From a267d7c56addfd6890894a7050b05a90215a91e1 Mon Sep 17 00:00:00 2001
From: Sanjay Dalal <sanjay.dalal@berkeley.edu>
Date: Wed, 31 Mar 2010 22:48:16 +0000
Subject: [PATCH] CSPACE-1345 added csid to role schema as rolename is not
 unique in cspace CSPACE-1347 replaced rolename with roleId in association
 relationships with permission and users, changed query in login-config.xml to
 reflect this change test: mvn test at the services level

!!!requires ant clean undeploy deploy at least at services/authentication level as login-config.xml has changed
!!!requires ant create_db at authorization service level

M    services/authentication/service/src/main/resources/config/jboss-login-config.xml
M    services/authentication/service/src/main/resources/config/login-config.xml
_M   services/loanin/service
_M   services/loanin/jaxb
_M   services/loanin/3rdparty/nuxeo-platform-cs-loanin
_M   services/loanin/client
_M   services/account
M    services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGenTest.java
M    services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
M    services/authorization/jaxb/src/main/resources/roles.xsd
M    services/authorization/jaxb/src/main/resources/users_roles.xsd
M    services/authorization/jaxb/src/main/resources/permissions_roles.xsd
M    services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql
M    services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql
M    services/authorization/pstore/src/main/resources/db/mysql/authorization.sql
---
 .../resources/config/jboss-login-config.xml   |  2 +-
 .../main/resources/config/login-config.xml    |  2 +-
 .../src/main/resources/permissions_roles.xsd  |  7 +++----
 .../jaxb/src/main/resources/roles.xsd         | 19 ++++++++++++++++---
 .../jaxb/src/main/resources/users_roles.xsd   |  6 +++---
 .../main/resources/db/mysql/authorization.sql |  6 +++---
 .../db/mysql/authorization_index.sql          |  7 ++++---
 .../resources/db/mysql/test_authorization.sql | 18 +++++++++---------
 .../services/authorization/AuthZ.java         |  6 ++++--
 .../test/AuthorizationGenTest.java            |  6 ++++--
 .../test-data/test-permissions-roles.xml      |  8 ++++----
 11 files changed, 52 insertions(+), 35 deletions(-)

diff --git a/services/authentication/service/src/main/resources/config/jboss-login-config.xml b/services/authentication/service/src/main/resources/config/jboss-login-config.xml
index 253c2a35a..a557fd395 100644
--- a/services/authentication/service/src/main/resources/config/jboss-login-config.xml
+++ b/services/authentication/service/src/main/resources/config/jboss-login-config.xml
@@ -28,7 +28,7 @@ copy before the "other" application-policy
                 select passwd from users where username=?
             </module-option>
             <module-option name="rolesQuery">
-                select rolename, 'Roles' from users_roles where username=?
+                select r.rolename, 'Role' from roles as r, users_roles as ur where ur.username=? and ur.role_id=r.csid
             </module-option>
             <module-option name="tenantsQuery">
                 select t.id, t.name, 'Tenants' from accounts_common as a, accounts_tenants as at, tenants as t where a.userid=? and a.csid = at.TENANTS_ACCOUNTSCOMMON_CSID and at.tenant_id = t.id
diff --git a/services/authentication/service/src/main/resources/config/login-config.xml b/services/authentication/service/src/main/resources/config/login-config.xml
index 33d757f61..823bea056 100644
--- a/services/authentication/service/src/main/resources/config/login-config.xml
+++ b/services/authentication/service/src/main/resources/config/login-config.xml
@@ -145,7 +145,7 @@ $Revision: 64598 $
                 select passwd from users where username=?
             </module-option>
             <module-option name="rolesQuery">
-                select rolename, 'Roles' from users_roles where username=?
+                 select r.rolename, 'Role' from roles as r, users_roles as ur where ur.username=? and ur.role_id=r.csid
             </module-option>
             <module-option name="tenantsQuery">
                 select t.id, t.name, 'Tenants' from accounts_common as a, accounts_tenants as at, tenants as t where a.userid=? and a.csid = at.TENANTS_ACCOUNTSCOMMON_CSID and at.tenant_id = t.id
diff --git a/services/authorization/jaxb/src/main/resources/permissions_roles.xsd b/services/authorization/jaxb/src/main/resources/permissions_roles.xsd
index c746b2497..492d64d6d 100644
--- a/services/authorization/jaxb/src/main/resources/permissions_roles.xsd
+++ b/services/authorization/jaxb/src/main/resources/permissions_roles.xsd
@@ -58,7 +58,7 @@
                         <orm:unique-constraint>
                             <!-- combined length should be < 1000 bytes -->
                             <orm:column-name>permission_id</orm:column-name>
-                            <orm:column-name>rolename</orm:column-name>
+                            <orm:column-name>role_id</orm:column-name>
                         </orm:unique-constraint>
                     </orm:table>
                 </hj:entity>
@@ -74,11 +74,11 @@
                     </xs:appinfo>
                 </xs:annotation>
             </xs:element>
-            <xs:element name="roleName" type="xs:string" minOccurs="1" maxOccurs="1">
+            <xs:element name="roleId" type="xs:string" minOccurs="1" maxOccurs="1">
                 <xs:annotation>
                     <xs:appinfo>
                         <hj:basic>
-                            <orm:column name="rolename" length="200" nullable="false"/>
+                            <orm:column name="role_id" length="128" nullable="false"/>
                         </hj:basic>
                     </xs:appinfo>
                 </xs:annotation>
@@ -104,6 +104,5 @@
         </xs:sequence>
     </xs:complexType>
 
-
 </xs:schema>
 
diff --git a/services/authorization/jaxb/src/main/resources/roles.xsd b/services/authorization/jaxb/src/main/resources/roles.xsd
index 5408db980..b29c53b0f 100644
--- a/services/authorization/jaxb/src/main/resources/roles.xsd
+++ b/services/authorization/jaxb/src/main/resources/roles.xsd
@@ -54,7 +54,11 @@
             <xs:documentation>Role definition in CollectionSpace</xs:documentation>
             <xs:appinfo>
                 <hj:entity>
-                    <orm:table name="roles"/>
+                    <orm:table name="roles">
+                        <orm:unique-constraint>
+                            <orm:column-name>rolename</orm:column-name>
+                        </orm:unique-constraint>
+                    </orm:table>
                 </hj:entity>
             </xs:appinfo>
         </xs:annotation>
@@ -62,9 +66,9 @@
             <xs:element name="roleName" type="xs:string" minOccurs="1" maxOccurs="1">
                 <xs:annotation>
                     <xs:appinfo>
-                        <hj:id>
+                        <hj:basic>
                             <orm:column name="rolename" length="200" nullable="false"/>
-                        </hj:id>
+                        </hj:basic>
                     </xs:appinfo>
                 </xs:annotation>
             </xs:element>
@@ -105,6 +109,15 @@
                 </xs:annotation>
             </xs:element>
         </xs:sequence>
+        <xs:attribute name="csid" type="xs:string">
+            <xs:annotation>
+                <xs:appinfo>
+                    <hj:id>
+                        <orm:column name="csid" length="128" nullable="false"/>
+                    </hj:id>
+                </xs:appinfo>
+            </xs:annotation>
+        </xs:attribute>
     </xs:complexType>
 
 
diff --git a/services/authorization/jaxb/src/main/resources/users_roles.xsd b/services/authorization/jaxb/src/main/resources/users_roles.xsd
index 3715aebda..745d139b3 100644
--- a/services/authorization/jaxb/src/main/resources/users_roles.xsd
+++ b/services/authorization/jaxb/src/main/resources/users_roles.xsd
@@ -58,7 +58,7 @@
                         <orm:unique-constraint>
                             <!-- combined length should be < 1000 bytes -->
                             <orm:column-name>username</orm:column-name>
-                            <orm:column-name>rolename</orm:column-name>
+                            <orm:column-name>role_id</orm:column-name>
                         </orm:unique-constraint>
                     </orm:table>
                 </hj:entity>
@@ -74,11 +74,11 @@
                     </xs:appinfo>
                 </xs:annotation>
             </xs:element>
-            <xs:element name="roleName" type="xs:string" minOccurs="1" maxOccurs="1">
+            <xs:element name="roleId" type="xs:string" minOccurs="1" maxOccurs="1">
                 <xs:annotation>
                     <xs:appinfo>
                         <hj:basic>
-                            <orm:column name="rolename" length="200" nullable="false"/>
+                            <orm:column name="role_id" length="128" nullable="false"/>
                         </hj:basic>
                     </xs:appinfo>
                 </xs:annotation>
diff --git a/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql b/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql
index e26f9bb13..e3d6a60ae 100644
--- a/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql
+++ b/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql
@@ -6,7 +6,7 @@ drop table if exists roles;
 drop table if exists users_roles;
 create table permissions (csid varchar(128) not null, attribute_name varchar(128), created_at datetime not null, description varchar(255), effect varchar(32) not null, resource_name varchar(128) not null, updated_at datetime, primary key (csid));
 create table permissions_actions (HJID bigint not null auto_increment, name varchar(128) not null, ACTION__PERMISSION_CSID varchar(128), primary key (HJID));
-create table permissions_roles (HJID bigint not null auto_increment, created_at datetime not null, permission_id varchar(128) not null, rolename varchar(200) not null, updated_at datetime, primary key (HJID), unique (permission_id, rolename));
-create table roles (rolename varchar(200) not null, created_at datetime not null, description varchar(255), rolegroup varchar(255) not null, updated_at datetime, primary key (rolename));
-create table users_roles (HJID bigint not null auto_increment, created_at datetime not null, rolename varchar(200) not null, updated_at datetime, username varchar(128) not null, primary key (HJID), unique (username, rolename));
+create table permissions_roles (HJID bigint not null auto_increment, created_at datetime not null, permission_id varchar(128) not null, role_id varchar(128) not null, updated_at datetime, primary key (HJID), unique (permission_id, role_id));
+create table roles (csid varchar(128) not null, created_at datetime not null, description varchar(255), rolegroup varchar(255) not null, rolename varchar(200) not null, updated_at datetime, primary key (csid), unique (rolename));
+create table users_roles (HJID bigint not null auto_increment, created_at datetime not null, role_id varchar(128) not null, updated_at datetime, username varchar(128) not null, primary key (HJID), unique (username, role_id));
 alter table permissions_actions add index FK85F8204295972CE9 (ACTION__PERMISSION_CSID), add constraint FK85F8204295972CE9 foreign key (ACTION__PERMISSION_CSID) references permissions (csid);
diff --git a/services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql b/services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql
index efa5e5c8f..ed1376783 100644
--- a/services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql
+++ b/services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql
@@ -4,8 +4,9 @@
 -- You may not use this file except in compliance with this License.
 --
 use cspace;
-CREATE INDEX index_rolename ON roles (rolegroup);
+CREATE INDEX index_rolename ON roles (rolename);
+CREATE INDEX index_rolegroup ON roles (rolegroup);
 CREATE INDEX index_username ON users_roles (username);
-CREATE INDEX index_rolename ON users_roles (rolename);
+CREATE INDEX index_role_id ON users_roles (role_id);
 CREATE INDEX index_permission_id ON permissions_roles (permission_id);
-CREATE INDEX index_rolename ON permissions_roles (rolename);
+CREATE INDEX index_role_id ON permissions_roles (role_id);
diff --git a/services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql b/services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql
index dfd0524a4..6972aa1d9 100644
--- a/services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql
+++ b/services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql
@@ -5,14 +5,14 @@
 --
 use cspace;
 
-insert into `roles` (`rolename`, `rolegroup`, `created_at`) values ('ROLE_KERNEL', 'kernel', '2010-02-17 16:31:48');
-insert into `roles` (`rolename`, `rolegroup`, `created_at`) values ('ROLE_USERS', 'collections', '2010-02-17 16:31:48');
-insert into `roles` (`rolename`, `rolegroup`, `created_at`) values ('ROLE_COLLECTIONS_MANAGER', 'collections', '2010-02-17 16:31:48');
-insert into `roles` (`rolename`, `rolegroup`, `created_at`) values ('ROLE_COLLECTIONS_REGISTRAR', 'collections', '2010-02-17 16:31:48');
+insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`) values ('1', 'ROLE_ADMINISTRATOR', 'admin', '2010-02-17 16:31:48');
+insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`) values ('2', 'ROLE_USERS', 'collections', '2010-02-17 16:31:48');
+insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`) values ('3', 'ROLE_COLLECTIONS_MANAGER', 'collections', '2010-02-17 16:31:48');
+insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`) values ('4', 'ROLE_COLLECTIONS_REGISTRAR', 'collections', '2010-02-17 16:31:48');
 
-insert into `users_roles`(`username`, `rolename`, `created_at`) values ('test', 'ROLE_ADMINISTRATOR', '2010-02-17 16:31:48');
-insert into `users_roles`(`username`, `rolename`, `created_at`) values ('test', 'ROLE_USERS', '2010-02-17 16:31:48');
-insert into `users_roles`(`username`, `rolename`, `created_at`) values ('test', 'ROLE_COLLECTIONS_MANAGER', '2010-02-17 16:31:48');
+insert into `users_roles`(`username`, `role_id`, `created_at`) values ('test', '1', '2010-02-17 16:31:48');
+insert into `users_roles`(`username`, `role_id`, `created_at`) values ('test', '2', '2010-02-17 16:31:48');
+insert into `users_roles`(`username`, `role_id`, `created_at`) values ('test', '3', '2010-02-17 16:31:48');
 
-insert into `users_roles`(`username`, `rolename`, `created_at`) values ('barney', 'ROLE_USERS', '2010-02-17 16:31:48');
-insert into `users_roles`(`username`, `rolename`, `created_at`) values ('barney', 'ROLE_COLLECTIONS_MANAGER', '2010-02-17 16:31:48');
+insert into `users_roles`(`username`, `role_id`, `created_at`) values ('barney', '2', '2010-02-17 16:31:48');
+insert into `users_roles`(`username`, `role_id`, `created_at`) values ('barney', '3', '2010-02-17 16:31:48');
diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
index 21cf0528f..d9caba470 100644
--- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
+++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
@@ -103,17 +103,19 @@ public class AuthZ {
      * addPermissions add permissions from given permission configuration
      * @param permission configuration
      */
+    //FIXME this method should be in the restful web service resource of authz
     public void addPermissions(Permission perm,
             List<PermissionRole> permRoles) {
         List<String> principals = new ArrayList<String>();
         for (PermissionRole permRole : permRoles) {
             if (!perm.getCsid().equals(permRole.getPermissionId())) {
                 throw new IllegalArgumentException("permission ids do not"
-                        + " match role=" + permRole.getRoleName()
+                        + " match role=" + permRole.getRoleId()
                         + " permission=" + perm.getCsid());
             }
             //assuming permrole belongs to the same perm
-            principals.add(permRole.getRoleName());
+            //FIXME should use role name
+            principals.add(permRole.getRoleId());
         }
         List<PermissionAction> permActions = perm.getAction();
         for (PermissionAction permAction : permActions) {
diff --git a/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGenTest.java b/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGenTest.java
index 16245b9f2..50fb55ae6 100644
--- a/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGenTest.java
+++ b/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGenTest.java
@@ -116,11 +116,13 @@ public class AuthorizationGenTest extends AbstractAuthorizationTestImpl {
         ArrayList<PermissionRole> prl = new ArrayList<PermissionRole>();
         PermissionRole pr = new PermissionRole();
         pr.setPermissionId(id);
-        pr.setRoleName("ROLE_USERS");
+        //FIXME should using role id
+        pr.setRoleId("ROLE_USERS");
         prl.add(pr);
         PermissionRole pr1 = new PermissionRole();
         pr1.setPermissionId(id);
-        pr1.setRoleName("ROLE_ADMINISTRATOR");
+        //FIXME shoudl use role id
+        pr1.setRoleId("ROLE_ADMINISTRATOR");
         prl.add(pr1);
         return prl;
     }
diff --git a/services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml b/services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml
index b5e89cfa9..f58460500 100644
--- a/services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml
+++ b/services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml
@@ -2,18 +2,18 @@
 <ns2:permissions_roles_list xmlns:ns2="http://collectionspace.org/services/authorization">
     <permissionRole>
         <permissionId>1</permissionId>
-        <roleName>ROLE_USERS</roleName>
+        <roleId>ROLE_USERS</roleId>
     </permissionRole>
     <permissionRole>
         <permissionId>1</permissionId>
-        <roleName>ROLE_ADMINISTRATOR</roleName>
+        <roleId>ROLE_ADMINISTRATOR</roleId>
     </permissionRole>
     <permissionRole>
         <permissionId>2</permissionId>
-        <roleName>ROLE_USERS</roleName>
+        <roleId>ROLE_USERS</roleId>
     </permissionRole>
     <permissionRole>
         <permissionId>2</permissionId>
-        <roleName>ROLE_ADMINISTRATOR</roleName>
+        <roleId>ROLE_ADMINISTRATOR</roleId>
     </permissionRole>
 </ns2:permissions_roles_list>
-- 
2.47.3