CSPACE-3165: Special role "ROLE_SPRING_ADMIN" is no longer showing up in payload...

diff --git a/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java b/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
index bc776a1bdfa0b9f9aadf0a2a38c2ea592196510a..df8d5b185307ad8e6c4898640bd7893872877e15 100644 (file)
--- a/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
+++ b/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
@@ -24,6 +24,9 @@
 package org.collectionspace.services.account;
 
 import java.util.List;
+import java.util.ArrayList;
+
+import javax.persistence.PersistenceException;
 
 import org.collectionspace.services.account.storage.AccountRoleDocumentHandler;
 //import org.collectionspace.services.authorization.AccountRolesList;
@@ -36,6 +39,7 @@ import org.collectionspace.services.authorization.Role;
 import org.collectionspace.services.authorization.RoleValue;
 import org.collectionspace.services.authorization.SubjectType;
 
+import org.collectionspace.services.common.authorization_mgt.AuthorizationCommon;
 import org.collectionspace.services.common.AbstractCollectionSpaceResourceImpl;
 import org.collectionspace.services.common.context.RemoteServiceContextFactory;
 import org.collectionspace.services.common.context.ServiceContext;
@@ -56,10 +60,6 @@ import org.slf4j.LoggerFactory;
 public class AccountRoleSubResource
 //        extends AbstractCollectionSpaceResourceImpl<AccountRole, AccountRolesList> {
        extends AbstractCollectionSpaceResourceImpl<AccountRole, AccountRole> {
-
-       //FIXME: These belong in an Authorization class, not here
-    private static String ROLE_SPRING_ADMIN_ID = "-1";
-    private static String ROLE_SPRING_ADMIN_NAME = "ROLE_SPRING_ADMIN";    
        
     final public static String ACCOUNT_ACCOUNTROLE_SERVICE = "accounts/accountroles";
     final public static String ROLE_ACCOUNTROLE_SERVICE = "authorization/roles/accountroles";
@@ -171,12 +171,38 @@ public class AccountRoleSubResource
        // changes to the Spring Security ACL tables.  The Spring Security Admin role has NO CollectionSpace
        // specific permissions.  It is an internal/private role that service consumers and end-users NEVER see.
        //
+       
+       //Preserve the original incoming list of roles
+       List<RoleValue> inputRoleValues = input.getRoles();
+
+       //Change the role list to be just the Spring role
+       List<RoleValue> springRoles = new ArrayList<RoleValue>();
+       input.setRoles(springRoles);
        RoleValue springAdminRole = new RoleValue();
-       springAdminRole.setRoleId(ROLE_SPRING_ADMIN_ID);
-       springAdminRole.setRoleName(ROLE_SPRING_ADMIN_NAME);
-       List<RoleValue> roleValues = input.getRoles();
-       roleValues.add(springAdminRole);
+       springRoles.add(springAdminRole);
+       springAdminRole.setRoleId(AuthorizationCommon.ROLE_SPRING_ADMIN_ID);
+       springAdminRole.setRoleName(AuthorizationCommon.ROLE_SPRING_ADMIN_NAME);
 
+       // The Spring role relationship may already exist, if it does then we'll get a PersistenceException that
+       // we'll just ignore.
+       try {
+               ServiceContext<AccountRole, AccountRole> ctx = createServiceContext(input, subject);
+               DocumentHandler handler = createDocumentHandler(ctx);        
+               getStorageClient(ctx).create(ctx, handler);
+       } catch (PersistenceException e) {
+               //If we get this exception, it means that the role relationship already exists, so
+               //we can just ignore this exception.
+               if (logger.isTraceEnabled() == true) {
+                       logger.trace(AuthorizationCommon.ROLE_SPRING_ADMIN_NAME +
+                                       " relationship already exists for account: " +
+                                       input.getAccounts().get(0).getAccountId(), e);
+               }
+       }
+       
+       //
+       // Now we'll add the account relationships for the original incoming roles.
+       //
+       input.setRoles(inputRoleValues);
         ServiceContext<AccountRole, AccountRole> ctx = createServiceContext(input, subject);
         DocumentHandler handler = createDocumentHandler(ctx);        
         String bogusCsid = getStorageClient(ctx).create(ctx, handler);

diff --git a/services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountRoleDocumentHandler.java b/services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountRoleDocumentHandler.java
index cee44eb57c8577ccab700a842e3f238c4de5b37a..e3e87f73cc8d4ca3260ef646d9522c745fbc4a01 100644 (file)
--- a/services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountRoleDocumentHandler.java
+++ b/services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountRoleDocumentHandler.java
@@ -113,8 +113,7 @@ public class AccountRoleDocumentHandler
     @Override
     public void handleGet(DocumentWrapper<List<AccountRoleRel>> wrapDoc) throws Exception {
        AccountRole output = extractCommonPart(wrapDoc);
-        setCommonPart(extractCommonPart(wrapDoc));
-//     AccountRole accountRoleList = extractCommonPartList(wrapDoc);
+        setCommonPart(output);
         getServiceContext().setOutput(output);
     }
 
@@ -267,14 +266,18 @@ public class AccountRoleDocumentHandler
             List<AccountValue> avs = new ArrayList<AccountValue>();
             ar.setAccounts(avs);
             AccountValue av = AuthorizationRoleRel.buildAccountValue(ar0);
-            avs.add(av);
+            if (av != null) {
+               avs.add(av);
+            }
 
             //add roles
             List<RoleValue> rvs = new ArrayList<RoleValue>();
             ar.setRoles(rvs);
             for (AccountRoleRel arr : arrl) {
                RoleValue rv = AuthorizationRoleRel.buildRoleValue(arr);
-                rvs.add(rv);
+               if (rv != null) {
+                       rvs.add(rv);
+               }
             }
         } else if (SubjectType.ACCOUNT.equals(subject)) {
 

diff --git a/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java
new file mode 100644 (file)
index 0000000..62ac660
--- /dev/null
+++ b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java
@@ -0,0 +1,8 @@
+package org.collectionspace.services.common.authorization_mgt;\r
+\r
+public class AuthorizationCommon {\r
+\r
+    public static String ROLE_SPRING_ADMIN_ID = "-1";\r
+    public static String ROLE_SPRING_ADMIN_NAME = "ROLE_SPRING_ADMIN";    \r
+\r
+}\r

diff --git a/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationRoleRel.java b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationRoleRel.java
index 0b1cf4623c5793c9ee2cb049dea6148d1a425302..1ef90a4e998387dd64fdc828ea936cca45a8140e 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationRoleRel.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationRoleRel.java
@@ -5,6 +5,7 @@ import org.collectionspace.services.authorization.PermissionRoleRel;
 import org.collectionspace.services.authorization.AccountRoleRel;\r
 import org.collectionspace.services.authorization.PermissionValue;\r
 import org.collectionspace.services.authorization.RoleValue;\r
+import org.collectionspace.services.common.authorization_mgt.AuthorizationCommon;\r
 \r
 public class AuthorizationRoleRel {\r
 \r
@@ -29,10 +30,13 @@ public class AuthorizationRoleRel {
      * @return the role account value\r
      */\r
     static public RoleValue buildRoleValue(AccountRoleRel arr) {\r
-       RoleValue rv = new RoleValue();\r
-        rv.setRoleId(arr.getRoleId());\r
-        rv.setRoleName(arr.getRoleName());\r
-       rv.setRoleRelationshipId(arr.getHjid().toString());        \r
+       RoleValue rv = null;\r
+       if (arr.getRoleId().equals(AuthorizationCommon.ROLE_SPRING_ADMIN_ID) == false) {\r
+               rv = new RoleValue();\r
+               rv.setRoleId(arr.getRoleId());\r
+               rv.setRoleName(arr.getRoleName());\r
+               rv.setRoleRelationshipId(arr.getHjid().toString());\r
+       }\r
         return rv;\r
     }\r
     \r

diff --git a/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaRelationshipStorageClient.java b/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaRelationshipStorageClient.java
index 2b4569f7964a01ebd1d1e6b43d250d76302f48ad..bce83ff1cc9317d66c5d0010917e6fa62f29d10b 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaRelationshipStorageClient.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaRelationshipStorageClient.java
@@ -33,6 +33,7 @@ import java.util.UUID;
 import javax.persistence.EntityManager;
 import javax.persistence.EntityManagerFactory;
 import javax.persistence.NoResultException;
+import javax.persistence.PersistenceException;
 import javax.persistence.Query;
 
 import org.collectionspace.services.authorization.Permission;
@@ -134,6 +135,8 @@ public class JpaRelationshipStorageClient<T> extends JpaStorageClientImpl {
                 em.getTransaction().rollback();
             }
             throw bre;
+        } catch (PersistenceException pe) {
+               throw pe;
         } catch (Exception e) {
             if (em != null && em.getTransaction().isActive()) {
                 em.getTransaction().rollback();