From 8bd890180821d4eeff01cfd24be41ff608b3f8da Mon Sep 17 00:00:00 2001 From: Gheorghe Soimu Date: Wed, 26 Jun 2024 15:05:54 +0300 Subject: [PATCH 1/3] added regular project editor role --- .../authorization/AccessManagerImpl.java | 22 +++++++++---------- .../webprotege/authorization/BuiltInRole.java | 10 +++++++++ 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/src/main/java/edu/stanford/protege/webprotege/authorization/AccessManagerImpl.java b/src/main/java/edu/stanford/protege/webprotege/authorization/AccessManagerImpl.java index 669bb7d..af81925 100644 --- a/src/main/java/edu/stanford/protege/webprotege/authorization/AccessManagerImpl.java +++ b/src/main/java/edu/stanford/protege/webprotege/authorization/AccessManagerImpl.java @@ -164,17 +164,17 @@ private Collection getSubjectsWithAccessToResource(Resource resource, O Query query = query(where(PROJECT_ID).is(projectId)); action.ifPresent(a -> query.addCriteria(where(ACTION_CLOSURE).in(a.toString()))); return mongoTemplate.find(query, RoleAssignment.class) - .stream() - .map(ra -> { - Optional userName = ra.getUserName(); - if (userName.isPresent()) { - return Subject.forUser(userName.get()); - } - else { - return Subject.forAnySignedInUser(); - } - }) - .collect(toList()); + .stream() + .map(ra -> { + Optional userName = ra.getUserName(); + if (userName.isPresent()) { + return Subject.forUser(userName.get()); + } + else { + return Subject.forAnySignedInUser(); + } + }) + .collect(toList()); } @Override diff --git a/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java b/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java index 56f6576..63cab64 100644 --- a/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java +++ b/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java @@ -86,6 +86,16 @@ public enum BuiltInRole { DELETE_DATATYPE, REVERT_CHANGES), + REGULAR_PROJECT_EDITOR(OBJECT_COMMENTER, + EDIT_ONTOLOGY, + EDIT_ONTOLOGY_ANNOTATIONS, + CREATE_CLASS, + MERGE_ENTITIES, + CREATE_PROPERTY, + CREATE_INDIVIDUAL, + CREATE_DATATYPE, + REVERT_CHANGES), + LAYOUT_EDITOR(ADD_OR_REMOVE_PERSPECTIVE, ADD_OR_REMOVE_VIEW), From b43c3fd0cabb5d29634a7efd6a705f82f8498d92 Mon Sep 17 00:00:00 2001 From: Gheorghe Soimu Date: Wed, 26 Jun 2024 16:43:53 +0300 Subject: [PATCH 2/3] commented some code. need to better understand if we need it or not. we probably need to use the access manager. --- .../GetAuthorizedActionsHandler.java | 32 ++++++++++++++----- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/src/main/java/edu/stanford/protege/webprotege/authorization/GetAuthorizedActionsHandler.java b/src/main/java/edu/stanford/protege/webprotege/authorization/GetAuthorizedActionsHandler.java index 9df27fb..a749a7e 100644 --- a/src/main/java/edu/stanford/protege/webprotege/authorization/GetAuthorizedActionsHandler.java +++ b/src/main/java/edu/stanford/protege/webprotege/authorization/GetAuthorizedActionsHandler.java @@ -46,7 +46,30 @@ public Class getRequestClass() { @Override public Mono handleRequest(GetAuthorizedActionsRequest request, ExecutionContext executionContext) { - if(request.resource().isApplication()) { + /* + ToDo: Understand why we need this if else here + */ +// if(request.resource().isApplication()) { +// try { +// List roleIds = tokenValidator.getTokenClaims(executionContext.jwt()).stream() +// .map(RoleId::new) +// .toList(); +// Set actions = new HashSet<>(roleOracle.getActionsAssociatedToRoles(roleIds)); +// return Mono.just(new GetAuthorizedActionsResponse(request.resource(), +// request.subject(), +// actions)); +// +// } catch (VerificationException e) { +// throw new RuntimeException(e); +// } +// }else { +// var actionClosure = accessManager.getActionClosure(request.subject(), +// request.resource()); +// return Mono.just(new GetAuthorizedActionsResponse(request.resource(), +// request.subject(), +// actionClosure)); +// } + try { List roleIds = tokenValidator.getTokenClaims(executionContext.jwt()).stream() .map(RoleId::new) @@ -59,12 +82,5 @@ public Mono handleRequest(GetAuthorizedActionsRequ } catch (VerificationException e) { throw new RuntimeException(e); } - }else { - var actionClosure = accessManager.getActionClosure(request.subject(), - request.resource()); - return Mono.just(new GetAuthorizedActionsResponse(request.resource(), - request.subject(), - actionClosure)); - } } } From 2bea95a6c9684de894e3ddaaa0fdb018f4d897e1 Mon Sep 17 00:00:00 2001 From: Gheorghe Soimu Date: Wed, 26 Jun 2024 16:45:49 +0300 Subject: [PATCH 3/3] bumped version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c8d5e0a..a12b20c 100644 --- a/pom.xml +++ b/pom.xml @@ -10,7 +10,7 @@ edu.stanford.protege webprotege-authorization-service - 1.0.2 + 1.0.3-WHO webprotege-authorization-service A service that checks users are authorized to execute operations in WebProtége