Feat: #751 show all workspaces to admin

armadillo/src/main/java/org/molgenis/armadillo/audit/AuditEventPublisher.java

@@ -7,18 +7,14 @@
 import java.util.*;
 import java.util.concurrent.CompletableFuture;
 import java.util.function.Supplier;
+import org.molgenis.armadillo.info.UserInformationRetriever;
 import org.slf4j.MDC;
 import org.springframework.boot.actuate.audit.listener.AuditApplicationEvent;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
-import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
-import org.springframework.security.oauth2.jwt.Jwt;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.stereotype.Component;
 
 @Component
@@ -42,7 +38,12 @@ public class AuditEventPublisher implements ApplicationEventPublisherAware {
   public static final String GET_ASSIGN_METHODS = "GET_ASSIGN_METHODS";
   public static final String GET_AGGREGATE_METHODS = "GET_AGGREGATE_METHODS";
   public static final String GET_USER_WORKSPACES = "GET_USER_WORKSPACES";
+  public static final String GET_ALL_USER_WORKSPACES = "GET_ALL_USER_WORKSPACES";
+  public static final String GET_MIGRATION_STATUS = "GET_MIGRATION_STATUS";
   public static final String DELETE_USER_WORKSPACE = "DELETE_USER_WORKSPACE";
+  public static final String DELETE_USER_WORKSPACE_DIRECTORY = "DELETE_USER_WORKSPACE_DIRECTORY";
+  public static final String USER_WORKSPACE_DIRECTORY = "USER_WORKSPACE_DIRECTORY";
+  public static final String COPY_USER_WORKSPACE = "COPY_USER_WORKSPACE";
   public static final String SAVE_USER_WORKSPACE = "SAVE_USER_WORKSPACE";
   public static final String LOAD_USER_WORKSPACE = "LOAD_USER_WORKSPACE";
   public static final String PERMISSIONS_LIST = "PERMISSIONS_LIST";
@@ -96,6 +97,7 @@ public class AuditEventPublisher implements ApplicationEventPublisherAware {
   public static final String MESSAGE = "message";
   public static final String TABLE = "table";
   public static final String ID = "id";
+  public static final String USER = "user";
   static final String ANONYMOUS = "ANONYMOUS";
   public static final String MDC_SESSION_ID = "sessionID";
   private ApplicationEventPublisher applicationEventPublisher;
@@ -119,31 +121,11 @@ public void audit(
     Map<String, Object> sessionData = new HashMap<>(data);
     sessionData.put("sessionId", sessionId);
     sessionData.put("roles", roles);
-    var user = getUser(principal);
+    var user = UserInformationRetriever.getUserIdentifierFromPrincipal(principal);
     applicationEventPublisher.publishEvent(
         new AuditApplicationEvent(clock.instant(), user, type, sessionData));
   }
 
-  static String getUser(Object principal) {
-    if (principal == null) {
-      return ANONYMOUS;
-    } else if (principal instanceof OAuth2AuthenticationToken token) {
-      return token.getPrincipal().getAttribute(EMAIL);
-    } else if (principal instanceof JwtAuthenticationToken token) {
-      return token.getTokenAttributes().get(EMAIL).toString();
-    } else if (principal instanceof DefaultOAuth2User user) {
-      return user.getAttributes().get(EMAIL).toString();
-    } else if (principal instanceof Jwt jwt) {
-      return jwt.getClaims().get(EMAIL).toString();
-    } else if (principal instanceof User user) {
-      return user.getUsername();
-    } else if (principal instanceof Principal p) {
-      return p.getName();
-    } else {
-      return principal.toString();
-    }
-  }
-
   public void audit(Principal principal, String type, Map<String, Object> data) {
     audit(principal, type, data, MDC.get(MDC_SESSION_ID), getRoles());
   }

armadillo/src/main/java/org/molgenis/armadillo/audit/AuthenticationAuditListener.java

@@ -1,9 +1,8 @@
 package org.molgenis.armadillo.audit;
 
-import static org.molgenis.armadillo.audit.AuditEventPublisher.getUser;
-
 import jakarta.validation.constraints.NotNull;
 import java.util.Map;
+import org.molgenis.armadillo.info.UserInformationRetriever;
 import org.springframework.boot.actuate.audit.AuditEvent;
 import org.springframework.boot.actuate.security.AbstractAuthenticationAuditListener;
 import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
@@ -29,7 +28,8 @@ public void onApplicationEvent(@NotNull AbstractAuthenticationEvent event) {
   private void onAuthenticationSuccessEvent(AuthenticationSuccessEvent event) {
     publish(
         new AuditEvent(
-            getUser(event.getAuthentication().getPrincipal()),
+            UserInformationRetriever.getUserIdentifierFromPrincipal(
+                event.getAuthentication().getPrincipal()),
             AUTHENTICATION_SUCCESS,
             Map.of(
                 "details",
@@ -41,7 +41,8 @@ private void onAuthenticationSuccessEvent(AuthenticationSuccessEvent event) {
   private void onLogoutSuccessEvent(LogoutSuccessEvent event) {
     publish(
         new AuditEvent(
-            getUser(event.getAuthentication().getPrincipal()),
+            UserInformationRetriever.getUserIdentifierFromPrincipal(
+                event.getAuthentication().getPrincipal()),
             LOGOUT_SUCCESS,
             Map.of(
                 "details",

armadillo/src/main/java/org/molgenis/armadillo/controller/DataController.java

@@ -35,6 +35,7 @@
 import org.molgenis.armadillo.command.ArmadilloCommandDTO;
 import org.molgenis.armadillo.command.Commands;
 import org.molgenis.armadillo.exceptions.ExpressionException;
+import org.molgenis.armadillo.exceptions.StorageException;
 import org.molgenis.armadillo.exceptions.UnknownObjectException;
 import org.molgenis.armadillo.exceptions.UnknownVariableException;
 import org.molgenis.armadillo.model.Workspace;
@@ -46,6 +47,7 @@
 import org.molgenis.r.model.RPackage;
 import org.obiba.datashield.core.DSMethod;
 import org.rosuda.REngine.REXPMismatchException;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
@@ -406,20 +408,21 @@ public List<Workspace> getWorkspaces(Principal principal) {
         () -> storage.listWorkspaces(principal), principal, GET_USER_WORKSPACES, Map.of());
   }
 
+  @Operation(summary = "Get all workspaces")
+  @GetMapping(value = "/all-workspaces", produces = APPLICATION_JSON_VALUE)
+  public Map<String, List<Workspace>> getAllUserWorkspaces(Principal principal) {
+    return auditEventPublisher.audit(
+        storage::listAllUserWorkspaces, principal, GET_ALL_USER_WORKSPACES, Map.of());
+  }
+
   @Operation(
       summary = "Delete user workspace",
       responses = {
         @ApiResponse(responseCode = "200", description = "Workspace was removed or did not exist.")
       })
   @DeleteMapping(value = "/workspaces/{id}")
   @ResponseStatus(OK)
-  public void removeWorkspace(
-      @PathVariable
-          @Pattern(
-              regexp = WORKSPACE_ID_FORMAT_REGEX,
-              message = "Please use only letters, numbers, dashes or underscores")
-          String id,
-      Principal principal) {
+  public void removeWorkspace(@PathVariable String id, Principal principal) {
     auditEventPublisher.audit(
         () -> {
           storage.removeWorkspace(principal, id);
@@ -430,6 +433,58 @@ public void removeWorkspace(
         Map.of(ID, id));
   }
 
+  @Operation(
+      summary = "Delete workspace of specific user",
+      responses = {
+        @ApiResponse(responseCode = "204", description = "Workspace was removed."),
+        @ApiResponse(responseCode = "404", description = "Workspace does not exist."),
+        @ApiResponse(responseCode = "401", description = "Permission denied.")
+      })
+  @DeleteMapping(value = "/workspaces/{user}/{id}")
+  @ResponseStatus(NO_CONTENT)
+  public void removeUserWorkspace(
+      @PathVariable String user, @PathVariable String id, Principal principal) {
+    String finalUser = getSafeUsernameForFileSystem(user);
+    auditEventPublisher.audit(
+        () -> {
+          try {
+            storage.removeWorkspaceByStringUserId(finalUser, id);
+            return null;
+          } catch (StorageException e) {
+            throw new ResponseStatusException(HttpStatus.NOT_FOUND, e.getMessage());
+          }
+        },
+        principal,
+        DELETE_USER_WORKSPACE,
+        Map.of(ID, id, USER, user));
+  }
+
+  @Operation(
+      summary = "Delete workspace directory of specific user",
+      responses = {
+        @ApiResponse(responseCode = "204", description = "Workspace directory was removed."),
+        @ApiResponse(responseCode = "404", description = "Workspace directory does not exist."),
+        @ApiResponse(responseCode = "401", description = "Permission denied.")
+      })
+  @DeleteMapping(value = "/workspaces/directory/{userDirectory}")
+  @ResponseStatus(NO_CONTENT)
+  public void removeUserWorkspacesDirectory(
+      @PathVariable String userDirectory, Principal principal) {
+    String finalUserDirectory = getSafeUsernameForFileSystem(userDirectory);
+    auditEventPublisher.audit(
+        () -> {
+          try {
+            storage.deleteDirectory(finalUserDirectory);
+            return null;
+          } catch (StorageException e) {
+            throw new ResponseStatusException(HttpStatus.NOT_FOUND, e.getMessage());
+          }
+        },
+        principal,
+        DELETE_USER_WORKSPACE_DIRECTORY,
+        Map.of(USER_WORKSPACE_DIRECTORY, finalUserDirectory));
+  }
+
   @Operation(summary = "Save user workspace")
   @PostMapping(value = "/workspaces/{id}", produces = TEXT_PLAIN_VALUE)
   @ResponseStatus(CREATED)
@@ -513,6 +568,15 @@ protected List<String> getLinkedVariables(ArmadilloLinkFile linkFile, String var
         : variableList.stream().filter(allowedVariables::contains).toList();
   }
 
+  public static String getSafeUsernameForFileSystem(String user) {
+    // replaces the @ in email addresses because when we use it as name of a folder, not all
+    // filesystems might like it
+    if (user.contains("@")) {
+      user = user.replace("@", "__at__");
+    }
+    return user;
+  }
+
   private CompletableFuture<ResponseEntity<Void>> loadTableFromLinkFile(
       String project,
       String objectName,

armadillo/src/main/java/org/molgenis/armadillo/info/UserInformationRetriever.java

@@ -0,0 +1,33 @@
+package org.molgenis.armadillo.info;
+
+import java.security.Principal;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+
+public class UserInformationRetriever {
+  static final String EMAIL = "email";
+  static final String ANONYMOUS = "ANONYMOUS";
+
+  public static String getUserIdentifierFromPrincipal(Object principal) {
+    if (principal == null) {
+      return ANONYMOUS;
+    } else if (principal instanceof OAuth2AuthenticationToken token) {
+      return token.getPrincipal().getAttribute(EMAIL);
+    } else if (principal instanceof JwtAuthenticationToken token) {
+      return token.getTokenAttributes().get(EMAIL).toString();
+    } else if (principal instanceof DefaultOAuth2User user) {
+      return user.getAttributes().get(EMAIL).toString();
+    } else if (principal instanceof Jwt jwt) {
+      return jwt.getClaims().get(EMAIL).toString();
+    } else if (principal instanceof User user) {
+      return user.getUsername();
+    } else if (principal instanceof Principal p) {
+      return p.getName();
+    } else {
+      return principal.toString();
+    }
+  }
+}