CSPACE-1347 replaced rolename with roleId in association relationships with permission and users, changed query in login-config.xml to reflect this change
test: mvn test at the services level
!!!requires ant clean undeploy deploy at least at services/authentication level as login-config.xml has changed
!!!requires ant create_db at authorization service level
M services/authentication/service/src/main/resources/config/jboss-login-config.xml
M services/authentication/service/src/main/resources/config/login-config.xml
_M services/loanin/service
_M services/loanin/jaxb
_M services/loanin/3rdparty/nuxeo-platform-cs-loanin
_M services/loanin/client
_M services/account
M services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGenTest.java
M services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml
M services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
M services/authorization/jaxb/src/main/resources/roles.xsd
M services/authorization/jaxb/src/main/resources/users_roles.xsd
M services/authorization/jaxb/src/main/resources/permissions_roles.xsd
M services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql
M services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql
M services/authorization/pstore/src/main/resources/db/mysql/authorization.sql
select passwd from users where username=?
</module-option>
<module-option name="rolesQuery">
- select rolename, 'Roles' from users_roles where username=?
+ select r.rolename, 'Role' from roles as r, users_roles as ur where ur.username=? and ur.role_id=r.csid
</module-option>
<module-option name="tenantsQuery">
select t.id, t.name, 'Tenants' from accounts_common as a, accounts_tenants as at, tenants as t where a.userid=? and a.csid = at.TENANTS_ACCOUNTSCOMMON_CSID and at.tenant_id = t.id
select passwd from users where username=?
</module-option>
<module-option name="rolesQuery">
- select rolename, 'Roles' from users_roles where username=?
+ select r.rolename, 'Role' from roles as r, users_roles as ur where ur.username=? and ur.role_id=r.csid
</module-option>
<module-option name="tenantsQuery">
select t.id, t.name, 'Tenants' from accounts_common as a, accounts_tenants as at, tenants as t where a.userid=? and a.csid = at.TENANTS_ACCOUNTSCOMMON_CSID and at.tenant_id = t.id
<orm:unique-constraint>
<!-- combined length should be < 1000 bytes -->
<orm:column-name>permission_id</orm:column-name>
- <orm:column-name>rolename</orm:column-name>
+ <orm:column-name>role_id</orm:column-name>
</orm:unique-constraint>
</orm:table>
</hj:entity>
</xs:appinfo>
</xs:annotation>
</xs:element>
- <xs:element name="roleName" type="xs:string" minOccurs="1" maxOccurs="1">
+ <xs:element name="roleId" type="xs:string" minOccurs="1" maxOccurs="1">
<xs:annotation>
<xs:appinfo>
<hj:basic>
- <orm:column name="rolename" length="200" nullable="false"/>
+ <orm:column name="role_id" length="128" nullable="false"/>
</hj:basic>
</xs:appinfo>
</xs:annotation>
</xs:sequence>
</xs:complexType>
-
</xs:schema>
<xs:documentation>Role definition in CollectionSpace</xs:documentation>
<xs:appinfo>
<hj:entity>
- <orm:table name="roles"/>
+ <orm:table name="roles">
+ <orm:unique-constraint>
+ <orm:column-name>rolename</orm:column-name>
+ </orm:unique-constraint>
+ </orm:table>
</hj:entity>
</xs:appinfo>
</xs:annotation>
<xs:element name="roleName" type="xs:string" minOccurs="1" maxOccurs="1">
<xs:annotation>
<xs:appinfo>
- <hj:id>
+ <hj:basic>
<orm:column name="rolename" length="200" nullable="false"/>
- </hj:id>
+ </hj:basic>
</xs:appinfo>
</xs:annotation>
</xs:element>
</xs:annotation>
</xs:element>
</xs:sequence>
+ <xs:attribute name="csid" type="xs:string">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:id>
+ <orm:column name="csid" length="128" nullable="false"/>
+ </hj:id>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
<orm:unique-constraint>
<!-- combined length should be < 1000 bytes -->
<orm:column-name>username</orm:column-name>
- <orm:column-name>rolename</orm:column-name>
+ <orm:column-name>role_id</orm:column-name>
</orm:unique-constraint>
</orm:table>
</hj:entity>
</xs:appinfo>
</xs:annotation>
</xs:element>
- <xs:element name="roleName" type="xs:string" minOccurs="1" maxOccurs="1">
+ <xs:element name="roleId" type="xs:string" minOccurs="1" maxOccurs="1">
<xs:annotation>
<xs:appinfo>
<hj:basic>
- <orm:column name="rolename" length="200" nullable="false"/>
+ <orm:column name="role_id" length="128" nullable="false"/>
</hj:basic>
</xs:appinfo>
</xs:annotation>
drop table if exists users_roles;
create table permissions (csid varchar(128) not null, attribute_name varchar(128), created_at datetime not null, description varchar(255), effect varchar(32) not null, resource_name varchar(128) not null, updated_at datetime, primary key (csid));
create table permissions_actions (HJID bigint not null auto_increment, name varchar(128) not null, ACTION__PERMISSION_CSID varchar(128), primary key (HJID));
-create table permissions_roles (HJID bigint not null auto_increment, created_at datetime not null, permission_id varchar(128) not null, rolename varchar(200) not null, updated_at datetime, primary key (HJID), unique (permission_id, rolename));
-create table roles (rolename varchar(200) not null, created_at datetime not null, description varchar(255), rolegroup varchar(255) not null, updated_at datetime, primary key (rolename));
-create table users_roles (HJID bigint not null auto_increment, created_at datetime not null, rolename varchar(200) not null, updated_at datetime, username varchar(128) not null, primary key (HJID), unique (username, rolename));
+create table permissions_roles (HJID bigint not null auto_increment, created_at datetime not null, permission_id varchar(128) not null, role_id varchar(128) not null, updated_at datetime, primary key (HJID), unique (permission_id, role_id));
+create table roles (csid varchar(128) not null, created_at datetime not null, description varchar(255), rolegroup varchar(255) not null, rolename varchar(200) not null, updated_at datetime, primary key (csid), unique (rolename));
+create table users_roles (HJID bigint not null auto_increment, created_at datetime not null, role_id varchar(128) not null, updated_at datetime, username varchar(128) not null, primary key (HJID), unique (username, role_id));
alter table permissions_actions add index FK85F8204295972CE9 (ACTION__PERMISSION_CSID), add constraint FK85F8204295972CE9 foreign key (ACTION__PERMISSION_CSID) references permissions (csid);
-- You may not use this file except in compliance with this License.
--
use cspace;
-CREATE INDEX index_rolename ON roles (rolegroup);
+CREATE INDEX index_rolename ON roles (rolename);
+CREATE INDEX index_rolegroup ON roles (rolegroup);
CREATE INDEX index_username ON users_roles (username);
-CREATE INDEX index_rolename ON users_roles (rolename);
+CREATE INDEX index_role_id ON users_roles (role_id);
CREATE INDEX index_permission_id ON permissions_roles (permission_id);
-CREATE INDEX index_rolename ON permissions_roles (rolename);
+CREATE INDEX index_role_id ON permissions_roles (role_id);
--\r
use cspace;\r
\r
-insert into `roles` (`rolename`, `rolegroup`, `created_at`) values ('ROLE_KERNEL', 'kernel', '2010-02-17 16:31:48');\r
-insert into `roles` (`rolename`, `rolegroup`, `created_at`) values ('ROLE_USERS', 'collections', '2010-02-17 16:31:48');\r
-insert into `roles` (`rolename`, `rolegroup`, `created_at`) values ('ROLE_COLLECTIONS_MANAGER', 'collections', '2010-02-17 16:31:48');\r
-insert into `roles` (`rolename`, `rolegroup`, `created_at`) values ('ROLE_COLLECTIONS_REGISTRAR', 'collections', '2010-02-17 16:31:48');\r
+insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`) values ('1', 'ROLE_ADMINISTRATOR', 'admin', '2010-02-17 16:31:48');\r
+insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`) values ('2', 'ROLE_USERS', 'collections', '2010-02-17 16:31:48');\r
+insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`) values ('3', 'ROLE_COLLECTIONS_MANAGER', 'collections', '2010-02-17 16:31:48');\r
+insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`) values ('4', 'ROLE_COLLECTIONS_REGISTRAR', 'collections', '2010-02-17 16:31:48');\r
\r
-insert into `users_roles`(`username`, `rolename`, `created_at`) values ('test', 'ROLE_ADMINISTRATOR', '2010-02-17 16:31:48');\r
-insert into `users_roles`(`username`, `rolename`, `created_at`) values ('test', 'ROLE_USERS', '2010-02-17 16:31:48');\r
-insert into `users_roles`(`username`, `rolename`, `created_at`) values ('test', 'ROLE_COLLECTIONS_MANAGER', '2010-02-17 16:31:48');\r
+insert into `users_roles`(`username`, `role_id`, `created_at`) values ('test', '1', '2010-02-17 16:31:48');\r
+insert into `users_roles`(`username`, `role_id`, `created_at`) values ('test', '2', '2010-02-17 16:31:48');\r
+insert into `users_roles`(`username`, `role_id`, `created_at`) values ('test', '3', '2010-02-17 16:31:48');\r
\r
-insert into `users_roles`(`username`, `rolename`, `created_at`) values ('barney', 'ROLE_USERS', '2010-02-17 16:31:48');\r
-insert into `users_roles`(`username`, `rolename`, `created_at`) values ('barney', 'ROLE_COLLECTIONS_MANAGER', '2010-02-17 16:31:48');\r
+insert into `users_roles`(`username`, `role_id`, `created_at`) values ('barney', '2', '2010-02-17 16:31:48');\r
+insert into `users_roles`(`username`, `role_id`, `created_at`) values ('barney', '3', '2010-02-17 16:31:48');\r
* addPermissions add permissions from given permission configuration
* @param permission configuration
*/
+ //FIXME this method should be in the restful web service resource of authz
public void addPermissions(Permission perm,
List<PermissionRole> permRoles) {
List<String> principals = new ArrayList<String>();
for (PermissionRole permRole : permRoles) {
if (!perm.getCsid().equals(permRole.getPermissionId())) {
throw new IllegalArgumentException("permission ids do not"
- + " match role=" + permRole.getRoleName()
+ + " match role=" + permRole.getRoleId()
+ " permission=" + perm.getCsid());
}
//assuming permrole belongs to the same perm
- principals.add(permRole.getRoleName());
+ //FIXME should use role name
+ principals.add(permRole.getRoleId());
}
List<PermissionAction> permActions = perm.getAction();
for (PermissionAction permAction : permActions) {
ArrayList<PermissionRole> prl = new ArrayList<PermissionRole>();
PermissionRole pr = new PermissionRole();
pr.setPermissionId(id);
- pr.setRoleName("ROLE_USERS");
+ //FIXME should using role id
+ pr.setRoleId("ROLE_USERS");
prl.add(pr);
PermissionRole pr1 = new PermissionRole();
pr1.setPermissionId(id);
- pr1.setRoleName("ROLE_ADMINISTRATOR");
+ //FIXME shoudl use role id
+ pr1.setRoleId("ROLE_ADMINISTRATOR");
prl.add(pr1);
return prl;
}
<ns2:permissions_roles_list xmlns:ns2="http://collectionspace.org/services/authorization">
<permissionRole>
<permissionId>1</permissionId>
- <roleName>ROLE_USERS</roleName>
+ <roleId>ROLE_USERS</roleId>
</permissionRole>
<permissionRole>
<permissionId>1</permissionId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>ROLE_ADMINISTRATOR</roleId>
</permissionRole>
<permissionRole>
<permissionId>2</permissionId>
- <roleName>ROLE_USERS</roleName>
+ <roleId>ROLE_USERS</roleId>
</permissionRole>
<permissionRole>
<permissionId>2</permissionId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>ROLE_ADMINISTRATOR</roleId>
</permissionRole>
</ns2:permissions_roles_list>
projects / tmp / jakarta-migration.git / commitdiff