From: Richard Millet <richard.millet@berkeley.edu>
Date: Wed, 1 Sep 2010 23:11:36 +0000 (+0000)
Subject: CSPACE-2142: When a role is deleted, its association(s) with account(s) are not delet... 
X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=96337c4b987b8ba4e1bb074d75c49e0f5dc68539;p=tmp%2Fjakarta-migration.git

CSPACE-2142: When a role is deleted, its association(s) with account(s) are not deleted.  Consequently, "ghost" roles are being returned in the /accounts/{csid}/accountroles list.
---

diff --git a/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java b/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
index b00af2420..a824db8cd 100644
--- a/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
+++ b/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
@@ -31,6 +31,8 @@ import org.collectionspace.services.account.storage.AccountRoleDocumentHandler;
 import org.collectionspace.services.authorization.AccountRole;
 import org.collectionspace.services.authorization.AccountValue;
 import org.collectionspace.services.authorization.AccountRoleRel;
+import org.collectionspace.services.authorization.Permission;
+import org.collectionspace.services.authorization.Role;
 import org.collectionspace.services.authorization.SubjectType;
 
 import org.collectionspace.services.common.AbstractCollectionSpaceResourceImpl;
@@ -55,7 +57,7 @@ public class AccountRoleSubResource
     	extends AbstractCollectionSpaceResourceImpl<AccountRole, AccountRole> {
 
     final public static String ACCOUNT_ACCOUNTROLE_SERVICE = "accounts/accountroles";
-    final public static String ROLE_ACCOUNTROLE_SERVICE = "roles/accountroles";
+    final public static String ROLE_ACCOUNTROLE_SERVICE = "authorization/roles/accountroles";
     //this service is never exposed as standalone RESTful service...just use unique
     //service name to identify binding
     /** The service name. */
@@ -69,7 +71,7 @@ public class AccountRoleSubResource
      *
      * @param serviceName qualified service path
      */
-    AccountRoleSubResource(String serviceName) {
+    public AccountRoleSubResource(String serviceName) {
         this.serviceName = serviceName;
     }
 
@@ -126,9 +128,16 @@ public class AccountRoleSubResource
         ctx.setProperty(ServiceContextProperties.ENTITY_CLASS, AccountRoleRel.class);
         //subject name is necessary to indicate if role or account is a subject
         ctx.setProperty(ServiceContextProperties.SUBJECT, subject);
+        
         //set context for the relationship query
-        ctx.setProperty(ServiceContextProperties.OBJECT_CLASS, AccountsCommon.class);
-        ctx.setProperty(ServiceContextProperties.OBJECT_ID, "account_id");
+        if (subject == SubjectType.ROLE) {
+            ctx.setProperty(ServiceContextProperties.OBJECT_CLASS, AccountsCommon.class);
+            ctx.setProperty(ServiceContextProperties.OBJECT_ID, "account_id");
+        } else if (subject == SubjectType.ACCOUNT) {
+            ctx.setProperty(ServiceContextProperties.OBJECT_CLASS, Role.class);
+            ctx.setProperty(ServiceContextProperties.OBJECT_ID, "role_id");
+        }
+        
         return ctx;
     }
 
diff --git a/services/authorization-mgt/service/pom.xml b/services/authorization-mgt/service/pom.xml
index a8205b7f3..ab436b391 100644
--- a/services/authorization-mgt/service/pom.xml
+++ b/services/authorization-mgt/service/pom.xml
@@ -172,6 +172,12 @@
             <version>${project.version}</version>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.collectionspace.services</groupId>
+            <artifactId>org.collectionspace.services.account.service</artifactId>
+            <version>${project.version}</version>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>org.collectionspace.services</groupId>
             <artifactId>org.collectionspace.services.common</artifactId>
diff --git a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java
index bc337392e..fe4390caa 100644
--- a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java
+++ b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java
@@ -39,6 +39,7 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
 
+import org.collectionspace.services.account.AccountRoleSubResource;
 import org.collectionspace.services.common.AbstractCollectionSpaceResourceImpl;
 //import org.collectionspace.services.common.context.RemoteServiceContextImpl;
 import org.collectionspace.services.common.ServiceMessages;
@@ -351,13 +352,17 @@ public class RoleResource
             throw new WebApplicationException(response);
         }
         try {
-            //FIXME ideally the following two ops should be in the same tx CSPACE-658
+            //FIXME ideally the following three operations should be in the same tx CSPACE-658
             //delete all relationships for this permission
-            PermissionRoleSubResource subResource =
+            PermissionRoleSubResource permRoleResource =
                     new PermissionRoleSubResource(PermissionRoleSubResource.ROLE_PERMROLE_SERVICE);
-            subResource.deletePermissionRole(csid, SubjectType.PERMISSION);
-
-            ServiceContext ctx = createServiceContext((Role) null, Role.class);
+            permRoleResource.deletePermissionRole(csid, SubjectType.PERMISSION);
+            //delete all the account/role relationships associate with this role
+            AccountRoleSubResource accountRoleResource =
+                new AccountRoleSubResource(AccountRoleSubResource.ROLE_ACCOUNTROLE_SERVICE);
+            accountRoleResource.deleteAccountRole(csid, SubjectType.ACCOUNT);
+            //finally, delete the role itself
+            ServiceContext<Role, Role> ctx = createServiceContext((Role) null, Role.class);
             ((JpaStorageClientImpl) getStorageClient(ctx)).deleteWhere(ctx, csid);
             return Response.status(HttpResponseCodes.SC_OK).build();
         } catch (UnauthorizedException ue) {
diff --git a/services/common/src/main/config/services/tenant-bindings.xml b/services/common/src/main/config/services/tenant-bindings.xml
index 77d50335e..184665b56 100644
--- a/services/common/src/main/config/services/tenant-bindings.xml
+++ b/services/common/src/main/config/services/tenant-bindings.xml
@@ -1152,6 +1152,46 @@
             </service:object>
         </tenant:serviceBindings>
         <!-- end role-permission service meta-data -->
+        
+        <!-- begin role-account service meta-data -->
+        <!-- the following service is same as account/accountroles service -->
+        <!-- except that it is available as a sub resource of the role service -->
+        <tenant:serviceBindings name="authorization/roles/accountroles" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+<!--            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /authorization/roles/*/accountroles/
+            </service:uriPath>-->
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.account.storage.AccountRoleDocumentHandler
+            </service:documentHandler>
+            <!--service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.authorization.storage.PermissionRoleValidatorHandler
+            </service:validatorHandler-->
+            <service:object name="AccountRole" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="accountroles_system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="accountroles" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/authorization"
+                            schemaLocation="http://collectionspace.org/services/authorization http://services.collectionspace.org/authorization/accounts_roles.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        
     </tenant:tenantBinding>
     <!-- end movingimages.us tenant meta-data -->
 
@@ -2255,7 +2295,47 @@
             </service:object>
         </tenant:serviceBindings>
         <!-- end role-permission service meta-data -->
+    
+        <!-- begin role-account service meta-data -->
+        <!-- the following service is same as account/accountroles service -->
+        <!-- except that it is available as a sub resource of the role service -->
+        <tenant:serviceBindings name="authorization/roles/accountroles" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+<!--            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /authorization/roles/*/accountroles/
+            </service:uriPath>-->
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.account.storage.AccountRoleDocumentHandler
+            </service:documentHandler>
+            <!--service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.authorization.storage.PermissionRoleValidatorHandler
+            </service:validatorHandler-->
+            <service:object name="AccountRole" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="accountroles_system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="accountroles" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/authorization"
+                            schemaLocation="http://collectionspace.org/services/authorization http://services.collectionspace.org/authorization/accounts_roles.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
     </tenant:tenantBinding>
+    
     <!-- end hearstmuseum.berkeley.edu tenant meta-data -->
 
 </tenant:TenantBindingConfig>