diff --git a/src/main/java/cz/cvut/kbss/study/config/OAuth2SecurityConfig.java b/src/main/java/cz/cvut/kbss/study/config/OAuth2SecurityConfig.java index 34be7fdf..c791dfcb 100644 --- a/src/main/java/cz/cvut/kbss/study/config/OAuth2SecurityConfig.java +++ b/src/main/java/cz/cvut/kbss/study/config/OAuth2SecurityConfig.java @@ -79,7 +79,7 @@ private Converter grantedAuthoritiesExtractor( assert extractedRoles != null; final Set authorities = new HashSet<>(extractedRoles); // Add default role if it is not present - authorities.add(new SimpleGrantedAuthority(SecurityConstants.user)); + authorities.add(new SimpleGrantedAuthority(SecurityConstants.ROLE_USER)); return new JwtAuthenticationToken(source, authorities); }; } diff --git a/src/main/java/cz/cvut/kbss/study/model/Role.java b/src/main/java/cz/cvut/kbss/study/model/Role.java index 37bf8dab..988cbe26 100644 --- a/src/main/java/cz/cvut/kbss/study/model/Role.java +++ b/src/main/java/cz/cvut/kbss/study/model/Role.java @@ -8,10 +8,10 @@ public enum Role { // TODO deprecated -- should be removed. @Individual(iri=Vocabulary.s_i_RM_ADMIN) - administrator(SecurityConstants.administrator, Vocabulary.s_i_RM_ADMIN), + administrator(SecurityConstants.ROLE_ADMIN, Vocabulary.s_i_RM_ADMIN), // TODO deprecated -- should be removed. @Individual(iri = Vocabulary.s_i_RM_USER) - user(SecurityConstants.user, Vocabulary.s_i_RM_USER), + user(SecurityConstants.ROLE_USER, Vocabulary.s_i_RM_USER), @Individual(iri = Vocabulary.s_i_impersonate_role) impersonate(SecurityConstants.impersonate, Vocabulary.s_i_impersonate_role), diff --git a/src/main/java/cz/cvut/kbss/study/rest/ActionHistoryController.java b/src/main/java/cz/cvut/kbss/study/rest/ActionHistoryController.java index e460f51d..f6a32a4e 100644 --- a/src/main/java/cz/cvut/kbss/study/rest/ActionHistoryController.java +++ b/src/main/java/cz/cvut/kbss/study/rest/ActionHistoryController.java @@ -54,7 +54,7 @@ public void create(@RequestBody ActionHistory actionHistory) { } } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @GetMapping(produces = MediaType.APPLICATION_JSON_VALUE) public List getActions(@RequestParam(value = "author", required = false) String authorUsername, @RequestParam(value = "type", required = false) String type, @@ -73,7 +73,7 @@ public List getActions(@RequestParam(value = "author", required = return result.getContent(); } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @GetMapping(value = "/{key}", produces = MediaType.APPLICATION_JSON_VALUE) public ActionHistory getByKey(@PathVariable("key") String key) { final ActionHistory action = actionHistoryService.findByKey(key); diff --git a/src/main/java/cz/cvut/kbss/study/rest/FormGenController.java b/src/main/java/cz/cvut/kbss/study/rest/FormGenController.java index 91b5c3bf..dc7628f0 100644 --- a/src/main/java/cz/cvut/kbss/study/rest/FormGenController.java +++ b/src/main/java/cz/cvut/kbss/study/rest/FormGenController.java @@ -9,7 +9,7 @@ import org.springframework.web.bind.annotation.*; @RestController -@PreAuthorize("hasAuthority('" + SecurityConstants.user + "')") +@PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_USER + "')") @RequestMapping("/formGen") public class FormGenController extends BaseController { diff --git a/src/main/java/cz/cvut/kbss/study/rest/InstitutionController.java b/src/main/java/cz/cvut/kbss/study/rest/InstitutionController.java index 1a3bbc9a..e64abc18 100644 --- a/src/main/java/cz/cvut/kbss/study/rest/InstitutionController.java +++ b/src/main/java/cz/cvut/kbss/study/rest/InstitutionController.java @@ -30,7 +30,7 @@ import static cz.cvut.kbss.study.rest.util.RecordFilterMapper.constructRecordFilter; @RestController -@PreAuthorize("hasAuthority('" + SecurityConstants.user + "')") +@PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_USER + "')") @RequestMapping("/institutions") public class InstitutionController extends BaseController { @@ -44,7 +44,7 @@ public InstitutionController(InstitutionService institutionService, this.recordService = recordService; } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @GetMapping(produces = MediaType.APPLICATION_JSON_VALUE) public List getAllInstitutions() { final List institutions = institutionService.findAll(); @@ -52,8 +52,8 @@ public List getAllInstitutions() { return institutions; } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "') " + - "or hasAuthority('" + SecurityConstants.user + "') and @securityUtils.isMemberOfInstitution(#key)") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') " + + "or hasAuthority('" + SecurityConstants.ROLE_USER + "') and @securityUtils.isMemberOfInstitution(#key)") @GetMapping(value = "/{key}", produces = MediaType.APPLICATION_JSON_VALUE) public Institution findByKey(@PathVariable("key") String key) { return findInternal(key); @@ -67,7 +67,7 @@ private Institution findInternal(String key) { return result; } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "') or @securityUtils.isRecordInUsersInstitution(#key)") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') or @securityUtils.isRecordInUsersInstitution(#key)") @GetMapping(value = "/{key}/patients", produces = MediaType.APPLICATION_JSON_VALUE) public List getTreatedPatientRecords(@PathVariable("key") String key) { final Institution inst = findInternal(key); @@ -75,7 +75,7 @@ public List getTreatedPatientRecords(@PathVariable("key") Stri return recordService.findAll(constructRecordFilter("institution", key), Pageable.unpaged()).getContent(); } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @PostMapping(consumes = MediaType.APPLICATION_JSON_VALUE) @ResponseStatus(HttpStatus.CREATED) public ResponseEntity createInstitution(@RequestBody Institution institution) { @@ -88,7 +88,7 @@ public ResponseEntity createInstitution(@RequestBody Institution instituti return new ResponseEntity<>(headers, HttpStatus.CREATED); } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @PutMapping(value = "/{key}", consumes = MediaType.APPLICATION_JSON_VALUE) @ResponseStatus(HttpStatus.NO_CONTENT) public void updateInstitution(@PathVariable("key") String key, @RequestBody Institution institution) { @@ -104,7 +104,7 @@ public void updateInstitution(@PathVariable("key") String key, @RequestBody Inst } } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @DeleteMapping(value = "/{key}") @ResponseStatus(HttpStatus.NO_CONTENT) public void deleteInstitution(@PathVariable("key") String key) { diff --git a/src/main/java/cz/cvut/kbss/study/rest/OidcUserController.java b/src/main/java/cz/cvut/kbss/study/rest/OidcUserController.java index f757a2d3..85d05b22 100644 --- a/src/main/java/cz/cvut/kbss/study/rest/OidcUserController.java +++ b/src/main/java/cz/cvut/kbss/study/rest/OidcUserController.java @@ -38,14 +38,14 @@ public OidcUserController(UserService userService, InstitutionService institutio this.institutionService = institutionService; } - @PreAuthorize("hasAuthority('" + SecurityConstants.user + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_USER + "')") @GetMapping(value = "/current", produces = MediaType.APPLICATION_JSON_VALUE) public User getCurrent() { return userService.getCurrentUser(); } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "') or #username == authentication.name or " + - "hasAuthority('" + SecurityConstants.user + "') and @securityUtils.areFromSameInstitution(#username)") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') or #username == authentication.name or " + + "hasAuthority('" + SecurityConstants.ROLE_USER + "') and @securityUtils.areFromSameInstitution(#username)") @GetMapping(value = "/{username}", produces = MediaType.APPLICATION_JSON_VALUE) public User getByUsername(@PathVariable("username") String username) { final User user = userService.findByUsername(username); @@ -56,14 +56,14 @@ public User getByUsername(@PathVariable("username") String username) { } @PreAuthorize( - "hasAuthority('" + SecurityConstants.administrator + "') " + - "or hasAuthority('" + SecurityConstants.administrator + "') and @securityUtils.isMemberOfInstitution(#institutionKey)") + "hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') " + + "or hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') and @securityUtils.isMemberOfInstitution(#institutionKey)") @GetMapping(produces = MediaType.APPLICATION_JSON_VALUE) public List getUsers(@RequestParam(value = "institution", required = false) String institutionKey) { return institutionKey != null ? getByInstitution(institutionKey) : userService.findAll(); } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "') or #username == authentication.name") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') or #username == authentication.name") @PutMapping(value = "/{username}", consumes = MediaType.APPLICATION_JSON_VALUE) @ResponseStatus(HttpStatus.NO_CONTENT) public void updateUser(@PathVariable("username") String username, @RequestBody User user, diff --git a/src/main/java/cz/cvut/kbss/study/rest/PatientRecordController.java b/src/main/java/cz/cvut/kbss/study/rest/PatientRecordController.java index 632d2e03..ad216c4e 100644 --- a/src/main/java/cz/cvut/kbss/study/rest/PatientRecordController.java +++ b/src/main/java/cz/cvut/kbss/study/rest/PatientRecordController.java @@ -42,7 +42,7 @@ import java.util.stream.Stream; @RestController -@PreAuthorize("hasAuthority('" + SecurityConstants.user + "')") +@PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_USER + "')") @RequestMapping("/records") public class PatientRecordController extends BaseController { @@ -70,7 +70,7 @@ public PatientRecordController(PatientRecordService recordService, ApplicationEv this.publishRecordsService = publishRecordsService; } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "') or #institutionKey==null or @securityUtils.isMemberOfInstitution(#institutionKey)") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') or #institutionKey==null or @securityUtils.isMemberOfInstitution(#institutionKey)") @GetMapping(produces = MediaType.APPLICATION_JSON_VALUE) public List getRecords( @RequestParam(value = "institution", required = false) String institutionKey, @@ -79,7 +79,7 @@ public List getRecords( Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); boolean hasAdminRole = authentication.getAuthorities().stream() - .anyMatch(authority -> authority.getAuthority().equals(SecurityConstants.administrator)); + .anyMatch(authority -> authority.getAuthority().equals(SecurityConstants.ROLE_ADMIN)); if (!hasAdminRole && institutionKey == null) { throw new ValidationException("record.save-error.user-not-assigned-to-institution", @@ -91,7 +91,7 @@ public List getRecords( return result.getContent(); } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "') or @securityUtils.isMemberOfInstitution(#institutionKey)") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') or @securityUtils.isMemberOfInstitution(#institutionKey)") @GetMapping(value="used-record-phases", produces = MediaType.APPLICATION_JSON_VALUE) public Set getUsedRecordPhases(@RequestParam(value = "institution", required = false) String institutionKey){ return recordService.findUsedRecordPhases(); @@ -99,7 +99,7 @@ public Set getUsedRecordPhases(@RequestParam(value = "institution", @PreAuthorize( - "hasAuthority('" + SecurityConstants.administrator + "') or @securityUtils.isMemberOfInstitution(#institutionKey)") + "hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') or @securityUtils.isMemberOfInstitution(#institutionKey)") @GetMapping(value = "/export", produces = {MediaType.APPLICATION_JSON_VALUE, Constants.MEDIA_TYPE_EXCEL}) public ResponseEntity exportRecords( @RequestParam(name = "institution", required = false) String institutionKey, @@ -158,7 +158,7 @@ public ResponseEntity exportRecordsExcel(MultiValueMap createRecord(@RequestBody PatientRecord record) { } @PreAuthorize( - "hasAuthority('" + SecurityConstants.administrator + "') or @securityUtils.isMemberOfInstitution(#institutionKey)") + "hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') or @securityUtils.isMemberOfInstitution(#institutionKey)") @PostMapping(value = "/publish", produces = {MediaType.APPLICATION_JSON_VALUE}) public RecordImportResult publishRecords( @RequestParam(name = "institution", required = false) String institutionKey, diff --git a/src/main/java/cz/cvut/kbss/study/rest/RoleGroupController.java b/src/main/java/cz/cvut/kbss/study/rest/RoleGroupController.java index 494e348f..4af3e733 100644 --- a/src/main/java/cz/cvut/kbss/study/rest/RoleGroupController.java +++ b/src/main/java/cz/cvut/kbss/study/rest/RoleGroupController.java @@ -29,13 +29,13 @@ public RoleGroupController(RoleGroupService roleGroupService) { this.roleGroupService = roleGroupService; } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @GetMapping(produces = MediaType.APPLICATION_JSON_VALUE) public List getRoleGroups() { return roleGroupService.findAll(); } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @GetMapping(value = "/{name}",produces = MediaType.APPLICATION_JSON_VALUE) public RoleGroup findByName(@PathVariable("name") String name) { RoleGroup result = roleGroupService.findByName(name); diff --git a/src/main/java/cz/cvut/kbss/study/rest/StatisticsController.java b/src/main/java/cz/cvut/kbss/study/rest/StatisticsController.java index 742d0527..4a99fd35 100644 --- a/src/main/java/cz/cvut/kbss/study/rest/StatisticsController.java +++ b/src/main/java/cz/cvut/kbss/study/rest/StatisticsController.java @@ -11,7 +11,7 @@ import java.util.HashMap; import java.util.Map; -@PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") +@PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @RestController @RequestMapping("/statistics") public class StatisticsController extends BaseController { @@ -22,7 +22,7 @@ public StatisticsController(StatisticsService statisticsService) { this.statisticsService = statisticsService; } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @GetMapping(produces = MediaType.APPLICATION_JSON_VALUE) public Map getStatistics() { Map data = new HashMap<>(); diff --git a/src/main/java/cz/cvut/kbss/study/rest/UserController.java b/src/main/java/cz/cvut/kbss/study/rest/UserController.java index c94274b1..36ea699f 100644 --- a/src/main/java/cz/cvut/kbss/study/rest/UserController.java +++ b/src/main/java/cz/cvut/kbss/study/rest/UserController.java @@ -47,8 +47,8 @@ public UserController(UserService userService, InstitutionService institutionSer this.institutionService = institutionService; } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "') or #username == authentication.name or " + - "hasAuthority('" + SecurityConstants.user + "') and @securityUtils.areFromSameInstitution(#username)") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') or #username == authentication.name or " + + "hasAuthority('" + SecurityConstants.ROLE_USER + "') and @securityUtils.areFromSameInstitution(#username)") @GetMapping(value = "/{username}", produces = MediaType.APPLICATION_JSON_VALUE) public User getByUsername(@PathVariable("username") String username) { final User user = userService.findByUsername(username); @@ -58,13 +58,13 @@ public User getByUsername(@PathVariable("username") String username) { return user; } - @PreAuthorize("hasAuthority('" + SecurityConstants.user + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_USER + "')") @GetMapping(value = "/current", produces = MediaType.APPLICATION_JSON_VALUE) public User getCurrent() { return userService.getCurrentUser(); } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @PostMapping(consumes = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity create(@RequestBody User user) { userService.persist(user); @@ -77,8 +77,8 @@ public ResponseEntity create(@RequestBody User user) { } @PreAuthorize( - "hasAuthority('" + SecurityConstants.administrator + "') " + - "or hasAuthority('" + SecurityConstants.user + "') and @securityUtils.isMemberOfInstitution(#institutionKey)") + "hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') " + + "or hasAuthority('" + SecurityConstants.ROLE_USER + "') and @securityUtils.isMemberOfInstitution(#institutionKey)") @GetMapping(produces = MediaType.APPLICATION_JSON_VALUE) public List getUsers(@RequestParam(value = "institution", required = false) String institutionKey) { return institutionKey != null ? getByInstitution(institutionKey) : userService.findAll(); @@ -90,7 +90,7 @@ private List getByInstitution(String institutionKey) { return userService.findByInstitution(institution); } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @DeleteMapping(value = "/{username}") @ResponseStatus(HttpStatus.NO_CONTENT) public void removeUser(@PathVariable("username") String username) { @@ -101,7 +101,7 @@ public void removeUser(@PathVariable("username") String username) { } } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "') or #username == authentication.name") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') or #username == authentication.name") @PutMapping(value = "/{username}", consumes = MediaType.APPLICATION_JSON_VALUE) @ResponseStatus(HttpStatus.NO_CONTENT) public void updateUser(@PathVariable("username") String username, @RequestBody User user, @@ -117,7 +117,7 @@ public void updateUser(@PathVariable("username") String username, @RequestBody U } } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "') or #username == authentication.name") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "') or #username == authentication.name") @PutMapping(value = "/{username}/password-change", consumes = MediaType.APPLICATION_JSON_VALUE) @ResponseStatus(HttpStatus.NO_CONTENT) public void updatePassword(@PathVariable("username") String username, @RequestBody Map password, @@ -147,7 +147,7 @@ public void resetPassword(@RequestBody String emailAddress) { } } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @GetMapping(value = "/generate-username/{usernamePrefix}", produces = MediaType.TEXT_PLAIN_VALUE) public String generateUsername(@PathVariable(value = "usernamePrefix") String usernamePrefix) { return userService.generateUsername(usernamePrefix); @@ -173,7 +173,7 @@ public void changePasswordByToken(@RequestBody Map data) { } } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @PutMapping(value = "/send-invitation/{username}") @ResponseStatus(HttpStatus.NO_CONTENT) public void sendInvitation(@PathVariable(value = "username") String username) { @@ -188,7 +188,7 @@ public void sendInvitation(@PathVariable(value = "username") String username) { } } - @PreAuthorize("hasAuthority('" + SecurityConstants.administrator + "')") + @PreAuthorize("hasAuthority('" + SecurityConstants.ROLE_ADMIN + "')") @PostMapping(value = "/send-invitation/delete", consumes = MediaType.TEXT_PLAIN_VALUE) @ResponseStatus(HttpStatus.NO_CONTENT) public void deleteInvitationOption(@RequestBody String username) { diff --git a/src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java b/src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java index ea255f64..2beef27f 100644 --- a/src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java +++ b/src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java @@ -27,32 +27,32 @@ private SecurityConstants() { */ public static final int SESSION_TIMEOUT = 12 * 60 * 60; - public static final String user = "ROLE_USER"; + public static final String ROLE_USER = "ROLE_USER"; - public static final String administrator = "ROLE_ADMIN"; + public static final String ROLE_ADMIN = "ROLE_ADMIN"; - public static final String impersonate = "impersonate"; + public static final String impersonate = "rm-impersonate"; - public static final String deleteAllRecords = "delete-all-records"; + public static final String deleteAllRecords = "rm-delete-all-records"; - public static final String viewAllRecords = "view-all-records"; + public static final String viewAllRecords = "rm-view-all-records"; - public static final String editAllRecords = "edit-all-records"; + public static final String editAllRecords = "rm-edit-all-records"; - public static final String deleteOrganizationRecords = "delete-organization-records"; + public static final String deleteOrganizationRecords = "rm-delete-organization-records"; - public static final String viewOrganizationRecords = "view-organization-records"; + public static final String viewOrganizationRecords = "rm-view-organization-records"; - public static final String editOrganizationRecords = "edit-organization-records"; + public static final String editOrganizationRecords = "rm-edit-organization-records"; - public static final String editUsers = "edit-users"; + public static final String editUsers = "rm-edit-users"; - public static final String completeRecords = "complete-records"; + public static final String completeRecords = "rm-complete-records"; - public static final String rejectRecords = "reject-records"; + public static final String rejectRecords = "rm-reject-records"; - public static final String publishRecords = "publish-records"; + public static final String publishRecords = "rm-publish-records"; - public static final String importCodelists = "import-codelists"; + public static final String importCodelists = "rm-import-codelists"; } diff --git a/src/test/java/cz/cvut/kbss/study/model/RoleTest.java b/src/test/java/cz/cvut/kbss/study/model/RoleTest.java index e48a9985..2346223a 100644 --- a/src/test/java/cz/cvut/kbss/study/model/RoleTest.java +++ b/src/test/java/cz/cvut/kbss/study/model/RoleTest.java @@ -24,13 +24,13 @@ void fromIriThrowsExceptionForUnknownIri() { @Test void fromNameReturnsCorrectRole() { - assertEquals(Role.administrator, Role.fromName(SecurityConstants.administrator)); + assertEquals(Role.administrator, Role.fromName(SecurityConstants.ROLE_ADMIN)); assertEquals(Role.viewAllRecords, Role.fromName(SecurityConstants.viewAllRecords)); } @Test void fromNameIsCaseInsensitive() { - assertEquals(Role.administrator, Role.fromName(SecurityConstants.administrator.toLowerCase())); + assertEquals(Role.administrator, Role.fromName(SecurityConstants.ROLE_ADMIN.toLowerCase())); assertEquals(Role.viewAllRecords, Role.fromName(SecurityConstants.viewAllRecords.toUpperCase())); } @@ -52,13 +52,13 @@ void fromIriOrNameReturnsRoleByIri() { @Test void fromIriOrNameReturnsRoleByName() { - assertEquals(Role.administrator, Role.fromIriOrName(SecurityConstants.administrator)); + assertEquals(Role.administrator, Role.fromIriOrName(SecurityConstants.ROLE_ADMIN)); assertEquals(Role.viewAllRecords, Role.fromIriOrName(SecurityConstants.viewAllRecords)); } @Test void fromIriOrNameIsCaseInsensitiveForName() { - assertEquals(Role.administrator, Role.fromIriOrName(SecurityConstants.administrator.toLowerCase())); + assertEquals(Role.administrator, Role.fromIriOrName(SecurityConstants.ROLE_ADMIN.toLowerCase())); } @Test diff --git a/src/test/java/cz/cvut/kbss/study/service/security/SecurityUtilsTest.java b/src/test/java/cz/cvut/kbss/study/service/security/SecurityUtilsTest.java index 00c37805..8709e87a 100644 --- a/src/test/java/cz/cvut/kbss/study/service/security/SecurityUtilsTest.java +++ b/src/test/java/cz/cvut/kbss/study/service/security/SecurityUtilsTest.java @@ -7,7 +7,6 @@ import cz.cvut.kbss.study.model.Role; import cz.cvut.kbss.study.model.RoleGroup; import cz.cvut.kbss.study.model.User; -import cz.cvut.kbss.study.model.Vocabulary; import cz.cvut.kbss.study.persistence.dao.PatientRecordDao; import cz.cvut.kbss.study.persistence.dao.UserDao; import cz.cvut.kbss.study.security.SecurityConstants; @@ -93,7 +92,7 @@ void getCurrentUserRetrievesCurrentUserForOauthJwtAccessToken() { final Jwt token = Jwt.withTokenValue("abcdef12345") .header("alg", "RS256") .header("typ", "JWT") - .claim("roles", List.of(SecurityConstants.user)) + .claim("roles", List.of(SecurityConstants.ROLE_USER)) .issuer("http://localhost:8080/termit") .subject(USERNAME) .claim("preferred_username", USERNAME) @@ -179,7 +178,7 @@ void getCurrentUserEnhancesRetrievedUserWithTypesCorrespondingToRolesSpecifiedIn final Jwt token = Jwt.withTokenValue("abcdef12345") .header("alg", "RS256") .header("typ", "JWT") - .claim("roles", List.of(SecurityConstants.administrator)) + .claim("roles", List.of(SecurityConstants.ROLE_ADMIN)) .issuer("http://localhost:8080/termit") .subject(USERNAME) .claim("preferred_username", USERNAME) diff --git a/src/test/java/cz/cvut/kbss/study/util/oidc/OidcGrantedAuthoritiesExtractorTest.java b/src/test/java/cz/cvut/kbss/study/util/oidc/OidcGrantedAuthoritiesExtractorTest.java index da906cee..881a3320 100644 --- a/src/test/java/cz/cvut/kbss/study/util/oidc/OidcGrantedAuthoritiesExtractorTest.java +++ b/src/test/java/cz/cvut/kbss/study/util/oidc/OidcGrantedAuthoritiesExtractorTest.java @@ -30,7 +30,7 @@ class OidcGrantedAuthoritiesExtractorTest { @Test void convertMapsTopLevelClaimWithRolesToGrantedAuthorities() { when(config.getConfig(ConfigParam.OIDC_ROLE_CLAIM)).thenReturn("roles"); - final List roles = List.of(SecurityConstants.administrator, SecurityConstants.user); + final List roles = List.of(SecurityConstants.ROLE_ADMIN, SecurityConstants.ROLE_USER); final Jwt token = Jwt.withTokenValue("abcdef12345") .header("alg", "RS256") .header("typ", "JWT") @@ -51,7 +51,7 @@ void convertMapsTopLevelClaimWithRolesToGrantedAuthorities() { @Test void convertSupportsNestedRolesClaim() { when(config.getConfig(ConfigParam.OIDC_ROLE_CLAIM)).thenReturn("realm_access.roles"); - final List roles = List.of(SecurityConstants.administrator, SecurityConstants.user); + final List roles = List.of(SecurityConstants.ROLE_ADMIN, SecurityConstants.ROLE_USER); final Jwt token = Jwt.withTokenValue("abcdef12345") .header("alg", "RS256") .header("typ", "JWT") @@ -91,7 +91,7 @@ void convertThrowsIllegalArgumentExceptionWhenNestedRolesClaimIsNotList() { final Jwt token = Jwt.withTokenValue("abcdef12345") .header("alg", "RS256") .header("typ", "JWT") - .claim("realm_access", Map.of("roles", Map.of("notlist", SecurityConstants.user))) + .claim("realm_access", Map.of("roles", Map.of("notlist", SecurityConstants.ROLE_USER))) .issuer("http://localhost:8080/termit") .subject("termit") .expiresAt(Instant.now().truncatedTo(ChronoUnit.SECONDS).plusSeconds(300))