Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(permissions): Delete permissions: (DSP-1169) #1787

Merged
merged 13 commits into from Jan 27, 2021
Merged

feat(permissions): Delete permissions: (DSP-1169) #1787

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
f4c19ea
delete permission message + tests
SepidehAlassi Jan 14, 2021
73eb4b0
Merge branch 'main' into wip/DSP-1169-DeletePermissions
SepidehAlassi Jan 14, 2021
e1fcd04
test (deletePermission) requesting user test
SepidehAlassi Jan 14, 2021
292f664
feature (deletePermission) template
SepidehAlassi Jan 14, 2021
fe152db
feature (deletePermission) response message
SepidehAlassi Jan 14, 2021
bf65b03
feature (deletePermission) responder + tests
SepidehAlassi Jan 15, 2021
f71a02d
test (deletePermission) e2e test
SepidehAlassi Jan 15, 2021
2239db8
Merge branch 'main' into wip/DSP-1169-DeletePermissions
SepidehAlassi Jan 15, 2021
0e05921
test (deletePermission) more tests
SepidehAlassi Jan 15, 2021
361e85a
refactor (permissions) correct date of copy right for new files
SepidehAlassi Jan 15, 2021
53d7265
feature (permissionsEndpoint) systematically check requesting user's …
SepidehAlassi Jan 25, 2021
f756426
Merge branch 'main' into wip/DSP-1169-DeletePermissions
SepidehAlassi Jan 25, 2021
71a7874
Merge branch 'main' into wip/DSP-1169-DeletePermissions
subotic Jan 26, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
119 changes: 74 additions & 45 deletions ...rg/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADM.scala
View file
Open in desktop
Expand Up @@ -55,7 +55,9 @@ case class CreateAdministrativePermissionAPIRequestADM(id: Option[IRI] = None,

implicit protected val stringFormatter: StringFormatter = StringFormatter.getInstanceForConstantOntologies
stringFormatter.validateProjectIri(forProject, throw BadRequestException(s"Invalid project IRI"))
stringFormatter.validateOptionalPermissionIri(id, throw BadRequestException(s"Invalid permission IRI"))
stringFormatter.validateOptionalPermissionIri(
id,
throw BadRequestException(s"Invalid permission IRI ${id.get} is given."))
if (hasPermissions.isEmpty) throw BadRequestException("Permissions needs to be supplied.")
}

Expand All @@ -80,7 +82,9 @@ case class CreateDefaultObjectAccessPermissionAPIRequestADM(id: Option[IRI] = No

implicit protected val stringFormatter: StringFormatter = StringFormatter.getInstanceForConstantOntologies
stringFormatter.validateProjectIri(forProject, throw BadRequestException(s"Invalid project IRI"))
stringFormatter.validateOptionalPermissionIri(id, throw BadRequestException(s"Invalid permission IRI"))
stringFormatter.validateOptionalPermissionIri(
id,
throw BadRequestException(s"Invalid permission IRI ${id.get} is given."))
forGroup match {
case Some(iri: IRI) =>
if (forResourceClass.isDefined)
Expand Down Expand Up @@ -245,7 +249,7 @@ case class PermissionChangeGroupRequestADM(permissionIri: IRI,

implicit protected val stringFormatter: StringFormatter = StringFormatter.getInstanceForConstantOntologies
if (!stringFormatter.isKnoraPermissionIriStr(permissionIri)) {
throw BadRequestException(s"Invalid IRI is given: $permissionIri.")
throw BadRequestException(s"Invalid permission IRI $permissionIri is given.")
}

}
Expand All @@ -268,7 +272,7 @@ case class PermissionChangeHasPermissionsRequestADM(

implicit protected val stringFormatter: StringFormatter = StringFormatter.getInstanceForConstantOntologies
if (!stringFormatter.isKnoraPermissionIriStr(permissionIri)) {
throw BadRequestException(s"Invalid IRI is given: $permissionIri.")
throw BadRequestException(s"Invalid permission IRI $permissionIri is given.")
}

}
Expand All @@ -291,7 +295,7 @@ case class PermissionChangeResourceClassRequestADM(

implicit protected val stringFormatter: StringFormatter = StringFormatter.getInstanceForConstantOntologies
if (!stringFormatter.isKnoraPermissionIriStr(permissionIri)) {
throw BadRequestException(s"Invalid IRI is given: $permissionIri.")
throw BadRequestException(s"Invalid permission IRI $permissionIri is given.")
}
}

Expand All @@ -312,7 +316,7 @@ case class PermissionChangePropertyRequestADM(permissionIri: IRI,

implicit protected val stringFormatter: StringFormatter = StringFormatter.getInstanceForConstantOntologies
if (!stringFormatter.isKnoraPermissionIriStr(permissionIri)) {
throw BadRequestException(s"Invalid IRI is given: $permissionIri.")
throw BadRequestException(s"Invalid permission IRI $permissionIri is given.")
}
}

Expand Down Expand Up @@ -354,18 +358,11 @@ case class AdministrativePermissionForIriGetRequestADM(administrativePermissionI
requestingUser: UserADM,
apiRequestID: UUID)
extends PermissionsResponderRequestADM {
// Check user's permission for the operation
//TODO: should get the project the permission is assigned to and check if the requesting user is the project admin
if (!requestingUser.isSystemAdmin
&& !requestingUser.permissions.isProjectAdminInAnyProject()
&& !requestingUser.isSystemUser) {
// not a system admin
throw ForbiddenException("Administrative permission can only be queried by system and project admin.")
}

implicit protected val stringFormatter: StringFormatter = StringFormatter.getInstanceForConstantOntologies
stringFormatter.validatePermissionIri(administrativePermissionIri,
throw BadRequestException(s"Invalid permission IRI"))
stringFormatter.validatePermissionIri(
administrativePermissionIri,
throw BadRequestException(s"Invalid permission IRI $administrativePermissionIri is given."))
}

/**
Expand Down Expand Up @@ -400,7 +397,15 @@ case class AdministrativePermissionForProjectGroupGetADM(projectIri: IRI, groupI
* @param requestingUser
*/
case class AdministrativePermissionForProjectGroupGetRequestADM(projectIri: IRI, groupIri: IRI, requestingUser: UserADM)
extends PermissionsResponderRequestADM
extends PermissionsResponderRequestADM {
// Check user's permission for the operation
if (!requestingUser.isSystemAdmin
&& !requestingUser.permissions.isProjectAdmin(projectIri)
&& !requestingUser.isSystemUser) {
// not a system admin
throw ForbiddenException("Administrative permission can only be queried by system and project admin.")
}
}

/**
* Create a single [[AdministrativePermissionADM]].
Expand All @@ -421,7 +426,7 @@ case class AdministrativePermissionCreateRequestADM(createRequest: CreateAdminis
&& !requestingUser.permissions.isProjectAdmin(createRequest.forProject)
&& !requestingUser.isSystemUser) {
// not a system admin
throw ForbiddenException("A new administrative permission can only be added by a system admin.")
throw ForbiddenException("A new administrative permission can only be added by system or project admin.")
}
}

Expand All @@ -434,14 +439,6 @@ case class AdministrativePermissionCreateRequestADM(createRequest: CreateAdminis
*/
case class ObjectAccessPermissionsForResourceGetADM(resourceIri: IRI, requestingUser: UserADM)
extends PermissionsResponderRequestADM {
// Check user's permission for the operation
//TODO: should get the project the resource belongs to and check if the requestingUser is the project admin
if (!requestingUser.isSystemAdmin
&& !requestingUser.permissions.isProjectAdminInAnyProject()
&& !requestingUser.isSystemUser) {
// not a system admin
throw ForbiddenException("Object access permissions can only be queried by system and project admin.")
}

implicit val stringFormatter: StringFormatter = StringFormatter.getInstanceForConstantOntologies

Expand All @@ -459,16 +456,6 @@ case class ObjectAccessPermissionsForResourceGetADM(resourceIri: IRI, requesting
case class ObjectAccessPermissionsForValueGetADM(valueIri: IRI, requestingUser: UserADM)
extends PermissionsResponderRequestADM {

// Check user's permission for the operation
//TODO: should get the project the value belongs to and check if the requestingUser is the project admin

if (!requestingUser.isSystemAdmin
&& !requestingUser.permissions.isProjectAdminInAnyProject()
&& !requestingUser.isSystemUser) {
// not a system admin
throw ForbiddenException("Object access permissions can only be queried by system and project admin.")
}

implicit val stringFormatter: StringFormatter = StringFormatter.getInstanceForConstantOntologies

if (!stringFormatter.toSmartIri(valueIri).isKnoraValueIri) {
Expand Down Expand Up @@ -573,17 +560,11 @@ case class DefaultObjectAccessPermissionForIriGetRequestADM(defaultObjectAccessP
requestingUser: UserADM,
apiRequestID: UUID)
extends PermissionsResponderRequestADM {
// Check user's permission for the operation
if (!requestingUser.isSystemAdmin
&& !requestingUser.permissions.isProjectAdminInAnyProject()
&& !requestingUser.isSystemUser) {
// not a system admin
throw ForbiddenException("Default object access permissions can only be queried by system and project admin.")
}

implicit protected val stringFormatter: StringFormatter = StringFormatter.getInstanceForConstantOntologies
stringFormatter.validatePermissionIri(defaultObjectAccessPermissionIri,
throw BadRequestException(s"Invalid permission IRI"))
stringFormatter.validatePermissionIri(
defaultObjectAccessPermissionIri,
throw BadRequestException(s"Invalid permission IRI $defaultObjectAccessPermissionIri is given."))
}

/**
Expand Down Expand Up @@ -697,6 +678,23 @@ case class PermissionByIriGetRequestADM(permissionIri: IRI, requestingUser: User
stringFormatter.validatePermissionIri(permissionIri,
throw BadRequestException(s"Invalid permission IRI $permissionIri is given."))
}

/**
* A message that requests deletion of a permission identified through its IRI.
* A successful response will be [[PermissionDeleteResponseADM]] with deleted=true.
*
* @param permissionIri the iri of the permission object.
* @param requestingUser the user initiating the request.
* @param apiRequestID the API request ID.
*/
case class PermissionDeleteRequestADM(permissionIri: IRI, requestingUser: UserADM, apiRequestID: UUID)
extends PermissionsResponderRequestADM {

implicit protected val stringFormatter: StringFormatter = StringFormatter.getInstanceForConstantOntologies
stringFormatter.validatePermissionIri(permissionIri,
throw BadRequestException(s"Invalid permission IRI $permissionIri is given."))
}

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Responses

Expand Down Expand Up @@ -792,6 +790,19 @@ case class DefaultObjectAccessPermissionCreateResponseADM(
*/
case class DefaultObjectAccessPermissionsStringResponseADM(permissionLiteral: String)

/**
* Responds to deletion of a permission by returning a success message.
*
* @param permissionIri the IRI of the permission that is deleted.
* @param deleted status of delete operation.
*/
case class PermissionDeleteResponseADM(permissionIri: IRI, deleted: Boolean)
extends KnoraResponseADM
with PermissionsADMJsonProtocol {

def toJsValue = permissionDeleteResponseADMFormat.write(this)
}

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Components of messages

Expand Down Expand Up @@ -1202,27 +1213,35 @@ trait PermissionsADMJsonProtocol

implicit val permissionADMFormat: JsonFormat[PermissionADM] =
jsonFormat(PermissionADM.apply, "name", "additionalInformation", "permissionCode")

implicit val permissionInfoADMFormat: JsonFormat[PermissionInfoADM] = lazyFormat(
jsonFormat(PermissionInfoADM, "iri", "permissionType"))

implicit val administrativePermissionADMFormat: JsonFormat[AdministrativePermissionADM] = lazyFormat(
jsonFormat(AdministrativePermissionADM, "iri", "forProject", "forGroup", "hasPermissions"))

implicit val objectAccessPermissionADMFormat: JsonFormat[ObjectAccessPermissionADM] =
jsonFormat(ObjectAccessPermissionADM, "forResource", "forValue", "hasPermissions")

implicit val defaultObjectAccessPermissionADMFormat: JsonFormat[DefaultObjectAccessPermissionADM] = lazyFormat(
jsonFormat6(DefaultObjectAccessPermissionADM))

implicit val permissionsDataADMFormat: JsonFormat[PermissionsDataADM] = jsonFormat2(PermissionsDataADM)

implicit val permissionsForProjectGetResponseADMFormat: RootJsonFormat[PermissionsForProjectGetResponseADM] =
jsonFormat(PermissionsForProjectGetResponseADM, "permissions")

implicit val administrativePermissionsForProjectGetResponseADMFormat
: RootJsonFormat[AdministrativePermissionsForProjectGetResponseADM] =
jsonFormat(AdministrativePermissionsForProjectGetResponseADM, "administrative_permissions")

implicit val defaultObjectAccessPermissionsForProjectGetResponseADMFormat
: RootJsonFormat[DefaultObjectAccessPermissionsForProjectGetResponseADM] =
jsonFormat(DefaultObjectAccessPermissionsForProjectGetResponseADM, "default_object_access_permissions")

implicit val administrativePermissionGetResponseADMFormat: RootJsonFormat[AdministrativePermissionGetResponseADM] =
jsonFormat(AdministrativePermissionGetResponseADM, "administrative_permission")

implicit val defaultObjectAccessPermissionGetResponseADMFormat
: RootJsonFormat[DefaultObjectAccessPermissionGetResponseADM] =
jsonFormat(DefaultObjectAccessPermissionGetResponseADM, "default_object_access_permission")
Expand All @@ -1231,6 +1250,7 @@ trait PermissionsADMJsonProtocol
: RootJsonFormat[CreateAdministrativePermissionAPIRequestADM] = rootFormat(
lazyFormat(
jsonFormat(CreateAdministrativePermissionAPIRequestADM, "id", "forProject", "forGroup", "hasPermissions")))

implicit val createDefaultObjectAccessPermissionAPIRequestADMFormat
: RootJsonFormat[CreateDefaultObjectAccessPermissionAPIRequestADM] = rootFormat(
lazyFormat(
Expand All @@ -1241,21 +1261,30 @@ trait PermissionsADMJsonProtocol
"forResourceClass",
"forProperty",
"hasPermissions")))

implicit val administrativePermissionCreateResponseADMFormat
: RootJsonFormat[AdministrativePermissionCreateResponseADM] = rootFormat(
lazyFormat(jsonFormat(AdministrativePermissionCreateResponseADM, "administrative_permission")))

implicit val defaultObjectAccessPermissionCreateResponseADMFormat
: RootJsonFormat[DefaultObjectAccessPermissionCreateResponseADM] =
jsonFormat(DefaultObjectAccessPermissionCreateResponseADM, "default_object_access_permission")

implicit val changePermissionGroupApiRequestADMFormat: RootJsonFormat[ChangePermissionGroupApiRequestADM] =
jsonFormat(ChangePermissionGroupApiRequestADM, "forGroup")

implicit val changePermissionHasPermissionsApiRequestADMFormat
: RootJsonFormat[ChangePermissionHasPermissionsApiRequestADM] =
jsonFormat(ChangePermissionHasPermissionsApiRequestADM, "hasPermissions")

implicit val changePermissionResourceClassApiRequestADMFormat
: RootJsonFormat[ChangePermissionResourceClassApiRequestADM] =
jsonFormat(ChangePermissionResourceClassApiRequestADM, "forResourceClass")

implicit val changePermissionPropertyApiRequestADMFormat: RootJsonFormat[ChangePermissionPropertyApiRequestADM] =
jsonFormat(ChangePermissionPropertyApiRequestADM, "forProperty")

implicit val permissionDeleteResponseADMFormat: RootJsonFormat[PermissionDeleteResponseADM] =
jsonFormat(PermissionDeleteResponseADM, "permissionIri", "deleted")

}