Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

165 Apply roles for Get Workspace Layer #965

Merged
merged 9 commits into from
Dec 5, 2023
Next Next commit
Create LAYMAN_INTERNAL_ROLE_SERVICE_SCHEMA schema
  • Loading branch information
index-git committed Dec 5, 2023
commit 25af879ac1664170aec63f16020d23c621302570
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
### Migrations and checks
#### Schema migrations
- [#165](https://github.com/LayerManager/layman/issues/165) Add column `role_name` to table `rights` in prime DB schema. Add constraint that exactly one of columns `role_name` and `id_user` is not null.
- [#164](https://github.com/LayerManager/layman/issues/165) Create internal GeoServer [JDBC Role Service](https://docs.geoserver.org/2.21.x/en/user/security/usergrouprole/roleservices.html#jdbc-role-service) DB schema `_role_service`.
#### Data migrations
### Changes
- [#165](https://github.com/LayerManager/layman/issues/165) POST Workspace [Layers](doc/rest.md#post-workspace-layers)/[Maps](doc/rest.md#post-workspace-maps) and PATCH Workspace [Layer](doc/rest.md#patch-workspace-layer)/[Map](doc/rest.md#patch-workspace-map) saves [role names](doc/models.md#role) mentioned in `access_rights.read` and `access_rights.write` parameters into DB.
Expand Down
1 change: 1 addition & 0 deletions src/layman/upgrade/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
]),
((1, 23, 0), [
upgrade_v1_23.adjust_db_for_roles,
upgrade_v1_23.create_role_service_schema,
]),
],
consts.MIGRATION_TYPE_DATA: [
Expand Down
8 changes: 8 additions & 0 deletions src/layman/upgrade/upgrade_v1_23.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

logger = logging.getLogger(__name__)
DB_SCHEMA = settings.LAYMAN_PRIME_SCHEMA
ROLE_SERVICE_SCHEMA = settings.LAYMAN_INTERNAL_ROLE_SERVICE_SCHEMA


def adjust_db_for_roles():
Expand All @@ -24,3 +25,10 @@ def adjust_db_for_roles():
'''

db_util.run_statement(statement)


def create_role_service_schema():
logger.info(f' Create internal role service schema')

statement = f"""CREATE SCHEMA IF NOT EXISTS "{ROLE_SERVICE_SCHEMA}" AUTHORIZATION {settings.LAYMAN_PG_USER};"""
db_util.run_statement(statement)
15 changes: 15 additions & 0 deletions src/layman/upgrade/upgrade_v1_23_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
from . import upgrade_v1_23

DB_SCHEMA = settings.LAYMAN_PRIME_SCHEMA
ROLE_SERVICE_SCHEMA = settings.LAYMAN_INTERNAL_ROLE_SERVICE_SCHEMA


@pytest.mark.usefixtures('ensure_layman', 'oauth2_provider_mock')
Expand Down Expand Up @@ -58,3 +59,17 @@ def test_adjust_db_for_roles():
assert len(rights_rows) == 1
assert rights_rows[0][1] is not None, f"id_user is none!"
assert rights_rows[0][2] is None, f"role_name is not none!"


def test_create_role_service_schema():
drop_statement = f'''DROP SCHEMA IF EXISTS {ROLE_SERVICE_SCHEMA};'''
schema_existence_query = f'''SELECT schema_name FROM information_schema.schemata WHERE schema_name = '{ROLE_SERVICE_SCHEMA}';'''
with app.app_context():
db_util.run_statement(drop_statement)
result = len(db_util.run_query(schema_existence_query))
assert result == 0

upgrade_v1_23.create_role_service_schema()

result = len(db_util.run_query(schema_existence_query))
assert result == 1
3 changes: 3 additions & 0 deletions src/layman_settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,9 @@ class EnumWfsWmsStatus(Enum):
"should be used for " \
"PG_PRIME_SCHEMA. "

# Name of schema, where Layman maintains internal GS JDBC Role Service.
LAYMAN_INTERNAL_ROLE_SERVICE_SCHEMA = '_role_service'

# List of schemas that are not allowed to be used as usernames.
PG_NON_USER_SCHEMAS = [
'public',
Expand Down