From 5c84bf4d1ed91e7bac15c9635c841254e0a52668 Mon Sep 17 00:00:00 2001 From: Daniil Palagin Date: Tue, 17 Sep 2024 12:44:43 +0200 Subject: [PATCH] [kbss-cvut/record-manager-ui#202] Implement Roles and permission --- .../cz/cvut/kbss/study/model/Permission.java | 106 +++++++++++++ .../java/cz/cvut/kbss/study/model/Role.java | 26 ++++ .../java/cz/cvut/kbss/study/model/User.java | 54 +++---- src/main/resources/model.ttl | 143 +++++------------- 4 files changed, 193 insertions(+), 136 deletions(-) create mode 100644 src/main/java/cz/cvut/kbss/study/model/Permission.java create mode 100644 src/main/java/cz/cvut/kbss/study/model/Role.java diff --git a/src/main/java/cz/cvut/kbss/study/model/Permission.java b/src/main/java/cz/cvut/kbss/study/model/Permission.java new file mode 100644 index 00000000..aa872c38 --- /dev/null +++ b/src/main/java/cz/cvut/kbss/study/model/Permission.java @@ -0,0 +1,106 @@ +package cz.cvut.kbss.study.model; + + +import cz.cvut.kbss.jopa.model.annotations.Individual; +import lombok.Getter; + +@Getter +public enum Permission { + + @Individual(iri=Vocabulary.s_i_delete_all_records_permission) + deleteAllRecords(Vocabulary.s_i_delete_all_records_permission), + + @Individual(iri=Vocabulary.s_i_view_all_records_permission) + viewAllRecords(Vocabulary.s_i_view_all_records_permission), + + @Individual(iri=Vocabulary.s_i_edit_all_records_permission) + editAllRecords(Vocabulary.s_i_edit_all_records_permission), + + @Individual(iri=Vocabulary.s_i_delete_organization_records_permission) + deleteOrganizationRecords(Vocabulary.s_i_delete_organization_records_permission), + + @Individual(iri=Vocabulary.s_i_view_organization_records_permission) + viewOrganizationRecords(Vocabulary.s_i_view_organization_records_permission), + + @Individual(iri=Vocabulary.s_i_edit_organization_records_permission) + editOrganizationRecords(Vocabulary.s_i_edit_organization_records_permission), + + @Individual(iri=Vocabulary.s_i_edit_users_permission) + editUsers(Vocabulary.s_i_edit_users_permission), + + @Individual(iri=Vocabulary.s_i_complete_records_permission) + completeRecords(Vocabulary.s_i_complete_records_permission), + + @Individual(iri=Vocabulary.s_i_reject_records_permission) + rejectRecords(Vocabulary.s_i_reject_records_permission), + + @Individual(iri=Vocabulary.s_i_publish_records_permission) + publishRecords(Vocabulary.s_i_publish_records_permission), + + @Individual(iri=Vocabulary.s_i_import_codelists_permission) + importCodelists(Vocabulary.s_i_import_codelists_permission); + + private final String iri; + + + Permission(String iri) { + this.iri = iri; + } + + public String getIri() { + return iri; + } + + + /** + * Returns {@link Permission} with the specified IRI. + * + * @param iri permission identifier + * @return matching {@code Permission} + * @throws IllegalArgumentException When no matching permission is found + */ + public static Permission fromIri(String iri) { + for (Permission p : values()) { + if (p.getIri().equals(iri)) { + return p; + } + } + throw new IllegalArgumentException("Unknown permission identifier '" + iri + "'."); + } + + + /** + * Returns {@link Permission} with the specified constant name. + * + * @param name permission name + * @return matching {@code Permission} + * @throws IllegalArgumentException When no matching permission is found + */ + public static Permission fromName(String name) { + for (Permission p : values()) { + if (p.name().equalsIgnoreCase(name)) { + return p; + } + } + throw new IllegalArgumentException("Unknown permission '" + name + "'."); + } + + + /** + * Returns a {@link Permission} with the specified IRI or constant name. + *

+ * This function first tries to find the enum constant by IRI. If it is not found, constant name matching is + * attempted. + * + * @param identification Constant IRI or name to find match by + * @return matching {@code Permission} + * @throws IllegalArgumentException When no matching permission is found + */ + public static Permission fromIriOrName(String identification) { + try { + return fromIri(identification); + } catch (IllegalArgumentException e) { + return fromName(identification); + } + } +} diff --git a/src/main/java/cz/cvut/kbss/study/model/Role.java b/src/main/java/cz/cvut/kbss/study/model/Role.java new file mode 100644 index 00000000..ba75368d --- /dev/null +++ b/src/main/java/cz/cvut/kbss/study/model/Role.java @@ -0,0 +1,26 @@ +package cz.cvut.kbss.study.model; + +import cz.cvut.kbss.jopa.model.annotations.Id; +import cz.cvut.kbss.jopa.model.annotations.OWLClass; +import cz.cvut.kbss.jopa.model.annotations.OWLDataProperty; +import cz.cvut.kbss.jopa.model.annotations.OWLObjectProperty; +import lombok.Getter; +import lombok.Setter; + +import java.net.URI; +import java.util.Set; + +@OWLClass(iri = Vocabulary.s_c_role) +@Getter +@Setter +public class Role { + + @Id + private URI uri; + + @OWLDataProperty(iri = Vocabulary.s_p_roleName) + private String roleName; + + @OWLObjectProperty(iri = Vocabulary.s_p_has_permission) + private Set permission; +} diff --git a/src/main/java/cz/cvut/kbss/study/model/User.java b/src/main/java/cz/cvut/kbss/study/model/User.java index 31cff563..315e85e0 100644 --- a/src/main/java/cz/cvut/kbss/study/model/User.java +++ b/src/main/java/cz/cvut/kbss/study/model/User.java @@ -7,22 +7,23 @@ import cz.cvut.kbss.jopa.model.annotations.OWLDataProperty; import cz.cvut.kbss.jopa.model.annotations.OWLObjectProperty; import cz.cvut.kbss.jopa.model.annotations.ParticipationConstraints; -import cz.cvut.kbss.jopa.model.annotations.Types; import cz.cvut.kbss.study.model.util.HasDerivableUri; import cz.cvut.kbss.study.util.Constants; import cz.cvut.kbss.study.util.IdentificationUtils; +import lombok.Getter; +import lombok.Setter; import org.springframework.security.crypto.password.PasswordEncoder; - import java.io.Serializable; import java.io.UnsupportedEncodingException; import java.net.URI; import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.util.Date; -import java.util.HashSet; -import java.util.Set; + @OWLClass(iri = Vocabulary.s_c_Person) +@Getter +@Setter public class User implements HasDerivableUri, Serializable { @Id @@ -61,23 +62,12 @@ public class User implements HasDerivableUri, Serializable { @OWLObjectProperty(iri = Vocabulary.s_p_is_member_of, fetch = FetchType.EAGER) private Institution institution; - @OWLObjectProperty(iri = Vocabulary.s_p_has_role_group) - private String roleGroup; - @OWLObjectProperty(iri = Vocabulary.s_p_has_role) - private Set types; + private Role role; - public String getRoleGroup() { - return roleGroup; - } - - public void setRoleGroup(String roleGroup) { - this.roleGroup = roleGroup; - } public User() { - this.types = new HashSet<>(); - types.add(Vocabulary.s_i_user); + } @Override @@ -148,18 +138,6 @@ public void setInstitution(Institution institution) { this.institution = institution; } - public Set getTypes() { - return types; - } - - public void setTypes(Set types) { - this.types = types; - } - - public void addType(String type) { - assert types != null; - getTypes().add(type); - } /** * Returns true if this user is an admin. @@ -168,10 +146,10 @@ public void addType(String type) { * * @return {@code true} if this is admin, {@code false} otherwise */ - public boolean isAdmin() { - assert types != null; - return getTypes().contains(Vocabulary.s_i_administrator); - } +// public boolean isAdmin() { +// assert types != null; +// return getTypes().contains(Vocabulary.s_i_administrator); +// } public String getToken() { return token; @@ -189,6 +167,14 @@ public void setIsInvited(Boolean isInvited) { this.isInvited = isInvited; } + public void setRole(Role role){ + this.role = role; + } + + public Role getRole(){ + return role; + } + /** * Encodes password of this person. * @@ -227,7 +213,7 @@ public User copy() { copy.setInstitution(institution); copy.setIsInvited(isInvited); copy.setToken(token); - copy.setRoleGroup(roleGroup); + copy.setRole(role); return copy; } diff --git a/src/main/resources/model.ttl b/src/main/resources/model.ttl index 379afa38..47bc17b6 100644 --- a/src/main/resources/model.ttl +++ b/src/main/resources/model.ttl @@ -83,10 +83,10 @@ rm:has-phase rdf:type owl:ObjectProperty ; rdfs:subPropertyOf rdf:type ; rdfs:label "has phase"@en . -### http://onto.fel.cvut.cz/ontologies/record-manager/has-role-group -rm:has-role-group rdf:type owl:ObjectProperty ; +### http://onto.fel.cvut.cz/ontologies/record-manager/has-permission +rm:has-permission rdf:type owl:ObjectProperty ; rdfs:subPropertyOf rm:relates-to; - rdfs:label "has role group"@en. + rdfs:label "has permission"@en. ### http://onto.fel.cvut.cz/ontologies/record-manager/has-role rm:has-role rdf:type owl:ObjectProperty ; @@ -136,10 +136,11 @@ rm:token rdf:type owl:DatatypeProperty . ### http://xmlns.com/foaf/0.1/firstName rdf:type owl:DatatypeProperty . - ### http://xmlns.com/foaf/0.1/lastName rdf:type owl:DatatypeProperty . +### http://xmlns.com/foaf/0.1/roleName + rdf:type owl:DatatypeProperty . ### http://xmlns.com/foaf/0.1/mbox rdf:type owl:DatatypeProperty . @@ -205,118 +206,56 @@ rm:role rdf:type owl:Class; rdfs:label "user role"@en . ### http://onto.fel.cvut.cz/ontologies/record-manager/role-group -rm:role-group rdf:type owl:Class; - rdfs:label "user role group" . - - -################################################################# -# Groups -################################################################# - -### http://onto.fel.cvut.cz/ontologies/record-manager/operator-role-group -rm:operator-role-group rdf:type owl:NamedIndividual, rm:role-group; - rm:has-role rm:user, - rm:complete-records-role; - rdfs:label "operator role group"@en . - -### http://onto.fel.cvut.cz/ontologies/record-manager/operator-admin-role-group -rm:operator-admin-role-group rdf:type owl:NamedIndividual, rm:role-group ; - rm:has-role - rm:user, - rm:administrator, - rm:complete-records-role , - rm:delete-organization-records-role , - rm:edit-organization-records-role , - rm:view-organization-records-role , - rm:edit-users-role , - rm:import-codelists-role , - rm:publish-records-role , - rm:reject-records-role ; - rdfs:label "operator-admin role group"@en . - -### http://onto.fel.cvut.cz/ontologies/record-manager/supplier-role-group -rm:supplier-role-group rdf:type owl:NamedIndividual, rm:role-group ; - rm:has-role rm:user, - rm:complete-records-role ; - rdfs:label "supplier role group"@en . - -### http://onto.fel.cvut.cz/ontologies/record-manager/operator-admin-role-group -rm:supplier-admin-role-group rdf:type owl:NamedIndividual, rm:role-group; - rm:has-role rm:user, - rm:administrator, - rm:complete-records-role , - rm:delete-organization-records-role , - rm:edit-organization-records-role , - rm:view-organization-records-role , - rm:edit-users-role , - rm:import-codelists-role , - rm:reject-records-role , - rm:delete-all-records-role , - rm:edit-all-records-role , - rm:view-all-records-role ; - rdfs:label "supplier-admin role group"@en . - -### http://onto.fel.cvut.cz/ontologies/record-manager/external-user-role-group -rm:external-user-role-group rdf:type owl:NamedIndividual, rm:role-group; - rm:has-role rm:user, - rm:complete-records-role; - rdfs:label "external user role group"@en . +rm:permission rdf:type owl:Class; + rdfs:label "role permission" . ################################################################# -# Roles +# Permissions ################################################################# -### http://onto.fel.cvut.cz/ontologies/record-manager/administrator -rm:administrator rdf:type owl:NamedIndividual, rm:role ; - rdfs:label "administrator"@en . - -### http://onto.fel.cvut.cz/ontologies/record-manager/user -rm:user rdf:type owl:NamedIndividual, rm:role ; - rdfs:label "user"@en . - -### http://onto.fel.cvut.cz/ontologies/record-manager/complete-records-role -rm:complete-records-role rdf:type owl:NamedIndividual, rm:role ; - rdfs:label "complete records role"@en . +### http://onto.fel.cvut.cz/ontologies/record-manager/complete-records-permission +rm:complete-records-permission rdf:type owl:NamedIndividual, rm:permission ; + rdfs:label "complete records permission"@en . -### http://onto.fel.cvut.cz/ontologies/record-manager/delete-all-records-role -rm:delete-all-records-role rdf:type owl:NamedIndividual, rm:role ; - rdfs:label "delete all records role"@en . +### http://onto.fel.cvut.cz/ontologies/record-manager/delete-all-records-permission +rm:delete-all-records-permission rdf:type owl:NamedIndividual, rm:permission ; + rdfs:label "delete all records permission"@en . -### http://onto.fel.cvut.cz/ontologies/record-manager/edit-all-records-role -rm:edit-all-records-role rdf:type owl:NamedIndividual, rm:role ; - rdfs:label "edit all records role"@en . +### http://onto.fel.cvut.cz/ontologies/record-manager/edit-all-records-permission +rm:edit-all-records-permission rdf:type owl:NamedIndividual, rm:permission ; + rdfs:label "edit all records permission"@en . -### http://onto.fel.cvut.cz/ontologies/record-manager/view-all-records-role -rm:view-all-records-role rdf:type owl:NamedIndividual, rm:role ; - rdfs:label "view all records role"@en . +### http://onto.fel.cvut.cz/ontologies/record-manager/view-all-records-permission +rm:view-all-records-permission rdf:type owl:NamedIndividual, rm:permission ; + rdfs:label "view all records permission"@en . -### http://onto.fel.cvut.cz/ontologies/record-manager/delete-organization-records-role -rm:delete-organization-records-role rdf:type owl:NamedIndividual, rm:role ; - rdfs:label "delete organization records role"@en . +### http://onto.fel.cvut.cz/ontologies/record-manager/delete-organization-records-permission +rm:delete-organization-records-permission rdf:type owl:NamedIndividual, rm:permission ; + rdfs:label "delete organization records permission"@en . -### http://onto.fel.cvut.cz/ontologies/record-manager/edit-organization-records-role -rm:edit-organization-records-role rdf:type owl:NamedIndividual, rm:role; - rdfs:label "edit organization records role"@en . +### http://onto.fel.cvut.cz/ontologies/record-manager/edit-organization-records-permission +rm:edit-organization-records-permission rdf:type owl:NamedIndividual, rm:permission; + rdfs:label "edit organization records permission"@en . -### http://onto.fel.cvut.cz/ontologies/record-manager/view-organization-records-role -rm:view-organization-records-role rdf:type owl:NamedIndividual, rm:role; - rdfs:label "view organization records role"@en . +### http://onto.fel.cvut.cz/ontologies/record-manager/view-organization-records-permission +rm:view-organization-records-permission rdf:type owl:NamedIndividual, rm:permission; + rdfs:label "view organization records permission"@en . -### http://onto.fel.cvut.cz/ontologies/record-manager/edit-users-role -rm:edit-users-role rdf:type owl:NamedIndividual, rm:role; - rdfs:label "edit users role"@en . +### http://onto.fel.cvut.cz/ontologies/record-manager/edit-users-permission +rm:edit-users-permission rdf:type owl:NamedIndividual, rm:permission; + rdfs:label "edit users permission"@en . -### http://onto.fel.cvut.cz/ontologies/record-manager/import-codelists-role -rm:import-codelists-role rdf:type owl:NamedIndividual, rm:role; - rdfs:label "import codelists role"@en . +### http://onto.fel.cvut.cz/ontologies/record-manager/import-codelists-permission +rm:import-codelists-permission rdf:type owl:NamedIndividual, rm:permission; + rdfs:label "import codelists permission"@en . -### http://onto.fel.cvut.cz/ontologies/record-manager/publish-records-role -rm:publish-records-role rdf:type owl:NamedIndividual, rm:role; - rdfs:label "publish records role"@en . +### http://onto.fel.cvut.cz/ontologies/record-manager/publish-records-permission +rm:publish-records-permission rdf:type owl:NamedIndividual, rm:permission; + rdfs:label "publish records permission"@en . -### http://onto.fel.cvut.cz/ontologies/record-manager/reject-records-role -rm:reject-records-role rdf:type owl:NamedIndividual, rm:role; - rdfs:label "reject records role"@en . +### http://onto.fel.cvut.cz/ontologies/record-manager/reject-records-permission +rm:reject-records-permission rdf:type owl:NamedIndividual, rm:permission; + rdfs:label "reject records permission"@en . ### Generated by the OWL API (version 4.2.8.20170104-2310) https://github.com/owlcs/owlapi \ No newline at end of file