[kbss-cvut/record-manager-ui#202] Refactor roles names

kbss-cvut · Sep 26, 2024 · f736a00 · f736a00
1 parent ab4ded5
commit f736a00
Show file tree

Hide file tree

Showing 11 changed files with 67 additions and 67 deletions.
diff --git a/src/main/java/cz/cvut/kbss/study/config/SecurityConfig.java b/src/main/java/cz/cvut/kbss/study/config/SecurityConfig.java
@@ -80,7 +80,7 @@ public SecurityFilterChain filterChain(HttpSecurity http, ConfigReader config,
         LOG.debug("Using internal security mechanisms.");
         final AuthenticationManager authManager = buildAuthenticationManager(http);
         http.authorizeHttpRequests(
-                    (auth) -> auth.requestMatchers("/rest/users/impersonate").hasAuthority(Role.administrator.name())
+                    (auth) -> auth.requestMatchers("/rest/users/impersonate").hasAuthority(Role.administrator.toString())
                                   .anyRequest().permitAll())
             .cors((auth) -> auth.configurationSource(corsConfigurationSource(config)))
             .csrf(AbstractHttpConfigurer::disable)

diff --git a/src/main/java/cz/cvut/kbss/study/model/Role.java b/src/main/java/cz/cvut/kbss/study/model/Role.java
@@ -1,66 +1,78 @@
 package cz.cvut.kbss.study.model;
 
+import com.fasterxml.jackson.annotation.JsonValue;
 import cz.cvut.kbss.jopa.model.annotations.Individual;
-import java.util.Optional;
-import org.apache.poi.ss.formula.atp.Switch;
+import cz.cvut.kbss.study.security.SecurityConstants;
 
 public enum Role {
 
     // TODO deprecated -- should be removed.
-    @Individual(iri=Vocabulary.s_i_administrator)
-    administrator(Vocabulary.s_i_administrator),
+    @Individual(iri=Vocabulary.s_i_RM_ADMIN)
+    administrator(SecurityConstants.administrator, Vocabulary.s_i_RM_ADMIN),
     // TODO deprecated -- should be removed.
-    @Individual(iri = Vocabulary.s_i_user)
-    user(Vocabulary.s_i_user),
+    @Individual(iri = Vocabulary.s_i_RM_USER)
+    user(SecurityConstants.user, Vocabulary.s_i_RM_USER),
 
     @Individual(iri = Vocabulary.s_i_impersonate_role)
-    impersonate(Vocabulary.s_i_impersonate_role),
+    impersonate(SecurityConstants.impersonate, Vocabulary.s_i_impersonate_role),
 
     @Individual(iri = Vocabulary.s_i_delete_all_records_role)
-    deleteAllRecords(Vocabulary.s_i_delete_all_records_role),
+    deleteAllRecords(SecurityConstants.deleteAllRecords, Vocabulary.s_i_delete_all_records_role),
 
     @Individual(iri = Vocabulary.s_i_view_all_records_role)
-    viewAllRecords(Vocabulary.s_i_view_all_records_role),
+    viewAllRecords(SecurityConstants.viewAllRecords, Vocabulary.s_i_view_all_records_role),
 
     @Individual(iri = Vocabulary.s_i_edit_all_records_role)
-    editAllRecords(Vocabulary.s_i_edit_all_records_role),
+    editAllRecords(SecurityConstants.editAllRecords, Vocabulary.s_i_edit_all_records_role),
 
     @Individual(iri = Vocabulary.s_i_delete_organization_records_role)
-    deleteOrganizationRecords(Vocabulary.s_i_delete_organization_records_role),
+    deleteOrganizationRecords(SecurityConstants.deleteOrganizationRecords, Vocabulary.s_i_delete_organization_records_role),
 
     @Individual(iri = Vocabulary.s_i_view_organization_records_role)
-    viewOrganizationRecords(Vocabulary.s_i_view_organization_records_role),
+    viewOrganizationRecords(SecurityConstants.viewOrganizationRecords, Vocabulary.s_i_view_organization_records_role),
 
     @Individual(iri = Vocabulary.s_i_edit_organization_records_role)
-    editOrganizationRecords(Vocabulary.s_i_edit_organization_records_role),
+    editOrganizationRecords(SecurityConstants.editOrganizationRecords, Vocabulary.s_i_edit_organization_records_role),
 
     @Individual(iri = Vocabulary.s_i_edit_users_role)
-    editUsers(Vocabulary.s_i_edit_users_role),
+    editUsers(SecurityConstants.editUsers, Vocabulary.s_i_edit_users_role),
 
     @Individual(iri = Vocabulary.s_i_complete_records_role)
-    completeRecords(Vocabulary.s_i_complete_records_role),
+    completeRecords(SecurityConstants.completeRecords, Vocabulary.s_i_complete_records_role),
 
     @Individual(iri = Vocabulary.s_i_reject_records_role)
-    rejectRecords(Vocabulary.s_i_reject_records_role),
+    rejectRecords(SecurityConstants.rejectRecords, Vocabulary.s_i_reject_records_role),
 
     @Individual(iri = Vocabulary.s_i_publish_records_role)
-    publishRecords(Vocabulary.s_i_publish_records_role),
+    publishRecords(SecurityConstants.publishRecords ,Vocabulary.s_i_publish_records_role),
 
     @Individual(iri = Vocabulary.s_i_import_codelists_role)
-    importCodelists(Vocabulary.s_i_import_codelists_role);
+    importCodelists(SecurityConstants.importCodelists, Vocabulary.s_i_import_codelists_role);
 
     private final String iri;
 
-    Role(String iri) {
+    public final String roleName;
+
+    Role(String roleName, String iri) {
         this.iri = iri;
+        this.roleName = roleName;
     }
 
-
+    @JsonValue
+    public String getRoleName(){
+        return roleName;
+    }
 
     public String getIri() {
         return iri;
     }
 
+
+    @Override
+    public String toString() {
+        return roleName;
+    }
+
     /**
      * Returns {@link Role} with the specified IRI.
      *
@@ -86,7 +98,7 @@ public static Role fromIri(String iri) {
      */
     public static Role fromName(String name) {
         for (Role r : values()) {
-            if (r.name().equalsIgnoreCase(name)) {
+            if (r.roleName.equalsIgnoreCase(name)) {
                 return r;
             }
         }

diff --git a/src/main/java/cz/cvut/kbss/study/model/RoleGroup.java b/src/main/java/cz/cvut/kbss/study/model/RoleGroup.java
@@ -53,7 +53,7 @@ public void setRoles(Set<Role> roles) {
     }
 
     public void generateUri() {
-        this.uri = URI.create(Constants.BASE_URI + "sdfsf");
+        this.uri = URI.create(Constants.BASE_URI + name);
     }
 
     @Override

diff --git a/src/main/java/cz/cvut/kbss/study/model/User.java b/src/main/java/cz/cvut/kbss/study/model/User.java
@@ -57,7 +57,7 @@ public class User implements HasDerivableUri, Serializable {
     @OWLObjectProperty(iri = Vocabulary.s_p_is_member_of, fetch = FetchType.EAGER)
     private Institution institution;
 
-    @OWLObjectProperty(iri = Vocabulary.s_p_has_role_group)
+    @OWLObjectProperty(iri = Vocabulary.s_p_has_role_group, fetch = FetchType.EAGER)
     private RoleGroup roleGroup;
 
     public User() {

diff --git a/src/main/java/cz/cvut/kbss/study/persistence/dao/UserDao.java b/src/main/java/cz/cvut/kbss/study/persistence/dao/UserDao.java
@@ -87,7 +87,7 @@ public int getNumberOfInvestigators() {
             .setParameter("typeUser", URI.create(Vocabulary.s_c_Person))
             .setParameter("hasRoleGroup", URI.create(Vocabulary.s_p_has_role_group))
             .setParameter("hasRole", URI.create(Vocabulary.s_p_has_role))
-            .setParameter("typeAdmin", URI.create(Vocabulary.s_i_administrator)).getSingleResult()
+            .setParameter("typeAdmin", URI.create(Vocabulary.s_i_RM_ADMIN)).getSingleResult()
         ).intValue();
     }
 }
diff --git a/src/main/java/cz/cvut/kbss/study/security/CustomSwitchUserFilter.java b/src/main/java/cz/cvut/kbss/study/security/CustomSwitchUserFilter.java
@@ -15,7 +15,7 @@ public class CustomSwitchUserFilter extends SwitchUserFilter {
     @Override
     protected Authentication attemptSwitchUser(HttpServletRequest request) throws AuthenticationException {
         final Authentication switchTo = super.attemptSwitchUser(request);
-        if (switchTo.getAuthorities().stream().anyMatch(a -> Role.administrator.name().equals(a.getAuthority()))) {
+        if (switchTo.getAuthorities().stream().anyMatch(a -> Role.administrator.getRoleName().equals(a.getAuthority()))) {
             throw new BadRequestException("Cannot impersonate admin.");
         }
         return switchTo;

diff --git a/src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java b/src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java
@@ -27,32 +27,32 @@ private SecurityConstants() {
      */
     public static final int SESSION_TIMEOUT = 12 * 60 * 60;
 
-    public static final String user = "user";
+    public static final String user = "ROLE_USER";
 
-    public static final String administrator = "administrator";
+    public static final String administrator = "ROLE_ADMIN";
 
     public static final String impersonate = "impersonate";
 
-    public static final String deleteAllRecords = "deleteAllRecords";
+    public static final String deleteAllRecords = "delete-all-records";
 
-    public static final String viewAllRecords = "viewAllRecords";
+    public static final String viewAllRecords = "view-all-records";
 
-    public static final String editAllRecords = "editAllRecords";
+    public static final String editAllRecords = "edit-all-records";
 
-    public static final String deleteOrganizationRecords = "deleteOrganizationRecords";
+    public static final String deleteOrganizationRecords = "delete-organization-records";
 
-    public static final String viewOrganizationRecords = "viewOrganizationRecords";
+    public static final String viewOrganizationRecords = "view-organization-records";
 
-    public static final String editOrganizationRecords = "editOrganizationRecords";
+    public static final String editOrganizationRecords = "edit-organization-records";
 
-    public static final String editUsers = "editUsers";
+    public static final String editUsers = "edit-users";
 
-    public static final String completeRecords = "completeRecords";
+    public static final String completeRecords = "complete-records";
 
-    public static final String rejectRecords = "rejectRecords";
+    public static final String rejectRecords = "reject-records";
 
-    public static final String publishRecords = "publishRecords";
+    public static final String publishRecords = "publish-records";
 
-    public static final String importCodelists = "importCodelists";
+    public static final String importCodelists = "import-codelists";
 
 }
diff --git a/src/main/java/cz/cvut/kbss/study/security/model/UserDetails.java b/src/main/java/cz/cvut/kbss/study/security/model/UserDetails.java
@@ -38,7 +38,7 @@ public UserDetails(User user, Collection<GrantedAuthority> authorities) {
     private void resolveRoles() {
         authorities.addAll(
                 user.getRoleGroup().getRoles().stream()
-                    .map(r -> new SimpleGrantedAuthority(r.name()))
+                    .map(r -> new SimpleGrantedAuthority(r.getRoleName()))
                     .toList());
         authorities.add(new SimpleGrantedAuthority(Role.user.name()));
     }

diff --git a/src/main/resources/model.ttl b/src/main/resources/model.ttl
@@ -66,10 +66,6 @@ rm:has-question rdf:type owl:ObjectProperty ;
 rm:is-member-of rdf:type owl:ObjectProperty ;
                 rdfs:subPropertyOf rm:relates-to .
 
-###  http://onto.fel.cvut.cz/ontologies/record-manager/role-group
-rm:role-group rdf:type owl:ObjectProperty ;
-                rdfs:subPropertyOf rm:relates-to .
-
 
 ###  http://onto.fel.cvut.cz/ontologies/record-manager/relates-to
 rm:relates-to rdf:type owl:ObjectProperty .
@@ -79,16 +75,19 @@ rm:relates-to rdf:type owl:ObjectProperty .
 rm:was-treated-at rdf:type owl:ObjectProperty ;
                   rdfs:subPropertyOf rm:relates-to .
 
+
 ###  http://onto.fel.cvut.cz/ontologies/record-manager/has-phase
 rm:has-phase rdf:type owl:ObjectProperty ;
                 rdfs:subPropertyOf rdf:type ;
                 rdfs:label "has phase"@en .
 
+
 ###  http://onto.fel.cvut.cz/ontologies/record-manager/has-role-group
 rm:has-role-group rdf:type owl:ObjectProperty ;
                 rdfs:subPropertyOf rm:relates-to;
                 rdfs:label "has role group"@en.
 
+
 ###  http://onto.fel.cvut.cz/ontologies/record-manager/has-role
 rm:has-role  rdf:type owl:ObjectProperty ;
                 rdfs:subPropertyOf rm:relates-to;
@@ -153,17 +152,6 @@ rm:token rdf:type owl:DatatypeProperty .
 rm:action-history rdf:type owl:Class ;
                   rdfs:label "ActionHistory"@en .
 
-
-###  http://onto.fel.cvut.cz/ontologies/record-manager/administrator-role-group
-rm:administrator-role-group rdf:type owl:Class ;
-                 rdfs:label "Administrator"@en .
-
-
-###  http://onto.fel.cvut.cz/ontologies/record-manager/doctor-role-group
-rm:doctor-role-group rdf:type owl:Class ;
-          rdfs:label "Doctor"@en .
-
-
 ###  http://onto.fel.cvut.cz/ontologies/record-manager/institution
 rm:institution rdf:type owl:Class ;
                rdfs:label "Institution"@en .
@@ -226,12 +214,12 @@ rm:role-group rdf:type owl:Class;
 
 ###  http://onto.fel.cvut.cz/ontologies/record-manager/administrator
 ### TODO deprecated
-rm:administrator rdf:type owl:NamedIndividual, rm:role ;
+rm:RM_ADMIN rdf:type owl:NamedIndividual, rm:role ;
         rdfs:label "administrator"@en .
 
 ###  http://onto.fel.cvut.cz/ontologies/record-manager/user
 ### TODO deprecated
-rm:user rdf:type owl:NamedIndividual, rm:role ;
+rm:RM_USER rdf:type owl:NamedIndividual, rm:role ;
         rdfs:label "user"@en .
 
 ###  http://onto.fel.cvut.cz/ontologies/record-manager/complete-records-role

diff --git a/src/test/java/cz/cvut/kbss/study/model/RoleTest.java b/src/test/java/cz/cvut/kbss/study/model/RoleTest.java
@@ -1,13 +1,14 @@
 package cz.cvut.kbss.study.model;
 
+import cz.cvut.kbss.study.security.SecurityConstants;
 import org.junit.jupiter.api.Test;
 import static org.junit.jupiter.api.Assertions.*;
 
 class RoleTest {
 
     @Test
     void fromIriReturnsCorrectRole() {
-        assertEquals(Role.administrator, Role.fromIri(Vocabulary.s_i_administrator));
+        assertEquals(Role.administrator, Role.fromIri(Vocabulary.s_i_RM_ADMIN));
         assertEquals(Role.viewAllRecords, Role.fromIri(Vocabulary.s_i_view_all_records_role));
     }
 
@@ -23,14 +24,14 @@ void fromIriThrowsExceptionForUnknownIri() {
 
     @Test
     void fromNameReturnsCorrectRole() {
-        assertEquals(Role.administrator, Role.fromName("administrator"));
-        assertEquals(Role.viewAllRecords, Role.fromName("viewAllRecords"));
+        assertEquals(Role.administrator, Role.fromName(SecurityConstants.administrator));
+        assertEquals(Role.viewAllRecords, Role.fromName(SecurityConstants.viewAllRecords));
     }
 
     @Test
     void fromNameIsCaseInsensitive() {
-        assertEquals(Role.administrator, Role.fromName("ADMINISTRATOR"));
-        assertEquals(Role.viewAllRecords, Role.fromName("VIEWALLRECORDS"));
+        assertEquals(Role.administrator, Role.fromName(SecurityConstants.administrator.toLowerCase()));
+        assertEquals(Role.viewAllRecords, Role.fromName(SecurityConstants.viewAllRecords.toUpperCase()));
     }
 
     @Test
@@ -45,19 +46,19 @@ void fromNameThrowsExceptionForUnknownName() {
 
     @Test
     void fromIriOrNameReturnsRoleByIri() {
-        assertEquals(Role.administrator, Role.fromIriOrName(Vocabulary.s_i_administrator));
+        assertEquals(Role.administrator, Role.fromIriOrName(Vocabulary.s_i_RM_ADMIN));
         assertEquals(Role.viewAllRecords, Role.fromIriOrName(Vocabulary.s_i_view_all_records_role));
     }
 
     @Test
     void fromIriOrNameReturnsRoleByName() {
-        assertEquals(Role.administrator, Role.fromIriOrName("administrator"));
-        assertEquals(Role.viewAllRecords, Role.fromIriOrName("viewAllRecords"));
+        assertEquals(Role.administrator, Role.fromIriOrName(SecurityConstants.administrator));
+        assertEquals(Role.viewAllRecords, Role.fromIriOrName(SecurityConstants.viewAllRecords));
     }
 
     @Test
     void fromIriOrNameIsCaseInsensitiveForName() {
-        assertEquals(Role.administrator, Role.fromIriOrName("ADMINISTRATOR"));
+        assertEquals(Role.administrator, Role.fromIriOrName(SecurityConstants.administrator.toLowerCase()));
     }
 
     @Test

diff --git a/src/test/java/cz/cvut/kbss/study/persistence/dao/PatientRecordDaoTest.java b/src/test/java/cz/cvut/kbss/study/persistence/dao/PatientRecordDaoTest.java
@@ -64,7 +64,6 @@ public class PatientRecordDaoTest extends BaseDaoTestRunner {
     public void setUp() {
         this.roleGroupAdmin = Generator.generateRoleGroupWithRoles(Role.administrator);
         transactional(() -> roleGroupDao.persist(roleGroupAdmin));
-        int a =4;
     }
 
     @Test