Examples with UserGroupJoin ca.corefacility.bioinformatics.irida.model.user.group.UserGroupJoin used on opensource projects

Example 1 with UserGroupJoin

use of ca.corefacility.bioinformatics.irida.model.user.group.UserGroupJoin in project irida by phac-nml.

the class GroupsController method getGroupUsers.

/**
 * List the members in the group.
 *
 * @param params
 *            the datatables parameters to search for.
 * @param userGroupId
 *            the group ID to get members for.
 * @return the datatables-formatted response with filtered users.
 */
@RequestMapping("/{userGroupId}/ajax/list")
@ResponseBody
public DataTablesResponse getGroupUsers(@DataTablesRequest DataTablesParams params, @PathVariable Long userGroupId) {
    final UserGroup group = userGroupService.read(userGroupId);
    final Page<UserGroupJoin> page = userGroupService.filterUsersByUsername(params.getSearchValue(), group, params.getCurrentPage(), params.getLength(), params.getSort());
    List<DataTablesResponseModel> members = page.getContent().stream().map(DTGroupMember::new).collect(Collectors.toList());
    return new DataTablesResponse(params, page, members);
}

Example 2 with UserGroupJoin

use of ca.corefacility.bioinformatics.irida.model.user.group.UserGroupJoin in project irida by phac-nml.

the class ModifyProjectPermission method customPermissionAllowed.

/**
 * {@inheritDoc}
 */
public boolean customPermissionAllowed(Authentication authentication, Project p) {
    logger.trace("Testing permission for [" + authentication + "] can modify project [" + p + "]");
    // check if the user is a project owner for this project
    User u = userRepository.loadUserByUsername(authentication.getName());
    List<Join<Project, User>> projectUsers = pujRepository.getUsersForProjectByRole(p, ProjectRole.PROJECT_OWNER);
    for (Join<Project, User> projectUser : projectUsers) {
        if (projectUser.getObject().equals(u)) {
            logger.trace("Permission GRANTED for [" + authentication + "] on project [" + p + "]");
            // this user is an owner for the project.
            return true;
        }
    }
    // if we've made it this far, then that means that the user isn't
    // directly added to the project, so check if the user is in any groups
    // added to the project.
    final Collection<UserGroupProjectJoin> groups = ugpjRepository.findGroupsByProject(p);
    for (final UserGroupProjectJoin group : groups) {
        if (group.getProjectRole().equals(ProjectRole.PROJECT_OWNER)) {
            final Collection<UserGroupJoin> groupMembers = ugRepository.findUsersInGroup(group.getObject());
            final boolean inGroup = groupMembers.stream().anyMatch(j -> j.getSubject().equals(u));
            if (inGroup) {
                logger.trace("Permission GRANTED for [" + authentication + "] on project [" + p + "] by group membership in [" + group.getLabel() + "]");
                return true;
            }
        } else {
            logger.trace("Group is not PROJECT_OWNER, checking next project.");
        }
    }
    logger.trace("Permission DENIED for [" + authentication + "] on project [" + p + "]");
    return false;
}

Example 3 with UserGroupJoin

use of ca.corefacility.bioinformatics.irida.model.user.group.UserGroupJoin in project irida by phac-nml.

the class UpdateUserGroupPermission method customPermissionAllowed.

/**
 * {@inheritDoc}
 */
@Override
public boolean customPermissionAllowed(final Authentication authentication, final UserGroup g) {
    logger.trace("Checking if [" + authentication + "] can modify [" + g + "]");
    final User user = userRepository.loadUserByUsername(authentication.getName());
    final Optional<UserGroupJoin> userInGroup = userGroupJoinRepository.findUsersInGroup(g).stream().filter(j -> j.getSubject().equals(user)).findAny();
    if (userInGroup.isPresent()) {
        final UserGroupJoin j = userInGroup.get();
        if (j.getRole().equals(UserGroupRole.GROUP_OWNER)) {
            logger.trace("User [" + user + "] is GROUP_OWNER in group [" + g + "], access is GRANTED.");
            return true;
        } else {
            logger.trace("User [" + user + "] is *not* GROUP_OWNER in group [" + g + "], access is DENIED.");
            return false;
        }
    } else {
        logger.trace("User [" + user + "] is not in group [" + g + "], access is DENIED.");
        return false;
    }
}

Example 4 with UserGroupJoin

use of ca.corefacility.bioinformatics.irida.model.user.group.UserGroupJoin in project irida by phac-nml.

the class ReadProjectPermissionTest method testGrantPermissionByGroup.

@Test
public void testGrantPermissionByGroup() {
    final String username = "fbristow";
    final User u = new User();
    u.setUsername(username);
    final Project p = new Project();
    final UserGroup g = new UserGroup("The group");
    final List<UserGroupProjectJoin> projectGroups = new ArrayList<>();
    projectGroups.add(new UserGroupProjectJoin(p, g, ProjectRole.PROJECT_USER));
    when(userRepository.loadUserByUsername(username)).thenReturn(u);
    when(projectRepository.findOne(1L)).thenReturn(p);
    when(pujRepository.getUsersForProject(p)).thenReturn(ImmutableList.of());
    when(ugpjRepository.findGroupsByProject(p)).thenReturn(projectGroups);
    when(ugRepository.findUsersInGroup(g)).thenReturn(ImmutableList.of(new UserGroupJoin(u, g, UserGroupJoin.UserGroupRole.GROUP_MEMBER)));
    Authentication auth = new UsernamePasswordAuthenticationToken("fbristow", "password1");
    assertTrue("permission should be granted by user group.", readProjectPermission.isAllowed(auth, 1L));
    verify(userRepository).loadUserByUsername(username);
    verify(projectRepository).findOne(1L);
    verify(pujRepository).getUsersForProject(p);
}

Example 5 with UserGroupJoin

use of ca.corefacility.bioinformatics.irida.model.user.group.UserGroupJoin in project irida by phac-nml.

the class UpdateUserGroupPermissionTest method testGrantPermission.

@Test
public void testGrantPermission() {
    final String username = "user";
    final User u = new User();
    final UserGroup ug = new UserGroup("group");
    u.setUsername(username);
    when(userRepository.loadUserByUsername(username)).thenReturn(u);
    when(userRepository.findOne(1L)).thenReturn(u);
    when(userGroupRepository.findOne(1L)).thenReturn(ug);
    when(userGroupJoinRepository.findUsersInGroup(ug)).thenReturn(ImmutableList.of(new UserGroupJoin(u, ug, UserGroupRole.GROUP_OWNER)));
    final Authentication auth = new UsernamePasswordAuthenticationToken(username, "password1");
    assertTrue("permission was not granted.", updateUserPermission.isAllowed(auth, 1L));
}