From 937aeba515494ed541f585f45354d909d23ab31d Mon Sep 17 00:00:00 2001 From: Sanjay Dalal Date: Fri, 16 Apr 2010 17:52:32 +0000 Subject: [PATCH] CSPACE-1518 added metadata to permission role relationship common authz xml types are in authorization_common.xsd and imported into relationship xsds test: authorization-mgt, authorization M services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionRoleDocumentHandler.java M services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionRoleSubResource.java M services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionRoleServiceTest.java M services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java M services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGen.java M services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml M services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java A + services/authorization/jaxb/src/main/resources/accounts_roles.xsd D services/authorization/jaxb/src/main/resources/users_roles.xsd A services/authorization/jaxb/src/main/resources/authorization_common.xsd M services/authorization/jaxb/src/main/resources/permissions_roles.xsd M services/authorization/pstore/src/main/resources/db/mysql/authorization.sql --- .../test/PermissionRoleServiceTest.java | 139 ++++++++++++------ .../PermissionRoleSubResource.java | 8 - .../PermissionRoleDocumentHandler.java | 68 +++++---- .../{users_roles.xsd => accounts_roles.xsd} | 40 ++--- .../main/resources/authorization_common.xsd | 98 ++++++++++++ .../src/main/resources/permissions_roles.xsd | 82 ++++++----- .../main/resources/db/mysql/authorization.sql | 2 +- .../services/authorization/AuthZ.java | 20 ++- .../authorization/test/AuthorizationGen.java | 35 +++-- .../test/AuthorizationSeedTest.java | 19 +-- .../test-data/test-permissions-roles.xml | 30 +++- 11 files changed, 367 insertions(+), 174 deletions(-) rename services/authorization/jaxb/src/main/resources/{users_roles.xsd => accounts_roles.xsd} (80%) create mode 100644 services/authorization/jaxb/src/main/resources/authorization_common.xsd diff --git a/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionRoleServiceTest.java b/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionRoleServiceTest.java index 99358d097..acd39752b 100644 --- a/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionRoleServiceTest.java +++ b/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionRoleServiceTest.java @@ -23,6 +23,7 @@ package org.collectionspace.services.authorization.client.test; import java.util.ArrayList; +import java.util.Collection; import java.util.Hashtable; import java.util.List; import javax.ws.rs.core.Response; @@ -31,7 +32,9 @@ import org.collectionspace.services.authorization.EffectType; import org.collectionspace.services.authorization.Permission; import org.collectionspace.services.authorization.PermissionAction; import org.collectionspace.services.authorization.PermissionRole; +import org.collectionspace.services.authorization.PermissionValue; import org.collectionspace.services.authorization.Role; +import org.collectionspace.services.authorization.RoleValue; import org.collectionspace.services.client.PermissionClient; import org.collectionspace.services.client.PermissionRoleClient; import org.collectionspace.services.client.RoleClient; @@ -61,8 +64,8 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { // Instance variables specific to this test. private String knownResourceId = null; private List allResourceIdsCreated = new ArrayList(); - private Hashtable permIds = new Hashtable(); - private Hashtable roleIds = new Hashtable(); + private Hashtable permValues = new Hashtable(); + private Hashtable roleValues = new Hashtable(); /* * This method is called only by the parent class, AbstractServiceTestImpl */ @@ -74,20 +77,40 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { @BeforeClass(alwaysRun = true) public void seedData() { - String accPermId = createPermission("accounts", EffectType.PERMIT); - permIds.put("accounts", accPermId); - - String coPermId = createPermission("collectionobjects", EffectType.DENY); - permIds.put("collectionobjects", coPermId); - - String iPermId = createPermission("intakes", EffectType.DENY); - permIds.put("intakes", iPermId); - - String r1RoleId = createRole("ROLE_CO1"); - roleIds.put("ROLE_1", r1RoleId); - - String r2RoleId = createRole("ROLE_CO2"); - roleIds.put("ROLE_2", r2RoleId); + String ra = "accounts"; + String accPermId = createPermission(ra, EffectType.PERMIT); + PermissionValue pva = new PermissionValue(); + pva.setResourceName(ra); + pva.setPermissionId(accPermId); + permValues.put(pva.getResourceName(), pva); + + String rc = "collectionobjects"; + String coPermId = createPermission(rc, EffectType.DENY); + PermissionValue pvc = new PermissionValue(); + pvc.setResourceName(rc); + pvc.setPermissionId(coPermId); + permValues.put(pvc.getResourceName(), pvc); + + String ri = "intakes"; + String iPermId = createPermission(ri, EffectType.DENY); + PermissionValue pvi = new PermissionValue(); + pvi.setResourceName(ri); + pvi.setPermissionId(iPermId); + permValues.put(pvi.getResourceName(), pvi); + + String rn1 = "ROLE_CO1"; + String r1RoleId = createRole(rn1); + RoleValue rv1 = new RoleValue(); + rv1.setRoleId(r1RoleId); + rv1.setRoleName(rn1); + roleValues.put(rv1.getRoleName(), rv1); + + String rn2 = "ROLE_CO2"; + String r2RoleId = createRole(rn2); + RoleValue rv2 = new RoleValue(); + rv2.setRoleId(r2RoleId); + rv2.setRoleName(rn2); + roleValues.put(rv2.getRoleName(), rv2); } // --------------------------------------------------------------- @@ -104,10 +127,11 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { setupCreate(testName); // Submit the request to the service and store the response. - PermissionRole permRole = createPermissionRoleInstance(permIds.get("accounts"), - roleIds.values().toArray(new String[0]), true, true); + PermissionValue pv = permValues.get("accounts"); + PermissionRole permRole = createPermissionRoleInstance(pv, + roleValues.values(), true, true); PermissionRoleClient client = new PermissionRoleClient(); - ClientResponse res = client.create(permIds.get("accounts"), permRole); + ClientResponse res = client.create(pv.getPermissionId(), permRole); int statusCode = res.getStatus(); if (logger.isDebugEnabled()) { @@ -135,25 +159,27 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { setupCreate(testName); // Submit the request to the service and store the response. PermissionRoleClient client = new PermissionRoleClient(); - PermissionRole permRole = createPermissionRoleInstance(permIds.get("collectionobjects"), - roleIds.values().toArray(new String[0]), true, true); - ClientResponse res = client.create(permIds.get("collectionobjects"), permRole); + PermissionValue pv = permValues.get("collectionobjects"); + PermissionRole permRole = createPermissionRoleInstance(pv, + roleValues.values(), true, true); + ClientResponse res = client.create(pv.getPermissionId(), permRole); int statusCode = res.getStatus(); Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode), invalidStatusCodeMessage(REQUEST_TYPE, statusCode)); Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE); //id of relationship is not important - allResourceIdsCreated.add(permIds.get("collectionobjects")); + allResourceIdsCreated.add(pv.getPermissionId()); - PermissionRole permRole2 = createPermissionRoleInstance(permIds.get("intakes"), - roleIds.values().toArray(new String[0]), true, true); - res = client.create(permIds.get("intakes"), permRole2); + PermissionValue pv2 = permValues.get("intakes"); + PermissionRole permRole2 = createPermissionRoleInstance(pv2, + roleValues.values(), true, true); + res = client.create(pv2.getPermissionId(), permRole2); statusCode = res.getStatus(); Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode), invalidStatusCodeMessage(REQUEST_TYPE, statusCode)); Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE); //id of relationship is not important - allResourceIdsCreated.add(permIds.get("intakes")); + allResourceIdsCreated.add(pv2.getPermissionId()); } @@ -186,7 +212,8 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { // Submit the request to the service and store the response. PermissionRoleClient client = new PermissionRoleClient(); - ClientResponse res = client.read(permIds.get("accounts"), "123"); + ClientResponse res = client.read( + permValues.get("accounts").getPermissionId(), "123"); int statusCode = res.getStatus(); // Check the status code of the response: does it match @@ -282,7 +309,8 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { // Submit the request to the service and store the response. PermissionRoleClient client = new PermissionRoleClient(); - ClientResponse res = client.delete(permIds.get("accounts"), "123"); + ClientResponse res = client.delete( + permValues.get("accounts").getPermissionId(), "123"); int statusCode = res.getStatus(); // Check the status code of the response: does it match @@ -293,7 +321,6 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode), invalidStatusCodeMessage(REQUEST_TYPE, statusCode)); Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE); - } // Failure outcomes @@ -334,7 +361,7 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { // Submit the request to the service and store the response. String method = ServiceRequestType.READ.httpMethodName(); - String url = getResourceURL(permIds.get("accounts")); + String url = getResourceURL(permValues.get("accounts").getPermissionId()); int statusCode = submitRequest(method, url); // Check the status code of the response: does it match @@ -353,13 +380,13 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { /** * create permRolerole instance * @param permId - * @param roleIds array of role ids + * @param roleValues array of role ids * @param userPermId * @param useRoleId * @return */ - private PermissionRole createPermissionRoleInstance(String permId, - String[] roleIds, + private PermissionRole createPermissionRoleInstance(PermissionValue pv, + Collection rvs, boolean usePermId, boolean useRoleId) { @@ -368,16 +395,17 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { //from URI used // permRole.setSubject(SubjectType.ROLE); if (usePermId) { - ArrayList pl = new ArrayList(); - pl.add(permId); - permRole.setPermissionIds(pl); + ArrayList pvs = new ArrayList(); + pvs.add(pv); + permRole.setPermissions(pvs); } if (useRoleId) { - ArrayList rl = new ArrayList(); - for (String roleId : roleIds) { - rl.add(roleId); + //FIXME is there a better way? + ArrayList rvas = new ArrayList(); + for (RoleValue rv : rvs) { + rvas.add(rv); } - permRole.setRoleIds(rl); + permRole.setRoles(rvas); } if (logger.isDebugEnabled()) { @@ -391,24 +419,29 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { public void cleanUp() { setupDelete("delete"); if (logger.isDebugEnabled()) { - logger.debug("Cleaning up temporary resources created for testing ..."); + logger.debug("clenaup: Cleaning up temporary resources created for testing ..."); } PermissionRoleClient client = new PermissionRoleClient(); for (String resourceId : allResourceIdsCreated) { + // Note: Any non-success responses are ignored and not reported. ClientResponse res = client.delete(resourceId, "123"); int statusCode = res.getStatus(); + if (logger.isDebugEnabled()) { + logger.debug("clenaup: delete relationships for permission id=" + + resourceId + " status=" + statusCode); + } Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode), invalidStatusCodeMessage(REQUEST_TYPE, statusCode)); Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE); } - for (String permId : permIds.values()) { - deletePermission(permId); + for (PermissionValue pv : permValues.values()) { + deletePermission(pv.getPermissionId()); } - for (String roleId : roleIds.values()) { - deleteRole(roleId); + for (RoleValue rv : roleValues.values()) { + deleteRole(rv.getRoleId()); } } @@ -422,7 +455,8 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { ClientResponse res = permClient.create(permission); int statusCode = res.getStatus(); if (logger.isDebugEnabled()) { - logger.debug("createPermission" + ": status = " + statusCode); + logger.debug("createPermission: resName=" + resName + + " status = " + statusCode); } Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode), invalidStatusCodeMessage(REQUEST_TYPE, statusCode)); @@ -435,6 +469,10 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { PermissionClient permClient = new PermissionClient(); ClientResponse res = permClient.delete(permId); int statusCode = res.getStatus(); + if (logger.isDebugEnabled()) { + logger.debug("deletePermission: delete permission id=" + + permId + " status=" + statusCode); + } Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode), invalidStatusCodeMessage(REQUEST_TYPE, statusCode)); Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE); @@ -449,7 +487,8 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { ClientResponse res = roleClient.create(role); int statusCode = res.getStatus(); if (logger.isDebugEnabled()) { - logger.debug("createRole" + ": status = " + statusCode); + logger.debug("createRole: name=" + roleName + + " status = " + statusCode); } Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode), invalidStatusCodeMessage(REQUEST_TYPE, statusCode)); @@ -462,6 +501,10 @@ public class PermissionRoleServiceTest extends AbstractServiceTestImpl { RoleClient roleClient = new RoleClient(); ClientResponse res = roleClient.delete(roleId); int statusCode = res.getStatus(); + if (logger.isDebugEnabled()) { + logger.debug("deleteRole: delete role id=" + roleId + + " status=" + statusCode); + } Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode), invalidStatusCodeMessage(REQUEST_TYPE, statusCode)); Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE); diff --git a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionRoleSubResource.java b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionRoleSubResource.java index a9c14b968..df254b76d 100644 --- a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionRoleSubResource.java +++ b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionRoleSubResource.java @@ -23,13 +23,6 @@ */ package org.collectionspace.services.authorization; -import javax.ws.rs.PathParam; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriBuilder; -import javax.ws.rs.core.UriInfo; import org.collectionspace.services.authorization.storage.PermissionRoleStorageClient; import org.collectionspace.services.common.AbstractCollectionSpaceResourceImpl; @@ -40,7 +33,6 @@ import org.collectionspace.services.common.context.ServiceContextFactory; import org.collectionspace.services.common.document.DocumentFilter; import org.collectionspace.services.common.document.DocumentHandler; import org.collectionspace.services.common.storage.StorageClient; -import org.jboss.resteasy.util.HttpResponseCodes; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionRoleDocumentHandler.java b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionRoleDocumentHandler.java index 6151ea07a..933816cbd 100644 --- a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionRoleDocumentHandler.java +++ b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionRoleDocumentHandler.java @@ -28,7 +28,9 @@ import java.util.List; import org.collectionspace.services.authorization.PermissionRole; import org.collectionspace.services.authorization.PermissionRoleRel; +import org.collectionspace.services.authorization.PermissionValue; import org.collectionspace.services.authorization.PermissionsRolesList; +import org.collectionspace.services.authorization.RoleValue; import org.collectionspace.services.authorization.SubjectType; import org.collectionspace.services.common.context.ServiceContext; @@ -82,29 +84,43 @@ public class PermissionRoleDocumentHandler List prrl = wrapDoc.getWrappedObject(); PermissionRole pr = new PermissionRole(); SubjectType subject = PermissionRoleUtil.getSubject(getServiceContext()); - pr.setSubject(subject); + PermissionRoleRel prr0 = prrl.get(0); if (SubjectType.ROLE.equals(subject)) { - List permIds = new ArrayList(); - permIds.add(prrl.get(0).getPermissionId()); - pr.setPermissionIds(permIds); - List roleIds = new ArrayList(); + + List pvs = new ArrayList(); + pr.setPermissions(pvs); + PermissionValue pv = new PermissionValue(); + pv.setPermissionId(prr0.getPermissionId()); + pv.setResourceName(prr0.getPermissionResource()); + pvs.add(pv); + + //add roles + List rvs = new ArrayList(); + pr.setRoles(rvs); for (PermissionRoleRel prr : prrl) { - roleIds.add(prr.getRoleId()); - pr.setCreatedAt(prr.getCreatedAt()); - pr.setUpdatedAt(prr.getUpdatedAt()); + RoleValue rv = new RoleValue(); + rv.setRoleId(prr.getRoleId()); + rv.setRoleName(prr.getRoleName()); + rvs.add(rv); } - pr.setRoleIds(roleIds); - } else { - List roleIds = new ArrayList(); - roleIds.add(prrl.get(0).getRoleId()); - pr.setRoleIds(roleIds); - List permIds = new ArrayList(); + } else if (SubjectType.PERMISSION.equals(subject)) { + + List rvs = new ArrayList(); + pr.setRoles(rvs); + RoleValue rv = new RoleValue(); + rv.setRoleId(prr0.getRoleId()); + rv.setRoleName(prr0.getRoleName()); + rvs.add(rv); + + //add permssions + List pvs = new ArrayList(); + pr.setPermissions(pvs); for (PermissionRoleRel prr : prrl) { - permIds.add(prr.getPermissionId()); - pr.setCreatedAt(prr.getCreatedAt()); - pr.setUpdatedAt(prr.getUpdatedAt()); + PermissionValue pv = new PermissionValue(); + pv.setPermissionId(prr.getPermissionId()); + pv.setResourceName(prr.getPermissionResource()); + pvs.add(pv); } - pr.setPermissionIds(permIds); } return pr; } @@ -121,19 +137,21 @@ public class PermissionRoleDocumentHandler //subject mismatch should have been checked during validation } if (subject.equals(SubjectType.ROLE)) { - String permId = pr.getPermissionIds().get(0); - for (String roleId : pr.getRoleIds()) { + String permId = pr.getPermissions().get(0).getPermissionId(); + for (RoleValue rv : pr.getRoles()) { PermissionRoleRel prr = new PermissionRoleRel(); prr.setPermissionId(permId); - prr.setRoleId(roleId); + prr.setRoleId(rv.getRoleId()); + prr.setRoleName(rv.getRoleName()); prrl.add(prr); } - } else { - String roleId = pr.getRoleIds().get(0); - for (String permId : pr.getPermissionIds()) { + } else if (SubjectType.PERMISSION.equals(subject)) { + String roleId = pr.getRoles().get(0).getRoleId(); + for (PermissionValue pv : pr.getPermissions()) { PermissionRoleRel prr = new PermissionRoleRel(); - prr.setPermissionId(permId); + prr.setPermissionId(pv.getPermissionId()); prr.setRoleId(roleId); + prr.setPermissionResource(pv.getResourceName()); prrl.add(prr); } } diff --git a/services/authorization/jaxb/src/main/resources/users_roles.xsd b/services/authorization/jaxb/src/main/resources/accounts_roles.xsd similarity index 80% rename from services/authorization/jaxb/src/main/resources/users_roles.xsd rename to services/authorization/jaxb/src/main/resources/accounts_roles.xsd index b9337bdda..88102e84c 100644 --- a/services/authorization/jaxb/src/main/resources/users_roles.xsd +++ b/services/authorization/jaxb/src/main/resources/accounts_roles.xsd @@ -46,7 +46,29 @@ - + + + + + + + AccountRole defines 1-n association between + either account and role or role and account + + + + + + + + + + + + + + + UserRole defines association between user and role in CollectionSpace @@ -102,22 +124,6 @@ - - - - users roles list - - - - - - - account role list - - - - - diff --git a/services/authorization/jaxb/src/main/resources/authorization_common.xsd b/services/authorization/jaxb/src/main/resources/authorization_common.xsd new file mode 100644 index 000000000..e53e8b8f4 --- /dev/null +++ b/services/authorization/jaxb/src/main/resources/authorization_common.xsd @@ -0,0 +1,98 @@ + + + + + + + + + + + + + + AccountValue is used relationships + + + + + + + + + + + + + + + + RoleValue is used relationships + + + + + + + + + + + + + + + PermissionValue is used relationships + + + + + + + + + + + + + + + + + + + + + diff --git a/services/authorization/jaxb/src/main/resources/permissions_roles.xsd b/services/authorization/jaxb/src/main/resources/permissions_roles.xsd index 5d00ac2a0..7fdc2521c 100644 --- a/services/authorization/jaxb/src/main/resources/permissions_roles.xsd +++ b/services/authorization/jaxb/src/main/resources/permissions_roles.xsd @@ -46,25 +46,7 @@ - - - - - A list of permission_role association for a permission or a role - - - - - - - - permission role list - - - - - - + @@ -78,28 +60,21 @@ - - - - - + + + + + - - - - - - - - PermissionRoleRel defines 1-1 association between - permission and role in CollectionSpace. Note that this relation - is defined exclusively for service-side use only. + permission and role in CollectionSpace. + Note that this relation is defined exclusively for service-side + use only. @@ -123,6 +98,15 @@ + + + + + + + + + @@ -132,6 +116,15 @@ + + + + + + + + + @@ -153,5 +146,26 @@ + + + + + + + A list of permission_role association for a permission or a role (for test only) + + + + + + + + permission role list + + + + + + diff --git a/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql b/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql index 0b00e2944..3632e9f4f 100644 --- a/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql +++ b/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql @@ -6,7 +6,7 @@ drop table if exists roles; drop table if exists users_roles; create table permissions (csid varchar(128) not null, attribute_name varchar(128), created_at datetime not null, description varchar(255), effect varchar(32) not null, resource_name varchar(128) not null, tenant_id varchar(128) not null, updated_at datetime, primary key (csid)); create table permissions_actions (HJID bigint not null auto_increment, name varchar(128) not null, ACTIONS_PERMISSION_CSID varchar(128), primary key (HJID)); -create table permissions_roles (HJID bigint not null auto_increment, created_at datetime not null, permission_id varchar(128) not null, role_id varchar(128) not null, updated_at datetime, primary key (HJID), unique (permission_id, role_id)); +create table permissions_roles (HJID bigint not null auto_increment, created_at datetime not null, permission_id varchar(128) not null, permission_resource varchar(255), role_id varchar(128) not null, role_name varchar(255), updated_at datetime, primary key (HJID), unique (permission_id, role_id)); create table roles (csid varchar(128) not null, created_at datetime not null, description varchar(255), rolegroup varchar(255), rolename varchar(200) not null, tenant_id varchar(128) not null, updated_at datetime, primary key (csid), unique (rolename)); create table users_roles (HJID bigint not null auto_increment, created_at datetime not null, role_id varchar(128) not null, updated_at datetime, username varchar(128) not null, primary key (HJID), unique (username, role_id)); alter table permissions_actions add index FK85F82042E2DC84FD (ACTIONS_PERMISSION_CSID), add constraint FK85F82042E2DC84FD foreign key (ACTIONS_PERMISSION_CSID) references permissions (csid); diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java index 5a1168081..e9e9acca5 100644 --- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java +++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java @@ -105,18 +105,16 @@ public class AuthZ { */ //FIXME this method should be in the restful web service resource of authz public void addPermissions(Permission perm, - List permRoles) { + PermissionRole permRole) { List principals = new ArrayList(); - for (PermissionRole permRole : permRoles) { - if (!perm.getCsid().equals(permRole.getPermissionIds().get(0))) { - throw new IllegalArgumentException("permission ids do not" - + " match for role=" + permRole.getRoleIds().get(0) - + " with permissionId=" + permRole.getPermissionIds().get(0) - + " for permission with csid=" + perm.getCsid()); - } - //assuming permrole belongs to the same perm - //FIXME should use role name - principals.add(permRole.getRoleIds().get(0)); + if (!perm.getCsid().equals(permRole.getPermissions().get(0).getPermissionId())) { + throw new IllegalArgumentException("permission ids do not" + + " match for role=" + permRole.getRoles().get(0).getRoleName() + + " with permissionId=" + permRole.getPermissions().get(0).getPermissionId() + + " for permission with csid=" + perm.getCsid()); + } + for (RoleValue roleValue : permRole.getRoles()) { + principals.add(roleValue.getRoleName()); } List permActions = perm.getActions(); for (PermissionAction permAction : permActions) { diff --git a/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGen.java b/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGen.java index 744540bb0..8599a76ca 100644 --- a/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGen.java +++ b/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGen.java @@ -54,8 +54,10 @@ import org.collectionspace.services.authorization.Permission; import org.collectionspace.services.authorization.EffectType; import org.collectionspace.services.authorization.PermissionAction; import org.collectionspace.services.authorization.PermissionRole; +import org.collectionspace.services.authorization.PermissionValue; import org.collectionspace.services.authorization.PermissionsList; import org.collectionspace.services.authorization.PermissionsRolesList; +import org.collectionspace.services.authorization.RoleValue; import org.collectionspace.services.authorization.SubjectType; /** @@ -109,8 +111,8 @@ public class AuthorizationGen { public void genPermissionsRoles() { PermissionsRolesList psrsl = new PermissionsRolesList(); ArrayList prl = new ArrayList(); - prl.add(buildCommonPermissionRoles("1")); - prl.add(buildCommonPermissionRoles("2")); + prl.add(buildCommonPermissionRoles("1", "accounts")); + prl.add(buildCommonPermissionRoles("2", "collectionobjects")); psrsl.setPermissionRoles(prl); AbstractAuthorizationTestImpl.toFile(psrsl, PermissionsRolesList.class, AbstractAuthorizationTestImpl.testDataDir + "test-permissions-roles.xml"); @@ -118,18 +120,29 @@ public class AuthorizationGen { + AbstractAuthorizationTestImpl.testDataDir + "test-permissions-roles.xml"); } - private PermissionRole buildCommonPermissionRoles(String id) { + private PermissionRole buildCommonPermissionRoles(String id, String resName) { PermissionRole pr = new PermissionRole(); pr.setSubject(SubjectType.ROLE); - List permIds = new ArrayList(); - permIds.add(id); - pr.setPermissionIds(permIds); - //FIXME should using role id - List roleIds = new ArrayList(); - roleIds.add("ROLE_USERS"); - roleIds.add("ROLE_ADMINISTRATOR"); - pr.setRoleIds(roleIds); + + List permValues = new ArrayList(); + pr.setPermissions(permValues); + PermissionValue permValue = new PermissionValue(); + permValue.setPermissionId(id); + permValue.setResourceName(resName); + permValues.add(permValue); + + List roleValues = new ArrayList(); + RoleValue rv1 = new RoleValue(); + rv1.setRoleName("ROLE_USERS"); + rv1.setRoleId("1"); + roleValues.add(rv1); + RoleValue rv2 = new RoleValue(); + rv2.setRoleName("ROLE_ADMINISTRATOR"); + rv2.setRoleId("2"); + roleValues.add(rv2); + pr.setRoles(roleValues); + return pr; } diff --git a/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java b/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java index 4abddef05..8f5d285d5 100644 --- a/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java +++ b/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java @@ -90,7 +90,7 @@ public class AuthorizationSeedTest extends AbstractAuthorizationTestImpl { PermissionsList pcList = (PermissionsList) fromFile(PermissionsList.class, - AbstractAuthorizationTestImpl.testDataDir + "test-permissions.xml"); + AbstractAuthorizationTestImpl.testDataDir + "test-permissions.xml"); logger.info("read permissions from " + AbstractAuthorizationTestImpl.testDataDir + "test-permissions.xml"); PermissionsRolesList pcrList = @@ -103,18 +103,11 @@ public class AuthorizationSeedTest extends AbstractAuthorizationTestImpl { if (logger.isDebugEnabled()) { logger.debug("adding permission for res=" + p.getResourceName()); } - List prl = getPermissionRoles(pcrList, p.getCsid()); - authZ.addPermissions(p, prl); - } - } - - private List getPermissionRoles(PermissionsRolesList pcrList, String permId) { - List prList = new ArrayList(); - for (PermissionRole pr : pcrList.getPermissionRoles()) { - if (pr.getPermissionIds().get(0).equals(permId)) { - prList.add(pr); - } + for (PermissionRole pr : pcrList.getPermissionRoles()) { + if (pr.getPermissions().get(0).getPermissionId().equals(p.getCsid())) { + authZ.addPermissions(p, pr); + } + } } - return prList; } } diff --git a/services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml b/services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml index 67b54370b..5a0ff5715 100644 --- a/services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml +++ b/services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml @@ -2,14 +2,32 @@ ROLE - 1 - ROLE_USERS - ROLE_ADMINISTRATOR + + 1 + accounts + + + 1 + ROLE_USERS + + + 2 + ROLE_ADMINISTRATOR + ROLE - 2 - ROLE_USERS - ROLE_ADMINISTRATOR + + 2 + collectionobjects + + + 1 + ROLE_USERS + + + 2 + ROLE_ADMINISTRATOR + -- 2.47.3