From b67d338516c239ab733a25d23def64dfb265a2f4 Mon Sep 17 00:00:00 2001
From: Alice Boizet <alice.boizet@cirad.fr>
Date: Tue, 3 Sep 2024 10:30:04 +0200
Subject: [PATCH] add function to check if the user can edit calls and display
 snpclust button also for reader role

---
 .../fr/cirad/tools/security/TokenManager.java | 42 +++++++++++++++++++
 .../controller/gigwa/GigwaRestController.java | 11 ++---
 2 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/src/main/java/fr/cirad/tools/security/TokenManager.java b/src/main/java/fr/cirad/tools/security/TokenManager.java
index 743a7566..d8f3cf4c 100644
--- a/src/main/java/fr/cirad/tools/security/TokenManager.java
+++ b/src/main/java/fr/cirad/tools/security/TokenManager.java
@@ -436,4 +436,46 @@ public String generateToken(Authentication auth/*, int nMaxInactiveSeconds*/) th
 	    updateToken(token, System.currentTimeMillis());
 	    return token;
     }
+    
+    @Override
+    public boolean canUserEditCallsInProject(String token, String sModule, int projectId) {
+    	Authentication authentication = getAuthenticationFromToken(token);
+    	boolean fResult = canUserEditCallsInProject(authentication == null ? null : userDao.getUserAuthorities(authentication), sModule, projectId);
+    	if (fResult)
+            updateToken(token, System.currentTimeMillis());
+        return fResult;
+    }
+    
+    @Override
+    public boolean canUserEditCallsInProject(Collection<? extends GrantedAuthority> authorities, String sModule, int projectId) {
+        if (authorities != null && authorities.contains(new SimpleGrantedAuthority(IRoleDefinition.ROLE_ADMIN)))
+            return true;
+
+        if (authorities == null)
+            return false;
+
+        if (userDao.getSupervisedModules(authorities).contains(sModule))
+            return true;
+        
+        Map<String, Map<String, Collection<Comparable>>> customRolesByEntityType = userDao.getCustomRolesByModuleAndEntityType(authorities).get(sModule);
+        if (customRolesByEntityType != null) {
+            Map<String, Collection<Comparable>> customRolesOnProjects = customRolesByEntityType.get(ENTITY_PROJECT);
+            if (customRolesOnProjects != null) {
+                Collection<Comparable> snpClustEditionRoles = customRolesOnProjects.get(ENTITY_SNPCLUST_EDITOR_ROLE);
+                if (snpClustEditionRoles == null)
+                    snpClustEditionRoles = customRolesOnProjects.get(IRoleDefinition.ENTITY_MANAGER_ROLE);
+                if (snpClustEditionRoles != null && snpClustEditionRoles.contains(projectId))
+                    return true;
+            }
+        }
+
+        Map<String, Collection<Comparable>> managedEntitesByType = userDao.getManagedEntitiesByModuleAndType(authorities).get(sModule);
+        if (managedEntitesByType != null) {
+                Collection<Comparable> managedProjects = managedEntitesByType.get(ENTITY_PROJECT);
+                if (managedProjects != null && managedProjects.contains(projectId))
+                        return true;
+        }
+        
+        return false;
+    }
 }
\ No newline at end of file
diff --git a/src/main/java/fr/cirad/web/controller/gigwa/GigwaRestController.java b/src/main/java/fr/cirad/web/controller/gigwa/GigwaRestController.java
index 3c94ec81..876ccdcd 100644
--- a/src/main/java/fr/cirad/web/controller/gigwa/GigwaRestController.java
+++ b/src/main/java/fr/cirad/web/controller/gigwa/GigwaRestController.java
@@ -1471,10 +1471,11 @@ public ModelAndView setupImportPage()
 	@GetMapping(value = BASE_URL + snpclustEditionURL)
 	public @ResponseBody String snpclustEditionURL(HttpServletRequest request, @RequestParam("module") final String sModule, @RequestParam("project") final int projId) {
 		Authentication auth = tokenManager.getAuthenticationFromToken(tokenManager.readToken(request));
-		if (auth != null && (auth.getAuthorities().contains(new SimpleGrantedAuthority(IRoleDefinition.ROLE_ADMIN)) || auth.getAuthorities().contains(new SimpleGrantedAuthority(sModule + UserPermissionController.ROLE_STRING_SEPARATOR + IRoleDefinition.ROLE_DB_SUPERVISOR)) || auth.getAuthorities().contains(new SimpleGrantedAuthority(sModule + UserPermissionController.ROLE_STRING_SEPARATOR + TokenManager.ENTITY_PROJECT + UserPermissionController.ROLE_STRING_SEPARATOR + TokenManager.ENTITY_SNPCLUST_EDITOR_ROLE + UserPermissionController.ROLE_STRING_SEPARATOR + projId)))) {
-			String url = appConfig.get("snpclustLink");
-			if (url == null)
-				return "";
+//		if (auth != null && (auth.getAuthorities().contains(new SimpleGrantedAuthority(IRoleDefinition.ROLE_ADMIN)) || auth.getAuthorities().contains(new SimpleGrantedAuthority(sModule + UserPermissionController.ROLE_STRING_SEPARATOR + IRoleDefinition.ROLE_DB_SUPERVISOR)) 
+//                        || auth.getAuthorities().contains(new SimpleGrantedAuthority(sModule + UserPermissionController.ROLE_STRING_SEPARATOR + TokenManager.ENTITY_PROJECT + UserPermissionController.ROLE_STRING_SEPARATOR + TokenManager.ENTITY_SNPCLUST_EDITOR_ROLE + UserPermissionController.ROLE_STRING_SEPARATOR + projId)))) {
+                String url = appConfig.get("snpclustLink");
+                if (url == null)
+                        return "";
 
 	        MongoTemplate mongoTemplate = MongoTemplateManager.get(sModule);
 	        Query q = new Query(Criteria.where("_id." + VariantRunDataId.FIELDNAME_PROJECT_ID).is(projId));
@@ -1490,7 +1491,7 @@ public ModelAndView setupImportPage()
 	                    if (VariantData.GT_FIELD_FI.equals(aiKey)/* && !Number.class.isAssignableFrom(annotationMap.get(aiKey).getClass())*/)
 	            			return url;
 	        }
-		}
+		
 		return "";
 	}