLUST_EDITOR_ROLE); + if (snpClustEditionRoles == null) + snpClustEditionRoles = customRolesOnProjects.get(IRoleDefinition.ENTITY_MANAGER_ROLE); + if (snpClustEditionRoles != null && snpClustEditionRoles.contains(projectId)) + return true; + } + } + + Map> managedEntitesByType = userDao.getManagedEntitiesByModuleAndType(authorities).get(sModule); + if (managedEntitesByType != null) { + Collection managedProjects = managedEntitesByType.get(ENTITY_PROJECT); + if (managedProjects != null && managedProjects.contains(projectId)) + return true; + } + + return false; + } } \ No newline at end of file diff --git a/src/main/java/fr/cirad/web/controller/gigwa/GigwaRestController.java b/src/main/java/fr/cirad/web/controller/gigwa/GigwaRestController.java index 3c94ec81..876ccdcd 100644 --- a/src/main/java/fr/cirad/web/controller/gigwa/GigwaRestController.java +++ b/src/main/java/fr/cirad/web/controller/gigwa/GigwaRestController.java @@ -1471,10 +1471,11 @@ public ModelAndView setupImportPage() @GetMapping(value = BASE_URL + snpclustEditionURL) public @ResponseBody String snpclustEditionURL(HttpServletRequest request, @RequestParam("module") final String sModule, @RequestParam("project") final int projId) { Authentication auth = tokenManager.getAuthenticationFromToken(tokenManager.readToken(request)); - if (auth != null && (auth.getAuthorities().contains(new SimpleGrantedAuthority(IRoleDefinition.ROLE_ADMIN)) || auth.getAuthorities().contains(new SimpleGrantedAuthority(sModule + UserPermissionController.ROLE_STRING_SEPARATOR + IRoleDefinition.ROLE_DB_SUPERVISOR)) || auth.getAuthorities().contains(new SimpleGrantedAuthority(sModule + UserPermissionController.ROLE_STRING_SEPARATOR + TokenManager.ENTITY_PROJECT + UserPermissionController.ROLE_STRING_SEPARATOR + TokenManager.ENTITY_SNPCLUST_EDITOR_ROLE + UserPermissionController.ROLE_STRING_SEPARATOR + projId)))) { - String url = appConfig.get("snpclustLink"); - if (url == null) - return ""; +// if (auth != null && (auth.getAuthorities().contains(new SimpleGrantedAuthority(IRoleDefinition.ROLE_ADMIN)) || auth.getAuthorities().contains(new SimpleGrantedAuthority(sModule + UserPermissionController.ROLE_STRING_SEPARATOR + IRoleDefinition.ROLE_DB_SUPERVISOR)) +// || auth.getAuthorities().contains(new SimpleGrantedAuthority(sModule + UserPermissionController.ROLE_STRING_SEPARATOR + TokenManager.ENTITY_PROJECT + UserPermissionController.ROLE_STRING_SEPARATOR + TokenManager.ENTITY_SNPCLUST_EDITOR_ROLE + UserPermissionController.ROLE_STRING_SEPARATOR + projId)))) { + String url = appConfig.get("snpclustLink"); + if (url == null) + return ""; MongoTemplate mongoTemplate = MongoTemplateManager.get(sModule); Query q = new Query(Criteria.where("_id." + VariantRunDataId.FIELDNAME_PROJECT_ID).is(projId)); @@ -1490,7 +1491,7 @@ public ModelAndView setupImportPage() if (VariantData.GT_FIELD_FI.equals(aiKey)/* && !Number.class.isAssignableFrom(annotationMap.get(aiKey).getClass())*/) return url; } - } + return ""; }