638 nbspimplmenter le nouveau mcanisme pour le module dataset cot back ajouter des tests si non prsent

src/main/java/fr/insee/rmes/bauhaus_services/classifications/ClassificationUtils.java

@@ -21,6 +21,7 @@
 import org.eclipse.rdf4j.model.vocabulary.SKOS;
 import org.json.JSONArray;
 import org.json.JSONObject;
+import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Repository;
 
 import java.util.ArrayList;
@@ -32,7 +33,6 @@ public void updateClassification(Classification classification, String uri) thro
         Model model = new LinkedHashModel();
 
         this.validate(classification);
-
         Resource graph = RdfUtils.codesListGraph(classification.getId());
         IRI classificationIri = RdfUtils.createIRI(uri);
 

src/main/java/fr/insee/rmes/bauhaus_services/datasets/DatasetServiceImpl.java

@@ -4,7 +4,6 @@
 import fr.insee.rmes.bauhaus_services.operations.series.SeriesUtils;
 import fr.insee.rmes.bauhaus_services.rdf_utils.RdfService;
 import fr.insee.rmes.bauhaus_services.rdf_utils.RdfUtils;
-import fr.insee.rmes.config.auth.UserProviderFromSecurityContext;
 import fr.insee.rmes.exceptions.ErrorCodes;
 import fr.insee.rmes.exceptions.RmesBadRequestException;
 import fr.insee.rmes.exceptions.RmesException;
@@ -17,7 +16,6 @@
 import fr.insee.rmes.persistance.ontologies.INSEE;
 import fr.insee.rmes.utils.DateUtils;
 import fr.insee.rmes.utils.Deserializer;
-import fr.insee.rmes.utils.IdGenerator;
 import org.eclipse.rdf4j.model.*;
 import org.eclipse.rdf4j.model.impl.LinkedHashModel;
 import org.eclipse.rdf4j.model.impl.SimpleValueFactory;
@@ -206,6 +204,8 @@ private String update(String datasetId, Dataset dataset) throws RmesException {
 
         return this.persist(dataset);
     }
+
+
     @Override
     public String update(String datasetId, String body) throws RmesException {
         Dataset dataset = Deserializer.deserializeBody(body, Dataset.class);

src/main/java/fr/insee/rmes/bauhaus_services/distribution/DistributionQueries.java

@@ -50,4 +50,6 @@ public static String getContributorsByDistributionUri(String uri) throws RmesExc
         params.put("DISTRIBUTION_GRAPH_URI", uri);
         return FreeMarkerUtils.buildRequest(ROOT_DIRECTORY, "getDistributionContributorsByUriQuery.ftlh", params);
     }
+
+
 }

src/main/java/fr/insee/rmes/config/auth/RBACConfiguration.java

@@ -49,4 +49,20 @@ private static ModuleAccessPrivileges.Privilege toPrivilege(Map.Entry<RBAC.Privi
         return new ModuleAccessPrivileges.Privilege(entry.getKey(), entry.getValue());
     }
 
+    public Map<String, Map<RBAC.Module, Map<RBAC.Privilege, RBAC.Strategy>>> getRbac() {
+        return allModulesAccessPrivileges.stream()
+                .collect(Collectors.toMap(
+                        privilege -> privilege.roleName().role(),
+                        privilege -> privilege.privileges().stream()
+                                .collect(Collectors.toMap(
+                                        ModuleAccessPrivileges::application,
+                                        moduleAccess -> moduleAccess.privileges().stream()
+                                                .collect(Collectors.toMap(
+                                                        ModuleAccessPrivileges.Privilege::privilege,
+                                                        ModuleAccessPrivileges.Privilege::strategy
+                                                ))
+                                ))
+                ));
+    }
+
 }

src/main/java/fr/insee/rmes/config/auth/security/BauhausMethodSecurityExpressionHandler.java

@@ -1,6 +1,7 @@
 package fr.insee.rmes.config.auth.security;
 
 import fr.insee.rmes.bauhaus_services.StampAuthorizationChecker;
+import fr.insee.rmes.external.services.rbac.RBACService;
 import org.aopalliance.intercept.MethodInvocation;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -24,9 +25,11 @@ public class BauhausMethodSecurityExpressionHandler extends DefaultMethodSecurit
 
     private final StampAuthorizationChecker stampAuthorizationChecker;
     private final StampFromPrincipal stampFromPrincipal;
+    private final RBACService rbacService;
 
     @Autowired
-    public BauhausMethodSecurityExpressionHandler(StampAuthorizationChecker stampAuthorizationChecker, StampFromPrincipal stampFromPrincipal) {
+    public BauhausMethodSecurityExpressionHandler(StampAuthorizationChecker stampAuthorizationChecker, StampFromPrincipal stampFromPrincipal, RBACService rbacService) {
+        this.rbacService = rbacService;
         logger.trace("Initializing GlobalMethodSecurityConfiguration with BauhausMethodSecurityExpressionHandler and DefaultRolePrefix = {}", DEFAULT_ROLE_PREFIX);
         this.stampAuthorizationChecker = requireNonNull(stampAuthorizationChecker);
         this.stampFromPrincipal = requireNonNull(stampFromPrincipal);
@@ -37,7 +40,7 @@ public BauhausMethodSecurityExpressionHandler(StampAuthorizationChecker stampAut
     public EvaluationContext createEvaluationContext(Supplier<Authentication> authentication, MethodInvocation mi) {
         StandardEvaluationContext context = (StandardEvaluationContext) super.createEvaluationContext(authentication, mi);
         MethodSecurityExpressionOperations delegate = (MethodSecurityExpressionOperations) context.getRootObject().getValue();
-        context.setRootObject(SecurityExpressionRootForBauhaus.enrich(delegate, this.stampAuthorizationChecker, this.stampFromPrincipal));
+        context.setRootObject(SecurityExpressionRootForBauhaus.enrich(delegate, this.stampAuthorizationChecker, this.stampFromPrincipal, this.rbacService));
         return context;
     }
 }

src/main/java/fr/insee/rmes/config/auth/security/SecurityExpressionRootForBauhaus.java

@@ -3,7 +3,11 @@
 import fr.insee.rmes.bauhaus_services.StampAuthorizationChecker;
 import fr.insee.rmes.config.auth.roles.Roles;
 import fr.insee.rmes.config.auth.user.Stamp;
+import fr.insee.rmes.exceptions.RmesException;
 import fr.insee.rmes.exceptions.RmesRuntimeBadRequestException;
+import fr.insee.rmes.external.services.rbac.AccessPrivileges;
+import fr.insee.rmes.external.services.rbac.RBACService;
+import fr.insee.rmes.model.rbac.RBAC;
 import org.json.JSONObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -12,8 +16,9 @@
 import org.springframework.security.access.expression.SecurityExpressionRoot;
 import org.springframework.security.access.expression.method.MethodSecurityExpressionOperations;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 
-import java.util.Optional;
+import java.util.*;
 import java.util.function.BiPredicate;
 
 import static java.util.Objects.requireNonNull;
@@ -26,16 +31,19 @@ public class SecurityExpressionRootForBauhaus implements MethodSecurityExpressio
     private final StampAuthorizationChecker stampAuthorizationChecker;
     private final StampFromPrincipal stampFromPrincipal;
     private final SecurityExpressionRoot methodSecurityExpressionRoot;
+    private final RBACService rbacService;
 
-    private SecurityExpressionRootForBauhaus(MethodSecurityExpressionOperations methodSecurityExpressionOperations, StampAuthorizationChecker stampAuthorizationChecker, StampFromPrincipal stampFromPrincipal) {
+
+    public SecurityExpressionRootForBauhaus(MethodSecurityExpressionOperations methodSecurityExpressionOperations, StampAuthorizationChecker stampAuthorizationChecker, StampFromPrincipal stampFromPrincipal, RBACService rbacService) {
         this.methodSecurityExpressionRoot = (SecurityExpressionRoot) methodSecurityExpressionOperations;
-        this.methodSecurityExpressionOperations = methodSecurityExpressionOperations;
-        this.stampAuthorizationChecker = stampAuthorizationChecker;
         this.stampFromPrincipal = stampFromPrincipal;
+        this.stampAuthorizationChecker = stampAuthorizationChecker;
+        this.methodSecurityExpressionOperations = methodSecurityExpressionOperations;
+        this.rbacService = rbacService;
     }
 
-    public static MethodSecurityExpressionOperations enrich(MethodSecurityExpressionOperations methodSecurityExpressionOperations, StampAuthorizationChecker stampAuthorizationChecker, StampFromPrincipal stampFromPrincipal) {
-        return new SecurityExpressionRootForBauhaus(requireNonNull(methodSecurityExpressionOperations), requireNonNull(stampAuthorizationChecker), requireNonNull(stampFromPrincipal));
+    public static MethodSecurityExpressionOperations enrich(MethodSecurityExpressionOperations methodSecurityExpressionOperations, StampAuthorizationChecker stampAuthorizationChecker, StampFromPrincipal stampFromPrincipal, RBACService rbacService) {
+        return new SecurityExpressionRootForBauhaus( requireNonNull(methodSecurityExpressionOperations), requireNonNull(stampAuthorizationChecker), requireNonNull(stampFromPrincipal),requireNonNull(rbacService));
     }
 
     @Override
@@ -229,4 +237,39 @@ private Optional<Stamp> getStamp() {
         return this.stampFromPrincipal.findStamp(methodSecurityExpressionRoot.getPrincipal());
     }
 
-}
+
+    public boolean canUpdateSerie(String serieId) throws RmesException{
+        return getAccessPrivileges().isGranted(RBAC.Privilege.UPDATE).on(RBAC.Module.SERIE).withId(serieId);
+    }
+
+    public boolean canDeleteDataset(String datasetId) throws RmesException{
+        return getAccessPrivileges().isGranted(RBAC.Privilege.DELETE).on(RBAC.Module.DATASET).withId(datasetId);
+    }
+
+    public boolean canUpdateDataset(String datasetId) throws RmesException{
+        return getAccessPrivileges().isGranted(RBAC.Privilege.UPDATE).on(RBAC.Module.DATASET).withId(datasetId);
+    }
+
+    public boolean canCreateDataset(String datasetId) throws RmesException{
+        return getAccessPrivileges().isGranted(RBAC.Privilege.CREATE).on(RBAC.Module.DATASET).withId(datasetId);
+    }
+
+    public boolean canPublishDataset(String datasetId) throws RmesException{
+        return getAccessPrivileges().isGranted(RBAC.Privilege.PUBLISH).on(RBAC.Module.DATASET).withId(datasetId);
+    }
+
+    public boolean canReadDataset(String datasetId) throws RmesException{
+        return getAccessPrivileges().isGranted(RBAC.Privilege.READ).on(RBAC.Module.DATASET).withId(datasetId);
+    }
+
+    private AccessPrivileges getAccessPrivileges() throws RmesException {
+        Optional<Stamp>  stamp = this.getStamp();
+        Collection<? extends GrantedAuthority> collectionRole = this.getAuthentication().getAuthorities();
+        List<? extends GrantedAuthority> listerole = new ArrayList<>(collectionRole);
+        List<String> strings = listerole.stream()
+                .map(object -> Objects.toString(object, null))
+                .toList();
+        return rbacService.computeRbac(strings);
+    }
+
+}

src/main/java/fr/insee/rmes/config/auth/security/restrictions/StampsRestrictionsService.java

@@ -19,6 +19,7 @@ public interface StampsRestrictionsService {
 
 	boolean isConceptsOrCollectionsOwner(List<IRI> uris) throws RmesException;
 
+
 	boolean canCreateConcept() throws RmesException;
 
 	boolean canModifyConcept(IRI uri) throws RmesException;

src/main/java/fr/insee/rmes/external/services/rbac/AccessPrivileges.java

@@ -0,0 +1,49 @@
+package fr.insee.rmes.external.services.rbac;
+
+import fr.insee.rmes.model.rbac.RBAC;
+
+import java.util.Map;
+
+
+public class AccessPrivileges {
+    private final Map<RBAC.Module, Map<RBAC.Privilege, RBAC.Strategy>> privileges;
+    private RBAC.Privilege action;
+    private RBAC.Module resource;
+
+    public AccessPrivileges(Map<RBAC.Module, Map<RBAC.Privilege, RBAC.Strategy>> privileges) {
+        this.privileges = privileges;
+    }
+
+    public AccessPrivileges isGranted(RBAC.Privilege action) {
+        this.action = action;
+        return this;
+    }
+
+    public AccessPrivileges on(RBAC.Module resource) {
+        this.resource = resource;
+        return this;
+    }
+
+    public boolean withId(String id) {
+        return checkPrivileges(id);
+    }
+
+    private boolean checkPrivileges(String id) {
+        Map<RBAC.Privilege, RBAC.Strategy> resourcePrivileges = privileges.get(resource);
+        if (resourcePrivileges == null) {
+            return false;
+        }
+
+        RBAC.Strategy strategy = resourcePrivileges.get(action);
+        if (strategy == null) {
+            return false;
+        }
+
+        return strategy == RBAC.Strategy.ALL || (strategy == RBAC.Strategy.STAMP && checkStamp(id));
+    }
+
+    private boolean checkStamp(String id) {
+        // Implémentez la logique pour vérifier le stamp
+        return true; // Exemple simplifié
+    }
+}

src/main/java/fr/insee/rmes/external/services/rbac/RBACService.java

@@ -1,11 +1,12 @@
 package fr.insee.rmes.external.services.rbac;
 
-import fr.insee.rmes.model.rbac.RBAC;
+
+import org.springframework.stereotype.Service;
 
 import java.util.List;
-import java.util.Map;
 
 public interface RBACService {
 
-    Map<RBAC.Module, Map<RBAC.Privilege, RBAC.Strategy>> computeRbac(List<String> roles);
+    AccessPrivileges computeRbac(List<String> roles);
+
 }

src/main/java/fr/insee/rmes/external/services/rbac/RBACServiceImpl.java

@@ -4,9 +4,7 @@
 import fr.insee.rmes.model.rbac.RBAC;
 import org.springframework.stereotype.Service;
 
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 @Service
 public class RBACServiceImpl implements RBACService {
@@ -18,24 +16,23 @@ public RBACServiceImpl(RBACConfiguration configuration) {
     }
 
     @Override
-    public Map<RBAC.Module, Map<RBAC.Privilege, RBAC.Strategy>> computeRbac(List<String> roles) {
-        /*if(roles.isEmpty()){
-            return Map.of();
+    public AccessPrivileges computeRbac(List<String> roles) {
+        if (roles.isEmpty()) {
+            return new AccessPrivileges(Collections.emptyMap());
         }
 
-        Map<String, Map<RBAC.APPLICATION, Map<RBAC.PRIVILEGE, RBAC.STRATEGY>>> rbac = configuration.getRbac();
+        Map<String, Map<RBAC.Module, Map<RBAC.Privilege, RBAC.Strategy>>> rbac = configuration.getRbac();
 
-        Map<RBAC.APPLICATION, Map<RBAC.PRIVILEGE, RBAC.STRATEGY>> results = new HashMap<>();
+        Map<RBAC.Module, Map<RBAC.Privilege, RBAC.Strategy>> results = new HashMap<>();
 
         for (String role : roles) {
-            Map<RBAC.APPLICATION, Map<RBAC.PRIVILEGE, RBAC.STRATEGY>> rolePrivileges = rbac.get(role);
+            Map<RBAC.Module, Map<RBAC.Privilege, RBAC.Strategy>> rolePrivileges = rbac.get(role);
             if (rolePrivileges != null) {
                 mergePrivileges(results, rolePrivileges);
             }
         }
 
-        return results;*/
-        return Map.of();
+        return new AccessPrivileges(results);
     }
 
     private void mergePrivileges(Map<RBAC.Module, Map<RBAC.Privilege, RBAC.Strategy>> target,
@@ -60,4 +57,6 @@ private void mergePrivileges(Map<RBAC.Module, Map<RBAC.Privilege, RBAC.Strategy>
             });
         }
     }
+
+
 }

src/main/java/fr/insee/rmes/model/rbac/RBAC.java

@@ -9,7 +9,8 @@ public enum Module {
         OPERATION,
         INDICATOR,
         SIMS,
-        CLASSIFICATION
+        CLASSIFICATION,
+        DATASET
     }
 
     public enum Privilege {

src/main/java/fr/insee/rmes/webservice/UserResources.java

@@ -5,6 +5,7 @@
 import fr.insee.rmes.config.auth.user.User;
 import fr.insee.rmes.exceptions.RmesException;
 import fr.insee.rmes.external.services.authentication.stamps.StampsService;
+import fr.insee.rmes.external.services.rbac.AccessPrivileges;
 import fr.insee.rmes.external.services.rbac.RBACService;
 import fr.insee.rmes.model.rbac.RBAC;
 import io.swagger.v3.oas.annotations.Operation;
@@ -76,7 +77,7 @@ public UserResources(StampsService stampsService, RBACService rbacService, UserD
                     @ApiResponse(content = @Content(mediaType = "application/json"))
             }
     )
-    public Map<RBAC.Module, Map<RBAC.Privilege, RBAC.Strategy>> getUserInformation(@AuthenticationPrincipal Object principal) throws RmesException {
+    public AccessPrivileges getUserInformation(@AuthenticationPrincipal Object principal) throws RmesException {
         User user = this.userDecoder.fromPrincipal(principal).get();
         return rbacService.computeRbac(user.roles());
     }