Skip to content

Commit

Permalink
Delete technical roles from former GeoServer role service
Browse files Browse the repository at this point in the history
  • Loading branch information
index-git committed Jan 3, 2024
1 parent 7bb7995 commit bd8665d
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
- [#165](https://github.com/LayerManager/layman/issues/165) Add column `role_name` to table `rights` in prime DB schema. Add constraint that exactly one of columns `role_name` and `id_user` is not null.
- [#165](https://github.com/LayerManager/layman/issues/165) Create internal GeoServer [JDBC Role Service](https://docs.geoserver.org/2.21.x/en/user/security/usergrouprole/roleservices.html#jdbc-role-service) DB schema `_role_service`.
#### Data migrations
- [#165](https://github.com/LayerManager/layman/issues/165) Delete technical roles and user-role relations in GeoServer `default` role service, which is now replaced by JDBC role service.
### Changes
- [#165](https://github.com/LayerManager/layman/issues/165) POST Workspace [Layers](doc/rest.md#post-workspace-layers)/[Maps](doc/rest.md#post-workspace-maps) and PATCH Workspace [Layer](doc/rest.md#patch-workspace-layer)/[Map](doc/rest.md#patch-workspace-map) saves [role names](doc/models.md#role) mentioned in `access_rights.read` and `access_rights.write` parameters into DB.
- [#165](https://github.com/LayerManager/layman/issues/165) Many endpoints respect role access rights:
Expand Down
3 changes: 3 additions & 0 deletions src/layman/upgrade/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,9 @@
upgrade_v1_22.remove_authn_txt_files,
upgrade_v1_22.insert_map_layer_relations,
]),
((1, 23, 0), [
upgrade_v1_23.delete_user_roles,
]),
],
}

Expand Down
36 changes: 35 additions & 1 deletion src/layman/upgrade/upgrade_v1_23.py
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
from urllib.parse import urljoin
import logging
import requests

from geoserver import util as gs_util
from geoserver import util as gs_util, GS_REST, GS_REST_TIMEOUT
from db import util as db_util
from layman import settings
from layman.common.prime_db_schema import users

logger = logging.getLogger(__name__)
DB_SCHEMA = settings.LAYMAN_PRIME_SCHEMA
Expand Down Expand Up @@ -124,3 +127,34 @@ def create_role_service_schema():
db_util.run_statement(create_user_roles_view)

gs_util.reload(settings.LAYMAN_GS_AUTH)


def delete_user_roles():
logger.info(f' Delete user roles from GeoServer')

role_service = 'default'
gs_rest_roles = urljoin(GS_REST, f'security/roles/service/{role_service}/')

for user in users.get_usernames():
logger.info(f' Delete user {user}')
for role in [f'USER_{user}', settings.LAYMAN_GS_ROLE]:
r_url = urljoin(gs_rest_roles, f'role/{role}/user/{user}/')
response = requests.delete(
r_url,
headers=gs_util.headers_json,
auth=settings.LAYMAN_GS_AUTH,
timeout=GS_REST_TIMEOUT,
)
association_not_exists = response.status_code == 404
if not association_not_exists:
response.raise_for_status()

response = requests.delete(
urljoin(gs_rest_roles, 'role/' + role),
headers=gs_util.headers_json,
auth=settings.LAYMAN_GS_AUTH,
timeout=GS_REST_TIMEOUT,
)
role_not_exists = response.status_code == 404
if not role_not_exists:
response.raise_for_status()

0 comments on commit bd8665d

Please sign in to comment.