From: remillet <remillet@yahoo.com>
Date: Thu, 7 Dec 2017 22:42:26 +0000 (-0800)
Subject: DRYD-186: Added support for PUT requests on Roles that contain associated permissions... 
X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=5308c2ae87424b6248c1679e05e19c274d8cdb71;p=tmp%2Fjakarta-migration.git

DRYD-186: Added support for PUT requests on Roles that contain associated permissions.  A role's existing permissions list will be replaced with the ones sent in the PUT request.
---

diff --git a/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security.xml b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security.xml
index 5946eca88..8c9316c25 100644
--- a/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security.xml
+++ b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security.xml
@@ -77,6 +77,12 @@
             <uri>/cspace-services/authorization/roles</uri>
             <filename>security/3-role-test-cm.xml</filename>
         </test>
+        <test ID="updateRoleTestCM">
+            <method>PUT</method>
+            <uri>/cspace-services/authorization/roles</uri>
+            <filename>security/3a-update-role-test-cm.xml</filename>
+            <fromTestID>roleTestCM</fromTestID>
+        </test>
         <test ID="roleIntern">
             <method>POST</method>
             <uri>/cspace-services/authorization/roles</uri>
diff --git a/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security/3a-update-role-test-cm.xml b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security/3a-update-role-test-cm.xml
new file mode 100644
index 000000000..2178ce6d9
--- /dev/null
+++ b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security/3a-update-role-test-cm.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:role xmlns:ns2="http://collectionspace.org/services/authorization">
+    <roleName>ROLE_TEST_CM</roleName>
+    <description>role for ROLE_TEST_CM</description>
+    <permission>
+        <permissionId>1-vocabularies-RL</permissionId>
+        <resourceName>vocabularies</resourceName>
+        <actionGroup>RL</actionGroup>
+    </permission>
+    <permission>
+        <permissionId>1-groups-RL</permissionId>
+        <resourceName>groups</resourceName>
+        <actionGroup>RL</actionGroup>
+    </permission>
+</ns2:role>
diff --git a/services/authorization-mgt/client/src/main/java/org/collectionspace/services/client/RoleClient.java b/services/authorization-mgt/client/src/main/java/org/collectionspace/services/client/RoleClient.java
index 7694e7b7a..7ab0946db 100644
--- a/services/authorization-mgt/client/src/main/java/org/collectionspace/services/client/RoleClient.java
+++ b/services/authorization-mgt/client/src/main/java/org/collectionspace/services/client/RoleClient.java
@@ -44,7 +44,11 @@ public class RoleClient extends AbstractServiceClientImpl<RolesList, Role, Role,
 	public static final String SERVICE_PATH = "/" + SERVICE_PATH_COMPONENT;
 	public static final String SERVICE_PATH_PROXY = SERVICE_PATH + "/";	
 	public final static String IMMUTABLE = "immutable";
-	private final static String BACKEND_ROLE_PREFIX = "ROLE_";
+	public final static String INCLUDE_PERMS_QP = "includePerms";
+	
+	//
+	// Used to qualify backend role name
+	private final static String BACKEND_ROLE_PREFIX = "ROLE_";	
 
     public RoleClient() throws Exception {
 		super();
diff --git a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java
index d07d6c2ec..cf9283c38 100644
--- a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java
+++ b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java
@@ -93,8 +93,8 @@ public class RoleResource extends SecurityResourceBase {
 
     @GET
     @Path("{csid}")
-    public Role getRole(@PathParam("csid") String csid) {
-        return (Role)get(csid, Role.class);
+    public Role getRole(@PathParam("csid") String csid, @Context UriInfo ui) {
+        return (Role)get(ui, csid, Role.class);
     }
     
     /*
diff --git a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java
index 13637c652..1661b78ff 100644
--- a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java
+++ b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java
@@ -38,7 +38,7 @@ import org.collectionspace.services.authorization.SubjectType;
 import org.collectionspace.services.client.PermissionRoleFactory;
 import org.collectionspace.services.client.RoleClient;
 import org.collectionspace.services.client.RoleFactory;
-
+import org.collectionspace.services.common.api.Tools;
 import org.collectionspace.services.common.document.BadRequestException;
 import org.collectionspace.services.common.document.DocumentFilter;
 import org.collectionspace.services.common.document.DocumentWrapper;
@@ -99,16 +99,40 @@ public class RoleDocumentHandler
     }
 
     @Override
-    public void handleUpdate(DocumentWrapper<Role> wrapDoc) throws Exception {
-        Role roleFound = wrapDoc.getWrappedObject();
-        Role roleReceived = getCommonPart();
-        // If marked as metadata immutable, do not do update
-        if(!RoleClient.IMMUTABLE.equals(roleFound.getMetadataProtection())) {
-	        roleReceived.setRoleName(RoleClient.getBackendRoleName(roleReceived.getRoleName(),
-	        		roleFound.getTenantId()));
-	        merge(roleReceived, roleFound);
-        }
-    }
+	public void handleUpdate(DocumentWrapper<Role> wrapDoc) throws Exception {
+		Role roleFound = wrapDoc.getWrappedObject();
+		Role roleReceived = getCommonPart();
+		// If marked as metadata immutable, do not do update
+		if (!RoleClient.IMMUTABLE.equals(roleFound.getMetadataProtection())) {
+			roleReceived
+					.setRoleName(RoleClient.getBackendRoleName(roleReceived.getRoleName(), roleFound.getTenantId()));
+			merge(roleReceived, roleFound);
+		}
+		//
+		// Update perms is supplied.
+		//
+		List<PermissionValue> permValueList = roleReceived.getPermission();
+		if (permValueList != null) {
+            PermissionRoleSubResource subResource =
+                    new PermissionRoleSubResource(PermissionRoleSubResource.ROLE_PERMROLE_SERVICE);
+            //
+            // First, delete the existing permroles
+            //
+            subResource.deletePermissionRole(roleFound.getCsid(), SubjectType.PERMISSION);
+            //
+            // Next, create the new permroles
+            //
+    		RoleValue roleValue = RoleFactory.createRoleValueInstance(roleFound);
+    		PermissionRole permRole = PermissionRoleFactory.createPermissionRoleInstance(SubjectType.PERMISSION, roleValue,
+    				permValueList, true, true);            
+            subResource.createPermissionRole(permRole, SubjectType.PERMISSION);
+            //
+            // Finally, set the updated perm list in the result
+            //
+            PermissionRole newPermRole = subResource.getPermissionRole(roleFound.getCsid(), SubjectType.PERMISSION);
+            roleFound.setPermission(newPermRole.getPermission());
+		}
+	}
 
     /**
      * Merge fields manually from 'from' to the 'to' role
@@ -169,7 +193,18 @@ public class RoleDocumentHandler
     public Role extractCommonPart(
             DocumentWrapper<Role> wrapDoc)
             throws Exception {
-        return wrapDoc.getWrappedObject();
+        Role role = wrapDoc.getWrappedObject();
+        
+        String includePermsQueryParamValue = (String) getServiceContext().getQueryParams().getFirst(RoleClient.INCLUDE_PERMS_QP);
+        boolean includePerms = Tools.isTrue(includePermsQueryParamValue);
+        if (includePerms) {
+	        PermissionRoleSubResource permRoleResource =
+	                new PermissionRoleSubResource(PermissionRoleSubResource.ROLE_PERMROLE_SERVICE);
+	        PermissionRole permRole = permRoleResource.getPermissionRole(role.getCsid(), SubjectType.PERMISSION);
+	        role.setPermission(permRole.getPermission());
+        }
+    
+        return role;
     }
 
     @Override
@@ -232,7 +267,7 @@ public class RoleDocumentHandler
      */
     private void sanitize(Role role) {
         if (!SecurityUtils.isCSpaceAdmin()) {
-            role.setTenantId(null); // REM - See no reason for hiding the tenant ID?
+            // role.setTenantId(null); // REM - There's no reason for hiding the tenant ID is there?
         }
     }