CSPACE-2142: When a role is deleted, its association(s) with account(s) are not delet...

author Richard Millet <richard.millet@berkeley.edu>

Wed, 1 Sep 2010 23:11:36 +0000 (23:11 +0000)

committer Richard Millet <richard.millet@berkeley.edu>

Wed, 1 Sep 2010 23:11:36 +0000 (23:11 +0000)
author Richard Millet <richard.millet@berkeley.edu>
Wed, 1 Sep 2010 23:11:36 +0000 (23:11 +0000)
committer Richard Millet <richard.millet@berkeley.edu>
Wed, 1 Sep 2010 23:11:36 +0000 (23:11 +0000)
diff --git a/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java b/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java

index b00af2420e3ac8b232503af96fe0e13f924e2b2a..a824db8cd46b39b86056d044b65e20c5c006a510 100644 (file)
--- a/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
+++ b/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
@@ -31,6 +31,8 @@ import org.collectionspace.services.account.storage.AccountRoleDocumentHandler;
  import org.collectionspace.services.authorization.AccountRole;
  import org.collectionspace.services.authorization.AccountValue;
  import org.collectionspace.services.authorization.AccountRoleRel;
+import org.collectionspace.services.authorization.Permission;
+import org.collectionspace.services.authorization.Role;
  import org.collectionspace.services.authorization.SubjectType;
  
  import org.collectionspace.services.common.AbstractCollectionSpaceResourceImpl;
@@ -55,7 +57,7 @@ public class AccountRoleSubResource
         extends AbstractCollectionSpaceResourceImpl<AccountRole, AccountRole> {
  
      final public static String ACCOUNT_ACCOUNTROLE_SERVICE = "accounts/accountroles";
-    final public static String ROLE_ACCOUNTROLE_SERVICE = "roles/accountroles";
+    final public static String ROLE_ACCOUNTROLE_SERVICE = "authorization/roles/accountroles";
      //this service is never exposed as standalone RESTful service...just use unique
      //service name to identify binding
      /** The service name. */
@@ -69,7 +71,7 @@ public class AccountRoleSubResource
       *
       * @param serviceName qualified service path
       */
-    AccountRoleSubResource(String serviceName) {
+    public AccountRoleSubResource(String serviceName) {
          this.serviceName = serviceName;
      }
  
@@ -126,9 +128,16 @@ public class AccountRoleSubResource
          ctx.setProperty(ServiceContextProperties.ENTITY_CLASS, AccountRoleRel.class);
          //subject name is necessary to indicate if role or account is a subject
          ctx.setProperty(ServiceContextProperties.SUBJECT, subject);
+        
          //set context for the relationship query
-        ctx.setProperty(ServiceContextProperties.OBJECT_CLASS, AccountsCommon.class);
-        ctx.setProperty(ServiceContextProperties.OBJECT_ID, "account_id");
+        if (subject == SubjectType.ROLE) {
+            ctx.setProperty(ServiceContextProperties.OBJECT_CLASS, AccountsCommon.class);
+            ctx.setProperty(ServiceContextProperties.OBJECT_ID, "account_id");
+        } else if (subject == SubjectType.ACCOUNT) {
+            ctx.setProperty(ServiceContextProperties.OBJECT_CLASS, Role.class);
+            ctx.setProperty(ServiceContextProperties.OBJECT_ID, "role_id");
+        }
+        
          return ctx;
      }
  
diff --git a/services/authorization-mgt/service/pom.xml b/services/authorization-mgt/service/pom.xml

index a8205b7f35ec9857272ae697b9abcbfe77001b35..ab436b391812db2ad873c811961d0e1d87975a75 100644 (file)
--- a/services/authorization-mgt/service/pom.xml
+++ b/services/authorization-mgt/service/pom.xml
@@ -172,6 +172,12 @@
              <version>${project.version}</version>\r
              <scope>provided</scope>\r
          </dependency>\r
+        <dependency>\r
+            <groupId>org.collectionspace.services</groupId>\r
+            <artifactId>org.collectionspace.services.account.service</artifactId>\r
+            <version>${project.version}</version>\r
+            <scope>provided</scope>\r
+        </dependency>\r
          <dependency>\r
              <groupId>org.collectionspace.services</groupId>\r
              <artifactId>org.collectionspace.services.common</artifactId>\r
diff --git a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java

index bc337392ebac16822d506e1f18d061f070da862f..fe4390caa2e0fbfd536dfbdf17eefb12aa0b234e 100644 (file)
--- a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java
+++ b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java
@@ -39,6 +39,7 @@ import javax.ws.rs.core.Response;
  import javax.ws.rs.core.UriBuilder;
  import javax.ws.rs.core.UriInfo;
  
+import org.collectionspace.services.account.AccountRoleSubResource;
  import org.collectionspace.services.common.AbstractCollectionSpaceResourceImpl;
  //import org.collectionspace.services.common.context.RemoteServiceContextImpl;
  import org.collectionspace.services.common.ServiceMessages;
@@ -351,13 +352,17 @@ public class RoleResource
              throw new WebApplicationException(response);
          }
          try {
-            //FIXME ideally the following two ops should be in the same tx CSPACE-658
+            //FIXME ideally the following three operations should be in the same tx CSPACE-658
              //delete all relationships for this permission
-            PermissionRoleSubResource subResource =
+            PermissionRoleSubResource permRoleResource =
                      new PermissionRoleSubResource(PermissionRoleSubResource.ROLE_PERMROLE_SERVICE);
-            subResource.deletePermissionRole(csid, SubjectType.PERMISSION);
-
-            ServiceContext ctx = createServiceContext((Role) null, Role.class);
+            permRoleResource.deletePermissionRole(csid, SubjectType.PERMISSION);
+            //delete all the account/role relationships associate with this role
+            AccountRoleSubResource accountRoleResource =
+                new AccountRoleSubResource(AccountRoleSubResource.ROLE_ACCOUNTROLE_SERVICE);
+            accountRoleResource.deleteAccountRole(csid, SubjectType.ACCOUNT);
+            //finally, delete the role itself
+            ServiceContext<Role, Role> ctx = createServiceContext((Role) null, Role.class);
              ((JpaStorageClientImpl) getStorageClient(ctx)).deleteWhere(ctx, csid);
              return Response.status(HttpResponseCodes.SC_OK).build();
          } catch (UnauthorizedException ue) {
diff --git a/services/common/src/main/config/services/tenant-bindings.xml b/services/common/src/main/config/services/tenant-bindings.xml

index 77d50335ec1524416867a3dcfdf21ec426ecaf3c..184665b56da37d8dd4f6e6550808f3a2a93bfe02 100644 (file)
--- a/services/common/src/main/config/services/tenant-bindings.xml
+++ b/services/common/src/main/config/services/tenant-bindings.xml
@@ -1152,6 +1152,46 @@
              </service:object>
          </tenant:serviceBindings>
          <!-- end role-permission service meta-data -->
+        
+        <!-- begin role-account service meta-data -->
+        <!-- the following service is same as account/accountroles service -->
+        <!-- except that it is available as a sub resource of the role service -->
+        <tenant:serviceBindings name="authorization/roles/accountroles" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+<!--            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /authorization/roles/*/accountroles/
+            </service:uriPath>-->
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.account.storage.AccountRoleDocumentHandler
+            </service:documentHandler>
+            <!--service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.authorization.storage.PermissionRoleValidatorHandler
+            </service:validatorHandler-->
+            <service:object name="AccountRole" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="accountroles_system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="accountroles" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/authorization"
+                            schemaLocation="http://collectionspace.org/services/authorization http://services.collectionspace.org/authorization/accounts_roles.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        
      </tenant:tenantBinding>
      <!-- end movingimages.us tenant meta-data -->
  
@@ -2255,7 +2295,47 @@
              </service:object>
          </tenant:serviceBindings>
          <!-- end role-permission service meta-data -->
+    
+        <!-- begin role-account service meta-data -->
+        <!-- the following service is same as account/accountroles service -->
+        <!-- except that it is available as a sub resource of the role service -->
+        <tenant:serviceBindings name="authorization/roles/accountroles" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+<!--            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /authorization/roles/*/accountroles/
+            </service:uriPath>-->
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.account.storage.AccountRoleDocumentHandler
+            </service:documentHandler>
+            <!--service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.authorization.storage.PermissionRoleValidatorHandler
+            </service:validatorHandler-->
+            <service:object name="AccountRole" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="accountroles_system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="accountroles" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/authorization"
+                            schemaLocation="http://collectionspace.org/services/authorization http://services.collectionspace.org/authorization/accounts_roles.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
      </tenant:tenantBinding>
+    
      <!-- end hearstmuseum.berkeley.edu tenant meta-data -->
  
  </tenant:TenantBindingConfig>
author	Richard Millet <richard.millet@berkeley.edu>
	Wed, 1 Sep 2010 23:11:36 +0000 (23:11 +0000)
committer	Richard Millet <richard.millet@berkeley.edu>
	Wed, 1 Sep 2010 23:11:36 +0000 (23:11 +0000)
services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java		patch \| blob \| history
services/authorization-mgt/service/pom.xml		patch \| blob \| history
services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java		patch \| blob \| history
services/common/src/main/config/services/tenant-bindings.xml		patch \| blob \| history