Merge pull request #5 from protegeproject/Configure_access_policies_f…

…or_WHOFIC_editors_#46 Configure access policies for whofic editors #46
protegeproject · Jun 26, 2024 · 3fa574d · 3fa574d
2 parents 4a22c5c + 2bea95a
commit 3fa574d
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 20 deletions.
diff --git a/pom.xml b/pom.xml
@@ -10,7 +10,7 @@
 	</parent>
 	<groupId>edu.stanford.protege</groupId>
 	<artifactId>webprotege-authorization-service</artifactId>
-	<version>1.0.2</version>
+	<version>1.0.3-WHO</version>
 	<name>webprotege-authorization-service</name>
 	<description>A service that checks users are authorized to execute operations in WebProtége</description>
 	<properties>

diff --git a/src/main/java/edu/stanford/protege/webprotege/authorization/AccessManagerImpl.java b/src/main/java/edu/stanford/protege/webprotege/authorization/AccessManagerImpl.java
@@ -164,17 +164,17 @@ private Collection<Subject> getSubjectsWithAccessToResource(Resource resource, O
         Query query = query(where(PROJECT_ID).is(projectId));
         action.ifPresent(a -> query.addCriteria(where(ACTION_CLOSURE).in(a.toString())));
         return mongoTemplate.find(query, RoleAssignment.class)
-                            .stream()
-                            .map(ra -> {
-                        Optional<String> userName = ra.getUserName();
-                        if (userName.isPresent()) {
-                            return Subject.forUser(userName.get());
-                        }
-                        else {
-                            return Subject.forAnySignedInUser();
-                        }
-                    })
-                            .collect(toList());
+                .stream()
+                .map(ra -> {
+                    Optional<String> userName = ra.getUserName();
+                    if (userName.isPresent()) {
+                        return Subject.forUser(userName.get());
+                    }
+                    else {
+                        return Subject.forAnySignedInUser();
+                    }
+                })
+                .collect(toList());
     }
 
     @Override

diff --git a/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java b/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java
@@ -86,6 +86,16 @@ public enum BuiltInRole {
                    DELETE_DATATYPE,
                    REVERT_CHANGES),
 
+    REGULAR_PROJECT_EDITOR(OBJECT_COMMENTER,
+                   EDIT_ONTOLOGY,
+                   EDIT_ONTOLOGY_ANNOTATIONS,
+                   CREATE_CLASS,
+                   MERGE_ENTITIES,
+                   CREATE_PROPERTY,
+                   CREATE_INDIVIDUAL,
+                   CREATE_DATATYPE,
+                   REVERT_CHANGES),
+
     LAYOUT_EDITOR(ADD_OR_REMOVE_PERSPECTIVE,
                   ADD_OR_REMOVE_VIEW),
 

diff --git a/src/main/java/edu/stanford/protege/webprotege/authorization/GetAuthorizedActionsHandler.java b/src/main/java/edu/stanford/protege/webprotege/authorization/GetAuthorizedActionsHandler.java
@@ -46,7 +46,30 @@ public Class<GetAuthorizedActionsRequest> getRequestClass() {
     @Override
     public Mono<GetAuthorizedActionsResponse> handleRequest(GetAuthorizedActionsRequest request, ExecutionContext executionContext) {
 
-        if(request.resource().isApplication()) {
+        /*
+        ToDo: Understand why we need this if else here
+         */
+//        if(request.resource().isApplication()) {
+//            try {
+//                List<RoleId> roleIds = tokenValidator.getTokenClaims(executionContext.jwt()).stream()
+//                        .map(RoleId::new)
+//                        .toList();
+//                Set<ActionId> actions  = new HashSet<>(roleOracle.getActionsAssociatedToRoles(roleIds));
+//                return Mono.just(new GetAuthorizedActionsResponse(request.resource(),
+//                        request.subject(),
+//                        actions));
+//
+//            } catch (VerificationException e) {
+//                throw new RuntimeException(e);
+//            }
+//        }else {
+//            var actionClosure = accessManager.getActionClosure(request.subject(),
+//                    request.resource());
+//            return Mono.just(new GetAuthorizedActionsResponse(request.resource(),
+//                    request.subject(),
+//                    actionClosure));
+//        }
+
             try {
                 List<RoleId> roleIds = tokenValidator.getTokenClaims(executionContext.jwt()).stream()
                         .map(RoleId::new)
@@ -59,12 +82,5 @@ public Mono<GetAuthorizedActionsResponse> handleRequest(GetAuthorizedActionsRequ
             } catch (VerificationException e) {
                 throw new RuntimeException(e);
             }
-        }else {
-            var actionClosure = accessManager.getActionClosure(request.subject(),
-                    request.resource());
-            return Mono.just(new GetAuthorizedActionsResponse(request.resource(),
-                    request.subject(),
-                    actionClosure));
-        }
     }
 }