Ensure views with admin roles and relations

LayerManager · Dec 1, 2023 · bdb1385 · bdb1385
1 parent 90b43eb
commit bdb1385
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 0 deletions.
diff --git a/src/layman/__init__.py b/src/layman/__init__.py
@@ -128,6 +128,10 @@
                         from .layer.prime_db_schema.wfs_wms_status import set_after_restart
                         set_after_restart()
 
+                    logger.info(f'Recreate Role Service admin role views')
+                    from .authz.role_service import ensure_admin_roles
+                    ensure_admin_roles()
+
                 pipe.multi()
                 pipe.set(LAYMAN_DEPS_ADJUSTED_KEY, 'done')
                 pipe.execute()

diff --git a/src/layman/authz/role_service.py b/src/layman/authz/role_service.py
@@ -0,0 +1,24 @@
+from db import util as db_util
+from layman import settings
+
+ROLE_SERVICE_SCHEMA = settings.LAYMAN_INTERNAL_ROLE_SERVICE_SCHEMA
+
+
+def ensure_admin_roles():
+    create_admin_roles_view = f"""CREATE OR REPLACE view {ROLE_SERVICE_SCHEMA}.admin_roles
+    as
+    select 'ADMIN' as name
+    UNION ALL
+    select 'GROUP_ADMIN'
+    UNION ALL
+    select %s
+    ;"""
+    db_util.run_statement(create_admin_roles_view, (settings.LAYMAN_GS_ROLE, ))
+
+    create_admin_user_roles_view = f"""CREATE OR REPLACE view {ROLE_SERVICE_SCHEMA}.admin_user_roles
+    as
+    select %s as username, %s as rolename
+    UNION ALL
+    select %s, 'ADMIN'
+    ;"""
+    db_util.run_statement(create_admin_user_roles_view, (settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER))
diff --git a/src/layman/upgrade/upgrade_v1_23.py b/src/layman/upgrade/upgrade_v1_23.py
@@ -2,6 +2,7 @@
 
 from db import util as db_util
 from layman import settings
+from layman.authz import role_service as role_service_util
 
 logger = logging.getLogger(__name__)
 DB_SCHEMA = settings.LAYMAN_PRIME_SCHEMA
@@ -67,3 +68,5 @@ def create_role_service_schema():
      {DB_SCHEMA}.workspaces w on w.id = u.id_workspace
 ;"""
     db_util.run_statement(create_layman_users_user_roles_view)
+
+    role_service_util.ensure_admin_roles()
diff --git a/src/layman/upgrade/upgrade_v1_23_test.py b/src/layman/upgrade/upgrade_v1_23_test.py
@@ -80,6 +80,8 @@ def test_create_role_service_schema():
     table_existence_query = f'''SELECT COUNT(*) FROM information_schema.tables WHERE table_schema = '{ROLE_SERVICE_SCHEMA}' and table_name = %s;'''
     layman_users_roles_query = f'''select COUNT(*) from {ROLE_SERVICE_SCHEMA}.layman_users_roles where name = %s'''
     layman_users_user_roles_query = f'''select COUNT(*) from {ROLE_SERVICE_SCHEMA}.layman_users_user_roles where username = %s and rolename = %s'''
+    admin_roles_query = f'''select COUNT(*) from {ROLE_SERVICE_SCHEMA}.admin_roles'''
+    admin_user_roles_query = f'''select COUNT(*) from {ROLE_SERVICE_SCHEMA}.admin_user_roles where username = %s and rolename = %s'''
 
     with app.app_context():
         ensure_whole_user(username, userinfo)
@@ -99,3 +101,9 @@ def test_create_role_service_schema():
         assert result == 1
         result = db_util.run_query(layman_users_user_roles_query, (username, rolename,))[0][0]
         assert result == 1
+        result = db_util.run_query(admin_roles_query)[0][0]
+        assert result == 3
+        result = db_util.run_query(admin_user_roles_query, ('layman_test', 'LAYMAN_TEST_ROLE',))[0][0]
+        assert result == 1
+        result = db_util.run_query(admin_user_roles_query, ('layman_test', 'ADMIN',))[0][0]
+        assert result == 1