Skip to content

Commit

Permalink
refactor: cleaning up some legacy naming
Browse files Browse the repository at this point in the history
  • Loading branch information
@bobeal
bobeal committed May 3, 2024
1 parent ba1b664 commit 644ff7a
Show file tree
Hide file tree
Showing 11 changed files with 125 additions and 115 deletions.
16 changes: 8 additions & 8 deletions ...rvice/src/main/kotlin/com/egm/stellio/search/authorization/EnabledAuthorizationService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,23 +46,23 @@ class EnabledAuthorizationService(
override suspend fun userCanReadEntity(entityId: URI, sub: Option<Sub>): Either<APIException, Unit> =
userHasOneOfGivenRightsOnEntity(
entityId,
listOf(AccessRight.R_IS_OWNER, AccessRight.R_CAN_ADMIN, AccessRight.R_CAN_WRITE, AccessRight.R_CAN_READ),
listOf(AccessRight.IS_OWNER, AccessRight.CAN_ADMIN, AccessRight.CAN_WRITE, AccessRight.CAN_READ),
listOf(SpecificAccessPolicy.AUTH_WRITE, SpecificAccessPolicy.AUTH_READ),
sub
).toAccessDecision(ENTITIY_READ_FORBIDDEN_MESSAGE)

override suspend fun userCanUpdateEntity(entityId: URI, sub: Option<Sub>): Either<APIException, Unit> =
userHasOneOfGivenRightsOnEntity(
entityId,
listOf(AccessRight.R_IS_OWNER, AccessRight.R_CAN_ADMIN, AccessRight.R_CAN_WRITE),
listOf(AccessRight.IS_OWNER, AccessRight.CAN_ADMIN, AccessRight.CAN_WRITE),
listOf(SpecificAccessPolicy.AUTH_WRITE),
sub
).toAccessDecision(ENTITY_UPDATE_FORBIDDEN_MESSAGE)

override suspend fun userCanAdminEntity(entityId: URI, sub: Option<Sub>): Either<APIException, Unit> =
userHasOneOfGivenRightsOnEntity(
entityId,
listOf(AccessRight.R_IS_OWNER, AccessRight.R_CAN_ADMIN),
listOf(AccessRight.IS_OWNER, AccessRight.CAN_ADMIN),
emptyList(),
sub
).toAccessDecision(ENTITY_ADMIN_FORBIDDEN_MESSAGE)
Expand Down Expand Up @@ -110,7 +110,7 @@ class EnabledAuthorizationService(
// for each entity user is admin or creator of, retrieve the full details of rights other users have on it

val entitiesWithAdminRight = entitiesAccessRights.filter {
listOf(AccessRight.R_CAN_ADMIN, AccessRight.R_IS_OWNER).contains(it.right)
listOf(AccessRight.CAN_ADMIN, AccessRight.IS_OWNER).contains(it.right)
}.map { it.id }

val rightsForAdminEntities =
Expand All @@ -121,10 +121,10 @@ class EnabledAuthorizationService(
if (rightsForAdminEntities.containsKey(entityAccessRight.id)) {
val rightsForEntity = rightsForAdminEntities[entityAccessRight.id]!!
entityAccessRight.copy(
rCanReadUsers = rightsForEntity[AccessRight.R_CAN_READ],
rCanWriteUsers = rightsForEntity[AccessRight.R_CAN_WRITE],
rCanAdminUsers = rightsForEntity[AccessRight.R_CAN_ADMIN],
rIsOwnerUser = rightsForEntity[AccessRight.R_IS_OWNER]?.get(0)
canRead = rightsForEntity[AccessRight.CAN_READ],
canWrite = rightsForEntity[AccessRight.CAN_WRITE],
canAdmin = rightsForEntity[AccessRight.CAN_ADMIN],
owner = rightsForEntity[AccessRight.IS_OWNER]?.get(0)
)
} else entityAccessRight
}
Expand Down
16 changes: 8 additions & 8 deletions search-service/src/main/kotlin/com/egm/stellio/search/authorization/EntityAccessRights.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,10 @@ data class EntityAccessRights(
// right the current user has on the entity
val right: AccessRight,
val specificAccessPolicy: AuthContextModel.SpecificAccessPolicy? = null,
val rCanAdminUsers: List<SubjectRightInfo>? = null,
val rCanWriteUsers: List<SubjectRightInfo>? = null,
val rCanReadUsers: List<SubjectRightInfo>? = null,
val rIsOwnerUser: SubjectRightInfo? = null
val canAdmin: List<SubjectRightInfo>? = null,
val canWrite: List<SubjectRightInfo>? = null,
val canRead: List<SubjectRightInfo>? = null,
val owner: SubjectRightInfo? = null
) {
data class SubjectRightInfo(
val uri: URI,
Expand Down Expand Up @@ -61,22 +61,22 @@ data class EntityAccessRights(
resultEntity[AUTH_PROP_SAP] = buildExpandedPropertyValue(this)
}

rCanAdminUsers?.run {
canAdmin?.run {
resultEntity[AUTH_REL_CAN_ADMIN] = this.map {
it.serializeProperties(contexts)
}.flatten()
}
rCanWriteUsers?.run {
canWrite?.run {
resultEntity[AUTH_REL_CAN_WRITE] = this.map {
it.serializeProperties(contexts)
}.flatten()
}
rCanReadUsers?.run {
canRead?.run {
resultEntity[AUTH_REL_CAN_READ] = this.map {
it.serializeProperties(contexts)
}.flatten()
}
rIsOwnerUser?.run {
owner?.run {
resultEntity[AUTH_REL_IS_OWNER] = this.serializeProperties(contexts)
}

Expand Down
12 changes: 6 additions & 6 deletions ...service/src/main/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,15 @@ class EntityAccessRightsService(
) {
@Transactional
suspend fun setReadRoleOnEntity(sub: Sub, entityId: URI): Either<APIException, Unit> =
setRoleOnEntity(sub, entityId, R_CAN_READ)
setRoleOnEntity(sub, entityId, CAN_READ)

@Transactional
suspend fun setWriteRoleOnEntity(sub: Sub, entityId: URI): Either<APIException, Unit> =
setRoleOnEntity(sub, entityId, R_CAN_WRITE)
setRoleOnEntity(sub, entityId, CAN_WRITE)

@Transactional
suspend fun setCreatorRoleOnEntity(sub: Sub, entityId: URI): Either<APIException, Unit> =
setRoleOnEntity(sub, entityId, R_IS_OWNER)
setRoleOnEntity(sub, entityId, IS_OWNER)

@Transactional
suspend fun setRoleOnEntity(sub: Sub, entityId: URI, accessRight: AccessRight): Either<APIException, Unit> =
Expand Down Expand Up @@ -96,7 +96,7 @@ class EntityAccessRightsService(
sub,
entityId,
listOf(SpecificAccessPolicy.AUTH_READ, SpecificAccessPolicy.AUTH_WRITE),
listOf(R_CAN_READ, R_CAN_WRITE, R_CAN_ADMIN)
listOf(CAN_READ, CAN_WRITE, CAN_ADMIN)
).flatMap {
if (!it)
AccessDeniedException("User forbidden read access to entity $entityId").left()
Expand All @@ -108,7 +108,7 @@ class EntityAccessRightsService(
sub,
entityId,
listOf(SpecificAccessPolicy.AUTH_WRITE),
listOf(R_CAN_WRITE, R_CAN_ADMIN)
listOf(CAN_WRITE, CAN_ADMIN)
).flatMap {
if (!it)
AccessDeniedException("User forbidden write access to entity $entityId").left()
Expand Down Expand Up @@ -321,7 +321,7 @@ class EntityAccessRightsService(

private fun rowToEntityAccessControl(row: Map<String, Any>, isStellioAdmin: Boolean): EntityAccessRights {
val accessRight =
if (isStellioAdmin) R_CAN_ADMIN
if (isStellioAdmin) CAN_ADMIN
else (row["access_right"] as String).let { AccessRight.forAttributeName(it) }.getOrNull()!!

return EntityAccessRights(
Expand Down
9 changes: 9 additions & 0 deletions search-service/src/main/resources/db/migration/V0_41__migrate_to_creator_right.sql
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,12 @@
-- rename exiting authz rights
UPDATE entity_access_rights
SET access_right =
CASE
WHEN access_right = 'rCanAdmin' THEN 'canAdmin'
WHEN access_right = 'rCanWrite' THEN 'canWrite'
WHEN access_right = 'rCanReadm' THEN 'canRead'
END;

WITH entities AS (
SELECT entity_id, count(*) as admin_right_count
FROM entity_access_rights
Expand Down
20 changes: 10 additions & 10 deletions .../src/test/kotlin/com/egm/stellio/search/authorization/EnabledAuthorizationServiceTests.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ class EnabledAuthorizationServiceTests {
eq(Some(subjectUuid)),
eq(entityId01),
listOf(AUTH_WRITE, AUTH_READ),
listOf(R_IS_OWNER, R_CAN_ADMIN, R_CAN_WRITE, R_CAN_READ)
listOf(IS_OWNER, CAN_ADMIN, CAN_WRITE, CAN_READ)
)
}
}
Expand All @@ -105,7 +105,7 @@ class EnabledAuthorizationServiceTests {
eq(Some(subjectUuid)),
eq(entityId01),
listOf(AUTH_WRITE, AUTH_READ),
listOf(R_IS_OWNER, R_CAN_ADMIN, R_CAN_WRITE, R_CAN_READ)
listOf(IS_OWNER, CAN_ADMIN, CAN_WRITE, CAN_READ)
)
}
}
Expand All @@ -125,7 +125,7 @@ class EnabledAuthorizationServiceTests {
eq(Some(subjectUuid)),
eq(entityId01),
listOf(AUTH_WRITE),
listOf(R_IS_OWNER, R_CAN_ADMIN, R_CAN_WRITE)
listOf(IS_OWNER, CAN_ADMIN, CAN_WRITE)
)
}
}
Expand All @@ -142,7 +142,7 @@ class EnabledAuthorizationServiceTests {
eq(Some(subjectUuid)),
eq(entityId01),
listOf(AUTH_WRITE),
listOf(R_IS_OWNER, R_CAN_ADMIN, R_CAN_WRITE)
listOf(IS_OWNER, CAN_ADMIN, CAN_WRITE)
)
}
}
Expand All @@ -162,7 +162,7 @@ class EnabledAuthorizationServiceTests {
eq(Some(subjectUuid)),
eq(entityId01),
emptyList(),
listOf(R_IS_OWNER, R_CAN_ADMIN)
listOf(IS_OWNER, CAN_ADMIN)
)
}
}
Expand All @@ -179,7 +179,7 @@ class EnabledAuthorizationServiceTests {
eq(Some(subjectUuid)),
eq(entityId01),
emptyList(),
listOf(R_IS_OWNER, R_CAN_ADMIN)
listOf(IS_OWNER, CAN_ADMIN)
)
}
}
Expand Down Expand Up @@ -331,7 +331,7 @@ class EnabledAuthorizationServiceTests {
EntityAccessRights(
id = entityId01,
types = listOf(BEEHIVE_TYPE),
right = R_CAN_WRITE
right = CAN_WRITE
)
).right()
coEvery {
Expand Down Expand Up @@ -373,12 +373,12 @@ class EnabledAuthorizationServiceTests {
EntityAccessRights(
id = entityId01,
types = listOf(BEEHIVE_TYPE),
right = R_CAN_ADMIN
right = CAN_ADMIN
),
EntityAccessRights(
id = entityId02,
types = listOf(BEEHIVE_TYPE),
right = R_CAN_WRITE
right = CAN_WRITE
)
).right()
coEvery {
Expand All @@ -388,7 +388,7 @@ class EnabledAuthorizationServiceTests {
entityAccessRightsService.getAccessRightsForEntities(any(), any())
} returns mapOf(
entityId01 to mapOf(
R_CAN_WRITE to listOf(
CAN_WRITE to listOf(
SubjectRightInfo(
"urn:ngsi-ld:User:01".toUri(),
mapOf("kind" to "User", "username" to "stellio")
Expand Down
Loading

0 comments on commit 644ff7a

Please sign in to comment.