From 36e15a1a85bc157bead4a6c4d99e2d996f19b9aa Mon Sep 17 00:00:00 2001 From: Norbert Pomaroli Date: Mon, 3 Oct 2022 09:56:15 +0200 Subject: [PATCH 1/9] Implement reading, granting and revoking multiple role permissions Add endpoints to read multiple role permissions on objects. --- .../core/endpoint/group/GroupEndpoint.java | 16 ++ .../endpoint/handler/AbstractCrudHandler.java | 36 +++ .../microschema/MicroschemaEndpoint.java | 15 ++ .../mesh/core/endpoint/node/NodeEndpoint.java | 65 +++-- .../endpoint/project/ProjectEndpoint.java | 17 ++ .../mesh/core/endpoint/role/RoleEndpoint.java | 16 ++ .../core/endpoint/schema/SchemaEndpoint.java | 17 ++ .../core/endpoint/tag/TagCrudHandler.java | 40 +++ .../endpoint/tagfamily/TagFamilyEndpoint.java | 34 +++ .../mesh/core/endpoint/user/UserEndpoint.java | 16 ++ .../mesh/rest/MeshLocalClientImpl.java | 71 +++++ .../gentics/mesh/core/data/dao/RoleDao.java | 31 +++ .../mesh/core/data/dao/PersistingRoleDao.java | 250 +++++++++++------- .../gentics/mesh/example/RoleExamples.java | 29 ++ .../data/dao/impl/RoleDaoWrapperImpl.java | 47 ++++ .../client/impl/MeshRestHttpClientImpl.java | 63 +++++ .../client/method/GroupClientMethods.java | 8 + .../method/MicroschemaClientMethods.java | 8 + .../rest/client/method/NodeClientMethods.java | 10 + .../client/method/ProjectClientMethods.java | 9 + .../rest/client/method/RoleClientMethods.java | 10 + .../client/method/SchemaClientMethods.java | 9 + .../rest/client/method/TagClientMethods.java | 12 + .../client/method/TagFamilyClientMethods.java | 12 +- .../rest/client/method/UserClientMethods.java | 9 + .../com/gentics/mesh/core/rest/Examples.java | 7 + .../rest/common/ObjectPermissionResponse.java | 179 +++++++++++++ .../mesh/core/branch/BranchEndpointTest.java | 19 ++ .../mesh/core/group/GroupEndpointTest.java | 45 ++++ .../mesh/core/node/NodeEndpointTest.java | 47 +++- .../core/project/ProjectEndpointTest.java | 44 +++ .../mesh/core/role/RoleEndpointTest.java | 45 ++++ .../com/gentics/mesh/core/role/RoleTest.java | 215 +++++++++++++++ .../core/schema/MicroschemaEndpointTest.java | 45 ++++ .../mesh/core/schema/SchemaEndpointTest.java | 44 +++ .../mesh/core/tag/TagEndpointTest.java | 49 ++++ .../core/tagfamily/TagFamilyEndpointTest.java | 46 ++++ .../mesh/core/user/UserEndpointTest.java | 49 +++- .../definition/CrudEndpointTestCases.java | 17 ++ 39 files changed, 1589 insertions(+), 112 deletions(-) create mode 100644 rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/group/GroupEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/group/GroupEndpoint.java index 7928b8d4ff..b0c63ba9eb 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/group/GroupEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/group/GroupEndpoint.java @@ -63,6 +63,7 @@ public void registerEndPoints() { addReadHandler(); addUpdateHandler(); addDeleteHandler(); + addRolePermissionHandler(); } private void addGroupRoleHandlers() { @@ -244,4 +245,19 @@ private void addCreateHandler() { }); } + + private void addRolePermissionHandler() { + InternalEndpointRoute readPermissionsEndpoint = createRoute(); + readPermissionsEndpoint.path("/:groupUuid/rolePermissions"); + readPermissionsEndpoint.addUriParameter("groupUuid", "Uuid of the group", GROUP_CLIENT_UUID); + readPermissionsEndpoint.method(GET); + readPermissionsEndpoint.description("Get the permissions on the group for all roles."); + readPermissionsEndpoint.produces(APPLICATION_JSON); + readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); + readPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam("groupUuid"); + crudHandler.handleReadPermissions(ac, uuid); + }, false); + } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java b/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java index 2eacb3c404..a621d12118 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java @@ -4,17 +4,28 @@ import static com.gentics.mesh.core.data.perm.InternalPermission.READ_PERM; import static com.gentics.mesh.core.rest.error.Errors.error; import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; +import static io.netty.handler.codec.http.HttpResponseStatus.OK; import static org.apache.commons.lang3.StringUtils.isEmpty; +import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; + import com.gentics.mesh.annotation.Getter; import com.gentics.mesh.context.InternalActionContext; import com.gentics.mesh.context.impl.InternalRoutingActionContextImpl; import com.gentics.mesh.core.action.DAOActions; import com.gentics.mesh.core.data.HibCoreElement; +import com.gentics.mesh.core.data.dao.RoleDao; +import com.gentics.mesh.core.data.perm.InternalPermission; +import com.gentics.mesh.core.data.role.HibRole; import com.gentics.mesh.core.db.Database; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.RestModel; +import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.verticle.handler.HandlerUtilities; import com.gentics.mesh.core.verticle.handler.WriteLock; +import com.gentics.mesh.parameter.impl.PagingParametersImpl; import io.vertx.core.Handler; import io.vertx.ext.web.RoutingContext; @@ -103,4 +114,29 @@ public Handler getUuidHandler(String i18nNotFoundMessage) { return handler; } + /** + * Handle request to read permissions for all roles + * @param ac action context + * @param uuid entity uuid + */ + public void handleReadPermissions(InternalActionContext ac, String uuid) { + validateParameter(uuid, "uuid"); + utils.syncTx(ac, tx -> { + RoleDao roleDao = tx.roleDao(); + T object = crudActions().loadByUuid(context(tx, ac), uuid, READ_PERM, true); + Set roles = roleDao.findAll(ac, new PagingParametersImpl().setPerPage(Long.MAX_VALUE)).stream().collect(Collectors.toSet()); + + Map> permissions = roleDao.getPermissions(roles, object); + permissions.values().removeIf(Set::isEmpty); + + ObjectPermissionResponse response = new ObjectPermissionResponse(); + permissions.entrySet().forEach(entry -> { + RoleReference role = entry.getKey().transformToReference(); + entry.getValue().forEach(perm -> response.add(role, perm.getRestPerm())); + }); + response.setOthers(object.hasPublishPermissions()); + + return response; + }, model -> ac.send(model, OK)); + } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/microschema/MicroschemaEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/microschema/MicroschemaEndpoint.java index 088ba30f92..665269a6e5 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/microschema/MicroschemaEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/microschema/MicroschemaEndpoint.java @@ -59,6 +59,7 @@ public void registerEndPoints() { addReadHandlers(); addUpdateHandler(); addDeleteHandler(); + addRolePermissionHandler(); } private void addDiffHandler() { @@ -190,4 +191,18 @@ private void addCreateHandler() { }); } + private void addRolePermissionHandler() { + InternalEndpointRoute readPermissionsEndpoint = createRoute(); + readPermissionsEndpoint.path("/:microschemaUuid/rolePermissions"); + readPermissionsEndpoint.addUriParameter("microschemaUuid", "Uuid of the microschema", MICROSCHEMA_UUID); + readPermissionsEndpoint.method(GET); + readPermissionsEndpoint.description("Get the permissions on the microschema for all roles."); + readPermissionsEndpoint.produces(APPLICATION_JSON); + readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); + readPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam("microschemaUuid"); + crudHandler.handleReadPermissions(ac, uuid); + }, false); + } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/node/NodeEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/node/NodeEndpoint.java index 3543361d4a..1d73e22e2d 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/node/NodeEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/node/NodeEndpoint.java @@ -1,5 +1,35 @@ package com.gentics.mesh.core.endpoint.node; +import static com.gentics.mesh.core.rest.MeshEvent.NODE_CONTENT_CREATED; +import static com.gentics.mesh.core.rest.MeshEvent.NODE_CONTENT_DELETED; +import static com.gentics.mesh.core.rest.MeshEvent.NODE_CREATED; +import static com.gentics.mesh.core.rest.MeshEvent.NODE_DELETED; +import static com.gentics.mesh.core.rest.MeshEvent.NODE_MOVED; +import static com.gentics.mesh.core.rest.MeshEvent.NODE_PUBLISHED; +import static com.gentics.mesh.core.rest.MeshEvent.NODE_TAGGED; +import static com.gentics.mesh.core.rest.MeshEvent.NODE_UNPUBLISHED; +import static com.gentics.mesh.core.rest.MeshEvent.NODE_UNTAGGED; +import static com.gentics.mesh.core.rest.MeshEvent.NODE_UPDATED; +import static com.gentics.mesh.core.rest.MeshEvent.S3BINARY_CREATED; +import static com.gentics.mesh.core.rest.MeshEvent.S3BINARY_METADATA_EXTRACTED; +import static com.gentics.mesh.example.ExampleUuids.NODE_DELOREAN_UUID; +import static com.gentics.mesh.example.ExampleUuids.TAG_RED_UUID; +import static com.gentics.mesh.example.ExampleUuids.UUID_1; +import static com.gentics.mesh.http.HttpConstants.APPLICATION_JSON; +import static io.netty.handler.codec.http.HttpResponseStatus.CONFLICT; +import static io.netty.handler.codec.http.HttpResponseStatus.CREATED; +import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; +import static io.netty.handler.codec.http.HttpResponseStatus.NO_CONTENT; +import static io.netty.handler.codec.http.HttpResponseStatus.OK; +import static io.vertx.core.http.HttpMethod.DELETE; +import static io.vertx.core.http.HttpMethod.GET; +import static io.vertx.core.http.HttpMethod.POST; + +import javax.inject.Inject; + +import org.apache.commons.lang3.StringUtils; +import org.raml.model.Resource; + import com.gentics.mesh.auth.MeshAuthChainImpl; import com.gentics.mesh.cli.BootstrapInitializer; import com.gentics.mesh.context.InternalActionContext; @@ -15,25 +45,8 @@ import com.gentics.mesh.parameter.impl.VersioningParametersImpl; import com.gentics.mesh.rest.InternalEndpointRoute; import com.gentics.mesh.router.route.AbstractProjectEndpoint; -import io.vertx.core.MultiMap; -import org.apache.commons.lang3.StringUtils; -import org.raml.model.Resource; -import javax.inject.Inject; - -import static com.gentics.mesh.core.rest.MeshEvent.*; -import static com.gentics.mesh.example.ExampleUuids.NODE_DELOREAN_UUID; -import static com.gentics.mesh.example.ExampleUuids.TAG_RED_UUID; -import static com.gentics.mesh.example.ExampleUuids.UUID_1; -import static com.gentics.mesh.http.HttpConstants.APPLICATION_JSON; -import static io.netty.handler.codec.http.HttpResponseStatus.CONFLICT; -import static io.netty.handler.codec.http.HttpResponseStatus.CREATED; -import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; -import static io.netty.handler.codec.http.HttpResponseStatus.NO_CONTENT; -import static io.netty.handler.codec.http.HttpResponseStatus.OK; -import static io.vertx.core.http.HttpMethod.DELETE; -import static io.vertx.core.http.HttpMethod.GET; -import static io.vertx.core.http.HttpMethod.POST; +import io.vertx.core.MultiMap; /** * The content verticle adds rest endpoints for manipulating nodes. @@ -98,6 +111,7 @@ public void registerEndPoints() { addNavigationHandlers(); addPublishHandlers(); addVersioningHandlers(); + addRolePermissionHandler(); } public Resource getResource() { @@ -570,6 +584,21 @@ private void addPublishHandlers() { } + private void addRolePermissionHandler() { + InternalEndpointRoute readPermissionsEndpoint = createRoute(); + readPermissionsEndpoint.path("/:nodeUuid/rolePermissions"); + readPermissionsEndpoint.addUriParameter("nodeUuid", "Uuid of the node", NODE_DELOREAN_UUID); + readPermissionsEndpoint.method(GET); + readPermissionsEndpoint.description("Get the permissions on the node for all roles."); + readPermissionsEndpoint.produces(APPLICATION_JSON); + readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(true), "Loaded permissions."); + readPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam("nodeUuid"); + crudHandler.handleReadPermissions(ac, uuid); + }, false); + } + public NodeCrudHandler getCrudHandler() { return crudHandler; } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/project/ProjectEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/project/ProjectEndpoint.java index 32e88b9fe7..de20670592 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/project/ProjectEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/project/ProjectEndpoint.java @@ -59,6 +59,8 @@ public void registerEndPoints() { // Version purge addVersionPurgeHandler(); + + addRolePermissionHandler(); } private void addUpdateHandler() { @@ -163,4 +165,19 @@ private void addVersionPurgeHandler() { crudHandler.handlePurge(ac, uuid); }, false); } + + private void addRolePermissionHandler() { + InternalEndpointRoute readPermissionsEndpoint = createRoute(); + readPermissionsEndpoint.path("/:projectUuid/rolePermissions"); + readPermissionsEndpoint.addUriParameter("projectUuid", "Uuid of the project.", PROJECT_DEMO_UUID); + readPermissionsEndpoint.method(GET); + readPermissionsEndpoint.description("Get the permissions on the project for all roles."); + readPermissionsEndpoint.produces(APPLICATION_JSON); + readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); + readPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = ac.getParameter("projectUuid"); + crudHandler.handleReadPermissions(ac, uuid); + }, false); + } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/role/RoleEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/role/RoleEndpoint.java index 9c41e0fa0a..660ab98722 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/role/RoleEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/role/RoleEndpoint.java @@ -56,6 +56,7 @@ public void registerEndPoints() { addDeleteHandler(); addPermissionHandler(); + addRolePermissionHandler(); } private void addPermissionHandler() { @@ -176,4 +177,19 @@ private void addCreateHandler() { crudHandler.handleCreate(ac); }); } + + private void addRolePermissionHandler() { + InternalEndpointRoute readPermissionsEndpoint = createRoute(); + readPermissionsEndpoint.path("/:roleUuid/rolePermissions"); + readPermissionsEndpoint.addUriParameter("roleUuid", "Uuid of the role", ROLE_CLIENT_UUID); + readPermissionsEndpoint.method(GET); + readPermissionsEndpoint.description("Get the permissions on the role for all roles."); + readPermissionsEndpoint.produces(APPLICATION_JSON); + readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); + readPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam("roleUuid"); + crudHandler.handleReadPermissions(ac, uuid); + }, false); + } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/schema/SchemaEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/schema/SchemaEndpoint.java index 33d3f60ad2..e39d461194 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/schema/SchemaEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/schema/SchemaEndpoint.java @@ -63,6 +63,8 @@ public void registerEndPoints() { addCreateHandler(); addUpdateHandler(); addDeleteHandler(); + + addRolePermissionHandler(); } private void addChangesHandler() { @@ -199,4 +201,19 @@ private void addReadHandlers() { }, false); } + + private void addRolePermissionHandler() { + InternalEndpointRoute readPermissionsEndpoint = createRoute(); + readPermissionsEndpoint.path("/:schemaUuid/rolePermissions"); + readPermissionsEndpoint.addUriParameter("schemaUuid", "Uuid of the schema", SCHEMA_VEHICLE_UUID); + readPermissionsEndpoint.method(GET); + readPermissionsEndpoint.description("Get the permissions on the schema for all roles."); + readPermissionsEndpoint.produces(APPLICATION_JSON); + readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); + readPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam("schemaUuid"); + crudHandler.handleReadPermissions(ac, uuid); + }, false); + } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java b/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java index b6881cd756..2ebdbd2ec1 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java @@ -5,28 +5,37 @@ import static io.netty.handler.codec.http.HttpResponseStatus.CREATED; import static io.netty.handler.codec.http.HttpResponseStatus.OK; +import java.util.Map; +import java.util.Set; import java.util.function.Function; +import java.util.stream.Collectors; import javax.inject.Inject; import com.gentics.mesh.context.InternalActionContext; import com.gentics.mesh.core.action.TagDAOActions; import com.gentics.mesh.core.action.TagFamilyDAOActions; +import com.gentics.mesh.core.data.dao.RoleDao; import com.gentics.mesh.core.data.dao.TagDao; import com.gentics.mesh.core.data.node.HibNode; import com.gentics.mesh.core.data.page.Page; import com.gentics.mesh.core.data.page.PageTransformer; +import com.gentics.mesh.core.data.perm.InternalPermission; +import com.gentics.mesh.core.data.role.HibRole; import com.gentics.mesh.core.data.tag.HibTag; import com.gentics.mesh.core.data.tagfamily.HibTagFamily; import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.endpoint.handler.AbstractHandler; import com.gentics.mesh.core.rest.common.ContainerType; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.tag.TagResponse; import com.gentics.mesh.core.verticle.handler.HandlerUtilities; import com.gentics.mesh.core.verticle.handler.WriteLock; import com.gentics.mesh.etc.config.MeshOptions; import com.gentics.mesh.parameter.NodeParameters; import com.gentics.mesh.parameter.PagingParameters; +import com.gentics.mesh.parameter.impl.PagingParametersImpl; import com.gentics.mesh.util.ResultInfo; /** @@ -188,4 +197,35 @@ public void handleDelete(InternalActionContext ac, String tagFamilyUuid, String } + /** + * Handle request to read the permissions for all roles + * @param ac action context + * @param tagFamilyUuid Uuid of the tag family + * @param tagUuid Uuid of the tag + */ + public void handleReadPermissions(InternalActionContext ac, String tagFamilyUuid, String tagUuid) { + validateParameter(tagFamilyUuid, "tagFamilyUuid"); + validateParameter(tagUuid, "tagUuid"); + + utils.syncTx(ac, tx -> { + RoleDao roleDao = tx.roleDao(); + HibTagFamily tagFamily = tagFamilyActions.loadByUuid(context(tx, ac), tagFamilyUuid, READ_PERM, true); + HibTag tag = tagActions.loadByUuid(context(tx, ac, tagFamily), tagUuid, READ_PERM, true); + + Set roles = roleDao.findAll(ac, new PagingParametersImpl().setPerPage(Long.MAX_VALUE)).stream().collect(Collectors.toSet()); + + Map> permissions = roleDao.getPermissions(roles, tag); + permissions.values().removeIf(Set::isEmpty); + + ObjectPermissionResponse response = new ObjectPermissionResponse(); + permissions.entrySet().forEach(entry -> { + RoleReference role = entry.getKey().transformToReference(); + entry.getValue().forEach(perm -> response.add(role, perm.getRestPerm())); + }); + response.setOthers(tag.hasPublishPermissions()); + + return response; + }, model -> ac.send(model, OK)); + } + } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java index 465a4e9bf7..0e677b97ab 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java @@ -72,6 +72,7 @@ public void registerEndPoints() { addTagFamilyCreateHandler(); addTagFamilyUpdateHandler(); addTagFamilyDeleteHandler(); + addTagFamilyRolePermissionHandler(); // Tags API addTagCreateHandler(); @@ -79,6 +80,7 @@ public void registerEndPoints() { addTagUpdateHandler(); addTagDeleteHandler(); addTaggedNodesHandler(); + addTagRolePermissionHandler(); if (log.isDebugEnabled()) { log.debug("Registered tagfamily verticle endpoints"); @@ -174,6 +176,23 @@ private void addTagDeleteHandler() { }); } + private void addTagRolePermissionHandler() { + InternalEndpointRoute readPermissionsEndpoint = createRoute(); + readPermissionsEndpoint.path("/:tagFamilyUuid/tags/:tagUuid/rolePermissions"); + readPermissionsEndpoint.addUriParameter("tagFamilyUuid", "Uuid of the tag family.", TAGFAMILY_COLORS_UUID); + readPermissionsEndpoint.addUriParameter("tagUuid", "Uuid of the tag.", TAG_BLUE_UUID); + readPermissionsEndpoint.method(GET); + readPermissionsEndpoint.description("Get the permissions on the tag for all roles."); + readPermissionsEndpoint.produces(APPLICATION_JSON); + readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); + readPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String tagFamilyUuid = PathParameters.getTagFamilyUuid(rc); + String uuid = PathParameters.getTagUuid(rc); + tagCrudHandler.handleReadPermissions(ac, tagFamilyUuid, uuid); + }, false); + } + private void addTaggedNodesHandler() { InternalEndpointRoute endpoint = createRoute(); endpoint.path("/:tagFamilyUuid/tags/:tagUuid/nodes"); @@ -268,4 +287,19 @@ private void addTagFamilyUpdateHandler() { tagFamilyCrudHandler.handleUpdate(ac, tagFamilyUuid); }); } + + private void addTagFamilyRolePermissionHandler() { + InternalEndpointRoute readPermissionsEndpoint = createRoute(); + readPermissionsEndpoint.path("/:tagFamilyUuid/rolePermissions"); + readPermissionsEndpoint.addUriParameter("tagFamilyUuid", "Uuid of the tag family.", TAGFAMILY_COLORS_UUID); + readPermissionsEndpoint.method(GET); + readPermissionsEndpoint.description("Get the permissions on the tag family for all roles."); + readPermissionsEndpoint.produces(APPLICATION_JSON); + readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); + readPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String tagFamilyUuid = PathParameters.getTagFamilyUuid(rc); + tagFamilyCrudHandler.handleReadPermissions(ac, tagFamilyUuid); + }, false); + } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/user/UserEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/user/UserEndpoint.java index 5f5dd62421..47de7fc840 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/user/UserEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/user/UserEndpoint.java @@ -63,6 +63,7 @@ public void registerEndPoints() { addResetTokenHandler(); addAPITokenHandler(); addReadPermissionHandler(); + addRolePermissionHandler(); } private void addAPITokenHandler() { @@ -234,4 +235,19 @@ private void addCreateHandler() { crudHandler.handleCreate(ac); }); } + + private void addRolePermissionHandler() { + InternalEndpointRoute readPermissionsEndpoint = createRoute(); + readPermissionsEndpoint.path("/:userUuid/rolePermissions"); + readPermissionsEndpoint.addUriParameter("userUuid", "Uuid of the user", USER_EDITOR_UUID); + readPermissionsEndpoint.method(GET); + readPermissionsEndpoint.description("Get the permissions on the user for all roles."); + readPermissionsEndpoint.produces(APPLICATION_JSON); + readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); + readPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam("userUuid"); + crudHandler.handleReadPermissions(ac, uuid); + }, false); + } } diff --git a/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java b/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java index 412fcc78f7..863db5c318 100644 --- a/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java +++ b/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java @@ -51,6 +51,7 @@ import com.gentics.mesh.core.rest.branch.info.BranchInfoMicroschemaList; import com.gentics.mesh.core.rest.branch.info.BranchInfoSchemaList; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.RestModel; import com.gentics.mesh.core.rest.graphql.GraphQLRequest; import com.gentics.mesh.core.rest.graphql.GraphQLResponse; @@ -1863,4 +1864,74 @@ public MeshRequest writable() { public MeshRequest clearCache() { return null; } + + @Override + public MeshRequest getGroupRolePermissions(String uuid) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + groupCrudHandler.handleReadPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + + @Override + public MeshRequest getMicroschemaRolePermissions(String uuid) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + microschemaCrudHandler.handleReadPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + + @Override + public MeshRequest getNodeRolePermissions(String projectName, String uuid) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setProject(projectName); + nodeCrudHandler.handleReadPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + + @Override + public MeshRequest getProjectRolePermissions(String uuid) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + projectCrudHandler.handleReadPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + + @Override + public MeshRequest getRoleRolePermissions(String uuid) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + roleCrudHandler.handleReadPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + + @Override + public MeshRequest getSchemaRolePermissions(String uuid) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + schemaCrudHandler.handleReadPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + + @Override + public MeshRequest getTagFamilyRolePermissions(String projectName, String tagFamilyUuid) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setProject(projectName); + ac.setParameter("tagFamilyUuid", tagFamilyUuid); + tagFamilyCrudHandler.handleReadPermissions(ac, tagFamilyUuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + + @Override + public MeshRequest getTagRolePermissions(String projectName, String tagFamilyUuid, + String uuid) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setProject(projectName); + ac.setParameter("tagUuid", uuid); + ac.setParameter("tagFamilyUuid", tagFamilyUuid); + tagCrudHandler.handleReadPermissions(ac, tagFamilyUuid, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + + @Override + public MeshRequest getUserRolePermissions(String uuid) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + userCrudHandler.handleReadPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } } diff --git a/mdm/api/src/main/java/com/gentics/mesh/core/data/dao/RoleDao.java b/mdm/api/src/main/java/com/gentics/mesh/core/data/dao/RoleDao.java index 59ab5b40d9..b2c666a43f 100644 --- a/mdm/api/src/main/java/com/gentics/mesh/core/data/dao/RoleDao.java +++ b/mdm/api/src/main/java/com/gentics/mesh/core/data/dao/RoleDao.java @@ -1,5 +1,6 @@ package com.gentics.mesh.core.data.dao; +import java.util.Map; import java.util.Set; import com.gentics.mesh.context.InternalActionContext; @@ -68,6 +69,17 @@ default HibRole create(String name, HibUser creator) { */ boolean grantPermissions(HibRole role, HibBaseElement element, InternalPermission... permissions); + /** + * Grant the given permissions on the element to the set of roles + * + * @param roles set of roles + * @param element element to grant permission on + * @param exclusive true to revoke the given permissions on all other roles + * @param permissions permissions to grant + * @return true, iff permissions were effectively changed + */ + boolean grantPermissions(Set roles, HibBaseElement element, boolean exclusive, InternalPermission... permissions); + /** * Revoke the given permissions on the given role. * @@ -78,6 +90,16 @@ default HibRole create(String name, HibUser creator) { */ boolean revokePermissions(HibRole role, HibBaseElement element, InternalPermission... permissions); + /** + * Revoke the given permissions on the element from the given roles. + * + * @param roles set of roles + * @param element element to revoke permissions from + * @param permissions permissions to revoke + * @return true, iff permissions were effectively changed + */ + boolean revokePermissions(Set roles, HibBaseElement element, InternalPermission... permissions); + /** * Return a set of permissions which the role is granting to the given element. * @@ -87,6 +109,15 @@ default HibRole create(String name, HibUser creator) { */ Set getPermissions(HibRole role, HibBaseElement element); + /** + * Return the sets of granted permissions to the given set of roles on the given element + * + * @param roles set of roles + * @param element element + * @return map of permission sets per role + */ + Map> getPermissions(Set roles, HibBaseElement element); + /** * Add the given role to this role. * diff --git a/mdm/common/src/main/java/com/gentics/mesh/core/data/dao/PersistingRoleDao.java b/mdm/common/src/main/java/com/gentics/mesh/core/data/dao/PersistingRoleDao.java index f63a1c25be..9959dc881a 100644 --- a/mdm/common/src/main/java/com/gentics/mesh/core/data/dao/PersistingRoleDao.java +++ b/mdm/common/src/main/java/com/gentics/mesh/core/data/dao/PersistingRoleDao.java @@ -8,11 +8,15 @@ import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static org.apache.commons.lang3.StringUtils.isEmpty; +import java.util.Collections; +import java.util.HashMap; import java.util.HashSet; +import java.util.Map; import java.util.Objects; import java.util.Set; import java.util.stream.Stream; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang3.StringUtils; import com.gentics.mesh.cache.PermissionCache; @@ -42,95 +46,137 @@ * */ public interface PersistingRoleDao extends RoleDao, PersistingDaoGlobal { - /** - * Grant role permission. Consumers implementing this method do not need to invalidate the cache - * @param role the role - * @param element - * @param permissions - */ - boolean grantRolePermissions(HibRole role, HibBaseElement element, InternalPermission... permissions); - - /** - * Revoke role permission. Consumers implementing this method do not need to invalidate the cache - * @param role the role - * @param element - * @param permissions - */ - boolean revokeRolePermissions(HibRole role, HibBaseElement element, InternalPermission... permissions); - - /** - * Create a new role - * - * @param ac - * @param batch - * @param uuid - * Uuid of the role - * @return - */ - default HibRole create(InternalActionContext ac, EventQueueBatch batch, String uuid) { - RoleCreateRequest requestModel = ac.fromJson(RoleCreateRequest.class); - String roleName = requestModel.getName(); - UserDao userDao = Tx.get().userDao(); - HibBaseElement roleRoot = Tx.get().data().permissionRoots().role(); - - HibUser requestUser = ac.getUser(); - if (StringUtils.isEmpty(roleName)) { - throw error(BAD_REQUEST, "error_name_must_be_set"); - } - - HibRole conflictingRole = findByName(roleName); - if (conflictingRole != null) { - throw conflict(conflictingRole.getUuid(), roleName, "role_conflicting_name"); - } - - if (!userDao.hasPermission(requestUser, roleRoot, CREATE_PERM)) { - throw error(FORBIDDEN, "error_missing_perm", roleRoot.getUuid(), CREATE_PERM.getRestPerm().getName()); - } - - HibRole role = create(requestModel.getName(), requestUser, uuid); - userDao.inheritRolePermissions(requestUser, roleRoot, role); - batch.add(role.onCreated()); - return role; - } - - @Override - default boolean grantPermissions(HibRole role, HibBaseElement element, InternalPermission... permissions) { - boolean permissionsGranted = grantRolePermissions(role, element, permissions); - if (permissionsGranted) { - PermissionCache cache = Tx.get().permissionCache(); - cache.clear(); - } - return permissionsGranted; - } - - /** - * Revoke the given permissions and clear the cache when successful - * - * @param role - * @param element - * @param permissions - * @return - */ - default boolean revokePermissions(HibRole role, HibBaseElement element, InternalPermission... permissions) { - boolean permissionsRevoked = revokeRolePermissions(role, element, permissions); - if (permissionsRevoked) { - PermissionCache cache = Tx.get().permissionCache(); - cache.clear(); - } - return permissionsRevoked; - } - - @Override - default void delete(HibRole role, BulkActionContext bac) { - bac.add(role.onDeleted()); - deletePersisted(role); - bac.process(); - PermissionCache permissionCache = Tx.get().permissionCache(); - - permissionCache.clear(); - } - - @Override + /** + * Grant role permission. Consumers implementing this method do not need to invalidate the cache + * @param role the role + * @param element + * @param permissions + */ + boolean grantRolePermissions(HibRole role, HibBaseElement element, InternalPermission... permissions); + + /** + * Grant the given permissions on the element to the set of roles. Implementations do not need to invalidate the cache + * + * @param roles set of roles + * @param element element to grant permission on + * @param exclusive true to revoke the given permissions on all other roles + * @param permissions permissions to grant + * @return true, iff permissions were effectively changed + */ + boolean grantRolePermissions(Set roles, HibBaseElement element, boolean exclusive, + InternalPermission... permissions); + + /** + * Revoke role permission. Consumers implementing this method do not need to invalidate the cache + * @param role the role + * @param element + * @param permissions + */ + boolean revokeRolePermissions(HibRole role, HibBaseElement element, InternalPermission... permissions); + + /** + * Revoke role permission. Consumers implementing this method do not need to invalidate the cache + * @param roles set of roles + * @param element element to revoke permissions from + * @param permissions permissions to revoke + * @return true, iff permissions were effectively changed + */ + boolean revokeRolePermissions(Set roles, HibBaseElement element, InternalPermission... permissions); + + /** + * Create a new role + * + * @param ac + * @param batch + * @param uuid + * Uuid of the role + * @return + */ + default HibRole create(InternalActionContext ac, EventQueueBatch batch, String uuid) { + RoleCreateRequest requestModel = ac.fromJson(RoleCreateRequest.class); + String roleName = requestModel.getName(); + UserDao userDao = Tx.get().userDao(); + HibBaseElement roleRoot = Tx.get().data().permissionRoots().role(); + + HibUser requestUser = ac.getUser(); + if (StringUtils.isEmpty(roleName)) { + throw error(BAD_REQUEST, "error_name_must_be_set"); + } + + HibRole conflictingRole = findByName(roleName); + if (conflictingRole != null) { + throw conflict(conflictingRole.getUuid(), roleName, "role_conflicting_name"); + } + + if (!userDao.hasPermission(requestUser, roleRoot, CREATE_PERM)) { + throw error(FORBIDDEN, "error_missing_perm", roleRoot.getUuid(), CREATE_PERM.getRestPerm().getName()); + } + + HibRole role = create(requestModel.getName(), requestUser, uuid); + userDao.inheritRolePermissions(requestUser, roleRoot, role); + batch.add(role.onCreated()); + return role; + } + + @Override + default boolean grantPermissions(HibRole role, HibBaseElement element, InternalPermission... permissions) { + boolean permissionsGranted = grantRolePermissions(role, element, permissions); + if (permissionsGranted) { + PermissionCache cache = Tx.get().permissionCache(); + cache.clear(); + } + return permissionsGranted; + } + + @Override + default boolean grantPermissions(Set roles, HibBaseElement element, boolean exclusive, + InternalPermission... permissions) { + boolean permissionsGranted = grantRolePermissions(roles, element, exclusive, permissions); + if (permissionsGranted) { + PermissionCache cache = Tx.get().permissionCache(); + cache.clear(); + } + return permissionsGranted; + } + + /** + * Revoke the given permissions and clear the cache when successful + * + * @param role + * @param element + * @param permissions + * @return + */ + default boolean revokePermissions(HibRole role, HibBaseElement element, InternalPermission... permissions) { + boolean permissionsRevoked = revokeRolePermissions(role, element, permissions); + if (permissionsRevoked) { + PermissionCache cache = Tx.get().permissionCache(); + cache.clear(); + } + return permissionsRevoked; + } + + @Override + default boolean revokePermissions(Set roles, HibBaseElement element, InternalPermission... permissions) { + boolean permissionsRevoked = revokeRolePermissions(roles, element, permissions); + if (permissionsRevoked) { + PermissionCache cache = Tx.get().permissionCache(); + cache.clear(); + } + return permissionsRevoked; + } + + @Override + default void delete(HibRole role, BulkActionContext bac) { + bac.add(role.onDeleted()); + deletePersisted(role); + bac.process(); + PermissionCache permissionCache = Tx.get().permissionCache(); + + permissionCache.clear(); + } + + @Override default Result getRolesWithPerm(HibBaseElement element, InternalPermission perm) { Set roleUuids = getRoleUuidsForPerm(element, perm); Stream stream = roleUuids == null @@ -141,7 +187,7 @@ default Result getRolesWithPerm(HibBaseElement element, Inter .filter(Objects::nonNull)); } - @Override + @Override default PermissionInfo getRolePermissions(HibBaseElement element, InternalActionContext ac, String roleUuid) { if (!isEmpty(roleUuid)) { HibRole role = loadObjectByUuid(ac, roleUuid, READ_PERM); @@ -218,6 +264,30 @@ default Set getPermissions(HibRole role, HibBaseElement elem return permissions; } + @Override + default Map> getPermissions(Set roles, HibBaseElement element) { + if (CollectionUtils.isEmpty(roles)) { + return Collections.emptyMap(); + } + Map> permissionsMap = new HashMap<>(); + InternalPermission[] possiblePermissions = element.hasPublishPermissions() + ? InternalPermission.values() + : InternalPermission.basicPermissions(); + + for (InternalPermission permission : possiblePermissions) { + Set allowedUuids = getRoleUuidsForPerm(element, permission); + for (HibRole role : roles) { + Set permissions = permissionsMap.computeIfAbsent(role, key -> new HashSet<>()); + + if (allowedUuids != null && allowedUuids.contains(role.getUuid())) { + permissions.add(permission); + } + } + } + + return permissionsMap; + } + @Override default RoleResponse transformToRestSync(HibRole role, InternalActionContext ac, int level, String... languageTags) { GenericParameters generic = ac.getGenericParameters(); diff --git a/mdm/common/src/main/java/com/gentics/mesh/example/RoleExamples.java b/mdm/common/src/main/java/com/gentics/mesh/example/RoleExamples.java index aab7532a93..3f66101241 100644 --- a/mdm/common/src/main/java/com/gentics/mesh/example/RoleExamples.java +++ b/mdm/common/src/main/java/com/gentics/mesh/example/RoleExamples.java @@ -14,11 +14,14 @@ import java.util.ArrayList; import java.util.List; +import com.gentics.mesh.core.rest.Examples; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.group.GroupReference; import com.gentics.mesh.core.rest.role.RoleCreateRequest; import com.gentics.mesh.core.rest.role.RoleListResponse; import com.gentics.mesh.core.rest.role.RolePermissionRequest; import com.gentics.mesh.core.rest.role.RolePermissionResponse; +import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.role.RoleResponse; import com.gentics.mesh.core.rest.role.RoleUpdateRequest; @@ -95,4 +98,30 @@ public RoleCreateRequest getRoleCreateRequest(String name) { return roleCreate; } + public ObjectPermissionResponse getObjectPermissionResponse(boolean includePublishPermissions) { + ObjectPermissionResponse response = new ObjectPermissionResponse(); + RoleReference role1 = Examples.roleRef(); + RoleReference role2 = Examples.roleRef2(); + + response.set(role1, CREATE, false); + response.set(role1, READ, true); + response.set(role1, UPDATE, true); + response.set(role1, DELETE, false); + if (includePublishPermissions) { + response.set(role1, READ_PUBLISHED, true); + response.set(role1, PUBLISH, false); + } + + response.set(role2, CREATE, true); + response.set(role2, READ, true); + response.set(role2, UPDATE, true); + response.set(role2, DELETE, true); + if (includePublishPermissions) { + response.set(role2, READ_PUBLISHED, true); + response.set(role2, PUBLISH, true); + } + + response.setOthers(includePublishPermissions); + return response; + } } diff --git a/mdm/orientdb-wrapper/src/main/java/com/gentics/mesh/core/data/dao/impl/RoleDaoWrapperImpl.java b/mdm/orientdb-wrapper/src/main/java/com/gentics/mesh/core/data/dao/impl/RoleDaoWrapperImpl.java index 0b8c364a91..46316a9a7f 100644 --- a/mdm/orientdb-wrapper/src/main/java/com/gentics/mesh/core/data/dao/impl/RoleDaoWrapperImpl.java +++ b/mdm/orientdb-wrapper/src/main/java/com/gentics/mesh/core/data/dao/impl/RoleDaoWrapperImpl.java @@ -5,6 +5,7 @@ import java.util.Collections; import java.util.Set; import java.util.function.Predicate; +import java.util.stream.Collectors; import javax.inject.Inject; import javax.inject.Singleton; @@ -57,6 +58,34 @@ public boolean grantRolePermissions(HibRole role, HibBaseElement element, Intern return permissionGranted; } + @Override + public boolean grantRolePermissions(Set roles, HibBaseElement element, boolean exclusive, + InternalPermission... permissions) { + MeshVertex vertex = (MeshVertex) element; + boolean permissionGranted = false; + Set roleUuids = roles.stream().map(HibRole::getUuid).collect(Collectors.toSet()); + + for (InternalPermission permission : permissions) { + Set allowedRoles = getRoleUuidsForPerm(vertex, permission); + + if (allowedRoles == null) { + vertex.setRoleUuidForPerm(permission, roleUuids); + if (!roleUuids.isEmpty()) { + permissionGranted = true; + } + } else { + permissionGranted = allowedRoles.addAll(roleUuids) || permissionGranted; + if (exclusive) { + permissionGranted = allowedRoles.retainAll(roleUuids) || permissionGranted; + } + + vertex.setRoleUuidForPerm(permission, allowedRoles); + } + } + + return permissionGranted; + } + @Override public boolean revokeRolePermissions(HibRole role, HibBaseElement element, InternalPermission... permissions) { MeshVertex vertex = (MeshVertex) element; @@ -72,6 +101,24 @@ public boolean revokeRolePermissions(HibRole role, HibBaseElement element, Inter return permissionRevoked; } + @Override + public boolean revokeRolePermissions(Set roles, HibBaseElement element, InternalPermission... permissions) { + MeshVertex vertex = (MeshVertex) element; + + boolean permissionRevoked = false; + for (InternalPermission permission : permissions) { + Set allowedRoles = getRoleUuidsForPerm(vertex, permission); + if (allowedRoles != null) { + for (HibRole role : roles) { + permissionRevoked = allowedRoles.remove(role.getUuid()) || permissionRevoked; + vertex.setRoleUuidForPerm(permission, allowedRoles); + } + } + } + + return permissionRevoked; + } + @Override public HibRole findByUuid(String uuid) { RoleRoot roleRoot = boot.get().meshRoot().getRoleRoot(); diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java index 19b95c4040..2c995a839f 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java @@ -35,6 +35,7 @@ import com.gentics.mesh.core.rest.branch.info.BranchInfoMicroschemaList; import com.gentics.mesh.core.rest.branch.info.BranchInfoSchemaList; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.RestModel; import com.gentics.mesh.core.rest.graphql.GraphQLRequest; import com.gentics.mesh.core.rest.graphql.GraphQLResponse; @@ -1662,4 +1663,66 @@ public MeshRequest webrootField(String projectName, St return prepareRequest(GET, "/" + encodeSegment(projectName) + "/webrootfield/" + fieldName + path + getQuery(parameters), MeshWebrootFieldResponse.class); } + + @Override + public MeshRequest getGroupRolePermissions(String uuid) { + Objects.requireNonNull(uuid, "uuid must not be null"); + return prepareRequest(GET, "/groups/" + uuid + "/rolePermissions", ObjectPermissionResponse.class); + } + + @Override + public MeshRequest getMicroschemaRolePermissions(String uuid) { + Objects.requireNonNull(uuid, "uuid must not be null"); + return prepareRequest(GET, "/microschemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class); + } + + @Override + public MeshRequest getNodeRolePermissions(String projectName, String uuid) { + Objects.requireNonNull(projectName, "projectName must not be null"); + Objects.requireNonNull(uuid, "uuid must not be null"); + return prepareRequest(GET, "/" + encodeSegment(projectName) + "/nodes/" + uuid + "/rolePermissions", + ObjectPermissionResponse.class); + } + + @Override + public MeshRequest getProjectRolePermissions(String uuid) { + Objects.requireNonNull(uuid, "uuid must not be null"); + return prepareRequest(GET, "/projects/" + uuid + "/rolePermissions", ObjectPermissionResponse.class); + } + + @Override + public MeshRequest getRoleRolePermissions(String uuid) { + Objects.requireNonNull(uuid, "uuid must not be null"); + return prepareRequest(GET, "/roles/" + uuid + "/rolePermissions", ObjectPermissionResponse.class); + } + + @Override + public MeshRequest getSchemaRolePermissions(String uuid) { + Objects.requireNonNull(uuid, "uuid must not be null"); + return prepareRequest(GET, "/schemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class); + } + + @Override + public MeshRequest getTagFamilyRolePermissions(String projectName, String tagFamilyUuid) { + Objects.requireNonNull(projectName, "projectName must not be null"); + Objects.requireNonNull(tagFamilyUuid, "tagFamilyUuid must not be null"); + return prepareRequest(GET, "/" + encodeSegment(projectName) + "/tagFamilies/" + tagFamilyUuid + "/rolePermissions", + ObjectPermissionResponse.class); + } + + @Override + public MeshRequest getTagRolePermissions(String projectName, String tagFamilyUuid, + String uuid) { + Objects.requireNonNull(projectName, "projectName must not be null"); + Objects.requireNonNull(tagFamilyUuid, "tagFamilyUuid must not be null"); + Objects.requireNonNull(uuid, "uuid must not be null"); + return prepareRequest(GET, "/" + encodeSegment(projectName) + "/tagFamilies/" + tagFamilyUuid + "/tags/" + uuid + "/rolePermissions", + ObjectPermissionResponse.class); + } + + @Override + public MeshRequest getUserRolePermissions(String uuid) { + Objects.requireNonNull(uuid, "uuid must not be null"); + return prepareRequest(GET, "/users/" + uuid + "/rolePermissions", ObjectPermissionResponse.class); + } } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java index 0a08ec3353..1923447f0c 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java @@ -1,5 +1,6 @@ package com.gentics.mesh.rest.client.method; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.group.GroupCreateRequest; import com.gentics.mesh.core.rest.group.GroupListResponse; import com.gentics.mesh.core.rest.group.GroupResponse; @@ -100,4 +101,11 @@ public interface GroupClientMethods { */ MeshRequest removeRoleFromGroup(String groupUuid, String roleUuid); + /** + * Get the role permissions on the group + * + * @param uuid Uuid of the group + * @return request + */ + MeshRequest getGroupRolePermissions(String uuid); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java index 7c2853adec..330d45ba76 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java @@ -1,6 +1,7 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.microschema.impl.MicroschemaCreateRequest; import com.gentics.mesh.core.rest.microschema.impl.MicroschemaResponse; import com.gentics.mesh.core.rest.microschema.impl.MicroschemaUpdateRequest; @@ -83,4 +84,11 @@ public interface MicroschemaClientMethods { */ MeshRequest diffMicroschema(String uuid, MicroschemaModel request); + /** + * Get the role permissions on the microschema + * + * @param uuid Uuid of the microschema + * @return request + */ + MeshRequest getMicroschemaRolePermissions(String uuid); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java index 280e041c3e..341bbf61e6 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java @@ -1,5 +1,6 @@ package com.gentics.mesh.rest.client.method; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.node.NodeCreateRequest; import com.gentics.mesh.core.rest.node.NodeListResponse; import com.gentics.mesh.core.rest.node.NodeResponse; @@ -301,4 +302,13 @@ default MeshRequest takeNodeLanguage(String projectName, String n */ MeshRequest listNodeVersions(String projectName, String nodeUuid, ParameterProvider...parameters); + /** + * Get the role permissions on the node + * + * @param projectName + * Name of the project + * @param uuid Uuid of the node + * @return request + */ + MeshRequest getNodeRolePermissions(String projectName, String uuid); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java index ef6060a909..6c8d9ec347 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java @@ -1,6 +1,7 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.project.ProjectCreateRequest; import com.gentics.mesh.core.rest.project.ProjectListResponse; import com.gentics.mesh.core.rest.project.ProjectResponse; @@ -103,4 +104,12 @@ public interface ProjectClientMethods { * @return */ MeshRequest purgeProject(String uuid, ParameterProvider... parameters); + + /** + * Get the role permissions on the project + * + * @param uuid Uuid of the project + * @return request + */ + MeshRequest getProjectRolePermissions(String uuid); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java index b99d00fe93..f16b74c4dc 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java @@ -1,6 +1,7 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.role.RoleCreateRequest; import com.gentics.mesh.core.rest.role.RoleListResponse; import com.gentics.mesh.core.rest.role.RolePermissionRequest; @@ -99,4 +100,13 @@ public interface RoleClientMethods { * @return */ MeshRequest updateRole(String uuid, RoleUpdateRequest restRole); + + /** + * Get the role permissions on the role + * + * @param uuid + * Uuid of the role + * @return request + */ + MeshRequest getRoleRolePermissions(String uuid); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java index 2ee24cb95a..c5b08d1c9b 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java @@ -1,6 +1,7 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.microschema.impl.MicroschemaResponse; import com.gentics.mesh.core.rest.schema.MicroschemaListResponse; import com.gentics.mesh.core.rest.schema.SchemaListResponse; @@ -169,4 +170,12 @@ public interface SchemaClientMethods { * @return */ MeshRequest findMicroschemas(String projectName, ParameterProvider... parameters); + + /** + * Get the role permissions on the schema + * + * @param uuid Uuid of the schema + * @return request + */ + MeshRequest getSchemaRolePermissions(String uuid); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java index 62bb40584f..59c57afd6e 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java @@ -1,5 +1,6 @@ package com.gentics.mesh.rest.client.method; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.tag.TagCreateRequest; import com.gentics.mesh.core.rest.tag.TagListResponse; import com.gentics.mesh.core.rest.tag.TagResponse; @@ -90,4 +91,15 @@ public interface TagClientMethods { */ MeshRequest findTags(String projectName, String tagFamilyUuid, ParameterProvider... parameters); + /** + * Get the role permissions on the tag + * + * @param projectName + * Name of the project + * @param tagFamilyUuid + * Uuid of the tagfamily in which the tag is stored + * @param uuid Uuid of the tag + * @return request + */ + MeshRequest getTagRolePermissions(String projectName, String tagFamilyUuid, String uuid); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java index 49c79972a6..02e0993e65 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java @@ -1,5 +1,6 @@ package com.gentics.mesh.rest.client.method; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.tag.TagFamilyCreateRequest; import com.gentics.mesh.core.rest.tag.TagFamilyListResponse; import com.gentics.mesh.core.rest.tag.TagFamilyResponse; @@ -91,5 +92,14 @@ public interface TagFamilyClientMethods { */ MeshRequest findTagFamilies(String projectName, ParameterProvider... parameters); - + /** + * Get the role permissions on the tag family + * + * @param projectName + * Name of the project + * @param tagFamilyUuid + * Uuid of the tagfamily + * @return request + */ + MeshRequest getTagFamilyRolePermissions(String projectName, String tagFamilyUuid); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java index f18ee71bde..2bc36771ff 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java @@ -1,6 +1,7 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.user.UserAPITokenResponse; import com.gentics.mesh.core.rest.user.UserCreateRequest; import com.gentics.mesh.core.rest.user.UserListResponse; @@ -119,4 +120,12 @@ public interface UserClientMethods { * @return */ MeshRequest invalidateAPIToken(String userUuid); + + /** + * Get the role permissions on the user + * + * @param uuid Uuid of the user + * @return request + */ + MeshRequest getUserRolePermissions(String uuid); } diff --git a/rest-model/src/main/java/com/gentics/mesh/core/rest/Examples.java b/rest-model/src/main/java/com/gentics/mesh/core/rest/Examples.java index d353d4c4a9..b551adcfd9 100644 --- a/rest-model/src/main/java/com/gentics/mesh/core/rest/Examples.java +++ b/rest-model/src/main/java/com/gentics/mesh/core/rest/Examples.java @@ -276,6 +276,13 @@ public static RoleReference roleRef() { return ref; } + public static RoleReference roleRef2() { + RoleReference ref = new RoleReference(); + ref.setUuid(uuid4()); + ref.setName("editor"); + return ref; + } + public static TagReference tagRef() { String uuid = "e5861ba26b914b21861ba26b91ab211a"; TagReference ref = new TagReference(); diff --git a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java new file mode 100644 index 0000000000..409e0add9f --- /dev/null +++ b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java @@ -0,0 +1,179 @@ +package com.gentics.mesh.core.rest.common; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyDescription; +import com.gentics.mesh.core.rest.role.RoleReference; + +public class ObjectPermissionResponse implements RestModel { + @JsonProperty(required = true) + @JsonPropertyDescription("Roles to which the create permission is granted.") + private Set create; + + @JsonProperty(required = true) + @JsonPropertyDescription("Roles to which the read permission is granted.") + private Set read; + + @JsonProperty(required = true) + @JsonPropertyDescription("Roles to which the update permission is granted.") + private Set update; + + @JsonProperty(required = true) + @JsonPropertyDescription("Roles to which the delete permission is granted.") + private Set delete; + + @JsonProperty(required = false) + @JsonPropertyDescription("Roles to which the publish permission is granted.") + private Set publish; + + @JsonProperty(required = false) + @JsonPropertyDescription("Roles to which the read published permission is granted.") + private Set readPublished; + + public Set getCreate() { + return create; + } + + public ObjectPermissionResponse setCreate(Set create) { + this.create = create; + return this; + } + + public Set getRead() { + return read; + } + + public ObjectPermissionResponse setRead(Set read) { + this.read = read; + return this; + } + + public Set getUpdate() { + return update; + } + + public ObjectPermissionResponse setUpdate(Set update) { + this.update = update; + return this; + } + + public Set getDelete() { + return delete; + } + + public ObjectPermissionResponse setDelete(Set delete) { + this.delete = delete; + return this; + } + + public Set getPublish() { + return publish; + } + + public ObjectPermissionResponse setPublish(Set publish) { + this.publish = publish; + return this; + } + + public Set getReadPublished() { + return readPublished; + } + + public ObjectPermissionResponse setReadPublished(Set readPublished) { + this.readPublished = readPublished; + return this; + } + + /** + * Set the given permission. + * + * @param role role reference + * @param permission permission + * @return Fluent API + */ + public ObjectPermissionResponse add(RoleReference role, Permission permission) { + set(role, permission, true); + return this; + } + + /** + * Set the given permission. + * + * @param role role reference + * @param perm permission + * @param flag true to set, false to remove + * @return Fluent API + */ + public ObjectPermissionResponse set(RoleReference role, Permission perm, boolean flag) { + switch (perm) { + case CREATE: + create = update(create, role, flag); + break; + case READ: + read = update(read, role, flag); + break; + case UPDATE: + update = update(update, role, flag); + break; + case DELETE: + delete = update(delete, role, flag); + break; + case PUBLISH: + publish = update(publish, role, flag); + break; + case READ_PUBLISHED: + readPublished = update(readPublished, role, flag); + break; + default: + throw new RuntimeException("Unknown permission type {" + perm.getName() + "}"); + } + return this; + } + + /** + * Set other permissions to empty sets + * + * @param includePublishPermissions + * @return Fluent API + */ + public ObjectPermissionResponse setOthers(boolean includePublishPermissions) { + if (create == null) { + create = Collections.emptySet(); + } + if (read == null) { + read = Collections.emptySet(); + } + if (update == null) { + update = Collections.emptySet(); + } + if (delete == null) { + delete = Collections.emptySet(); + } + if (includePublishPermissions) { + if (publish == null) { + publish = Collections.emptySet(); + } + if (readPublished == null) { + readPublished = Collections.emptySet(); + } + } + return this; + } + + protected Set update(Set set, RoleReference role, boolean flag) { + if (set == null) { + set = new HashSet<>(); + } + + if (flag) { + set.add(role); + } else { + set.remove(role); + } + + return set; + } +} diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchEndpointTest.java index 7f7132a953..afc6a1fc77 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchEndpointTest.java @@ -30,6 +30,7 @@ import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR; import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.fail; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; @@ -1369,6 +1370,24 @@ public void testUnassignedMigration() { this.migrateSchema(); } + @Test + @Override + public void testReadRolePermissions() throws Exception { + fail("Not implemented"); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermission() throws Exception { + fail("Not implemented"); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { + fail("Not implemented"); + } + private void updateFolderSchema(boolean immediate) { SchemaResponse schema = getSchemaByName("folder"); diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupEndpointTest.java index cbc7a2d2ba..96452c0eef 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupEndpointTest.java @@ -23,6 +23,7 @@ import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR; import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; @@ -43,12 +44,14 @@ import com.gentics.mesh.core.data.group.HibGroup; import com.gentics.mesh.core.data.user.HibUser; import com.gentics.mesh.core.db.Tx; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.impl.MeshElementEventModelImpl; import com.gentics.mesh.core.rest.group.GroupCreateRequest; import com.gentics.mesh.core.rest.group.GroupListResponse; import com.gentics.mesh.core.rest.group.GroupResponse; import com.gentics.mesh.core.rest.group.GroupUpdateRequest; +import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.parameter.impl.PagingParametersImpl; import com.gentics.mesh.parameter.impl.RolePermissionParametersImpl; import com.gentics.mesh.test.MeshTestSetting; @@ -594,4 +597,46 @@ public void testPermissionResponse() { assertThat(group.getPermissions()).hasNoPublishPermsSet(); } + + @Test + @Override + public void testReadRolePermissions() throws Exception { + String groupUuid = tx(() -> group().getUuid()); + RoleReference testRole = tx(() -> role().transformToReference()); + ObjectPermissionResponse response = call(() -> client().getGroupRolePermissions(groupUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); + assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermission() throws Exception { + String groupUuid = tx(() -> group().getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), group(), READ_PERM); + }); + call(() -> client().getGroupRolePermissions(groupUuid), FORBIDDEN, "error_missing_perm", groupUuid, READ_PERM.getRestPerm().getName()); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { + String groupUuid = tx(() -> group().getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), role(), READ_PERM); + }); + ObjectPermissionResponse response = call(() -> client().getGroupRolePermissions(groupUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); + } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeEndpointTest.java index e9987e55d0..9fa203faee 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeEndpointTest.java @@ -28,12 +28,12 @@ import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.fail; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; import java.net.UnknownHostException; import java.util.ArrayList; @@ -61,6 +61,7 @@ import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.rest.branch.BranchCreateRequest; import com.gentics.mesh.core.rest.common.ContainerType; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.node.NodeMeshEventModel; @@ -71,6 +72,7 @@ import com.gentics.mesh.core.rest.node.NodeUpsertRequest; import com.gentics.mesh.core.rest.node.field.StringField; import com.gentics.mesh.core.rest.project.ProjectReference; +import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.schema.SchemaReference; import com.gentics.mesh.core.rest.schema.impl.SchemaCreateRequest; import com.gentics.mesh.core.rest.schema.impl.SchemaReferenceImpl; @@ -2134,4 +2136,47 @@ public void testRootNodeBreadcrumb() { assertEquals(1, breadcrumb.size()); assertEquals(node.getNodeResponse().getUuid(), breadcrumb.get(0).getUuid()); } + + @Test + @Override + public void testReadRolePermissions() throws Exception { + String uuid = tx(() -> folder("2015").getUuid()); + RoleReference testRole = tx(() -> role().transformToReference()); + + ObjectPermissionResponse response = call(() -> client().getNodeRolePermissions(PROJECT_NAME, uuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); + assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); + assertThat(response.getPublish()).as("Roles with publish permission").containsOnly(testRole); + assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").containsOnly(testRole); + assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermission() throws Exception { + String uuid = tx(() -> folder("2015").getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), folder("2015"), READ_PERM); + }); + call(() -> client().getNodeRolePermissions(PROJECT_NAME, uuid), FORBIDDEN, "error_missing_perm", uuid, READ_PERM.getRestPerm().getName()); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { + String uuid = tx(() -> folder("2015").getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), role(), READ_PERM); + }); + ObjectPermissionResponse response = call(() -> client().getNodeRolePermissions(PROJECT_NAME, uuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); + assertThat(response.getPublish()).as("Roles with publish permission").isNotNull().isEmpty(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNotNull().isEmpty(); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); + } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectEndpointTest.java index 1d863e91c8..7fa0d32d1d 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectEndpointTest.java @@ -59,6 +59,7 @@ import com.gentics.mesh.core.rest.branch.BranchCreateRequest; import com.gentics.mesh.core.rest.branch.BranchResponse; import com.gentics.mesh.core.rest.branch.BranchUpdateRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.common.PermissionInfo; import com.gentics.mesh.core.rest.error.GenericRestException; @@ -71,6 +72,7 @@ import com.gentics.mesh.core.rest.project.ProjectResponse; import com.gentics.mesh.core.rest.project.ProjectUpdateRequest; import com.gentics.mesh.core.rest.role.RolePermissionRequest; +import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.role.RoleResponse; import com.gentics.mesh.core.rest.schema.impl.SchemaReferenceImpl; import com.gentics.mesh.parameter.LinkType; @@ -839,4 +841,46 @@ public void testDeleteProjectNamedProject() { list = call(() -> client().findProjects()); assertThat(list.getData().stream().map(ProjectResponse::getName)).as("List of projects").containsOnly("dummy"); } + + @Test + @Override + public void testReadRolePermissions() throws Exception { + String projectUuid = tx(() -> project().getUuid()); + RoleReference testRole = tx(() -> role().transformToReference()); + ObjectPermissionResponse response = call(() -> client().getProjectRolePermissions(projectUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); + assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermission() throws Exception { + String projectUuid = tx(() -> project().getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), project(), READ_PERM); + }); + call(() -> client().getProjectRolePermissions(projectUuid), FORBIDDEN, "error_missing_perm", projectUuid, READ_PERM.getRestPerm().getName()); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { + String projectUuid = tx(() -> project().getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), role(), READ_PERM); + }); + ObjectPermissionResponse response = call(() -> client().getProjectRolePermissions(projectUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); + } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleEndpointTest.java index 45a07ff427..de1b756a6b 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleEndpointTest.java @@ -18,6 +18,7 @@ import static io.netty.handler.codec.http.HttpResponseStatus.CONFLICT; import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -40,11 +41,13 @@ import com.gentics.mesh.core.data.role.HibRole; import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.impl.MeshElementEventModelImpl; import com.gentics.mesh.core.rest.role.RoleCreateRequest; import com.gentics.mesh.core.rest.role.RoleListResponse; +import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.role.RoleResponse; import com.gentics.mesh.core.rest.role.RoleUpdateRequest; import com.gentics.mesh.parameter.impl.PagingParametersImpl; @@ -558,4 +561,46 @@ public void testPermissionResponse() { RoleResponse role = client().findRoles().blockingGet().getData().get(0); assertThat(role.getPermissions()).hasNoPublishPermsSet(); } + + @Test + @Override + public void testReadRolePermissions() throws Exception { + String roleUuid = tx(() -> roles().get("anonymous").getUuid()); + RoleReference testRole = tx(() -> role().transformToReference()); + ObjectPermissionResponse response = call(() -> client().getRoleRolePermissions(roleUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); + assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermission() throws Exception { + String roleUuid = tx(() -> roles().get("anonymous").getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), roles().get("anonymous"), READ_PERM); + }); + call(() -> client().getRoleRolePermissions(roleUuid), FORBIDDEN, "error_missing_perm", roleUuid, READ_PERM.getRestPerm().getName()); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { + String roleUuid = tx(() -> roles().get("anonymous").getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), role(), READ_PERM); + }); + ObjectPermissionResponse response = call(() -> client().getRoleRolePermissions(roleUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); + } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleTest.java index ffd93ada1f..9d29c30151 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleTest.java @@ -2,15 +2,22 @@ import static com.gentics.mesh.core.data.perm.InternalPermission.CREATE_PERM; import static com.gentics.mesh.core.data.perm.InternalPermission.DELETE_PERM; +import static com.gentics.mesh.core.data.perm.InternalPermission.PUBLISH_PERM; import static com.gentics.mesh.core.data.perm.InternalPermission.READ_PERM; +import static com.gentics.mesh.core.data.perm.InternalPermission.READ_PUBLISHED_PERM; import static com.gentics.mesh.core.data.perm.InternalPermission.UPDATE_PERM; import static com.gentics.mesh.test.TestSize.PROJECT; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; +import java.util.Map; import java.util.Set; import org.junit.Test; @@ -127,6 +134,137 @@ public void testGrantPermissionTwice() { } } + @Test + public void testGrantMultiplePermission() { + // change permissions on multiple roles + try (Tx tx = tx()) { + RoleDao roleDao = tx.roleDao(); + HibRole admin = roleDao.findByName("admin"); + assertThat(admin).as("Admin role").isNotNull(); + HibRole anonymous = roleDao.findByName("anonymous"); + assertThat(anonymous).as("Anonymous role").isNotNull(); + HibRole testRole = role(); + assertThat(testRole).as("Test role").isNotNull(); + HibNode node = folder("news"); + + assertThat(roleDao.grantPermissions(new HashSet<>(Arrays.asList(admin, anonymous)), node, false, + CREATE_PERM, READ_PERM)).as("Changed permissions").isTrue(); + + assertThat(roleDao.getPermissions(admin, node)).as("Permissions for admin").containsOnly(CREATE_PERM, + READ_PERM); + assertThat(roleDao.getPermissions(anonymous, node)).as("Permissions for anonymous") + .containsOnly(CREATE_PERM, READ_PERM); + assertThat(roleDao.getPermissions(testRole, node)).as("Permissions for test role").containsOnly(CREATE_PERM, + PUBLISH_PERM, UPDATE_PERM, READ_PERM, DELETE_PERM, READ_PUBLISHED_PERM); + tx.success(); + } + + // change permissions and check the unmentioned roles are not touched + try (Tx tx = tx()) { + RoleDao roleDao = tx.roleDao(); + HibRole admin = roleDao.findByName("admin"); + assertThat(admin).as("Admin role").isNotNull(); + HibRole anonymous = roleDao.findByName("anonymous"); + assertThat(anonymous).as("Anonymous role").isNotNull(); + HibRole testRole = role(); + assertThat(testRole).as("Test role").isNotNull(); + HibNode node = folder("news"); + + assertThat(roleDao.grantPermissions(new HashSet<>(Arrays.asList(admin, testRole)), node, false, + UPDATE_PERM)).as("Changed permissions").isTrue(); + + assertThat(roleDao.getPermissions(admin, node)).as("Permissions for admin").containsOnly(CREATE_PERM, + READ_PERM, UPDATE_PERM); + assertThat(roleDao.getPermissions(anonymous, node)).as("Permissions for anonymous") + .containsOnly(CREATE_PERM, READ_PERM); + assertThat(roleDao.getPermissions(testRole, node)).as("Permissions for test role").containsOnly(CREATE_PERM, + PUBLISH_PERM, UPDATE_PERM, READ_PERM, DELETE_PERM, READ_PUBLISHED_PERM); + tx.success(); + } + + // "change" something that is already set + try (Tx tx = tx()) { + RoleDao roleDao = tx.roleDao(); + HibRole admin = roleDao.findByName("admin"); + assertThat(admin).as("Admin role").isNotNull(); + HibRole anonymous = roleDao.findByName("anonymous"); + assertThat(anonymous).as("Anonymous role").isNotNull(); + HibRole testRole = role(); + assertThat(testRole).as("Test role").isNotNull(); + HibNode node = folder("news"); + + assertThat(roleDao.grantPermissions(new HashSet<>(Arrays.asList(admin, anonymous, testRole)), node, false, + CREATE_PERM, READ_PERM)).as("Changed permissions").isFalse(); + tx.success(); + } + } + + @Test + public void testGrantMultiplePermissionExclusive() { + // change permissions on multiple roles + try (Tx tx = tx()) { + RoleDao roleDao = tx.roleDao(); + HibRole admin = roleDao.findByName("admin"); + assertThat(admin).as("Admin role").isNotNull(); + HibRole anonymous = roleDao.findByName("anonymous"); + assertThat(anonymous).as("Anonymous role").isNotNull(); + HibRole testRole = role(); + assertThat(testRole).as("Test role").isNotNull(); + HibNode node = folder("news"); + + assertThat(roleDao.grantPermissions(new HashSet<>(Arrays.asList(admin, anonymous)), node, true, + CREATE_PERM, READ_PERM)).as("Changed permissions").isTrue(); + + assertThat(roleDao.getPermissions(admin, node)).as("Permissions for admin").containsOnly(CREATE_PERM, + READ_PERM); + assertThat(roleDao.getPermissions(anonymous, node)).as("Permissions for anonymous") + .containsOnly(CREATE_PERM, READ_PERM); + assertThat(roleDao.getPermissions(testRole, node)).as("Permissions for test role") + .containsOnly(PUBLISH_PERM, UPDATE_PERM, DELETE_PERM, READ_PUBLISHED_PERM); + tx.success(); + } + + // "change" something that is already set + try (Tx tx = tx()) { + RoleDao roleDao = tx.roleDao(); + HibRole admin = roleDao.findByName("admin"); + assertThat(admin).as("Admin role").isNotNull(); + HibRole anonymous = roleDao.findByName("anonymous"); + assertThat(anonymous).as("Anonymous role").isNotNull(); + HibRole testRole = role(); + assertThat(testRole).as("Test role").isNotNull(); + HibNode node = folder("news"); + + assertThat(roleDao.grantPermissions(new HashSet<>(Arrays.asList(admin, anonymous)), node, true, READ_PERM)) + .as("Changed permissions").isFalse(); + tx.success(); + } + + // do a change, that only restricts other roles further + try (Tx tx = tx()) { + RoleDao roleDao = tx.roleDao(); + HibRole admin = roleDao.findByName("admin"); + assertThat(admin).as("Admin role").isNotNull(); + HibRole anonymous = roleDao.findByName("anonymous"); + assertThat(anonymous).as("Anonymous role").isNotNull(); + HibRole testRole = role(); + assertThat(testRole).as("Test role").isNotNull(); + HibNode node = folder("news"); + + assertThat(roleDao.grantPermissions(new HashSet<>(Arrays.asList(admin)), node, true, READ_PERM)) + .as("Changed permissions").isTrue(); + + assertThat(roleDao.getPermissions(admin, node)).as("Permissions for admin").containsOnly(CREATE_PERM, + READ_PERM); + assertThat(roleDao.getPermissions(anonymous, node)).as("Permissions for anonymous") + .containsOnly(CREATE_PERM); + assertThat(roleDao.getPermissions(testRole, node)).as("Permissions for test role") + .containsOnly(PUBLISH_PERM, UPDATE_PERM, DELETE_PERM, READ_PUBLISHED_PERM); + tx.success(); + } + + } + @Test public void testGetPermissions() { try (Tx tx = tx()) { @@ -137,6 +275,37 @@ public void testGetPermissions() { } } + @Test + public void testGetMultiplePermissions() { + try (Tx tx = tx()) { + RoleDao roleDao = tx.roleDao(); + HibRole admin = roleDao.findByName("admin"); + assertThat(admin).as("Admin role").isNotNull(); + HibRole anonymous = roleDao.findByName("anonymous"); + assertThat(anonymous).as("Anonymous role").isNotNull(); + HibRole testRole = role(); + assertThat(testRole).as("Test role").isNotNull(); + HibNode node = folder("news"); + Map> result = roleDao.getPermissions(new HashSet<>(Arrays.asList(admin, anonymous, testRole)), node); + assertThat(result).as("Permissions result") + .containsOnlyKeys(admin, anonymous, testRole) + .containsEntry(testRole, new HashSet<>(Arrays.asList(CREATE_PERM, PUBLISH_PERM, UPDATE_PERM, READ_PERM, DELETE_PERM, READ_PUBLISHED_PERM))) + .containsEntry(admin, Collections.emptySet()) + .containsEntry(anonymous, Collections.emptySet()); + } + } + + @Test + public void testGetMultiplePermissionsForNoRoles() { + try (Tx tx = tx()) { + RoleDao roleDao = tx.roleDao(); + HibNode node = folder("news"); + Map> result = roleDao.getPermissions(Collections.emptySet(), node); + assertThat(result).as("Permissions result") + .isEmpty(); + } + } + @Test public void testRevokePermission() { try (Tx tx = tx()) { @@ -154,6 +323,52 @@ public void testRevokePermission() { } } + @Test + public void testRevokeMultiplePermissions() { + // revoke permissions + try (Tx tx = tx()) { + RoleDao roleDao = tx.roleDao(); + HibRole admin = roleDao.findByName("admin"); + assertThat(admin).as("Admin role").isNotNull(); + HibRole anonymous = roleDao.findByName("anonymous"); + assertThat(anonymous).as("Anonymous role").isNotNull(); + HibRole testRole = role(); + assertThat(testRole).as("Test role").isNotNull(); + HibNode node = folder("news"); + + roleDao.grantPermissions(admin, node, CREATE_PERM, UPDATE_PERM); + roleDao.grantPermissions(anonymous, node, CREATE_PERM); + + assertThat(roleDao.revokePermissions(new HashSet<>(Arrays.asList(admin, testRole)), node, CREATE_PERM, + READ_PERM)).as("Permissions were changed").isTrue(); + + assertThat(roleDao.getPermissions(admin, node)).as("Permissions for admin").containsOnly(UPDATE_PERM); + assertThat(roleDao.getPermissions(anonymous, node)).as("Permissions for anonymous") + .containsOnly(CREATE_PERM); + assertThat(roleDao.getPermissions(testRole, node)).as("Permissions for test role") + .containsOnly(PUBLISH_PERM, UPDATE_PERM, DELETE_PERM, READ_PUBLISHED_PERM); + + tx.success(); + } + + // try again (nothing is changed) + try (Tx tx = tx()) { + RoleDao roleDao = tx.roleDao(); + HibRole admin = roleDao.findByName("admin"); + assertThat(admin).as("Admin role").isNotNull(); + HibRole anonymous = roleDao.findByName("anonymous"); + assertThat(anonymous).as("Anonymous role").isNotNull(); + HibRole testRole = role(); + assertThat(testRole).as("Test role").isNotNull(); + HibNode node = folder("news"); + + assertThat(roleDao.revokePermissions(new HashSet<>(Arrays.asList(admin, testRole)), node, CREATE_PERM, + READ_PERM)).as("Permissions were changed").isFalse(); + + tx.success(); + } + } + @Test public void testRevokePermissionOnGroupRoot() throws Exception { try (Tx tx = tx()) { diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaEndpointTest.java index 09bcbd3c87..ab1f8c996e 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaEndpointTest.java @@ -20,6 +20,7 @@ import static io.netty.handler.codec.http.HttpResponseStatus.CONFLICT; import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -32,6 +33,7 @@ import com.gentics.mesh.core.data.dao.RoleDao; import com.gentics.mesh.core.data.schema.HibMicroschema; import com.gentics.mesh.core.db.Tx; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.impl.MeshElementEventModelImpl; @@ -42,6 +44,7 @@ import com.gentics.mesh.core.rest.node.NodeCreateRequest; import com.gentics.mesh.core.rest.node.NodeResponse; import com.gentics.mesh.core.rest.node.field.list.impl.MicronodeFieldListImpl; +import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.schema.ListFieldSchema; import com.gentics.mesh.core.rest.schema.MicroschemaModel; import com.gentics.mesh.core.rest.schema.impl.MicroschemaReferenceImpl; @@ -502,4 +505,46 @@ public void testConflictingNameWithSchema() throws InterruptedException { client().createSchema(schemaRequest).blockingAwait(); call(() -> client().createMicroschema(microSchemaRequest), CONFLICT, "schema_conflicting_name", "test"); } + + @Test + @Override + public void testReadRolePermissions() throws Exception { + String microschemaUuid = tx(() -> microschemaContainer("vcard").getUuid()); + RoleReference testRole = tx(() -> role().transformToReference()); + ObjectPermissionResponse response = call(() -> client().getMicroschemaRolePermissions(microschemaUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); + assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermission() throws Exception { + String microschemaUuid = tx(() -> microschemaContainer("vcard").getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), microschemaContainer("vcard"), READ_PERM); + }); + call(() -> client().getMicroschemaRolePermissions(microschemaUuid), FORBIDDEN, "error_missing_perm", microschemaUuid, READ_PERM.getRestPerm().getName()); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { + String microschemaUuid = tx(() -> microschemaContainer("vcard").getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), role(), READ_PERM); + }); + ObjectPermissionResponse response = call(() -> client().getMicroschemaRolePermissions(microschemaUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); + } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaEndpointTest.java index c739661714..7d77ff9136 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaEndpointTest.java @@ -58,6 +58,7 @@ import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.rest.branch.BranchReference; import com.gentics.mesh.core.rest.common.AbstractResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.EventCauseInfo; @@ -71,6 +72,7 @@ import com.gentics.mesh.core.rest.microschema.impl.MicroschemaCreateRequest; import com.gentics.mesh.core.rest.microschema.impl.MicroschemaResponse; import com.gentics.mesh.core.rest.project.ProjectReference; +import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.schema.MicroschemaReference; import com.gentics.mesh.core.rest.schema.SchemaListResponse; import com.gentics.mesh.core.rest.schema.SchemaModel; @@ -840,4 +842,46 @@ public void testMicronodeListFieldWithoutAllow() { assertThat(version.getMicroschemaVersionHash(initialBranch())).as("Microschema Version Hash").isNull(); }); } + + @Test + @Override + public void testReadRolePermissions() throws Exception { + String schemaUuid = tx(() -> schemaContainer("content").getUuid()); + RoleReference testRole = tx(() -> role().transformToReference()); + ObjectPermissionResponse response = call(() -> client().getSchemaRolePermissions(schemaUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); + assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermission() throws Exception { + String schemaUuid = tx(() -> schemaContainer("content").getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), schemaContainer("content"), READ_PERM); + }); + call(() -> client().getSchemaRolePermissions(schemaUuid), FORBIDDEN, "error_missing_perm", schemaUuid, READ_PERM.getRestPerm().getName()); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { + String schemaUuid = tx(() -> schemaContainer("content").getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), role(), READ_PERM); + }); + ObjectPermissionResponse response = call(() -> client().getSchemaRolePermissions(schemaUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); + } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagEndpointTest.java index c6df70f112..7f77b78766 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagEndpointTest.java @@ -24,6 +24,7 @@ import static io.netty.handler.codec.http.HttpResponseStatus.CONFLICT; import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -48,9 +49,11 @@ import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.rest.common.ContainerType; import com.gentics.mesh.core.rest.common.ListResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.node.NodeTaggedEventModel; import com.gentics.mesh.core.rest.event.tag.TagMeshEventModel; +import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.tag.TagCreateRequest; import com.gentics.mesh.core.rest.tag.TagFamilyResponse; import com.gentics.mesh.core.rest.tag.TagListResponse; @@ -658,4 +661,50 @@ public void testPermissionResponse() { TagResponse tag = client().findTags(PROJECT_NAME, tagfamily.getUuid()).blockingGet().getData().get(0); assertThat(tag.getPermissions()).hasNoPublishPermsSet(); } + + @Test + @Override + public void testReadRolePermissions() throws Exception { + String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); + String tagUuid = tx(() -> tag("red").getUuid()); + RoleReference testRole = tx(() -> role().transformToReference()); + + ObjectPermissionResponse response = call(() -> client().getTagRolePermissions(PROJECT_NAME, tagFamilyUuid, tagUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); + assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermission() throws Exception { + String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); + String tagUuid = tx(() -> tag("red").getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), tag("red"), READ_PERM); + }); + call(() -> client().getTagRolePermissions(PROJECT_NAME, tagFamilyUuid, tagUuid), FORBIDDEN, "error_missing_perm", tagUuid, READ_PERM.getRestPerm().getName()); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { + String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); + String tagUuid = tx(() -> tag("red").getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), role(), READ_PERM); + }); + ObjectPermissionResponse response = call(() -> client().getTagRolePermissions(PROJECT_NAME, tagFamilyUuid, tagUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); + } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyEndpointTest.java index 819ab6f49c..9afad7ae36 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyEndpointTest.java @@ -22,6 +22,7 @@ import static io.netty.handler.codec.http.HttpResponseStatus.CONFLICT; import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -53,10 +54,12 @@ import com.gentics.mesh.core.db.CommonTx; import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.rest.common.ContainerType; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.tag.TagMeshEventModel; import com.gentics.mesh.core.rest.event.tagfamily.TagFamilyMeshEventModel; +import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.tag.TagFamilyCreateRequest; import com.gentics.mesh.core.rest.tag.TagFamilyListResponse; import com.gentics.mesh.core.rest.tag.TagFamilyResponse; @@ -602,4 +605,47 @@ public void testPermissionResponse() { TagFamilyResponse family = client().findTagFamilies(PROJECT_NAME).blockingGet().getData().get(0); assertThat(family.getPermissions()).hasNoPublishPermsSet(); } + + @Test + @Override + public void testReadRolePermissions() throws Exception { + String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); + RoleReference testRole = tx(() -> role().transformToReference()); + + ObjectPermissionResponse response = call(() -> client().getTagFamilyRolePermissions(PROJECT_NAME, tagFamilyUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); + assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermission() throws Exception { + String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), tagFamily("colors"), READ_PERM); + }); + call(() -> client().getTagFamilyRolePermissions(PROJECT_NAME, tagFamilyUuid), FORBIDDEN, "error_missing_perm", tagFamilyUuid, READ_PERM.getRestPerm().getName()); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { + String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), role(), READ_PERM); + }); + ObjectPermissionResponse response = call(() -> client().getTagFamilyRolePermissions(PROJECT_NAME, tagFamilyUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); + } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserEndpointTest.java index e9bafe45da..2332c5bf92 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserEndpointTest.java @@ -29,6 +29,7 @@ import static io.netty.handler.codec.http.HttpResponseStatus.UNAUTHORIZED; import static io.vertx.core.http.HttpHeaders.HOST; import static io.vertx.core.http.HttpHeaders.LOCATION; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotEquals; @@ -41,8 +42,6 @@ import java.util.List; import java.util.stream.Collectors; -import com.gentics.mesh.core.data.role.HibRole; -import com.gentics.mesh.core.db.CommonTx; import org.apache.commons.lang3.StringUtils; import org.junit.Ignore; import org.junit.Test; @@ -55,14 +54,18 @@ import com.gentics.mesh.core.data.group.HibGroup; import com.gentics.mesh.core.data.node.HibNode; import com.gentics.mesh.core.data.perm.InternalPermission; +import com.gentics.mesh.core.data.role.HibRole; import com.gentics.mesh.core.data.tagfamily.HibTagFamily; import com.gentics.mesh.core.data.user.HibUser; +import com.gentics.mesh.core.db.CommonTx; import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.rest.common.ListResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.impl.MeshElementEventModelImpl; import com.gentics.mesh.core.rest.node.NodeResponse; +import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.user.NodeReference; import com.gentics.mesh.core.rest.user.UserAPITokenResponse; import com.gentics.mesh.core.rest.user.UserCreateRequest; @@ -1553,4 +1556,46 @@ public void testUserRolesHash() { assertTrue("Roles hash should be in response", !StringUtils.isBlank(response.getRolesHash())); } + + @Test + @Override + public void testReadRolePermissions() throws Exception { + String userUuid = tx(() -> user().getUuid()); + RoleReference testRole = tx(() -> role().transformToReference()); + ObjectPermissionResponse response = call(() -> client().getUserRolePermissions(userUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); + assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermission() throws Exception { + String userUuid = tx(() -> user().getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), user(), READ_PERM); + }); + call(() -> client().getUserRolePermissions(userUuid), FORBIDDEN, "error_missing_perm", userUuid, READ_PERM.getRestPerm().getName()); + } + + @Test + @Override + public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { + String userUuid = tx(() -> user().getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), role(), READ_PERM); + }); + ObjectPermissionResponse response = call(() -> client().getUserRolePermissions(userUuid)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); + } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/test/definition/CrudEndpointTestCases.java b/tests/tests-core/src/main/java/com/gentics/mesh/test/definition/CrudEndpointTestCases.java index 73ecca8d7c..70053c6717 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/test/definition/CrudEndpointTestCases.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/test/definition/CrudEndpointTestCases.java @@ -43,4 +43,21 @@ public interface CrudEndpointTestCases { void testDeleteByUUIDWithNoPermission() throws Exception; + /** + * Test reading role permissions + * @throws Exception + */ + void testReadRolePermissions() throws Exception; + + /** + * Test reading role permissions without permission on the object itself + * @throws Exception + */ + void testReadRolePermissionWithoutPermission() throws Exception; + + /** + * Test reading role permissions without permission on all roles + * @throws Exception + */ + void testReadRolePermissionWithoutPermissionOnRole() throws Exception; } From 912bf190a57e9f37ca05fc159dcd2bce6cbcd391 Mon Sep 17 00:00:00 2001 From: Norbert Pomaroli Date: Mon, 3 Oct 2022 16:30:03 +0200 Subject: [PATCH 2/9] Add endpoints for granting permissions Refactor tests --- .../resources/i18n/translations_de.properties | 1 + .../resources/i18n/translations_en.properties | 3 +- .../core/endpoint/group/GroupEndpoint.java | 17 ++ .../endpoint/handler/AbstractCrudHandler.java | 99 +++++++++- .../mesh/core/endpoint/user/UserEndpoint.java | 17 ++ .../mesh/rest/MeshLocalClientImpl.java | 19 ++ .../client/impl/MeshRestHttpClientImpl.java | 17 ++ .../client/method/GroupClientMethods.java | 10 + .../rest/client/method/UserClientMethods.java | 9 + .../rest/common/ObjectPermissionRequest.java | 31 +++ .../rest/common/ObjectPermissionResponse.java | 24 +++ .../mesh/core/branch/BranchEndpointTest.java | 19 -- .../mesh/core/group/GroupEndpointTest.java | 45 ----- .../GroupRolePermissionsEndpointTest.java | 34 ++++ .../mesh/core/node/NodeEndpointTest.java | 47 +---- .../node/NodeRolePermissionsEndpointTest.java | 34 ++++ .../core/project/ProjectEndpointTest.java | 44 ----- .../ProjectRolePermissionsEndpointTest.java | 33 ++++ .../mesh/core/role/RoleEndpointTest.java | 45 ----- .../role/RoleRolePermissionsEndpointTest.java | 33 ++++ .../core/schema/MicroschemaEndpointTest.java | 45 ----- ...icroschemaRolePermissionsEndpointTest.java | 33 ++++ .../mesh/core/schema/SchemaEndpointTest.java | 44 ----- .../SchemaRolePermissionsEndpointTest.java | 33 ++++ .../mesh/core/tag/TagEndpointTest.java | 49 ----- .../tag/TagRolePermissionsEndpointTest.java | 35 ++++ .../core/tagfamily/TagFamilyEndpointTest.java | 46 ----- .../TagFamilyRolePermissionsEndpointTest.java | 34 ++++ .../mesh/core/user/UserEndpointTest.java | 49 +---- .../user/UserRolePermissionsEndpointTest.java | 34 ++++ .../context/AbstractRolePermissionTest.java | 183 ++++++++++++++++++ .../definition/CrudEndpointTestCases.java | 17 -- 32 files changed, 733 insertions(+), 450 deletions(-) create mode 100644 rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRequest.java create mode 100644 tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java create mode 100644 tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java create mode 100644 tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java create mode 100644 tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java create mode 100644 tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java create mode 100644 tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java create mode 100644 tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java create mode 100644 tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java create mode 100644 tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java create mode 100644 tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionTest.java diff --git a/common/src/main/resources/i18n/translations_de.properties b/common/src/main/resources/i18n/translations_de.properties index c2cfe9d93a..ee6e9bf3c3 100644 --- a/common/src/main/resources/i18n/translations_de.properties +++ b/common/src/main/resources/i18n/translations_de.properties @@ -114,6 +114,7 @@ role_missing_parentgroup_field=Es wurde keine Gruppe für die Rolle angegeben. D role_updated_permission=Berechtigung für Rolle {0} wurde aktualisiert. role_permission_path_missing=Es wurde kein Pfad angegeben. role_error_permission_name_unknown=Name der angegebenen Berechtigung "{0}" ist unbekannt. +role_reference_uuid_or_name_missing=Es wurde kein Name oder Uuid für die Rolle angegeben. project_deleted=Projekt "{0}" wurde gelöscht. project_version_purge_enqueued=Der Auftrag für die Projektversionsbereinigung wurde eingereiht. diff --git a/common/src/main/resources/i18n/translations_en.properties b/common/src/main/resources/i18n/translations_en.properties index 4b8d60f7ed..b13ada8c91 100644 --- a/common/src/main/resources/i18n/translations_en.properties +++ b/common/src/main/resources/i18n/translations_en.properties @@ -112,7 +112,8 @@ role_conflicting_name=Role name is conflicting with an existing role. role_missing_parentgroup_field=No parent group was specified for the role. Please set a parent group uuid. role_updated_permission=Permission for role {0} updated. role_permission_path_missing=No path was specified. -role_error_permission_name_unknown=Found permission name "{0}" is unknown. +role_error_permission_name_unknown=Found permission name "{0}" is unknown. +role_reference_uuid_or_name_missing=The role reference must contain either name or uuid. project_deleted=Project "{0}" was deleted. project_version_purge_enqueued=Project version purge job was queued. diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/group/GroupEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/group/GroupEndpoint.java index b0c63ba9eb..8788b88362 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/group/GroupEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/group/GroupEndpoint.java @@ -7,6 +7,7 @@ import static com.gentics.mesh.core.rest.MeshEvent.GROUP_UPDATED; import static com.gentics.mesh.core.rest.MeshEvent.GROUP_USER_ASSIGNED; import static com.gentics.mesh.core.rest.MeshEvent.GROUP_USER_UNASSIGNED; +import static com.gentics.mesh.core.rest.MeshEvent.ROLE_PERMISSIONS_CHANGED; import static com.gentics.mesh.example.ExampleUuids.GROUP_CLIENT_UUID; import static com.gentics.mesh.example.ExampleUuids.GROUP_EDITORS_UUID; import static com.gentics.mesh.example.ExampleUuids.ROLE_CLIENT_UUID; @@ -259,5 +260,21 @@ private void addRolePermissionHandler() { String uuid = rc.request().getParam("groupUuid"); crudHandler.handleReadPermissions(ac, uuid); }, false); + + InternalEndpointRoute grantPermissionsEndpoint = createRoute(); + grantPermissionsEndpoint.path("/:groupUuid/rolePermissions"); + grantPermissionsEndpoint.addUriParameter("groupUuid", "Uuid of the group", GROUP_CLIENT_UUID); + grantPermissionsEndpoint.method(POST); + grantPermissionsEndpoint.description("Grant permissions on the group for multiple roles."); + grantPermissionsEndpoint.consumes(APPLICATION_JSON); + grantPermissionsEndpoint.produces(APPLICATION_JSON); + grantPermissionsEndpoint.exampleRequest((String)null); // TODO + grantPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Updated permissions."); + grantPermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); + grantPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam("groupUuid"); + crudHandler.handleGrantPermissions(ac, uuid); + }); } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java b/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java index a621d12118..91fb9d1cc1 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java @@ -2,24 +2,34 @@ import static com.gentics.mesh.core.action.DAOActionContext.context; import static com.gentics.mesh.core.data.perm.InternalPermission.READ_PERM; +import static com.gentics.mesh.core.data.perm.InternalPermission.UPDATE_PERM; import static com.gentics.mesh.core.rest.error.Errors.error; +import static io.netty.handler.codec.http.HttpResponseStatus.BAD_REQUEST; +import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; import static io.netty.handler.codec.http.HttpResponseStatus.OK; import static org.apache.commons.lang3.StringUtils.isEmpty; +import java.util.HashSet; import java.util.Map; import java.util.Set; +import java.util.function.Function; import java.util.stream.Collectors; +import org.apache.commons.lang3.StringUtils; + import com.gentics.mesh.annotation.Getter; import com.gentics.mesh.context.InternalActionContext; import com.gentics.mesh.context.impl.InternalRoutingActionContextImpl; import com.gentics.mesh.core.action.DAOActions; import com.gentics.mesh.core.data.HibCoreElement; import com.gentics.mesh.core.data.dao.RoleDao; +import com.gentics.mesh.core.data.dao.UserDao; import com.gentics.mesh.core.data.perm.InternalPermission; import com.gentics.mesh.core.data.role.HibRole; +import com.gentics.mesh.core.data.user.HibUser; import com.gentics.mesh.core.db.Database; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.RestModel; import com.gentics.mesh.core.rest.role.RoleReference; @@ -124,9 +134,94 @@ public void handleReadPermissions(InternalActionContext ac, String uuid) { utils.syncTx(ac, tx -> { RoleDao roleDao = tx.roleDao(); T object = crudActions().loadByUuid(context(tx, ac), uuid, READ_PERM, true); - Set roles = roleDao.findAll(ac, new PagingParametersImpl().setPerPage(Long.MAX_VALUE)).stream().collect(Collectors.toSet()); + Set allRoles = roleDao.findAll(ac, new PagingParametersImpl().setPerPage(Long.MAX_VALUE)).stream().collect(Collectors.toSet()); + + Map> permissions = roleDao.getPermissions(allRoles, object); + permissions.values().removeIf(Set::isEmpty); + + ObjectPermissionResponse response = new ObjectPermissionResponse(); + permissions.entrySet().forEach(entry -> { + RoleReference role = entry.getKey().transformToReference(); + entry.getValue().forEach(perm -> response.add(role, perm.getRestPerm())); + }); + response.setOthers(object.hasPublishPermissions()); + + return response; + }, model -> ac.send(model, OK)); + } + + /** + * Handle request to grant permissions on sets of roles + * @param ac action context + * @param uuid entity uuid + */ + public void handleGrantPermissions(InternalActionContext ac, String uuid) { + validateParameter(uuid, "uuid"); + + ObjectPermissionRequest update = ac.fromJson(ObjectPermissionRequest.class); + utils.syncTx(ac, tx -> { + RoleDao roleDao = tx.roleDao(); + UserDao userDao = tx.userDao(); + HibUser requestUser = ac.getUser(); + T object = crudActions().loadByUuid(context(tx, ac), uuid, UPDATE_PERM, true); + Set allRoles = roleDao.findAll(ac, new PagingParametersImpl().setPerPage(Long.MAX_VALUE)).stream().collect(Collectors.toSet()); + Map allRolesByUuid = allRoles.stream().collect(Collectors.toMap(HibRole::getUuid, Function.identity())); + Map allRolesByName = allRoles.stream().collect(Collectors.toMap(HibRole::getName, Function.identity())); + + InternalPermission[] possiblePermissions = object.hasPublishPermissions() + ? InternalPermission.values() + : InternalPermission.basicPermissions(); + + for (InternalPermission perm : possiblePermissions) { + Set roleRefsToSet = update.get(perm.getRestPerm()); + if (roleRefsToSet != null) { + Set rolesToSet = new HashSet<>(); + for (RoleReference roleRef : roleRefsToSet) { + // find the role for the role reference + HibRole role = null; + if (!StringUtils.isEmpty(roleRef.getUuid())) { + role = allRolesByUuid.get(roleRef.getUuid()); + + if (role == null) { + throw error(NOT_FOUND, "object_not_found_for_uuid", roleRef.getUuid()); + } + } else if (!StringUtils.isEmpty(roleRef.getName())) { + role = allRolesByName.get(roleRef.getName()); + + if (role == null) { + throw error(NOT_FOUND, "object_not_found_for_name", roleRef.getName()); + } + } else { + throw error(BAD_REQUEST, "role_reference_uuid_or_name_missing"); + } + + // check update permission + if (!userDao.hasPermission(requestUser, role, UPDATE_PERM)) { + throw error(FORBIDDEN, "error_missing_perm", role.getUuid(), UPDATE_PERM.getRestPerm().getName()); + } + + rolesToSet.add(role); + } + + roleDao.grantPermissions(rolesToSet, object, false, perm); + + // handle "exclusive" flag by revoking perm from all "other" roles + if (update.isExclusive()) { + // start with all roles, the user can see + Set rolesToRevoke = new HashSet<>(allRoles); + // remove all roles, which get the permission granted + rolesToRevoke.removeAll(rolesToSet); + // remove all roles without UPDATE_PERM + rolesToRevoke.removeIf(role -> !userDao.hasPermission(requestUser, role, UPDATE_PERM)); + + if (!rolesToRevoke.isEmpty()) { + roleDao.revokePermissions(rolesToRevoke, object, perm); + } + } + } + } - Map> permissions = roleDao.getPermissions(roles, object); + Map> permissions = roleDao.getPermissions(allRoles, object); permissions.values().removeIf(Set::isEmpty); ObjectPermissionResponse response = new ObjectPermissionResponse(); diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/user/UserEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/user/UserEndpoint.java index 47de7fc840..d049783781 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/user/UserEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/user/UserEndpoint.java @@ -1,5 +1,6 @@ package com.gentics.mesh.core.endpoint.user; +import static com.gentics.mesh.core.rest.MeshEvent.ROLE_PERMISSIONS_CHANGED; import static com.gentics.mesh.core.rest.MeshEvent.USER_CREATED; import static com.gentics.mesh.core.rest.MeshEvent.USER_DELETED; import static com.gentics.mesh.core.rest.MeshEvent.USER_UPDATED; @@ -249,5 +250,21 @@ private void addRolePermissionHandler() { String uuid = rc.request().getParam("userUuid"); crudHandler.handleReadPermissions(ac, uuid); }, false); + + InternalEndpointRoute grantPermissionsEndpoint = createRoute(); + grantPermissionsEndpoint.path("/:userUuid/rolePermissions"); + grantPermissionsEndpoint.addUriParameter("userUuid", "Uuid of the user", USER_EDITOR_UUID); + grantPermissionsEndpoint.method(POST); + grantPermissionsEndpoint.description("Grant permissions on the user for multiple roles."); + grantPermissionsEndpoint.consumes(APPLICATION_JSON); + grantPermissionsEndpoint.produces(APPLICATION_JSON); + grantPermissionsEndpoint.exampleRequest((String)null); // TODO + grantPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Updated permissions."); + grantPermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); + grantPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam("userUuid"); + crudHandler.handleGrantPermissions(ac, uuid); + }); } } diff --git a/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java b/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java index 863db5c318..b6db408893 100644 --- a/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java +++ b/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java @@ -51,6 +51,7 @@ import com.gentics.mesh.core.rest.branch.info.BranchInfoMicroschemaList; import com.gentics.mesh.core.rest.branch.info.BranchInfoSchemaList; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.RestModel; import com.gentics.mesh.core.rest.graphql.GraphQLRequest; @@ -1872,6 +1873,15 @@ public MeshRequest getGroupRolePermissions(String uuid return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest grantGroupRolePermissions(String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setPayloadObject(request); + groupCrudHandler.handleGrantPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getMicroschemaRolePermissions(String uuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); @@ -1934,4 +1944,13 @@ public MeshRequest getUserRolePermissions(String uuid) userCrudHandler.handleReadPermissions(ac, uuid); return new MeshLocalRequestImpl<>(ac.getFuture()); } + + @Override + public MeshRequest grantUserRolePermissions(String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setPayloadObject(request); + userCrudHandler.handleGrantPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java index 2c995a839f..31ab3264ca 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java @@ -35,6 +35,7 @@ import com.gentics.mesh.core.rest.branch.info.BranchInfoMicroschemaList; import com.gentics.mesh.core.rest.branch.info.BranchInfoSchemaList; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.RestModel; import com.gentics.mesh.core.rest.graphql.GraphQLRequest; @@ -1670,6 +1671,14 @@ public MeshRequest getGroupRolePermissions(String uuid return prepareRequest(GET, "/groups/" + uuid + "/rolePermissions", ObjectPermissionResponse.class); } + @Override + public MeshRequest grantGroupRolePermissions(String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(POST, "/groups/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getMicroschemaRolePermissions(String uuid) { Objects.requireNonNull(uuid, "uuid must not be null"); @@ -1725,4 +1734,12 @@ public MeshRequest getUserRolePermissions(String uuid) Objects.requireNonNull(uuid, "uuid must not be null"); return prepareRequest(GET, "/users/" + uuid + "/rolePermissions", ObjectPermissionResponse.class); } + + @Override + public MeshRequest grantUserRolePermissions(String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(POST, "/users/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java index 1923447f0c..1cb66c7eaa 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java @@ -1,5 +1,6 @@ package com.gentics.mesh.rest.client.method; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.group.GroupCreateRequest; import com.gentics.mesh.core.rest.group.GroupListResponse; @@ -108,4 +109,13 @@ public interface GroupClientMethods { * @return request */ MeshRequest getGroupRolePermissions(String uuid); + + + /** + * Grant permissions on the group to roles + * @param uuid Uuid of the group + * @param request request + * @return mesh request + */ + MeshRequest grantGroupRolePermissions(String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java index 2bc36771ff..c9d8ca24f5 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java @@ -1,6 +1,7 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.user.UserAPITokenResponse; import com.gentics.mesh.core.rest.user.UserCreateRequest; @@ -128,4 +129,12 @@ public interface UserClientMethods { * @return request */ MeshRequest getUserRolePermissions(String uuid); + + /** + * Grant permissions on the user to roles + * @param uuid Uuid of the user + * @param request request + * @return mesh request + */ + MeshRequest grantUserRolePermissions(String uuid, ObjectPermissionRequest request); } diff --git a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRequest.java b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRequest.java new file mode 100644 index 0000000000..7546ff29aa --- /dev/null +++ b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRequest.java @@ -0,0 +1,31 @@ +package com.gentics.mesh.core.rest.common; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyDescription; + +public class ObjectPermissionRequest extends ObjectPermissionResponse { + @JsonProperty(required = false, defaultValue = "false") + @JsonPropertyDescription("Flag which indicates whether the permissions granted to only the given roles (will be revoked from all other roles).") + private boolean exclusive = false; + + /** + * Flag that indicated that the request should be executed exclusively. + * + * @return Flag value + */ + public boolean isExclusive() { + return exclusive; + } + + /** + * Set the flag which indicated whether the permission changes should be applied exclusively. + * + * @param exclusive + * Flag value + * @return Fluent API + */ + public ObjectPermissionRequest setExclusive(boolean exclusive) { + this.exclusive = exclusive; + return this; + } +} diff --git a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java index 409e0add9f..e53e381b01 100644 --- a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java +++ b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java @@ -163,6 +163,30 @@ public ObjectPermissionResponse setOthers(boolean includePublishPermissions) { return this; } + /** + * Get the roles with the given permission + * @param perm permission + * @return set of role references + */ + public Set get(Permission perm) { + switch (perm) { + case CREATE: + return create; + case READ: + return read; + case UPDATE: + return update; + case DELETE: + return delete; + case PUBLISH: + return publish; + case READ_PUBLISHED: + return readPublished; + default: + throw new RuntimeException("Unknown permission type {" + perm.getName() + "}"); + } + } + protected Set update(Set set, RoleReference role, boolean flag) { if (set == null) { set = new HashSet<>(); diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchEndpointTest.java index afc6a1fc77..7f7132a953 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchEndpointTest.java @@ -30,7 +30,6 @@ import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR; import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.fail; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; @@ -1370,24 +1369,6 @@ public void testUnassignedMigration() { this.migrateSchema(); } - @Test - @Override - public void testReadRolePermissions() throws Exception { - fail("Not implemented"); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermission() throws Exception { - fail("Not implemented"); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { - fail("Not implemented"); - } - private void updateFolderSchema(boolean immediate) { SchemaResponse schema = getSchemaByName("folder"); diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupEndpointTest.java index 96452c0eef..cbc7a2d2ba 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupEndpointTest.java @@ -23,7 +23,6 @@ import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR; import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; -import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; @@ -44,14 +43,12 @@ import com.gentics.mesh.core.data.group.HibGroup; import com.gentics.mesh.core.data.user.HibUser; import com.gentics.mesh.core.db.Tx; -import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.impl.MeshElementEventModelImpl; import com.gentics.mesh.core.rest.group.GroupCreateRequest; import com.gentics.mesh.core.rest.group.GroupListResponse; import com.gentics.mesh.core.rest.group.GroupResponse; import com.gentics.mesh.core.rest.group.GroupUpdateRequest; -import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.parameter.impl.PagingParametersImpl; import com.gentics.mesh.parameter.impl.RolePermissionParametersImpl; import com.gentics.mesh.test.MeshTestSetting; @@ -597,46 +594,4 @@ public void testPermissionResponse() { assertThat(group.getPermissions()).hasNoPublishPermsSet(); } - - @Test - @Override - public void testReadRolePermissions() throws Exception { - String groupUuid = tx(() -> group().getUuid()); - RoleReference testRole = tx(() -> role().transformToReference()); - ObjectPermissionResponse response = call(() -> client().getGroupRolePermissions(groupUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); - assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermission() throws Exception { - String groupUuid = tx(() -> group().getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), group(), READ_PERM); - }); - call(() -> client().getGroupRolePermissions(groupUuid), FORBIDDEN, "error_missing_perm", groupUuid, READ_PERM.getRestPerm().getName()); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { - String groupUuid = tx(() -> group().getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), role(), READ_PERM); - }); - ObjectPermissionResponse response = call(() -> client().getGroupRolePermissions(groupUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); - assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); - } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java new file mode 100644 index 0000000000..add65b5bbc --- /dev/null +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java @@ -0,0 +1,34 @@ +package com.gentics.mesh.core.group; + +import static com.gentics.mesh.test.TestSize.PROJECT_AND_NODE; + +import com.gentics.mesh.core.data.HibBaseElement; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.test.MeshTestSetting; +import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.ClientHandler; + +/** + * Test cases for handling role permissions for groups + */ +@MeshTestSetting(testSize = PROJECT_AND_NODE, startServer = true) +public class GroupRolePermissionsEndpointTest extends AbstractRolePermissionTest { + + @Override + protected HibBaseElement getTestedElement() { + return group(); + } + + @Override + protected ClientHandler getRolePermissions() { + String uuid = getTestedUuid(); + return () -> client().getGroupRolePermissions(uuid); + } + + @Override + protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + String uuid = getTestedUuid(); + return () -> client().grantGroupRolePermissions(uuid, request); + } +} diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeEndpointTest.java index 9fa203faee..e9987e55d0 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeEndpointTest.java @@ -28,12 +28,12 @@ import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.fail; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; import java.net.UnknownHostException; import java.util.ArrayList; @@ -61,7 +61,6 @@ import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.rest.branch.BranchCreateRequest; import com.gentics.mesh.core.rest.common.ContainerType; -import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.node.NodeMeshEventModel; @@ -72,7 +71,6 @@ import com.gentics.mesh.core.rest.node.NodeUpsertRequest; import com.gentics.mesh.core.rest.node.field.StringField; import com.gentics.mesh.core.rest.project.ProjectReference; -import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.schema.SchemaReference; import com.gentics.mesh.core.rest.schema.impl.SchemaCreateRequest; import com.gentics.mesh.core.rest.schema.impl.SchemaReferenceImpl; @@ -2136,47 +2134,4 @@ public void testRootNodeBreadcrumb() { assertEquals(1, breadcrumb.size()); assertEquals(node.getNodeResponse().getUuid(), breadcrumb.get(0).getUuid()); } - - @Test - @Override - public void testReadRolePermissions() throws Exception { - String uuid = tx(() -> folder("2015").getUuid()); - RoleReference testRole = tx(() -> role().transformToReference()); - - ObjectPermissionResponse response = call(() -> client().getNodeRolePermissions(PROJECT_NAME, uuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); - assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); - assertThat(response.getPublish()).as("Roles with publish permission").containsOnly(testRole); - assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").containsOnly(testRole); - assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermission() throws Exception { - String uuid = tx(() -> folder("2015").getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), folder("2015"), READ_PERM); - }); - call(() -> client().getNodeRolePermissions(PROJECT_NAME, uuid), FORBIDDEN, "error_missing_perm", uuid, READ_PERM.getRestPerm().getName()); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { - String uuid = tx(() -> folder("2015").getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), role(), READ_PERM); - }); - ObjectPermissionResponse response = call(() -> client().getNodeRolePermissions(PROJECT_NAME, uuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); - assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); - assertThat(response.getPublish()).as("Roles with publish permission").isNotNull().isEmpty(); - assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNotNull().isEmpty(); - assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); - } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java new file mode 100644 index 0000000000..998fc5c22f --- /dev/null +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java @@ -0,0 +1,34 @@ +package com.gentics.mesh.core.node; + +import static com.gentics.mesh.test.TestDataProvider.PROJECT_NAME; +import static com.gentics.mesh.test.TestSize.PROJECT_AND_NODE; + +import com.gentics.mesh.core.data.HibBaseElement; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.test.MeshTestSetting; +import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.ClientHandler; + +/** + * Test cases for handling role permissions for nodes + */ +@MeshTestSetting(testSize = PROJECT_AND_NODE, startServer = true) +public class NodeRolePermissionsEndpointTest extends AbstractRolePermissionTest { + + @Override + protected HibBaseElement getTestedElement() { + return folder("2015"); + } + + @Override + protected ClientHandler getRolePermissions() { + return () -> client().getNodeRolePermissions(PROJECT_NAME, getTestedUuid()); + } + + @Override + protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + // TODO Auto-generated method stub + return null; + } +} diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectEndpointTest.java index 7fa0d32d1d..1d863e91c8 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectEndpointTest.java @@ -59,7 +59,6 @@ import com.gentics.mesh.core.rest.branch.BranchCreateRequest; import com.gentics.mesh.core.rest.branch.BranchResponse; import com.gentics.mesh.core.rest.branch.BranchUpdateRequest; -import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.common.PermissionInfo; import com.gentics.mesh.core.rest.error.GenericRestException; @@ -72,7 +71,6 @@ import com.gentics.mesh.core.rest.project.ProjectResponse; import com.gentics.mesh.core.rest.project.ProjectUpdateRequest; import com.gentics.mesh.core.rest.role.RolePermissionRequest; -import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.role.RoleResponse; import com.gentics.mesh.core.rest.schema.impl.SchemaReferenceImpl; import com.gentics.mesh.parameter.LinkType; @@ -841,46 +839,4 @@ public void testDeleteProjectNamedProject() { list = call(() -> client().findProjects()); assertThat(list.getData().stream().map(ProjectResponse::getName)).as("List of projects").containsOnly("dummy"); } - - @Test - @Override - public void testReadRolePermissions() throws Exception { - String projectUuid = tx(() -> project().getUuid()); - RoleReference testRole = tx(() -> role().transformToReference()); - ObjectPermissionResponse response = call(() -> client().getProjectRolePermissions(projectUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); - assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermission() throws Exception { - String projectUuid = tx(() -> project().getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), project(), READ_PERM); - }); - call(() -> client().getProjectRolePermissions(projectUuid), FORBIDDEN, "error_missing_perm", projectUuid, READ_PERM.getRestPerm().getName()); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { - String projectUuid = tx(() -> project().getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), role(), READ_PERM); - }); - ObjectPermissionResponse response = call(() -> client().getProjectRolePermissions(projectUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); - assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); - } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java new file mode 100644 index 0000000000..afe2b950b9 --- /dev/null +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java @@ -0,0 +1,33 @@ +package com.gentics.mesh.core.project; + +import static com.gentics.mesh.test.TestSize.PROJECT_AND_NODE; + +import com.gentics.mesh.core.data.HibBaseElement; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.test.MeshTestSetting; +import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.ClientHandler; + +/** + * Test cases for handling role permissions for projects + */ +@MeshTestSetting(testSize = PROJECT_AND_NODE, startServer = true) +public class ProjectRolePermissionsEndpointTest extends AbstractRolePermissionTest { + + @Override + protected HibBaseElement getTestedElement() { + return project(); + } + + @Override + protected ClientHandler getRolePermissions() { + return () -> client().getProjectRolePermissions(getTestedUuid()); + } + + @Override + protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + // TODO Auto-generated method stub + return null; + } +} diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleEndpointTest.java index de1b756a6b..45a07ff427 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleEndpointTest.java @@ -18,7 +18,6 @@ import static io.netty.handler.codec.http.HttpResponseStatus.CONFLICT; import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR; -import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -41,13 +40,11 @@ import com.gentics.mesh.core.data.role.HibRole; import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.rest.common.GenericMessageResponse; -import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.impl.MeshElementEventModelImpl; import com.gentics.mesh.core.rest.role.RoleCreateRequest; import com.gentics.mesh.core.rest.role.RoleListResponse; -import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.role.RoleResponse; import com.gentics.mesh.core.rest.role.RoleUpdateRequest; import com.gentics.mesh.parameter.impl.PagingParametersImpl; @@ -561,46 +558,4 @@ public void testPermissionResponse() { RoleResponse role = client().findRoles().blockingGet().getData().get(0); assertThat(role.getPermissions()).hasNoPublishPermsSet(); } - - @Test - @Override - public void testReadRolePermissions() throws Exception { - String roleUuid = tx(() -> roles().get("anonymous").getUuid()); - RoleReference testRole = tx(() -> role().transformToReference()); - ObjectPermissionResponse response = call(() -> client().getRoleRolePermissions(roleUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); - assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermission() throws Exception { - String roleUuid = tx(() -> roles().get("anonymous").getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), roles().get("anonymous"), READ_PERM); - }); - call(() -> client().getRoleRolePermissions(roleUuid), FORBIDDEN, "error_missing_perm", roleUuid, READ_PERM.getRestPerm().getName()); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { - String roleUuid = tx(() -> roles().get("anonymous").getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), role(), READ_PERM); - }); - ObjectPermissionResponse response = call(() -> client().getRoleRolePermissions(roleUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); - assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); - } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java new file mode 100644 index 0000000000..a40cea128b --- /dev/null +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java @@ -0,0 +1,33 @@ +package com.gentics.mesh.core.role; + +import static com.gentics.mesh.test.TestSize.PROJECT_AND_NODE; + +import com.gentics.mesh.core.data.HibBaseElement; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.test.MeshTestSetting; +import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.ClientHandler; + +/** + * Test cases for handling role permissions for roles + */ +@MeshTestSetting(testSize = PROJECT_AND_NODE, startServer = true) +public class RoleRolePermissionsEndpointTest extends AbstractRolePermissionTest { + + @Override + protected HibBaseElement getTestedElement() { + return roles().get("anonymous"); + } + + @Override + protected ClientHandler getRolePermissions() { + return () -> client().getRoleRolePermissions(getTestedUuid()); + } + + @Override + protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + // TODO Auto-generated method stub + return null; + } +} diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaEndpointTest.java index ab1f8c996e..09bcbd3c87 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaEndpointTest.java @@ -20,7 +20,6 @@ import static io.netty.handler.codec.http.HttpResponseStatus.CONFLICT; import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; -import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -33,7 +32,6 @@ import com.gentics.mesh.core.data.dao.RoleDao; import com.gentics.mesh.core.data.schema.HibMicroschema; import com.gentics.mesh.core.db.Tx; -import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.impl.MeshElementEventModelImpl; @@ -44,7 +42,6 @@ import com.gentics.mesh.core.rest.node.NodeCreateRequest; import com.gentics.mesh.core.rest.node.NodeResponse; import com.gentics.mesh.core.rest.node.field.list.impl.MicronodeFieldListImpl; -import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.schema.ListFieldSchema; import com.gentics.mesh.core.rest.schema.MicroschemaModel; import com.gentics.mesh.core.rest.schema.impl.MicroschemaReferenceImpl; @@ -505,46 +502,4 @@ public void testConflictingNameWithSchema() throws InterruptedException { client().createSchema(schemaRequest).blockingAwait(); call(() -> client().createMicroschema(microSchemaRequest), CONFLICT, "schema_conflicting_name", "test"); } - - @Test - @Override - public void testReadRolePermissions() throws Exception { - String microschemaUuid = tx(() -> microschemaContainer("vcard").getUuid()); - RoleReference testRole = tx(() -> role().transformToReference()); - ObjectPermissionResponse response = call(() -> client().getMicroschemaRolePermissions(microschemaUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); - assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermission() throws Exception { - String microschemaUuid = tx(() -> microschemaContainer("vcard").getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), microschemaContainer("vcard"), READ_PERM); - }); - call(() -> client().getMicroschemaRolePermissions(microschemaUuid), FORBIDDEN, "error_missing_perm", microschemaUuid, READ_PERM.getRestPerm().getName()); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { - String microschemaUuid = tx(() -> microschemaContainer("vcard").getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), role(), READ_PERM); - }); - ObjectPermissionResponse response = call(() -> client().getMicroschemaRolePermissions(microschemaUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); - assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); - } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java new file mode 100644 index 0000000000..5eeabd98e7 --- /dev/null +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java @@ -0,0 +1,33 @@ +package com.gentics.mesh.core.schema; + +import static com.gentics.mesh.test.TestSize.FULL; + +import com.gentics.mesh.core.data.HibBaseElement; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.test.MeshTestSetting; +import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.ClientHandler; + +/** + * Test cases for handling role permissions for microschemas + */ +@MeshTestSetting(testSize = FULL, startServer = true) +public class MicroschemaRolePermissionsEndpointTest extends AbstractRolePermissionTest { + + @Override + protected HibBaseElement getTestedElement() { + return microschemaContainer("vcard"); + } + + @Override + protected ClientHandler getRolePermissions() { + return () -> client().getMicroschemaRolePermissions(getTestedUuid()); + } + + @Override + protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + // TODO Auto-generated method stub + return null; + } +} diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaEndpointTest.java index 7d77ff9136..c739661714 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaEndpointTest.java @@ -58,7 +58,6 @@ import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.rest.branch.BranchReference; import com.gentics.mesh.core.rest.common.AbstractResponse; -import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.EventCauseInfo; @@ -72,7 +71,6 @@ import com.gentics.mesh.core.rest.microschema.impl.MicroschemaCreateRequest; import com.gentics.mesh.core.rest.microschema.impl.MicroschemaResponse; import com.gentics.mesh.core.rest.project.ProjectReference; -import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.schema.MicroschemaReference; import com.gentics.mesh.core.rest.schema.SchemaListResponse; import com.gentics.mesh.core.rest.schema.SchemaModel; @@ -842,46 +840,4 @@ public void testMicronodeListFieldWithoutAllow() { assertThat(version.getMicroschemaVersionHash(initialBranch())).as("Microschema Version Hash").isNull(); }); } - - @Test - @Override - public void testReadRolePermissions() throws Exception { - String schemaUuid = tx(() -> schemaContainer("content").getUuid()); - RoleReference testRole = tx(() -> role().transformToReference()); - ObjectPermissionResponse response = call(() -> client().getSchemaRolePermissions(schemaUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); - assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermission() throws Exception { - String schemaUuid = tx(() -> schemaContainer("content").getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), schemaContainer("content"), READ_PERM); - }); - call(() -> client().getSchemaRolePermissions(schemaUuid), FORBIDDEN, "error_missing_perm", schemaUuid, READ_PERM.getRestPerm().getName()); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { - String schemaUuid = tx(() -> schemaContainer("content").getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), role(), READ_PERM); - }); - ObjectPermissionResponse response = call(() -> client().getSchemaRolePermissions(schemaUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); - assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); - } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java new file mode 100644 index 0000000000..2e0a26b3ac --- /dev/null +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java @@ -0,0 +1,33 @@ +package com.gentics.mesh.core.schema; + +import static com.gentics.mesh.test.TestSize.FULL; + +import com.gentics.mesh.core.data.HibBaseElement; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.test.MeshTestSetting; +import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.ClientHandler; + +/** + * Test cases for handling role permissions for schemas + */ +@MeshTestSetting(testSize = FULL, startServer = true) +public class SchemaRolePermissionsEndpointTest extends AbstractRolePermissionTest { + + @Override + protected HibBaseElement getTestedElement() { + return schemaContainer("content"); + } + + @Override + protected ClientHandler getRolePermissions() { + return () -> client().getSchemaRolePermissions(getTestedUuid()); + } + + @Override + protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + // TODO Auto-generated method stub + return null; + } +} diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagEndpointTest.java index 7f77b78766..c6df70f112 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagEndpointTest.java @@ -24,7 +24,6 @@ import static io.netty.handler.codec.http.HttpResponseStatus.CONFLICT; import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR; -import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -49,11 +48,9 @@ import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.rest.common.ContainerType; import com.gentics.mesh.core.rest.common.ListResponse; -import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.node.NodeTaggedEventModel; import com.gentics.mesh.core.rest.event.tag.TagMeshEventModel; -import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.tag.TagCreateRequest; import com.gentics.mesh.core.rest.tag.TagFamilyResponse; import com.gentics.mesh.core.rest.tag.TagListResponse; @@ -661,50 +658,4 @@ public void testPermissionResponse() { TagResponse tag = client().findTags(PROJECT_NAME, tagfamily.getUuid()).blockingGet().getData().get(0); assertThat(tag.getPermissions()).hasNoPublishPermsSet(); } - - @Test - @Override - public void testReadRolePermissions() throws Exception { - String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); - String tagUuid = tx(() -> tag("red").getUuid()); - RoleReference testRole = tx(() -> role().transformToReference()); - - ObjectPermissionResponse response = call(() -> client().getTagRolePermissions(PROJECT_NAME, tagFamilyUuid, tagUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); - assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermission() throws Exception { - String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); - String tagUuid = tx(() -> tag("red").getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), tag("red"), READ_PERM); - }); - call(() -> client().getTagRolePermissions(PROJECT_NAME, tagFamilyUuid, tagUuid), FORBIDDEN, "error_missing_perm", tagUuid, READ_PERM.getRestPerm().getName()); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { - String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); - String tagUuid = tx(() -> tag("red").getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), role(), READ_PERM); - }); - ObjectPermissionResponse response = call(() -> client().getTagRolePermissions(PROJECT_NAME, tagFamilyUuid, tagUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); - assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); - } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java new file mode 100644 index 0000000000..c9a123e8df --- /dev/null +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java @@ -0,0 +1,35 @@ +package com.gentics.mesh.core.tag; + +import static com.gentics.mesh.test.TestDataProvider.PROJECT_NAME; +import static com.gentics.mesh.test.TestSize.FULL; + +import com.gentics.mesh.core.data.HibBaseElement; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.test.MeshTestSetting; +import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.ClientHandler; + +/** + * Test cases for handling role permissions for tags + */ +@MeshTestSetting(testSize = FULL, startServer = true) +public class TagRolePermissionsEndpointTest extends AbstractRolePermissionTest { + + @Override + protected HibBaseElement getTestedElement() { + return tag("red"); + } + + @Override + protected ClientHandler getRolePermissions() { + String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); + return () -> client().getTagRolePermissions(PROJECT_NAME, tagFamilyUuid, getTestedUuid()); + } + + @Override + protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + // TODO Auto-generated method stub + return null; + } +} diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyEndpointTest.java index 9afad7ae36..819ab6f49c 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyEndpointTest.java @@ -22,7 +22,6 @@ import static io.netty.handler.codec.http.HttpResponseStatus.CONFLICT; import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR; -import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -54,12 +53,10 @@ import com.gentics.mesh.core.db.CommonTx; import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.rest.common.ContainerType; -import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.tag.TagMeshEventModel; import com.gentics.mesh.core.rest.event.tagfamily.TagFamilyMeshEventModel; -import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.tag.TagFamilyCreateRequest; import com.gentics.mesh.core.rest.tag.TagFamilyListResponse; import com.gentics.mesh.core.rest.tag.TagFamilyResponse; @@ -605,47 +602,4 @@ public void testPermissionResponse() { TagFamilyResponse family = client().findTagFamilies(PROJECT_NAME).blockingGet().getData().get(0); assertThat(family.getPermissions()).hasNoPublishPermsSet(); } - - @Test - @Override - public void testReadRolePermissions() throws Exception { - String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); - RoleReference testRole = tx(() -> role().transformToReference()); - - ObjectPermissionResponse response = call(() -> client().getTagFamilyRolePermissions(PROJECT_NAME, tagFamilyUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); - assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermission() throws Exception { - String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), tagFamily("colors"), READ_PERM); - }); - call(() -> client().getTagFamilyRolePermissions(PROJECT_NAME, tagFamilyUuid), FORBIDDEN, "error_missing_perm", tagFamilyUuid, READ_PERM.getRestPerm().getName()); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { - String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), role(), READ_PERM); - }); - ObjectPermissionResponse response = call(() -> client().getTagFamilyRolePermissions(PROJECT_NAME, tagFamilyUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); - assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); - } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java new file mode 100644 index 0000000000..a48c3a1b31 --- /dev/null +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java @@ -0,0 +1,34 @@ +package com.gentics.mesh.core.tagfamily; + +import static com.gentics.mesh.test.TestDataProvider.PROJECT_NAME; +import static com.gentics.mesh.test.TestSize.FULL; + +import com.gentics.mesh.core.data.HibBaseElement; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.test.MeshTestSetting; +import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.ClientHandler; + +/** + * Test cases for handling role permissions for tag families + */ +@MeshTestSetting(testSize = FULL, startServer = true) +public class TagFamilyRolePermissionsEndpointTest extends AbstractRolePermissionTest { + + @Override + protected HibBaseElement getTestedElement() { + return tagFamily("colors"); + } + + @Override + protected ClientHandler getRolePermissions() { + return () -> client().getTagFamilyRolePermissions(PROJECT_NAME, getTestedUuid()); + } + + @Override + protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + // TODO Auto-generated method stub + return null; + } +} diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserEndpointTest.java index 2332c5bf92..e9bafe45da 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserEndpointTest.java @@ -29,7 +29,6 @@ import static io.netty.handler.codec.http.HttpResponseStatus.UNAUTHORIZED; import static io.vertx.core.http.HttpHeaders.HOST; import static io.vertx.core.http.HttpHeaders.LOCATION; -import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotEquals; @@ -42,6 +41,8 @@ import java.util.List; import java.util.stream.Collectors; +import com.gentics.mesh.core.data.role.HibRole; +import com.gentics.mesh.core.db.CommonTx; import org.apache.commons.lang3.StringUtils; import org.junit.Ignore; import org.junit.Test; @@ -54,18 +55,14 @@ import com.gentics.mesh.core.data.group.HibGroup; import com.gentics.mesh.core.data.node.HibNode; import com.gentics.mesh.core.data.perm.InternalPermission; -import com.gentics.mesh.core.data.role.HibRole; import com.gentics.mesh.core.data.tagfamily.HibTagFamily; import com.gentics.mesh.core.data.user.HibUser; -import com.gentics.mesh.core.db.CommonTx; import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.rest.common.ListResponse; -import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.common.Permission; import com.gentics.mesh.core.rest.error.GenericRestException; import com.gentics.mesh.core.rest.event.impl.MeshElementEventModelImpl; import com.gentics.mesh.core.rest.node.NodeResponse; -import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.user.NodeReference; import com.gentics.mesh.core.rest.user.UserAPITokenResponse; import com.gentics.mesh.core.rest.user.UserCreateRequest; @@ -1556,46 +1553,4 @@ public void testUserRolesHash() { assertTrue("Roles hash should be in response", !StringUtils.isBlank(response.getRolesHash())); } - - @Test - @Override - public void testReadRolePermissions() throws Exception { - String userUuid = tx(() -> user().getUuid()); - RoleReference testRole = tx(() -> role().transformToReference()); - ObjectPermissionResponse response = call(() -> client().getUserRolePermissions(userUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); - assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermission() throws Exception { - String userUuid = tx(() -> user().getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), user(), READ_PERM); - }); - call(() -> client().getUserRolePermissions(userUuid), FORBIDDEN, "error_missing_perm", userUuid, READ_PERM.getRestPerm().getName()); - } - - @Test - @Override - public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { - String userUuid = tx(() -> user().getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), role(), READ_PERM); - }); - ObjectPermissionResponse response = call(() -> client().getUserRolePermissions(userUuid)); - assertThat(response).as("Response").isNotNull(); - assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); - assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); - assertThat(response.getPublish()).as("Roles with publish permission").isNull(); - assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); - assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); - assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); - } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java new file mode 100644 index 0000000000..051fbf66e3 --- /dev/null +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java @@ -0,0 +1,34 @@ +package com.gentics.mesh.core.user; + +import static com.gentics.mesh.test.TestSize.PROJECT_AND_NODE; + +import com.gentics.mesh.core.data.HibBaseElement; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.test.MeshTestSetting; +import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.ClientHandler; + +/** + * Test cases for handling role permissions for users + */ +@MeshTestSetting(testSize = PROJECT_AND_NODE, startServer = true) +public class UserRolePermissionsEndpointTest extends AbstractRolePermissionTest { + + @Override + protected HibBaseElement getTestedElement() { + return user(); + } + + @Override + protected ClientHandler getRolePermissions() { + String uuid = getTestedUuid(); + return () -> client().getUserRolePermissions(uuid); + } + + @Override + protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + String uuid = getTestedUuid(); + return () -> client().grantUserRolePermissions(uuid, request); + } +} diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionTest.java new file mode 100644 index 0000000000..a774f8010a --- /dev/null +++ b/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionTest.java @@ -0,0 +1,183 @@ +package com.gentics.mesh.test.context; + +import static com.gentics.mesh.core.data.perm.InternalPermission.CREATE_PERM; +import static com.gentics.mesh.core.data.perm.InternalPermission.DELETE_PERM; +import static com.gentics.mesh.core.data.perm.InternalPermission.READ_PERM; +import static com.gentics.mesh.core.data.perm.InternalPermission.UPDATE_PERM; +import static com.gentics.mesh.test.ClientHelper.call; +import static io.netty.handler.codec.http.HttpResponseStatus.BAD_REQUEST; +import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; +import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; +import static org.assertj.core.api.Assertions.assertThat; + +import org.junit.Test; + +import com.gentics.mesh.core.data.HibBaseElement; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.role.RoleReference; +import com.gentics.mesh.util.UUIDUtil; + +/** + * Abstract test class for role permissions test + */ +public abstract class AbstractRolePermissionTest extends AbstractMeshTest { + /** + * Test reading role permissions + * @throws Exception + */ + @Test + public void testReadRolePermissions() throws Exception { + boolean hasPublishPermissions = tx(() -> getTestedElement().hasPublishPermissions()); + RoleReference testRole = tx(() -> role().transformToReference()); + + ObjectPermissionResponse response = call(getRolePermissions()); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").containsOnly(testRole); + assertThat(response.getDelete()).as("Roles with delete permission").containsOnly(testRole); + assertThat(response.getRead()).as("Roles with read permission").containsOnly(testRole); + assertThat(response.getUpdate()).as("Roles with update permission").containsOnly(testRole); + if (hasPublishPermissions) { + assertThat(response.getPublish()).as("Roles with publish permission").containsOnly(testRole); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").containsOnly(testRole); + } else { + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + } + } + + /** + * Test reading role permissions without permission on the object itself + * @throws Exception + */ + @Test + public void testReadRolePermissionWithoutPermission() throws Exception { + String uuid = tx(() -> getTestedElement().getUuid()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), getTestedElement(), READ_PERM); + }); + call(getRolePermissions(), FORBIDDEN, "error_missing_perm", uuid, READ_PERM.getRestPerm().getName()); + } + + /** + * Test reading role permissions without permission on all roles + * @throws Exception + */ + @Test + public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { + boolean hasPublishPermissions = tx(() -> getTestedElement().hasPublishPermissions()); + tx(tx -> { + tx.roleDao().revokePermissions(role(), role(), READ_PERM); + }); + + ObjectPermissionResponse response = call(getRolePermissions()); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().isEmpty(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().isEmpty(); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); + if (hasPublishPermissions) { + assertThat(response.getPublish()).as("Roles with publish permission").isNotNull().isEmpty();; + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNotNull().isEmpty(); + } else { + assertThat(response.getPublish()).as("Roles with publish permission").isNull(); + assertThat(response.getReadPublished()).as("Roles with readPublished permission").isNull(); + } + } + + /** + * Test granting role permissions by uuid + * @throws Exception + */ + @Test + public void testGrantRolePermissionsByUuid() throws Exception { + String anonymousUuid = tx(() -> roles().get("anonymous").getUuid()); + RoleReference anonymous = tx(() -> roles().get("anonymous").transformToReference()); + RoleReference testRole = tx(() -> role().transformToReference()); + + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(new RoleReference().setUuid(anonymousUuid), READ_PERM.getRestPerm(), true); + ObjectPermissionResponse response = call(grantRolePermissions(request)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().containsOnly(anonymous, testRole); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().containsOnly(testRole); + } + + /** + * Test granting role permissions by name + * @throws Exception + */ + @Test + public void testGrantRolePermissionsByName() throws Exception { + RoleReference anonymous = tx(() -> roles().get("anonymous").transformToReference()); + RoleReference testRole = tx(() -> role().transformToReference()); + + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(new RoleReference().setName("anonymous"), UPDATE_PERM.getRestPerm(), true); + ObjectPermissionResponse response = call(grantRolePermissions(request)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().containsOnly(anonymous, testRole); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().containsOnly(testRole); + } + + /** + * Test granting role permissions by unknown uuid + * @throws Exception + */ + @Test + public void testGrantUnknownRolePermissionsByUuid() throws Exception { + String randomUUID = UUIDUtil.randomUUID(); + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(new RoleReference().setUuid(randomUUID), UPDATE_PERM.getRestPerm(), true); + call(grantRolePermissions(request), NOT_FOUND, "object_not_found_for_uuid", randomUUID); + } + + /** + * Test granting role permissions by unknown name + * @throws Exception + */ + @Test + public void testGrantUnknownRolePermissionsByName() throws Exception { + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(new RoleReference().setName("bogus"), DELETE_PERM.getRestPerm(), true); + call(grantRolePermissions(request), NOT_FOUND, "object_not_found_for_name", "bogus"); + } + + /** + * Test granting role permissions by neither uuid nor name + * @throws Exception + */ + @Test + public void testGrantInvalidRolePermissions() throws Exception { + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(new RoleReference(), CREATE_PERM.getRestPerm(), true); + call(grantRolePermissions(request), BAD_REQUEST, "role_reference_uuid_or_name_missing"); + } + + /** + * Get the tested element (this method assumes a running transaction) + * @return tested element + */ + protected abstract HibBaseElement getTestedElement(); + + /** + * Get the uuid of the tested element + * @return uuid + */ + protected String getTestedUuid() { + return tx(() -> getTestedElement().getUuid()); + } + + /** + * Get a client handler that gets the role permissions on the tested element + * @return client handler + */ + protected abstract ClientHandler getRolePermissions(); + + /** + * Get a client handler that grants the role permissions on the tested element + * @param request request + * @return client handler + */ + protected abstract ClientHandler grantRolePermissions(ObjectPermissionRequest request); +} diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/test/definition/CrudEndpointTestCases.java b/tests/tests-core/src/main/java/com/gentics/mesh/test/definition/CrudEndpointTestCases.java index 70053c6717..73ecca8d7c 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/test/definition/CrudEndpointTestCases.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/test/definition/CrudEndpointTestCases.java @@ -43,21 +43,4 @@ public interface CrudEndpointTestCases { void testDeleteByUUIDWithNoPermission() throws Exception; - /** - * Test reading role permissions - * @throws Exception - */ - void testReadRolePermissions() throws Exception; - - /** - * Test reading role permissions without permission on the object itself - * @throws Exception - */ - void testReadRolePermissionWithoutPermission() throws Exception; - - /** - * Test reading role permissions without permission on all roles - * @throws Exception - */ - void testReadRolePermissionWithoutPermissionOnRole() throws Exception; } From 58f1c0adf7f7114c2e5e17edb34337574ceb9e56 Mon Sep 17 00:00:00 2001 From: Norbert Pomaroli Date: Tue, 4 Oct 2022 12:10:13 +0200 Subject: [PATCH 3/9] Add methods to grant role permissions Refactored and added tests --- .../RolePermissionHandlingEndpoint.java | 61 ++++++++++++ ...RolePermissionHandlingProjectEndpoint.java | 63 ++++++++++++ .../core/endpoint/group/GroupEndpoint.java | 40 +------- .../microschema/MicroschemaEndpoint.java | 21 +--- .../mesh/core/endpoint/node/NodeEndpoint.java | 21 +--- .../endpoint/project/ProjectEndpoint.java | 21 +--- .../mesh/core/endpoint/role/RoleEndpoint.java | 21 +--- .../core/endpoint/schema/SchemaEndpoint.java | 21 +--- .../core/endpoint/tag/TagCrudHandler.java | 97 +++++++++++++++++++ .../endpoint/tagfamily/TagFamilyEndpoint.java | 40 ++++---- .../mesh/core/endpoint/user/UserEndpoint.java | 38 +------- .../mesh/rest/MeshLocalClientImpl.java | 70 +++++++++++++ .../client/impl/MeshRestHttpClientImpl.java | 60 ++++++++++++ .../client/method/GroupClientMethods.java | 1 - .../method/MicroschemaClientMethods.java | 9 ++ .../rest/client/method/NodeClientMethods.java | 12 +++ .../client/method/ProjectClientMethods.java | 9 ++ .../rest/client/method/RoleClientMethods.java | 9 ++ .../client/method/SchemaClientMethods.java | 9 ++ .../rest/client/method/TagClientMethods.java | 13 +++ .../client/method/TagFamilyClientMethods.java | 14 +++ .../GroupRolePermissionsEndpointTest.java | 4 +- .../node/NodeRolePermissionsEndpointTest.java | 7 +- .../ProjectRolePermissionsEndpointTest.java | 8 +- .../role/RoleRolePermissionsEndpointTest.java | 7 +- ...icroschemaRolePermissionsEndpointTest.java | 8 +- .../SchemaRolePermissionsEndpointTest.java | 8 +- .../tag/TagRolePermissionsEndpointTest.java | 12 ++- .../TagFamilyRolePermissionsEndpointTest.java | 7 +- .../user/UserRolePermissionsEndpointTest.java | 4 +- ...> AbstractRolePermissionEndpointTest.java} | 2 +- 31 files changed, 503 insertions(+), 214 deletions(-) create mode 100644 core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java create mode 100644 core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java rename tests/tests-core/src/main/java/com/gentics/mesh/test/context/{AbstractRolePermissionTest.java => AbstractRolePermissionEndpointTest.java} (98%) diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java new file mode 100644 index 0000000000..f9516fbc50 --- /dev/null +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java @@ -0,0 +1,61 @@ +package com.gentics.mesh.core.endpoint; + +import static com.gentics.mesh.core.rest.MeshEvent.ROLE_PERMISSIONS_CHANGED; +import static com.gentics.mesh.http.HttpConstants.APPLICATION_JSON; +import static io.netty.handler.codec.http.HttpResponseStatus.OK; +import static io.vertx.core.http.HttpMethod.GET; +import static io.vertx.core.http.HttpMethod.POST; + +import com.gentics.mesh.auth.MeshAuthChainImpl; +import com.gentics.mesh.context.InternalActionContext; +import com.gentics.mesh.core.endpoint.handler.AbstractCrudHandler; +import com.gentics.mesh.rest.InternalEndpointRoute; +import com.gentics.mesh.router.route.AbstractInternalEndpoint; + +public abstract class RolePermissionHandlingEndpoint extends AbstractInternalEndpoint { + + protected RolePermissionHandlingEndpoint(String basePath, MeshAuthChainImpl chain) { + super(basePath, chain); + } + + /** + * Add role permission handler + * @param uuidParameterName name of the uuid parameter (e.g. "groupUuid") + * @param uuidParameterExample example of the uuid parameter + * @param typeDescription description of the object type (e.g. "group") + * @param crudHandler crud handler + * @param includePublishPermissions true to include the publish permissions into the example + */ + protected void addRolePermissionHandler(String uuidParameterName, String uuidParameterExample, String typeDescription, + AbstractCrudHandler crudHandler, boolean includePublishPermissions) { + String path = "/:" + uuidParameterName + "/rolePermissions"; + InternalEndpointRoute readPermissionsEndpoint = createRoute(); + readPermissionsEndpoint.path(path); + readPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); + readPermissionsEndpoint.method(GET); + readPermissionsEndpoint.description("Get the permissions on the "+typeDescription+" for all roles."); + readPermissionsEndpoint.produces(APPLICATION_JSON); + readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Loaded permissions."); + readPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam(uuidParameterName); + crudHandler.handleReadPermissions(ac, uuid); + }, false); + + InternalEndpointRoute grantPermissionsEndpoint = createRoute(); + grantPermissionsEndpoint.path(path); + grantPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); + grantPermissionsEndpoint.method(POST); + grantPermissionsEndpoint.description("Grant permissions on the "+typeDescription+" for multiple roles."); + grantPermissionsEndpoint.consumes(APPLICATION_JSON); + grantPermissionsEndpoint.produces(APPLICATION_JSON); + grantPermissionsEndpoint.exampleRequest((String)null); // TODO + grantPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Updated permissions."); + grantPermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); + grantPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam(uuidParameterName); + crudHandler.handleGrantPermissions(ac, uuid); + }); + } +} diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java new file mode 100644 index 0000000000..0213bd4376 --- /dev/null +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java @@ -0,0 +1,63 @@ +package com.gentics.mesh.core.endpoint; + +import static com.gentics.mesh.core.rest.MeshEvent.ROLE_PERMISSIONS_CHANGED; +import static com.gentics.mesh.http.HttpConstants.APPLICATION_JSON; +import static io.netty.handler.codec.http.HttpResponseStatus.OK; +import static io.vertx.core.http.HttpMethod.GET; +import static io.vertx.core.http.HttpMethod.POST; + +import com.gentics.mesh.auth.MeshAuthChainImpl; +import com.gentics.mesh.cli.BootstrapInitializer; +import com.gentics.mesh.context.InternalActionContext; +import com.gentics.mesh.core.endpoint.handler.AbstractCrudHandler; +import com.gentics.mesh.rest.InternalEndpointRoute; +import com.gentics.mesh.router.route.AbstractProjectEndpoint; + +public abstract class RolePermissionHandlingProjectEndpoint extends AbstractProjectEndpoint { + + protected RolePermissionHandlingProjectEndpoint(String basePath, MeshAuthChainImpl chain, + BootstrapInitializer boot) { + super(basePath, chain, boot); + } + + /** + * Add role permission handler + * @param uuidParameterName name of the uuid parameter (e.g. "groupUuid") + * @param uuidParameterExample example of the uuid parameter + * @param typeDescription description of the object type (e.g. "group") + * @param crudHandler crud handler + * @param includePublishPermissions true to include the publish permissions into the example + */ + protected void addRolePermissionHandler(String uuidParameterName, String uuidParameterExample, String typeDescription, + AbstractCrudHandler crudHandler, boolean includePublishPermissions) { + String path = "/:" + uuidParameterName + "/rolePermissions"; + InternalEndpointRoute readPermissionsEndpoint = createRoute(); + readPermissionsEndpoint.path(path); + readPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); + readPermissionsEndpoint.method(GET); + readPermissionsEndpoint.description("Get the permissions on the "+typeDescription+" for all roles."); + readPermissionsEndpoint.produces(APPLICATION_JSON); + readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Loaded permissions."); + readPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam(uuidParameterName); + crudHandler.handleReadPermissions(ac, uuid); + }, false); + + InternalEndpointRoute grantPermissionsEndpoint = createRoute(); + grantPermissionsEndpoint.path(path); + grantPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); + grantPermissionsEndpoint.method(POST); + grantPermissionsEndpoint.description("Grant permissions on the "+typeDescription+" for multiple roles."); + grantPermissionsEndpoint.consumes(APPLICATION_JSON); + grantPermissionsEndpoint.produces(APPLICATION_JSON); + grantPermissionsEndpoint.exampleRequest((String)null); // TODO + grantPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Updated permissions."); + grantPermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); + grantPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam(uuidParameterName); + crudHandler.handleGrantPermissions(ac, uuid); + }); + } +} diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/group/GroupEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/group/GroupEndpoint.java index 8788b88362..c64a85b34b 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/group/GroupEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/group/GroupEndpoint.java @@ -7,7 +7,6 @@ import static com.gentics.mesh.core.rest.MeshEvent.GROUP_UPDATED; import static com.gentics.mesh.core.rest.MeshEvent.GROUP_USER_ASSIGNED; import static com.gentics.mesh.core.rest.MeshEvent.GROUP_USER_UNASSIGNED; -import static com.gentics.mesh.core.rest.MeshEvent.ROLE_PERMISSIONS_CHANGED; import static com.gentics.mesh.example.ExampleUuids.GROUP_CLIENT_UUID; import static com.gentics.mesh.example.ExampleUuids.GROUP_EDITORS_UUID; import static com.gentics.mesh.example.ExampleUuids.ROLE_CLIENT_UUID; @@ -25,16 +24,16 @@ import com.gentics.mesh.auth.MeshAuthChainImpl; import com.gentics.mesh.context.InternalActionContext; +import com.gentics.mesh.core.endpoint.RolePermissionHandlingEndpoint; import com.gentics.mesh.parameter.impl.GenericParametersImpl; import com.gentics.mesh.parameter.impl.PagingParametersImpl; import com.gentics.mesh.parameter.impl.RolePermissionParametersImpl; import com.gentics.mesh.rest.InternalEndpointRoute; -import com.gentics.mesh.router.route.AbstractInternalEndpoint; /** - * Endpoint defintion for /api/v1/groups + * Endpoint definition for /api/v1/groups */ -public class GroupEndpoint extends AbstractInternalEndpoint { +public class GroupEndpoint extends RolePermissionHandlingEndpoint { private GroupCrudHandler crudHandler; @@ -64,7 +63,7 @@ public void registerEndPoints() { addReadHandler(); addUpdateHandler(); addDeleteHandler(); - addRolePermissionHandler(); + addRolePermissionHandler("groupUuid", GROUP_CLIENT_UUID, "group", crudHandler, false); } private void addGroupRoleHandlers() { @@ -246,35 +245,4 @@ private void addCreateHandler() { }); } - - private void addRolePermissionHandler() { - InternalEndpointRoute readPermissionsEndpoint = createRoute(); - readPermissionsEndpoint.path("/:groupUuid/rolePermissions"); - readPermissionsEndpoint.addUriParameter("groupUuid", "Uuid of the group", GROUP_CLIENT_UUID); - readPermissionsEndpoint.method(GET); - readPermissionsEndpoint.description("Get the permissions on the group for all roles."); - readPermissionsEndpoint.produces(APPLICATION_JSON); - readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); - readPermissionsEndpoint.blockingHandler(rc -> { - InternalActionContext ac = wrap(rc); - String uuid = rc.request().getParam("groupUuid"); - crudHandler.handleReadPermissions(ac, uuid); - }, false); - - InternalEndpointRoute grantPermissionsEndpoint = createRoute(); - grantPermissionsEndpoint.path("/:groupUuid/rolePermissions"); - grantPermissionsEndpoint.addUriParameter("groupUuid", "Uuid of the group", GROUP_CLIENT_UUID); - grantPermissionsEndpoint.method(POST); - grantPermissionsEndpoint.description("Grant permissions on the group for multiple roles."); - grantPermissionsEndpoint.consumes(APPLICATION_JSON); - grantPermissionsEndpoint.produces(APPLICATION_JSON); - grantPermissionsEndpoint.exampleRequest((String)null); // TODO - grantPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Updated permissions."); - grantPermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); - grantPermissionsEndpoint.blockingHandler(rc -> { - InternalActionContext ac = wrap(rc); - String uuid = rc.request().getParam("groupUuid"); - crudHandler.handleGrantPermissions(ac, uuid); - }); - } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/microschema/MicroschemaEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/microschema/MicroschemaEndpoint.java index 665269a6e5..3b8f297853 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/microschema/MicroschemaEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/microschema/MicroschemaEndpoint.java @@ -21,15 +21,15 @@ import com.gentics.mesh.auth.MeshAuthChainImpl; import com.gentics.mesh.context.InternalActionContext; +import com.gentics.mesh.core.endpoint.RolePermissionHandlingEndpoint; import com.gentics.mesh.parameter.impl.PagingParametersImpl; import com.gentics.mesh.parameter.impl.VersioningParametersImpl; import com.gentics.mesh.rest.InternalEndpointRoute; -import com.gentics.mesh.router.route.AbstractInternalEndpoint; /** * Endpoint for /api/v1/microschemas */ -public class MicroschemaEndpoint extends AbstractInternalEndpoint { +public class MicroschemaEndpoint extends RolePermissionHandlingEndpoint { private MicroschemaCrudHandler crudHandler; @@ -59,7 +59,7 @@ public void registerEndPoints() { addReadHandlers(); addUpdateHandler(); addDeleteHandler(); - addRolePermissionHandler(); + addRolePermissionHandler("microschemaUuid", MICROSCHEMA_UUID, "microschema", crudHandler, false); } private void addDiffHandler() { @@ -190,19 +190,4 @@ private void addCreateHandler() { crudHandler.handleCreate(wrap(rc)); }); } - - private void addRolePermissionHandler() { - InternalEndpointRoute readPermissionsEndpoint = createRoute(); - readPermissionsEndpoint.path("/:microschemaUuid/rolePermissions"); - readPermissionsEndpoint.addUriParameter("microschemaUuid", "Uuid of the microschema", MICROSCHEMA_UUID); - readPermissionsEndpoint.method(GET); - readPermissionsEndpoint.description("Get the permissions on the microschema for all roles."); - readPermissionsEndpoint.produces(APPLICATION_JSON); - readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); - readPermissionsEndpoint.blockingHandler(rc -> { - InternalActionContext ac = wrap(rc); - String uuid = rc.request().getParam("microschemaUuid"); - crudHandler.handleReadPermissions(ac, uuid); - }, false); - } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/node/NodeEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/node/NodeEndpoint.java index 1d73e22e2d..a11a1bcd99 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/node/NodeEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/node/NodeEndpoint.java @@ -33,6 +33,7 @@ import com.gentics.mesh.auth.MeshAuthChainImpl; import com.gentics.mesh.cli.BootstrapInitializer; import com.gentics.mesh.context.InternalActionContext; +import com.gentics.mesh.core.endpoint.RolePermissionHandlingProjectEndpoint; import com.gentics.mesh.core.rest.navigation.NavigationResponse; import com.gentics.mesh.parameter.impl.DeleteParametersImpl; import com.gentics.mesh.parameter.impl.GenericParametersImpl; @@ -44,14 +45,13 @@ import com.gentics.mesh.parameter.impl.RolePermissionParametersImpl; import com.gentics.mesh.parameter.impl.VersioningParametersImpl; import com.gentics.mesh.rest.InternalEndpointRoute; -import com.gentics.mesh.router.route.AbstractProjectEndpoint; import io.vertx.core.MultiMap; /** * The content verticle adds rest endpoints for manipulating nodes. */ -public class NodeEndpoint extends AbstractProjectEndpoint { +public class NodeEndpoint extends RolePermissionHandlingProjectEndpoint { private Resource resource = new Resource(); @@ -111,7 +111,7 @@ public void registerEndPoints() { addNavigationHandlers(); addPublishHandlers(); addVersioningHandlers(); - addRolePermissionHandler(); + addRolePermissionHandler("nodeUuid", NODE_DELOREAN_UUID, "node", crudHandler, true); } public Resource getResource() { @@ -584,21 +584,6 @@ private void addPublishHandlers() { } - private void addRolePermissionHandler() { - InternalEndpointRoute readPermissionsEndpoint = createRoute(); - readPermissionsEndpoint.path("/:nodeUuid/rolePermissions"); - readPermissionsEndpoint.addUriParameter("nodeUuid", "Uuid of the node", NODE_DELOREAN_UUID); - readPermissionsEndpoint.method(GET); - readPermissionsEndpoint.description("Get the permissions on the node for all roles."); - readPermissionsEndpoint.produces(APPLICATION_JSON); - readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(true), "Loaded permissions."); - readPermissionsEndpoint.blockingHandler(rc -> { - InternalActionContext ac = wrap(rc); - String uuid = rc.request().getParam("nodeUuid"); - crudHandler.handleReadPermissions(ac, uuid); - }, false); - } - public NodeCrudHandler getCrudHandler() { return crudHandler; } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/project/ProjectEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/project/ProjectEndpoint.java index de20670592..b0cb54165e 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/project/ProjectEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/project/ProjectEndpoint.java @@ -20,16 +20,16 @@ import com.gentics.mesh.auth.MeshAuthChainImpl; import com.gentics.mesh.context.InternalActionContext; +import com.gentics.mesh.core.endpoint.RolePermissionHandlingEndpoint; import com.gentics.mesh.parameter.impl.PagingParametersImpl; import com.gentics.mesh.parameter.impl.ProjectPurgeParametersImpl; import com.gentics.mesh.parameter.impl.RolePermissionParametersImpl; import com.gentics.mesh.rest.InternalEndpointRoute; -import com.gentics.mesh.router.route.AbstractInternalEndpoint; /** * Endpoint for /api/v1/projects */ -public class ProjectEndpoint extends AbstractInternalEndpoint { +public class ProjectEndpoint extends RolePermissionHandlingEndpoint { private ProjectCrudHandler crudHandler; @@ -60,7 +60,7 @@ public void registerEndPoints() { // Version purge addVersionPurgeHandler(); - addRolePermissionHandler(); + addRolePermissionHandler("projectUuid", PROJECT_DEMO_UUID, "project", crudHandler, false); } private void addUpdateHandler() { @@ -165,19 +165,4 @@ private void addVersionPurgeHandler() { crudHandler.handlePurge(ac, uuid); }, false); } - - private void addRolePermissionHandler() { - InternalEndpointRoute readPermissionsEndpoint = createRoute(); - readPermissionsEndpoint.path("/:projectUuid/rolePermissions"); - readPermissionsEndpoint.addUriParameter("projectUuid", "Uuid of the project.", PROJECT_DEMO_UUID); - readPermissionsEndpoint.method(GET); - readPermissionsEndpoint.description("Get the permissions on the project for all roles."); - readPermissionsEndpoint.produces(APPLICATION_JSON); - readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); - readPermissionsEndpoint.blockingHandler(rc -> { - InternalActionContext ac = wrap(rc); - String uuid = ac.getParameter("projectUuid"); - crudHandler.handleReadPermissions(ac, uuid); - }, false); - } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/role/RoleEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/role/RoleEndpoint.java index 660ab98722..625fa6c415 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/role/RoleEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/role/RoleEndpoint.java @@ -19,15 +19,15 @@ import com.gentics.mesh.auth.MeshAuthChainImpl; import com.gentics.mesh.context.InternalActionContext; +import com.gentics.mesh.core.endpoint.RolePermissionHandlingEndpoint; import com.gentics.mesh.parameter.impl.GenericParametersImpl; import com.gentics.mesh.parameter.impl.PagingParametersImpl; import com.gentics.mesh.rest.InternalEndpointRoute; -import com.gentics.mesh.router.route.AbstractInternalEndpoint; /** * Endpoint for /api/v1/roles */ -public class RoleEndpoint extends AbstractInternalEndpoint { +public class RoleEndpoint extends RolePermissionHandlingEndpoint { private RoleCrudHandlerImpl crudHandler; @@ -56,7 +56,7 @@ public void registerEndPoints() { addDeleteHandler(); addPermissionHandler(); - addRolePermissionHandler(); + addRolePermissionHandler("roleUuid", ROLE_CLIENT_UUID, "role", crudHandler, false); } private void addPermissionHandler() { @@ -177,19 +177,4 @@ private void addCreateHandler() { crudHandler.handleCreate(ac); }); } - - private void addRolePermissionHandler() { - InternalEndpointRoute readPermissionsEndpoint = createRoute(); - readPermissionsEndpoint.path("/:roleUuid/rolePermissions"); - readPermissionsEndpoint.addUriParameter("roleUuid", "Uuid of the role", ROLE_CLIENT_UUID); - readPermissionsEndpoint.method(GET); - readPermissionsEndpoint.description("Get the permissions on the role for all roles."); - readPermissionsEndpoint.produces(APPLICATION_JSON); - readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); - readPermissionsEndpoint.blockingHandler(rc -> { - InternalActionContext ac = wrap(rc); - String uuid = rc.request().getParam("roleUuid"); - crudHandler.handleReadPermissions(ac, uuid); - }, false); - } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/schema/SchemaEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/schema/SchemaEndpoint.java index e39d461194..510f892d87 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/schema/SchemaEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/schema/SchemaEndpoint.java @@ -21,17 +21,17 @@ import com.gentics.mesh.auth.MeshAuthChainImpl; import com.gentics.mesh.context.InternalActionContext; +import com.gentics.mesh.core.endpoint.RolePermissionHandlingEndpoint; import com.gentics.mesh.parameter.impl.GenericParametersImpl; import com.gentics.mesh.parameter.impl.PagingParametersImpl; import com.gentics.mesh.parameter.impl.SchemaUpdateParametersImpl; import com.gentics.mesh.parameter.impl.VersioningParametersImpl; import com.gentics.mesh.rest.InternalEndpointRoute; -import com.gentics.mesh.router.route.AbstractInternalEndpoint; /** * Verticle for /api/v2/schemas endpoint */ -public class SchemaEndpoint extends AbstractInternalEndpoint { +public class SchemaEndpoint extends RolePermissionHandlingEndpoint { private SchemaCrudHandler crudHandler; @@ -64,7 +64,7 @@ public void registerEndPoints() { addUpdateHandler(); addDeleteHandler(); - addRolePermissionHandler(); + addRolePermissionHandler("schemaUuid", SCHEMA_VEHICLE_UUID, "schema", crudHandler, false); } private void addChangesHandler() { @@ -201,19 +201,4 @@ private void addReadHandlers() { }, false); } - - private void addRolePermissionHandler() { - InternalEndpointRoute readPermissionsEndpoint = createRoute(); - readPermissionsEndpoint.path("/:schemaUuid/rolePermissions"); - readPermissionsEndpoint.addUriParameter("schemaUuid", "Uuid of the schema", SCHEMA_VEHICLE_UUID); - readPermissionsEndpoint.method(GET); - readPermissionsEndpoint.description("Get the permissions on the schema for all roles."); - readPermissionsEndpoint.produces(APPLICATION_JSON); - readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); - readPermissionsEndpoint.blockingHandler(rc -> { - InternalActionContext ac = wrap(rc); - String uuid = rc.request().getParam("schemaUuid"); - crudHandler.handleReadPermissions(ac, uuid); - }, false); - } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java b/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java index 2ebdbd2ec1..e9fec748ab 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java @@ -2,9 +2,15 @@ import static com.gentics.mesh.core.action.DAOActionContext.context; import static com.gentics.mesh.core.data.perm.InternalPermission.READ_PERM; +import static com.gentics.mesh.core.data.perm.InternalPermission.UPDATE_PERM; +import static com.gentics.mesh.core.rest.error.Errors.error; +import static io.netty.handler.codec.http.HttpResponseStatus.BAD_REQUEST; import static io.netty.handler.codec.http.HttpResponseStatus.CREATED; +import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN; +import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; import static io.netty.handler.codec.http.HttpResponseStatus.OK; +import java.util.HashSet; import java.util.Map; import java.util.Set; import java.util.function.Function; @@ -12,11 +18,14 @@ import javax.inject.Inject; +import org.apache.commons.lang3.StringUtils; + import com.gentics.mesh.context.InternalActionContext; import com.gentics.mesh.core.action.TagDAOActions; import com.gentics.mesh.core.action.TagFamilyDAOActions; import com.gentics.mesh.core.data.dao.RoleDao; import com.gentics.mesh.core.data.dao.TagDao; +import com.gentics.mesh.core.data.dao.UserDao; import com.gentics.mesh.core.data.node.HibNode; import com.gentics.mesh.core.data.page.Page; import com.gentics.mesh.core.data.page.PageTransformer; @@ -24,9 +33,11 @@ import com.gentics.mesh.core.data.role.HibRole; import com.gentics.mesh.core.data.tag.HibTag; import com.gentics.mesh.core.data.tagfamily.HibTagFamily; +import com.gentics.mesh.core.data.user.HibUser; import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.endpoint.handler.AbstractHandler; import com.gentics.mesh.core.rest.common.ContainerType; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.tag.TagResponse; @@ -228,4 +239,90 @@ public void handleReadPermissions(InternalActionContext ac, String tagFamilyUuid }, model -> ac.send(model, OK)); } + /** + * Handle request to grant permissions on sets of roles + * @param ac action context + * @param tagFamilyUuid Uuid of the tag family + * @param tagUuid Uuid of the tag + */ + public void handleGrantPermissions(InternalActionContext ac, String tagFamilyUuid, String tagUuid) { + validateParameter(tagFamilyUuid, "tagFamilyUuid"); + validateParameter(tagUuid, "tagUuid"); + + ObjectPermissionRequest update = ac.fromJson(ObjectPermissionRequest.class); + utils.syncTx(ac, tx -> { + RoleDao roleDao = tx.roleDao(); + UserDao userDao = tx.userDao(); + HibUser requestUser = ac.getUser(); + HibTagFamily tagFamily = tagFamilyActions.loadByUuid(context(tx, ac), tagFamilyUuid, READ_PERM, true); + HibTag tag = tagActions.loadByUuid(context(tx, ac, tagFamily), tagUuid, UPDATE_PERM, true); + + Set allRoles = roleDao.findAll(ac, new PagingParametersImpl().setPerPage(Long.MAX_VALUE)).stream().collect(Collectors.toSet()); + Map allRolesByUuid = allRoles.stream().collect(Collectors.toMap(HibRole::getUuid, Function.identity())); + Map allRolesByName = allRoles.stream().collect(Collectors.toMap(HibRole::getName, Function.identity())); + + InternalPermission[] possiblePermissions = InternalPermission.basicPermissions(); + + for (InternalPermission perm : possiblePermissions) { + Set roleRefsToSet = update.get(perm.getRestPerm()); + if (roleRefsToSet != null) { + Set rolesToSet = new HashSet<>(); + for (RoleReference roleRef : roleRefsToSet) { + // find the role for the role reference + HibRole role = null; + if (!StringUtils.isEmpty(roleRef.getUuid())) { + role = allRolesByUuid.get(roleRef.getUuid()); + + if (role == null) { + throw error(NOT_FOUND, "object_not_found_for_uuid", roleRef.getUuid()); + } + } else if (!StringUtils.isEmpty(roleRef.getName())) { + role = allRolesByName.get(roleRef.getName()); + + if (role == null) { + throw error(NOT_FOUND, "object_not_found_for_name", roleRef.getName()); + } + } else { + throw error(BAD_REQUEST, "role_reference_uuid_or_name_missing"); + } + + // check update permission + if (!userDao.hasPermission(requestUser, role, UPDATE_PERM)) { + throw error(FORBIDDEN, "error_missing_perm", role.getUuid(), UPDATE_PERM.getRestPerm().getName()); + } + + rolesToSet.add(role); + } + + roleDao.grantPermissions(rolesToSet, tag, false, perm); + + // handle "exclusive" flag by revoking perm from all "other" roles + if (update.isExclusive()) { + // start with all roles, the user can see + Set rolesToRevoke = new HashSet<>(allRoles); + // remove all roles, which get the permission granted + rolesToRevoke.removeAll(rolesToSet); + // remove all roles without UPDATE_PERM + rolesToRevoke.removeIf(role -> !userDao.hasPermission(requestUser, role, UPDATE_PERM)); + + if (!rolesToRevoke.isEmpty()) { + roleDao.revokePermissions(rolesToRevoke, tag, perm); + } + } + } + } + + Map> permissions = roleDao.getPermissions(allRoles, tag); + permissions.values().removeIf(Set::isEmpty); + + ObjectPermissionResponse response = new ObjectPermissionResponse(); + permissions.entrySet().forEach(entry -> { + RoleReference role = entry.getKey().transformToReference(); + entry.getValue().forEach(perm -> response.add(role, perm.getRestPerm())); + }); + response.setOthers(false); + + return response; + }, model -> ac.send(model, OK)); + } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java index 0e677b97ab..41fa3906ee 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java @@ -1,6 +1,7 @@ package com.gentics.mesh.core.endpoint.tagfamily; import static com.gentics.mesh.core.rest.MeshEvent.NODE_UNTAGGED; +import static com.gentics.mesh.core.rest.MeshEvent.ROLE_PERMISSIONS_CHANGED; import static com.gentics.mesh.core.rest.MeshEvent.TAG_CREATED; import static com.gentics.mesh.core.rest.MeshEvent.TAG_DELETED; import static com.gentics.mesh.core.rest.MeshEvent.TAG_FAMILY_CREATED; @@ -23,11 +24,11 @@ import com.gentics.mesh.cli.BootstrapInitializer; import com.gentics.mesh.context.InternalActionContext; import com.gentics.mesh.core.endpoint.PathParameters; +import com.gentics.mesh.core.endpoint.RolePermissionHandlingProjectEndpoint; import com.gentics.mesh.core.endpoint.tag.TagCrudHandler; import com.gentics.mesh.parameter.impl.GenericParametersImpl; import com.gentics.mesh.parameter.impl.PagingParametersImpl; import com.gentics.mesh.rest.InternalEndpointRoute; -import com.gentics.mesh.router.route.AbstractProjectEndpoint; import io.vertx.core.logging.Logger; import io.vertx.core.logging.LoggerFactory; @@ -35,7 +36,7 @@ /** * Endpoint for /api/v1/:project/tagFamilies */ -public class TagFamilyEndpoint extends AbstractProjectEndpoint { +public class TagFamilyEndpoint extends RolePermissionHandlingProjectEndpoint { private static final Logger log = LoggerFactory.getLogger(TagFamilyEndpoint.class); @@ -72,7 +73,7 @@ public void registerEndPoints() { addTagFamilyCreateHandler(); addTagFamilyUpdateHandler(); addTagFamilyDeleteHandler(); - addTagFamilyRolePermissionHandler(); + addRolePermissionHandler("tagFamilyUuid", TAGFAMILY_COLORS_UUID, "tag family", tagFamilyCrudHandler, false); // Tags API addTagCreateHandler(); @@ -191,6 +192,24 @@ private void addTagRolePermissionHandler() { String uuid = PathParameters.getTagUuid(rc); tagCrudHandler.handleReadPermissions(ac, tagFamilyUuid, uuid); }, false); + + InternalEndpointRoute grantPermissionsEndpoint = createRoute(); + grantPermissionsEndpoint.path("/:tagFamilyUuid/tags/:tagUuid/rolePermissions"); + readPermissionsEndpoint.addUriParameter("tagFamilyUuid", "Uuid of the tag family.", TAGFAMILY_COLORS_UUID); + readPermissionsEndpoint.addUriParameter("tagUuid", "Uuid of the tag.", TAG_BLUE_UUID); + grantPermissionsEndpoint.method(POST); + grantPermissionsEndpoint.description("Grant permissions on the tag for multiple roles."); + grantPermissionsEndpoint.consumes(APPLICATION_JSON); + grantPermissionsEndpoint.produces(APPLICATION_JSON); + grantPermissionsEndpoint.exampleRequest((String)null); // TODO + grantPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Updated permissions."); + grantPermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); + grantPermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String tagFamilyUuid = PathParameters.getTagFamilyUuid(rc); + String uuid = PathParameters.getTagUuid(rc); + tagCrudHandler.handleGrantPermissions(ac, tagFamilyUuid, uuid); + }); } private void addTaggedNodesHandler() { @@ -287,19 +306,4 @@ private void addTagFamilyUpdateHandler() { tagFamilyCrudHandler.handleUpdate(ac, tagFamilyUuid); }); } - - private void addTagFamilyRolePermissionHandler() { - InternalEndpointRoute readPermissionsEndpoint = createRoute(); - readPermissionsEndpoint.path("/:tagFamilyUuid/rolePermissions"); - readPermissionsEndpoint.addUriParameter("tagFamilyUuid", "Uuid of the tag family.", TAGFAMILY_COLORS_UUID); - readPermissionsEndpoint.method(GET); - readPermissionsEndpoint.description("Get the permissions on the tag family for all roles."); - readPermissionsEndpoint.produces(APPLICATION_JSON); - readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); - readPermissionsEndpoint.blockingHandler(rc -> { - InternalActionContext ac = wrap(rc); - String tagFamilyUuid = PathParameters.getTagFamilyUuid(rc); - tagFamilyCrudHandler.handleReadPermissions(ac, tagFamilyUuid); - }, false); - } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/user/UserEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/user/UserEndpoint.java index d049783781..086a7b69aa 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/user/UserEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/user/UserEndpoint.java @@ -1,6 +1,5 @@ package com.gentics.mesh.core.endpoint.user; -import static com.gentics.mesh.core.rest.MeshEvent.ROLE_PERMISSIONS_CHANGED; import static com.gentics.mesh.core.rest.MeshEvent.USER_CREATED; import static com.gentics.mesh.core.rest.MeshEvent.USER_DELETED; import static com.gentics.mesh.core.rest.MeshEvent.USER_UPDATED; @@ -17,6 +16,7 @@ import com.gentics.mesh.auth.MeshAuthChainImpl; import com.gentics.mesh.context.InternalActionContext; +import com.gentics.mesh.core.endpoint.RolePermissionHandlingEndpoint; import com.gentics.mesh.parameter.impl.GenericParametersImpl; import com.gentics.mesh.parameter.impl.NodeParametersImpl; import com.gentics.mesh.parameter.impl.PagingParametersImpl; @@ -24,14 +24,13 @@ import com.gentics.mesh.parameter.impl.UserParametersImpl; import com.gentics.mesh.parameter.impl.VersioningParametersImpl; import com.gentics.mesh.rest.InternalEndpointRoute; -import com.gentics.mesh.router.route.AbstractInternalEndpoint; import io.vertx.core.http.HttpHeaders; /** * Endpoint for /api/v1/users */ -public class UserEndpoint extends AbstractInternalEndpoint { +public class UserEndpoint extends RolePermissionHandlingEndpoint { private UserCrudHandler crudHandler; @@ -64,7 +63,7 @@ public void registerEndPoints() { addResetTokenHandler(); addAPITokenHandler(); addReadPermissionHandler(); - addRolePermissionHandler(); + addRolePermissionHandler("userUuid", USER_EDITOR_UUID, "user", crudHandler, false); } private void addAPITokenHandler() { @@ -236,35 +235,4 @@ private void addCreateHandler() { crudHandler.handleCreate(ac); }); } - - private void addRolePermissionHandler() { - InternalEndpointRoute readPermissionsEndpoint = createRoute(); - readPermissionsEndpoint.path("/:userUuid/rolePermissions"); - readPermissionsEndpoint.addUriParameter("userUuid", "Uuid of the user", USER_EDITOR_UUID); - readPermissionsEndpoint.method(GET); - readPermissionsEndpoint.description("Get the permissions on the user for all roles."); - readPermissionsEndpoint.produces(APPLICATION_JSON); - readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Loaded permissions."); - readPermissionsEndpoint.blockingHandler(rc -> { - InternalActionContext ac = wrap(rc); - String uuid = rc.request().getParam("userUuid"); - crudHandler.handleReadPermissions(ac, uuid); - }, false); - - InternalEndpointRoute grantPermissionsEndpoint = createRoute(); - grantPermissionsEndpoint.path("/:userUuid/rolePermissions"); - grantPermissionsEndpoint.addUriParameter("userUuid", "Uuid of the user", USER_EDITOR_UUID); - grantPermissionsEndpoint.method(POST); - grantPermissionsEndpoint.description("Grant permissions on the user for multiple roles."); - grantPermissionsEndpoint.consumes(APPLICATION_JSON); - grantPermissionsEndpoint.produces(APPLICATION_JSON); - grantPermissionsEndpoint.exampleRequest((String)null); // TODO - grantPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Updated permissions."); - grantPermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); - grantPermissionsEndpoint.blockingHandler(rc -> { - InternalActionContext ac = wrap(rc); - String uuid = rc.request().getParam("userUuid"); - crudHandler.handleGrantPermissions(ac, uuid); - }); - } } diff --git a/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java b/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java index b6db408893..e53f4ea926 100644 --- a/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java +++ b/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java @@ -1889,6 +1889,15 @@ public MeshRequest getMicroschemaRolePermissions(Strin return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest grantMicroschemaRolePermissions(String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setPayloadObject(request); + microschemaCrudHandler.handleGrantPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getNodeRolePermissions(String projectName, String uuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); @@ -1897,6 +1906,16 @@ public MeshRequest getNodeRolePermissions(String proje return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest grantNodeRolePermissions(String projectName, String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setProject(projectName); + ac.setPayloadObject(request); + nodeCrudHandler.handleGrantPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getProjectRolePermissions(String uuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); @@ -1904,6 +1923,15 @@ public MeshRequest getProjectRolePermissions(String uu return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest grantProjectRolePermissions(String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setPayloadObject(request); + projectCrudHandler.handleGrantPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getRoleRolePermissions(String uuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); @@ -1911,6 +1939,15 @@ public MeshRequest getRoleRolePermissions(String uuid) return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest grantRoleRolePermissions(String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setPayloadObject(request); + roleCrudHandler.handleGrantPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getSchemaRolePermissions(String uuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); @@ -1918,6 +1955,15 @@ public MeshRequest getSchemaRolePermissions(String uui return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest grantSchemaRolePermissions(String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setPayloadObject(request); + schemaCrudHandler.handleGrantPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getTagFamilyRolePermissions(String projectName, String tagFamilyUuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); @@ -1927,6 +1973,17 @@ public MeshRequest getTagFamilyRolePermissions(String return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest grantTagFamilyRolePermissions(String projectName, String tagFamilyUuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setProject(projectName); + ac.setParameter("tagFamilyUuid", tagFamilyUuid); + ac.setPayloadObject(request); + tagFamilyCrudHandler.handleGrantPermissions(ac, tagFamilyUuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getTagRolePermissions(String projectName, String tagFamilyUuid, String uuid) { @@ -1938,6 +1995,19 @@ public MeshRequest getTagRolePermissions(String projec return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest grantTagRolePermissions(String projectName, String tagFamilyUuid, + String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setProject(projectName); + ac.setParameter("tagUuid", uuid); + ac.setParameter("tagFamilyUuid", tagFamilyUuid); + ac.setPayloadObject(request); + tagCrudHandler.handleGrantPermissions(ac, tagFamilyUuid, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getUserRolePermissions(String uuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java index 31ab3264ca..ff1a7e7ac0 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java @@ -1685,6 +1685,14 @@ public MeshRequest getMicroschemaRolePermissions(Strin return prepareRequest(GET, "/microschemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class); } + @Override + public MeshRequest grantMicroschemaRolePermissions(String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(POST, "/microschemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getNodeRolePermissions(String projectName, String uuid) { Objects.requireNonNull(projectName, "projectName must not be null"); @@ -1693,24 +1701,57 @@ public MeshRequest getNodeRolePermissions(String proje ObjectPermissionResponse.class); } + @Override + public MeshRequest grantNodeRolePermissions(String projectName, String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(projectName, "projectName must not be null"); + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(POST, "/" + encodeSegment(projectName) + "/nodes/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getProjectRolePermissions(String uuid) { Objects.requireNonNull(uuid, "uuid must not be null"); return prepareRequest(GET, "/projects/" + uuid + "/rolePermissions", ObjectPermissionResponse.class); } + @Override + public MeshRequest grantProjectRolePermissions(String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(POST, "/projects/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getRoleRolePermissions(String uuid) { Objects.requireNonNull(uuid, "uuid must not be null"); return prepareRequest(GET, "/roles/" + uuid + "/rolePermissions", ObjectPermissionResponse.class); } + @Override + public MeshRequest grantRoleRolePermissions(String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(POST, "/roles/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getSchemaRolePermissions(String uuid) { Objects.requireNonNull(uuid, "uuid must not be null"); return prepareRequest(GET, "/schemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class); } + @Override + public MeshRequest grantSchemaRolePermissions(String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(POST, "/schemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getTagFamilyRolePermissions(String projectName, String tagFamilyUuid) { Objects.requireNonNull(projectName, "projectName must not be null"); @@ -1719,6 +1760,15 @@ public MeshRequest getTagFamilyRolePermissions(String ObjectPermissionResponse.class); } + @Override + public MeshRequest grantTagFamilyRolePermissions(String projectName, String tagFamilyUuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(projectName, "projectName must not be null"); + Objects.requireNonNull(tagFamilyUuid, "tagFamilyUuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(POST, "/" + encodeSegment(projectName) + "/tagFamilies/" + tagFamilyUuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getTagRolePermissions(String projectName, String tagFamilyUuid, String uuid) { @@ -1729,6 +1779,16 @@ public MeshRequest getTagRolePermissions(String projec ObjectPermissionResponse.class); } + @Override + public MeshRequest grantTagRolePermissions(String projectName, String tagFamilyUuid, String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(projectName, "projectName must not be null"); + Objects.requireNonNull(tagFamilyUuid, "tagFamilyUuid must not be null"); + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(POST, "/" + encodeSegment(projectName) + "/tagFamilies/" + tagFamilyUuid + "/tags/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getUserRolePermissions(String uuid) { Objects.requireNonNull(uuid, "uuid must not be null"); diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java index 1cb66c7eaa..83b4384275 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java @@ -110,7 +110,6 @@ public interface GroupClientMethods { */ MeshRequest getGroupRolePermissions(String uuid); - /** * Grant permissions on the group to roles * @param uuid Uuid of the group diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java index 330d45ba76..bb185e7a62 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java @@ -1,6 +1,7 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.microschema.impl.MicroschemaCreateRequest; import com.gentics.mesh.core.rest.microschema.impl.MicroschemaResponse; @@ -91,4 +92,12 @@ public interface MicroschemaClientMethods { * @return request */ MeshRequest getMicroschemaRolePermissions(String uuid); + + /** + * Grant permissions on the microschema to roles + * @param uuid Uuid of the microschema + * @param request request + * @return mesh request + */ + MeshRequest grantMicroschemaRolePermissions(String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java index 341bbf61e6..e36ce002b4 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java @@ -1,5 +1,6 @@ package com.gentics.mesh.rest.client.method; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.node.NodeCreateRequest; import com.gentics.mesh.core.rest.node.NodeListResponse; @@ -311,4 +312,15 @@ default MeshRequest takeNodeLanguage(String projectName, String n * @return request */ MeshRequest getNodeRolePermissions(String projectName, String uuid); + + /** + * Grant permissions on the node to roles + * + * @param projectName + * Name of the project + * @param uuid Uuid of the node + * @param request request + * @return mesh request + */ + MeshRequest grantNodeRolePermissions(String projectName, String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java index 6c8d9ec347..be2b3b9aad 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java @@ -1,6 +1,7 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.project.ProjectCreateRequest; import com.gentics.mesh.core.rest.project.ProjectListResponse; @@ -112,4 +113,12 @@ public interface ProjectClientMethods { * @return request */ MeshRequest getProjectRolePermissions(String uuid); + + /** + * Grant permissions on the project to roles + * @param uuid Uuid of the project + * @param request request + * @return mesh request + */ + MeshRequest grantProjectRolePermissions(String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java index f16b74c4dc..a1144b6f67 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java @@ -1,6 +1,7 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.role.RoleCreateRequest; import com.gentics.mesh.core.rest.role.RoleListResponse; @@ -109,4 +110,12 @@ public interface RoleClientMethods { * @return request */ MeshRequest getRoleRolePermissions(String uuid); + + /** + * Grant permissions on the role to roles + * @param uuid Uuid of the role + * @param request request + * @return mesh request + */ + MeshRequest grantRoleRolePermissions(String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java index c5b08d1c9b..398ff65229 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java @@ -1,6 +1,7 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.microschema.impl.MicroschemaResponse; import com.gentics.mesh.core.rest.schema.MicroschemaListResponse; @@ -178,4 +179,12 @@ public interface SchemaClientMethods { * @return request */ MeshRequest getSchemaRolePermissions(String uuid); + + /** + * Grant permissions on the schema to roles + * @param uuid Uuid of the schema + * @param request request + * @return mesh request + */ + MeshRequest grantSchemaRolePermissions(String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java index 59c57afd6e..1a33a935b5 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java @@ -1,5 +1,6 @@ package com.gentics.mesh.rest.client.method; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.tag.TagCreateRequest; import com.gentics.mesh.core.rest.tag.TagListResponse; @@ -102,4 +103,16 @@ public interface TagClientMethods { * @return request */ MeshRequest getTagRolePermissions(String projectName, String tagFamilyUuid, String uuid); + + /** + * Grant permissions on the tag to roles + * @param projectName + * Name of the project + * @param tagFamilyUuid + * Uuid of the tagfamily in which the tag is stored + * @param uuid Uuid of the tag + * @param request request + * @return mesh request + */ + MeshRequest grantTagRolePermissions(String projectName, String tagFamilyUuid, String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java index 02e0993e65..628fd2bbbc 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java @@ -1,5 +1,6 @@ package com.gentics.mesh.rest.client.method; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.tag.TagFamilyCreateRequest; import com.gentics.mesh.core.rest.tag.TagFamilyListResponse; @@ -102,4 +103,17 @@ public interface TagFamilyClientMethods { * @return request */ MeshRequest getTagFamilyRolePermissions(String projectName, String tagFamilyUuid); + + /** + * Grant permissions on the tag family to roles + * + * @param projectName + * Name of the project + * @param tagFamilyUuid + * Uuid of the tagfamily + * @param request request + * @return mesh request + */ + MeshRequest grantTagFamilyRolePermissions(String projectName, String tagFamilyUuid, ObjectPermissionRequest request); + } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java index add65b5bbc..fc0f618945 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java @@ -6,14 +6,14 @@ import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.test.MeshTestSetting; -import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; /** * Test cases for handling role permissions for groups */ @MeshTestSetting(testSize = PROJECT_AND_NODE, startServer = true) -public class GroupRolePermissionsEndpointTest extends AbstractRolePermissionTest { +public class GroupRolePermissionsEndpointTest extends AbstractRolePermissionEndpointTest { @Override protected HibBaseElement getTestedElement() { diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java index 998fc5c22f..e09fd09fd5 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java @@ -7,14 +7,14 @@ import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.test.MeshTestSetting; -import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; /** * Test cases for handling role permissions for nodes */ @MeshTestSetting(testSize = PROJECT_AND_NODE, startServer = true) -public class NodeRolePermissionsEndpointTest extends AbstractRolePermissionTest { +public class NodeRolePermissionsEndpointTest extends AbstractRolePermissionEndpointTest { @Override protected HibBaseElement getTestedElement() { @@ -28,7 +28,6 @@ protected ClientHandler getRolePermissions() { @Override protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { - // TODO Auto-generated method stub - return null; + return () -> client().grantNodeRolePermissions(PROJECT_NAME, getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java index afe2b950b9..b38f6628f0 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java @@ -6,14 +6,14 @@ import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.test.MeshTestSetting; -import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; /** * Test cases for handling role permissions for projects */ @MeshTestSetting(testSize = PROJECT_AND_NODE, startServer = true) -public class ProjectRolePermissionsEndpointTest extends AbstractRolePermissionTest { +public class ProjectRolePermissionsEndpointTest extends AbstractRolePermissionEndpointTest { @Override protected HibBaseElement getTestedElement() { @@ -27,7 +27,7 @@ protected ClientHandler getRolePermissions() { @Override protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { - // TODO Auto-generated method stub - return null; + String uuid = getTestedUuid(); + return () -> client().grantProjectRolePermissions(uuid, request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java index a40cea128b..4f28690c4d 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java @@ -6,14 +6,14 @@ import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.test.MeshTestSetting; -import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; /** * Test cases for handling role permissions for roles */ @MeshTestSetting(testSize = PROJECT_AND_NODE, startServer = true) -public class RoleRolePermissionsEndpointTest extends AbstractRolePermissionTest { +public class RoleRolePermissionsEndpointTest extends AbstractRolePermissionEndpointTest { @Override protected HibBaseElement getTestedElement() { @@ -27,7 +27,6 @@ protected ClientHandler getRolePermissions() { @Override protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { - // TODO Auto-generated method stub - return null; + return () -> client().grantRoleRolePermissions(getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java index 5eeabd98e7..9fefaf921b 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java @@ -6,14 +6,14 @@ import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.test.MeshTestSetting; -import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; /** * Test cases for handling role permissions for microschemas */ @MeshTestSetting(testSize = FULL, startServer = true) -public class MicroschemaRolePermissionsEndpointTest extends AbstractRolePermissionTest { +public class MicroschemaRolePermissionsEndpointTest extends AbstractRolePermissionEndpointTest { @Override protected HibBaseElement getTestedElement() { @@ -27,7 +27,7 @@ protected ClientHandler getRolePermissions() { @Override protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { - // TODO Auto-generated method stub - return null; + String uuid = getTestedUuid(); + return () -> client().grantMicroschemaRolePermissions(uuid, request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java index 2e0a26b3ac..b88f2897e6 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java @@ -6,14 +6,14 @@ import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.test.MeshTestSetting; -import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; /** * Test cases for handling role permissions for schemas */ @MeshTestSetting(testSize = FULL, startServer = true) -public class SchemaRolePermissionsEndpointTest extends AbstractRolePermissionTest { +public class SchemaRolePermissionsEndpointTest extends AbstractRolePermissionEndpointTest { @Override protected HibBaseElement getTestedElement() { @@ -27,7 +27,7 @@ protected ClientHandler getRolePermissions() { @Override protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { - // TODO Auto-generated method stub - return null; + String uuid = getTestedUuid(); + return () -> client().grantSchemaRolePermissions(uuid, request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java index c9a123e8df..cea1a1d1b4 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java @@ -7,14 +7,14 @@ import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.test.MeshTestSetting; -import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; /** * Test cases for handling role permissions for tags */ @MeshTestSetting(testSize = FULL, startServer = true) -public class TagRolePermissionsEndpointTest extends AbstractRolePermissionTest { +public class TagRolePermissionsEndpointTest extends AbstractRolePermissionEndpointTest { @Override protected HibBaseElement getTestedElement() { @@ -24,12 +24,14 @@ protected HibBaseElement getTestedElement() { @Override protected ClientHandler getRolePermissions() { String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); - return () -> client().getTagRolePermissions(PROJECT_NAME, tagFamilyUuid, getTestedUuid()); + String uuid = getTestedUuid(); + return () -> client().getTagRolePermissions(PROJECT_NAME, tagFamilyUuid, uuid); } @Override protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { - // TODO Auto-generated method stub - return null; + String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); + String uuid = getTestedUuid(); + return () -> client().grantTagRolePermissions(PROJECT_NAME, tagFamilyUuid, uuid, request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java index a48c3a1b31..60f66e8659 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java @@ -7,14 +7,14 @@ import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.test.MeshTestSetting; -import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; /** * Test cases for handling role permissions for tag families */ @MeshTestSetting(testSize = FULL, startServer = true) -public class TagFamilyRolePermissionsEndpointTest extends AbstractRolePermissionTest { +public class TagFamilyRolePermissionsEndpointTest extends AbstractRolePermissionEndpointTest { @Override protected HibBaseElement getTestedElement() { @@ -28,7 +28,6 @@ protected ClientHandler getRolePermissions() { @Override protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { - // TODO Auto-generated method stub - return null; + return () -> client().grantTagFamilyRolePermissions(PROJECT_NAME, getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java index 051fbf66e3..163839d0b7 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java @@ -6,14 +6,14 @@ import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.test.MeshTestSetting; -import com.gentics.mesh.test.context.AbstractRolePermissionTest; +import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; /** * Test cases for handling role permissions for users */ @MeshTestSetting(testSize = PROJECT_AND_NODE, startServer = true) -public class UserRolePermissionsEndpointTest extends AbstractRolePermissionTest { +public class UserRolePermissionsEndpointTest extends AbstractRolePermissionEndpointTest { @Override protected HibBaseElement getTestedElement() { diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java similarity index 98% rename from tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionTest.java rename to tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java index a774f8010a..9b2063ad37 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java @@ -21,7 +21,7 @@ /** * Abstract test class for role permissions test */ -public abstract class AbstractRolePermissionTest extends AbstractMeshTest { +public abstract class AbstractRolePermissionEndpointTest extends AbstractMeshTest { /** * Test reading role permissions * @throws Exception From 2d1be78d44cdc84a3f80afe3ab116a070c996ec8 Mon Sep 17 00:00:00 2001 From: Norbert Pomaroli Date: Wed, 5 Oct 2022 08:13:45 +0200 Subject: [PATCH 4/9] Add endpoints to revoke role permissions Add tests --- .../RolePermissionHandlingEndpoint.java | 21 +- .../endpoint/handler/AbstractCrudHandler.java | 73 ++++- .../core/endpoint/tag/TagCrudHandler.java | 75 +++++- .../mesh/rest/MeshLocalClientImpl.java | 88 ++++++ .../client/impl/MeshRestHttpClientImpl.java | 76 ++++++ .../client/method/GroupClientMethods.java | 8 + .../method/MicroschemaClientMethods.java | 8 + .../rest/client/method/NodeClientMethods.java | 11 + .../client/method/ProjectClientMethods.java | 8 + .../rest/client/method/RoleClientMethods.java | 8 + .../client/method/SchemaClientMethods.java | 8 + .../rest/client/method/TagClientMethods.java | 12 + .../client/method/TagFamilyClientMethods.java | 11 + .../rest/client/method/UserClientMethods.java | 8 + .../GroupRolePermissionsEndpointTest.java | 11 +- .../node/NodeRolePermissionsEndpointTest.java | 5 + .../ProjectRolePermissionsEndpointTest.java | 8 +- .../role/RoleRolePermissionsEndpointTest.java | 5 + ...icroschemaRolePermissionsEndpointTest.java | 8 +- .../SchemaRolePermissionsEndpointTest.java | 8 +- .../tag/TagRolePermissionsEndpointTest.java | 7 + .../TagFamilyRolePermissionsEndpointTest.java | 5 + .../user/UserRolePermissionsEndpointTest.java | 11 +- .../AbstractRolePermissionEndpointTest.java | 251 ++++++++++++++++-- 24 files changed, 693 insertions(+), 41 deletions(-) diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java index f9516fbc50..fa3aad1116 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java @@ -3,6 +3,7 @@ import static com.gentics.mesh.core.rest.MeshEvent.ROLE_PERMISSIONS_CHANGED; import static com.gentics.mesh.http.HttpConstants.APPLICATION_JSON; import static io.netty.handler.codec.http.HttpResponseStatus.OK; +import static io.vertx.core.http.HttpMethod.DELETE; import static io.vertx.core.http.HttpMethod.GET; import static io.vertx.core.http.HttpMethod.POST; @@ -33,7 +34,7 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar readPermissionsEndpoint.path(path); readPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); readPermissionsEndpoint.method(GET); - readPermissionsEndpoint.description("Get the permissions on the "+typeDescription+" for all roles."); + readPermissionsEndpoint.description("Get the permissions on the " + typeDescription + " for all roles."); readPermissionsEndpoint.produces(APPLICATION_JSON); readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Loaded permissions."); readPermissionsEndpoint.blockingHandler(rc -> { @@ -46,7 +47,7 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar grantPermissionsEndpoint.path(path); grantPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); grantPermissionsEndpoint.method(POST); - grantPermissionsEndpoint.description("Grant permissions on the "+typeDescription+" for multiple roles."); + grantPermissionsEndpoint.description("Grant permissions on the " + typeDescription + " for multiple roles."); grantPermissionsEndpoint.consumes(APPLICATION_JSON); grantPermissionsEndpoint.produces(APPLICATION_JSON); grantPermissionsEndpoint.exampleRequest((String)null); // TODO @@ -57,5 +58,21 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar String uuid = rc.request().getParam(uuidParameterName); crudHandler.handleGrantPermissions(ac, uuid); }); + + InternalEndpointRoute revokePermissionsEndpoint = createRoute(); + revokePermissionsEndpoint.path(path); + revokePermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); + revokePermissionsEndpoint.method(DELETE); + revokePermissionsEndpoint.description("Revoke permissions from the " + typeDescription + " for multiple roles."); + revokePermissionsEndpoint.consumes(APPLICATION_JSON); + revokePermissionsEndpoint.produces(APPLICATION_JSON); + revokePermissionsEndpoint.exampleRequest((String)null); // TODO + revokePermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Updated permissions."); + revokePermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); + revokePermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam(uuidParameterName); + crudHandler.handleRevokePermissions(ac, uuid); + }); } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java b/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java index 91fb9d1cc1..8623d72561 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java @@ -163,7 +163,7 @@ public void handleGrantPermissions(InternalActionContext ac, String uuid) { RoleDao roleDao = tx.roleDao(); UserDao userDao = tx.userDao(); HibUser requestUser = ac.getUser(); - T object = crudActions().loadByUuid(context(tx, ac), uuid, UPDATE_PERM, true); + T object = crudActions().loadByUuid(context(tx, ac), uuid, READ_PERM, true); Set allRoles = roleDao.findAll(ac, new PagingParametersImpl().setPerPage(Long.MAX_VALUE)).stream().collect(Collectors.toSet()); Map allRolesByUuid = allRoles.stream().collect(Collectors.toMap(HibRole::getUuid, Function.identity())); Map allRolesByName = allRoles.stream().collect(Collectors.toMap(HibRole::getName, Function.identity())); @@ -234,4 +234,75 @@ public void handleGrantPermissions(InternalActionContext ac, String uuid) { return response; }, model -> ac.send(model, OK)); } + + /** + * Handle request to revoke permissions on sets of roles + * @param ac action context + * @param uuid entity uuid + */ + public void handleRevokePermissions(InternalActionContext ac, String uuid) { + validateParameter(uuid, "uuid"); + + ObjectPermissionRequest update = ac.fromJson(ObjectPermissionRequest.class); + utils.syncTx(ac, tx -> { + RoleDao roleDao = tx.roleDao(); + UserDao userDao = tx.userDao(); + HibUser requestUser = ac.getUser(); + T object = crudActions().loadByUuid(context(tx, ac), uuid, READ_PERM, true); + Set allRoles = roleDao.findAll(ac, new PagingParametersImpl().setPerPage(Long.MAX_VALUE)).stream().collect(Collectors.toSet()); + Map allRolesByUuid = allRoles.stream().collect(Collectors.toMap(HibRole::getUuid, Function.identity())); + Map allRolesByName = allRoles.stream().collect(Collectors.toMap(HibRole::getName, Function.identity())); + + InternalPermission[] possiblePermissions = object.hasPublishPermissions() + ? InternalPermission.values() + : InternalPermission.basicPermissions(); + + for (InternalPermission perm : possiblePermissions) { + Set roleRefsToRevoke = update.get(perm.getRestPerm()); + if (roleRefsToRevoke != null) { + Set rolesToRevoke = new HashSet<>(); + for (RoleReference roleRef : roleRefsToRevoke) { + // find the role for the role reference + HibRole role = null; + if (!StringUtils.isEmpty(roleRef.getUuid())) { + role = allRolesByUuid.get(roleRef.getUuid()); + + if (role == null) { + throw error(NOT_FOUND, "object_not_found_for_uuid", roleRef.getUuid()); + } + } else if (!StringUtils.isEmpty(roleRef.getName())) { + role = allRolesByName.get(roleRef.getName()); + + if (role == null) { + throw error(NOT_FOUND, "object_not_found_for_name", roleRef.getName()); + } + } else { + throw error(BAD_REQUEST, "role_reference_uuid_or_name_missing"); + } + + // check update permission + if (!userDao.hasPermission(requestUser, role, UPDATE_PERM)) { + throw error(FORBIDDEN, "error_missing_perm", role.getUuid(), UPDATE_PERM.getRestPerm().getName()); + } + + rolesToRevoke.add(role); + } + + roleDao.revokePermissions(rolesToRevoke, object, perm); + } + } + + Map> permissions = roleDao.getPermissions(allRoles, object); + permissions.values().removeIf(Set::isEmpty); + + ObjectPermissionResponse response = new ObjectPermissionResponse(); + permissions.entrySet().forEach(entry -> { + RoleReference role = entry.getKey().transformToReference(); + entry.getValue().forEach(perm -> response.add(role, perm.getRestPerm())); + }); + response.setOthers(object.hasPublishPermissions()); + + return response; + }, model -> ac.send(model, OK)); + } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java b/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java index e9fec748ab..84d9eecdd2 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java @@ -255,7 +255,7 @@ public void handleGrantPermissions(InternalActionContext ac, String tagFamilyUui UserDao userDao = tx.userDao(); HibUser requestUser = ac.getUser(); HibTagFamily tagFamily = tagFamilyActions.loadByUuid(context(tx, ac), tagFamilyUuid, READ_PERM, true); - HibTag tag = tagActions.loadByUuid(context(tx, ac, tagFamily), tagUuid, UPDATE_PERM, true); + HibTag tag = tagActions.loadByUuid(context(tx, ac, tagFamily), tagUuid, READ_PERM, true); Set allRoles = roleDao.findAll(ac, new PagingParametersImpl().setPerPage(Long.MAX_VALUE)).stream().collect(Collectors.toSet()); Map allRolesByUuid = allRoles.stream().collect(Collectors.toMap(HibRole::getUuid, Function.identity())); @@ -325,4 +325,77 @@ public void handleGrantPermissions(InternalActionContext ac, String tagFamilyUui return response; }, model -> ac.send(model, OK)); } + + /** + * Handle request to revoke permissions on sets of roles + * @param ac action context + * @param tagFamilyUuid Uuid of the tag family + * @param tagUuid Uuid of the tag + */ + public void handleRevokePermissions(InternalActionContext ac, String tagFamilyUuid, String tagUuid) { + validateParameter(tagFamilyUuid, "tagFamilyUuid"); + validateParameter(tagUuid, "tagUuid"); + + ObjectPermissionRequest update = ac.fromJson(ObjectPermissionRequest.class); + utils.syncTx(ac, tx -> { + RoleDao roleDao = tx.roleDao(); + UserDao userDao = tx.userDao(); + HibUser requestUser = ac.getUser(); + HibTagFamily tagFamily = tagFamilyActions.loadByUuid(context(tx, ac), tagFamilyUuid, READ_PERM, true); + HibTag tag = tagActions.loadByUuid(context(tx, ac, tagFamily), tagUuid, READ_PERM, true); + + Set allRoles = roleDao.findAll(ac, new PagingParametersImpl().setPerPage(Long.MAX_VALUE)).stream().collect(Collectors.toSet()); + Map allRolesByUuid = allRoles.stream().collect(Collectors.toMap(HibRole::getUuid, Function.identity())); + Map allRolesByName = allRoles.stream().collect(Collectors.toMap(HibRole::getName, Function.identity())); + + InternalPermission[] possiblePermissions = InternalPermission.basicPermissions(); + + for (InternalPermission perm : possiblePermissions) { + Set roleRefsToRevoke = update.get(perm.getRestPerm()); + if (roleRefsToRevoke != null) { + Set rolesToRevoke = new HashSet<>(); + for (RoleReference roleRef : roleRefsToRevoke) { + // find the role for the role reference + HibRole role = null; + if (!StringUtils.isEmpty(roleRef.getUuid())) { + role = allRolesByUuid.get(roleRef.getUuid()); + + if (role == null) { + throw error(NOT_FOUND, "object_not_found_for_uuid", roleRef.getUuid()); + } + } else if (!StringUtils.isEmpty(roleRef.getName())) { + role = allRolesByName.get(roleRef.getName()); + + if (role == null) { + throw error(NOT_FOUND, "object_not_found_for_name", roleRef.getName()); + } + } else { + throw error(BAD_REQUEST, "role_reference_uuid_or_name_missing"); + } + + // check update permission + if (!userDao.hasPermission(requestUser, role, UPDATE_PERM)) { + throw error(FORBIDDEN, "error_missing_perm", role.getUuid(), UPDATE_PERM.getRestPerm().getName()); + } + + rolesToRevoke.add(role); + } + + roleDao.revokePermissions(rolesToRevoke, tag, perm); + } + } + + Map> permissions = roleDao.getPermissions(allRoles, tag); + permissions.values().removeIf(Set::isEmpty); + + ObjectPermissionResponse response = new ObjectPermissionResponse(); + permissions.entrySet().forEach(entry -> { + RoleReference role = entry.getKey().transformToReference(); + entry.getValue().forEach(perm -> response.add(role, perm.getRestPerm())); + }); + response.setOthers(false); + + return response; + }, model -> ac.send(model, OK)); + } } diff --git a/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java b/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java index e53f4ea926..14338cf8ab 100644 --- a/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java +++ b/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java @@ -1882,6 +1882,15 @@ public MeshRequest grantGroupRolePermissions(String uu return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest revokeGroupRolePermissions(String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setPayloadObject(request); + groupCrudHandler.handleRevokePermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getMicroschemaRolePermissions(String uuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); @@ -1898,6 +1907,15 @@ public MeshRequest grantMicroschemaRolePermissions(Str return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest revokeMicroschemaRolePermissions(String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setPayloadObject(request); + microschemaCrudHandler.handleRevokePermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getNodeRolePermissions(String projectName, String uuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); @@ -1916,6 +1934,16 @@ public MeshRequest grantNodeRolePermissions(String pro return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest revokeNodeRolePermissions(String projectName, String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setProject(projectName); + ac.setPayloadObject(request); + nodeCrudHandler.handleRevokePermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getProjectRolePermissions(String uuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); @@ -1932,6 +1960,15 @@ public MeshRequest grantProjectRolePermissions(String return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest revokeProjectRolePermissions(String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setPayloadObject(request); + projectCrudHandler.handleRevokePermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getRoleRolePermissions(String uuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); @@ -1948,6 +1985,15 @@ public MeshRequest grantRoleRolePermissions(String uui return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest revokeRoleRolePermissions(String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setPayloadObject(request); + roleCrudHandler.handleRevokePermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getSchemaRolePermissions(String uuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); @@ -1964,6 +2010,15 @@ public MeshRequest grantSchemaRolePermissions(String u return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest revokeSchemaRolePermissions(String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setPayloadObject(request); + schemaCrudHandler.handleRevokePermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getTagFamilyRolePermissions(String projectName, String tagFamilyUuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); @@ -1984,6 +2039,17 @@ public MeshRequest grantTagFamilyRolePermissions(Strin return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest revokeTagFamilyRolePermissions(String projectName, String tagFamilyUuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setProject(projectName); + ac.setParameter("tagFamilyUuid", tagFamilyUuid); + ac.setPayloadObject(request); + tagFamilyCrudHandler.handleRevokePermissions(ac, tagFamilyUuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getTagRolePermissions(String projectName, String tagFamilyUuid, String uuid) { @@ -2008,6 +2074,19 @@ public MeshRequest grantTagRolePermissions(String proj return new MeshLocalRequestImpl<>(ac.getFuture()); } + @Override + public MeshRequest revokeTagRolePermissions(String projectName, String tagFamilyUuid, + String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setProject(projectName); + ac.setParameter("tagUuid", uuid); + ac.setParameter("tagFamilyUuid", tagFamilyUuid); + ac.setPayloadObject(request); + tagCrudHandler.handleRevokePermissions(ac, tagFamilyUuid, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getUserRolePermissions(String uuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); @@ -2023,4 +2102,13 @@ public MeshRequest grantUserRolePermissions(String uui userCrudHandler.handleGrantPermissions(ac, uuid); return new MeshLocalRequestImpl<>(ac.getFuture()); } + + @Override + public MeshRequest revokeUserRolePermissions(String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setPayloadObject(request); + userCrudHandler.handleRevokePermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java index ff1a7e7ac0..ba6f929610 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java @@ -1679,6 +1679,14 @@ public MeshRequest grantGroupRolePermissions(String uu return prepareRequest(POST, "/groups/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); } + @Override + public MeshRequest revokeGroupRolePermissions(String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(DELETE, "/groups/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getMicroschemaRolePermissions(String uuid) { Objects.requireNonNull(uuid, "uuid must not be null"); @@ -1693,6 +1701,14 @@ public MeshRequest grantMicroschemaRolePermissions(Str return prepareRequest(POST, "/microschemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); } + @Override + public MeshRequest revokeMicroschemaRolePermissions(String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(DELETE, "/microschemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getNodeRolePermissions(String projectName, String uuid) { Objects.requireNonNull(projectName, "projectName must not be null"); @@ -1710,6 +1726,15 @@ public MeshRequest grantNodeRolePermissions(String pro return prepareRequest(POST, "/" + encodeSegment(projectName) + "/nodes/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); } + @Override + public MeshRequest revokeNodeRolePermissions(String projectName, String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(projectName, "projectName must not be null"); + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(DELETE, "/" + encodeSegment(projectName) + "/nodes/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getProjectRolePermissions(String uuid) { Objects.requireNonNull(uuid, "uuid must not be null"); @@ -1724,6 +1749,14 @@ public MeshRequest grantProjectRolePermissions(String return prepareRequest(POST, "/projects/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); } + @Override + public MeshRequest revokeProjectRolePermissions(String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(DELETE, "/projects/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getRoleRolePermissions(String uuid) { Objects.requireNonNull(uuid, "uuid must not be null"); @@ -1738,6 +1771,14 @@ public MeshRequest grantRoleRolePermissions(String uui return prepareRequest(POST, "/roles/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); } + @Override + public MeshRequest revokeRoleRolePermissions(String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(DELETE, "/roles/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getSchemaRolePermissions(String uuid) { Objects.requireNonNull(uuid, "uuid must not be null"); @@ -1752,6 +1793,14 @@ public MeshRequest grantSchemaRolePermissions(String u return prepareRequest(POST, "/schemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); } + @Override + public MeshRequest revokeSchemaRolePermissions(String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(DELETE, "/schemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getTagFamilyRolePermissions(String projectName, String tagFamilyUuid) { Objects.requireNonNull(projectName, "projectName must not be null"); @@ -1769,6 +1818,15 @@ public MeshRequest grantTagFamilyRolePermissions(Strin return prepareRequest(POST, "/" + encodeSegment(projectName) + "/tagFamilies/" + tagFamilyUuid + "/rolePermissions", ObjectPermissionResponse.class, request); } + @Override + public MeshRequest revokeTagFamilyRolePermissions(String projectName, String tagFamilyUuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(projectName, "projectName must not be null"); + Objects.requireNonNull(tagFamilyUuid, "tagFamilyUuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(DELETE, "/" + encodeSegment(projectName) + "/tagFamilies/" + tagFamilyUuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getTagRolePermissions(String projectName, String tagFamilyUuid, String uuid) { @@ -1789,6 +1847,16 @@ public MeshRequest grantTagRolePermissions(String proj return prepareRequest(POST, "/" + encodeSegment(projectName) + "/tagFamilies/" + tagFamilyUuid + "/tags/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); } + @Override + public MeshRequest revokeTagRolePermissions(String projectName, String tagFamilyUuid, String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(projectName, "projectName must not be null"); + Objects.requireNonNull(tagFamilyUuid, "tagFamilyUuid must not be null"); + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(DELETE, "/" + encodeSegment(projectName) + "/tagFamilies/" + tagFamilyUuid + "/tags/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getUserRolePermissions(String uuid) { Objects.requireNonNull(uuid, "uuid must not be null"); @@ -1802,4 +1870,12 @@ public MeshRequest grantUserRolePermissions(String uui Objects.requireNonNull(request, "objectPermissionRequest must not be null"); return prepareRequest(POST, "/users/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); } + + @Override + public MeshRequest revokeUserRolePermissions(String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(DELETE, "/users/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java index 83b4384275..25d81e1a92 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java @@ -117,4 +117,12 @@ public interface GroupClientMethods { * @return mesh request */ MeshRequest grantGroupRolePermissions(String uuid, ObjectPermissionRequest request); + + /** + * Revoke permissions on the group from roles + * @param uuid Uuid of the group + * @param request request + * @return mesh request + */ + MeshRequest revokeGroupRolePermissions(String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java index bb185e7a62..ded90f4a06 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java @@ -100,4 +100,12 @@ public interface MicroschemaClientMethods { * @return mesh request */ MeshRequest grantMicroschemaRolePermissions(String uuid, ObjectPermissionRequest request); + + /** + * Revoke permissions on the microschema from roles + * @param uuid Uuid of the microschema + * @param request request + * @return mesh request + */ + MeshRequest revokeMicroschemaRolePermissions(String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java index e36ce002b4..a66f4d8773 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java @@ -323,4 +323,15 @@ default MeshRequest takeNodeLanguage(String projectName, String n * @return mesh request */ MeshRequest grantNodeRolePermissions(String projectName, String uuid, ObjectPermissionRequest request); + + /** + * Revoke permissions on the node from roles + * + * @param projectName + * Name of the project + * @param uuid Uuid of the node + * @param request request + * @return mesh request + */ + MeshRequest revokeNodeRolePermissions(String projectName, String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java index be2b3b9aad..dbcc146b4b 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java @@ -121,4 +121,12 @@ public interface ProjectClientMethods { * @return mesh request */ MeshRequest grantProjectRolePermissions(String uuid, ObjectPermissionRequest request); + + /** + * Revoke permissions on the project from roles + * @param uuid Uuid of the project + * @param request request + * @return mesh request + */ + MeshRequest revokeProjectRolePermissions(String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java index a1144b6f67..2e15f2cf6a 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java @@ -118,4 +118,12 @@ public interface RoleClientMethods { * @return mesh request */ MeshRequest grantRoleRolePermissions(String uuid, ObjectPermissionRequest request); + + /** + * Revoke permissions on the role from roles + * @param uuid Uuid of the role + * @param request request + * @return mesh request + */ + MeshRequest revokeRoleRolePermissions(String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java index 398ff65229..953872fabd 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java @@ -187,4 +187,12 @@ public interface SchemaClientMethods { * @return mesh request */ MeshRequest grantSchemaRolePermissions(String uuid, ObjectPermissionRequest request); + + /** + * Revoke permissions on the schema from roles + * @param uuid Uuid of the schema + * @param request request + * @return mesh request + */ + MeshRequest revokeSchemaRolePermissions(String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java index 1a33a935b5..63f9c573d8 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java @@ -115,4 +115,16 @@ public interface TagClientMethods { * @return mesh request */ MeshRequest grantTagRolePermissions(String projectName, String tagFamilyUuid, String uuid, ObjectPermissionRequest request); + + /** + * Revoke permissions on the tag from roles + * @param projectName + * Name of the project + * @param tagFamilyUuid + * Uuid of the tagfamily in which the tag is stored + * @param uuid Uuid of the tag + * @param request request + * @return mesh request + */ + MeshRequest revokeTagRolePermissions(String projectName, String tagFamilyUuid, String uuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java index 628fd2bbbc..6b4a26cb87 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java @@ -116,4 +116,15 @@ public interface TagFamilyClientMethods { */ MeshRequest grantTagFamilyRolePermissions(String projectName, String tagFamilyUuid, ObjectPermissionRequest request); + /** + * Revoke permissions on the tag family from roles + * + * @param projectName + * Name of the project + * @param tagFamilyUuid + * Uuid of the tagfamily + * @param request request + * @return mesh request + */ + MeshRequest revokeTagFamilyRolePermissions(String projectName, String tagFamilyUuid, ObjectPermissionRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java index c9d8ca24f5..4ee431bcc4 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java @@ -137,4 +137,12 @@ public interface UserClientMethods { * @return mesh request */ MeshRequest grantUserRolePermissions(String uuid, ObjectPermissionRequest request); + + /** + * Revoke permissions on the user from roles + * @param uuid Uuid of the user + * @param request request + * @return mesh request + */ + MeshRequest revokeUserRolePermissions(String uuid, ObjectPermissionRequest request); } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java index fc0f618945..58cf1095cd 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java @@ -22,13 +22,16 @@ protected HibBaseElement getTestedElement() { @Override protected ClientHandler getRolePermissions() { - String uuid = getTestedUuid(); - return () -> client().getGroupRolePermissions(uuid); + return () -> client().getGroupRolePermissions(getTestedUuid()); } @Override protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { - String uuid = getTestedUuid(); - return () -> client().grantGroupRolePermissions(uuid, request); + return () -> client().grantGroupRolePermissions(getTestedUuid(), request); + } + + @Override + protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + return () -> client().revokeGroupRolePermissions(getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java index e09fd09fd5..f4fad17f0a 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java @@ -30,4 +30,9 @@ protected ClientHandler getRolePermissions() { protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { return () -> client().grantNodeRolePermissions(PROJECT_NAME, getTestedUuid(), request); } + + @Override + protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + return () -> client().revokeNodeRolePermissions(PROJECT_NAME, getTestedUuid(), request); + } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java index b38f6628f0..422dcf4cca 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java @@ -27,7 +27,11 @@ protected ClientHandler getRolePermissions() { @Override protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { - String uuid = getTestedUuid(); - return () -> client().grantProjectRolePermissions(uuid, request); + return () -> client().grantProjectRolePermissions(getTestedUuid(), request); + } + + @Override + protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + return () -> client().revokeProjectRolePermissions(getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java index 4f28690c4d..da3cb1e4be 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java @@ -29,4 +29,9 @@ protected ClientHandler getRolePermissions() { protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { return () -> client().grantRoleRolePermissions(getTestedUuid(), request); } + + @Override + protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + return () -> client().revokeRoleRolePermissions(getTestedUuid(), request); + } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java index 9fefaf921b..2023215c50 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java @@ -27,7 +27,11 @@ protected ClientHandler getRolePermissions() { @Override protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { - String uuid = getTestedUuid(); - return () -> client().grantMicroschemaRolePermissions(uuid, request); + return () -> client().grantMicroschemaRolePermissions(getTestedUuid(), request); + } + + @Override + protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + return () -> client().revokeMicroschemaRolePermissions(getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java index b88f2897e6..1c82529794 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java @@ -27,7 +27,11 @@ protected ClientHandler getRolePermissions() { @Override protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { - String uuid = getTestedUuid(); - return () -> client().grantSchemaRolePermissions(uuid, request); + return () -> client().grantSchemaRolePermissions(getTestedUuid(), request); + } + + @Override + protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + return () -> client().revokeRoleRolePermissions(getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java index cea1a1d1b4..25ec2e268a 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java @@ -34,4 +34,11 @@ protected ClientHandler grantRolePermissions(ObjectPer String uuid = getTestedUuid(); return () -> client().grantTagRolePermissions(PROJECT_NAME, tagFamilyUuid, uuid, request); } + + @Override + protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); + String uuid = getTestedUuid(); + return () -> client().revokeTagRolePermissions(PROJECT_NAME, tagFamilyUuid, uuid, request); + } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java index 60f66e8659..20a3fb195e 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java @@ -30,4 +30,9 @@ protected ClientHandler getRolePermissions() { protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { return () -> client().grantTagFamilyRolePermissions(PROJECT_NAME, getTestedUuid(), request); } + + @Override + protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + return () -> client().revokeTagFamilyRolePermissions(PROJECT_NAME, getTestedUuid(), request); + } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java index 163839d0b7..cb94938c37 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java @@ -22,13 +22,16 @@ protected HibBaseElement getTestedElement() { @Override protected ClientHandler getRolePermissions() { - String uuid = getTestedUuid(); - return () -> client().getUserRolePermissions(uuid); + return () -> client().getUserRolePermissions(getTestedUuid()); } @Override protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { - String uuid = getTestedUuid(); - return () -> client().grantUserRolePermissions(uuid, request); + return () -> client().grantUserRolePermissions(getTestedUuid(), request); + } + + @Override + protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + return () -> client().revokeUserRolePermissions(getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java index 9b2063ad37..c074c5bfce 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java @@ -10,9 +10,13 @@ import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; import static org.assertj.core.api.Assertions.assertThat; +import java.util.Set; + import org.junit.Test; import com.gentics.mesh.core.data.HibBaseElement; +import com.gentics.mesh.core.data.perm.InternalPermission; +import com.gentics.mesh.core.data.role.HibRole; import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.role.RoleReference; @@ -24,10 +28,9 @@ public abstract class AbstractRolePermissionEndpointTest extends AbstractMeshTest { /** * Test reading role permissions - * @throws Exception */ @Test - public void testReadRolePermissions() throws Exception { + public void testReadRolePermissions() { boolean hasPublishPermissions = tx(() -> getTestedElement().hasPublishPermissions()); RoleReference testRole = tx(() -> role().transformToReference()); @@ -48,27 +51,21 @@ public void testReadRolePermissions() throws Exception { /** * Test reading role permissions without permission on the object itself - * @throws Exception */ @Test - public void testReadRolePermissionWithoutPermission() throws Exception { - String uuid = tx(() -> getTestedElement().getUuid()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), getTestedElement(), READ_PERM); - }); + public void testReadRolePermissionWithoutPermission() { + revokeReadOnTestedElement(); + String uuid = getTestedUuid(); call(getRolePermissions(), FORBIDDEN, "error_missing_perm", uuid, READ_PERM.getRestPerm().getName()); } /** * Test reading role permissions without permission on all roles - * @throws Exception */ @Test - public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { + public void testReadRolePermissionWithoutPermissionOnRole() { boolean hasPublishPermissions = tx(() -> getTestedElement().hasPublishPermissions()); - tx(tx -> { - tx.roleDao().revokePermissions(role(), role(), READ_PERM); - }); + revokeReadOnRole(); ObjectPermissionResponse response = call(getRolePermissions()); assertThat(response).as("Response").isNotNull(); @@ -87,10 +84,9 @@ public void testReadRolePermissionWithoutPermissionOnRole() throws Exception { /** * Test granting role permissions by uuid - * @throws Exception */ @Test - public void testGrantRolePermissionsByUuid() throws Exception { + public void testGrantRolePermissionsByUuid() { String anonymousUuid = tx(() -> roles().get("anonymous").getUuid()); RoleReference anonymous = tx(() -> roles().get("anonymous").transformToReference()); RoleReference testRole = tx(() -> role().transformToReference()); @@ -105,10 +101,9 @@ public void testGrantRolePermissionsByUuid() throws Exception { /** * Test granting role permissions by name - * @throws Exception */ @Test - public void testGrantRolePermissionsByName() throws Exception { + public void testGrantRolePermissionsByName() { RoleReference anonymous = tx(() -> roles().get("anonymous").transformToReference()); RoleReference testRole = tx(() -> role().transformToReference()); @@ -122,10 +117,9 @@ public void testGrantRolePermissionsByName() throws Exception { /** * Test granting role permissions by unknown uuid - * @throws Exception */ @Test - public void testGrantUnknownRolePermissionsByUuid() throws Exception { + public void testGrantUnknownRolePermissionsByUuid() { String randomUUID = UUIDUtil.randomUUID(); ObjectPermissionRequest request = new ObjectPermissionRequest(); request.set(new RoleReference().setUuid(randomUUID), UPDATE_PERM.getRestPerm(), true); @@ -134,10 +128,9 @@ public void testGrantUnknownRolePermissionsByUuid() throws Exception { /** * Test granting role permissions by unknown name - * @throws Exception */ @Test - public void testGrantUnknownRolePermissionsByName() throws Exception { + public void testGrantUnknownRolePermissionsByName() { ObjectPermissionRequest request = new ObjectPermissionRequest(); request.set(new RoleReference().setName("bogus"), DELETE_PERM.getRestPerm(), true); call(grantRolePermissions(request), NOT_FOUND, "object_not_found_for_name", "bogus"); @@ -145,15 +138,193 @@ public void testGrantUnknownRolePermissionsByName() throws Exception { /** * Test granting role permissions by neither uuid nor name - * @throws Exception */ @Test - public void testGrantInvalidRolePermissions() throws Exception { + public void testGrantInvalidRolePermissions() { ObjectPermissionRequest request = new ObjectPermissionRequest(); request.set(new RoleReference(), CREATE_PERM.getRestPerm(), true); call(grantRolePermissions(request), BAD_REQUEST, "role_reference_uuid_or_name_missing"); } + /** + * Test granting roles permissions exclusively + */ + @Test + public void testGrantRolePermissionsExclusive() { + String anonymousUuid = tx(() -> roles().get("anonymous").getUuid()); + RoleReference anonymous = tx(() -> roles().get("anonymous").transformToReference()); + RoleReference testRole = tx(() -> role().transformToReference()); + + tx(tx -> { + HibRole adminObj = roles().get("admin"); + HibRole testRoleObj = role(); + + // revoke the permission on the admin role + tx.roleDao().revokePermissions(testRoleObj, adminObj, READ_PERM); + + // grant some permissions to the admin role + tx.roleDao().grantPermissions(adminObj, getTestedElement(), UPDATE_PERM, CREATE_PERM, READ_PERM); + }); + + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(new RoleReference().setUuid(anonymousUuid), CREATE_PERM.getRestPerm(), true); + request.set(new RoleReference().setUuid(anonymousUuid), DELETE_PERM.getRestPerm(), true); + request.setExclusive(true); + ObjectPermissionResponse response = call(grantRolePermissions(request)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().containsOnly(testRole); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().containsOnly(testRole); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().containsOnly(anonymous); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().containsOnly(anonymous); + + // check that admin permissions were not changed + Set adminPermissions = tx(tx -> { + return tx.roleDao().getPermissions(roles().get("admin"), getTestedElement()); + }); + assertThat(adminPermissions).as("Permissions for role admin").isNotNull().containsOnly(UPDATE_PERM, CREATE_PERM, READ_PERM); + } + + /** + * Test granting role without permission on the entity + */ + @Test + public void testGrantRoleWithoutPermission() { + String uuid = getTestedUuid(); + revokeReadOnTestedElement(); + ObjectPermissionRequest request = new ObjectPermissionRequest(); + call(grantRolePermissions(request), FORBIDDEN, "error_missing_perm", uuid, READ_PERM.getRestPerm().getName()); + } + + /** + * Test granting role without read permission on the role + */ + @Test + public void testGrantRoleWithoutReadPermissionOnRole() { + String testRoleUuid = tx(() -> role().getUuid()); + RoleReference testRoleRef = tx(() -> role().transformToReference()); + revokeReadOnRole(); + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(testRoleRef, CREATE_PERM.getRestPerm(), true); + call(grantRolePermissions(request), NOT_FOUND, "object_not_found_for_uuid", testRoleUuid); + } + + /** + * Test granting role without update permission on the role + */ + @Test + public void testGrantRoleWithoutUpdatePermissionOnRole() { + String testRoleUuid = tx(() -> role().getUuid()); + RoleReference testRoleRef = tx(() -> role().transformToReference()); + revokeUpdateOnRole(); + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(testRoleRef, CREATE_PERM.getRestPerm(), true); + call(grantRolePermissions(request), FORBIDDEN, "error_missing_perm", testRoleUuid, UPDATE_PERM.getRestPerm().getName()); + } + + // TODO more grant tests + + /** + * Test revoking permissions by uuid + */ + @Test + public void testRevokeRolePermissionsByUuid() { + String testRoleUuid = tx(() -> role().getUuid()); + RoleReference testRole = tx(() -> role().transformToReference()); + + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(new RoleReference().setUuid(testRoleUuid), CREATE_PERM.getRestPerm(), true); + ObjectPermissionResponse response = call(revokeRolePermissions(request)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().containsOnly(testRole); + } + + /** + * Test revoking role permissions by name + */ + @Test + public void testRevokeRolePermissionsByName() { + String testRoleName = tx(() -> role().getName()); + RoleReference testRole = tx(() -> role().transformToReference()); + + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(new RoleReference().setName(testRoleName), UPDATE_PERM.getRestPerm(), true); + ObjectPermissionResponse response = call(revokeRolePermissions(request)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().containsOnly(testRole); + } + + /** + * Test revoking role permissions by unknown uuid + */ + @Test + public void testRevokeUnknownRolePermissionsByUuid() { + String randomUUID = UUIDUtil.randomUUID(); + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(new RoleReference().setUuid(randomUUID), UPDATE_PERM.getRestPerm(), true); + call(revokeRolePermissions(request), NOT_FOUND, "object_not_found_for_uuid", randomUUID); + } + + /** + * Test revoking role permissions by unknown name + */ + @Test + public void testRevoketUnknownRolePermissionsByName() { + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(new RoleReference().setName("bogus"), DELETE_PERM.getRestPerm(), true); + call(revokeRolePermissions(request), NOT_FOUND, "object_not_found_for_name", "bogus"); + } + + /** + * Test revoking role permissions by neither uuid nor name + */ + @Test + public void testRevokeInvalidRolePermissions() { + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(new RoleReference(), CREATE_PERM.getRestPerm(), true); + call(revokeRolePermissions(request), BAD_REQUEST, "role_reference_uuid_or_name_missing"); + } + + /** + * Test revoking role without permission on the entity + */ + @Test + public void testRevokeRoleWithoutPermission() { + String uuid = getTestedUuid(); + revokeReadOnTestedElement(); + ObjectPermissionRequest request = new ObjectPermissionRequest(); + call(revokeRolePermissions(request), FORBIDDEN, "error_missing_perm", uuid, READ_PERM.getRestPerm().getName()); + } + + /** + * Test revoking role without read permission on the role + */ + @Test + public void testRevokeRoleWithoutReadPermissionOnRole() { + String testRoleUuid = tx(() -> role().getUuid()); + RoleReference testRoleRef = tx(() -> role().transformToReference()); + revokeReadOnRole(); + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(testRoleRef, CREATE_PERM.getRestPerm(), true); + call(revokeRolePermissions(request), NOT_FOUND, "object_not_found_for_uuid", testRoleUuid); + } + + /** + * Test revoking role without update permission on the role + */ + @Test + public void testRevokeRoleWithoutUpdatePermissionOnRole() { + String testRoleUuid = tx(() -> role().getUuid()); + RoleReference testRoleRef = tx(() -> role().transformToReference()); + revokeUpdateOnRole(); + ObjectPermissionRequest request = new ObjectPermissionRequest(); + request.set(testRoleRef, CREATE_PERM.getRestPerm(), true); + call(revokeRolePermissions(request), FORBIDDEN, "error_missing_perm", testRoleUuid, UPDATE_PERM.getRestPerm().getName()); + } + + // TODO more revoke tests + /** * Get the tested element (this method assumes a running transaction) * @return tested element @@ -168,6 +339,33 @@ protected String getTestedUuid() { return tx(() -> getTestedElement().getUuid()); } + /** + * Revoke the read permission on the tested element + */ + protected void revokeReadOnTestedElement() { + tx(tx -> { + tx.roleDao().revokePermissions(role(), getTestedElement(), READ_PERM); + }); + } + + /** + * Revoke the read permission on the role + */ + protected void revokeReadOnRole() { + tx(tx -> { + tx.roleDao().revokePermissions(role(), role(), READ_PERM); + }); + } + + /** + * Revoke the update permission on the role + */ + protected void revokeUpdateOnRole() { + tx(tx -> { + tx.roleDao().revokePermissions(role(), role(), UPDATE_PERM); + }); + } + /** * Get a client handler that gets the role permissions on the tested element * @return client handler @@ -180,4 +378,11 @@ protected String getTestedUuid() { * @return client handler */ protected abstract ClientHandler grantRolePermissions(ObjectPermissionRequest request); + + /** + * Get a client handler that revokes the role permissions from the tested element + * @param request request + * @return client handler + */ + protected abstract ClientHandler revokeRolePermissions(ObjectPermissionRequest request); } From 079d2e23256a12e755a189029111afa5b1d890b6 Mon Sep 17 00:00:00 2001 From: Norbert Pomaroli Date: Wed, 5 Oct 2022 11:54:09 +0200 Subject: [PATCH 5/9] Implement role permission endpoints for branches Implement revoking roles from project specific entities --- ...RolePermissionHandlingProjectEndpoint.java | 21 +++++++++- .../core/endpoint/branch/BranchEndpoint.java | 5 ++- .../mesh/rest/MeshLocalClientImpl.java | 28 ++++++++++++++ .../client/impl/MeshRestHttpClientImpl.java | 26 +++++++++++++ .../client/method/BranchClientMethods.java | 33 ++++++++++++++++ .../BranchRolePermissionsEndpointTest.java | 38 +++++++++++++++++++ 6 files changed, 147 insertions(+), 4 deletions(-) create mode 100644 tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchRolePermissionsEndpointTest.java diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java index 0213bd4376..0a54066d94 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java @@ -3,6 +3,7 @@ import static com.gentics.mesh.core.rest.MeshEvent.ROLE_PERMISSIONS_CHANGED; import static com.gentics.mesh.http.HttpConstants.APPLICATION_JSON; import static io.netty.handler.codec.http.HttpResponseStatus.OK; +import static io.vertx.core.http.HttpMethod.DELETE; import static io.vertx.core.http.HttpMethod.GET; import static io.vertx.core.http.HttpMethod.POST; @@ -35,7 +36,7 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar readPermissionsEndpoint.path(path); readPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); readPermissionsEndpoint.method(GET); - readPermissionsEndpoint.description("Get the permissions on the "+typeDescription+" for all roles."); + readPermissionsEndpoint.description("Get the permissions on the " + typeDescription + " for all roles."); readPermissionsEndpoint.produces(APPLICATION_JSON); readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Loaded permissions."); readPermissionsEndpoint.blockingHandler(rc -> { @@ -48,7 +49,7 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar grantPermissionsEndpoint.path(path); grantPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); grantPermissionsEndpoint.method(POST); - grantPermissionsEndpoint.description("Grant permissions on the "+typeDescription+" for multiple roles."); + grantPermissionsEndpoint.description("Grant permissions on the " + typeDescription + " for multiple roles."); grantPermissionsEndpoint.consumes(APPLICATION_JSON); grantPermissionsEndpoint.produces(APPLICATION_JSON); grantPermissionsEndpoint.exampleRequest((String)null); // TODO @@ -59,5 +60,21 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar String uuid = rc.request().getParam(uuidParameterName); crudHandler.handleGrantPermissions(ac, uuid); }); + + InternalEndpointRoute revokePermissionsEndpoint = createRoute(); + revokePermissionsEndpoint.path(path); + revokePermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); + revokePermissionsEndpoint.method(DELETE); + revokePermissionsEndpoint.description("Revoke permissions from the " + typeDescription + " for multiple roles."); + revokePermissionsEndpoint.consumes(APPLICATION_JSON); + revokePermissionsEndpoint.produces(APPLICATION_JSON); + revokePermissionsEndpoint.exampleRequest((String)null); // TODO + revokePermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Updated permissions."); + revokePermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); + revokePermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String uuid = rc.request().getParam(uuidParameterName); + crudHandler.handleRevokePermissions(ac, uuid); + }); } } diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/branch/BranchEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/branch/BranchEndpoint.java index 73a57520c2..08ff0d75b2 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/branch/BranchEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/branch/BranchEndpoint.java @@ -28,15 +28,15 @@ import com.gentics.mesh.auth.MeshAuthChainImpl; import com.gentics.mesh.cli.BootstrapInitializer; import com.gentics.mesh.context.InternalActionContext; +import com.gentics.mesh.core.endpoint.RolePermissionHandlingProjectEndpoint; import com.gentics.mesh.parameter.impl.GenericParametersImpl; import com.gentics.mesh.parameter.impl.PagingParametersImpl; import com.gentics.mesh.rest.InternalEndpointRoute; -import com.gentics.mesh.router.route.AbstractProjectEndpoint; /** * Verticle for REST endpoints to manage branches. */ -public class BranchEndpoint extends AbstractProjectEndpoint { +public class BranchEndpoint extends RolePermissionHandlingProjectEndpoint { private BranchCrudHandler crudHandler; @@ -67,6 +67,7 @@ public void registerEndPoints() { addNodeMigrationHandler(); addMicronodeMigrationHandler(); addTagsHandler(); + addRolePermissionHandler("branchUuid", BRANCH_UUID, "branch", crudHandler, false); } private void addMicroschemaInfoHandler() { diff --git a/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java b/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java index 14338cf8ab..b73f21d9c5 100644 --- a/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java +++ b/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java @@ -1866,6 +1866,34 @@ public MeshRequest clearCache() { return null; } + @Override + public MeshRequest getBranchRolePermissions(String projectName, String uuid) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setProject(projectName); + branchCrudHandler.handleReadPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + + @Override + public MeshRequest grantBranchRolePermissions(String projectName, String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setProject(projectName); + ac.setPayloadObject(request); + branchCrudHandler.handleGrantPermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + + @Override + public MeshRequest revokeBranchRolePermissions(String projectName, String uuid, + ObjectPermissionRequest request) { + LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); + ac.setProject(projectName); + ac.setPayloadObject(request); + branchCrudHandler.handleRevokePermissions(ac, uuid); + return new MeshLocalRequestImpl<>(ac.getFuture()); + } + @Override public MeshRequest getGroupRolePermissions(String uuid) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java index ba6f929610..a55f9d5073 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java @@ -1665,6 +1665,32 @@ public MeshRequest webrootField(String projectName, St return prepareRequest(GET, "/" + encodeSegment(projectName) + "/webrootfield/" + fieldName + path + getQuery(parameters), MeshWebrootFieldResponse.class); } + @Override + public MeshRequest getBranchRolePermissions(String projectName, String uuid) { + Objects.requireNonNull(projectName, "projectName must not be null"); + Objects.requireNonNull(uuid, "uuid must not be null"); + return prepareRequest(GET, "/" + encodeSegment(projectName) + "/branches/" + uuid + "/rolePermissions", + ObjectPermissionResponse.class); + } + + @Override + public MeshRequest grantBranchRolePermissions(String projectName, String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(projectName, "projectName must not be null"); + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(POST, "/" + encodeSegment(projectName) + "/branches/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + + @Override + public MeshRequest revokeBranchRolePermissions(String projectName, String uuid, + ObjectPermissionRequest request) { + Objects.requireNonNull(projectName, "projectName must not be null"); + Objects.requireNonNull(uuid, "uuid must not be null"); + Objects.requireNonNull(request, "objectPermissionRequest must not be null"); + return prepareRequest(DELETE, "/" + encodeSegment(projectName) + "/branches/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); + } + @Override public MeshRequest getGroupRolePermissions(String uuid) { Objects.requireNonNull(uuid, "uuid must not be null"); diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/BranchClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/BranchClientMethods.java index 536631ed17..001feb7db0 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/BranchClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/BranchClientMethods.java @@ -7,6 +7,8 @@ import com.gentics.mesh.core.rest.branch.info.BranchInfoMicroschemaList; import com.gentics.mesh.core.rest.branch.info.BranchInfoSchemaList; import com.gentics.mesh.core.rest.common.GenericMessageResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; import com.gentics.mesh.core.rest.schema.MicroschemaReference; import com.gentics.mesh.core.rest.schema.SchemaReference; import com.gentics.mesh.core.rest.tag.TagListResponse; @@ -206,4 +208,35 @@ MeshRequest assignBranchMicroschemaVersions(String pr */ MeshRequest updateTagsForBranch(String projectName, String branchUuid, TagListUpdateRequest request); + /** + * Get the role permissions on the branch + * + * @param projectName + * Name of the project + * @param uuid Uuid of the branch + * @return request + */ + MeshRequest getBranchRolePermissions(String projectName, String uuid); + + /** + * Grant permissions on the branch to roles + * + * @param projectName + * Name of the project + * @param uuid Uuid of the branch + * @param request request + * @return mesh request + */ + MeshRequest grantBranchRolePermissions(String projectName, String uuid, ObjectPermissionRequest request); + + /** + * Revoke permissions on the branch from roles + * + * @param projectName + * Name of the project + * @param uuid Uuid of the branch + * @param request request + * @return mesh request + */ + MeshRequest revokeBranchRolePermissions(String projectName, String uuid, ObjectPermissionRequest request); } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchRolePermissionsEndpointTest.java new file mode 100644 index 0000000000..09cf371b2b --- /dev/null +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchRolePermissionsEndpointTest.java @@ -0,0 +1,38 @@ +package com.gentics.mesh.core.branch; + +import static com.gentics.mesh.test.TestDataProvider.PROJECT_NAME; +import static com.gentics.mesh.test.TestSize.FULL; + +import com.gentics.mesh.core.data.HibBaseElement; +import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.test.MeshTestSetting; +import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; +import com.gentics.mesh.test.context.ClientHandler; + +/** + * Test cases for handling role permissions for branches + */ +@MeshTestSetting(testSize = FULL, startServer = true) +public class BranchRolePermissionsEndpointTest extends AbstractRolePermissionEndpointTest { + + @Override + protected HibBaseElement getTestedElement() { + return project().getInitialBranch(); + } + + @Override + protected ClientHandler getRolePermissions() { + return () -> client().getBranchRolePermissions(PROJECT_NAME, getTestedUuid()); + } + + @Override + protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + return () -> client().grantBranchRolePermissions(PROJECT_NAME, getTestedUuid(), request); + } + + @Override + protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + return () -> client().revokeBranchRolePermissions(PROJECT_NAME, getTestedUuid(), request); + } +} From 27c2a4c31aa767224484eadd06ce999f34daa59c Mon Sep 17 00:00:00 2001 From: Norbert Pomaroli Date: Wed, 5 Oct 2022 14:00:51 +0200 Subject: [PATCH 6/9] Add option to ignore roles when granting exclusively Refactor request models --- .../RolePermissionHandlingEndpoint.java | 4 +- ...RolePermissionHandlingProjectEndpoint.java | 4 +- .../endpoint/handler/AbstractCrudHandler.java | 17 ++- .../core/endpoint/tag/TagCrudHandler.java | 17 ++- .../endpoint/tagfamily/TagFamilyEndpoint.java | 20 +++- .../mesh/rest/MeshLocalClientImpl.java | 43 ++++---- .../client/impl/MeshRestHttpClientImpl.java | 43 ++++---- .../client/method/BranchClientMethods.java | 7 +- .../client/method/GroupClientMethods.java | 7 +- .../method/MicroschemaClientMethods.java | 7 +- .../rest/client/method/NodeClientMethods.java | 7 +- .../client/method/ProjectClientMethods.java | 7 +- .../rest/client/method/RoleClientMethods.java | 7 +- .../client/method/SchemaClientMethods.java | 7 +- .../rest/client/method/TagClientMethods.java | 7 +- .../client/method/TagFamilyClientMethods.java | 7 +- .../rest/client/method/UserClientMethods.java | 7 +- .../common/ObjectPermissionGrantRequest.java | 104 ++++++++++++++++++ .../rest/common/ObjectPermissionRequest.java | 31 ------ .../rest/common/ObjectPermissionResponse.java | 3 + .../common/ObjectPermissionRevokeRequest.java | 64 +++++++++++ .../BranchRolePermissionsEndpointTest.java | 7 +- .../GroupRolePermissionsEndpointTest.java | 7 +- .../node/NodeRolePermissionsEndpointTest.java | 7 +- .../ProjectRolePermissionsEndpointTest.java | 7 +- .../role/RoleRolePermissionsEndpointTest.java | 7 +- ...icroschemaRolePermissionsEndpointTest.java | 7 +- .../SchemaRolePermissionsEndpointTest.java | 7 +- .../tag/TagRolePermissionsEndpointTest.java | 7 +- .../TagFamilyRolePermissionsEndpointTest.java | 7 +- .../user/UserRolePermissionsEndpointTest.java | 7 +- .../AbstractRolePermissionEndpointTest.java | 85 ++++++++++---- 32 files changed, 407 insertions(+), 168 deletions(-) create mode 100644 rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionGrantRequest.java delete mode 100644 rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRequest.java create mode 100644 rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRevokeRequest.java diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java index fa3aad1116..10c953fd9c 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java @@ -47,7 +47,7 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar grantPermissionsEndpoint.path(path); grantPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); grantPermissionsEndpoint.method(POST); - grantPermissionsEndpoint.description("Grant permissions on the " + typeDescription + " for multiple roles."); + grantPermissionsEndpoint.description("Grant permissions on the " + typeDescription + " to multiple roles."); grantPermissionsEndpoint.consumes(APPLICATION_JSON); grantPermissionsEndpoint.produces(APPLICATION_JSON); grantPermissionsEndpoint.exampleRequest((String)null); // TODO @@ -63,7 +63,7 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar revokePermissionsEndpoint.path(path); revokePermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); revokePermissionsEndpoint.method(DELETE); - revokePermissionsEndpoint.description("Revoke permissions from the " + typeDescription + " for multiple roles."); + revokePermissionsEndpoint.description("Revoke permissions on the " + typeDescription + " from multiple roles."); revokePermissionsEndpoint.consumes(APPLICATION_JSON); revokePermissionsEndpoint.produces(APPLICATION_JSON); revokePermissionsEndpoint.exampleRequest((String)null); // TODO diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java index 0a54066d94..a167888723 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java @@ -49,7 +49,7 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar grantPermissionsEndpoint.path(path); grantPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); grantPermissionsEndpoint.method(POST); - grantPermissionsEndpoint.description("Grant permissions on the " + typeDescription + " for multiple roles."); + grantPermissionsEndpoint.description("Grant permissions on the " + typeDescription + " to multiple roles."); grantPermissionsEndpoint.consumes(APPLICATION_JSON); grantPermissionsEndpoint.produces(APPLICATION_JSON); grantPermissionsEndpoint.exampleRequest((String)null); // TODO @@ -65,7 +65,7 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar revokePermissionsEndpoint.path(path); revokePermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample); revokePermissionsEndpoint.method(DELETE); - revokePermissionsEndpoint.description("Revoke permissions from the " + typeDescription + " for multiple roles."); + revokePermissionsEndpoint.description("Revoke permissions on the " + typeDescription + " from multiple roles."); revokePermissionsEndpoint.consumes(APPLICATION_JSON); revokePermissionsEndpoint.produces(APPLICATION_JSON); revokePermissionsEndpoint.exampleRequest((String)null); // TODO diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java b/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java index 8623d72561..da2c6677db 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java @@ -29,8 +29,9 @@ import com.gentics.mesh.core.data.role.HibRole; import com.gentics.mesh.core.data.user.HibUser; import com.gentics.mesh.core.db.Database; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.common.RestModel; import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.verticle.handler.HandlerUtilities; @@ -158,7 +159,7 @@ public void handleReadPermissions(InternalActionContext ac, String uuid) { public void handleGrantPermissions(InternalActionContext ac, String uuid) { validateParameter(uuid, "uuid"); - ObjectPermissionRequest update = ac.fromJson(ObjectPermissionRequest.class); + ObjectPermissionGrantRequest update = ac.fromJson(ObjectPermissionGrantRequest.class); utils.syncTx(ac, tx -> { RoleDao roleDao = tx.roleDao(); UserDao userDao = tx.userDao(); @@ -211,6 +212,16 @@ public void handleGrantPermissions(InternalActionContext ac, String uuid) { Set rolesToRevoke = new HashSet<>(allRoles); // remove all roles, which get the permission granted rolesToRevoke.removeAll(rolesToSet); + + // remove all roles, which should be ignored + if (update.getIgnore() != null) { + rolesToRevoke.removeIf(role -> { + return update.getIgnore().stream().filter(ign -> { + return StringUtils.equals(ign.getUuid(), role.getUuid()) || StringUtils.equals(ign.getName(), role.getName()); + }).findAny().isPresent(); + }); + } + // remove all roles without UPDATE_PERM rolesToRevoke.removeIf(role -> !userDao.hasPermission(requestUser, role, UPDATE_PERM)); @@ -243,7 +254,7 @@ public void handleGrantPermissions(InternalActionContext ac, String uuid) { public void handleRevokePermissions(InternalActionContext ac, String uuid) { validateParameter(uuid, "uuid"); - ObjectPermissionRequest update = ac.fromJson(ObjectPermissionRequest.class); + ObjectPermissionRevokeRequest update = ac.fromJson(ObjectPermissionRevokeRequest.class); utils.syncTx(ac, tx -> { RoleDao roleDao = tx.roleDao(); UserDao userDao = tx.userDao(); diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java b/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java index 84d9eecdd2..f8a58e5d5e 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java @@ -37,8 +37,9 @@ import com.gentics.mesh.core.db.Tx; import com.gentics.mesh.core.endpoint.handler.AbstractHandler; import com.gentics.mesh.core.rest.common.ContainerType; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.tag.TagResponse; import com.gentics.mesh.core.verticle.handler.HandlerUtilities; @@ -249,7 +250,7 @@ public void handleGrantPermissions(InternalActionContext ac, String tagFamilyUui validateParameter(tagFamilyUuid, "tagFamilyUuid"); validateParameter(tagUuid, "tagUuid"); - ObjectPermissionRequest update = ac.fromJson(ObjectPermissionRequest.class); + ObjectPermissionGrantRequest update = ac.fromJson(ObjectPermissionGrantRequest.class); utils.syncTx(ac, tx -> { RoleDao roleDao = tx.roleDao(); UserDao userDao = tx.userDao(); @@ -302,6 +303,16 @@ public void handleGrantPermissions(InternalActionContext ac, String tagFamilyUui Set rolesToRevoke = new HashSet<>(allRoles); // remove all roles, which get the permission granted rolesToRevoke.removeAll(rolesToSet); + + // remove all roles, which should be ignored + if (update.getIgnore() != null) { + rolesToRevoke.removeIf(role -> { + return update.getIgnore().stream().filter(ign -> { + return StringUtils.equals(ign.getUuid(), role.getUuid()) || StringUtils.equals(ign.getName(), role.getName()); + }).findAny().isPresent(); + }); + } + // remove all roles without UPDATE_PERM rolesToRevoke.removeIf(role -> !userDao.hasPermission(requestUser, role, UPDATE_PERM)); @@ -336,7 +347,7 @@ public void handleRevokePermissions(InternalActionContext ac, String tagFamilyUu validateParameter(tagFamilyUuid, "tagFamilyUuid"); validateParameter(tagUuid, "tagUuid"); - ObjectPermissionRequest update = ac.fromJson(ObjectPermissionRequest.class); + ObjectPermissionRevokeRequest update = ac.fromJson(ObjectPermissionRevokeRequest.class); utils.syncTx(ac, tx -> { RoleDao roleDao = tx.roleDao(); UserDao userDao = tx.userDao(); diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java index 41fa3906ee..6723e38ad1 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java @@ -198,7 +198,7 @@ private void addTagRolePermissionHandler() { readPermissionsEndpoint.addUriParameter("tagFamilyUuid", "Uuid of the tag family.", TAGFAMILY_COLORS_UUID); readPermissionsEndpoint.addUriParameter("tagUuid", "Uuid of the tag.", TAG_BLUE_UUID); grantPermissionsEndpoint.method(POST); - grantPermissionsEndpoint.description("Grant permissions on the tag for multiple roles."); + grantPermissionsEndpoint.description("Grant permissions on the tag to multiple roles."); grantPermissionsEndpoint.consumes(APPLICATION_JSON); grantPermissionsEndpoint.produces(APPLICATION_JSON); grantPermissionsEndpoint.exampleRequest((String)null); // TODO @@ -210,6 +210,24 @@ private void addTagRolePermissionHandler() { String uuid = PathParameters.getTagUuid(rc); tagCrudHandler.handleGrantPermissions(ac, tagFamilyUuid, uuid); }); + + InternalEndpointRoute revokePermissionsEndpoint = createRoute(); + revokePermissionsEndpoint.path("/:tagFamilyUuid/tags/:tagUuid/rolePermissions"); + readPermissionsEndpoint.addUriParameter("tagFamilyUuid", "Uuid of the tag family.", TAGFAMILY_COLORS_UUID); + readPermissionsEndpoint.addUriParameter("tagUuid", "Uuid of the tag.", TAG_BLUE_UUID); + revokePermissionsEndpoint.method(DELETE); + revokePermissionsEndpoint.description("Revoke permissions on the tag from multiple roles."); + revokePermissionsEndpoint.consumes(APPLICATION_JSON); + revokePermissionsEndpoint.produces(APPLICATION_JSON); + revokePermissionsEndpoint.exampleRequest((String)null); // TODO + revokePermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Updated permissions."); + revokePermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); + revokePermissionsEndpoint.blockingHandler(rc -> { + InternalActionContext ac = wrap(rc); + String tagFamilyUuid = PathParameters.getTagFamilyUuid(rc); + String uuid = PathParameters.getTagUuid(rc); + tagCrudHandler.handleRevokePermissions(ac, tagFamilyUuid, uuid); + }); } private void addTaggedNodesHandler() { diff --git a/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java b/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java index b73f21d9c5..bc623d54d3 100644 --- a/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java +++ b/core/src/main/java/com/gentics/mesh/rest/MeshLocalClientImpl.java @@ -51,8 +51,9 @@ import com.gentics.mesh.core.rest.branch.info.BranchInfoMicroschemaList; import com.gentics.mesh.core.rest.branch.info.BranchInfoSchemaList; import com.gentics.mesh.core.rest.common.GenericMessageResponse; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.common.RestModel; import com.gentics.mesh.core.rest.graphql.GraphQLRequest; import com.gentics.mesh.core.rest.graphql.GraphQLResponse; @@ -1876,7 +1877,7 @@ public MeshRequest getBranchRolePermissions(String pro @Override public MeshRequest grantBranchRolePermissions(String projectName, String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setProject(projectName); ac.setPayloadObject(request); @@ -1886,7 +1887,7 @@ public MeshRequest grantBranchRolePermissions(String p @Override public MeshRequest revokeBranchRolePermissions(String projectName, String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setProject(projectName); ac.setPayloadObject(request); @@ -1903,7 +1904,7 @@ public MeshRequest getGroupRolePermissions(String uuid @Override public MeshRequest grantGroupRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setPayloadObject(request); groupCrudHandler.handleGrantPermissions(ac, uuid); @@ -1912,7 +1913,7 @@ public MeshRequest grantGroupRolePermissions(String uu @Override public MeshRequest revokeGroupRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setPayloadObject(request); groupCrudHandler.handleRevokePermissions(ac, uuid); @@ -1928,7 +1929,7 @@ public MeshRequest getMicroschemaRolePermissions(Strin @Override public MeshRequest grantMicroschemaRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setPayloadObject(request); microschemaCrudHandler.handleGrantPermissions(ac, uuid); @@ -1937,7 +1938,7 @@ public MeshRequest grantMicroschemaRolePermissions(Str @Override public MeshRequest revokeMicroschemaRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setPayloadObject(request); microschemaCrudHandler.handleRevokePermissions(ac, uuid); @@ -1954,7 +1955,7 @@ public MeshRequest getNodeRolePermissions(String proje @Override public MeshRequest grantNodeRolePermissions(String projectName, String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setProject(projectName); ac.setPayloadObject(request); @@ -1964,7 +1965,7 @@ public MeshRequest grantNodeRolePermissions(String pro @Override public MeshRequest revokeNodeRolePermissions(String projectName, String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setProject(projectName); ac.setPayloadObject(request); @@ -1981,7 +1982,7 @@ public MeshRequest getProjectRolePermissions(String uu @Override public MeshRequest grantProjectRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setPayloadObject(request); projectCrudHandler.handleGrantPermissions(ac, uuid); @@ -1990,7 +1991,7 @@ public MeshRequest grantProjectRolePermissions(String @Override public MeshRequest revokeProjectRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setPayloadObject(request); projectCrudHandler.handleRevokePermissions(ac, uuid); @@ -2006,7 +2007,7 @@ public MeshRequest getRoleRolePermissions(String uuid) @Override public MeshRequest grantRoleRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setPayloadObject(request); roleCrudHandler.handleGrantPermissions(ac, uuid); @@ -2015,7 +2016,7 @@ public MeshRequest grantRoleRolePermissions(String uui @Override public MeshRequest revokeRoleRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setPayloadObject(request); roleCrudHandler.handleRevokePermissions(ac, uuid); @@ -2031,7 +2032,7 @@ public MeshRequest getSchemaRolePermissions(String uui @Override public MeshRequest grantSchemaRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setPayloadObject(request); schemaCrudHandler.handleGrantPermissions(ac, uuid); @@ -2040,7 +2041,7 @@ public MeshRequest grantSchemaRolePermissions(String u @Override public MeshRequest revokeSchemaRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setPayloadObject(request); schemaCrudHandler.handleRevokePermissions(ac, uuid); @@ -2058,7 +2059,7 @@ public MeshRequest getTagFamilyRolePermissions(String @Override public MeshRequest grantTagFamilyRolePermissions(String projectName, String tagFamilyUuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setProject(projectName); ac.setParameter("tagFamilyUuid", tagFamilyUuid); @@ -2069,7 +2070,7 @@ public MeshRequest grantTagFamilyRolePermissions(Strin @Override public MeshRequest revokeTagFamilyRolePermissions(String projectName, String tagFamilyUuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setProject(projectName); ac.setParameter("tagFamilyUuid", tagFamilyUuid); @@ -2092,7 +2093,7 @@ public MeshRequest getTagRolePermissions(String projec @Override public MeshRequest grantTagRolePermissions(String projectName, String tagFamilyUuid, String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setProject(projectName); ac.setParameter("tagUuid", uuid); @@ -2105,7 +2106,7 @@ public MeshRequest grantTagRolePermissions(String proj @Override public MeshRequest revokeTagRolePermissions(String projectName, String tagFamilyUuid, String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setProject(projectName); ac.setParameter("tagUuid", uuid); @@ -2124,7 +2125,7 @@ public MeshRequest getUserRolePermissions(String uuid) @Override public MeshRequest grantUserRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setPayloadObject(request); userCrudHandler.handleGrantPermissions(ac, uuid); @@ -2133,7 +2134,7 @@ public MeshRequest grantUserRolePermissions(String uui @Override public MeshRequest revokeUserRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { LocalActionContextImpl ac = createContext(ObjectPermissionResponse.class); ac.setPayloadObject(request); userCrudHandler.handleRevokePermissions(ac, uuid); diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java index a55f9d5073..98e7b2fb31 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/impl/MeshRestHttpClientImpl.java @@ -35,8 +35,9 @@ import com.gentics.mesh.core.rest.branch.info.BranchInfoMicroschemaList; import com.gentics.mesh.core.rest.branch.info.BranchInfoSchemaList; import com.gentics.mesh.core.rest.common.GenericMessageResponse; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.common.RestModel; import com.gentics.mesh.core.rest.graphql.GraphQLRequest; import com.gentics.mesh.core.rest.graphql.GraphQLResponse; @@ -1675,7 +1676,7 @@ public MeshRequest getBranchRolePermissions(String pro @Override public MeshRequest grantBranchRolePermissions(String projectName, String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { Objects.requireNonNull(projectName, "projectName must not be null"); Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); @@ -1684,7 +1685,7 @@ public MeshRequest grantBranchRolePermissions(String p @Override public MeshRequest revokeBranchRolePermissions(String projectName, String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { Objects.requireNonNull(projectName, "projectName must not be null"); Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); @@ -1699,7 +1700,7 @@ public MeshRequest getGroupRolePermissions(String uuid @Override public MeshRequest grantGroupRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); return prepareRequest(POST, "/groups/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); @@ -1707,7 +1708,7 @@ public MeshRequest grantGroupRolePermissions(String uu @Override public MeshRequest revokeGroupRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); return prepareRequest(DELETE, "/groups/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); @@ -1721,7 +1722,7 @@ public MeshRequest getMicroschemaRolePermissions(Strin @Override public MeshRequest grantMicroschemaRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); return prepareRequest(POST, "/microschemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); @@ -1729,7 +1730,7 @@ public MeshRequest grantMicroschemaRolePermissions(Str @Override public MeshRequest revokeMicroschemaRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); return prepareRequest(DELETE, "/microschemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); @@ -1745,7 +1746,7 @@ public MeshRequest getNodeRolePermissions(String proje @Override public MeshRequest grantNodeRolePermissions(String projectName, String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { Objects.requireNonNull(projectName, "projectName must not be null"); Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); @@ -1754,7 +1755,7 @@ public MeshRequest grantNodeRolePermissions(String pro @Override public MeshRequest revokeNodeRolePermissions(String projectName, String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { Objects.requireNonNull(projectName, "projectName must not be null"); Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); @@ -1769,7 +1770,7 @@ public MeshRequest getProjectRolePermissions(String uu @Override public MeshRequest grantProjectRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); return prepareRequest(POST, "/projects/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); @@ -1777,7 +1778,7 @@ public MeshRequest grantProjectRolePermissions(String @Override public MeshRequest revokeProjectRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); return prepareRequest(DELETE, "/projects/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); @@ -1791,7 +1792,7 @@ public MeshRequest getRoleRolePermissions(String uuid) @Override public MeshRequest grantRoleRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); return prepareRequest(POST, "/roles/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); @@ -1799,7 +1800,7 @@ public MeshRequest grantRoleRolePermissions(String uui @Override public MeshRequest revokeRoleRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); return prepareRequest(DELETE, "/roles/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); @@ -1813,7 +1814,7 @@ public MeshRequest getSchemaRolePermissions(String uui @Override public MeshRequest grantSchemaRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); return prepareRequest(POST, "/schemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); @@ -1821,7 +1822,7 @@ public MeshRequest grantSchemaRolePermissions(String u @Override public MeshRequest revokeSchemaRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); return prepareRequest(DELETE, "/schemas/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); @@ -1837,7 +1838,7 @@ public MeshRequest getTagFamilyRolePermissions(String @Override public MeshRequest grantTagFamilyRolePermissions(String projectName, String tagFamilyUuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { Objects.requireNonNull(projectName, "projectName must not be null"); Objects.requireNonNull(tagFamilyUuid, "tagFamilyUuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); @@ -1846,7 +1847,7 @@ public MeshRequest grantTagFamilyRolePermissions(Strin @Override public MeshRequest revokeTagFamilyRolePermissions(String projectName, String tagFamilyUuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { Objects.requireNonNull(projectName, "projectName must not be null"); Objects.requireNonNull(tagFamilyUuid, "tagFamilyUuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); @@ -1865,7 +1866,7 @@ public MeshRequest getTagRolePermissions(String projec @Override public MeshRequest grantTagRolePermissions(String projectName, String tagFamilyUuid, String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { Objects.requireNonNull(projectName, "projectName must not be null"); Objects.requireNonNull(tagFamilyUuid, "tagFamilyUuid must not be null"); Objects.requireNonNull(uuid, "uuid must not be null"); @@ -1875,7 +1876,7 @@ public MeshRequest grantTagRolePermissions(String proj @Override public MeshRequest revokeTagRolePermissions(String projectName, String tagFamilyUuid, String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { Objects.requireNonNull(projectName, "projectName must not be null"); Objects.requireNonNull(tagFamilyUuid, "tagFamilyUuid must not be null"); Objects.requireNonNull(uuid, "uuid must not be null"); @@ -1891,7 +1892,7 @@ public MeshRequest getUserRolePermissions(String uuid) @Override public MeshRequest grantUserRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionGrantRequest request) { Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); return prepareRequest(POST, "/users/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); @@ -1899,7 +1900,7 @@ public MeshRequest grantUserRolePermissions(String uui @Override public MeshRequest revokeUserRolePermissions(String uuid, - ObjectPermissionRequest request) { + ObjectPermissionRevokeRequest request) { Objects.requireNonNull(uuid, "uuid must not be null"); Objects.requireNonNull(request, "objectPermissionRequest must not be null"); return prepareRequest(DELETE, "/users/" + uuid + "/rolePermissions", ObjectPermissionResponse.class, request); diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/BranchClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/BranchClientMethods.java index 001feb7db0..46906da38a 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/BranchClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/BranchClientMethods.java @@ -7,8 +7,9 @@ import com.gentics.mesh.core.rest.branch.info.BranchInfoMicroschemaList; import com.gentics.mesh.core.rest.branch.info.BranchInfoSchemaList; import com.gentics.mesh.core.rest.common.GenericMessageResponse; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.schema.MicroschemaReference; import com.gentics.mesh.core.rest.schema.SchemaReference; import com.gentics.mesh.core.rest.tag.TagListResponse; @@ -227,7 +228,7 @@ MeshRequest assignBranchMicroschemaVersions(String pr * @param request request * @return mesh request */ - MeshRequest grantBranchRolePermissions(String projectName, String uuid, ObjectPermissionRequest request); + MeshRequest grantBranchRolePermissions(String projectName, String uuid, ObjectPermissionGrantRequest request); /** * Revoke permissions on the branch from roles @@ -238,5 +239,5 @@ MeshRequest assignBranchMicroschemaVersions(String pr * @param request request * @return mesh request */ - MeshRequest revokeBranchRolePermissions(String projectName, String uuid, ObjectPermissionRequest request); + MeshRequest revokeBranchRolePermissions(String projectName, String uuid, ObjectPermissionRevokeRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java index 25d81e1a92..fdae5c62e7 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/GroupClientMethods.java @@ -1,7 +1,8 @@ package com.gentics.mesh.rest.client.method; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.group.GroupCreateRequest; import com.gentics.mesh.core.rest.group.GroupListResponse; import com.gentics.mesh.core.rest.group.GroupResponse; @@ -116,7 +117,7 @@ public interface GroupClientMethods { * @param request request * @return mesh request */ - MeshRequest grantGroupRolePermissions(String uuid, ObjectPermissionRequest request); + MeshRequest grantGroupRolePermissions(String uuid, ObjectPermissionGrantRequest request); /** * Revoke permissions on the group from roles @@ -124,5 +125,5 @@ public interface GroupClientMethods { * @param request request * @return mesh request */ - MeshRequest revokeGroupRolePermissions(String uuid, ObjectPermissionRequest request); + MeshRequest revokeGroupRolePermissions(String uuid, ObjectPermissionRevokeRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java index ded90f4a06..08e95c87cc 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/MicroschemaClientMethods.java @@ -1,8 +1,9 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.microschema.impl.MicroschemaCreateRequest; import com.gentics.mesh.core.rest.microschema.impl.MicroschemaResponse; import com.gentics.mesh.core.rest.microschema.impl.MicroschemaUpdateRequest; @@ -99,7 +100,7 @@ public interface MicroschemaClientMethods { * @param request request * @return mesh request */ - MeshRequest grantMicroschemaRolePermissions(String uuid, ObjectPermissionRequest request); + MeshRequest grantMicroschemaRolePermissions(String uuid, ObjectPermissionGrantRequest request); /** * Revoke permissions on the microschema from roles @@ -107,5 +108,5 @@ public interface MicroschemaClientMethods { * @param request request * @return mesh request */ - MeshRequest revokeMicroschemaRolePermissions(String uuid, ObjectPermissionRequest request); + MeshRequest revokeMicroschemaRolePermissions(String uuid, ObjectPermissionRevokeRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java index a66f4d8773..2918aaa221 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/NodeClientMethods.java @@ -1,7 +1,8 @@ package com.gentics.mesh.rest.client.method; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.node.NodeCreateRequest; import com.gentics.mesh.core.rest.node.NodeListResponse; import com.gentics.mesh.core.rest.node.NodeResponse; @@ -322,7 +323,7 @@ default MeshRequest takeNodeLanguage(String projectName, String n * @param request request * @return mesh request */ - MeshRequest grantNodeRolePermissions(String projectName, String uuid, ObjectPermissionRequest request); + MeshRequest grantNodeRolePermissions(String projectName, String uuid, ObjectPermissionGrantRequest request); /** * Revoke permissions on the node from roles @@ -333,5 +334,5 @@ default MeshRequest takeNodeLanguage(String projectName, String n * @param request request * @return mesh request */ - MeshRequest revokeNodeRolePermissions(String projectName, String uuid, ObjectPermissionRequest request); + MeshRequest revokeNodeRolePermissions(String projectName, String uuid, ObjectPermissionRevokeRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java index dbcc146b4b..9277f4f9a2 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/ProjectClientMethods.java @@ -1,8 +1,9 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.project.ProjectCreateRequest; import com.gentics.mesh.core.rest.project.ProjectListResponse; import com.gentics.mesh.core.rest.project.ProjectResponse; @@ -120,7 +121,7 @@ public interface ProjectClientMethods { * @param request request * @return mesh request */ - MeshRequest grantProjectRolePermissions(String uuid, ObjectPermissionRequest request); + MeshRequest grantProjectRolePermissions(String uuid, ObjectPermissionGrantRequest request); /** * Revoke permissions on the project from roles @@ -128,5 +129,5 @@ public interface ProjectClientMethods { * @param request request * @return mesh request */ - MeshRequest revokeProjectRolePermissions(String uuid, ObjectPermissionRequest request); + MeshRequest revokeProjectRolePermissions(String uuid, ObjectPermissionRevokeRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java index 2e15f2cf6a..b65478a8ad 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/RoleClientMethods.java @@ -1,8 +1,9 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.role.RoleCreateRequest; import com.gentics.mesh.core.rest.role.RoleListResponse; import com.gentics.mesh.core.rest.role.RolePermissionRequest; @@ -117,7 +118,7 @@ public interface RoleClientMethods { * @param request request * @return mesh request */ - MeshRequest grantRoleRolePermissions(String uuid, ObjectPermissionRequest request); + MeshRequest grantRoleRolePermissions(String uuid, ObjectPermissionGrantRequest request); /** * Revoke permissions on the role from roles @@ -125,5 +126,5 @@ public interface RoleClientMethods { * @param request request * @return mesh request */ - MeshRequest revokeRoleRolePermissions(String uuid, ObjectPermissionRequest request); + MeshRequest revokeRoleRolePermissions(String uuid, ObjectPermissionRevokeRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java index 953872fabd..50519357e2 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/SchemaClientMethods.java @@ -1,8 +1,9 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.microschema.impl.MicroschemaResponse; import com.gentics.mesh.core.rest.schema.MicroschemaListResponse; import com.gentics.mesh.core.rest.schema.SchemaListResponse; @@ -186,7 +187,7 @@ public interface SchemaClientMethods { * @param request request * @return mesh request */ - MeshRequest grantSchemaRolePermissions(String uuid, ObjectPermissionRequest request); + MeshRequest grantSchemaRolePermissions(String uuid, ObjectPermissionGrantRequest request); /** * Revoke permissions on the schema from roles @@ -194,5 +195,5 @@ public interface SchemaClientMethods { * @param request request * @return mesh request */ - MeshRequest revokeSchemaRolePermissions(String uuid, ObjectPermissionRequest request); + MeshRequest revokeSchemaRolePermissions(String uuid, ObjectPermissionRevokeRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java index 63f9c573d8..f57da8ba48 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagClientMethods.java @@ -1,7 +1,8 @@ package com.gentics.mesh.rest.client.method; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.tag.TagCreateRequest; import com.gentics.mesh.core.rest.tag.TagListResponse; import com.gentics.mesh.core.rest.tag.TagResponse; @@ -114,7 +115,7 @@ public interface TagClientMethods { * @param request request * @return mesh request */ - MeshRequest grantTagRolePermissions(String projectName, String tagFamilyUuid, String uuid, ObjectPermissionRequest request); + MeshRequest grantTagRolePermissions(String projectName, String tagFamilyUuid, String uuid, ObjectPermissionGrantRequest request); /** * Revoke permissions on the tag from roles @@ -126,5 +127,5 @@ public interface TagClientMethods { * @param request request * @return mesh request */ - MeshRequest revokeTagRolePermissions(String projectName, String tagFamilyUuid, String uuid, ObjectPermissionRequest request); + MeshRequest revokeTagRolePermissions(String projectName, String tagFamilyUuid, String uuid, ObjectPermissionRevokeRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java index 6b4a26cb87..bf6e9d3bfa 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/TagFamilyClientMethods.java @@ -1,7 +1,8 @@ package com.gentics.mesh.rest.client.method; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.tag.TagFamilyCreateRequest; import com.gentics.mesh.core.rest.tag.TagFamilyListResponse; import com.gentics.mesh.core.rest.tag.TagFamilyResponse; @@ -114,7 +115,7 @@ public interface TagFamilyClientMethods { * @param request request * @return mesh request */ - MeshRequest grantTagFamilyRolePermissions(String projectName, String tagFamilyUuid, ObjectPermissionRequest request); + MeshRequest grantTagFamilyRolePermissions(String projectName, String tagFamilyUuid, ObjectPermissionGrantRequest request); /** * Revoke permissions on the tag family from roles @@ -126,5 +127,5 @@ public interface TagFamilyClientMethods { * @param request request * @return mesh request */ - MeshRequest revokeTagFamilyRolePermissions(String projectName, String tagFamilyUuid, ObjectPermissionRequest request); + MeshRequest revokeTagFamilyRolePermissions(String projectName, String tagFamilyUuid, ObjectPermissionRevokeRequest request); } diff --git a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java index 4ee431bcc4..07f3ee83c7 100644 --- a/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java +++ b/rest-client/src/main/java/com/gentics/mesh/rest/client/method/UserClientMethods.java @@ -1,8 +1,9 @@ package com.gentics.mesh.rest.client.method; import com.gentics.mesh.core.rest.common.GenericMessageResponse; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.user.UserAPITokenResponse; import com.gentics.mesh.core.rest.user.UserCreateRequest; import com.gentics.mesh.core.rest.user.UserListResponse; @@ -136,7 +137,7 @@ public interface UserClientMethods { * @param request request * @return mesh request */ - MeshRequest grantUserRolePermissions(String uuid, ObjectPermissionRequest request); + MeshRequest grantUserRolePermissions(String uuid, ObjectPermissionGrantRequest request); /** * Revoke permissions on the user from roles @@ -144,5 +145,5 @@ public interface UserClientMethods { * @param request request * @return mesh request */ - MeshRequest revokeUserRolePermissions(String uuid, ObjectPermissionRequest request); + MeshRequest revokeUserRolePermissions(String uuid, ObjectPermissionRevokeRequest request); } diff --git a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionGrantRequest.java b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionGrantRequest.java new file mode 100644 index 0000000000..6ff0ae5677 --- /dev/null +++ b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionGrantRequest.java @@ -0,0 +1,104 @@ +package com.gentics.mesh.core.rest.common; + +import java.util.Set; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyDescription; +import com.gentics.mesh.core.rest.role.RoleReference; + +/** + * Request to grant permissions to multiple roles + */ +public class ObjectPermissionGrantRequest extends ObjectPermissionResponse { + @JsonProperty(required = false, defaultValue = "false") + @JsonPropertyDescription("Flag which indicates whether the permissions granted to only the given roles (will be revoked from all other roles).") + private boolean exclusive = false; + + @JsonProperty(required = true) + @JsonPropertyDescription("Roles which are ignored when the exclusive flag is set.") + private Set ignore; + + /** + * Flag that indicated that the request should be executed exclusively. + * + * @return Flag value + */ + public boolean isExclusive() { + return exclusive; + } + + /** + * Set the flag which indicated whether the permission changes should be applied exclusively. + * + * @param exclusive + * Flag value + * @return Fluent API + */ + public ObjectPermissionGrantRequest setExclusive(boolean exclusive) { + this.exclusive = exclusive; + return this; + } + + public Set getIgnore() { + return ignore; + } + + public ObjectPermissionGrantRequest setIgnore(Set ignore) { + this.ignore = ignore; + return this; + } + + @Override + public ObjectPermissionGrantRequest setCreate(Set create) { + super.setCreate(create); + return this; + } + + @Override + public ObjectPermissionGrantRequest setRead(Set read) { + super.setRead(read); + return this; + } + + @Override + public ObjectPermissionGrantRequest setUpdate(Set update) { + super.setUpdate(update); + return this; + } + + @Override + public ObjectPermissionGrantRequest setDelete(Set delete) { + super.setDelete(delete); + return this; + } + + @Override + public ObjectPermissionGrantRequest setPublish(Set publish) { + super.setPublish(publish); + return this; + } + + @Override + public ObjectPermissionGrantRequest setReadPublished(Set readPublished) { + super.setReadPublished(readPublished); + return this; + } + + @Override + public ObjectPermissionGrantRequest add(RoleReference role, Permission permission) { + super.add(role, permission); + return this; + } + + @Override + public ObjectPermissionGrantRequest set(RoleReference role, Permission perm, boolean flag) { + super.set(role, perm, flag); + return this; + } + + @Override + public ObjectPermissionGrantRequest setOthers(boolean includePublishPermissions) { + super.setOthers(includePublishPermissions); + return this; + } +} diff --git a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRequest.java b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRequest.java deleted file mode 100644 index 7546ff29aa..0000000000 --- a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRequest.java +++ /dev/null @@ -1,31 +0,0 @@ -package com.gentics.mesh.core.rest.common; - -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonPropertyDescription; - -public class ObjectPermissionRequest extends ObjectPermissionResponse { - @JsonProperty(required = false, defaultValue = "false") - @JsonPropertyDescription("Flag which indicates whether the permissions granted to only the given roles (will be revoked from all other roles).") - private boolean exclusive = false; - - /** - * Flag that indicated that the request should be executed exclusively. - * - * @return Flag value - */ - public boolean isExclusive() { - return exclusive; - } - - /** - * Set the flag which indicated whether the permission changes should be applied exclusively. - * - * @param exclusive - * Flag value - * @return Fluent API - */ - public ObjectPermissionRequest setExclusive(boolean exclusive) { - this.exclusive = exclusive; - return this; - } -} diff --git a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java index e53e381b01..6d6cfbb394 100644 --- a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java +++ b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java @@ -8,6 +8,9 @@ import com.fasterxml.jackson.annotation.JsonPropertyDescription; import com.gentics.mesh.core.rest.role.RoleReference; +/** + * Response containing object permissions on all roles + */ public class ObjectPermissionResponse implements RestModel { @JsonProperty(required = true) @JsonPropertyDescription("Roles to which the create permission is granted.") diff --git a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRevokeRequest.java b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRevokeRequest.java new file mode 100644 index 0000000000..97e19875fa --- /dev/null +++ b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRevokeRequest.java @@ -0,0 +1,64 @@ +package com.gentics.mesh.core.rest.common; + +import java.util.Set; + +import com.gentics.mesh.core.rest.role.RoleReference; + +/** + * Request to revoke permissions from multiple roles + */ +public class ObjectPermissionRevokeRequest extends ObjectPermissionResponse { + @Override + public ObjectPermissionRevokeRequest setCreate(Set create) { + super.setCreate(create); + return this; + } + + @Override + public ObjectPermissionRevokeRequest setRead(Set read) { + super.setRead(read); + return this; + } + + @Override + public ObjectPermissionRevokeRequest setUpdate(Set update) { + super.setUpdate(update); + return this; + } + + @Override + public ObjectPermissionRevokeRequest setDelete(Set delete) { + super.setDelete(delete); + return this; + } + + @Override + public ObjectPermissionRevokeRequest setPublish(Set publish) { + super.setPublish(publish); + return this; + } + + @Override + public ObjectPermissionRevokeRequest setReadPublished(Set readPublished) { + super.setReadPublished(readPublished); + return this; + } + + @Override + public ObjectPermissionRevokeRequest add(RoleReference role, Permission permission) { + super.add(role, permission); + return this; + } + + @Override + public ObjectPermissionRevokeRequest set(RoleReference role, Permission perm, boolean flag) { + super.set(role, perm, flag); + return this; + } + + @Override + public ObjectPermissionRevokeRequest setOthers(boolean includePublishPermissions) { + super.setOthers(includePublishPermissions); + return this; + } +} diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchRolePermissionsEndpointTest.java index 09cf371b2b..b05d072a21 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/branch/BranchRolePermissionsEndpointTest.java @@ -4,8 +4,9 @@ import static com.gentics.mesh.test.TestSize.FULL; import com.gentics.mesh.core.data.HibBaseElement; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.test.MeshTestSetting; import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; @@ -27,12 +28,12 @@ protected ClientHandler getRolePermissions() { } @Override - protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler grantRolePermissions(ObjectPermissionGrantRequest request) { return () -> client().grantBranchRolePermissions(PROJECT_NAME, getTestedUuid(), request); } @Override - protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler revokeRolePermissions(ObjectPermissionRevokeRequest request) { return () -> client().revokeBranchRolePermissions(PROJECT_NAME, getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java index 58cf1095cd..0e32964bf8 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/group/GroupRolePermissionsEndpointTest.java @@ -3,8 +3,9 @@ import static com.gentics.mesh.test.TestSize.PROJECT_AND_NODE; import com.gentics.mesh.core.data.HibBaseElement; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.test.MeshTestSetting; import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; @@ -26,12 +27,12 @@ protected ClientHandler getRolePermissions() { } @Override - protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler grantRolePermissions(ObjectPermissionGrantRequest request) { return () -> client().grantGroupRolePermissions(getTestedUuid(), request); } @Override - protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler revokeRolePermissions(ObjectPermissionRevokeRequest request) { return () -> client().revokeGroupRolePermissions(getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java index f4fad17f0a..65114f4235 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/node/NodeRolePermissionsEndpointTest.java @@ -4,8 +4,9 @@ import static com.gentics.mesh.test.TestSize.PROJECT_AND_NODE; import com.gentics.mesh.core.data.HibBaseElement; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.test.MeshTestSetting; import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; @@ -27,12 +28,12 @@ protected ClientHandler getRolePermissions() { } @Override - protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler grantRolePermissions(ObjectPermissionGrantRequest request) { return () -> client().grantNodeRolePermissions(PROJECT_NAME, getTestedUuid(), request); } @Override - protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler revokeRolePermissions(ObjectPermissionRevokeRequest request) { return () -> client().revokeNodeRolePermissions(PROJECT_NAME, getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java index 422dcf4cca..6458fe2da2 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/project/ProjectRolePermissionsEndpointTest.java @@ -3,8 +3,9 @@ import static com.gentics.mesh.test.TestSize.PROJECT_AND_NODE; import com.gentics.mesh.core.data.HibBaseElement; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.test.MeshTestSetting; import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; @@ -26,12 +27,12 @@ protected ClientHandler getRolePermissions() { } @Override - protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler grantRolePermissions(ObjectPermissionGrantRequest request) { return () -> client().grantProjectRolePermissions(getTestedUuid(), request); } @Override - protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler revokeRolePermissions(ObjectPermissionRevokeRequest request) { return () -> client().revokeProjectRolePermissions(getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java index da3cb1e4be..18988fa29c 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/role/RoleRolePermissionsEndpointTest.java @@ -3,8 +3,9 @@ import static com.gentics.mesh.test.TestSize.PROJECT_AND_NODE; import com.gentics.mesh.core.data.HibBaseElement; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.test.MeshTestSetting; import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; @@ -26,12 +27,12 @@ protected ClientHandler getRolePermissions() { } @Override - protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler grantRolePermissions(ObjectPermissionGrantRequest request) { return () -> client().grantRoleRolePermissions(getTestedUuid(), request); } @Override - protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler revokeRolePermissions(ObjectPermissionRevokeRequest request) { return () -> client().revokeRoleRolePermissions(getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java index 2023215c50..b37429f7b1 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/MicroschemaRolePermissionsEndpointTest.java @@ -3,8 +3,9 @@ import static com.gentics.mesh.test.TestSize.FULL; import com.gentics.mesh.core.data.HibBaseElement; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.test.MeshTestSetting; import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; @@ -26,12 +27,12 @@ protected ClientHandler getRolePermissions() { } @Override - protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler grantRolePermissions(ObjectPermissionGrantRequest request) { return () -> client().grantMicroschemaRolePermissions(getTestedUuid(), request); } @Override - protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler revokeRolePermissions(ObjectPermissionRevokeRequest request) { return () -> client().revokeMicroschemaRolePermissions(getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java index 1c82529794..76f793349f 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/schema/SchemaRolePermissionsEndpointTest.java @@ -3,8 +3,9 @@ import static com.gentics.mesh.test.TestSize.FULL; import com.gentics.mesh.core.data.HibBaseElement; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.test.MeshTestSetting; import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; @@ -26,12 +27,12 @@ protected ClientHandler getRolePermissions() { } @Override - protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler grantRolePermissions(ObjectPermissionGrantRequest request) { return () -> client().grantSchemaRolePermissions(getTestedUuid(), request); } @Override - protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler revokeRolePermissions(ObjectPermissionRevokeRequest request) { return () -> client().revokeRoleRolePermissions(getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java index 25ec2e268a..5fa943dea9 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/tag/TagRolePermissionsEndpointTest.java @@ -4,8 +4,9 @@ import static com.gentics.mesh.test.TestSize.FULL; import com.gentics.mesh.core.data.HibBaseElement; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.test.MeshTestSetting; import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; @@ -29,14 +30,14 @@ protected ClientHandler getRolePermissions() { } @Override - protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler grantRolePermissions(ObjectPermissionGrantRequest request) { String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); String uuid = getTestedUuid(); return () -> client().grantTagRolePermissions(PROJECT_NAME, tagFamilyUuid, uuid, request); } @Override - protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler revokeRolePermissions(ObjectPermissionRevokeRequest request) { String tagFamilyUuid = tx(() -> tagFamily("colors").getUuid()); String uuid = getTestedUuid(); return () -> client().revokeTagRolePermissions(PROJECT_NAME, tagFamilyUuid, uuid, request); diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java index 20a3fb195e..1475b88912 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/tagfamily/TagFamilyRolePermissionsEndpointTest.java @@ -4,8 +4,9 @@ import static com.gentics.mesh.test.TestSize.FULL; import com.gentics.mesh.core.data.HibBaseElement; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.test.MeshTestSetting; import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; @@ -27,12 +28,12 @@ protected ClientHandler getRolePermissions() { } @Override - protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler grantRolePermissions(ObjectPermissionGrantRequest request) { return () -> client().grantTagFamilyRolePermissions(PROJECT_NAME, getTestedUuid(), request); } @Override - protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler revokeRolePermissions(ObjectPermissionRevokeRequest request) { return () -> client().revokeTagFamilyRolePermissions(PROJECT_NAME, getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java index cb94938c37..6740c79847 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/core/user/UserRolePermissionsEndpointTest.java @@ -3,8 +3,9 @@ import static com.gentics.mesh.test.TestSize.PROJECT_AND_NODE; import com.gentics.mesh.core.data.HibBaseElement; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.test.MeshTestSetting; import com.gentics.mesh.test.context.AbstractRolePermissionEndpointTest; import com.gentics.mesh.test.context.ClientHandler; @@ -26,12 +27,12 @@ protected ClientHandler getRolePermissions() { } @Override - protected ClientHandler grantRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler grantRolePermissions(ObjectPermissionGrantRequest request) { return () -> client().grantUserRolePermissions(getTestedUuid(), request); } @Override - protected ClientHandler revokeRolePermissions(ObjectPermissionRequest request) { + protected ClientHandler revokeRolePermissions(ObjectPermissionRevokeRequest request) { return () -> client().revokeUserRolePermissions(getTestedUuid(), request); } } diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java index c074c5bfce..abdf405608 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java @@ -10,6 +10,7 @@ import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; import static org.assertj.core.api.Assertions.assertThat; +import java.util.Collections; import java.util.Set; import org.junit.Test; @@ -17,8 +18,9 @@ import com.gentics.mesh.core.data.HibBaseElement; import com.gentics.mesh.core.data.perm.InternalPermission; import com.gentics.mesh.core.data.role.HibRole; -import com.gentics.mesh.core.rest.common.ObjectPermissionRequest; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.util.UUIDUtil; @@ -91,7 +93,7 @@ public void testGrantRolePermissionsByUuid() { RoleReference anonymous = tx(() -> roles().get("anonymous").transformToReference()); RoleReference testRole = tx(() -> role().transformToReference()); - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); request.set(new RoleReference().setUuid(anonymousUuid), READ_PERM.getRestPerm(), true); ObjectPermissionResponse response = call(grantRolePermissions(request)); assertThat(response).as("Response").isNotNull(); @@ -107,7 +109,7 @@ public void testGrantRolePermissionsByName() { RoleReference anonymous = tx(() -> roles().get("anonymous").transformToReference()); RoleReference testRole = tx(() -> role().transformToReference()); - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); request.set(new RoleReference().setName("anonymous"), UPDATE_PERM.getRestPerm(), true); ObjectPermissionResponse response = call(grantRolePermissions(request)); assertThat(response).as("Response").isNotNull(); @@ -121,7 +123,7 @@ public void testGrantRolePermissionsByName() { @Test public void testGrantUnknownRolePermissionsByUuid() { String randomUUID = UUIDUtil.randomUUID(); - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); request.set(new RoleReference().setUuid(randomUUID), UPDATE_PERM.getRestPerm(), true); call(grantRolePermissions(request), NOT_FOUND, "object_not_found_for_uuid", randomUUID); } @@ -131,7 +133,7 @@ public void testGrantUnknownRolePermissionsByUuid() { */ @Test public void testGrantUnknownRolePermissionsByName() { - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); request.set(new RoleReference().setName("bogus"), DELETE_PERM.getRestPerm(), true); call(grantRolePermissions(request), NOT_FOUND, "object_not_found_for_name", "bogus"); } @@ -141,7 +143,7 @@ public void testGrantUnknownRolePermissionsByName() { */ @Test public void testGrantInvalidRolePermissions() { - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); request.set(new RoleReference(), CREATE_PERM.getRestPerm(), true); call(grantRolePermissions(request), BAD_REQUEST, "role_reference_uuid_or_name_missing"); } @@ -166,7 +168,7 @@ public void testGrantRolePermissionsExclusive() { tx.roleDao().grantPermissions(adminObj, getTestedElement(), UPDATE_PERM, CREATE_PERM, READ_PERM); }); - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); request.set(new RoleReference().setUuid(anonymousUuid), CREATE_PERM.getRestPerm(), true); request.set(new RoleReference().setUuid(anonymousUuid), DELETE_PERM.getRestPerm(), true); request.setExclusive(true); @@ -184,6 +186,45 @@ public void testGrantRolePermissionsExclusive() { assertThat(adminPermissions).as("Permissions for role admin").isNotNull().containsOnly(UPDATE_PERM, CREATE_PERM, READ_PERM); } + /** + * Test granting roles permissions exclusively while ignoring roles + */ + @Test + public void testGrantRolePermissionsExclusiveWithIgnore() { + String anonymousUuid = tx(() -> roles().get("anonymous").getUuid()); + RoleReference anonymous = tx(() -> roles().get("anonymous").transformToReference()); + RoleReference testRole = tx(() -> role().transformToReference()); + + tx(tx -> { + HibRole adminObj = roles().get("admin"); + HibRole testRoleObj = role(); + + // revoke the permission on the admin role + tx.roleDao().revokePermissions(testRoleObj, adminObj, READ_PERM); + + // grant some permissions to the admin role + tx.roleDao().grantPermissions(adminObj, getTestedElement(), UPDATE_PERM, CREATE_PERM, READ_PERM); + }); + + ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); + request.set(new RoleReference().setUuid(anonymousUuid), CREATE_PERM.getRestPerm(), true); + request.set(new RoleReference().setUuid(anonymousUuid), DELETE_PERM.getRestPerm(), true); + request.setExclusive(true); + request.setIgnore(Collections.singleton(testRole)); + ObjectPermissionResponse response = call(grantRolePermissions(request)); + assertThat(response).as("Response").isNotNull(); + assertThat(response.getRead()).as("Roles with read permission").isNotNull().containsOnly(testRole); + assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().containsOnly(testRole); + assertThat(response.getCreate()).as("Roles with create permission").isNotNull().containsOnly(anonymous, testRole); + assertThat(response.getDelete()).as("Roles with delete permission").isNotNull().containsOnly(anonymous, testRole); + + // check that admin permissions were not changed + Set adminPermissions = tx(tx -> { + return tx.roleDao().getPermissions(roles().get("admin"), getTestedElement()); + }); + assertThat(adminPermissions).as("Permissions for role admin").isNotNull().containsOnly(UPDATE_PERM, CREATE_PERM, READ_PERM); + } + /** * Test granting role without permission on the entity */ @@ -191,7 +232,7 @@ public void testGrantRolePermissionsExclusive() { public void testGrantRoleWithoutPermission() { String uuid = getTestedUuid(); revokeReadOnTestedElement(); - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); call(grantRolePermissions(request), FORBIDDEN, "error_missing_perm", uuid, READ_PERM.getRestPerm().getName()); } @@ -203,7 +244,7 @@ public void testGrantRoleWithoutReadPermissionOnRole() { String testRoleUuid = tx(() -> role().getUuid()); RoleReference testRoleRef = tx(() -> role().transformToReference()); revokeReadOnRole(); - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); request.set(testRoleRef, CREATE_PERM.getRestPerm(), true); call(grantRolePermissions(request), NOT_FOUND, "object_not_found_for_uuid", testRoleUuid); } @@ -216,13 +257,11 @@ public void testGrantRoleWithoutUpdatePermissionOnRole() { String testRoleUuid = tx(() -> role().getUuid()); RoleReference testRoleRef = tx(() -> role().transformToReference()); revokeUpdateOnRole(); - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); request.set(testRoleRef, CREATE_PERM.getRestPerm(), true); call(grantRolePermissions(request), FORBIDDEN, "error_missing_perm", testRoleUuid, UPDATE_PERM.getRestPerm().getName()); } - // TODO more grant tests - /** * Test revoking permissions by uuid */ @@ -231,7 +270,7 @@ public void testRevokeRolePermissionsByUuid() { String testRoleUuid = tx(() -> role().getUuid()); RoleReference testRole = tx(() -> role().transformToReference()); - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); request.set(new RoleReference().setUuid(testRoleUuid), CREATE_PERM.getRestPerm(), true); ObjectPermissionResponse response = call(revokeRolePermissions(request)); assertThat(response).as("Response").isNotNull(); @@ -247,7 +286,7 @@ public void testRevokeRolePermissionsByName() { String testRoleName = tx(() -> role().getName()); RoleReference testRole = tx(() -> role().transformToReference()); - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); request.set(new RoleReference().setName(testRoleName), UPDATE_PERM.getRestPerm(), true); ObjectPermissionResponse response = call(revokeRolePermissions(request)); assertThat(response).as("Response").isNotNull(); @@ -261,7 +300,7 @@ public void testRevokeRolePermissionsByName() { @Test public void testRevokeUnknownRolePermissionsByUuid() { String randomUUID = UUIDUtil.randomUUID(); - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); request.set(new RoleReference().setUuid(randomUUID), UPDATE_PERM.getRestPerm(), true); call(revokeRolePermissions(request), NOT_FOUND, "object_not_found_for_uuid", randomUUID); } @@ -271,7 +310,7 @@ public void testRevokeUnknownRolePermissionsByUuid() { */ @Test public void testRevoketUnknownRolePermissionsByName() { - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); request.set(new RoleReference().setName("bogus"), DELETE_PERM.getRestPerm(), true); call(revokeRolePermissions(request), NOT_FOUND, "object_not_found_for_name", "bogus"); } @@ -281,7 +320,7 @@ public void testRevoketUnknownRolePermissionsByName() { */ @Test public void testRevokeInvalidRolePermissions() { - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); request.set(new RoleReference(), CREATE_PERM.getRestPerm(), true); call(revokeRolePermissions(request), BAD_REQUEST, "role_reference_uuid_or_name_missing"); } @@ -293,7 +332,7 @@ public void testRevokeInvalidRolePermissions() { public void testRevokeRoleWithoutPermission() { String uuid = getTestedUuid(); revokeReadOnTestedElement(); - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); call(revokeRolePermissions(request), FORBIDDEN, "error_missing_perm", uuid, READ_PERM.getRestPerm().getName()); } @@ -305,7 +344,7 @@ public void testRevokeRoleWithoutReadPermissionOnRole() { String testRoleUuid = tx(() -> role().getUuid()); RoleReference testRoleRef = tx(() -> role().transformToReference()); revokeReadOnRole(); - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); request.set(testRoleRef, CREATE_PERM.getRestPerm(), true); call(revokeRolePermissions(request), NOT_FOUND, "object_not_found_for_uuid", testRoleUuid); } @@ -318,13 +357,11 @@ public void testRevokeRoleWithoutUpdatePermissionOnRole() { String testRoleUuid = tx(() -> role().getUuid()); RoleReference testRoleRef = tx(() -> role().transformToReference()); revokeUpdateOnRole(); - ObjectPermissionRequest request = new ObjectPermissionRequest(); + ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); request.set(testRoleRef, CREATE_PERM.getRestPerm(), true); call(revokeRolePermissions(request), FORBIDDEN, "error_missing_perm", testRoleUuid, UPDATE_PERM.getRestPerm().getName()); } - // TODO more revoke tests - /** * Get the tested element (this method assumes a running transaction) * @return tested element @@ -377,12 +414,12 @@ protected void revokeUpdateOnRole() { * @param request request * @return client handler */ - protected abstract ClientHandler grantRolePermissions(ObjectPermissionRequest request); + protected abstract ClientHandler grantRolePermissions(ObjectPermissionGrantRequest request); /** * Get a client handler that revokes the role permissions from the tested element * @param request request * @return client handler */ - protected abstract ClientHandler revokeRolePermissions(ObjectPermissionRequest request); + protected abstract ClientHandler revokeRolePermissions(ObjectPermissionRevokeRequest request); } From 16e6fe870c6ad4a47da89a66c134ab1651fe03a3 Mon Sep 17 00:00:00 2001 From: Norbert Pomaroli Date: Thu, 6 Oct 2022 09:13:10 +0200 Subject: [PATCH 7/9] Change roles from Set to List Remove unnecessary methods --- .../endpoint/handler/AbstractCrudHandler.java | 5 +- .../core/endpoint/tag/TagCrudHandler.java | 5 +- .../gentics/mesh/example/RoleExamples.java | 22 ++--- .../common/ObjectPermissionGrantRequest.java | 26 ++--- .../rest/common/ObjectPermissionResponse.java | 95 ++++++++----------- .../common/ObjectPermissionRevokeRequest.java | 20 ++-- .../AbstractRolePermissionEndpointTest.java | 41 ++++---- 7 files changed, 89 insertions(+), 125 deletions(-) diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java b/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java index da2c6677db..ffcc4d4e33 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/handler/AbstractCrudHandler.java @@ -11,6 +11,7 @@ import static org.apache.commons.lang3.StringUtils.isEmpty; import java.util.HashSet; +import java.util.List; import java.util.Map; import java.util.Set; import java.util.function.Function; @@ -174,7 +175,7 @@ public void handleGrantPermissions(InternalActionContext ac, String uuid) { : InternalPermission.basicPermissions(); for (InternalPermission perm : possiblePermissions) { - Set roleRefsToSet = update.get(perm.getRestPerm()); + List roleRefsToSet = update.get(perm.getRestPerm()); if (roleRefsToSet != null) { Set rolesToSet = new HashSet<>(); for (RoleReference roleRef : roleRefsToSet) { @@ -269,7 +270,7 @@ public void handleRevokePermissions(InternalActionContext ac, String uuid) { : InternalPermission.basicPermissions(); for (InternalPermission perm : possiblePermissions) { - Set roleRefsToRevoke = update.get(perm.getRestPerm()); + List roleRefsToRevoke = update.get(perm.getRestPerm()); if (roleRefsToRevoke != null) { Set rolesToRevoke = new HashSet<>(); for (RoleReference roleRef : roleRefsToRevoke) { diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java b/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java index f8a58e5d5e..875d9510ef 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/tag/TagCrudHandler.java @@ -11,6 +11,7 @@ import static io.netty.handler.codec.http.HttpResponseStatus.OK; import java.util.HashSet; +import java.util.List; import java.util.Map; import java.util.Set; import java.util.function.Function; @@ -265,7 +266,7 @@ public void handleGrantPermissions(InternalActionContext ac, String tagFamilyUui InternalPermission[] possiblePermissions = InternalPermission.basicPermissions(); for (InternalPermission perm : possiblePermissions) { - Set roleRefsToSet = update.get(perm.getRestPerm()); + List roleRefsToSet = update.get(perm.getRestPerm()); if (roleRefsToSet != null) { Set rolesToSet = new HashSet<>(); for (RoleReference roleRef : roleRefsToSet) { @@ -362,7 +363,7 @@ public void handleRevokePermissions(InternalActionContext ac, String tagFamilyUu InternalPermission[] possiblePermissions = InternalPermission.basicPermissions(); for (InternalPermission perm : possiblePermissions) { - Set roleRefsToRevoke = update.get(perm.getRestPerm()); + List roleRefsToRevoke = update.get(perm.getRestPerm()); if (roleRefsToRevoke != null) { Set rolesToRevoke = new HashSet<>(); for (RoleReference roleRef : roleRefsToRevoke) { diff --git a/mdm/common/src/main/java/com/gentics/mesh/example/RoleExamples.java b/mdm/common/src/main/java/com/gentics/mesh/example/RoleExamples.java index 3f66101241..c9fe462da5 100644 --- a/mdm/common/src/main/java/com/gentics/mesh/example/RoleExamples.java +++ b/mdm/common/src/main/java/com/gentics/mesh/example/RoleExamples.java @@ -12,6 +12,7 @@ import static com.gentics.mesh.example.ExampleUuids.ROLE_CLIENT_UUID; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import com.gentics.mesh.core.rest.Examples; @@ -103,22 +104,13 @@ public ObjectPermissionResponse getObjectPermissionResponse(boolean includePubli RoleReference role1 = Examples.roleRef(); RoleReference role2 = Examples.roleRef2(); - response.set(role1, CREATE, false); - response.set(role1, READ, true); - response.set(role1, UPDATE, true); - response.set(role1, DELETE, false); + response.setCreate(Arrays.asList(role2)); + response.setRead(Arrays.asList(role1, role2)); + response.setUpdate(Arrays.asList(role1, role2)); + response.setDelete(Arrays.asList(role2)); if (includePublishPermissions) { - response.set(role1, READ_PUBLISHED, true); - response.set(role1, PUBLISH, false); - } - - response.set(role2, CREATE, true); - response.set(role2, READ, true); - response.set(role2, UPDATE, true); - response.set(role2, DELETE, true); - if (includePublishPermissions) { - response.set(role2, READ_PUBLISHED, true); - response.set(role2, PUBLISH, true); + response.setReadPublished(Arrays.asList(role1, role2)); + response.setPublish(Arrays.asList(role2)); } response.setOthers(includePublishPermissions); diff --git a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionGrantRequest.java b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionGrantRequest.java index 6ff0ae5677..94de790646 100644 --- a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionGrantRequest.java +++ b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionGrantRequest.java @@ -1,6 +1,6 @@ package com.gentics.mesh.core.rest.common; -import java.util.Set; +import java.util.List; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyDescription; @@ -16,7 +16,7 @@ public class ObjectPermissionGrantRequest extends ObjectPermissionResponse { @JsonProperty(required = true) @JsonPropertyDescription("Roles which are ignored when the exclusive flag is set.") - private Set ignore; + private List ignore; /** * Flag that indicated that the request should be executed exclusively. @@ -39,47 +39,47 @@ public ObjectPermissionGrantRequest setExclusive(boolean exclusive) { return this; } - public Set getIgnore() { + public List getIgnore() { return ignore; } - public ObjectPermissionGrantRequest setIgnore(Set ignore) { + public ObjectPermissionGrantRequest setIgnore(List ignore) { this.ignore = ignore; return this; } @Override - public ObjectPermissionGrantRequest setCreate(Set create) { + public ObjectPermissionGrantRequest setCreate(List create) { super.setCreate(create); return this; } @Override - public ObjectPermissionGrantRequest setRead(Set read) { + public ObjectPermissionGrantRequest setRead(List read) { super.setRead(read); return this; } @Override - public ObjectPermissionGrantRequest setUpdate(Set update) { + public ObjectPermissionGrantRequest setUpdate(List update) { super.setUpdate(update); return this; } @Override - public ObjectPermissionGrantRequest setDelete(Set delete) { + public ObjectPermissionGrantRequest setDelete(List delete) { super.setDelete(delete); return this; } @Override - public ObjectPermissionGrantRequest setPublish(Set publish) { + public ObjectPermissionGrantRequest setPublish(List publish) { super.setPublish(publish); return this; } @Override - public ObjectPermissionGrantRequest setReadPublished(Set readPublished) { + public ObjectPermissionGrantRequest setReadPublished(List readPublished) { super.setReadPublished(readPublished); return this; } @@ -90,12 +90,6 @@ public ObjectPermissionGrantRequest add(RoleReference role, Permission permissio return this; } - @Override - public ObjectPermissionGrantRequest set(RoleReference role, Permission perm, boolean flag) { - super.set(role, perm, flag); - return this; - } - @Override public ObjectPermissionGrantRequest setOthers(boolean includePublishPermissions) { super.setOthers(includePublishPermissions); diff --git a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java index 6d6cfbb394..4745562a87 100644 --- a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java +++ b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionResponse.java @@ -1,8 +1,8 @@ package com.gentics.mesh.core.rest.common; +import java.util.ArrayList; import java.util.Collections; -import java.util.HashSet; -import java.util.Set; +import java.util.List; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyDescription; @@ -14,78 +14,78 @@ public class ObjectPermissionResponse implements RestModel { @JsonProperty(required = true) @JsonPropertyDescription("Roles to which the create permission is granted.") - private Set create; + private List create; @JsonProperty(required = true) @JsonPropertyDescription("Roles to which the read permission is granted.") - private Set read; + private List read; @JsonProperty(required = true) @JsonPropertyDescription("Roles to which the update permission is granted.") - private Set update; + private List update; @JsonProperty(required = true) @JsonPropertyDescription("Roles to which the delete permission is granted.") - private Set delete; + private List delete; @JsonProperty(required = false) @JsonPropertyDescription("Roles to which the publish permission is granted.") - private Set publish; + private List publish; @JsonProperty(required = false) @JsonPropertyDescription("Roles to which the read published permission is granted.") - private Set readPublished; + private List readPublished; - public Set getCreate() { + public List getCreate() { return create; } - public ObjectPermissionResponse setCreate(Set create) { + public ObjectPermissionResponse setCreate(List create) { this.create = create; return this; } - public Set getRead() { + public List getRead() { return read; } - public ObjectPermissionResponse setRead(Set read) { + public ObjectPermissionResponse setRead(List read) { this.read = read; return this; } - public Set getUpdate() { + public List getUpdate() { return update; } - public ObjectPermissionResponse setUpdate(Set update) { + public ObjectPermissionResponse setUpdate(List update) { this.update = update; return this; } - public Set getDelete() { + public List getDelete() { return delete; } - public ObjectPermissionResponse setDelete(Set delete) { + public ObjectPermissionResponse setDelete(List delete) { this.delete = delete; return this; } - public Set getPublish() { + public List getPublish() { return publish; } - public ObjectPermissionResponse setPublish(Set publish) { + public ObjectPermissionResponse setPublish(List publish) { this.publish = publish; return this; } - public Set getReadPublished() { + public List getReadPublished() { return readPublished; } - public ObjectPermissionResponse setReadPublished(Set readPublished) { + public ObjectPermissionResponse setReadPublished(List readPublished) { this.readPublished = readPublished; return this; } @@ -98,41 +98,29 @@ public ObjectPermissionResponse setReadPublished(Set readPublishe * @return Fluent API */ public ObjectPermissionResponse add(RoleReference role, Permission permission) { - set(role, permission, true); - return this; - } - - /** - * Set the given permission. - * - * @param role role reference - * @param perm permission - * @param flag true to set, false to remove - * @return Fluent API - */ - public ObjectPermissionResponse set(RoleReference role, Permission perm, boolean flag) { - switch (perm) { + switch (permission) { case CREATE: - create = update(create, role, flag); + create = add(create, role); break; case READ: - read = update(read, role, flag); + read = add(read, role); break; case UPDATE: - update = update(update, role, flag); + update = add(update, role); break; case DELETE: - delete = update(delete, role, flag); + delete = add(delete, role); break; case PUBLISH: - publish = update(publish, role, flag); + publish = add(publish, role); break; case READ_PUBLISHED: - readPublished = update(readPublished, role, flag); + readPublished = add(readPublished, role); break; default: - throw new RuntimeException("Unknown permission type {" + perm.getName() + "}"); + throw new RuntimeException("Unknown permission type {" + permission.getName() + "}"); } + return this; } @@ -144,23 +132,23 @@ public ObjectPermissionResponse set(RoleReference role, Permission perm, boolean */ public ObjectPermissionResponse setOthers(boolean includePublishPermissions) { if (create == null) { - create = Collections.emptySet(); + create = Collections.emptyList(); } if (read == null) { - read = Collections.emptySet(); + read = Collections.emptyList(); } if (update == null) { - update = Collections.emptySet(); + update = Collections.emptyList(); } if (delete == null) { - delete = Collections.emptySet(); + delete = Collections.emptyList(); } if (includePublishPermissions) { if (publish == null) { - publish = Collections.emptySet(); + publish = Collections.emptyList(); } if (readPublished == null) { - readPublished = Collections.emptySet(); + readPublished = Collections.emptyList(); } } return this; @@ -171,7 +159,7 @@ public ObjectPermissionResponse setOthers(boolean includePublishPermissions) { * @param perm permission * @return set of role references */ - public Set get(Permission perm) { + public List get(Permission perm) { switch (perm) { case CREATE: return create; @@ -190,16 +178,11 @@ public Set get(Permission perm) { } } - protected Set update(Set set, RoleReference role, boolean flag) { + protected List add(List set, RoleReference role) { if (set == null) { - set = new HashSet<>(); - } - - if (flag) { - set.add(role); - } else { - set.remove(role); + set = new ArrayList<>(); } + set.add(role); return set; } diff --git a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRevokeRequest.java b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRevokeRequest.java index 97e19875fa..d6f9a8ad69 100644 --- a/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRevokeRequest.java +++ b/rest-model/src/main/java/com/gentics/mesh/core/rest/common/ObjectPermissionRevokeRequest.java @@ -1,6 +1,6 @@ package com.gentics.mesh.core.rest.common; -import java.util.Set; +import java.util.List; import com.gentics.mesh.core.rest.role.RoleReference; @@ -9,37 +9,37 @@ */ public class ObjectPermissionRevokeRequest extends ObjectPermissionResponse { @Override - public ObjectPermissionRevokeRequest setCreate(Set create) { + public ObjectPermissionRevokeRequest setCreate(List create) { super.setCreate(create); return this; } @Override - public ObjectPermissionRevokeRequest setRead(Set read) { + public ObjectPermissionRevokeRequest setRead(List read) { super.setRead(read); return this; } @Override - public ObjectPermissionRevokeRequest setUpdate(Set update) { + public ObjectPermissionRevokeRequest setUpdate(List update) { super.setUpdate(update); return this; } @Override - public ObjectPermissionRevokeRequest setDelete(Set delete) { + public ObjectPermissionRevokeRequest setDelete(List delete) { super.setDelete(delete); return this; } @Override - public ObjectPermissionRevokeRequest setPublish(Set publish) { + public ObjectPermissionRevokeRequest setPublish(List publish) { super.setPublish(publish); return this; } @Override - public ObjectPermissionRevokeRequest setReadPublished(Set readPublished) { + public ObjectPermissionRevokeRequest setReadPublished(List readPublished) { super.setReadPublished(readPublished); return this; } @@ -50,12 +50,6 @@ public ObjectPermissionRevokeRequest add(RoleReference role, Permission permissi return this; } - @Override - public ObjectPermissionRevokeRequest set(RoleReference role, Permission perm, boolean flag) { - super.set(role, perm, flag); - return this; - } - @Override public ObjectPermissionRevokeRequest setOthers(boolean includePublishPermissions) { super.setOthers(includePublishPermissions); diff --git a/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java b/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java index abdf405608..b323dd5906 100644 --- a/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java +++ b/tests/tests-core/src/main/java/com/gentics/mesh/test/context/AbstractRolePermissionEndpointTest.java @@ -1,7 +1,6 @@ package com.gentics.mesh.test.context; import static com.gentics.mesh.core.data.perm.InternalPermission.CREATE_PERM; -import static com.gentics.mesh.core.data.perm.InternalPermission.DELETE_PERM; import static com.gentics.mesh.core.data.perm.InternalPermission.READ_PERM; import static com.gentics.mesh.core.data.perm.InternalPermission.UPDATE_PERM; import static com.gentics.mesh.test.ClientHelper.call; @@ -10,7 +9,7 @@ import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; import static org.assertj.core.api.Assertions.assertThat; -import java.util.Collections; +import java.util.Arrays; import java.util.Set; import org.junit.Test; @@ -94,7 +93,7 @@ public void testGrantRolePermissionsByUuid() { RoleReference testRole = tx(() -> role().transformToReference()); ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); - request.set(new RoleReference().setUuid(anonymousUuid), READ_PERM.getRestPerm(), true); + request.setRead(Arrays.asList(new RoleReference().setUuid(anonymousUuid))); ObjectPermissionResponse response = call(grantRolePermissions(request)); assertThat(response).as("Response").isNotNull(); assertThat(response.getRead()).as("Roles with read permission").isNotNull().containsOnly(anonymous, testRole); @@ -110,7 +109,7 @@ public void testGrantRolePermissionsByName() { RoleReference testRole = tx(() -> role().transformToReference()); ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); - request.set(new RoleReference().setName("anonymous"), UPDATE_PERM.getRestPerm(), true); + request.setUpdate(Arrays.asList(new RoleReference().setName("anonymous"))); ObjectPermissionResponse response = call(grantRolePermissions(request)); assertThat(response).as("Response").isNotNull(); assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().containsOnly(anonymous, testRole); @@ -124,7 +123,7 @@ public void testGrantRolePermissionsByName() { public void testGrantUnknownRolePermissionsByUuid() { String randomUUID = UUIDUtil.randomUUID(); ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); - request.set(new RoleReference().setUuid(randomUUID), UPDATE_PERM.getRestPerm(), true); + request.setUpdate(Arrays.asList(new RoleReference().setUuid(randomUUID))); call(grantRolePermissions(request), NOT_FOUND, "object_not_found_for_uuid", randomUUID); } @@ -134,7 +133,7 @@ public void testGrantUnknownRolePermissionsByUuid() { @Test public void testGrantUnknownRolePermissionsByName() { ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); - request.set(new RoleReference().setName("bogus"), DELETE_PERM.getRestPerm(), true); + request.setDelete(Arrays.asList(new RoleReference().setName("bogus"))); call(grantRolePermissions(request), NOT_FOUND, "object_not_found_for_name", "bogus"); } @@ -144,7 +143,7 @@ public void testGrantUnknownRolePermissionsByName() { @Test public void testGrantInvalidRolePermissions() { ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); - request.set(new RoleReference(), CREATE_PERM.getRestPerm(), true); + request.setCreate(Arrays.asList(new RoleReference())); call(grantRolePermissions(request), BAD_REQUEST, "role_reference_uuid_or_name_missing"); } @@ -169,8 +168,8 @@ public void testGrantRolePermissionsExclusive() { }); ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); - request.set(new RoleReference().setUuid(anonymousUuid), CREATE_PERM.getRestPerm(), true); - request.set(new RoleReference().setUuid(anonymousUuid), DELETE_PERM.getRestPerm(), true); + request.setCreate(Arrays.asList(new RoleReference().setUuid(anonymousUuid))); + request.setDelete(Arrays.asList(new RoleReference().setUuid(anonymousUuid))); request.setExclusive(true); ObjectPermissionResponse response = call(grantRolePermissions(request)); assertThat(response).as("Response").isNotNull(); @@ -207,10 +206,10 @@ public void testGrantRolePermissionsExclusiveWithIgnore() { }); ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); - request.set(new RoleReference().setUuid(anonymousUuid), CREATE_PERM.getRestPerm(), true); - request.set(new RoleReference().setUuid(anonymousUuid), DELETE_PERM.getRestPerm(), true); + request.setCreate(Arrays.asList(new RoleReference().setUuid(anonymousUuid))); + request.setDelete(Arrays.asList(new RoleReference().setUuid(anonymousUuid))); request.setExclusive(true); - request.setIgnore(Collections.singleton(testRole)); + request.setIgnore(Arrays.asList(testRole)); ObjectPermissionResponse response = call(grantRolePermissions(request)); assertThat(response).as("Response").isNotNull(); assertThat(response.getRead()).as("Roles with read permission").isNotNull().containsOnly(testRole); @@ -245,7 +244,7 @@ public void testGrantRoleWithoutReadPermissionOnRole() { RoleReference testRoleRef = tx(() -> role().transformToReference()); revokeReadOnRole(); ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); - request.set(testRoleRef, CREATE_PERM.getRestPerm(), true); + request.setCreate(Arrays.asList(testRoleRef)); call(grantRolePermissions(request), NOT_FOUND, "object_not_found_for_uuid", testRoleUuid); } @@ -258,7 +257,7 @@ public void testGrantRoleWithoutUpdatePermissionOnRole() { RoleReference testRoleRef = tx(() -> role().transformToReference()); revokeUpdateOnRole(); ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); - request.set(testRoleRef, CREATE_PERM.getRestPerm(), true); + request.setCreate(Arrays.asList(testRoleRef)); call(grantRolePermissions(request), FORBIDDEN, "error_missing_perm", testRoleUuid, UPDATE_PERM.getRestPerm().getName()); } @@ -271,7 +270,7 @@ public void testRevokeRolePermissionsByUuid() { RoleReference testRole = tx(() -> role().transformToReference()); ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); - request.set(new RoleReference().setUuid(testRoleUuid), CREATE_PERM.getRestPerm(), true); + request.setCreate(Arrays.asList(new RoleReference().setUuid(testRoleUuid))); ObjectPermissionResponse response = call(revokeRolePermissions(request)); assertThat(response).as("Response").isNotNull(); assertThat(response.getCreate()).as("Roles with create permission").isNotNull().isEmpty(); @@ -287,7 +286,7 @@ public void testRevokeRolePermissionsByName() { RoleReference testRole = tx(() -> role().transformToReference()); ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); - request.set(new RoleReference().setName(testRoleName), UPDATE_PERM.getRestPerm(), true); + request.setUpdate(Arrays.asList(new RoleReference().setName(testRoleName))); ObjectPermissionResponse response = call(revokeRolePermissions(request)); assertThat(response).as("Response").isNotNull(); assertThat(response.getUpdate()).as("Roles with update permission").isNotNull().isEmpty(); @@ -301,7 +300,7 @@ public void testRevokeRolePermissionsByName() { public void testRevokeUnknownRolePermissionsByUuid() { String randomUUID = UUIDUtil.randomUUID(); ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); - request.set(new RoleReference().setUuid(randomUUID), UPDATE_PERM.getRestPerm(), true); + request.setUpdate(Arrays.asList(new RoleReference().setUuid(randomUUID))); call(revokeRolePermissions(request), NOT_FOUND, "object_not_found_for_uuid", randomUUID); } @@ -311,7 +310,7 @@ public void testRevokeUnknownRolePermissionsByUuid() { @Test public void testRevoketUnknownRolePermissionsByName() { ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); - request.set(new RoleReference().setName("bogus"), DELETE_PERM.getRestPerm(), true); + request.setDelete(Arrays.asList(new RoleReference().setName("bogus"))); call(revokeRolePermissions(request), NOT_FOUND, "object_not_found_for_name", "bogus"); } @@ -321,7 +320,7 @@ public void testRevoketUnknownRolePermissionsByName() { @Test public void testRevokeInvalidRolePermissions() { ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); - request.set(new RoleReference(), CREATE_PERM.getRestPerm(), true); + request.setCreate(Arrays.asList(new RoleReference())); call(revokeRolePermissions(request), BAD_REQUEST, "role_reference_uuid_or_name_missing"); } @@ -345,7 +344,7 @@ public void testRevokeRoleWithoutReadPermissionOnRole() { RoleReference testRoleRef = tx(() -> role().transformToReference()); revokeReadOnRole(); ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); - request.set(testRoleRef, CREATE_PERM.getRestPerm(), true); + request.setCreate(Arrays.asList(testRoleRef)); call(revokeRolePermissions(request), NOT_FOUND, "object_not_found_for_uuid", testRoleUuid); } @@ -358,7 +357,7 @@ public void testRevokeRoleWithoutUpdatePermissionOnRole() { RoleReference testRoleRef = tx(() -> role().transformToReference()); revokeUpdateOnRole(); ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); - request.set(testRoleRef, CREATE_PERM.getRestPerm(), true); + request.setCreate(Arrays.asList(testRoleRef)); call(revokeRolePermissions(request), FORBIDDEN, "error_missing_perm", testRoleUuid, UPDATE_PERM.getRestPerm().getName()); } From 7ed732c076c158b1ea49b52293411a6dc9bc9acf Mon Sep 17 00:00:00 2001 From: Norbert Pomaroli Date: Fri, 7 Oct 2022 08:35:24 +0200 Subject: [PATCH 8/9] Add changelog and example requests --- CHANGELOG.adoc | 4 +- .../RolePermissionHandlingEndpoint.java | 4 +- ...RolePermissionHandlingProjectEndpoint.java | 4 +- .../endpoint/tagfamily/TagFamilyEndpoint.java | 4 +- .../gentics/mesh/example/RoleExamples.java | 38 +++++++++++++++++++ 5 files changed, 47 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc index 5c913eea5a..62aee4b201 100644 --- a/CHANGELOG.adoc +++ b/CHANGELOG.adoc @@ -25,7 +25,9 @@ include::content/docs/variables.adoc-include[] [[v1.10.0]] == 1.10.0 (TBD) -icon:check[] Core: The OrientDB database as been updated to version 3.2.10. +icon:plus[] Core: The OrientDB database as been updated to version 3.2.10. + +icon:plus[] Rest: The new endpoints `/api/v2/.../rolePermissions` allow getting, granting and revoking permissions on entities for multiple roles in a single request. [[v1.9.3]] == 1.9.3 (22.09.2022) diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java index 10c953fd9c..4822de0bb2 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java @@ -50,7 +50,7 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar grantPermissionsEndpoint.description("Grant permissions on the " + typeDescription + " to multiple roles."); grantPermissionsEndpoint.consumes(APPLICATION_JSON); grantPermissionsEndpoint.produces(APPLICATION_JSON); - grantPermissionsEndpoint.exampleRequest((String)null); // TODO + grantPermissionsEndpoint.exampleRequest(roleExamples.getObjectPermissionGrantRequest(includePublishPermissions)); grantPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Updated permissions."); grantPermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); grantPermissionsEndpoint.blockingHandler(rc -> { @@ -66,7 +66,7 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar revokePermissionsEndpoint.description("Revoke permissions on the " + typeDescription + " from multiple roles."); revokePermissionsEndpoint.consumes(APPLICATION_JSON); revokePermissionsEndpoint.produces(APPLICATION_JSON); - revokePermissionsEndpoint.exampleRequest((String)null); // TODO + revokePermissionsEndpoint.exampleRequest(roleExamples.getObjectPermissionRevokeRequest(includePublishPermissions)); revokePermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Updated permissions."); revokePermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); revokePermissionsEndpoint.blockingHandler(rc -> { diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java index a167888723..4aef6da2ca 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java @@ -52,7 +52,7 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar grantPermissionsEndpoint.description("Grant permissions on the " + typeDescription + " to multiple roles."); grantPermissionsEndpoint.consumes(APPLICATION_JSON); grantPermissionsEndpoint.produces(APPLICATION_JSON); - grantPermissionsEndpoint.exampleRequest((String)null); // TODO + grantPermissionsEndpoint.exampleRequest(roleExamples.getObjectPermissionGrantRequest(includePublishPermissions)); grantPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Updated permissions."); grantPermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); grantPermissionsEndpoint.blockingHandler(rc -> { @@ -68,7 +68,7 @@ protected void addRolePermissionHandler(String uuidParameterName, String uuidPar revokePermissionsEndpoint.description("Revoke permissions on the " + typeDescription + " from multiple roles."); revokePermissionsEndpoint.consumes(APPLICATION_JSON); revokePermissionsEndpoint.produces(APPLICATION_JSON); - revokePermissionsEndpoint.exampleRequest((String)null); // TODO + revokePermissionsEndpoint.exampleRequest(roleExamples.getObjectPermissionRevokeRequest(includePublishPermissions)); revokePermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Updated permissions."); revokePermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); revokePermissionsEndpoint.blockingHandler(rc -> { diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java index 6723e38ad1..632bf81211 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/tagfamily/TagFamilyEndpoint.java @@ -201,7 +201,7 @@ private void addTagRolePermissionHandler() { grantPermissionsEndpoint.description("Grant permissions on the tag to multiple roles."); grantPermissionsEndpoint.consumes(APPLICATION_JSON); grantPermissionsEndpoint.produces(APPLICATION_JSON); - grantPermissionsEndpoint.exampleRequest((String)null); // TODO + grantPermissionsEndpoint.exampleRequest(roleExamples.getObjectPermissionGrantRequest(false)); grantPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Updated permissions."); grantPermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); grantPermissionsEndpoint.blockingHandler(rc -> { @@ -219,7 +219,7 @@ private void addTagRolePermissionHandler() { revokePermissionsEndpoint.description("Revoke permissions on the tag from multiple roles."); revokePermissionsEndpoint.consumes(APPLICATION_JSON); revokePermissionsEndpoint.produces(APPLICATION_JSON); - revokePermissionsEndpoint.exampleRequest((String)null); // TODO + revokePermissionsEndpoint.exampleRequest(roleExamples.getObjectPermissionRevokeRequest(false)); revokePermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(false), "Updated permissions."); revokePermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED); revokePermissionsEndpoint.blockingHandler(rc -> { diff --git a/mdm/common/src/main/java/com/gentics/mesh/example/RoleExamples.java b/mdm/common/src/main/java/com/gentics/mesh/example/RoleExamples.java index c9fe462da5..d78831c060 100644 --- a/mdm/common/src/main/java/com/gentics/mesh/example/RoleExamples.java +++ b/mdm/common/src/main/java/com/gentics/mesh/example/RoleExamples.java @@ -16,7 +16,9 @@ import java.util.List; import com.gentics.mesh.core.rest.Examples; +import com.gentics.mesh.core.rest.common.ObjectPermissionGrantRequest; import com.gentics.mesh.core.rest.common.ObjectPermissionResponse; +import com.gentics.mesh.core.rest.common.ObjectPermissionRevokeRequest; import com.gentics.mesh.core.rest.group.GroupReference; import com.gentics.mesh.core.rest.role.RoleCreateRequest; import com.gentics.mesh.core.rest.role.RoleListResponse; @@ -25,6 +27,7 @@ import com.gentics.mesh.core.rest.role.RoleReference; import com.gentics.mesh.core.rest.role.RoleResponse; import com.gentics.mesh.core.rest.role.RoleUpdateRequest; +import com.gentics.mesh.util.UUIDUtil; public class RoleExamples extends AbstractExamples { @@ -116,4 +119,39 @@ public ObjectPermissionResponse getObjectPermissionResponse(boolean includePubli response.setOthers(includePublishPermissions); return response; } + + public ObjectPermissionGrantRequest getObjectPermissionGrantRequest(boolean includePublishPermissions) { + ObjectPermissionGrantRequest request = new ObjectPermissionGrantRequest(); + RoleReference role1 = Examples.roleRef(); + RoleReference role2 = Examples.roleRef2(); + RoleReference adminRef = new RoleReference().setName("admin").setUuid(UUIDUtil.randomUUID()); + + request.setCreate(Arrays.asList(role2)); + request.setRead(Arrays.asList(role1, role2)); + request.setUpdate(Arrays.asList(role1, role2)); + request.setDelete(Arrays.asList(role2)); + if (includePublishPermissions) { + request.setReadPublished(Arrays.asList(role1, role2)); + request.setPublish(Arrays.asList(role2)); + } + request.setExclusive(true); + request.setIgnore(Arrays.asList(adminRef)); + return request; + } + + public ObjectPermissionRevokeRequest getObjectPermissionRevokeRequest(boolean includePublishPermissions) { + ObjectPermissionRevokeRequest request = new ObjectPermissionRevokeRequest(); + RoleReference role1 = Examples.roleRef(); + RoleReference role2 = Examples.roleRef2(); + + request.setCreate(Arrays.asList(role2)); + request.setRead(Arrays.asList(role1, role2)); + request.setUpdate(Arrays.asList(role1, role2)); + request.setDelete(Arrays.asList(role2)); + if (includePublishPermissions) { + request.setReadPublished(Arrays.asList(role1, role2)); + request.setPublish(Arrays.asList(role2)); + } + return request; + } } From f8978f1627abec67a2f3c889aa1e7399fa46e805 Mon Sep 17 00:00:00 2001 From: Norbert Pomaroli Date: Fri, 7 Oct 2022 12:30:04 +0200 Subject: [PATCH 9/9] Fixes after code review --- .../mesh/core/endpoint/RolePermissionHandlingEndpoint.java | 3 +++ .../endpoint/RolePermissionHandlingProjectEndpoint.java | 3 +++ .../gentics/mesh/core/data/dao/impl/RoleDaoWrapperImpl.java | 2 +- .../src/main/java/com/gentics/mesh/core/rest/Examples.java | 6 +++++- 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java index 4822de0bb2..6b5065fcb3 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java @@ -13,6 +13,9 @@ import com.gentics.mesh.rest.InternalEndpointRoute; import com.gentics.mesh.router.route.AbstractInternalEndpoint; +/** + * Abstract endpoint implementation with methods that add routes for getting/granting/revoking role permissions + */ public abstract class RolePermissionHandlingEndpoint extends AbstractInternalEndpoint { protected RolePermissionHandlingEndpoint(String basePath, MeshAuthChainImpl chain) { diff --git a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java index 4aef6da2ca..bdd6ffe2d2 100644 --- a/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java +++ b/core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java @@ -14,6 +14,9 @@ import com.gentics.mesh.rest.InternalEndpointRoute; import com.gentics.mesh.router.route.AbstractProjectEndpoint; +/** + * Abstract endpoint implementation with methods that add routes for getting/granting/revoking role permissions + */ public abstract class RolePermissionHandlingProjectEndpoint extends AbstractProjectEndpoint { protected RolePermissionHandlingProjectEndpoint(String basePath, MeshAuthChainImpl chain, diff --git a/mdm/orientdb-wrapper/src/main/java/com/gentics/mesh/core/data/dao/impl/RoleDaoWrapperImpl.java b/mdm/orientdb-wrapper/src/main/java/com/gentics/mesh/core/data/dao/impl/RoleDaoWrapperImpl.java index 46316a9a7f..5d601b797d 100644 --- a/mdm/orientdb-wrapper/src/main/java/com/gentics/mesh/core/data/dao/impl/RoleDaoWrapperImpl.java +++ b/mdm/orientdb-wrapper/src/main/java/com/gentics/mesh/core/data/dao/impl/RoleDaoWrapperImpl.java @@ -111,8 +111,8 @@ public boolean revokeRolePermissions(Set roles, HibBaseElement element, if (allowedRoles != null) { for (HibRole role : roles) { permissionRevoked = allowedRoles.remove(role.getUuid()) || permissionRevoked; - vertex.setRoleUuidForPerm(permission, allowedRoles); } + vertex.setRoleUuidForPerm(permission, allowedRoles); } } diff --git a/rest-model/src/main/java/com/gentics/mesh/core/rest/Examples.java b/rest-model/src/main/java/com/gentics/mesh/core/rest/Examples.java index b551adcfd9..1def6709eb 100644 --- a/rest-model/src/main/java/com/gentics/mesh/core/rest/Examples.java +++ b/rest-model/src/main/java/com/gentics/mesh/core/rest/Examples.java @@ -278,7 +278,7 @@ public static RoleReference roleRef() { public static RoleReference roleRef2() { RoleReference ref = new RoleReference(); - ref.setUuid(uuid4()); + ref.setUuid(uuid5()); ref.setName("editor"); return ref; } @@ -328,4 +328,8 @@ public static String uuid4() { return "d84a6f054a3f4ed68a6f054a3f1ed635"; } + public static String uuid5() { + return "01ed2f8647421b2b85891e5204d53f1b"; + } + }