Skip to content

Commit

Permalink
[kbss-cvut/record-manager-ui#202] Refactor roles names
Browse files Browse the repository at this point in the history
  • Loading branch information
palagdan authored and blcham committed Dec 10, 2024
1 parent 2752833 commit fea4ef1
Show file tree
Hide file tree
Showing 11 changed files with 61 additions and 67 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ public SecurityFilterChain filterChain(HttpSecurity http, ConfigReader config,
LOG.debug("Using internal security mechanisms.");
final AuthenticationManager authManager = buildAuthenticationManager(http);
http.authorizeHttpRequests(
(auth) -> auth.requestMatchers("/rest/users/impersonate").hasAuthority(Role.administrator.name())
(auth) -> auth.requestMatchers("/rest/users/impersonate").hasAuthority(Role.administrator.getRoleName())
.anyRequest().permitAll())
.cors((auth) -> auth.configurationSource(corsConfigurationSource(config)))
.csrf(AbstractHttpConfigurer::disable)
Expand Down
48 changes: 27 additions & 21 deletions src/main/java/cz/cvut/kbss/study/model/Role.java
Original file line number Diff line number Diff line change
@@ -1,61 +1,67 @@
package cz.cvut.kbss.study.model;

import com.fasterxml.jackson.annotation.JsonValue;
import cz.cvut.kbss.jopa.model.annotations.Individual;
import java.util.Optional;
import org.apache.poi.ss.formula.atp.Switch;
import cz.cvut.kbss.study.security.SecurityConstants;

public enum Role {

// TODO deprecated -- should be removed.
@Individual(iri=Vocabulary.s_i_administrator)
administrator(Vocabulary.s_i_administrator),
@Individual(iri=Vocabulary.s_i_RM_ADMIN)
administrator(SecurityConstants.administrator, Vocabulary.s_i_RM_ADMIN),
// TODO deprecated -- should be removed.
@Individual(iri = Vocabulary.s_i_user)
user(Vocabulary.s_i_user),
@Individual(iri = Vocabulary.s_i_RM_USER)
user(SecurityConstants.user, Vocabulary.s_i_RM_USER),

@Individual(iri = Vocabulary.s_i_impersonate_role)
impersonate(Vocabulary.s_i_impersonate_role),
impersonate(SecurityConstants.impersonate, Vocabulary.s_i_impersonate_role),

@Individual(iri = Vocabulary.s_i_delete_all_records_role)
deleteAllRecords(Vocabulary.s_i_delete_all_records_role),
deleteAllRecords(SecurityConstants.deleteAllRecords, Vocabulary.s_i_delete_all_records_role),

@Individual(iri = Vocabulary.s_i_view_all_records_role)
viewAllRecords(Vocabulary.s_i_view_all_records_role),
viewAllRecords(SecurityConstants.viewAllRecords, Vocabulary.s_i_view_all_records_role),

@Individual(iri = Vocabulary.s_i_edit_all_records_role)
editAllRecords(Vocabulary.s_i_edit_all_records_role),
editAllRecords(SecurityConstants.editAllRecords, Vocabulary.s_i_edit_all_records_role),

@Individual(iri = Vocabulary.s_i_delete_organization_records_role)
deleteOrganizationRecords(Vocabulary.s_i_delete_organization_records_role),
deleteOrganizationRecords(SecurityConstants.deleteOrganizationRecords, Vocabulary.s_i_delete_organization_records_role),

@Individual(iri = Vocabulary.s_i_view_organization_records_role)
viewOrganizationRecords(Vocabulary.s_i_view_organization_records_role),
viewOrganizationRecords(SecurityConstants.viewOrganizationRecords, Vocabulary.s_i_view_organization_records_role),

@Individual(iri = Vocabulary.s_i_edit_organization_records_role)
editOrganizationRecords(Vocabulary.s_i_edit_organization_records_role),
editOrganizationRecords(SecurityConstants.editOrganizationRecords, Vocabulary.s_i_edit_organization_records_role),

@Individual(iri = Vocabulary.s_i_edit_users_role)
editUsers(Vocabulary.s_i_edit_users_role),
editUsers(SecurityConstants.editUsers, Vocabulary.s_i_edit_users_role),

@Individual(iri = Vocabulary.s_i_complete_records_role)
completeRecords(Vocabulary.s_i_complete_records_role),
completeRecords(SecurityConstants.completeRecords, Vocabulary.s_i_complete_records_role),

@Individual(iri = Vocabulary.s_i_reject_records_role)
rejectRecords(Vocabulary.s_i_reject_records_role),
rejectRecords(SecurityConstants.rejectRecords, Vocabulary.s_i_reject_records_role),

@Individual(iri = Vocabulary.s_i_publish_records_role)
publishRecords(Vocabulary.s_i_publish_records_role),
publishRecords(SecurityConstants.publishRecords ,Vocabulary.s_i_publish_records_role),

@Individual(iri = Vocabulary.s_i_import_codelists_role)
importCodelists(Vocabulary.s_i_import_codelists_role);
importCodelists(SecurityConstants.importCodelists, Vocabulary.s_i_import_codelists_role);

private final String iri;

Role(String iri) {
public final String roleName;

Role(String roleName, String iri) {
this.iri = iri;
this.roleName = roleName;
}


@JsonValue
public String getRoleName(){
return roleName;
}

public String getIri() {
return iri;
Expand Down Expand Up @@ -86,7 +92,7 @@ public static Role fromIri(String iri) {
*/
public static Role fromName(String name) {
for (Role r : values()) {
if (r.name().equalsIgnoreCase(name)) {
if (r.roleName.equalsIgnoreCase(name)) {
return r;
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/cz/cvut/kbss/study/model/RoleGroup.java
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ public void setRoles(Set<Role> roles) {
}

public void generateUri() {
this.uri = URI.create(Constants.BASE_URI + "sdfsf");
this.uri = URI.create(Constants.BASE_URI + name);
}

@Override
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/cz/cvut/kbss/study/model/User.java
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public class User implements HasDerivableUri, Serializable {
@OWLObjectProperty(iri = Vocabulary.s_p_is_member_of, fetch = FetchType.EAGER)
private Institution institution;

@OWLObjectProperty(iri = Vocabulary.s_p_has_role_group)
@OWLObjectProperty(iri = Vocabulary.s_p_has_role_group, fetch = FetchType.EAGER)
private RoleGroup roleGroup;

public User() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ public int getNumberOfInvestigators() {
.setParameter("typeUser", URI.create(Vocabulary.s_c_Person))
.setParameter("hasRoleGroup", URI.create(Vocabulary.s_p_has_role_group))
.setParameter("hasRole", URI.create(Vocabulary.s_p_has_role))
.setParameter("typeAdmin", URI.create(Vocabulary.s_i_administrator)).getSingleResult()
.setParameter("typeAdmin", URI.create(Vocabulary.s_i_RM_ADMIN)).getSingleResult()
).intValue();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ public class CustomSwitchUserFilter extends SwitchUserFilter {
@Override
protected Authentication attemptSwitchUser(HttpServletRequest request) throws AuthenticationException {
final Authentication switchTo = super.attemptSwitchUser(request);
if (switchTo.getAuthorities().stream().anyMatch(a -> Role.administrator.name().equals(a.getAuthority()))) {
if (switchTo.getAuthorities().stream().anyMatch(a -> Role.administrator.getRoleName().equals(a.getAuthority()))) {
throw new BadRequestException("Cannot impersonate admin.");
}
return switchTo;
Expand Down
26 changes: 13 additions & 13 deletions src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java
Original file line number Diff line number Diff line change
Expand Up @@ -27,32 +27,32 @@ private SecurityConstants() {
*/
public static final int SESSION_TIMEOUT = 12 * 60 * 60;

public static final String user = "user";
public static final String user = "ROLE_USER";

public static final String administrator = "administrator";
public static final String administrator = "ROLE_ADMIN";

public static final String impersonate = "impersonate";

public static final String deleteAllRecords = "deleteAllRecords";
public static final String deleteAllRecords = "delete-all-records";

public static final String viewAllRecords = "viewAllRecords";
public static final String viewAllRecords = "view-all-records";

public static final String editAllRecords = "editAllRecords";
public static final String editAllRecords = "edit-all-records";

public static final String deleteOrganizationRecords = "deleteOrganizationRecords";
public static final String deleteOrganizationRecords = "delete-organization-records";

public static final String viewOrganizationRecords = "viewOrganizationRecords";
public static final String viewOrganizationRecords = "view-organization-records";

public static final String editOrganizationRecords = "editOrganizationRecords";
public static final String editOrganizationRecords = "edit-organization-records";

public static final String editUsers = "editUsers";
public static final String editUsers = "edit-users";

public static final String completeRecords = "completeRecords";
public static final String completeRecords = "complete-records";

public static final String rejectRecords = "rejectRecords";
public static final String rejectRecords = "reject-records";

public static final String publishRecords = "publishRecords";
public static final String publishRecords = "publish-records";

public static final String importCodelists = "importCodelists";
public static final String importCodelists = "import-codelists";

}
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ public UserDetails(User user, Collection<GrantedAuthority> authorities) {
private void resolveRoles() {
authorities.addAll(
user.getRoleGroup().getRoles().stream()
.map(r -> new SimpleGrantedAuthority(r.name()))
.map(r -> new SimpleGrantedAuthority(r.getRoleName()))
.toList());
authorities.add(new SimpleGrantedAuthority(Role.user.name()));
}
Expand Down
22 changes: 5 additions & 17 deletions src/main/resources/model.ttl
Original file line number Diff line number Diff line change
Expand Up @@ -66,10 +66,6 @@ rm:has-question rdf:type owl:ObjectProperty ;
rm:is-member-of rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rm:relates-to .

### http://onto.fel.cvut.cz/ontologies/record-manager/role-group
rm:role-group rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rm:relates-to .


### http://onto.fel.cvut.cz/ontologies/record-manager/relates-to
rm:relates-to rdf:type owl:ObjectProperty .
Expand All @@ -79,16 +75,19 @@ rm:relates-to rdf:type owl:ObjectProperty .
rm:was-treated-at rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rm:relates-to .


### http://onto.fel.cvut.cz/ontologies/record-manager/has-phase
rm:has-phase rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rdf:type ;
rdfs:label "has phase"@en .


### http://onto.fel.cvut.cz/ontologies/record-manager/has-role-group
rm:has-role-group rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rm:relates-to;
rdfs:label "has role group"@en.


### http://onto.fel.cvut.cz/ontologies/record-manager/has-role
rm:has-role rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rm:relates-to;
Expand Down Expand Up @@ -156,17 +155,6 @@ rm:reject-reason rdf:type owl:DatatypeProperty .
rm:action-history rdf:type owl:Class ;
rdfs:label "ActionHistory"@en .


### http://onto.fel.cvut.cz/ontologies/record-manager/administrator-role-group
rm:administrator-role-group rdf:type owl:Class ;
rdfs:label "Administrator"@en .


### http://onto.fel.cvut.cz/ontologies/record-manager/doctor-role-group
rm:doctor-role-group rdf:type owl:Class ;
rdfs:label "Doctor"@en .


### http://onto.fel.cvut.cz/ontologies/record-manager/institution
rm:institution rdf:type owl:Class ;
rdfs:label "Institution"@en .
Expand Down Expand Up @@ -229,12 +217,12 @@ rm:role-group rdf:type owl:Class;

### http://onto.fel.cvut.cz/ontologies/record-manager/administrator
### TODO deprecated
rm:administrator rdf:type owl:NamedIndividual, rm:role ;
rm:RM_ADMIN rdf:type owl:NamedIndividual, rm:role ;
rdfs:label "administrator"@en .

### http://onto.fel.cvut.cz/ontologies/record-manager/user
### TODO deprecated
rm:user rdf:type owl:NamedIndividual, rm:role ;
rm:RM_USER rdf:type owl:NamedIndividual, rm:role ;
rdfs:label "user"@en .

### http://onto.fel.cvut.cz/ontologies/record-manager/complete-records-role
Expand Down
19 changes: 10 additions & 9 deletions src/test/java/cz/cvut/kbss/study/model/RoleTest.java
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
package cz.cvut.kbss.study.model;

import cz.cvut.kbss.study.security.SecurityConstants;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;

class RoleTest {

@Test
void fromIriReturnsCorrectRole() {
assertEquals(Role.administrator, Role.fromIri(Vocabulary.s_i_administrator));
assertEquals(Role.administrator, Role.fromIri(Vocabulary.s_i_RM_ADMIN));
assertEquals(Role.viewAllRecords, Role.fromIri(Vocabulary.s_i_view_all_records_role));
}

Expand All @@ -23,14 +24,14 @@ void fromIriThrowsExceptionForUnknownIri() {

@Test
void fromNameReturnsCorrectRole() {
assertEquals(Role.administrator, Role.fromName("administrator"));
assertEquals(Role.viewAllRecords, Role.fromName("viewAllRecords"));
assertEquals(Role.administrator, Role.fromName(SecurityConstants.administrator));
assertEquals(Role.viewAllRecords, Role.fromName(SecurityConstants.viewAllRecords));
}

@Test
void fromNameIsCaseInsensitive() {
assertEquals(Role.administrator, Role.fromName("ADMINISTRATOR"));
assertEquals(Role.viewAllRecords, Role.fromName("VIEWALLRECORDS"));
assertEquals(Role.administrator, Role.fromName(SecurityConstants.administrator.toLowerCase()));
assertEquals(Role.viewAllRecords, Role.fromName(SecurityConstants.viewAllRecords.toUpperCase()));
}

@Test
Expand All @@ -45,19 +46,19 @@ void fromNameThrowsExceptionForUnknownName() {

@Test
void fromIriOrNameReturnsRoleByIri() {
assertEquals(Role.administrator, Role.fromIriOrName(Vocabulary.s_i_administrator));
assertEquals(Role.administrator, Role.fromIriOrName(Vocabulary.s_i_RM_ADMIN));
assertEquals(Role.viewAllRecords, Role.fromIriOrName(Vocabulary.s_i_view_all_records_role));
}

@Test
void fromIriOrNameReturnsRoleByName() {
assertEquals(Role.administrator, Role.fromIriOrName("administrator"));
assertEquals(Role.viewAllRecords, Role.fromIriOrName("viewAllRecords"));
assertEquals(Role.administrator, Role.fromIriOrName(SecurityConstants.administrator));
assertEquals(Role.viewAllRecords, Role.fromIriOrName(SecurityConstants.viewAllRecords));
}

@Test
void fromIriOrNameIsCaseInsensitiveForName() {
assertEquals(Role.administrator, Role.fromIriOrName("ADMINISTRATOR"));
assertEquals(Role.administrator, Role.fromIriOrName(SecurityConstants.administrator.toLowerCase()));
}

@Test
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,6 @@ public class PatientRecordDaoTest extends BaseDaoTestRunner {
public void setUp() {
this.roleGroupAdmin = Generator.generateRoleGroupWithRoles(Role.administrator);
transactional(() -> roleGroupDao.persist(roleGroupAdmin));
int a =4;
}

@Test
Expand Down

0 comments on commit fea4ef1

Please sign in to comment.