The delete on accountrole sub resource of the account service now requires a POST with parameter _method=delete (/accounts/{accountcsid}/accountroles?_method=delete) and entity body (like POST for create). The delete only deletes the relationships found in the entity body.
test: all service tests
NOTE: all the tests pass with the first run. in the second run dimension service tests fail. this might be because some problem (debugging) introduced by eith the security/client/AuthorizationServiceTest or security/client/MultiTenancyTest which use "dimensions" service for security testing
}
/**
- * @param accRole
+ * @param csid
+ * @param accRole relationships to create
* @return
* @see
*/
/**
* @param csid
- * @param arcsid relationship does not have an id, junk is fine
+ * @param accRole relationship to delete
* @return
* @see
*/
- public ClientResponse<Response> delete(String csid, String arcsid) {
- return accountRoleProxy.delete(csid, arcsid);
+ public ClientResponse<Response> delete(String csid, AccountRole accRole) {
+ return accountRoleProxy.delete(csid, "delete", accRole);
}
}
package org.collectionspace.services.client;
import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
@PathParam("arcsid") String arcsid);
//(D)elete
- @DELETE
- @Path("/{csid}/accountroles/{arcsid}")
+ @POST
+ @Path("/{csid}/accountroles")
ClientResponse<Response> delete(@PathParam("csid") String csid,
- @PathParam("arcsid") String arcsid);
+ @QueryParam("_method") String method,
+ AccountRole accRole);
}
setupCreate();
// Submit the request to the service and store the response.
- AccountValue pv = accValues.get("acc-role-user1");
- AccountRole accRole = createAccountRoleInstance(pv,
+ AccountValue av = accValues.get("acc-role-user1");
+ AccountRole accRole = createAccountRoleInstance(av,
roleValues.values(), true, true);
AccountRoleClient client = new AccountRoleClient();
- ClientResponse<Response> res = client.create(pv.getAccountId(), accRole);
+ ClientResponse<Response> res = client.create(av.getAccountId(), accRole);
try {
int statusCode = res.getStatus();
// Submit the request to the service and store the response.
AccountRoleClient client = new AccountRoleClient();
+ AccountValue av = accValues.get("acc-role-user1");
+ AccountRole accRole = createAccountRoleInstance(av,
+ roleValues.values(), true, true);
ClientResponse<Response> res = client.delete(
- accValues.get("acc-role-user1").getAccountId(), "123");
+ accValues.get("acc-role-user1").getAccountId(), accRole);
int statusCode = res.getStatus();
try {
// Check the status code of the response: does it match
/**
* Creates the account role instance.
*
- * @param pv the pv
+ * @param av the av
* @param rvs the rvs
* @param usePermId the use perm id
* @param useRoleId the use role id
logger.debug("Cleaning up temporary resources created for testing ...");
}
- AccountRoleClient client = new AccountRoleClient();
- for (String resourceId : allResourceIdsCreated) {
- ClientResponse<Response> res = client.delete(resourceId, "123");
- try {
- int statusCode = res.getStatus();
- if (logger.isDebugEnabled()) {
- logger.debug("clenaup: delete relationships for accission id="
- + resourceId + " status=" + statusCode);
- }
- Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
- invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
- Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
- } finally {
- res.releaseConnection();
- }
- }
for (AccountValue pv : accValues.values()) {
deleteAccount(pv.getAccountId());
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.PathParam;
+import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
@POST
@Path("{csid}/accountroles")
- public Response createAccountRole(@PathParam("csid") String accCsid,
+ public Response createAccountRole(@QueryParam("_method") String method,
+ @PathParam("csid") String accCsid,
AccountRole input) {
+ if (method != null) {
+ if ("delete".equalsIgnoreCase(method)) {
+ return deleteAccountRole(accCsid, input);
+ }
+ }
if (logger.isDebugEnabled()) {
logger.debug("createAccountRole with accCsid=" + accCsid);
}
return result;
}
- @DELETE
- @Path("{csid}/accountroles/{accrolecsid}")
public Response deleteAccountRole(
@PathParam("csid") String accCsid,
- @PathParam("accrolecsid") String accrolecsid) {
+ AccountRole input) {
if (logger.isDebugEnabled()) {
logger.debug("deleteAccountRole with accCsid=" + accCsid);
}
AccountRoleSubResource subResource =
new AccountRoleSubResource(AccountRoleSubResource.ACCOUNT_ACCOUNTROLE_SERVICE);
//delete all relationships for an account
- subResource.deleteAccountRole(accCsid, SubjectType.ROLE);
+ subResource.deleteAccountRole(accCsid, SubjectType.ROLE, input);
return Response.status(HttpResponseCodes.SC_OK).build();
} catch (UnauthorizedException ue) {
Response response = Response.status(
final public static String ACCOUNT_ACCOUNTROLE_SERVICE = "accounts/accountroles";
final public static String ROLE_ACCOUNTROLE_SERVICE = "roles/accountroles";
-
//this service is never exposed as standalone RESTful service...just use unique
//service name to identify binding
/** The service name. */
- private String serviceName = ACCOUNT_ACCOUNTROLE_SERVICE;
+ private String serviceName = ACCOUNT_ACCOUNTROLE_SERVICE;
/** The logger. */
final Logger logger = LoggerFactory.getLogger(AccountRoleSubResource.class);
/** The storage client. */
AccountRoleSubResource(String serviceName) {
this.serviceName = serviceName;
}
-
+
/* (non-Javadoc)
* @see org.collectionspace.services.common.AbstractCollectionSpaceResourceImpl#getVersionString()
*/
-
@Override
protected String getVersionString() {
/** The last change revision. */
}
/**
- * deleteAccountRole deletes account-role relationships using given
+ * deleteAccountRole deletes all account-role relationships using given
* csid of object (account/role) and subject (role/account)
- * @param csid
+ * @param csid of the object
* @param subject
* @return
* @throws Exception
ServiceContext<AccountRole, AccountRole> ctx = createServiceContext((AccountRole) null, subject);
getStorageClient(ctx).delete(ctx, csid);
}
+
+ /**
+ * deleteAccountRole deletes given account-role relationships using given
+ * csid of object (account/role) and subject (role/account)
+ * @param csid of the object
+ * @param subject
+ * @param input with account role relationships to delete
+ * @return
+ * @throws Exception
+ */
+ public void deleteAccountRole(String csid, SubjectType subject, AccountRole input)
+ throws Exception {
+
+ ServiceContext<AccountRole, AccountRole> ctx = createServiceContext(input, subject);
+ DocumentHandler handler = createDocumentHandler(ctx);
+ getStorageClient(ctx).delete(ctx, csid, handler);
+ }
}
throw new UnsupportedOperationException("operation not relevant for AccountRoleDocumentHandler");
}
+ @Override
+ public void handleDelete(DocumentWrapper<List<AccountRoleRel>> wrapDoc) throws Exception {
+ fillCommonPart(getCommonPart(), wrapDoc);
+ }
+
@Override
public AccountRole extractCommonPart(
DocumentWrapper<List<AccountRoleRel>> wrapDoc)
PermissionRoleSubResource subResource =
new PermissionRoleSubResource(PermissionRoleSubResource.PERMISSION_PERMROLE_SERVICE);
subResource.deletePermissionRole(csid, SubjectType.ROLE);
- //delete permissions in the authz provider too
+ //NOTE for delete permissions in the authz provider
//at the PermissionRoleSubResource/DocHandler level, there is no visibility
- //if permission is deleted, so do it here
+ //if permission is deleted, so do it here, however,
+ //this is a very dangerous operation as it deletes the Spring ACL instead of ACE(s)
+ //the ACL might be needed for other ACEs roles...
AuthorizationDelegate.deletePermissions(csid);
ServiceContext<Permission, Permission> ctx = createServiceContext((Permission) null, Permission.class);
* @param permCsid
* @throws Exception
*/
+ //Non-javadoc comment : this is a very dangerous operation as it deletes
+ //the Spring ACL instead of ACE(s) that is associated with each role
+ //the ACL might be needed for other ACEs (including those for ROLE_ADMINISTRATOR,
+ //ROLE_TENANT_ADMINISTRATOR, etc.)...
static public void deletePermissions(String permCsid) throws Exception {
Permission p = getPermission(permCsid);
if (p == null) {
this.provider = provider;
}
+ /**
+ * addPermissions adds permissions according to the given grant for given
+ * resource#action for each given principal
+ * @param res
+ * @param action
+ * @param principals
+ * @param grant
+ * @throws PermissionException
+ */
@Override
public void addPermissions(CSpaceResource res, CSpaceAction action, String[] principals, boolean grant)
throws PermissionException {
}
}
+ /**
+ * deletePermissions removes permisions for given resource#action for each given principal
+ * @param res
+ * @param action
+ * @param principals
+ * @throws PermissionNotFoundException
+ * @throws PermissionException
+ */
@Override
public void deletePermissions(CSpaceResource res, CSpaceAction action, String[] principals)
throws PermissionNotFoundException, PermissionException {
}
}
+ /**
+ * deletePermissions
+ * @param res
+ * @param action
+ * @throws PermissionNotFoundException
+ * @throws PermissionException
+ */
+ //non-javadoc NOTE: this is a very destructive operation. it would remove all permissions
+ //to access given resource#action for ANY role including administrators
@Override
public void deletePermissions(CSpaceResource res, CSpaceAction action)
throws PermissionNotFoundException, PermissionException {
}
+ /**
+ * deletePermissions
+ * @param res
+ * @throws PermissionNotFoundException
+ * @throws PermissionException
+ */
+ //non-javadoc NOTE: this is a very very destructive operation. it would remove all permissions
+ //to access given resource for ANY action for ANY role including administrators
@Override
public void deletePermissions(CSpaceResource res)
throws PermissionNotFoundException, PermissionException {
}
}
+ /**
+ * addPermission adds permission grant for given object identity for given permission
+ * for given sid
+ * @param oid
+ * @param permission
+ * @param sid
+ * @param grant
+ * @throws PermissionException
+ */
private void addPermission(ObjectIdentity oid, Permission permission,
Sid sid, boolean grant) throws PermissionException {
MutableAcl acl;
}
}
+ /**
+ * deletePermissions deletes given permission on given object id for given sid
+ * @param oid
+ * @param permission
+ * @param sid
+ */
+ //non-javadoc NOTE: if sid is null it would remove ACEs for all sid(s)
private void deletePermissions(ObjectIdentity oid, Permission permission, Sid sid) /** throws AclDataAccessException */
{
int i = 0;
deletePermissionRoles();
deleteAccountRoles();
- //FIXME delete on permission role deletes all roles associated with the permission
- //this would delete association with ROLE_ADMINISTRATION too
+ //FIXME delete on permission deletes all associations with roles
+ //this would delete association with ROLE_ADMINISTRATOR too
//deletePermissions();
deleteRoles();
deleteAccounts();
}
+ private void deletePermissionRoles() {
+
+ List<RoleValue> bigbirdRoleValues = new ArrayList<RoleValue>();
+ bigbirdRoleValues.add(roleValues.get("ROLE_TEST_CM"));
+ deletePermissionRole(permValues.get(bigbirdPermId), bigbirdRoleValues);
+
+ List<RoleValue> elmoRoleValues = new ArrayList<RoleValue>();
+ elmoRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
+ deletePermissionRole(permValues.get(elmoPermId), elmoRoleValues);
+
+ }
+
+ private void deleteAccountRoles() {
+ List<RoleValue> bigbirdRoleValues = new ArrayList<RoleValue>();
+ bigbirdRoleValues.add(roleValues.get("ROLE_TEST_CM"));
+ deleteAccountRole(accValues.get("bigbird2010"), bigbirdRoleValues);
+
+ List<RoleValue> elmoRoleValues = new ArrayList<RoleValue>();
+ elmoRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
+ deleteAccountRole(accValues.get("elmo2010"), elmoRoleValues);
+ }
+
+ private void deletePermissions() {
+ //delete entities
+ for (PermissionValue pv : permValues.values()) {
+ deletePermission(pv.getPermissionId());
+ }
+ }
+
+ private void deleteRoles() {
+ for (RoleValue rv : roleValues.values()) {
+ deleteRole(rv.getRoleId());
+ }
+ }
+
+ private void deleteAccounts() {
+
+ for (AccountValue av1 : accValues.values()) {
+ deleteAccount(av1.getAccountId());
+ }
+ }
+
private String createPermission(String resName, EffectType effect) {
List<PermissionAction> actions = PermissionFactory.createDefaultActions();
return createPermission(resName, actions, effect);
return extractId(res);
}
- private void deleteAccountRole(String screenName) {
+ private void deleteAccountRole(AccountValue av,
+ Collection<RoleValue> rvs) {
// Perform setup.
setupDelete();
// Submit the request to the service and store the response.
AccountRoleClient client = new AccountRoleClient();
+ AccountRole accRole = AccountRoleFactory.createAccountRoleInstance(
+ av, rvs, true, true);
ClientResponse<Response> res = client.delete(
- accValues.get(screenName).getAccountId(), "123");
+ av.getAccountId(), accRole);
int statusCode = res.getStatus();
// Check the status code of the response: does it match
Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
res.releaseConnection();
}
-
- private void deletePermissionRoles() {
-
- List<RoleValue> bigbirdRoleValues = new ArrayList<RoleValue>();
- bigbirdRoleValues.add(roleValues.get("ROLE_TEST_CM"));
- deletePermissionRole(permValues.get(bigbirdPermId), bigbirdRoleValues);
-
- List<RoleValue> elmoRoleValues = new ArrayList<RoleValue>();
- elmoRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
- deletePermissionRole(permValues.get(elmoPermId), elmoRoleValues);
-
- }
-
- private void deleteAccountRoles() {
- for (AccountValue av : accValues.values()) {
- deleteAccountRole(av.getUserId());
- }
- }
-
- private void deletePermissions() {
- //delete entities
- for (PermissionValue pv : permValues.values()) {
- deletePermission(pv.getPermissionId());
- }
- }
-
- private void deleteRoles() {
- for (RoleValue rv : roleValues.values()) {
- deleteRole(rv.getRoleId());
- }
- }
-
- private void deleteAccounts() {
-
- for (AccountValue av1 : accValues.values()) {
- deleteAccount(av1.getAccountId());
- }
- }
-
- private String getTenantId(AccountClient client) {
- return client.getProperty(AccountClient.TENANT_PROPERTY);
- }
}
deletePermissionRoles();
deleteAccountRoles();
- //FIXME delete on permission role deletes all roles associated with the permission
- //this would delete association with ROLE_ADMINISTRATION too
+ //deletePermissions would delete association with ROLE_XXX_ADMINISTRTOR too
//deletePermissions();
deleteRoles();
deleteAccounts();
private void deletePermissionRoles() {
- //first delete relationships between the entities
-
for (String tenantId : tenantPermissions.keySet()) {
List<RoleValue> tenantRoleValues = new ArrayList<RoleValue>();
tenantRoleValues.add(tenantRoles.get(tenantId));
private void deleteAccountRoles() {
for (String tenantId : tenantAccounts.keySet()) {
+ List<RoleValue> tenantRoleValues = new ArrayList<RoleValue>();
+ tenantRoleValues.add(tenantRoles.get(tenantId));
AccountValue av = tenantAccounts.get(tenantId);
- deleteAccountRole(tenantId, av.getAccountId());
+ deleteAccountRole(tenantId, av, tenantRoleValues);
}
}
return extractId(res);
}
- private void deleteAccountRole(String tenantId, String accountId) {
+ private void deleteAccountRole(String tenantId, AccountValue av,
+ List<RoleValue> rvs) {
// Perform setup.
setupDelete();
AccountRoleClient client = new AccountRoleClient();
UserInfo ui = tenantAdminUsers.get(tenantId);
client.setAuth(true, ui.userName, true, ui.password, true);
+ AccountRole accRole = AccountRoleFactory.createAccountRoleInstance(
+ av, rvs, true, true);
ClientResponse<Response> res = client.delete(
- accountId, "123");
+ av.getAccountId(), accRole);
int statusCode = res.getStatus();
// Check the status code of the response: does it match
projects / tmp / jakarta-migration.git / commitdiff