Skip to content

Commit

Permalink
[kbss-cvut/record-manager-ui#202] Refactor roles names
Browse files Browse the repository at this point in the history
  • Loading branch information
palagdan committed Sep 26, 2024
1 parent ab4ded5 commit 3d722f7
Show file tree
Hide file tree
Showing 10 changed files with 66 additions and 66 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ public SecurityFilterChain filterChain(HttpSecurity http, ConfigReader config,
LOG.debug("Using internal security mechanisms.");
final AuthenticationManager authManager = buildAuthenticationManager(http);
http.authorizeHttpRequests(
(auth) -> auth.requestMatchers("/rest/users/impersonate").hasAuthority(Role.administrator.name())
(auth) -> auth.requestMatchers("/rest/users/impersonate").hasAuthority(Role.administrator.toString())
.anyRequest().permitAll())
.cors((auth) -> auth.configurationSource(corsConfigurationSource(config)))
.csrf(AbstractHttpConfigurer::disable)
Expand Down
54 changes: 33 additions & 21 deletions src/main/java/cz/cvut/kbss/study/model/Role.java
Original file line number Diff line number Diff line change
@@ -1,66 +1,78 @@
package cz.cvut.kbss.study.model;

import com.fasterxml.jackson.annotation.JsonValue;
import cz.cvut.kbss.jopa.model.annotations.Individual;
import java.util.Optional;
import org.apache.poi.ss.formula.atp.Switch;
import cz.cvut.kbss.study.security.SecurityConstants;

public enum Role {

// TODO deprecated -- should be removed.
@Individual(iri=Vocabulary.s_i_administrator)
administrator(Vocabulary.s_i_administrator),
@Individual(iri=Vocabulary.s_i_RM_ADMIN)
administrator(SecurityConstants.administrator, Vocabulary.s_i_RM_ADMIN),
// TODO deprecated -- should be removed.
@Individual(iri = Vocabulary.s_i_user)
user(Vocabulary.s_i_user),
@Individual(iri = Vocabulary.s_i_RM_USER)
user(SecurityConstants.user, Vocabulary.s_i_RM_USER),

@Individual(iri = Vocabulary.s_i_impersonate_role)
impersonate(Vocabulary.s_i_impersonate_role),
impersonate(SecurityConstants.impersonate, Vocabulary.s_i_impersonate_role),

@Individual(iri = Vocabulary.s_i_delete_all_records_role)
deleteAllRecords(Vocabulary.s_i_delete_all_records_role),
deleteAllRecords(SecurityConstants.deleteAllRecords, Vocabulary.s_i_delete_all_records_role),

@Individual(iri = Vocabulary.s_i_view_all_records_role)
viewAllRecords(Vocabulary.s_i_view_all_records_role),
viewAllRecords(SecurityConstants.viewAllRecords, Vocabulary.s_i_view_all_records_role),

@Individual(iri = Vocabulary.s_i_edit_all_records_role)
editAllRecords(Vocabulary.s_i_edit_all_records_role),
editAllRecords(SecurityConstants.editAllRecords, Vocabulary.s_i_edit_all_records_role),

@Individual(iri = Vocabulary.s_i_delete_organization_records_role)
deleteOrganizationRecords(Vocabulary.s_i_delete_organization_records_role),
deleteOrganizationRecords(SecurityConstants.deleteOrganizationRecords, Vocabulary.s_i_delete_organization_records_role),

@Individual(iri = Vocabulary.s_i_view_organization_records_role)
viewOrganizationRecords(Vocabulary.s_i_view_organization_records_role),
viewOrganizationRecords(SecurityConstants.viewOrganizationRecords, Vocabulary.s_i_view_organization_records_role),

@Individual(iri = Vocabulary.s_i_edit_organization_records_role)
editOrganizationRecords(Vocabulary.s_i_edit_organization_records_role),
editOrganizationRecords(SecurityConstants.editOrganizationRecords, Vocabulary.s_i_edit_organization_records_role),

@Individual(iri = Vocabulary.s_i_edit_users_role)
editUsers(Vocabulary.s_i_edit_users_role),
editUsers(SecurityConstants.editUsers, Vocabulary.s_i_edit_users_role),

@Individual(iri = Vocabulary.s_i_complete_records_role)
completeRecords(Vocabulary.s_i_complete_records_role),
completeRecords(SecurityConstants.completeRecords, Vocabulary.s_i_complete_records_role),

@Individual(iri = Vocabulary.s_i_reject_records_role)
rejectRecords(Vocabulary.s_i_reject_records_role),
rejectRecords(SecurityConstants.rejectRecords, Vocabulary.s_i_reject_records_role),

@Individual(iri = Vocabulary.s_i_publish_records_role)
publishRecords(Vocabulary.s_i_publish_records_role),
publishRecords(SecurityConstants.publishRecords ,Vocabulary.s_i_publish_records_role),

@Individual(iri = Vocabulary.s_i_import_codelists_role)
importCodelists(Vocabulary.s_i_import_codelists_role);
importCodelists(SecurityConstants.importCodelists, Vocabulary.s_i_import_codelists_role);

private final String iri;

Role(String iri) {
public final String roleName;

Role(String roleName, String iri) {
this.iri = iri;
this.roleName = roleName;
}


@JsonValue
public String getRoleName(){
return roleName;
}

public String getIri() {
return iri;
}


@Override
public String toString() {
return roleName;
}

/**
* Returns {@link Role} with the specified IRI.
*
Expand All @@ -86,7 +98,7 @@ public static Role fromIri(String iri) {
*/
public static Role fromName(String name) {
for (Role r : values()) {
if (r.name().equalsIgnoreCase(name)) {
if (r.roleName.equalsIgnoreCase(name)) {
return r;
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/cz/cvut/kbss/study/model/User.java
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public class User implements HasDerivableUri, Serializable {
@OWLObjectProperty(iri = Vocabulary.s_p_is_member_of, fetch = FetchType.EAGER)
private Institution institution;

@OWLObjectProperty(iri = Vocabulary.s_p_has_role_group)
@OWLObjectProperty(iri = Vocabulary.s_p_has_role_group, fetch = FetchType.EAGER)
private RoleGroup roleGroup;

public User() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ public int getNumberOfInvestigators() {
.setParameter("typeUser", URI.create(Vocabulary.s_c_Person))
.setParameter("hasRoleGroup", URI.create(Vocabulary.s_p_has_role_group))
.setParameter("hasRole", URI.create(Vocabulary.s_p_has_role))
.setParameter("typeAdmin", URI.create(Vocabulary.s_i_administrator)).getSingleResult()
.setParameter("typeAdmin", URI.create(Vocabulary.s_i_RM_ADMIN)).getSingleResult()
).intValue();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ public class CustomSwitchUserFilter extends SwitchUserFilter {
@Override
protected Authentication attemptSwitchUser(HttpServletRequest request) throws AuthenticationException {
final Authentication switchTo = super.attemptSwitchUser(request);
if (switchTo.getAuthorities().stream().anyMatch(a -> Role.administrator.name().equals(a.getAuthority()))) {
if (switchTo.getAuthorities().stream().anyMatch(a -> Role.administrator.getRoleName().equals(a.getAuthority()))) {
throw new BadRequestException("Cannot impersonate admin.");
}
return switchTo;
Expand Down
26 changes: 13 additions & 13 deletions src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java
Original file line number Diff line number Diff line change
Expand Up @@ -27,32 +27,32 @@ private SecurityConstants() {
*/
public static final int SESSION_TIMEOUT = 12 * 60 * 60;

public static final String user = "user";
public static final String user = "ROLE_USER";

public static final String administrator = "administrator";
public static final String administrator = "ROLE_ADMIN";

public static final String impersonate = "impersonate";

public static final String deleteAllRecords = "deleteAllRecords";
public static final String deleteAllRecords = "delete-all-records";

public static final String viewAllRecords = "viewAllRecords";
public static final String viewAllRecords = "view-all-records";

public static final String editAllRecords = "editAllRecords";
public static final String editAllRecords = "edit-all-records";

public static final String deleteOrganizationRecords = "deleteOrganizationRecords";
public static final String deleteOrganizationRecords = "delete-organization-records";

public static final String viewOrganizationRecords = "viewOrganizationRecords";
public static final String viewOrganizationRecords = "view-organization-records";

public static final String editOrganizationRecords = "editOrganizationRecords";
public static final String editOrganizationRecords = "edit-organization-records";

public static final String editUsers = "editUsers";
public static final String editUsers = "edit-users";

public static final String completeRecords = "completeRecords";
public static final String completeRecords = "complete-records";

public static final String rejectRecords = "rejectRecords";
public static final String rejectRecords = "reject-records";

public static final String publishRecords = "publishRecords";
public static final String publishRecords = "publish-records";

public static final String importCodelists = "importCodelists";
public static final String importCodelists = "import-codelists";

}
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ public UserDetails(User user, Collection<GrantedAuthority> authorities) {
private void resolveRoles() {
authorities.addAll(
user.getRoleGroup().getRoles().stream()
.map(r -> new SimpleGrantedAuthority(r.name()))
.map(r -> new SimpleGrantedAuthority(r.getRoleName()))
.toList());
authorities.add(new SimpleGrantedAuthority(Role.user.name()));
}
Expand Down
22 changes: 5 additions & 17 deletions src/main/resources/model.ttl
Original file line number Diff line number Diff line change
Expand Up @@ -66,10 +66,6 @@ rm:has-question rdf:type owl:ObjectProperty ;
rm:is-member-of rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rm:relates-to .

### http://onto.fel.cvut.cz/ontologies/record-manager/role-group
rm:role-group rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rm:relates-to .


### http://onto.fel.cvut.cz/ontologies/record-manager/relates-to
rm:relates-to rdf:type owl:ObjectProperty .
Expand All @@ -79,16 +75,19 @@ rm:relates-to rdf:type owl:ObjectProperty .
rm:was-treated-at rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rm:relates-to .


### http://onto.fel.cvut.cz/ontologies/record-manager/has-phase
rm:has-phase rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rdf:type ;
rdfs:label "has phase"@en .


### http://onto.fel.cvut.cz/ontologies/record-manager/has-role-group
rm:has-role-group rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rm:relates-to;
rdfs:label "has role group"@en.


### http://onto.fel.cvut.cz/ontologies/record-manager/has-role
rm:has-role rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rm:relates-to;
Expand Down Expand Up @@ -153,17 +152,6 @@ rm:token rdf:type owl:DatatypeProperty .
rm:action-history rdf:type owl:Class ;
rdfs:label "ActionHistory"@en .


### http://onto.fel.cvut.cz/ontologies/record-manager/administrator-role-group
rm:administrator-role-group rdf:type owl:Class ;
rdfs:label "Administrator"@en .


### http://onto.fel.cvut.cz/ontologies/record-manager/doctor-role-group
rm:doctor-role-group rdf:type owl:Class ;
rdfs:label "Doctor"@en .


### http://onto.fel.cvut.cz/ontologies/record-manager/institution
rm:institution rdf:type owl:Class ;
rdfs:label "Institution"@en .
Expand Down Expand Up @@ -226,12 +214,12 @@ rm:role-group rdf:type owl:Class;

### http://onto.fel.cvut.cz/ontologies/record-manager/administrator
### TODO deprecated
rm:administrator rdf:type owl:NamedIndividual, rm:role ;
rm:RM_ADMIN rdf:type owl:NamedIndividual, rm:role ;
rdfs:label "administrator"@en .

### http://onto.fel.cvut.cz/ontologies/record-manager/user
### TODO deprecated
rm:user rdf:type owl:NamedIndividual, rm:role ;
rm:RM_USER rdf:type owl:NamedIndividual, rm:role ;
rdfs:label "user"@en .

### http://onto.fel.cvut.cz/ontologies/record-manager/complete-records-role
Expand Down
19 changes: 10 additions & 9 deletions src/test/java/cz/cvut/kbss/study/model/RoleTest.java
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
package cz.cvut.kbss.study.model;

import cz.cvut.kbss.study.security.SecurityConstants;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;

class RoleTest {

@Test
void fromIriReturnsCorrectRole() {
assertEquals(Role.administrator, Role.fromIri(Vocabulary.s_i_administrator));
assertEquals(Role.administrator, Role.fromIri(Vocabulary.s_i_RM_ADMIN));
assertEquals(Role.viewAllRecords, Role.fromIri(Vocabulary.s_i_view_all_records_role));
}

Expand All @@ -23,14 +24,14 @@ void fromIriThrowsExceptionForUnknownIri() {

@Test
void fromNameReturnsCorrectRole() {
assertEquals(Role.administrator, Role.fromName("administrator"));
assertEquals(Role.viewAllRecords, Role.fromName("viewAllRecords"));
assertEquals(Role.administrator, Role.fromName(SecurityConstants.administrator));
assertEquals(Role.viewAllRecords, Role.fromName(SecurityConstants.viewAllRecords));
}

@Test
void fromNameIsCaseInsensitive() {
assertEquals(Role.administrator, Role.fromName("ADMINISTRATOR"));
assertEquals(Role.viewAllRecords, Role.fromName("VIEWALLRECORDS"));
assertEquals(Role.administrator, Role.fromName(SecurityConstants.administrator.toLowerCase()));
assertEquals(Role.viewAllRecords, Role.fromName(SecurityConstants.viewAllRecords.toUpperCase()));
}

@Test
Expand All @@ -45,19 +46,19 @@ void fromNameThrowsExceptionForUnknownName() {

@Test
void fromIriOrNameReturnsRoleByIri() {
assertEquals(Role.administrator, Role.fromIriOrName(Vocabulary.s_i_administrator));
assertEquals(Role.administrator, Role.fromIriOrName(Vocabulary.s_i_RM_ADMIN));
assertEquals(Role.viewAllRecords, Role.fromIriOrName(Vocabulary.s_i_view_all_records_role));
}

@Test
void fromIriOrNameReturnsRoleByName() {
assertEquals(Role.administrator, Role.fromIriOrName("administrator"));
assertEquals(Role.viewAllRecords, Role.fromIriOrName("viewAllRecords"));
assertEquals(Role.administrator, Role.fromIriOrName(SecurityConstants.administrator));
assertEquals(Role.viewAllRecords, Role.fromIriOrName(SecurityConstants.viewAllRecords));
}

@Test
void fromIriOrNameIsCaseInsensitiveForName() {
assertEquals(Role.administrator, Role.fromIriOrName("ADMINISTRATOR"));
assertEquals(Role.administrator, Role.fromIriOrName(SecurityConstants.administrator.toLowerCase()));
}

@Test
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,6 @@ public class PatientRecordDaoTest extends BaseDaoTestRunner {
public void setUp() {
this.roleGroupAdmin = Generator.generateRoleGroupWithRoles(Role.administrator);
transactional(() -> roleGroupDao.persist(roleGroupAdmin));
int a =4;
}

@Test
Expand Down

0 comments on commit 3d722f7

Please sign in to comment.