From: Sanjay Dalal Date: Mon, 5 Apr 2010 22:04:44 +0000 (+0000) Subject: CSPACE-1397 roles is tied to a tenant. tenant id is added to role at create time. X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=e24d7cafa869c1957e49cca3950eacce9a29f46d;p=tmp%2Fjakarta-migration.git CSPACE-1397 roles is tied to a tenant. tenant id is added to role at create time. test: authz-mgt M services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleValidatorHandler.java M services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java M services/authorization/jaxb/src/main/resources/roles.xsd M services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql M services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql M services/authorization/pstore/src/main/resources/db/mysql/authorization.sql M services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageClientImpl.java --- diff --git a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java index b0667ee2f..c01c204e5 100644 --- a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java +++ b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java @@ -53,10 +53,17 @@ public class RoleDocumentHandler String id = UUID.randomUUID().toString(); Role role = wrapDoc.getWrappedObject(); role.setCsid(id); + //FIXME: if admin updating the role is a CS admin rather than + //the tenant admin, tenant id should be retrieved from the request + role.setTenantId(getServiceContext().getTenantId()); } @Override public void handleUpdate(DocumentWrapper wrapDoc) throws Exception { + Role role = wrapDoc.getWrappedObject(); + //FIXME: if admin updating the role is a CS admin rather than + //the tenant admin, tenant id should be retrieved from the request + role.setTenantId(getServiceContext().getTenantId()); } @Override @@ -103,6 +110,7 @@ public class RoleDocumentHandler rolesList.setRoles(list); for (Object obj : wrapDoc.getWrappedObject()) { Role role = (Role) obj; + sanitize(role); list.add(role); } return rolesList; @@ -148,5 +156,6 @@ public class RoleDocumentHandler * @param role */ private void sanitize(Role role) { + role.setTenantId(null); } } diff --git a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleValidatorHandler.java b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleValidatorHandler.java index fcf288797..9686fc617 100644 --- a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleValidatorHandler.java +++ b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleValidatorHandler.java @@ -43,10 +43,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ + package org.collectionspace.services.authorization.storage; import org.collectionspace.services.authorization.Role; diff --git a/services/authorization/jaxb/src/main/resources/roles.xsd b/services/authorization/jaxb/src/main/resources/roles.xsd index ddf75ef02..32e76eaca 100644 --- a/services/authorization/jaxb/src/main/resources/roles.xsd +++ b/services/authorization/jaxb/src/main/resources/roles.xsd @@ -86,6 +86,15 @@ + + + + + + + + + diff --git a/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql b/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql index f4c7e6aac..33b5cf107 100644 --- a/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql +++ b/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql @@ -7,6 +7,6 @@ drop table if exists users_roles; create table permissions (csid varchar(128) not null, attribute_name varchar(128), created_at datetime not null, description varchar(255), effect varchar(32) not null, resource_name varchar(128) not null, updated_at datetime, primary key (csid)); create table permissions_actions (HJID bigint not null auto_increment, name varchar(128) not null, ACTIONS_PERMISSION_CSID varchar(128), primary key (HJID)); create table permissions_roles (HJID bigint not null auto_increment, created_at datetime not null, permission_id varchar(128) not null, role_id varchar(128) not null, updated_at datetime, primary key (HJID), unique (permission_id, role_id)); -create table roles (csid varchar(128) not null, created_at datetime not null, description varchar(255), rolegroup varchar(255), rolename varchar(200) not null, updated_at datetime, primary key (csid), unique (rolename)); +create table roles (csid varchar(128) not null, created_at datetime not null, description varchar(255), rolegroup varchar(255), rolename varchar(200) not null, tenant_id varchar(128) not null, updated_at datetime, primary key (csid), unique (rolename)); create table users_roles (HJID bigint not null auto_increment, created_at datetime not null, role_id varchar(128) not null, updated_at datetime, username varchar(128) not null, primary key (HJID), unique (username, role_id)); alter table permissions_actions add index FK85F82042E2DC84FD (ACTIONS_PERMISSION_CSID), add constraint FK85F82042E2DC84FD foreign key (ACTIONS_PERMISSION_CSID) references permissions (csid); diff --git a/services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql b/services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql index ed1376783..6d9a19740 100644 --- a/services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql +++ b/services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql @@ -6,6 +6,7 @@ use cspace; CREATE INDEX index_rolename ON roles (rolename); CREATE INDEX index_rolegroup ON roles (rolegroup); +CREATE INDEX index_tenant_id ON roles (tenant_id); CREATE INDEX index_username ON users_roles (username); CREATE INDEX index_role_id ON users_roles (role_id); CREATE INDEX index_permission_id ON permissions_roles (permission_id); diff --git a/services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql b/services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql index 6972aa1d9..b63777d0a 100644 --- a/services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql +++ b/services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql @@ -5,10 +5,10 @@ -- use cspace; -insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`) values ('1', 'ROLE_ADMINISTRATOR', 'admin', '2010-02-17 16:31:48'); -insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`) values ('2', 'ROLE_USERS', 'collections', '2010-02-17 16:31:48'); -insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`) values ('3', 'ROLE_COLLECTIONS_MANAGER', 'collections', '2010-02-17 16:31:48'); -insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`) values ('4', 'ROLE_COLLECTIONS_REGISTRAR', 'collections', '2010-02-17 16:31:48'); +insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`, `tenant_id`) values ('1', 'ROLE_ADMINISTRATOR', 'admin', '2010-02-17 16:31:48', '0'); +insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`, `tenant_id`) values ('2', 'ROLE_USERS', 'collections', '2010-02-17 16:31:48', '1'); +insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`, `tenant_id`) values ('3', 'ROLE_COLLECTIONS_MANAGER', 'collections', '2010-02-17 16:31:48', '1'); +insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`, `tenant_id`) values ('4', 'ROLE_COLLECTIONS_REGISTRAR', 'collections', '2010-02-17 16:31:48', '1'); insert into `users_roles`(`username`, `role_id`, `created_at`) values ('test', '1', '2010-02-17 16:31:48'); insert into `users_roles`(`username`, `role_id`, `created_at`) values ('test', '2', '2010-02-17 16:31:48'); diff --git a/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageClientImpl.java b/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageClientImpl.java index 6fcb2b577..d9d11e56d 100644 --- a/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageClientImpl.java +++ b/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageClientImpl.java @@ -325,7 +325,6 @@ public class JpaStorageClientImpl implements StorageClient { handler.prepare(Action.UPDATE); Object entity = handler.getCommonPart(); setCsid(entity, id); - setValue(entity, "setUpdatedAtItem", Date.class, new Date()); DocumentWrapper wrapDoc = new DocumentWrapperImpl(entity); handler.handle(Action.UPDATE, wrapDoc); emf = getEntityManagerFactory(); @@ -340,7 +339,11 @@ public class JpaStorageClientImpl implements StorageClient { logger.error(msg); throw new DocumentNotFoundException(msg); } - em.merge(entity); + entity = em.merge(entity); + setValue(entity, "setUpdatedAtItem", Date.class, new Date()); + if (logger.isDebugEnabled()) { + logger.debug("merged entity=" + entity.toString()); + } em.getTransaction().commit(); handler.complete(Action.UPDATE, wrapDoc); } catch (BadRequestException bre) {