Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migration to role group #71

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Migration to role group #71

wants to merge 12 commits into from

Conversation

palagdan
Copy link
Collaborator

Resolves partially kbss-cvut/record-manager-ui#202

@palagdan
Copy link
Collaborator Author

2024-09-25_14-40

It should be working as expected. Now I just need to fix the frontend based on the new implementation of the backend.

blcham
blcham requested changes Sep 26, 2024
View reviewed changes
Copy link

@blcham blcham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some of the comments i need to explain, som lets have call about it.

src/main/java/cz/cvut/kbss/study/model/RoleGroup.java Outdated Show resolved Hide resolved
src/main/java/cz/cvut/kbss/study/persistence/dao/UserDao.java Show resolved Hide resolved
src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java Outdated Show resolved Hide resolved
src/main/java/cz/cvut/kbss/study/security/CustomSwitchUserFilter.java Outdated Show resolved Hide resolved
src/main/java/cz/cvut/kbss/study/security/SecurityConstants.java Outdated Show resolved Hide resolved
src/main/java/cz/cvut/kbss/study/service/repository/RepositoryUserService.java
if (!currentUser.getTypes().contains(Vocabulary.s_c_administrator)
&& (!instance.getTypes().equals(currentUser.getTypes()) || (instance.getInstitution() != null
if (!currentUser.isAdmin()
&& (!instance.getRoleGroup().getRoles().equals(currentUser.getRoleGroup().getRoles()) || (instance.getInstitution() != null
Copy link

@blcham blcham Sep 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow, not sure if I understand role of this condition now or before, but I am little worried that we need compare roleGroups here instead. Otherwise we would persist different roleGroups in internal-auth profile.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

? (it seems to me that this code is used for both keycloak-auth and internal-auth)

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@palagdan

src/main/java/cz/cvut/kbss/study/service/security/SecurityUtils.java Show resolved Hide resolved
src/main/resources/model.ttl Outdated Show resolved Hide resolved
src/main/resources/model.ttl Outdated Show resolved Hide resolved
src/test/java/cz/cvut/kbss/study/persistence/dao/PatientRecordDaoTest.java Outdated Show resolved Hide resolved
@blcham blcham mentioned this pull request Sep 26, 2024
Open
@palagdan palagdan force-pushed the migration-to-role-group branch 2 times, most recently from 0948356 to 53b1ab8 Compare September 26, 2024 15:28
@palagdan palagdan force-pushed the migration-to-role-group branch 2 times, most recently from 6beabca to 3d722f7 Compare September 26, 2024 16:08
@palagdan
Copy link
Collaborator Author

@blcham
2024-09-26_18-07
If it is okay for current iteration, I can continue with frontend.

@blcham blcham mentioned this pull request Sep 30, 2024
Closed
@palagdan
[kbss-cvut/record-manager-ui#202] FromIri and FromName dont' throw an…
87a2395 
… exception if the provided role does not exist
@palagdan
[kbss-cvut/record-manager-ui#202] Fix the bug while loading all users
83d575e 
http-nio-8080-exec-7] WARN  o.s.w.s.m.s.DefaultHandlerExceptionResolver - Resolved [org.springframework.http.converter.HttpMessageNotWritableException: Could not write JSON: Cannot invoke "cz.cvut.kbss.study.model.RoleGroup.getRoles()" because "this.roleGroup" is null]
@palagdan
Copy link
Collaborator Author

palagdan commented Oct 2, 2024

@blcham

While implementing the logic to support the Keycloak profile, I encountered a problem. When the application extracts roles from the Keycloak claims, it creates a new instance of RoleGroup and adds these roles to this empty group. The issue is that this group does not exist in the database, and a cascade strategy for this role group is not provided because we don’t need it. As a result, when the current user updates or creates something, this empty RoleGroup with the roles is in the transactional context, but the database does not know how to manage it since this RoleGroup does not exist and no cascade strategy is provided, which leads to an error.

I have one idea on how to solve this: retrieve the RoleGroup from the token claim(not roles), attempt to find it in the database, and then add it to the user.

What do you think? Do you have any other ideas?

@blcham
Copy link

blcham commented Oct 2, 2024

Not sure if I understand. Isn't it possible just to ignore persistence of RoleGroup in keycloak profile? E.g. in preUpdate method?

@palagdan
Copy link
Collaborator Author

palagdan commented Oct 3, 2024

@blcham
I am not sure how to ignore the persistence.
I thought that preUpdate method is only for validation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blcham blcham blcham requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@palagdan @blcham