From 644ff7a1fa2659974d4ff2f2aefb05f245c5cd79 Mon Sep 17 00:00:00 2001 From: Benoit Orihuela Date: Fri, 3 May 2024 14:28:33 +0200 Subject: [PATCH] refactor: cleaning up some legacy naming --- .../EnabledAuthorizationService.kt | 16 ++-- .../authorization/EntityAccessRights.kt | 16 ++-- .../EntityAccessRightsService.kt | 12 +-- .../V0_41__migrate_to_creator_right.sql | 9 ++ .../EnabledAuthorizationServiceTests.kt | 20 ++--- .../EntityAccessRightsServiceTests.kt | 88 +++++++++---------- .../web/EntityAccessControlHandlerTests.kt | 32 +++---- .../com/egm/stellio/shared/util/AuthUtils.kt | 22 ++--- .../egm/stellio/shared/util/AuthUtilsTests.kt | 6 +- .../jsonld-contexts/authorization.jsonld | 17 ++-- .../authorization/RightAddOnEntity.json | 2 +- 11 files changed, 125 insertions(+), 115 deletions(-) diff --git a/search-service/src/main/kotlin/com/egm/stellio/search/authorization/EnabledAuthorizationService.kt b/search-service/src/main/kotlin/com/egm/stellio/search/authorization/EnabledAuthorizationService.kt index 25550114b6..14039cb98c 100644 --- a/search-service/src/main/kotlin/com/egm/stellio/search/authorization/EnabledAuthorizationService.kt +++ b/search-service/src/main/kotlin/com/egm/stellio/search/authorization/EnabledAuthorizationService.kt @@ -46,7 +46,7 @@ class EnabledAuthorizationService( override suspend fun userCanReadEntity(entityId: URI, sub: Option): Either = userHasOneOfGivenRightsOnEntity( entityId, - listOf(AccessRight.R_IS_OWNER, AccessRight.R_CAN_ADMIN, AccessRight.R_CAN_WRITE, AccessRight.R_CAN_READ), + listOf(AccessRight.IS_OWNER, AccessRight.CAN_ADMIN, AccessRight.CAN_WRITE, AccessRight.CAN_READ), listOf(SpecificAccessPolicy.AUTH_WRITE, SpecificAccessPolicy.AUTH_READ), sub ).toAccessDecision(ENTITIY_READ_FORBIDDEN_MESSAGE) @@ -54,7 +54,7 @@ class EnabledAuthorizationService( override suspend fun userCanUpdateEntity(entityId: URI, sub: Option): Either = userHasOneOfGivenRightsOnEntity( entityId, - listOf(AccessRight.R_IS_OWNER, AccessRight.R_CAN_ADMIN, AccessRight.R_CAN_WRITE), + listOf(AccessRight.IS_OWNER, AccessRight.CAN_ADMIN, AccessRight.CAN_WRITE), listOf(SpecificAccessPolicy.AUTH_WRITE), sub ).toAccessDecision(ENTITY_UPDATE_FORBIDDEN_MESSAGE) @@ -62,7 +62,7 @@ class EnabledAuthorizationService( override suspend fun userCanAdminEntity(entityId: URI, sub: Option): Either = userHasOneOfGivenRightsOnEntity( entityId, - listOf(AccessRight.R_IS_OWNER, AccessRight.R_CAN_ADMIN), + listOf(AccessRight.IS_OWNER, AccessRight.CAN_ADMIN), emptyList(), sub ).toAccessDecision(ENTITY_ADMIN_FORBIDDEN_MESSAGE) @@ -110,7 +110,7 @@ class EnabledAuthorizationService( // for each entity user is admin or creator of, retrieve the full details of rights other users have on it val entitiesWithAdminRight = entitiesAccessRights.filter { - listOf(AccessRight.R_CAN_ADMIN, AccessRight.R_IS_OWNER).contains(it.right) + listOf(AccessRight.CAN_ADMIN, AccessRight.IS_OWNER).contains(it.right) }.map { it.id } val rightsForAdminEntities = @@ -121,10 +121,10 @@ class EnabledAuthorizationService( if (rightsForAdminEntities.containsKey(entityAccessRight.id)) { val rightsForEntity = rightsForAdminEntities[entityAccessRight.id]!! entityAccessRight.copy( - rCanReadUsers = rightsForEntity[AccessRight.R_CAN_READ], - rCanWriteUsers = rightsForEntity[AccessRight.R_CAN_WRITE], - rCanAdminUsers = rightsForEntity[AccessRight.R_CAN_ADMIN], - rIsOwnerUser = rightsForEntity[AccessRight.R_IS_OWNER]?.get(0) + canRead = rightsForEntity[AccessRight.CAN_READ], + canWrite = rightsForEntity[AccessRight.CAN_WRITE], + canAdmin = rightsForEntity[AccessRight.CAN_ADMIN], + owner = rightsForEntity[AccessRight.IS_OWNER]?.get(0) ) } else entityAccessRight } diff --git a/search-service/src/main/kotlin/com/egm/stellio/search/authorization/EntityAccessRights.kt b/search-service/src/main/kotlin/com/egm/stellio/search/authorization/EntityAccessRights.kt index 568b8118cb..f222d051c9 100644 --- a/search-service/src/main/kotlin/com/egm/stellio/search/authorization/EntityAccessRights.kt +++ b/search-service/src/main/kotlin/com/egm/stellio/search/authorization/EntityAccessRights.kt @@ -30,10 +30,10 @@ data class EntityAccessRights( // right the current user has on the entity val right: AccessRight, val specificAccessPolicy: AuthContextModel.SpecificAccessPolicy? = null, - val rCanAdminUsers: List? = null, - val rCanWriteUsers: List? = null, - val rCanReadUsers: List? = null, - val rIsOwnerUser: SubjectRightInfo? = null + val canAdmin: List? = null, + val canWrite: List? = null, + val canRead: List? = null, + val owner: SubjectRightInfo? = null ) { data class SubjectRightInfo( val uri: URI, @@ -61,22 +61,22 @@ data class EntityAccessRights( resultEntity[AUTH_PROP_SAP] = buildExpandedPropertyValue(this) } - rCanAdminUsers?.run { + canAdmin?.run { resultEntity[AUTH_REL_CAN_ADMIN] = this.map { it.serializeProperties(contexts) }.flatten() } - rCanWriteUsers?.run { + canWrite?.run { resultEntity[AUTH_REL_CAN_WRITE] = this.map { it.serializeProperties(contexts) }.flatten() } - rCanReadUsers?.run { + canRead?.run { resultEntity[AUTH_REL_CAN_READ] = this.map { it.serializeProperties(contexts) }.flatten() } - rIsOwnerUser?.run { + owner?.run { resultEntity[AUTH_REL_IS_OWNER] = this.serializeProperties(contexts) } diff --git a/search-service/src/main/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsService.kt b/search-service/src/main/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsService.kt index 07321cfed9..f11aeee536 100644 --- a/search-service/src/main/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsService.kt +++ b/search-service/src/main/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsService.kt @@ -35,15 +35,15 @@ class EntityAccessRightsService( ) { @Transactional suspend fun setReadRoleOnEntity(sub: Sub, entityId: URI): Either = - setRoleOnEntity(sub, entityId, R_CAN_READ) + setRoleOnEntity(sub, entityId, CAN_READ) @Transactional suspend fun setWriteRoleOnEntity(sub: Sub, entityId: URI): Either = - setRoleOnEntity(sub, entityId, R_CAN_WRITE) + setRoleOnEntity(sub, entityId, CAN_WRITE) @Transactional suspend fun setCreatorRoleOnEntity(sub: Sub, entityId: URI): Either = - setRoleOnEntity(sub, entityId, R_IS_OWNER) + setRoleOnEntity(sub, entityId, IS_OWNER) @Transactional suspend fun setRoleOnEntity(sub: Sub, entityId: URI, accessRight: AccessRight): Either = @@ -96,7 +96,7 @@ class EntityAccessRightsService( sub, entityId, listOf(SpecificAccessPolicy.AUTH_READ, SpecificAccessPolicy.AUTH_WRITE), - listOf(R_CAN_READ, R_CAN_WRITE, R_CAN_ADMIN) + listOf(CAN_READ, CAN_WRITE, CAN_ADMIN) ).flatMap { if (!it) AccessDeniedException("User forbidden read access to entity $entityId").left() @@ -108,7 +108,7 @@ class EntityAccessRightsService( sub, entityId, listOf(SpecificAccessPolicy.AUTH_WRITE), - listOf(R_CAN_WRITE, R_CAN_ADMIN) + listOf(CAN_WRITE, CAN_ADMIN) ).flatMap { if (!it) AccessDeniedException("User forbidden write access to entity $entityId").left() @@ -321,7 +321,7 @@ class EntityAccessRightsService( private fun rowToEntityAccessControl(row: Map, isStellioAdmin: Boolean): EntityAccessRights { val accessRight = - if (isStellioAdmin) R_CAN_ADMIN + if (isStellioAdmin) CAN_ADMIN else (row["access_right"] as String).let { AccessRight.forAttributeName(it) }.getOrNull()!! return EntityAccessRights( diff --git a/search-service/src/main/resources/db/migration/V0_41__migrate_to_creator_right.sql b/search-service/src/main/resources/db/migration/V0_41__migrate_to_creator_right.sql index 83fae846b2..5e608061e5 100644 --- a/search-service/src/main/resources/db/migration/V0_41__migrate_to_creator_right.sql +++ b/search-service/src/main/resources/db/migration/V0_41__migrate_to_creator_right.sql @@ -1,3 +1,12 @@ +-- rename exiting authz rights +UPDATE entity_access_rights +SET access_right = + CASE + WHEN access_right = 'rCanAdmin' THEN 'canAdmin' + WHEN access_right = 'rCanWrite' THEN 'canWrite' + WHEN access_right = 'rCanReadm' THEN 'canRead' + END; + WITH entities AS ( SELECT entity_id, count(*) as admin_right_count FROM entity_access_rights diff --git a/search-service/src/test/kotlin/com/egm/stellio/search/authorization/EnabledAuthorizationServiceTests.kt b/search-service/src/test/kotlin/com/egm/stellio/search/authorization/EnabledAuthorizationServiceTests.kt index 8856cd7344..63ad172cd4 100644 --- a/search-service/src/test/kotlin/com/egm/stellio/search/authorization/EnabledAuthorizationServiceTests.kt +++ b/search-service/src/test/kotlin/com/egm/stellio/search/authorization/EnabledAuthorizationServiceTests.kt @@ -88,7 +88,7 @@ class EnabledAuthorizationServiceTests { eq(Some(subjectUuid)), eq(entityId01), listOf(AUTH_WRITE, AUTH_READ), - listOf(R_IS_OWNER, R_CAN_ADMIN, R_CAN_WRITE, R_CAN_READ) + listOf(IS_OWNER, CAN_ADMIN, CAN_WRITE, CAN_READ) ) } } @@ -105,7 +105,7 @@ class EnabledAuthorizationServiceTests { eq(Some(subjectUuid)), eq(entityId01), listOf(AUTH_WRITE, AUTH_READ), - listOf(R_IS_OWNER, R_CAN_ADMIN, R_CAN_WRITE, R_CAN_READ) + listOf(IS_OWNER, CAN_ADMIN, CAN_WRITE, CAN_READ) ) } } @@ -125,7 +125,7 @@ class EnabledAuthorizationServiceTests { eq(Some(subjectUuid)), eq(entityId01), listOf(AUTH_WRITE), - listOf(R_IS_OWNER, R_CAN_ADMIN, R_CAN_WRITE) + listOf(IS_OWNER, CAN_ADMIN, CAN_WRITE) ) } } @@ -142,7 +142,7 @@ class EnabledAuthorizationServiceTests { eq(Some(subjectUuid)), eq(entityId01), listOf(AUTH_WRITE), - listOf(R_IS_OWNER, R_CAN_ADMIN, R_CAN_WRITE) + listOf(IS_OWNER, CAN_ADMIN, CAN_WRITE) ) } } @@ -162,7 +162,7 @@ class EnabledAuthorizationServiceTests { eq(Some(subjectUuid)), eq(entityId01), emptyList(), - listOf(R_IS_OWNER, R_CAN_ADMIN) + listOf(IS_OWNER, CAN_ADMIN) ) } } @@ -179,7 +179,7 @@ class EnabledAuthorizationServiceTests { eq(Some(subjectUuid)), eq(entityId01), emptyList(), - listOf(R_IS_OWNER, R_CAN_ADMIN) + listOf(IS_OWNER, CAN_ADMIN) ) } } @@ -331,7 +331,7 @@ class EnabledAuthorizationServiceTests { EntityAccessRights( id = entityId01, types = listOf(BEEHIVE_TYPE), - right = R_CAN_WRITE + right = CAN_WRITE ) ).right() coEvery { @@ -373,12 +373,12 @@ class EnabledAuthorizationServiceTests { EntityAccessRights( id = entityId01, types = listOf(BEEHIVE_TYPE), - right = R_CAN_ADMIN + right = CAN_ADMIN ), EntityAccessRights( id = entityId02, types = listOf(BEEHIVE_TYPE), - right = R_CAN_WRITE + right = CAN_WRITE ) ).right() coEvery { @@ -388,7 +388,7 @@ class EnabledAuthorizationServiceTests { entityAccessRightsService.getAccessRightsForEntities(any(), any()) } returns mapOf( entityId01 to mapOf( - R_CAN_WRITE to listOf( + CAN_WRITE to listOf( SubjectRightInfo( "urn:ngsi-ld:User:01".toUri(), mapOf("kind" to "User", "username" to "stellio") diff --git a/search-service/src/test/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsServiceTests.kt b/search-service/src/test/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsServiceTests.kt index 66c842e4b2..22a0c9b29d 100644 --- a/search-service/src/test/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsServiceTests.kt +++ b/search-service/src/test/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsServiceTests.kt @@ -252,8 +252,8 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { fun `it should get all entities an user has access to`() = runTest { createEntityPayload(entityId01, setOf(BEEHIVE_TYPE), AUTH_READ) createEntityPayload(entityId02, setOf(BEEHIVE_TYPE)) - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(UUID.randomUUID().toString(), entityId02, AccessRight.R_CAN_WRITE) + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(UUID.randomUUID().toString(), entityId02, AccessRight.CAN_WRITE) .shouldSucceed() entityAccessRightsService.getSubjectAccessRights( @@ -265,7 +265,7 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { val entityAccessControl = it[0] assertEquals(entityId01, entityAccessControl.id) assertEquals(BEEHIVE_TYPE, entityAccessControl.types[0]) - assertEquals(AccessRight.R_CAN_WRITE, entityAccessControl.right) + assertEquals(AccessRight.CAN_WRITE, entityAccessControl.right) assertEquals(AUTH_READ, entityAccessControl.specificAccessPolicy) } @@ -283,8 +283,8 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { createEntityPayload(entityId01, setOf(BEEHIVE_TYPE), AUTH_READ) createEntityPayload(entityId02, setOf(BEEHIVE_TYPE)) - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(UUID.randomUUID().toString(), entityId02, AccessRight.R_CAN_WRITE) + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(UUID.randomUUID().toString(), entityId02, AccessRight.CAN_WRITE) .shouldSucceed() entityAccessRightsService.getSubjectAccessRights( @@ -294,7 +294,7 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { ).shouldSucceedWith { assertEquals(2, it.size) it.forEach { entityAccessControl -> - assertEquals(AccessRight.R_CAN_ADMIN, entityAccessControl.right) + assertEquals(AccessRight.CAN_ADMIN, entityAccessControl.right) } } @@ -313,9 +313,9 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { createEntityPayload(entityId01, setOf(BEEHIVE_TYPE), AUTH_READ) createEntityPayload(entityId02, setOf(BEEHIVE_TYPE)) createEntityPayload(entityId03, setOf(APIARY_TYPE)) - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId03, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(UUID.randomUUID().toString(), entityId02, AccessRight.R_CAN_WRITE) + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId03, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(UUID.randomUUID().toString(), entityId02, AccessRight.CAN_WRITE) .shouldSucceed() entityAccessRightsService.getSubjectAccessRights( @@ -346,9 +346,9 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { createEntityPayload(entityId01, setOf(BEEHIVE_TYPE), AUTH_READ) createEntityPayload(entityId02, setOf(BEEHIVE_TYPE)) createEntityPayload(entityId03, setOf(APIARY_TYPE)) - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId03, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(UUID.randomUUID().toString(), entityId02, AccessRight.R_CAN_WRITE) + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId03, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(UUID.randomUUID().toString(), entityId02, AccessRight.CAN_WRITE) .shouldSucceed() entityAccessRightsService.getSubjectAccessRights( @@ -379,9 +379,9 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { createEntityPayload(entityId01, setOf(BEEHIVE_TYPE), AUTH_READ) createEntityPayload(entityId02, setOf(BEEHIVE_TYPE)) createEntityPayload(entityId03, setOf(APIARY_TYPE)) - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId03, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(UUID.randomUUID().toString(), entityId02, AccessRight.R_CAN_WRITE) + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId03, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(UUID.randomUUID().toString(), entityId02, AccessRight.CAN_WRITE) .shouldSucceed() entityAccessRightsService.getSubjectAccessRights( @@ -412,14 +412,14 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { createEntityPayload(entityId01, setOf(BEEHIVE_TYPE), AUTH_READ) createEntityPayload(entityId02, setOf(BEEHIVE_TYPE)) createEntityPayload(entityId03, setOf(APIARY_TYPE)) - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.R_CAN_READ).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId03, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(UUID.randomUUID().toString(), entityId02, AccessRight.R_CAN_WRITE) + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.CAN_READ).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId03, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(UUID.randomUUID().toString(), entityId02, AccessRight.CAN_WRITE) .shouldSucceed() entityAccessRightsService.getSubjectAccessRights( Some(subjectUuid), - listOf(AccessRight.R_CAN_WRITE), + listOf(AccessRight.CAN_WRITE), paginationQuery = PaginationQuery(limit = 100, offset = 0) ).shouldSucceedWith { assertEquals(1, it.size) @@ -429,7 +429,7 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { entityAccessRightsService.getSubjectAccessRightsCount( Some(subjectUuid), - listOf(AccessRight.R_CAN_WRITE) + listOf(AccessRight.CAN_WRITE) ).shouldSucceedWith { assertEquals(1, it) } @@ -442,13 +442,13 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { createEntityPayload(entityId01, setOf(BEEHIVE_TYPE), AUTH_READ) createEntityPayload(entityId02, setOf(BEEHIVE_TYPE)) createEntityPayload(entityId03, setOf(APIARY_TYPE)) - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.R_CAN_READ).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId02, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId03, AccessRight.R_CAN_READ).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.CAN_READ).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId02, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId03, AccessRight.CAN_READ).shouldSucceed() entityAccessRightsService.getSubjectAccessRights( Some(subjectUuid), - listOf(AccessRight.R_CAN_WRITE), + listOf(AccessRight.CAN_WRITE), "$BEEHIVE_TYPE,$APIARY_TYPE", paginationQuery = PaginationQuery(limit = 100, offset = 0) ).shouldSucceedWith { @@ -459,7 +459,7 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { entityAccessRightsService.getSubjectAccessRightsCount( Some(subjectUuid), - listOf(AccessRight.R_CAN_WRITE) + listOf(AccessRight.CAN_WRITE) ).shouldSucceedWith { assertEquals(1, it) } @@ -472,8 +472,8 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { subjectReferentialService.getSubjectAndGroupsUUID(Some(subjectUuid)) } returns listOf(groupUuid, subjectUuid).right() - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.R_CAN_WRITE) - entityAccessRightsService.setRoleOnEntity(groupUuid, entityId01, AccessRight.R_CAN_ADMIN) + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.CAN_WRITE) + entityAccessRightsService.setRoleOnEntity(groupUuid, entityId01, AccessRight.CAN_ADMIN) entityAccessRightsService.getSubjectAccessRights( Some(subjectUuid), @@ -484,7 +484,7 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { assertEquals(1, it.size) val entityAccessControl = it[0] assertEquals(entityId01, entityAccessControl.id) - assertEquals(AccessRight.R_CAN_ADMIN, entityAccessControl.right) + assertEquals(AccessRight.CAN_ADMIN, entityAccessControl.right) } } @@ -499,8 +499,8 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { createSubjectReferential(subjectUuid, SubjectType.USER, getSubjectInfoForUser("stellio")) createSubjectReferential(groupUuid, SubjectType.GROUP, getSubjectInfoForGroup("Stellio Team")) - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(groupUuid, entityId01, AccessRight.R_CAN_READ).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(groupUuid, entityId01, AccessRight.CAN_READ).shouldSucceed() entityAccessRightsService.getAccessRightsForEntities(Some(subjectUuid), listOf(entityId01, entityId02)) .shouldSucceedWith { @@ -508,8 +508,8 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { val result = it.entries.first() assertEquals(entityId01, result.key) assertEquals(1, result.value.size) - assertTrue(result.value.containsKey(AccessRight.R_CAN_READ)) - val rCanReadList = result.value[AccessRight.R_CAN_READ]!! + assertTrue(result.value.containsKey(AccessRight.CAN_READ)) + val rCanReadList = result.value[AccessRight.CAN_READ]!! assertEquals(1, rCanReadList.size) val subjectRightDetail = rCanReadList[0] assertEquals(GROUP_ENTITY_PREFIX + groupUuid, subjectRightDetail.uri.toString()) @@ -526,16 +526,16 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { createSubjectReferential(subjectUuid, SubjectType.USER, getSubjectInfoForUser("stellio")) createSubjectReferential(groupUuid, SubjectType.GROUP, getSubjectInfoForGroup("Stellio Team")) - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(groupUuid, entityId01, AccessRight.R_CAN_READ).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId02, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(groupUuid, entityId02, AccessRight.R_CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(groupUuid, entityId01, AccessRight.CAN_READ).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId02, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(groupUuid, entityId02, AccessRight.CAN_WRITE).shouldSucceed() entityAccessRightsService.getAccessRightsForEntities(Some(subjectUuid), listOf(entityId01, entityId02)) .shouldSucceedWith { assertEquals(2, it.size) - assertTrue(it.getValue(entityId01).containsKey(AccessRight.R_CAN_READ)) - assertTrue(it.getValue(entityId02).containsKey(AccessRight.R_CAN_WRITE)) + assertTrue(it.getValue(entityId01).containsKey(AccessRight.CAN_READ)) + assertTrue(it.getValue(entityId02).containsKey(AccessRight.CAN_WRITE)) } } @@ -545,18 +545,18 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { createSubjectReferential(groupUuid, SubjectType.GROUP, getSubjectInfoForGroup("Stellio Team")) createSubjectReferential(clientUuid, SubjectType.CLIENT, getSubjectInfoForClient("IoT Device")) - entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.R_CAN_WRITE).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(groupUuid, entityId01, AccessRight.R_CAN_READ).shouldSucceed() - entityAccessRightsService.setRoleOnEntity(clientUuid, entityId01, AccessRight.R_CAN_ADMIN).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.CAN_WRITE).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(groupUuid, entityId01, AccessRight.CAN_READ).shouldSucceed() + entityAccessRightsService.setRoleOnEntity(clientUuid, entityId01, AccessRight.CAN_ADMIN).shouldSucceed() entityAccessRightsService.getAccessRightsForEntities(Some(subjectUuid), listOf(entityId01)) .shouldSucceedWith { assertEquals(1, it.size) val result = it.entries.first() assertEquals(2, result.value.size) - assertTrue(it.getValue(entityId01).containsKey(AccessRight.R_CAN_READ)) - assertTrue(it.getValue(entityId01).containsKey(AccessRight.R_CAN_ADMIN)) - val rCanAdminList = it.getValue(entityId01).getValue(AccessRight.R_CAN_ADMIN) + assertTrue(it.getValue(entityId01).containsKey(AccessRight.CAN_READ)) + assertTrue(it.getValue(entityId01).containsKey(AccessRight.CAN_ADMIN)) + val rCanAdminList = it.getValue(entityId01).getValue(AccessRight.CAN_ADMIN) assertEquals(1, rCanAdminList.size) assertEquals(CLIENT_ENTITY_PREFIX + clientUuid, rCanAdminList[0].uri.toString()) } diff --git a/search-service/src/test/kotlin/com/egm/stellio/search/web/EntityAccessControlHandlerTests.kt b/search-service/src/test/kotlin/com/egm/stellio/search/web/EntityAccessControlHandlerTests.kt index 9c65ab365e..cf90ab5a8e 100644 --- a/search-service/src/test/kotlin/com/egm/stellio/search/web/EntityAccessControlHandlerTests.kt +++ b/search-service/src/test/kotlin/com/egm/stellio/search/web/EntityAccessControlHandlerTests.kt @@ -89,7 +89,7 @@ class EntityAccessControlHandlerTests { val requestPayload = """ { - "rCanRead": { + "canRead": { "type": "Relationship", "object": "$entityUri1" }, @@ -114,7 +114,7 @@ class EntityAccessControlHandlerTests { entityAccessRightsService.setRoleOnEntity( eq(otherUserSub), eq(entityUri1), - eq(AccessRight.R_CAN_READ) + eq(AccessRight.CAN_READ) ) } } @@ -125,7 +125,7 @@ class EntityAccessControlHandlerTests { val requestPayload = """ { - "rCanRead": [{ + "canRead": [{ "type": "Relationship", "object": "$entityUri1", "datasetId": "$entityUri1" @@ -135,7 +135,7 @@ class EntityAccessControlHandlerTests { "object": "$entityUri2", "datasetId": "$entityUri2" }], - "rCanWrite": { + "canWrite": { "type": "Relationship", "object": "$entityUri3" }, @@ -163,17 +163,17 @@ class EntityAccessControlHandlerTests { entityAccessRightsService.setRoleOnEntity( eq(otherUserSub), eq(entityUri1), - eq(AccessRight.R_CAN_READ) + eq(AccessRight.CAN_READ) ) entityAccessRightsService.setRoleOnEntity( eq(otherUserSub), eq(entityUri2), - eq(AccessRight.R_CAN_READ) + eq(AccessRight.CAN_READ) ) entityAccessRightsService.setRoleOnEntity( eq(otherUserSub), eq(entityUri3), - eq(AccessRight.R_CAN_WRITE) + eq(AccessRight.CAN_WRITE) ) } } @@ -183,7 +183,7 @@ class EntityAccessControlHandlerTests { val requestPayload = """ { - "rCanRead": [{ + "canRead": [{ "type": "Relationship", "object": "$entityUri1", "datasetId": "$entityUri1" @@ -211,10 +211,10 @@ class EntityAccessControlHandlerTests { .expectBody().json( """ { - "updated":["https://ontology.eglobalmark.com/authorization#rCanRead"], + "updated":["https://ontology.eglobalmark.com/authorization#canRead"], "notUpdated":[ { - "attributeName":"https://ontology.eglobalmark.com/authorization#rCanRead", + "attributeName":"https://ontology.eglobalmark.com/authorization#canRead", "reason":"User is not authorized to manage rights on entity urn:ngsi-ld:Entity:entityId2" } ] @@ -226,7 +226,7 @@ class EntityAccessControlHandlerTests { entityAccessRightsService.setRoleOnEntity( eq(otherUserSub), eq(entityUri1), - eq(AccessRight.R_CAN_READ) + eq(AccessRight.CAN_READ) ) } } @@ -586,14 +586,14 @@ class EntityAccessControlHandlerTests { createEntityAccessRight( "urn:ngsi-ld:Beehive:TESTC".toUri(), BEEHIVE_TYPE, - AccessRight.R_CAN_READ + AccessRight.CAN_READ ) ), createJsonLdEntity( createEntityAccessRight( "urn:ngsi-ld:Beehive:TESTD".toUri(), BEEHIVE_TYPE, - AccessRight.R_CAN_ADMIN, + AccessRight.CAN_ADMIN, AUTH_READ, createSubjectRightInfo(subjectId) ) @@ -612,13 +612,13 @@ class EntityAccessControlHandlerTests { [{ "id": "urn:ngsi-ld:Beehive:TESTC", "type": "$BEEHIVE_TYPE", - "$AUTH_TERM_RIGHT": {"type":"Property", "value": "rCanRead"}, + "$AUTH_TERM_RIGHT": {"type":"Property", "value": "canRead"}, "@context": "${applicationProperties.contexts.authzCompound}" }, { "id": "urn:ngsi-ld:Beehive:TESTD", "type": "$BEEHIVE_TYPE", - "$AUTH_TERM_RIGHT": {"type":"Property", "value": "rCanAdmin"}, + "$AUTH_TERM_RIGHT": {"type":"Property", "value": "canAdmin"}, "$AUTH_TERM_SAP": {"type":"Property", "value": "$AUTH_READ"}, "$AUTH_TERM_CAN_READ": { "type":"Relationship", @@ -880,7 +880,7 @@ class EntityAccessControlHandlerTests { types = listOf(type), right = accessRight, specificAccessPolicy = specificAccessPolicy, - rCanReadUsers = rCanReadUsers + canRead = rCanReadUsers ) private fun createSubjectRightInfo(subjectId: URI): List { diff --git a/shared/src/main/kotlin/com/egm/stellio/shared/util/AuthUtils.kt b/shared/src/main/kotlin/com/egm/stellio/shared/util/AuthUtils.kt index b5263f259d..b33696ef81 100644 --- a/shared/src/main/kotlin/com/egm/stellio/shared/util/AuthUtils.kt +++ b/shared/src/main/kotlin/com/egm/stellio/shared/util/AuthUtils.kt @@ -58,11 +58,11 @@ object AuthContextModel { const val AUTH_TERM_IS_MEMBER_OF = "isMemberOf" const val AUTH_REL_IS_MEMBER_OF: ExpandedTerm = AUTHORIZATION_ONTOLOGY + AUTH_TERM_IS_MEMBER_OF - const val AUTH_TERM_CAN_READ = "rCanRead" + const val AUTH_TERM_CAN_READ = "canRead" const val AUTH_REL_CAN_READ: ExpandedTerm = AUTHORIZATION_ONTOLOGY + AUTH_TERM_CAN_READ - const val AUTH_TERM_CAN_WRITE = "rCanWrite" + const val AUTH_TERM_CAN_WRITE = "canWrite" const val AUTH_REL_CAN_WRITE: ExpandedTerm = AUTHORIZATION_ONTOLOGY + AUTH_TERM_CAN_WRITE - const val AUTH_TERM_CAN_ADMIN = "rCanAdmin" + const val AUTH_TERM_CAN_ADMIN = "canAdmin" const val AUTH_REL_CAN_ADMIN: ExpandedTerm = AUTHORIZATION_ONTOLOGY + AUTH_TERM_CAN_ADMIN const val AUTH_TERM_IS_OWNER = "isOwner" const val AUTH_REL_IS_OWNER: ExpandedTerm = AUTHORIZATION_ONTOLOGY + AUTH_TERM_IS_OWNER @@ -134,10 +134,10 @@ enum class GlobalRole(val key: String) { } enum class AccessRight(val attributeName: String) { - R_CAN_READ("rCanRead"), - R_CAN_WRITE("rCanWrite"), - R_CAN_ADMIN("rCanAdmin"), - R_IS_OWNER("rIsOwner"); + CAN_READ("canRead"), + CAN_WRITE("canWrite"), + CAN_ADMIN("canAdmin"), + IS_OWNER("isOwner"); companion object { fun forAttributeName(attributeName: String): Option = @@ -145,10 +145,10 @@ enum class AccessRight(val attributeName: String) { fun forExpandedAttributeName(attributeName: ExpandedTerm): Option = when (attributeName) { - AUTH_REL_CAN_READ -> R_CAN_READ.some() - AUTH_REL_CAN_WRITE -> R_CAN_WRITE.some() - AUTH_REL_CAN_ADMIN -> R_CAN_ADMIN.some() - AUTH_REL_IS_OWNER -> R_IS_OWNER.some() + AUTH_REL_CAN_READ -> CAN_READ.some() + AUTH_REL_CAN_WRITE -> CAN_WRITE.some() + AUTH_REL_CAN_ADMIN -> CAN_ADMIN.some() + AUTH_REL_IS_OWNER -> IS_OWNER.some() else -> None } } diff --git a/shared/src/test/kotlin/com/egm/stellio/shared/util/AuthUtilsTests.kt b/shared/src/test/kotlin/com/egm/stellio/shared/util/AuthUtilsTests.kt index 7465256c85..70d9fc5653 100644 --- a/shared/src/test/kotlin/com/egm/stellio/shared/util/AuthUtilsTests.kt +++ b/shared/src/test/kotlin/com/egm/stellio/shared/util/AuthUtilsTests.kt @@ -45,9 +45,9 @@ class AuthUtilsTests { @Test fun `it should find the access right with a given key`() { - assertEquals(Some(AccessRight.R_CAN_READ), AccessRight.forAttributeName("rCanRead")) - assertEquals(Some(AccessRight.R_CAN_WRITE), AccessRight.forAttributeName("rCanWrite")) - assertEquals(Some(AccessRight.R_CAN_ADMIN), AccessRight.forAttributeName("rCanAdmin")) + assertEquals(Some(AccessRight.CAN_READ), AccessRight.forAttributeName("canRead")) + assertEquals(Some(AccessRight.CAN_WRITE), AccessRight.forAttributeName("canWrite")) + assertEquals(Some(AccessRight.CAN_ADMIN), AccessRight.forAttributeName("canAdmin")) } @Test diff --git a/shared/src/testFixtures/resources/jsonld-contexts/authorization.jsonld b/shared/src/testFixtures/resources/jsonld-contexts/authorization.jsonld index 9f51c71fbd..28361e902e 100644 --- a/shared/src/testFixtures/resources/jsonld-contexts/authorization.jsonld +++ b/shared/src/testFixtures/resources/jsonld-contexts/authorization.jsonld @@ -1,23 +1,24 @@ { "@context": { "Client": "https://ontology.eglobalmark.com/authorization#Client", + "Group": "https://ontology.eglobalmark.com/authorization#Group", + "User": "https://ontology.eglobalmark.com/authorization#User", + "canAdmin": "https://ontology.eglobalmark.com/authorization#canAdmin", + "canRead": "https://ontology.eglobalmark.com/authorization#canRead", + "canWrite": "https://ontology.eglobalmark.com/authorization#canWrite", "clientId": "https://ontology.eglobalmark.com/authorization#clientId", "familyName": "https://ontology.eglobalmark.com/authorization#familyName", "givenName": "https://ontology.eglobalmark.com/authorization#givenName", - "Group": "https://ontology.eglobalmark.com/authorization#Group", "isMemberOf": "https://ontology.eglobalmark.com/authorization#isMemberOf", + "isOwner": "https://ontology.eglobalmark.com/authorization#isOwner", + "kind": "https://ontology.eglobalmark.com/authorization#kind", "name": "https://schema.org/name", "profile": "https://ontology.eglobalmark.com/authorization#profile", - "rCanAdmin": "https://ontology.eglobalmark.com/authorization#rCanAdmin", - "rCanRead": "https://ontology.eglobalmark.com/authorization#rCanRead", - "rCanWrite": "https://ontology.eglobalmark.com/authorization#rCanWrite", "right": "https://ontology.eglobalmark.com/authorization#right", "roles": "https://ontology.eglobalmark.com/authorization#roles", "serviceAccountId": "https://ontology.eglobalmark.com/authorization#serviceAccountId", "specificAccessPolicy": "https://ontology.eglobalmark.com/authorization#specificAccessPolicy", "subjectInfo": "https://ontology.eglobalmark.com/authorization#subjectInfo", - "User": "https://ontology.eglobalmark.com/authorization#User", - "username": "https://ontology.eglobalmark.com/authorization#username", - "kind": "https://ontology.eglobalmark.com/authorization#kind" + "username": "https://ontology.eglobalmark.com/authorization#username" } -} \ No newline at end of file +} diff --git a/shared/src/testFixtures/resources/ngsild/events/authorization/RightAddOnEntity.json b/shared/src/testFixtures/resources/ngsild/events/authorization/RightAddOnEntity.json index a708705b4a..844a9121fa 100644 --- a/shared/src/testFixtures/resources/ngsild/events/authorization/RightAddOnEntity.json +++ b/shared/src/testFixtures/resources/ngsild/events/authorization/RightAddOnEntity.json @@ -2,7 +2,7 @@ "entityId": "urn:ngsi-ld:User:312b30b4-9279-4f7e-bdc5-ec56d699bb7d", "tenantName": "urn:ngsi-ld:tenant:default", "entityTypes": ["User"], - "attributeName": "rCanRead", + "attributeName": "canRead", "operationPayload": "{\"type\":\"Relationship\",\"object\":\"urn:ngsi-ld:Beekeeper:01\"}", "updatedEntity": "", "contexts": [