From 27b5d274db377b79a5f4e0734b2ec1e1991e61bd Mon Sep 17 00:00:00 2001 From: Andrej Petras Date: Thu, 6 Jun 2024 17:28:46 +0200 Subject: [PATCH] feat: add role operator flag --- .../pages/onecx-permission-svc-docs.adoc | 7 ++- .../domain/di/mappers/TemplateMapper.java | 1 + .../onecx/permission/domain/models/Role.java | 6 +++ .../domain/services/AssignmentService.java | 7 ++- .../controllers/PermissionExportImportV1.java | 5 +- .../rs/exim/v1/mappers/EximMapperV1.java | 49 +++++++++++++------ .../rs/internal/mappers/RoleMapper.java | 2 + .../onecx-permission-internal-openapi.yaml | 3 ++ src/main/resources/db/changeLog.xml | 1 + .../db/v1/2024-06-06-role-operator.xml | 13 +++++ .../PermissionExportImportV1Test.java | 2 +- 11 files changed, 76 insertions(+), 20 deletions(-) create mode 100644 src/main/resources/db/v1/2024-06-06-role-operator.xml diff --git a/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-docs.adoc b/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-docs.adoc index 27aa18f..8df4947 100644 --- a/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-docs.adoc +++ b/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-docs.adoc @@ -17,7 +17,6 @@ quarkus.hibernate-orm.multitenant=DISCRIMINATOR quarkus.hibernate-orm.jdbc.timezone=UTC quarkus.liquibase.migrate-at-start=true quarkus.liquibase.validate-on-migrate=true -quarkus.hibernate-orm.log.sql=true tkit.rs.context.tenant-id.enabled=true onecx.permission.token.verified=true onecx.permission.token.issuer.public-key-location.suffix=/protocol/openid-connect/certs @@ -61,3 +60,9 @@ app: ---- +vc" + db: + enabled: true + +---- + diff --git a/src/main/java/org/tkit/onecx/permission/domain/di/mappers/TemplateMapper.java b/src/main/java/org/tkit/onecx/permission/domain/di/mappers/TemplateMapper.java index c5c6ae3..7110fe4 100644 --- a/src/main/java/org/tkit/onecx/permission/domain/di/mappers/TemplateMapper.java +++ b/src/main/java/org/tkit/onecx/permission/domain/di/mappers/TemplateMapper.java @@ -42,6 +42,7 @@ public interface TemplateMapper { @Mapping(target = "modificationCount", ignore = true) @Mapping(target = "persisted", ignore = true) @Mapping(target = "tenantId", ignore = true) + @Mapping(target = "operator", ignore = true) Role createRole(String name, String description); @Mapping(target = "mandatory", ignore = true) diff --git a/src/main/java/org/tkit/onecx/permission/domain/models/Role.java b/src/main/java/org/tkit/onecx/permission/domain/models/Role.java index 3977583..c99567e 100644 --- a/src/main/java/org/tkit/onecx/permission/domain/models/Role.java +++ b/src/main/java/org/tkit/onecx/permission/domain/models/Role.java @@ -39,4 +39,10 @@ public class Role extends TraceableEntity { @Column(name = "MANDATORY") private Boolean mandatory; + /** + * Flag to identify role created by an operator + */ + @Column(name = "OPERATOR") + private Boolean operator; + } diff --git a/src/main/java/org/tkit/onecx/permission/domain/services/AssignmentService.java b/src/main/java/org/tkit/onecx/permission/domain/services/AssignmentService.java index 90e2a2e..dcba762 100644 --- a/src/main/java/org/tkit/onecx/permission/domain/services/AssignmentService.java +++ b/src/main/java/org/tkit/onecx/permission/domain/services/AssignmentService.java @@ -8,6 +8,7 @@ import jakarta.transaction.Transactional; import org.tkit.onecx.permission.domain.daos.AssignmentDAO; +import org.tkit.onecx.permission.domain.daos.RoleDAO; import org.tkit.onecx.permission.domain.models.Assignment; import org.tkit.onecx.permission.domain.models.Role; @@ -17,6 +18,9 @@ public class AssignmentService { @Inject AssignmentDAO dao; + @Inject + RoleDAO roleDAO; + @Transactional public void createAssignments(Role role, List assignments) { dao.deleteByRoleId(role.getId()); @@ -36,8 +40,9 @@ public void createRoleProductsAssignments(Role role, List productNames, } @Transactional - public void importOperator(List assignments, Map> productNames) { + public void importOperator(List assignments, Map> productNames, List createRoles) { productNames.forEach((productName, apps) -> dao.deleteByProductNameAppIds(productName, apps)); + roleDAO.create(createRoles); dao.create(assignments); } diff --git a/src/main/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1.java b/src/main/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1.java index ac94ac3..cf34fe0 100644 --- a/src/main/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1.java +++ b/src/main/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1.java @@ -57,10 +57,11 @@ public Response operatorImportAssignments(AssignmentSnapshotDTOV1 assignmentSnap // create assignments List problems = new ArrayList<>(); - var assignments = mapper.createAssignments(problems, assignmentSnapshotDTO, roleMap, permissionMap); + List createRoles = new ArrayList<>(); + var assignments = mapper.createAssignments(problems, assignmentSnapshotDTO, roleMap, permissionMap, createRoles); // delete old and create new assignments - service.importOperator(assignments, request.product()); + service.importOperator(assignments, request.product(), createRoles); // check problems if (!problems.isEmpty()) { diff --git a/src/main/java/org/tkit/onecx/permission/rs/exim/v1/mappers/EximMapperV1.java b/src/main/java/org/tkit/onecx/permission/rs/exim/v1/mappers/EximMapperV1.java index 8a82978..70ee6f4 100644 --- a/src/main/java/org/tkit/onecx/permission/rs/exim/v1/mappers/EximMapperV1.java +++ b/src/main/java/org/tkit/onecx/permission/rs/exim/v1/mappers/EximMapperV1.java @@ -30,14 +30,15 @@ public interface EximMapperV1 { Assignment create(Role role, Permission permission); default List createAssignments(List problems, AssignmentSnapshotDTOV1 dto, - Map roleMap, Map permissionMap) { + Map roleMap, Map permissionMap, List createRoles) { List assignments = new ArrayList<>(); dto.getAssignments().forEach((productName, product) -> { if (product != null) { product.forEach((appId, app) -> { if (app != null) { assignments - .addAll(createProductAppAssignments(productName, appId, app, problems, roleMap, permissionMap)); + .addAll(createProductAppAssignments(productName, appId, app, problems, roleMap, permissionMap, + createRoles)); } }); } @@ -47,7 +48,7 @@ default List createAssignments(List createProductAppAssignments(String productName, String appId, Map>> dto, List problems, - Map roleMap, Map permissionMap) { + Map roleMap, Map permissionMap, List createRoles) { List assignments = new ArrayList<>(); // application role - resource - actions @@ -56,26 +57,44 @@ default List createProductAppAssignments(String productName, String var role = roleMap.get(roleName); if (role == null) { - problems.add(createProblem("Role not found", "Role name: " + roleName)); - continue; + role = createRole(roleName); + roleMap.put(roleName, role); } - e.getValue().forEach((resource, actions) -> actions.forEach(action -> { - var permId = permId(productName, appId, resource, action); - var permission = permissionMap.get(permId); - if (permission == null) { - problems.add(createProblem("Permission not found", "Permission ID: " + permId)); - } else { - var assignment = create(role, permission); - assignment.setOperator(true); - assignments.add(assignment); + for (Map.Entry> me : e.getValue().entrySet()) { + var resource = me.getKey(); + + for (String action : me.getValue()) { + var permId = permId(productName, appId, resource, action); + var permission = permissionMap.get(permId); + if (permission == null) { + problems.add(createProblem("Permission not found", "Permission ID: " + permId)); + } else { + var assignment = create(role, permission); + assignment.setOperator(true); + assignments.add(assignment); + } } - })); + } } return assignments; } + @Mapping(target = "mandatory", ignore = true) + @Mapping(target = "description", ignore = true) + @Mapping(target = "id", ignore = true) + @Mapping(target = "creationDate", ignore = true) + @Mapping(target = "creationUser", ignore = true) + @Mapping(target = "modificationDate", ignore = true) + @Mapping(target = "modificationUser", ignore = true) + @Mapping(target = "controlTraceabilityManual", ignore = true) + @Mapping(target = "modificationCount", ignore = true) + @Mapping(target = "persisted", ignore = true) + @Mapping(target = "tenantId", ignore = true) + @Mapping(target = "operator", constant = "true") + Role createRole(String name); + EximProblemDetailInvalidParamDTOV1 createProblem(String name, String message); default RequestData createRequestData(AssignmentSnapshotDTOV1 dto) { diff --git a/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/RoleMapper.java b/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/RoleMapper.java index e52b45a..9cd7556 100644 --- a/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/RoleMapper.java +++ b/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/RoleMapper.java @@ -28,6 +28,7 @@ public interface RoleMapper { @Mapping(target = "modificationCount", ignore = true) @Mapping(target = "persisted", ignore = true) @Mapping(target = "tenantId", ignore = true) + @Mapping(target = "operator", ignore = true) Role create(CreateRoleRequestDTO dto); RoleDTO map(Role data); @@ -41,5 +42,6 @@ public interface RoleMapper { @Mapping(target = "controlTraceabilityManual", ignore = true) @Mapping(target = "persisted", ignore = true) @Mapping(target = "tenantId", ignore = true) + @Mapping(target = "operator", ignore = true) void update(UpdateRoleRequestDTO dto, @MappingTarget Role role); } diff --git a/src/main/openapi/onecx-permission-internal-openapi.yaml b/src/main/openapi/onecx-permission-internal-openapi.yaml index 0515006..18105be 100644 --- a/src/main/openapi/onecx-permission-internal-openapi.yaml +++ b/src/main/openapi/onecx-permission-internal-openapi.yaml @@ -812,6 +812,9 @@ components: mandatory: type: boolean default: false + operator: + type: boolean + default: false UserAssignmentPageResult: type: object properties: diff --git a/src/main/resources/db/changeLog.xml b/src/main/resources/db/changeLog.xml index 160b7a9..bb801f9 100644 --- a/src/main/resources/db/changeLog.xml +++ b/src/main/resources/db/changeLog.xml @@ -9,5 +9,6 @@ + \ No newline at end of file diff --git a/src/main/resources/db/v1/2024-06-06-role-operator.xml b/src/main/resources/db/v1/2024-06-06-role-operator.xml new file mode 100644 index 0000000..72022b7 --- /dev/null +++ b/src/main/resources/db/v1/2024-06-06-role-operator.xml @@ -0,0 +1,13 @@ + + + + + + + + + \ No newline at end of file diff --git a/src/test/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1Test.java b/src/test/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1Test.java index 1d02d0f..987f225 100644 --- a/src/test/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1Test.java +++ b/src/test/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1Test.java @@ -89,7 +89,7 @@ void operatorImportMissingDataTest() { assertThat(dto.getErrorCode()).isEqualTo(EximExceptionMapperV1.ErrorCode.INVALID_IMPORT_REQUEST.name()); assertThat(dto.getDetail()).isEqualTo( "The request could not be fully completed due to a conflict with the current state of the roles and permissions"); - assertThat(dto.getInvalidParams()).isNotNull().hasSize(3); + assertThat(dto.getInvalidParams()).isNotNull().hasSize(4); } @Test