feat: add role operator flag

onecx · Jun 6, 2024 · 27b5d27 · 27b5d27
1 parent 4cc6ba3
commit 27b5d27
Show file tree

Hide file tree

Showing 11 changed files with 76 additions and 20 deletions.
diff --git a/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-docs.adoc b/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-docs.adoc
@@ -17,7 +17,6 @@ quarkus.hibernate-orm.multitenant=DISCRIMINATOR
 quarkus.hibernate-orm.jdbc.timezone=UTC
 quarkus.liquibase.migrate-at-start=true
 quarkus.liquibase.validate-on-migrate=true
-quarkus.hibernate-orm.log.sql=true
 tkit.rs.context.tenant-id.enabled=true
 onecx.permission.token.verified=true
 onecx.permission.token.issuer.public-key-location.suffix=/protocol/openid-connect/certs
@@ -61,3 +60,9 @@ app:
 
 ----
 
+vc"
+  db:
+    enabled: true
+
+----
+
diff --git a/src/main/java/org/tkit/onecx/permission/domain/di/mappers/TemplateMapper.java b/src/main/java/org/tkit/onecx/permission/domain/di/mappers/TemplateMapper.java
@@ -42,6 +42,7 @@ public interface TemplateMapper {
     @Mapping(target = "modificationCount", ignore = true)
     @Mapping(target = "persisted", ignore = true)
     @Mapping(target = "tenantId", ignore = true)
+    @Mapping(target = "operator", ignore = true)
     Role createRole(String name, String description);
 
     @Mapping(target = "mandatory", ignore = true)

diff --git a/src/main/java/org/tkit/onecx/permission/domain/models/Role.java b/src/main/java/org/tkit/onecx/permission/domain/models/Role.java
@@ -39,4 +39,10 @@ public class Role extends TraceableEntity {
     @Column(name = "MANDATORY")
     private Boolean mandatory;
 
+    /**
+     * Flag to identify role created by an operator
+     */
+    @Column(name = "OPERATOR")
+    private Boolean operator;
+
 }
diff --git a/src/main/java/org/tkit/onecx/permission/domain/services/AssignmentService.java b/src/main/java/org/tkit/onecx/permission/domain/services/AssignmentService.java
@@ -8,6 +8,7 @@
 import jakarta.transaction.Transactional;
 
 import org.tkit.onecx.permission.domain.daos.AssignmentDAO;
+import org.tkit.onecx.permission.domain.daos.RoleDAO;
 import org.tkit.onecx.permission.domain.models.Assignment;
 import org.tkit.onecx.permission.domain.models.Role;
 
@@ -17,6 +18,9 @@ public class AssignmentService {
     @Inject
     AssignmentDAO dao;
 
+    @Inject
+    RoleDAO roleDAO;
+
     @Transactional
     public void createAssignments(Role role, List<Assignment> assignments) {
         dao.deleteByRoleId(role.getId());
@@ -36,8 +40,9 @@ public void createRoleProductsAssignments(Role role, List<String> productNames,
     }
 
     @Transactional
-    public void importOperator(List<Assignment> assignments, Map<String, List<String>> productNames) {
+    public void importOperator(List<Assignment> assignments, Map<String, List<String>> productNames, List<Role> createRoles) {
         productNames.forEach((productName, apps) -> dao.deleteByProductNameAppIds(productName, apps));
+        roleDAO.create(createRoles);
         dao.create(assignments);
 
     }

diff --git a/src/main/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1.java b/src/main/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1.java
@@ -57,10 +57,11 @@ public Response operatorImportAssignments(AssignmentSnapshotDTOV1 assignmentSnap
 
         // create assignments
         List<EximProblemDetailInvalidParamDTOV1> problems = new ArrayList<>();
-        var assignments = mapper.createAssignments(problems, assignmentSnapshotDTO, roleMap, permissionMap);
+        List<Role> createRoles = new ArrayList<>();
+        var assignments = mapper.createAssignments(problems, assignmentSnapshotDTO, roleMap, permissionMap, createRoles);
 
         // delete old and create new assignments
-        service.importOperator(assignments, request.product());
+        service.importOperator(assignments, request.product(), createRoles);
 
         // check problems
         if (!problems.isEmpty()) {

diff --git a/src/main/java/org/tkit/onecx/permission/rs/exim/v1/mappers/EximMapperV1.java b/src/main/java/org/tkit/onecx/permission/rs/exim/v1/mappers/EximMapperV1.java
@@ -30,14 +30,15 @@ public interface EximMapperV1 {
     Assignment create(Role role, Permission permission);
 
     default List<Assignment> createAssignments(List<EximProblemDetailInvalidParamDTOV1> problems, AssignmentSnapshotDTOV1 dto,
-            Map<String, Role> roleMap, Map<String, Permission> permissionMap) {
+            Map<String, Role> roleMap, Map<String, Permission> permissionMap, List<Role> createRoles) {
         List<Assignment> assignments = new ArrayList<>();
         dto.getAssignments().forEach((productName, product) -> {
             if (product != null) {
                 product.forEach((appId, app) -> {
                     if (app != null) {
                         assignments
-                                .addAll(createProductAppAssignments(productName, appId, app, problems, roleMap, permissionMap));
+                                .addAll(createProductAppAssignments(productName, appId, app, problems, roleMap, permissionMap,
+                                        createRoles));
                     }
                 });
             }
@@ -47,7 +48,7 @@ default List<Assignment> createAssignments(List<EximProblemDetailInvalidParamDTO
 
     default List<Assignment> createProductAppAssignments(String productName, String appId,
             Map<String, Map<String, List<String>>> dto, List<EximProblemDetailInvalidParamDTOV1> problems,
-            Map<String, Role> roleMap, Map<String, Permission> permissionMap) {
+            Map<String, Role> roleMap, Map<String, Permission> permissionMap, List<Role> createRoles) {
         List<Assignment> assignments = new ArrayList<>();
 
         // application role - resource - actions
@@ -56,26 +57,44 @@ default List<Assignment> createProductAppAssignments(String productName, String
 
             var role = roleMap.get(roleName);
             if (role == null) {
-                problems.add(createProblem("Role not found", "Role name: " + roleName));
-                continue;
+                role = createRole(roleName);
+                roleMap.put(roleName, role);
             }
 
-            e.getValue().forEach((resource, actions) -> actions.forEach(action -> {
-                var permId = permId(productName, appId, resource, action);
-                var permission = permissionMap.get(permId);
-                if (permission == null) {
-                    problems.add(createProblem("Permission not found", "Permission ID: " + permId));
-                } else {
-                    var assignment = create(role, permission);
-                    assignment.setOperator(true);
-                    assignments.add(assignment);
+            for (Map.Entry<String, List<String>> me : e.getValue().entrySet()) {
+                var resource = me.getKey();
+
+                for (String action : me.getValue()) {
+                    var permId = permId(productName, appId, resource, action);
+                    var permission = permissionMap.get(permId);
+                    if (permission == null) {
+                        problems.add(createProblem("Permission not found", "Permission ID: " + permId));
+                    } else {
+                        var assignment = create(role, permission);
+                        assignment.setOperator(true);
+                        assignments.add(assignment);
+                    }
                 }
-            }));
+            }
         }
 
         return assignments;
     }
 
+    @Mapping(target = "mandatory", ignore = true)
+    @Mapping(target = "description", ignore = true)
+    @Mapping(target = "id", ignore = true)
+    @Mapping(target = "creationDate", ignore = true)
+    @Mapping(target = "creationUser", ignore = true)
+    @Mapping(target = "modificationDate", ignore = true)
+    @Mapping(target = "modificationUser", ignore = true)
+    @Mapping(target = "controlTraceabilityManual", ignore = true)
+    @Mapping(target = "modificationCount", ignore = true)
+    @Mapping(target = "persisted", ignore = true)
+    @Mapping(target = "tenantId", ignore = true)
+    @Mapping(target = "operator", constant = "true")
+    Role createRole(String name);
+
     EximProblemDetailInvalidParamDTOV1 createProblem(String name, String message);
 
     default RequestData createRequestData(AssignmentSnapshotDTOV1 dto) {

diff --git a/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/RoleMapper.java b/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/RoleMapper.java
@@ -28,6 +28,7 @@ public interface RoleMapper {
     @Mapping(target = "modificationCount", ignore = true)
     @Mapping(target = "persisted", ignore = true)
     @Mapping(target = "tenantId", ignore = true)
+    @Mapping(target = "operator", ignore = true)
     Role create(CreateRoleRequestDTO dto);
 
     RoleDTO map(Role data);
@@ -41,5 +42,6 @@ public interface RoleMapper {
     @Mapping(target = "controlTraceabilityManual", ignore = true)
     @Mapping(target = "persisted", ignore = true)
     @Mapping(target = "tenantId", ignore = true)
+    @Mapping(target = "operator", ignore = true)
     void update(UpdateRoleRequestDTO dto, @MappingTarget Role role);
 }
diff --git a/src/main/openapi/onecx-permission-internal-openapi.yaml b/src/main/openapi/onecx-permission-internal-openapi.yaml
@@ -812,6 +812,9 @@ components:
         mandatory:
           type: boolean
           default: false
+        operator:
+          type: boolean
+          default: false
     UserAssignmentPageResult:
       type: object
       properties:

diff --git a/src/main/resources/db/changeLog.xml b/src/main/resources/db/changeLog.xml
@@ -9,5 +9,6 @@
     <include relativeToChangelogFile="true" file="v1/2024-05-13-mandatory-flags.xml" />
     <include relativeToChangelogFile="true" file="v1/2024-05-16-operator-flag.xml" />
     <include relativeToChangelogFile="true" file="v1/2024-05-28-assignment-operator.xml" />
+    <include relativeToChangelogFile="true" file="v1/2024-06-06-role-operator.xml" />
 
 </databaseChangeLog>
diff --git a/src/main/resources/db/v1/2024-06-06-role-operator.xml b/src/main/resources/db/v1/2024-06-06-role-operator.xml
@@ -0,0 +1,13 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd"
+        objectQuotingStrategy="QUOTE_ONLY_RESERVED_WORDS">
+
+    <changeSet author="dev (generated)" id="1717685572396-1">
+        <addColumn tableName="role">
+            <column name="operator" type="bool"/>
+        </addColumn>
+    </changeSet>
+</databaseChangeLog>
diff --git a/...t/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1Test.java b/...t/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1Test.java
@@ -89,7 +89,7 @@ void operatorImportMissingDataTest() {
         assertThat(dto.getErrorCode()).isEqualTo(EximExceptionMapperV1.ErrorCode.INVALID_IMPORT_REQUEST.name());
         assertThat(dto.getDetail()).isEqualTo(
                 "The request could not be fully completed due to a conflict with the current state of the roles and permissions");
-        assertThat(dto.getInvalidParams()).isNotNull().hasSize(3);
+        assertThat(dto.getInvalidParams()).isNotNull().hasSize(4);
     }
 
     @Test