Skip to content

Commit

Permalink
feat: add role operator flag (#64)
Browse files Browse the repository at this point in the history
  • Loading branch information
andrejpetras authored Jun 6, 2024
1 parent 4cc6ba3 commit e8521a0
Show file tree
Hide file tree
Showing 11 changed files with 76 additions and 20 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ quarkus.hibernate-orm.multitenant=DISCRIMINATOR
quarkus.hibernate-orm.jdbc.timezone=UTC
quarkus.liquibase.migrate-at-start=true
quarkus.liquibase.validate-on-migrate=true
quarkus.hibernate-orm.log.sql=true
tkit.rs.context.tenant-id.enabled=true
onecx.permission.token.verified=true
onecx.permission.token.issuer.public-key-location.suffix=/protocol/openid-connect/certs
Expand Down Expand Up @@ -61,3 +60,9 @@ app:
----

vc"
db:
enabled: true

----
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ public interface TemplateMapper {
@Mapping(target = "modificationCount", ignore = true)
@Mapping(target = "persisted", ignore = true)
@Mapping(target = "tenantId", ignore = true)
@Mapping(target = "operator", ignore = true)
Role createRole(String name, String description);

@Mapping(target = "mandatory", ignore = true)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,10 @@ public class Role extends TraceableEntity {
@Column(name = "MANDATORY")
private Boolean mandatory;

/**
* Flag to identify role created by an operator
*/
@Column(name = "OPERATOR")
private Boolean operator;

}
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import jakarta.transaction.Transactional;

import org.tkit.onecx.permission.domain.daos.AssignmentDAO;
import org.tkit.onecx.permission.domain.daos.RoleDAO;
import org.tkit.onecx.permission.domain.models.Assignment;
import org.tkit.onecx.permission.domain.models.Role;

Expand All @@ -17,6 +18,9 @@ public class AssignmentService {
@Inject
AssignmentDAO dao;

@Inject
RoleDAO roleDAO;

@Transactional
public void createAssignments(Role role, List<Assignment> assignments) {
dao.deleteByRoleId(role.getId());
Expand All @@ -36,8 +40,9 @@ public void createRoleProductsAssignments(Role role, List<String> productNames,
}

@Transactional
public void importOperator(List<Assignment> assignments, Map<String, List<String>> productNames) {
public void importOperator(List<Assignment> assignments, Map<String, List<String>> productNames, List<Role> createRoles) {
productNames.forEach((productName, apps) -> dao.deleteByProductNameAppIds(productName, apps));
roleDAO.create(createRoles);
dao.create(assignments);

}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,11 @@ public Response operatorImportAssignments(AssignmentSnapshotDTOV1 assignmentSnap

// create assignments
List<EximProblemDetailInvalidParamDTOV1> problems = new ArrayList<>();
var assignments = mapper.createAssignments(problems, assignmentSnapshotDTO, roleMap, permissionMap);
List<Role> createRoles = new ArrayList<>();
var assignments = mapper.createAssignments(problems, assignmentSnapshotDTO, roleMap, permissionMap, createRoles);

// delete old and create new assignments
service.importOperator(assignments, request.product());
service.importOperator(assignments, request.product(), createRoles);

// check problems
if (!problems.isEmpty()) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,15 @@ public interface EximMapperV1 {
Assignment create(Role role, Permission permission);

default List<Assignment> createAssignments(List<EximProblemDetailInvalidParamDTOV1> problems, AssignmentSnapshotDTOV1 dto,
Map<String, Role> roleMap, Map<String, Permission> permissionMap) {
Map<String, Role> roleMap, Map<String, Permission> permissionMap, List<Role> createRoles) {
List<Assignment> assignments = new ArrayList<>();
dto.getAssignments().forEach((productName, product) -> {
if (product != null) {
product.forEach((appId, app) -> {
if (app != null) {
assignments
.addAll(createProductAppAssignments(productName, appId, app, problems, roleMap, permissionMap));
.addAll(createProductAppAssignments(productName, appId, app, problems, roleMap, permissionMap,
createRoles));
}
});
}
Expand All @@ -47,7 +48,7 @@ default List<Assignment> createAssignments(List<EximProblemDetailInvalidParamDTO

default List<Assignment> createProductAppAssignments(String productName, String appId,
Map<String, Map<String, List<String>>> dto, List<EximProblemDetailInvalidParamDTOV1> problems,
Map<String, Role> roleMap, Map<String, Permission> permissionMap) {
Map<String, Role> roleMap, Map<String, Permission> permissionMap, List<Role> createRoles) {
List<Assignment> assignments = new ArrayList<>();

// application role - resource - actions
Expand All @@ -56,26 +57,44 @@ default List<Assignment> createProductAppAssignments(String productName, String

var role = roleMap.get(roleName);
if (role == null) {
problems.add(createProblem("Role not found", "Role name: " + roleName));
continue;
role = createRole(roleName);
roleMap.put(roleName, role);
}

e.getValue().forEach((resource, actions) -> actions.forEach(action -> {
var permId = permId(productName, appId, resource, action);
var permission = permissionMap.get(permId);
if (permission == null) {
problems.add(createProblem("Permission not found", "Permission ID: " + permId));
} else {
var assignment = create(role, permission);
assignment.setOperator(true);
assignments.add(assignment);
for (Map.Entry<String, List<String>> me : e.getValue().entrySet()) {
var resource = me.getKey();

for (String action : me.getValue()) {
var permId = permId(productName, appId, resource, action);
var permission = permissionMap.get(permId);
if (permission == null) {
problems.add(createProblem("Permission not found", "Permission ID: " + permId));
} else {
var assignment = create(role, permission);
assignment.setOperator(true);
assignments.add(assignment);
}
}
}));
}
}

return assignments;
}

@Mapping(target = "mandatory", ignore = true)
@Mapping(target = "description", ignore = true)
@Mapping(target = "id", ignore = true)
@Mapping(target = "creationDate", ignore = true)
@Mapping(target = "creationUser", ignore = true)
@Mapping(target = "modificationDate", ignore = true)
@Mapping(target = "modificationUser", ignore = true)
@Mapping(target = "controlTraceabilityManual", ignore = true)
@Mapping(target = "modificationCount", ignore = true)
@Mapping(target = "persisted", ignore = true)
@Mapping(target = "tenantId", ignore = true)
@Mapping(target = "operator", constant = "true")
Role createRole(String name);

EximProblemDetailInvalidParamDTOV1 createProblem(String name, String message);

default RequestData createRequestData(AssignmentSnapshotDTOV1 dto) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ public interface RoleMapper {
@Mapping(target = "modificationCount", ignore = true)
@Mapping(target = "persisted", ignore = true)
@Mapping(target = "tenantId", ignore = true)
@Mapping(target = "operator", ignore = true)
Role create(CreateRoleRequestDTO dto);

RoleDTO map(Role data);
Expand All @@ -41,5 +42,6 @@ public interface RoleMapper {
@Mapping(target = "controlTraceabilityManual", ignore = true)
@Mapping(target = "persisted", ignore = true)
@Mapping(target = "tenantId", ignore = true)
@Mapping(target = "operator", ignore = true)
void update(UpdateRoleRequestDTO dto, @MappingTarget Role role);
}
3 changes: 3 additions & 0 deletions src/main/openapi/onecx-permission-internal-openapi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -812,6 +812,9 @@ components:
mandatory:
type: boolean
default: false
operator:
type: boolean
default: false
UserAssignmentPageResult:
type: object
properties:
Expand Down
1 change: 1 addition & 0 deletions src/main/resources/db/changeLog.xml
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,6 @@
<include relativeToChangelogFile="true" file="v1/2024-05-13-mandatory-flags.xml" />
<include relativeToChangelogFile="true" file="v1/2024-05-16-operator-flag.xml" />
<include relativeToChangelogFile="true" file="v1/2024-05-28-assignment-operator.xml" />
<include relativeToChangelogFile="true" file="v1/2024-06-06-role-operator.xml" />

</databaseChangeLog>
13 changes: 13 additions & 0 deletions src/main/resources/db/v1/2024-06-06-role-operator.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?xml version="1.1" encoding="UTF-8" standalone="no"?>
<databaseChangeLog
xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd"
objectQuotingStrategy="QUOTE_ONLY_RESERVED_WORDS">

<changeSet author="dev (generated)" id="1717685572396-1">
<addColumn tableName="role">
<column name="operator" type="bool"/>
</addColumn>
</changeSet>
</databaseChangeLog>
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ void operatorImportMissingDataTest() {
assertThat(dto.getErrorCode()).isEqualTo(EximExceptionMapperV1.ErrorCode.INVALID_IMPORT_REQUEST.name());
assertThat(dto.getDetail()).isEqualTo(
"The request could not be fully completed due to a conflict with the current state of the roles and permissions");
assertThat(dto.getInvalidParams()).isNotNull().hasSize(3);
assertThat(dto.getInvalidParams()).isNotNull().hasSize(4);
}

@Test
Expand Down

0 comments on commit e8521a0

Please sign in to comment.