<tenants>
<tenant_id>1</tenant_id>
</tenants>
- <role>
- <roleId>${simpleRoleId}</roleId> <!-- It should be ok that role name is missing -->
- </role>
+ <roleList>
+ <role>
+ <roleId>${simpleRoleId}</roleId> <!-- It should be ok that role name is missing -->
+ </role>
+ </roleList>
</ns2:accounts_common>
<tenants>
<tenant_id>1</tenant_id>
</tenants>
- <role>
- <roleId>9a1fed44-25b0-48f9-8356-d16ac7555cae</roleId>
- <roleName>ROLE_1_TENANT_ADMINISTRATOR</roleName>
- </role>
- <role>
- <roleId>${simpleRole_2.CSID}</roleId>
- </role>
+ <roleList>
+ <role>
+ <roleId>9a1fed44-25b0-48f9-8356-d16ac7555cae</roleId>
+ <roleName>ROLE_1_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ <role>
+ <roleId>${simpleRole_2.CSID}</roleId>
+ </role>
+ </roleList>
</ns2:accounts_common>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:accounts_common xmlns:ns2="http://collectionspace.org/services/account" xmlns:ns3="http://collectionspace.org/services/hyperjaxb">
+ <screenName>simpleAccount-2</screenName>
+ <personRefName>simpleAccount-2</personRefName>
+ <email>simpleAccount-2@security.simpleroles.org</email>
+ <phone>1234567890</phone>
+ <userId>simpleAccount-2</userId>
+ <!-- Pass word is elmo2010, base64 encoded -->
+ <password>ZWxtbzIwMTA=</password>
+ <tenants>
+ <tenant_id>1</tenant_id>
+ </tenants>
+ <roleList>
+ </roleList>
+</ns2:accounts_common>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:accounts_common xmlns:ns2="http://collectionspace.org/services/account" xmlns:ns3="http://collectionspace.org/services/hyperjaxb">
+ <screenName>simpleAccount-1</screenName>
+ <personRefName>simpleAccount-1</personRefName>
+ <email>simpleAccount-1@security.simpleroles.org</email>
+ <phone>1234567890</phone>
+ <userId>simpleAccount-1</userId>
+ <!-- Pass word is elmo2010, base64 encoded -->
+ <password>ZWxtbzIwMTA=</password>
+ <tenants>
+ <tenant_id>1</tenant_id>
+ </tenants>
+</ns2:accounts_common>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:accounts_common xmlns:ns2="http://collectionspace.org/services/account" xmlns:ns3="http://collectionspace.org/services/hyperjaxb">
+ <screenName>simpleAccount-2</screenName>
+ <personRefName>simpleAccount-2</personRefName>
+ <email>simpleAccount-2@security.simpleroles.org</email>
+ <phone>1234567890</phone>
+ <userId>simpleAccount-2</userId>
+ <!-- Pass word is elmo2010, base64 encoded -->
+ <password>ZWxtbzIwMTA=</password>
+ <tenants>
+ <tenant_id>1</tenant_id>
+ </tenants>
+ <roleList>
+ <role>
+ <roleId>9a1fed44-25b0-48f9-8356-d16ac7555cae</roleId>
+ <roleName>ROLE_1_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ <role>
+ <roleId>${simpleRole_2.CSID}</roleId>
+ </role>
+ </roleList>
+</ns2:accounts_common>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:role xmlns:ns2="http://collectionspace.org/services/authorization">
+ <roleName>BasicRoles-SimpleRole-1</roleName>
+ <description>Role for BasicRoles-simpleRole-1 create test.</description>
+</ns2:role>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:role xmlns:ns2="http://collectionspace.org/services/authorization">
+ <roleName>BasicRoles-SimpleRole-2</roleName>
+ <description>Role for BasicRoles-simpleRole-2 create test.</description>
+ <permission>
+ <permissionId>1-vocabularies-RL</permissionId>
+ </permission>
+ <permission>
+ <permissionId>1-groups-RL</permissionId>
+ </permission>
+</ns2:role>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:accounts_common xmlns:ns2="http://collectionspace.org/services/account" xmlns:ns3="http://collectionspace.org/services/hyperjaxb">
+ <screenName>simpleAccount-2</screenName>
+ <personRefName>simpleAccount-2</personRefName>
+ <email>simpleAccount-2@security.simpleroles.org</email>
+ <phone>1234567890</phone>
+ <userId>simpleAccount-2</userId>
+ <!-- Pass word is elmo2010, base64 encoded -->
+ <password>ZWxtbzIwMTA=</password>
+ <tenants>
+ <tenant_id>1</tenant_id>
+ </tenants>
+ <roleList>
+ </roleList>
+</ns2:accounts_common>
--- /dev/null
+<ns2:accounts_common xmlns:ns2="http://collectionspace.org/services/account" xmlns:ns3="http://collectionspace.org/services/jaxb" csid="11b78937-4412-460b-bfca-ad441ec3eeae">
+ <screenName>simpleAccount-2</screenName>
+ <personRefName>simpleAccount-2</personRefName>
+ <email>simpleAccount-2@security.simpleroles.org</email>
+ <phone>1234567890</phone>
+ <userId>simpleAccount-2</userId>
+ <status>active</status>
+ <roleList/>
+</ns2:accounts_common>
--- /dev/null
+<ns2:accounts_common xmlns:ns2="http://collectionspace.org/services/account" xmlns:ns3="http://collectionspace.org/services/jaxb" csid="bf65a789-5605-43d8-a227-60ebc2a51a92">
+ <screenName>simpleAccount-2</screenName>
+ <personRefName>simpleAccount-2</personRefName>
+ <email>simpleAccount-2@security.simpleroles.org</email>
+ <phone>1234567890</phone>
+ <userId>simpleAccount-2</userId>
+ <status>active</status>
+ <roleList>
+ <role>
+ <roleId>9a1fed44-25b0-48f9-8356-d16ac7555cae</roleId>
+ <roleName>ROLE_1_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ <role>
+ <roleId>${simpleRole_2.CSID}</roleId>
+ <roleName>ROLE_1_BASICROLES-SIMPLEROLE-2</roleName>
+ </role>
+ </roleList>
+</ns2:accounts_common>
\ No newline at end of file
<tenants>
<tenant_id>1</tenant_id>
</tenants>
- <role>
- <roleId>${slipOutRole.CSID}</roleId> <!-- It should be ok that role name is missing -->
- </role>
+ <roleList>
+ <role>
+ <roleId>${slipOutRole.CSID}</roleId> <!-- It should be ok that role name is missing -->
+ </role>
+ </roleList>
</ns2:accounts_common>
<test ID="simpleAccount-1">
<method>POST</method>
<uri>/cspace-services/accounts</uri>
- <filename>security/BasicRoles/createSimpleAccount-1.xml</filename>
+ <filename>security/SimpleRoles/createSimpleAccount-1.xml</filename>
</test>
<test ID="simpleRole-1">
<method>POST</method>
<uri>/cspace-services/authorization/roles</uri>
- <filename>security/BasicRoles/createSimpleRole-1.xml</filename>
+ <filename>security/SimpleRoles/createSimpleRole-1.xml</filename>
</test>
- <!--
- Create an account and role(s) with a single payload request
- -->
<test ID="simpleRole_2">
<method>POST</method>
<uri>/cspace-services/authorization/roles</uri>
- <filename>security/BasicRoles/createSimpleRole-2.xml</filename>
+ <filename>security/SimpleRoles/createSimpleRole-2.xml</filename>
</test>
- <test ID="simpleAccount-2">
+ <test ID="simpleAccount_2">
<method>POST</method>
<uri>/cspace-services/accounts</uri>
- <filename>security/BasicRoles/createSimpleAccount-2.xml</filename>
+ <filename>security/SimpleRoles/createSimpleAccount-2.xml</filename>
+ </test>
+ <test>
+ <method>GET</method>
+ <uri>/cspace-services/accounts/${simpleAccount_2.CSID}?showRoles=true</uri>
+ <response>
+ <vars>
+ <var ID="roleCsid">${simpleRole_2.CSID}</var>
+ </vars>
+ <filename>security/SimpleRoles/responses/show-roles.res.xml</filename>
+ </response>
+ </test>
+ <test ID="removeRoles">
+ <method>PUT</method>
+ <uri>/cspace-services/accounts/${simpleAccount_2.CSID}</uri>
+ <filename>security/SimpleRoles/removeRoles.xml</filename>
+ </test>
+ <test>
+ <method>GET</method>
+ <uri>/cspace-services/accounts/${simpleAccount_2.CSID}?showRoles=true</uri>
+ <response>
+ <filename>security/SimpleRoles/responses/no-roles.res.xml</filename>
+ </response>
</test>
</testGroup>
import java.util.List;
import org.collectionspace.services.account.AccountsCommon;
+import org.collectionspace.services.account.RoleList;
import org.collectionspace.services.authorization.AccountRole;
import org.collectionspace.services.authorization.AccountValue;
import org.collectionspace.services.authorization.SubjectType;
Collection<org.collectionspace.services.account.RoleValue> roleValueList,
boolean useAccountId,
boolean useRoleId) {
-
- Collection<RoleValue> authzRoleValueList = new ArrayList<RoleValue>();
- if (roleValueList != null && roleValueList.size() > 0) {
- for (org.collectionspace.services.account.RoleValue rv : roleValueList) {
- RoleValue authzRoleValue = new RoleValue();
- authzRoleValue.setDisplayName(rv.getDisplayName());
- authzRoleValue.setRoleId(rv.getRoleId());
- authzRoleValue.setRoleName(rv.getRoleName());
- authzRoleValue.setRoleRelationshipId(rv.getRoleRelationshipId());
- authzRoleValue.setTenantId(rv.getTenantId());
- authzRoleValueList.add(authzRoleValue);
- }
- }
-
- AccountValue accountValue = AccountFactory.createAccountValue(accountsCommon);
+
+ Collection<RoleValue> authzRoleValueList = new ArrayList<RoleValue>();
+ if (roleValueList != null && roleValueList.size() > 0) {
+ for (org.collectionspace.services.account.RoleValue rv : roleValueList) {
+ RoleValue authzRoleValue = new RoleValue();
+ authzRoleValue.setDisplayName(rv.getDisplayName());
+ authzRoleValue.setRoleId(rv.getRoleId());
+ authzRoleValue.setRoleName(rv.getRoleName());
+ authzRoleValue.setRoleRelationshipId(rv.getRoleRelationshipId());
+ authzRoleValue.setTenantId(rv.getTenantId());
+ authzRoleValueList.add(authzRoleValue);
+ }
+ }
+
+ AccountValue accountValue = AccountFactory.createAccountValue(accountsCommon);
return AccountRoleFactory.createAccountRoleInstance(accountValue, authzRoleValueList, useAccountId, useRoleId);
}
* @param roleValueList
* @return
*/
- static public List<org.collectionspace.services.account.RoleValue> convert(List<RoleValue> roleValueList) {
- List<org.collectionspace.services.account.RoleValue> result = new ArrayList<org.collectionspace.services.account.RoleValue>();
-
- if (roleValueList != null && roleValueList.size() > 0) {
- for (RoleValue rv : roleValueList) {
- org.collectionspace.services.account.RoleValue accountRoleValue = new org.collectionspace.services.account.RoleValue();
- accountRoleValue.setDisplayName(rv.getDisplayName());
- accountRoleValue.setRoleId(rv.getRoleId());
- accountRoleValue.setRoleName(rv.getRoleName());
- accountRoleValue.setRoleRelationshipId(rv.getRoleRelationshipId());
- accountRoleValue.setTenantId(rv.getTenantId());
- result.add(accountRoleValue);
- }
- }
-
- return result;
+ static public RoleList convert(List<RoleValue> roleValueList) {
+ RoleList result = new RoleList();
+ List<org.collectionspace.services.account.RoleValue> listOfRoleValues = new ArrayList<org.collectionspace.services.account.RoleValue>();
+
+ if (roleValueList != null && roleValueList.size() > 0) {
+ for (RoleValue rv : roleValueList) {
+ org.collectionspace.services.account.RoleValue accountRoleValue = new org.collectionspace.services.account.RoleValue();
+ accountRoleValue.setDisplayName(rv.getDisplayName());
+ accountRoleValue.setRoleId(rv.getRoleId());
+ accountRoleValue.setRoleName(rv.getRoleName());
+ accountRoleValue.setRoleRelationshipId(rv.getRoleRelationshipId());
+ accountRoleValue.setTenantId(rv.getTenantId());
+ listOfRoleValues.add(accountRoleValue);
+ }
+ }
+
+ result.setRole(listOfRoleValues);
+ return result;
}
}
</xs:appinfo>
</xs:annotation>
</xs:element>
- <xs:element name="role" type="role_value" minOccurs="1" maxOccurs="unbounded"/>
+ <xs:element name="roleList" type="roleList" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
<xs:attribute name="csid" type="xs:string">
<xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
+
+ <xs:complexType name="roleList">
+ <xs:annotation>
+ <xs:documentation>
+ RoleList is used relationships
+ </xs:documentation>
+ <xs:appinfo>
+ <hj:ignored/>
+ </xs:appinfo>
+ </xs:annotation>
+ <xs:sequence>
+ <xs:element name="role" type="role_value" minOccurs="1" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
<xs:complexType name="role_value" >
<xs:annotation>
<xs:documentation>
- RoleValue is used relationships
+ RoleValue is used in relationships
</xs:documentation>
<xs:appinfo>
<hj:ignored/>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<ns:accounts_common xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
+ xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"
+ xmlns:hj="http://hyperjaxb3.jvnet.org/ejb/schemas/customizations"
+ xmlns:orm="http://java.sun.com/xml/ns/persistence/orm"
+ xmlns:ns="http://collectionspace.org/services/account"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://collectionspace.org/services/account file:/Users/remillet/dev/src/cspace/services/services/account/jaxb/src/main/resources/accounts_common.xsd" csid="csid0">
+ <screenName>screenName0</screenName>
+ <personRefName>personRefName0</personRefName>
+ <email>email0</email>
+ <phone>phone0</phone>
+ <mobile>mobile0</mobile>
+ <userId>userId0</userId>
+ <password>ZGVmYXVsdA==</password>
+ <tenants>
+ <tenant_id>tenant_id0</tenant_id>
+ </tenants>
+ <tenants>
+ <tenant_id>tenant_id1</tenant_id>
+ </tenants>
+ <status>active</status>
+ <metadataProtection>metadataProtection0</metadataProtection>
+ <rolesProtection>rolesProtection0</rolesProtection>
+ <createdAt>2006-05-04T18:13:51.0</createdAt>
+ <updatedAt>2006-05-04T18:13:51.0</updatedAt>
+ <roleList>
+ <role>
+ <roleRelationshipId>roleRelationshipId0</roleRelationshipId>
+ <roleId>roleId0</roleId>
+ <roleName>roleName0</roleName>
+ <displayName>displayName0</displayName>
+ <tenantId>tenantId0</tenantId>
+ </role>
+ <role>
+ <roleRelationshipId>roleRelationshipId1</roleRelationshipId>
+ <roleId>roleId1</roleId>
+ <roleName>roleName1</roleName>
+ <displayName>displayName1</displayName>
+ <tenantId>tenantId1</tenantId>
+ </role>
+ </roleList>
+</ns:accounts_common>
AccountsCommon accountReceived = getCommonPart();
// If marked as metadata immutable, do not do update
if (!AccountClient.IMMUTABLE.equals(accountFound.getMetadataProtection())) {
- merge(accountReceived, accountFound);
+ merge(accountReceived, accountFound);
}
//
// Update the accountroles if supplied
//
- List<RoleValue> roleValueList = accountReceived.getRole();
- if (roleValueList != null && roleValueList.size() > 0) {
- AccountRoleSubResource subResource =
- new AccountRoleSubResource(AccountRoleSubResource.ACCOUNT_ACCOUNTROLE_SERVICE);
- //
- // First, delete the exist accountroles
- //
- subResource.deleteAccountRole(getServiceContext(), accountFound.getCsid(), SubjectType.ROLE);
- //
- // Next, create the new accountroles
- //
- AccountRole accountRole = AccountRoleFactory.createAccountRoleInstance(accountFound,
- roleValueList, true, true);
- String accountRoleCsid = subResource.createAccountRole(getServiceContext(), accountRole, SubjectType.ROLE);
- //
- // Finally, set the updated role list in the result
- //
- AccountRole newAccountRole = subResource.getAccountRole(getServiceContext(), accountFound.getCsid(), SubjectType.ROLE);
- accountFound.setRole(AccountRoleFactory.convert(newAccountRole.getRole()));
+ if (accountReceived.getRoleList() != null) { // if null, no <roleList> element was supplied so we don't do anything to the account-role relationships
+ //
+ // First, delete the existing accountroles
+ //
+ AccountRoleSubResource subResource =
+ new AccountRoleSubResource(AccountRoleSubResource.ACCOUNT_ACCOUNTROLE_SERVICE);
+ subResource.deleteAccountRole(getServiceContext(), accountFound.getCsid(), SubjectType.ROLE);
+ //
+ // Check to see if the payload has new roles to relate to the account
+ //
+ List<RoleValue> roleValueList = accountReceived.getRoleList().getRole();
+ if (roleValueList != null && roleValueList.size() > 0) {
+ //
+ // Next, create the new accountroles
+ //
+ AccountRole accountRole = AccountRoleFactory.createAccountRoleInstance(accountFound,
+ roleValueList, true, true);
+ String accountRoleCsid = subResource.createAccountRole(getServiceContext(), accountRole, SubjectType.ROLE);
+ //
+ // Finally, set the updated role list in the result
+ //
+ AccountRole newAccountRole = subResource.getAccountRole(getServiceContext(), accountFound.getCsid(), SubjectType.ROLE);
+ accountFound.setRoleList(AccountRoleFactory.convert(newAccountRole.getRole()));
+ }
}
}
* If the create payload included a list of role, relate them to the account.
*/
public void completeCreate(DocumentWrapper<AccountsCommon> wrapDoc) throws Exception {
- AccountsCommon accountsCommon = wrapDoc.getWrappedObject();
- List<RoleValue> roleValueList = account.getRole();
- if (roleValueList != null && roleValueList.size() > 0) {
- //
- // To prevent new Accounts being created (especially low-level Spring Security accounts/SIDs), we'll first flush the current
- // JPA context to ensure our Account can be successfully persisted.
- //
- TransactionContext jpaTransactionContext = this.getServiceContext().getCurrentTransactionContext();
- jpaTransactionContext.flush();
-
- AccountRoleSubResource subResource = new AccountRoleSubResource(AccountRoleSubResource.ACCOUNT_ACCOUNTROLE_SERVICE);
- AccountRole accountRole = AccountRoleFactory.createAccountRoleInstance(accountsCommon, roleValueList, true, true);
- subResource.createAccountRole(this.getServiceContext(), accountRole, SubjectType.ROLE);
- }
+ AccountsCommon accountsCommon = wrapDoc.getWrappedObject();
+ List<RoleValue> roleValueList = account.getRoleList() != null ? account.getRoleList().getRole() : null;
+ if (roleValueList != null && roleValueList.size() > 0) {
+ //
+ // To prevent new Accounts being created (especially low-level Spring Security accounts/SIDs), we'll first flush the current
+ // JPA context to ensure our Account can be successfully persisted.
+ //
+ TransactionContext jpaTransactionContext = this.getServiceContext().getCurrentTransactionContext();
+ jpaTransactionContext.flush();
+
+ AccountRoleSubResource subResource = new AccountRoleSubResource(AccountRoleSubResource.ACCOUNT_ACCOUNTROLE_SERVICE);
+ AccountRole accountRole = AccountRoleFactory.createAccountRoleInstance(accountsCommon, roleValueList, true, true);
+ subResource.createAccountRole(this.getServiceContext(), accountRole, SubjectType.ROLE);
+ }
}
@Override
getServiceContext().setOutput(getCommonPartList());
}
- @SuppressWarnings("unchecked")
- @Override
-
public AccountsCommon extractCommonPart(DocumentWrapper<AccountsCommon> wrapDoc) throws Exception {
- AccountsCommon account = wrapDoc.getWrappedObject();
-
- String includeRolesQueryParamValue = (String) getServiceContext().getQueryParams().getFirst(AccountClient.INCLUDE_ROLES_QP);
- boolean includeRoles = Tools.isTrue(includeRolesQueryParamValue);
- if (includeRoles) {
- AccountRoleSubResource accountRoleResource = new AccountRoleSubResource(
- AccountRoleSubResource.ACCOUNT_ACCOUNTROLE_SERVICE);
- AccountRole accountRole = accountRoleResource.getAccountRole(getServiceContext(), account.getCsid(),
- SubjectType.ROLE);
- account.setRole(AccountRoleFactory.convert(accountRole.getRole()));
- }
-
- return wrapDoc.getWrappedObject();
- }
+ @SuppressWarnings("unchecked")
+ @Override
+ public AccountsCommon extractCommonPart(DocumentWrapper<AccountsCommon> wrapDoc) throws Exception {
+ AccountsCommon account = wrapDoc.getWrappedObject();
+
+ String includeRolesQueryParamValue = (String) getServiceContext().getQueryParams().getFirst(AccountClient.INCLUDE_ROLES_QP);
+ boolean includeRoles = Tools.isTrue(includeRolesQueryParamValue);
+ if (includeRoles) {
+ AccountRoleSubResource accountRoleResource = new AccountRoleSubResource(
+ AccountRoleSubResource.ACCOUNT_ACCOUNTROLE_SERVICE);
+ AccountRole accountRole = accountRoleResource.getAccountRole(getServiceContext(), account.getCsid(),
+ SubjectType.ROLE);
+ account.setRoleList(AccountRoleFactory.convert(accountRole.getRole()));
+ }
+
+ return wrapDoc.getWrappedObject();
+ }
@Override
public void fillCommonPart(AccountsCommon obj, DocumentWrapper<AccountsCommon> wrapDoc)
DocumentWrapper<List<AccountsCommon>> wrapDoc)
throws Exception {
- AccountsCommonList accList = this.extractPagingInfo(new AccountsCommonList(), wrapDoc);
+ AccountsCommonList accList = this.extractPagingInfo(new AccountsCommonList(), wrapDoc);
// AccountsCommonList accList = new AccountsCommonList();
List<AccountListItem> list = accList.getAccountListItem();
* @param account
*/
@Override
-
public void sanitize(DocumentWrapper<AccountsCommon> wrapDoc) {
- AccountsCommon account = wrapDoc.getWrappedObject();
- sanitize(account);
+ public void sanitize(DocumentWrapper<AccountsCommon> wrapDoc) {
+ AccountsCommon account = wrapDoc.getWrappedObject();
+ sanitize(account);
}
- private void sanitize(AccountsCommon account) {
+ private void sanitize(AccountsCommon account) {
account.setPassword(null);
if (!SecurityUtils.isCSpaceAdmin()) {
account.setTenants(new ArrayList<AccountTenant>(0));
projects / tmp / jakarta-migration.git / commitdiff