Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Design fine-grained access control within record manager #70

Closed
wants to merge 4 commits into from
Closed

Design fine-grained access control within record manager #70

wants to merge 4 commits into from

Conversation

palagdan
Copy link
Collaborator

@palagdan palagdan commented Sep 3, 2024
edited
Loading

@palagdan palagdan requested a review from blcham September 3, 2024 17:39
@blcham
Copy link

blcham commented Sep 5, 2024

Sorry, we did not understand each other. To me the ontology is one of most important artefact of SW and thus i want to keep ontology conventions i.e. "-" instead of "_" -- which was broken by your last commit.

@palagdan
Copy link
Collaborator Author

palagdan commented Sep 6, 2024
edited
Loading

@blcham
Sorry for misunderstanding, I didn't know this convention. I will drop my last commit.

I noticed that some properties don't follow the convention. Should I update them as well in the current ticket?

Such as:

   public final static String s_p_has_object_value = "http://onto.fel.cvut.cz/ontologies/documentation/has_object_value";
    public final static String s_p_has_related_question = "http://onto.fel.cvut.cz/ontologies/documentation/has_related_question";

blcham
blcham requested changes Sep 12, 2024
View reviewed changes
Copy link

@blcham blcham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See my comments, we should discuss it on call ASAP

src/main/java/cz/cvut/kbss/study/util/RoleAssignmentUtil.java Show resolved Hide resolved
src/main/java/cz/cvut/kbss/study/model/User.java Outdated Show resolved Hide resolved
src/main/resources/model.ttl Outdated Show resolved Hide resolved
src/main/resources/model.ttl Show resolved Hide resolved
@palagdan palagdan force-pushed the 202-fine-grained branch 4 times, most recently from 5c84bf4 to fc33cc1 Compare September 17, 2024 19:25
blcham
blcham requested changes Sep 17, 2024
View reviewed changes
Copy link

@blcham blcham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lot of work need to be done, please fix those that u understand ASAP

src/main/java/cz/cvut/kbss/study/model/RoleGroup.java Outdated Show resolved Hide resolved
src/main/java/cz/cvut/kbss/study/model/RoleGroup.java Outdated Show resolved Hide resolved
src/main/java/cz/cvut/kbss/study/model/Role.java Outdated Show resolved Hide resolved
src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java
public static final String ROLE_ADMIN = "ROLE_ADMIN";
public static final String ROLE_COMPLETE_RECORDS = "rm_complete_records";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need those constants? Why Role enum is not enough for this case? (same way as we discussed in frontend)

src/main/java/cz/cvut/kbss/study/security/model/Role.java Outdated
@@ -7,8 +7,19 @@
import java.util.stream.Stream;

public enum Role {
USER(SecurityConstants.ROLE_USER, Vocabulary.s_c_doctor),
ADMIN(SecurityConstants.ROLE_ADMIN, Vocabulary.s_c_administrator);
USER(SecurityConstants.ROLE_USER, Vocabulary.s_i_user),
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why we are duplicating again study/model/Role.java ? Why cant we reuse it ?

src/main/resources/model.ttl Show resolved Hide resolved
src/test/java/cz/cvut/kbss/study/environment/generator/Generator.java Outdated
@@ -143,6 +142,7 @@ public static User generateUser(Institution institution){
person.setLastName("RandomLastName" + randomInt());
person.setEmailAddress("RandomEmail" + randomInt() + "@random.rand");
person.setInstitution(institution);
person.setRoleGroup(Vocabulary.s_i_operator_admin_role_group);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why ?

src/test/java/cz/cvut/kbss/study/persistence/dao/UserDaoTest.java Outdated

assertEquals(2, numberOfInvestigators);
}
// @Test
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why commenting out?

src/test/java/cz/cvut/kbss/study/security/CustomSwitchUserFilterTest.java Outdated
@@ -49,10 +49,10 @@ void attemptSwitchUserSwitchesCurrentUserToTarget() {
@Test
void attemptSwitchUserThrowsBadRequestExceptionWhenTargetUserIsAdmin() {
final User source = Generator.generateUser(null);
source.addType(Vocabulary.s_c_administrator);
source.addType(Vocabulary.s_i_administrator);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are mixing two approaches here how to associate user with role group/roles

src/test/java/cz/cvut/kbss/study/service/security/SecurityUtilsTest.java Outdated
@@ -66,6 +68,7 @@ public void setUp() {
Institution institution = Generator.generateInstitution();
institution.setKey(IdentificationUtils.generateKey());
this.user = Generator.getUser(USERNAME, PASSWORD, "John", "Johnie", "Johnie@gmail.com", institution);
this.user.setRoleGroup(RoleGroup.OPERATOR_ADMIN.getType());
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

?

blcham
blcham reviewed Sep 18, 2024
View reviewed changes
src/main/resources/model.ttl Outdated
Comment on lines 82 to 96
### http://onto.fel.cvut.cz/ontologies/record-manager/has-role-group
rm:has-role-group rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rm:relates-to;
rdfs:label "has role group"@en.

### http://onto.fel.cvut.cz/ontologies/record-manager/has-role
rm:has-role rdf:type owl:ObjectProperty ;
rdfs:subPropertyOf rm:relates-to;
rdfs:label "has role"@en.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add also domain and range props.

@blcham
Copy link

blcham commented Sep 30, 2024

old branch closed in favor of #71

@blcham blcham closed this Sep 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blcham blcham blcham requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@palagdan @blcham