diff --git a/src/main/java/cz/cvut/kbss/study/model/User.java b/src/main/java/cz/cvut/kbss/study/model/User.java index 0685c80c..27c3537f 100644 --- a/src/main/java/cz/cvut/kbss/study/model/User.java +++ b/src/main/java/cz/cvut/kbss/study/model/User.java @@ -11,6 +11,7 @@ import cz.cvut.kbss.study.model.util.HasDerivableUri; import cz.cvut.kbss.study.util.Constants; import cz.cvut.kbss.study.util.IdentificationUtils; +import cz.cvut.kbss.study.util.RoleAssignmentUtil; import org.springframework.security.crypto.password.PasswordEncoder; import java.io.Serializable; @@ -61,9 +62,22 @@ public class User implements HasDerivableUri, Serializable { @OWLObjectProperty(iri = Vocabulary.s_p_is_member_of, fetch = FetchType.EAGER) private Institution institution; + @OWLDataProperty(iri = Vocabulary.s_p_role_group) + private String roleGroup; + @Types private Set types; + public String getRoleGroup() { + return roleGroup; + } + + public void setRoleGroup(String roleGroup) { + this.roleGroup = roleGroup; + this.types.clear(); + this.types = RoleAssignmentUtil.assignRolesForGroup(this.roleGroup); + } + public User() { this.types = new HashSet<>(); types.add(Vocabulary.s_c_doctor); @@ -216,7 +230,7 @@ public User copy() { copy.setInstitution(institution); copy.setIsInvited(isInvited); copy.setToken(token); - types.forEach(copy::addType); + copy.setRoleGroup(roleGroup); return copy; } diff --git a/src/main/java/cz/cvut/kbss/study/service/SystemInitializer.java b/src/main/java/cz/cvut/kbss/study/service/SystemInitializer.java index dc6795ff..223fd834 100644 --- a/src/main/java/cz/cvut/kbss/study/service/SystemInitializer.java +++ b/src/main/java/cz/cvut/kbss/study/service/SystemInitializer.java @@ -3,6 +3,7 @@ import cz.cvut.kbss.study.model.Institution; import cz.cvut.kbss.study.model.User; import cz.cvut.kbss.study.model.Vocabulary; +import cz.cvut.kbss.study.util.Constants; import jakarta.annotation.PostConstruct; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -52,6 +53,7 @@ private void addDefaultAdministrator() { admin.setPassword("5y5t3mAdm1n."); admin.setInstitution(institutionService.findByName(INSTITUTION_NAME)); admin.setIsInvited(true); + admin.setRoleGroup(Constants.OPERATOR_ADMIN); admin.getTypes().add(Vocabulary.s_c_administrator); LOG.debug("Persisting default administrator {}", admin); userService.persist(admin); diff --git a/src/main/java/cz/cvut/kbss/study/util/Constants.java b/src/main/java/cz/cvut/kbss/study/util/Constants.java index 58289c76..19cdbb3b 100644 --- a/src/main/java/cz/cvut/kbss/study/util/Constants.java +++ b/src/main/java/cz/cvut/kbss/study/util/Constants.java @@ -68,4 +68,10 @@ private Constants() { * Excel MIME type */ public static final String MEDIA_TYPE_EXCEL = "application/vnd.ms-excel"; + + public static final String OPERATOR_ADMIN = "OPERATOR_ADMIN"; + public static final String OPERATOR_USER = "OPERATOR_USER"; + public static final String SUPPLIER_ADMIN = "SUPPLIER_ADMIN"; + public static final String SUPPLIER_USER = "SUPPLIER_USER"; + public static final String EXTERNAL_USER = "EXTERNAL_USER"; } diff --git a/src/main/java/cz/cvut/kbss/study/util/RoleAssignmentUtil.java b/src/main/java/cz/cvut/kbss/study/util/RoleAssignmentUtil.java new file mode 100644 index 00000000..7da11836 --- /dev/null +++ b/src/main/java/cz/cvut/kbss/study/util/RoleAssignmentUtil.java @@ -0,0 +1,78 @@ +package cz.cvut.kbss.study.util; + +import cz.cvut.kbss.study.model.Vocabulary; + +import java.util.*; + +public class RoleAssignmentUtil { + + public static final Set OPERATOR_ADMIN_ROLES = new HashSet<>( + Set.of( + Vocabulary.s_c_administrator, + Vocabulary.s_c_doctor, + Vocabulary.s_c_edit_users, + Vocabulary.s_c_publish_records, + Vocabulary.s_c_reject_records, + Vocabulary.s_c_view_organization_records, + Vocabulary.s_c_edit_organization_records, + Vocabulary.s_c_delete_organization_records, + Vocabulary.s_c_complete_records, + Vocabulary.s_c_import_codelists + ) + ); + + public static final Set OPERATOR_USER_ROLES = new HashSet<>( + Set.of( + Vocabulary.s_c_complete_records + ) + ); + + public static final Set SUPPLIER_ADMIN_ROLES = new HashSet<>( + Set.of( + Vocabulary.s_c_administrator, + Vocabulary.s_c_doctor, + Vocabulary.s_c_edit_users, + Vocabulary.s_c_reject_records, + Vocabulary.s_c_view_organization_records, + Vocabulary.s_c_edit_organization_records, + Vocabulary.s_c_delete_organization_records, + Vocabulary.s_c_complete_records, + Vocabulary.s_c_import_codelists, + Vocabulary.s_c_edit_all_records, + Vocabulary.s_c_delete_all_records, + Vocabulary.s_c_view_all_records + ) + ); + + public static final Set SUPPLIER_USER_ROLES = new HashSet<>( + Set.of( + Vocabulary.s_c_complete_records + ) + ); + + public static final Map> roleGroups = Map.of( + Constants.OPERATOR_ADMIN, OPERATOR_ADMIN_ROLES, + Constants.OPERATOR_USER, OPERATOR_USER_ROLES, + Constants.SUPPLIER_ADMIN, SUPPLIER_ADMIN_ROLES, + Constants.SUPPLIER_USER, SUPPLIER_USER_ROLES, + Constants.EXTERNAL_USER, defaultRoles() + ); + + + public static Set assignRolesForGroup(String group) { + if(group != null) + return roleGroups.getOrDefault(group, defaultRoles()); + return defaultRoles(); + } + + /** + * Default roles to be assigned if the group is not recognized. + * + * @return A set of default roles + */ + private static Set defaultRoles() { + Set defaultRoles = new HashSet<>(); + defaultRoles.add(Vocabulary.s_c_doctor); + return defaultRoles; + } +} diff --git a/src/main/resources/model.ttl b/src/main/resources/model.ttl index 87a04aaa..770cf23e 100644 --- a/src/main/resources/model.ttl +++ b/src/main/resources/model.ttl @@ -66,6 +66,10 @@ rm:has-question rdf:type owl:ObjectProperty ; rm:is-member-of rdf:type owl:ObjectProperty ; rdfs:subPropertyOf rm:relates-to . +### http://onto.fel.cvut.cz/ontologies/record-manager/role-group +rm:role-group rdf:type owl:ObjectProperty ; + rdfs:subPropertyOf rm:relates-to . + ### http://onto.fel.cvut.cz/ontologies/record-manager/relates-to rm:relates-to rdf:type owl:ObjectProperty . diff --git a/src/test/java/cz/cvut/kbss/study/service/security/SecurityUtilsTest.java b/src/test/java/cz/cvut/kbss/study/service/security/SecurityUtilsTest.java index 8ee0bfc4..3b3008e9 100644 --- a/src/test/java/cz/cvut/kbss/study/service/security/SecurityUtilsTest.java +++ b/src/test/java/cz/cvut/kbss/study/service/security/SecurityUtilsTest.java @@ -12,6 +12,7 @@ import cz.cvut.kbss.study.security.model.UserDetails; import cz.cvut.kbss.study.service.ConfigReader; import cz.cvut.kbss.study.util.ConfigParam; +import cz.cvut.kbss.study.util.Constants; import cz.cvut.kbss.study.util.IdentificationUtils; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; @@ -66,6 +67,7 @@ public void setUp() { Institution institution = Generator.generateInstitution(); institution.setKey(IdentificationUtils.generateKey()); this.user = Generator.getUser(USERNAME, PASSWORD, "John", "Johnie", "Johnie@gmail.com", institution); + this.user.setRoleGroup(Constants.OPERATOR_ADMIN); user.generateUri(); }