diff --git a/src/main/java/cz/cvut/kbss/study/config/SecurityConfig.java b/src/main/java/cz/cvut/kbss/study/config/SecurityConfig.java index a9036481..c7e54461 100644 --- a/src/main/java/cz/cvut/kbss/study/config/SecurityConfig.java +++ b/src/main/java/cz/cvut/kbss/study/config/SecurityConfig.java @@ -80,7 +80,7 @@ public SecurityFilterChain filterChain(HttpSecurity http, ConfigReader config, LOG.debug("Using internal security mechanisms."); final AuthenticationManager authManager = buildAuthenticationManager(http); http.authorizeHttpRequests( - (auth) -> auth.requestMatchers("/rest/users/impersonate").hasAuthority(Role.administrator.name()) + (auth) -> auth.requestMatchers("/rest/users/impersonate").hasAuthority(Role.administrator.toString()) .anyRequest().permitAll()) .cors((auth) -> auth.configurationSource(corsConfigurationSource(config))) .csrf(AbstractHttpConfigurer::disable) diff --git a/src/main/java/cz/cvut/kbss/study/model/Role.java b/src/main/java/cz/cvut/kbss/study/model/Role.java index cb7807f8..a940e129 100644 --- a/src/main/java/cz/cvut/kbss/study/model/Role.java +++ b/src/main/java/cz/cvut/kbss/study/model/Role.java @@ -1,66 +1,78 @@ package cz.cvut.kbss.study.model; +import com.fasterxml.jackson.annotation.JsonValue; import cz.cvut.kbss.jopa.model.annotations.Individual; -import java.util.Optional; -import org.apache.poi.ss.formula.atp.Switch; +import cz.cvut.kbss.study.security.SecurityConstants; public enum Role { // TODO deprecated -- should be removed. - @Individual(iri=Vocabulary.s_i_administrator) - administrator(Vocabulary.s_i_administrator), + @Individual(iri=Vocabulary.s_i_RM_ADMIN) + administrator(SecurityConstants.administrator, Vocabulary.s_i_RM_ADMIN), // TODO deprecated -- should be removed. - @Individual(iri = Vocabulary.s_i_user) - user(Vocabulary.s_i_user), + @Individual(iri = Vocabulary.s_i_RM_USER) + user(SecurityConstants.user, Vocabulary.s_i_RM_USER), @Individual(iri = Vocabulary.s_i_impersonate_role) - impersonate(Vocabulary.s_i_impersonate_role), + impersonate(SecurityConstants.impersonate, Vocabulary.s_i_impersonate_role), @Individual(iri = Vocabulary.s_i_delete_all_records_role) - deleteAllRecords(Vocabulary.s_i_delete_all_records_role), + deleteAllRecords(SecurityConstants.deleteAllRecords, Vocabulary.s_i_delete_all_records_role), @Individual(iri = Vocabulary.s_i_view_all_records_role) - viewAllRecords(Vocabulary.s_i_view_all_records_role), + viewAllRecords(SecurityConstants.viewAllRecords, Vocabulary.s_i_view_all_records_role), @Individual(iri = Vocabulary.s_i_edit_all_records_role) - editAllRecords(Vocabulary.s_i_edit_all_records_role), + editAllRecords(SecurityConstants.editAllRecords, Vocabulary.s_i_edit_all_records_role), @Individual(iri = Vocabulary.s_i_delete_organization_records_role) - deleteOrganizationRecords(Vocabulary.s_i_delete_organization_records_role), + deleteOrganizationRecords(SecurityConstants.deleteOrganizationRecords, Vocabulary.s_i_delete_organization_records_role), @Individual(iri = Vocabulary.s_i_view_organization_records_role) - viewOrganizationRecords(Vocabulary.s_i_view_organization_records_role), + viewOrganizationRecords(SecurityConstants.viewOrganizationRecords, Vocabulary.s_i_view_organization_records_role), @Individual(iri = Vocabulary.s_i_edit_organization_records_role) - editOrganizationRecords(Vocabulary.s_i_edit_organization_records_role), + editOrganizationRecords(SecurityConstants.editOrganizationRecords, Vocabulary.s_i_edit_organization_records_role), @Individual(iri = Vocabulary.s_i_edit_users_role) - editUsers(Vocabulary.s_i_edit_users_role), + editUsers(SecurityConstants.editUsers, Vocabulary.s_i_edit_users_role), @Individual(iri = Vocabulary.s_i_complete_records_role) - completeRecords(Vocabulary.s_i_complete_records_role), + completeRecords(SecurityConstants.completeRecords, Vocabulary.s_i_complete_records_role), @Individual(iri = Vocabulary.s_i_reject_records_role) - rejectRecords(Vocabulary.s_i_reject_records_role), + rejectRecords(SecurityConstants.rejectRecords, Vocabulary.s_i_reject_records_role), @Individual(iri = Vocabulary.s_i_publish_records_role) - publishRecords(Vocabulary.s_i_publish_records_role), + publishRecords(SecurityConstants.publishRecords ,Vocabulary.s_i_publish_records_role), @Individual(iri = Vocabulary.s_i_import_codelists_role) - importCodelists(Vocabulary.s_i_import_codelists_role); + importCodelists(SecurityConstants.importCodelists, Vocabulary.s_i_import_codelists_role); private final String iri; - Role(String iri) { + public final String roleName; + + Role(String roleName, String iri) { this.iri = iri; + this.roleName = roleName; } - + @JsonValue + public String getRoleName(){ + return roleName; + } public String getIri() { return iri; } + + @Override + public String toString() { + return roleName; + } + /** * Returns {@link Role} with the specified IRI. * @@ -86,7 +98,7 @@ public static Role fromIri(String iri) { */ public static Role fromName(String name) { for (Role r : values()) { - if (r.name().equalsIgnoreCase(name)) { + if (r.roleName.equalsIgnoreCase(name)) { return r; } } diff --git a/src/main/java/cz/cvut/kbss/study/model/User.java b/src/main/java/cz/cvut/kbss/study/model/User.java index 498c8c28..dd44586d 100644 --- a/src/main/java/cz/cvut/kbss/study/model/User.java +++ b/src/main/java/cz/cvut/kbss/study/model/User.java @@ -57,7 +57,7 @@ public class User implements HasDerivableUri, Serializable { @OWLObjectProperty(iri = Vocabulary.s_p_is_member_of, fetch = FetchType.EAGER) private Institution institution; - @OWLObjectProperty(iri = Vocabulary.s_p_has_role_group) + @OWLObjectProperty(iri = Vocabulary.s_p_has_role_group, fetch = FetchType.EAGER) private RoleGroup roleGroup; public User() { diff --git a/src/main/java/cz/cvut/kbss/study/persistence/dao/UserDao.java b/src/main/java/cz/cvut/kbss/study/persistence/dao/UserDao.java index ea2a51ce..ed06a0f0 100644 --- a/src/main/java/cz/cvut/kbss/study/persistence/dao/UserDao.java +++ b/src/main/java/cz/cvut/kbss/study/persistence/dao/UserDao.java @@ -87,7 +87,7 @@ public int getNumberOfInvestigators() { .setParameter("typeUser", URI.create(Vocabulary.s_c_Person)) .setParameter("hasRoleGroup", URI.create(Vocabulary.s_p_has_role_group)) .setParameter("hasRole", URI.create(Vocabulary.s_p_has_role)) - .setParameter("typeAdmin", URI.create(Vocabulary.s_i_administrator)).getSingleResult() + .setParameter("typeAdmin", URI.create(Vocabulary.s_i_RM_ADMIN)).getSingleResult() ).intValue(); } } diff --git a/src/main/java/cz/cvut/kbss/study/security/CustomSwitchUserFilter.java b/src/main/java/cz/cvut/kbss/study/security/CustomSwitchUserFilter.java index fbc4654a..a34b7c52 100644 --- a/src/main/java/cz/cvut/kbss/study/security/CustomSwitchUserFilter.java +++ b/src/main/java/cz/cvut/kbss/study/security/CustomSwitchUserFilter.java @@ -15,7 +15,7 @@ public class CustomSwitchUserFilter extends SwitchUserFilter { @Override protected Authentication attemptSwitchUser(HttpServletRequest request) throws AuthenticationException { final Authentication switchTo = super.attemptSwitchUser(request); - if (switchTo.getAuthorities().stream().anyMatch(a -> Role.administrator.name().equals(a.getAuthority()))) { + if (switchTo.getAuthorities().stream().anyMatch(a -> Role.administrator.getRoleName().equals(a.getAuthority()))) { throw new BadRequestException("Cannot impersonate admin."); } return switchTo; diff --git a/src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java b/src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java index 0443e8e7..ea255f64 100644 --- a/src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java +++ b/src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java @@ -27,32 +27,32 @@ private SecurityConstants() { */ public static final int SESSION_TIMEOUT = 12 * 60 * 60; - public static final String user = "user"; + public static final String user = "ROLE_USER"; - public static final String administrator = "administrator"; + public static final String administrator = "ROLE_ADMIN"; public static final String impersonate = "impersonate"; - public static final String deleteAllRecords = "deleteAllRecords"; + public static final String deleteAllRecords = "delete-all-records"; - public static final String viewAllRecords = "viewAllRecords"; + public static final String viewAllRecords = "view-all-records"; - public static final String editAllRecords = "editAllRecords"; + public static final String editAllRecords = "edit-all-records"; - public static final String deleteOrganizationRecords = "deleteOrganizationRecords"; + public static final String deleteOrganizationRecords = "delete-organization-records"; - public static final String viewOrganizationRecords = "viewOrganizationRecords"; + public static final String viewOrganizationRecords = "view-organization-records"; - public static final String editOrganizationRecords = "editOrganizationRecords"; + public static final String editOrganizationRecords = "edit-organization-records"; - public static final String editUsers = "editUsers"; + public static final String editUsers = "edit-users"; - public static final String completeRecords = "completeRecords"; + public static final String completeRecords = "complete-records"; - public static final String rejectRecords = "rejectRecords"; + public static final String rejectRecords = "reject-records"; - public static final String publishRecords = "publishRecords"; + public static final String publishRecords = "publish-records"; - public static final String importCodelists = "importCodelists"; + public static final String importCodelists = "import-codelists"; } diff --git a/src/main/java/cz/cvut/kbss/study/security/model/UserDetails.java b/src/main/java/cz/cvut/kbss/study/security/model/UserDetails.java index 2c7b3897..b02a9f21 100644 --- a/src/main/java/cz/cvut/kbss/study/security/model/UserDetails.java +++ b/src/main/java/cz/cvut/kbss/study/security/model/UserDetails.java @@ -38,7 +38,7 @@ public UserDetails(User user, Collection authorities) { private void resolveRoles() { authorities.addAll( user.getRoleGroup().getRoles().stream() - .map(r -> new SimpleGrantedAuthority(r.name())) + .map(r -> new SimpleGrantedAuthority(r.getRoleName())) .toList()); authorities.add(new SimpleGrantedAuthority(Role.user.name())); } diff --git a/src/main/resources/model.ttl b/src/main/resources/model.ttl index 5364edc4..a2dd7798 100644 --- a/src/main/resources/model.ttl +++ b/src/main/resources/model.ttl @@ -66,10 +66,6 @@ rm:has-question rdf:type owl:ObjectProperty ; rm:is-member-of rdf:type owl:ObjectProperty ; rdfs:subPropertyOf rm:relates-to . -### http://onto.fel.cvut.cz/ontologies/record-manager/role-group -rm:role-group rdf:type owl:ObjectProperty ; - rdfs:subPropertyOf rm:relates-to . - ### http://onto.fel.cvut.cz/ontologies/record-manager/relates-to rm:relates-to rdf:type owl:ObjectProperty . @@ -79,16 +75,19 @@ rm:relates-to rdf:type owl:ObjectProperty . rm:was-treated-at rdf:type owl:ObjectProperty ; rdfs:subPropertyOf rm:relates-to . + ### http://onto.fel.cvut.cz/ontologies/record-manager/has-phase rm:has-phase rdf:type owl:ObjectProperty ; rdfs:subPropertyOf rdf:type ; rdfs:label "has phase"@en . + ### http://onto.fel.cvut.cz/ontologies/record-manager/has-role-group rm:has-role-group rdf:type owl:ObjectProperty ; rdfs:subPropertyOf rm:relates-to; rdfs:label "has role group"@en. + ### http://onto.fel.cvut.cz/ontologies/record-manager/has-role rm:has-role rdf:type owl:ObjectProperty ; rdfs:subPropertyOf rm:relates-to; @@ -153,17 +152,6 @@ rm:token rdf:type owl:DatatypeProperty . rm:action-history rdf:type owl:Class ; rdfs:label "ActionHistory"@en . - -### http://onto.fel.cvut.cz/ontologies/record-manager/administrator-role-group -rm:administrator-role-group rdf:type owl:Class ; - rdfs:label "Administrator"@en . - - -### http://onto.fel.cvut.cz/ontologies/record-manager/doctor-role-group -rm:doctor-role-group rdf:type owl:Class ; - rdfs:label "Doctor"@en . - - ### http://onto.fel.cvut.cz/ontologies/record-manager/institution rm:institution rdf:type owl:Class ; rdfs:label "Institution"@en . @@ -226,12 +214,12 @@ rm:role-group rdf:type owl:Class; ### http://onto.fel.cvut.cz/ontologies/record-manager/administrator ### TODO deprecated -rm:administrator rdf:type owl:NamedIndividual, rm:role ; +rm:RM_ADMIN rdf:type owl:NamedIndividual, rm:role ; rdfs:label "administrator"@en . ### http://onto.fel.cvut.cz/ontologies/record-manager/user ### TODO deprecated -rm:user rdf:type owl:NamedIndividual, rm:role ; +rm:RM_USER rdf:type owl:NamedIndividual, rm:role ; rdfs:label "user"@en . ### http://onto.fel.cvut.cz/ontologies/record-manager/complete-records-role diff --git a/src/test/java/cz/cvut/kbss/study/model/RoleTest.java b/src/test/java/cz/cvut/kbss/study/model/RoleTest.java index 8f7209dc..e48a9985 100644 --- a/src/test/java/cz/cvut/kbss/study/model/RoleTest.java +++ b/src/test/java/cz/cvut/kbss/study/model/RoleTest.java @@ -1,5 +1,6 @@ package cz.cvut.kbss.study.model; +import cz.cvut.kbss.study.security.SecurityConstants; import org.junit.jupiter.api.Test; import static org.junit.jupiter.api.Assertions.*; @@ -7,7 +8,7 @@ class RoleTest { @Test void fromIriReturnsCorrectRole() { - assertEquals(Role.administrator, Role.fromIri(Vocabulary.s_i_administrator)); + assertEquals(Role.administrator, Role.fromIri(Vocabulary.s_i_RM_ADMIN)); assertEquals(Role.viewAllRecords, Role.fromIri(Vocabulary.s_i_view_all_records_role)); } @@ -23,14 +24,14 @@ void fromIriThrowsExceptionForUnknownIri() { @Test void fromNameReturnsCorrectRole() { - assertEquals(Role.administrator, Role.fromName("administrator")); - assertEquals(Role.viewAllRecords, Role.fromName("viewAllRecords")); + assertEquals(Role.administrator, Role.fromName(SecurityConstants.administrator)); + assertEquals(Role.viewAllRecords, Role.fromName(SecurityConstants.viewAllRecords)); } @Test void fromNameIsCaseInsensitive() { - assertEquals(Role.administrator, Role.fromName("ADMINISTRATOR")); - assertEquals(Role.viewAllRecords, Role.fromName("VIEWALLRECORDS")); + assertEquals(Role.administrator, Role.fromName(SecurityConstants.administrator.toLowerCase())); + assertEquals(Role.viewAllRecords, Role.fromName(SecurityConstants.viewAllRecords.toUpperCase())); } @Test @@ -45,19 +46,19 @@ void fromNameThrowsExceptionForUnknownName() { @Test void fromIriOrNameReturnsRoleByIri() { - assertEquals(Role.administrator, Role.fromIriOrName(Vocabulary.s_i_administrator)); + assertEquals(Role.administrator, Role.fromIriOrName(Vocabulary.s_i_RM_ADMIN)); assertEquals(Role.viewAllRecords, Role.fromIriOrName(Vocabulary.s_i_view_all_records_role)); } @Test void fromIriOrNameReturnsRoleByName() { - assertEquals(Role.administrator, Role.fromIriOrName("administrator")); - assertEquals(Role.viewAllRecords, Role.fromIriOrName("viewAllRecords")); + assertEquals(Role.administrator, Role.fromIriOrName(SecurityConstants.administrator)); + assertEquals(Role.viewAllRecords, Role.fromIriOrName(SecurityConstants.viewAllRecords)); } @Test void fromIriOrNameIsCaseInsensitiveForName() { - assertEquals(Role.administrator, Role.fromIriOrName("ADMINISTRATOR")); + assertEquals(Role.administrator, Role.fromIriOrName(SecurityConstants.administrator.toLowerCase())); } @Test diff --git a/src/test/java/cz/cvut/kbss/study/persistence/dao/PatientRecordDaoTest.java b/src/test/java/cz/cvut/kbss/study/persistence/dao/PatientRecordDaoTest.java index 450b9f72..2c466d60 100644 --- a/src/test/java/cz/cvut/kbss/study/persistence/dao/PatientRecordDaoTest.java +++ b/src/test/java/cz/cvut/kbss/study/persistence/dao/PatientRecordDaoTest.java @@ -64,7 +64,6 @@ public class PatientRecordDaoTest extends BaseDaoTestRunner { public void setUp() { this.roleGroupAdmin = Generator.generateRoleGroupWithRoles(Role.administrator); transactional(() -> roleGroupDao.persist(roleGroupAdmin)); - int a =4; } @Test