use of de.tum.in.www1.artemis.security.Role in project Artemis by ls1intum.
the class GitLabUserManagementService method removeOrUpdateUserFromGroups.
/**
* Removes or updates the user to or from the groups.
*
* @param gitlabUserId the Gitlab user id
* @param userGroups groups that the user belongs to
* @param groupsToRemove groups where the user should be removed from
*/
private void removeOrUpdateUserFromGroups(int gitlabUserId, Set<String> userGroups, Set<String> groupsToRemove) throws GitLabApiException {
if (groupsToRemove == null || groupsToRemove.isEmpty()) {
return;
}
// Gitlab groups are identified by the project key of the programming exercise
var exercises = programmingExerciseRepository.findAllByInstructorOrEditorOrTAGroupNameIn(groupsToRemove);
log.info("Update Gitlab permissions for programming exercises: " + exercises.stream().map(ProgrammingExercise::getProjectKey).toList());
for (var exercise : exercises) {
// TODO: in case we update a tutor group / role here, the tutor should NOT get access to exam exercises before the exam has finished
Course course = exercise.getCourseViaExerciseGroupOrCourseMember();
Optional<AccessLevel> accessLevel = getAccessLevelFromUserGroups(userGroups, course);
// Do not remove the user from the group and only update it's access level
var shouldUpdateGroupAccess = accessLevel.isPresent();
if (shouldUpdateGroupAccess) {
gitlabApi.getGroupApi().updateMember(exercise.getProjectKey(), gitlabUserId, accessLevel.get());
} else {
removeUserFromGroup(gitlabUserId, exercise.getProjectKey());
}
}
}
use of de.tum.in.www1.artemis.security.Role in project Artemis by ls1intum.
the class GitLabUserManagementService method addUserToGroups.
/**
* Adds the Gitlab user to the groups. It will be given a different access level
* based on the group type (instructors are given the MAINTAINER level and teaching
* assistants REPORTED).
*
* @param gitlabUserId the user id of the Gitlab user
* @param groups the new groups
*/
private void addUserToGroups(int gitlabUserId, Set<String> groups) {
if (groups == null || groups.isEmpty()) {
return;
}
List<ProgrammingExercise> exercises = programmingExerciseRepository.findAllByInstructorOrEditorOrTAGroupNameIn(groups);
log.info("Update Gitlab permissions for programming exercises: " + exercises.stream().map(ProgrammingExercise::getProjectKey).toList());
// TODO: in case we update a tutor group / role here, the tutor should NOT get access to exam exercises before the exam has finished
for (var exercise : exercises) {
Course course = exercise.getCourseViaExerciseGroupOrCourseMember();
Optional<AccessLevel> accessLevel = getAccessLevelFromUserGroups(groups, course);
accessLevel.ifPresent(level -> addUserToGroup(exercise.getProjectKey(), gitlabUserId, level));
}
}
use of de.tum.in.www1.artemis.security.Role in project ArTEMiS by ls1intum.
the class GitLabUserManagementService method removeOrUpdateUserFromGroups.
/**
* Removes or updates the user to or from the groups.
*
* @param gitlabUserId the Gitlab user id
* @param userGroups groups that the user belongs to
* @param groupsToRemove groups where the user should be removed from
*/
private void removeOrUpdateUserFromGroups(int gitlabUserId, Set<String> userGroups, Set<String> groupsToRemove) throws GitLabApiException {
if (groupsToRemove == null || groupsToRemove.isEmpty()) {
return;
}
// Gitlab groups are identified by the project key of the programming exercise
var exercises = programmingExerciseRepository.findAllByInstructorOrEditorOrTAGroupNameIn(groupsToRemove);
log.info("Update Gitlab permissions for programming exercises: " + exercises.stream().map(ProgrammingExercise::getProjectKey).toList());
for (var exercise : exercises) {
// TODO: in case we update a tutor group / role here, the tutor should NOT get access to exam exercises before the exam has finished
Course course = exercise.getCourseViaExerciseGroupOrCourseMember();
Optional<AccessLevel> accessLevel = getAccessLevelFromUserGroups(userGroups, course);
// Do not remove the user from the group and only update it's access level
var shouldUpdateGroupAccess = accessLevel.isPresent();
if (shouldUpdateGroupAccess) {
gitlabApi.getGroupApi().updateMember(exercise.getProjectKey(), gitlabUserId, accessLevel.get());
} else {
removeUserFromGroup(gitlabUserId, exercise.getProjectKey());
}
}
}
use of de.tum.in.www1.artemis.security.Role in project ArTEMiS by ls1intum.
the class AuthorityService method buildAuthorities.
/**
* Builds the authorities list from the groups:
* <p>
* 1) Admin group if the globally defined ADMIN_GROUP_NAME is available and is contained in the users groups, or if the user was an admin before
* 2) group contains configured instructor group name -> instructor role
* 3) group contains configured tutor group name -> tutor role
* 4) the user role is always given
*
* @param user a user with groups
* @return a set of authorities based on the course configuration and the given groups
*/
public Set<Authority> buildAuthorities(User user) {
Set<Authority> authorities = new HashSet<>();
Set<String> groups = user.getGroups();
if (groups == null) {
// prevent null pointer exceptions
groups = new HashSet<>();
}
// Check if the user is admin in case the admin group is defined
if (adminGroupName.isPresent() && groups.contains(adminGroupName.get())) {
authorities.add(ADMIN_AUTHORITY);
}
// Users who already have admin access, keep admin access.
if (user.getAuthorities() != null && user.getAuthorities().contains(ADMIN_AUTHORITY)) {
authorities.add(ADMIN_AUTHORITY);
}
Set<String> instructorGroups = courseRepository.findAllInstructorGroupNames();
Set<String> editorGroups = courseRepository.findAllEditorGroupNames();
Set<String> teachingAssistantGroups = courseRepository.findAllTeachingAssistantGroupNames();
// Check if user is an instructor in any course
if (groups.stream().anyMatch(instructorGroups::contains)) {
authorities.add(new Authority(INSTRUCTOR.getAuthority()));
}
// Check if user is an editor in any course
if (groups.stream().anyMatch(editorGroups::contains)) {
authorities.add(new Authority(EDITOR.getAuthority()));
}
// Check if user is a tutor in any course
if (groups.stream().anyMatch(teachingAssistantGroups::contains)) {
authorities.add(new Authority(TEACHING_ASSISTANT.getAuthority()));
}
authorities.add(new Authority(STUDENT.getAuthority()));
return authorities;
}
use of de.tum.in.www1.artemis.security.Role in project ArTEMiS by ls1intum.
the class GitLabUserManagementService method addUserToGroups.
/**
* Adds the Gitlab user to the groups. It will be given a different access level
* based on the group type (instructors are given the MAINTAINER level and teaching
* assistants REPORTED).
*
* @param gitlabUserId the user id of the Gitlab user
* @param groups the new groups
*/
private void addUserToGroups(Long gitlabUserId, Set<String> groups) {
if (groups == null || groups.isEmpty()) {
return;
}
List<ProgrammingExercise> exercises = programmingExerciseRepository.findAllByInstructorOrEditorOrTAGroupNameIn(groups);
log.info("Update Gitlab permissions for programming exercises: " + exercises.stream().map(ProgrammingExercise::getProjectKey).toList());
// TODO: in case we update a tutor group / role here, the tutor should NOT get access to exam exercises before the exam has finished
for (var exercise : exercises) {
Course course = exercise.getCourseViaExerciseGroupOrCourseMember();
Optional<AccessLevel> accessLevel = getAccessLevelFromUserGroups(groups, course);
accessLevel.ifPresent(level -> addUserToGroup(exercise.getProjectKey(), gitlabUserId, level));
}
}
Aggregations