Examples with Role de.tum.in.www1.artemis.security.Role used on opensource projects

Example 1 with Role

use of de.tum.in.www1.artemis.security.Role in project Artemis by ls1intum.

the class GitLabUserManagementService method removeOrUpdateUserFromGroups.

/**
 * Removes or updates the user to or from the groups.
 *
 * @param gitlabUserId the Gitlab user id
 * @param userGroups groups that the user belongs to
 * @param groupsToRemove groups where the user should be removed from
 */
private void removeOrUpdateUserFromGroups(int gitlabUserId, Set<String> userGroups, Set<String> groupsToRemove) throws GitLabApiException {
    if (groupsToRemove == null || groupsToRemove.isEmpty()) {
        return;
    }
    // Gitlab groups are identified by the project key of the programming exercise
    var exercises = programmingExerciseRepository.findAllByInstructorOrEditorOrTAGroupNameIn(groupsToRemove);
    log.info("Update Gitlab permissions for programming exercises: " + exercises.stream().map(ProgrammingExercise::getProjectKey).toList());
    for (var exercise : exercises) {
        // TODO: in case we update a tutor group / role here, the tutor should NOT get access to exam exercises before the exam has finished
        Course course = exercise.getCourseViaExerciseGroupOrCourseMember();
        Optional<AccessLevel> accessLevel = getAccessLevelFromUserGroups(userGroups, course);
        // Do not remove the user from the group and only update it's access level
        var shouldUpdateGroupAccess = accessLevel.isPresent();
        if (shouldUpdateGroupAccess) {
            gitlabApi.getGroupApi().updateMember(exercise.getProjectKey(), gitlabUserId, accessLevel.get());
        } else {
            removeUserFromGroup(gitlabUserId, exercise.getProjectKey());
        }
    }
}

Example 2 with Role

use of de.tum.in.www1.artemis.security.Role in project Artemis by ls1intum.

the class GitLabUserManagementService method addUserToGroups.

/**
 * Adds the Gitlab user to the groups. It will be given a different access level
 * based on the group type (instructors are given the MAINTAINER level and teaching
 * assistants REPORTED).
 *
 * @param gitlabUserId the user id of the Gitlab user
 * @param groups the new groups
 */
private void addUserToGroups(int gitlabUserId, Set<String> groups) {
    if (groups == null || groups.isEmpty()) {
        return;
    }
    List<ProgrammingExercise> exercises = programmingExerciseRepository.findAllByInstructorOrEditorOrTAGroupNameIn(groups);
    log.info("Update Gitlab permissions for programming exercises: " + exercises.stream().map(ProgrammingExercise::getProjectKey).toList());
    // TODO: in case we update a tutor group / role here, the tutor should NOT get access to exam exercises before the exam has finished
    for (var exercise : exercises) {
        Course course = exercise.getCourseViaExerciseGroupOrCourseMember();
        Optional<AccessLevel> accessLevel = getAccessLevelFromUserGroups(groups, course);
        accessLevel.ifPresent(level -> addUserToGroup(exercise.getProjectKey(), gitlabUserId, level));
    }
}

Example 3 with Role

use of de.tum.in.www1.artemis.security.Role in project ArTEMiS by ls1intum.

the class GitLabUserManagementService method removeOrUpdateUserFromGroups.

/**
 * Removes or updates the user to or from the groups.
 *
 * @param gitlabUserId the Gitlab user id
 * @param userGroups groups that the user belongs to
 * @param groupsToRemove groups where the user should be removed from
 */
private void removeOrUpdateUserFromGroups(int gitlabUserId, Set<String> userGroups, Set<String> groupsToRemove) throws GitLabApiException {
    if (groupsToRemove == null || groupsToRemove.isEmpty()) {
        return;
    }
    // Gitlab groups are identified by the project key of the programming exercise
    var exercises = programmingExerciseRepository.findAllByInstructorOrEditorOrTAGroupNameIn(groupsToRemove);
    log.info("Update Gitlab permissions for programming exercises: " + exercises.stream().map(ProgrammingExercise::getProjectKey).toList());
    for (var exercise : exercises) {
        // TODO: in case we update a tutor group / role here, the tutor should NOT get access to exam exercises before the exam has finished
        Course course = exercise.getCourseViaExerciseGroupOrCourseMember();
        Optional<AccessLevel> accessLevel = getAccessLevelFromUserGroups(userGroups, course);
        // Do not remove the user from the group and only update it's access level
        var shouldUpdateGroupAccess = accessLevel.isPresent();
        if (shouldUpdateGroupAccess) {
            gitlabApi.getGroupApi().updateMember(exercise.getProjectKey(), gitlabUserId, accessLevel.get());
        } else {
            removeUserFromGroup(gitlabUserId, exercise.getProjectKey());
        }
    }
}

Example 4 with Role

use of de.tum.in.www1.artemis.security.Role in project ArTEMiS by ls1intum.

the class AuthorityService method buildAuthorities.

/**
 * Builds the authorities list from the groups:
 * <p>
 * 1) Admin group if the globally defined ADMIN_GROUP_NAME is available and is contained in the users groups, or if the user was an admin before
 * 2) group contains configured instructor group name -> instructor role
 * 3) group contains configured tutor group name -> tutor role
 * 4) the user role is always given
 *
 * @param user a user with groups
 * @return a set of authorities based on the course configuration and the given groups
 */
public Set<Authority> buildAuthorities(User user) {
    Set<Authority> authorities = new HashSet<>();
    Set<String> groups = user.getGroups();
    if (groups == null) {
        // prevent null pointer exceptions
        groups = new HashSet<>();
    }
    // Check if the user is admin in case the admin group is defined
    if (adminGroupName.isPresent() && groups.contains(adminGroupName.get())) {
        authorities.add(ADMIN_AUTHORITY);
    }
    // Users who already have admin access, keep admin access.
    if (user.getAuthorities() != null && user.getAuthorities().contains(ADMIN_AUTHORITY)) {
        authorities.add(ADMIN_AUTHORITY);
    }
    Set<String> instructorGroups = courseRepository.findAllInstructorGroupNames();
    Set<String> editorGroups = courseRepository.findAllEditorGroupNames();
    Set<String> teachingAssistantGroups = courseRepository.findAllTeachingAssistantGroupNames();
    // Check if user is an instructor in any course
    if (groups.stream().anyMatch(instructorGroups::contains)) {
        authorities.add(new Authority(INSTRUCTOR.getAuthority()));
    }
    // Check if user is an editor in any course
    if (groups.stream().anyMatch(editorGroups::contains)) {
        authorities.add(new Authority(EDITOR.getAuthority()));
    }
    // Check if user is a tutor in any course
    if (groups.stream().anyMatch(teachingAssistantGroups::contains)) {
        authorities.add(new Authority(TEACHING_ASSISTANT.getAuthority()));
    }
    authorities.add(new Authority(STUDENT.getAuthority()));
    return authorities;
}

Example 5 with Role

use of de.tum.in.www1.artemis.security.Role in project ArTEMiS by ls1intum.

the class GitLabUserManagementService method addUserToGroups.

/**
 * Adds the Gitlab user to the groups. It will be given a different access level
 * based on the group type (instructors are given the MAINTAINER level and teaching
 * assistants REPORTED).
 *
 * @param gitlabUserId the user id of the Gitlab user
 * @param groups the new groups
 */
private void addUserToGroups(Long gitlabUserId, Set<String> groups) {
    if (groups == null || groups.isEmpty()) {
        return;
    }
    List<ProgrammingExercise> exercises = programmingExerciseRepository.findAllByInstructorOrEditorOrTAGroupNameIn(groups);
    log.info("Update Gitlab permissions for programming exercises: " + exercises.stream().map(ProgrammingExercise::getProjectKey).toList());
    // TODO: in case we update a tutor group / role here, the tutor should NOT get access to exam exercises before the exam has finished
    for (var exercise : exercises) {
        Course course = exercise.getCourseViaExerciseGroupOrCourseMember();
        Optional<AccessLevel> accessLevel = getAccessLevelFromUserGroups(groups, course);
        accessLevel.ifPresent(level -> addUserToGroup(exercise.getProjectKey(), gitlabUserId, level));
    }
}