From: Richard Millet <richard.millet@berkeley.edu>
Date: Thu, 6 Jan 2011 00:03:13 +0000 (+0000)
Subject: CSPACE-3165: Special role "ROLE_SPRING_ADMIN" is no longer showing up in payload... 
X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=99eb33347424fc38c8517c38b2d1b3ac79a49230;p=tmp%2Fjakarta-migration.git

CSPACE-3165: Special role "ROLE_SPRING_ADMIN" is no longer showing up in payload results of "accountroles" request.
---

diff --git a/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java b/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
index bc776a1bd..df8d5b185 100644
--- a/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
+++ b/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
@@ -24,6 +24,9 @@
 package org.collectionspace.services.account;
 
 import java.util.List;
+import java.util.ArrayList;
+
+import javax.persistence.PersistenceException;
 
 import org.collectionspace.services.account.storage.AccountRoleDocumentHandler;
 //import org.collectionspace.services.authorization.AccountRolesList;
@@ -36,6 +39,7 @@ import org.collectionspace.services.authorization.Role;
 import org.collectionspace.services.authorization.RoleValue;
 import org.collectionspace.services.authorization.SubjectType;
 
+import org.collectionspace.services.common.authorization_mgt.AuthorizationCommon;
 import org.collectionspace.services.common.AbstractCollectionSpaceResourceImpl;
 import org.collectionspace.services.common.context.RemoteServiceContextFactory;
 import org.collectionspace.services.common.context.ServiceContext;
@@ -56,10 +60,6 @@ import org.slf4j.LoggerFactory;
 public class AccountRoleSubResource
 //        extends AbstractCollectionSpaceResourceImpl<AccountRole, AccountRolesList> {
     	extends AbstractCollectionSpaceResourceImpl<AccountRole, AccountRole> {
-
-	//FIXME: These belong in an Authorization class, not here
-    private static String ROLE_SPRING_ADMIN_ID = "-1";
-    private static String ROLE_SPRING_ADMIN_NAME = "ROLE_SPRING_ADMIN";    
 	
     final public static String ACCOUNT_ACCOUNTROLE_SERVICE = "accounts/accountroles";
     final public static String ROLE_ACCOUNTROLE_SERVICE = "authorization/roles/accountroles";
@@ -171,12 +171,38 @@ public class AccountRoleSubResource
     	// changes to the Spring Security ACL tables.  The Spring Security Admin role has NO CollectionSpace
     	// specific permissions.  It is an internal/private role that service consumers and end-users NEVER see.
     	//
+    	
+    	//Preserve the original incoming list of roles
+    	List<RoleValue> inputRoleValues = input.getRoles();
+
+    	//Change the role list to be just the Spring role
+    	List<RoleValue> springRoles = new ArrayList<RoleValue>();
+    	input.setRoles(springRoles);
     	RoleValue springAdminRole = new RoleValue();
-    	springAdminRole.setRoleId(ROLE_SPRING_ADMIN_ID);
-    	springAdminRole.setRoleName(ROLE_SPRING_ADMIN_NAME);
-    	List<RoleValue> roleValues = input.getRoles();
-    	roleValues.add(springAdminRole);
+    	springRoles.add(springAdminRole);
+    	springAdminRole.setRoleId(AuthorizationCommon.ROLE_SPRING_ADMIN_ID);
+    	springAdminRole.setRoleName(AuthorizationCommon.ROLE_SPRING_ADMIN_NAME);
 
+    	// The Spring role relationship may already exist, if it does then we'll get a PersistenceException that
+    	// we'll just ignore.
+    	try {
+	        ServiceContext<AccountRole, AccountRole> ctx = createServiceContext(input, subject);
+	        DocumentHandler handler = createDocumentHandler(ctx);        
+	        getStorageClient(ctx).create(ctx, handler);
+    	} catch (PersistenceException e) {
+    		//If we get this exception, it means that the role relationship already exists, so
+    		//we can just ignore this exception.
+    		if (logger.isTraceEnabled() == true) {
+    			logger.trace(AuthorizationCommon.ROLE_SPRING_ADMIN_NAME +
+    					" relationship already exists for account: " +
+    					input.getAccounts().get(0).getAccountId(), e);
+    		}
+    	}
+    	
+    	//
+    	// Now we'll add the account relationships for the original incoming roles.
+    	//
+    	input.setRoles(inputRoleValues);
         ServiceContext<AccountRole, AccountRole> ctx = createServiceContext(input, subject);
         DocumentHandler handler = createDocumentHandler(ctx);        
         String bogusCsid = getStorageClient(ctx).create(ctx, handler);
diff --git a/services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountRoleDocumentHandler.java b/services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountRoleDocumentHandler.java
index cee44eb57..e3e87f73c 100644
--- a/services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountRoleDocumentHandler.java
+++ b/services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountRoleDocumentHandler.java
@@ -113,8 +113,7 @@ public class AccountRoleDocumentHandler
     @Override
     public void handleGet(DocumentWrapper<List<AccountRoleRel>> wrapDoc) throws Exception {
     	AccountRole output = extractCommonPart(wrapDoc);
-        setCommonPart(extractCommonPart(wrapDoc));
-//    	AccountRole accountRoleList = extractCommonPartList(wrapDoc);
+        setCommonPart(output);
         getServiceContext().setOutput(output);
     }
 
@@ -267,14 +266,18 @@ public class AccountRoleDocumentHandler
             List<AccountValue> avs = new ArrayList<AccountValue>();
             ar.setAccounts(avs);
             AccountValue av = AuthorizationRoleRel.buildAccountValue(ar0);
-            avs.add(av);
+            if (av != null) {
+            	avs.add(av);
+            }
 
             //add roles
             List<RoleValue> rvs = new ArrayList<RoleValue>();
             ar.setRoles(rvs);
             for (AccountRoleRel arr : arrl) {
             	RoleValue rv = AuthorizationRoleRel.buildRoleValue(arr);
-                rvs.add(rv);
+            	if (rv != null) {
+            		rvs.add(rv);
+            	}
             }
         } else if (SubjectType.ACCOUNT.equals(subject)) {
 
diff --git a/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java
new file mode 100644
index 000000000..62ac660e8
--- /dev/null
+++ b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java
@@ -0,0 +1,8 @@
+package org.collectionspace.services.common.authorization_mgt;
+
+public class AuthorizationCommon {
+
+    public static String ROLE_SPRING_ADMIN_ID = "-1";
+    public static String ROLE_SPRING_ADMIN_NAME = "ROLE_SPRING_ADMIN";    
+
+}
diff --git a/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationRoleRel.java b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationRoleRel.java
index 0b1cf4623..1ef90a4e9 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationRoleRel.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationRoleRel.java
@@ -5,6 +5,7 @@ import org.collectionspace.services.authorization.PermissionRoleRel;
 import org.collectionspace.services.authorization.AccountRoleRel;
 import org.collectionspace.services.authorization.PermissionValue;
 import org.collectionspace.services.authorization.RoleValue;
+import org.collectionspace.services.common.authorization_mgt.AuthorizationCommon;
 
 public class AuthorizationRoleRel {
 
@@ -29,10 +30,13 @@ public class AuthorizationRoleRel {
      * @return the role account value
      */
     static public RoleValue buildRoleValue(AccountRoleRel arr) {
-    	RoleValue rv = new RoleValue();
-        rv.setRoleId(arr.getRoleId());
-        rv.setRoleName(arr.getRoleName());
-    	rv.setRoleRelationshipId(arr.getHjid().toString());        
+    	RoleValue rv = null;
+    	if (arr.getRoleId().equals(AuthorizationCommon.ROLE_SPRING_ADMIN_ID) == false) {
+	    	rv = new RoleValue();
+	        rv.setRoleId(arr.getRoleId());
+	        rv.setRoleName(arr.getRoleName());
+	    	rv.setRoleRelationshipId(arr.getHjid().toString());
+    	}
         return rv;
     }
     
diff --git a/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaRelationshipStorageClient.java b/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaRelationshipStorageClient.java
index 2b4569f79..bce83ff1c 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaRelationshipStorageClient.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaRelationshipStorageClient.java
@@ -33,6 +33,7 @@ import java.util.UUID;
 import javax.persistence.EntityManager;
 import javax.persistence.EntityManagerFactory;
 import javax.persistence.NoResultException;
+import javax.persistence.PersistenceException;
 import javax.persistence.Query;
 
 import org.collectionspace.services.authorization.Permission;
@@ -134,6 +135,8 @@ public class JpaRelationshipStorageClient<T> extends JpaStorageClientImpl {
                 em.getTransaction().rollback();
             }
             throw bre;
+        } catch (PersistenceException pe) {
+        	throw pe;
         } catch (Exception e) {
             if (em != null && em.getTransaction().isActive()) {
                 em.getTransaction().rollback();