use of ca.corefacility.bioinformatics.irida.model.user.group.UserGroupProjectJoin in project irida by phac-nml.
the class ModifyProjectPermission method customPermissionAllowed.
/**
* {@inheritDoc}
*/
public boolean customPermissionAllowed(Authentication authentication, Project p) {
logger.trace("Testing permission for [" + authentication + "] can modify project [" + p + "]");
// check if the user is a project owner for this project
User u = userRepository.loadUserByUsername(authentication.getName());
List<Join<Project, User>> projectUsers = pujRepository.getUsersForProjectByRole(p, ProjectRole.PROJECT_OWNER);
for (Join<Project, User> projectUser : projectUsers) {
if (projectUser.getObject().equals(u)) {
logger.trace("Permission GRANTED for [" + authentication + "] on project [" + p + "]");
// this user is an owner for the project.
return true;
}
}
// if we've made it this far, then that means that the user isn't
// directly added to the project, so check if the user is in any groups
// added to the project.
final Collection<UserGroupProjectJoin> groups = ugpjRepository.findGroupsByProject(p);
for (final UserGroupProjectJoin group : groups) {
if (group.getProjectRole().equals(ProjectRole.PROJECT_OWNER)) {
final Collection<UserGroupJoin> groupMembers = ugRepository.findUsersInGroup(group.getObject());
final boolean inGroup = groupMembers.stream().anyMatch(j -> j.getSubject().equals(u));
if (inGroup) {
logger.trace("Permission GRANTED for [" + authentication + "] on project [" + p + "] by group membership in [" + group.getLabel() + "]");
return true;
}
} else {
logger.trace("Group is not PROJECT_OWNER, checking next project.");
}
}
logger.trace("Permission DENIED for [" + authentication + "] on project [" + p + "]");
return false;
}
use of ca.corefacility.bioinformatics.irida.model.user.group.UserGroupProjectJoin in project irida by phac-nml.
the class ProjectEventHandler method handleUserGroupRoleSetProjectEvent.
/**
* Create a {@link UserGroupRoleSetProjectEvent}. The method must have
* returned a {@link UserGroupProjectJoin}
*
* @param event
* The {@link MethodEvent} that this event is being launched from
*/
private ProjectEvent handleUserGroupRoleSetProjectEvent(MethodEvent event) {
Object returnValue = event.getReturnValue();
if (!(returnValue instanceof UserGroupProjectJoin)) {
throw new IllegalArgumentException("Method annotated with @LaunchesProjectEvent(UserGroupRoleSetProjectEvent.class) method must return UserGroupProjectJoin");
}
UserGroupProjectJoin join = (UserGroupProjectJoin) returnValue;
return eventRepository.save(new UserGroupRoleSetProjectEvent(join));
}
use of ca.corefacility.bioinformatics.irida.model.user.group.UserGroupProjectJoin in project irida by phac-nml.
the class ReadProjectPermissionTest method testGrantPermissionByGroup.
@Test
public void testGrantPermissionByGroup() {
final String username = "fbristow";
final User u = new User();
u.setUsername(username);
final Project p = new Project();
final UserGroup g = new UserGroup("The group");
final List<UserGroupProjectJoin> projectGroups = new ArrayList<>();
projectGroups.add(new UserGroupProjectJoin(p, g, ProjectRole.PROJECT_USER));
when(userRepository.loadUserByUsername(username)).thenReturn(u);
when(projectRepository.findOne(1L)).thenReturn(p);
when(pujRepository.getUsersForProject(p)).thenReturn(ImmutableList.of());
when(ugpjRepository.findGroupsByProject(p)).thenReturn(projectGroups);
when(ugRepository.findUsersInGroup(g)).thenReturn(ImmutableList.of(new UserGroupJoin(u, g, UserGroupJoin.UserGroupRole.GROUP_MEMBER)));
Authentication auth = new UsernamePasswordAuthenticationToken("fbristow", "password1");
assertTrue("permission should be granted by user group.", readProjectPermission.isAllowed(auth, 1L));
verify(userRepository).loadUserByUsername(username);
verify(projectRepository).findOne(1L);
verify(pujRepository).getUsersForProject(p);
}
use of ca.corefacility.bioinformatics.irida.model.user.group.UserGroupProjectJoin in project irida by phac-nml.
the class ProjectServiceImpl method removeUserGroupFromProject.
/**
* {@inheritDoc}
*/
@Override
@Transactional
@LaunchesProjectEvent(UserGroupRemovedProjectEvent.class)
@PreAuthorize("hasRole('ROLE_ADMIN') or hasPermission(#project, 'canManageLocalProjectSettings')")
public void removeUserGroupFromProject(Project project, UserGroup userGroup) throws ProjectWithoutOwnerException {
final UserGroupProjectJoin j = ugpjRepository.findByProjectAndUserGroup(project, userGroup);
if (!allowRoleChange(project, j.getProjectRole())) {
throw new ProjectWithoutOwnerException("Removing this user group would leave the project without an owner.");
}
ugpjRepository.delete(j);
}
use of ca.corefacility.bioinformatics.irida.model.user.group.UserGroupProjectJoin in project irida by phac-nml.
the class ProjectServiceImplTest method testGetProjectsForUser.
@Test
public void testGetProjectsForUser() {
final User u = new User();
final Project p1 = new Project("p1");
final Project p2 = new Project("p2");
final UserGroup ug = new UserGroup("group");
final ProjectUserJoin puj = new ProjectUserJoin(p1, u, ProjectRole.PROJECT_OWNER);
final UserGroupProjectJoin ugpj = new UserGroupProjectJoin(p2, ug, ProjectRole.PROJECT_OWNER);
when(pujRepository.getProjectsForUser(u)).thenReturn(ImmutableList.of(puj));
when(ugpjRepository.findProjectsByUser(u)).thenReturn(ImmutableList.of(ugpj));
final List<Join<Project, User>> projects = projectService.getProjectsForUser(u);
assertEquals("User should be in 2 projects.", 2, projects.size());
assertTrue("Should have found user project join.", projects.stream().anyMatch(p -> p.getSubject().equals(p1)));
assertTrue("Should have found group project join.", projects.stream().anyMatch(p -> p.getSubject().equals(p2)));
}
Aggregations