WIP: Feature/group permissions2.0

.gitignore

@@ -4,6 +4,7 @@
 application.properties
 localhost-env.json
 .vscode
+certs
 
 ### STS ###
 .apt_generated

authenticator/README.rst

@@ -18,5 +18,5 @@ References
 * `Overview of Spring Security <https://spring.io/guides/topicals/spring-security-architecture#_authentication_and_access_control>`_
 * `UserDetails <https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/core/userdetails/UserDetails.html>`_
 * `Authentication <https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/core/Authentication.html>`_
-* :ref:`localuser`
+* :ref:`localauth`
 * :ref:`ldap`

core/src/main/java/org/openmbee/mms/core/builders/PermissionUpdatesResponseBuilder.java

@@ -38,7 +38,7 @@ public PermissionUpdatesResponseBuilder insertGroups(PermissionUpdateResponse pe
         return this;
     }
 
-    public PermissionUpdatesResponse getPermissionUpdatesReponse() {
+    public PermissionUpdatesResponse getPermissionUpdatesResponse() {
         PermissionUpdatesResponse permissionUpdatesResponse = new PermissionUpdatesResponse();
         permissionUpdatesResponse.setInherit(this.inherit);
         permissionUpdatesResponse.setPublic(this.isPublic);

core/src/main/java/org/openmbee/mms/core/config/AuthorizationConstants.java

@@ -8,4 +8,6 @@ public class AuthorizationConstants {
     public static final String EVERYONE = "everyone";
 
     public static final String ADMIN = "ADMIN";
+    public static final String READER = "READER";
+    public static final String WRITER = "WRITER";
 }

core/src/main/java/org/openmbee/mms/core/config/Constants.java

@@ -9,6 +9,7 @@ public class Constants {
     public static final String PROJECT_KEY = "projects";
     public static final String BRANCH_KEY = "refs";
     public static final String ELEMENT_KEY = "elements";
+    public static final String GROUP_KEY = "groups";
     public static final String COMMIT_KEY = "commits";
     public static final String WEBHOOK_KEY = "webhooks";
     public static final String BRANCH_TYPE = "Branch";
@@ -40,9 +41,10 @@ public class Constants {
     public static final String ELEMENT_DELETE = "Element Already Deleted";
 
     static {
-        aPriv = Arrays.asList("ORG_READ", "ORG_EDIT", "ORG_UPDATE_PERMISSIONS", "ORG_READ_PERMISSIONS", "ORG_CREATE_PROJECT", "ORG_DELETE", "PROJECT_READ", "PROJECT_EDIT", "PROJECT_READ_COMMITS", "PROJECT_CREATE_BRANCH", "PROJECT_DELETE", "PROJECT_UPDATE_PERMISSIONS", "PROJECT_READ_PERMISSIONS", "PROJECT_CREATE_WEBHOOKS", "BRANCH_READ", "BRANCH_EDIT_CONTENT", "BRANCH_DELETE", "BRANCH_UPDATE_PERMISSIONS", "BRANCH_READ_PERMISSIONS");
-        rPriv = Arrays.asList("ORG_READ", "ORG_READ_PERMISSIONS", "PROJECT_READ", "PROJECT_READ_COMMITS", "PROJECT_READ_PERMISSIONS", "BRANCH_READ", "BRANCH_READ_PERMISSIONS");
-        wPriv = Arrays.asList("ORG_READ", "ORG_EDIT", "ORG_READ_PERMISSIONS", "ORG_CREATE_PROJECT", "PROJECT_READ", "PROJECT_EDIT", "PROJECT_READ_COMMITS", "PROJECT_CREATE_BRANCH", "PROJECT_READ_PERMISSIONS", "PROJECT_CREATE_WEBHOOKS", "BRANCH_READ", "BRANCH_EDIT_CONTENT", "BRANCH_READ_PERMISSIONS");
+
+        aPriv = Arrays.asList("ORG_READ", "ORG_EDIT", "ORG_UPDATE_PERMISSIONS", "ORG_READ_PERMISSIONS", "ORG_CREATE_PROJECT", "ORG_DELETE", "PROJECT_READ", "PROJECT_EDIT", "PROJECT_READ_COMMITS", "PROJECT_CREATE_BRANCH", "PROJECT_DELETE", "PROJECT_UPDATE_PERMISSIONS", "PROJECT_READ_PERMISSIONS", "PROJECT_CREATE_WEBHOOKS", "BRANCH_READ", "BRANCH_EDIT_CONTENT", "BRANCH_DELETE", "BRANCH_UPDATE_PERMISSIONS", "BRANCH_READ_PERMISSIONS", "GROUP_READ", "GROUP_EDIT", "GROUP_DELETE", "GROUP_UPDATE_PERMISSIONS", "GROUP_READ_PERMISSIONS");
+        rPriv = Arrays.asList("ORG_READ", "ORG_READ_PERMISSIONS", "PROJECT_READ", "PROJECT_READ_COMMITS", "PROJECT_READ_PERMISSIONS", "BRANCH_READ", "BRANCH_READ_PERMISSIONS", "GROUP_READ", "GROUP_READ_PERMISSIONS");
+        wPriv = Arrays.asList("ORG_READ", "ORG_EDIT", "ORG_READ_PERMISSIONS", "ORG_CREATE_PROJECT", "PROJECT_READ", "PROJECT_EDIT", "PROJECT_READ_COMMITS", "PROJECT_CREATE_BRANCH", "PROJECT_READ_PERMISSIONS", "PROJECT_CREATE_WEBHOOKS", "BRANCH_READ", "BRANCH_EDIT_CONTENT", "BRANCH_READ_PERMISSIONS", "GROUP_READ", "GROUP_EDIT", "GROUP_READ_PERMISSIONS");
         RPmap.put(ADMIN, aPriv);
         RPmap.put(READER, rPriv);
         RPmap.put(WRITER, wPriv);

core/src/main/java/org/openmbee/mms/core/config/Privileges.java

@@ -20,6 +20,11 @@ public enum Privileges {
     BRANCH_EDIT_CONTENT,
     BRANCH_DELETE,
     BRANCH_UPDATE_PERMISSIONS,
-    BRANCH_READ_PERMISSIONS
+    BRANCH_READ_PERMISSIONS,
+    GROUP_READ,
+    GROUP_EDIT,
+    GROUP_DELETE,
+    GROUP_UPDATE_PERMISSIONS,
+    GROUP_READ_PERMISSIONS
 
 }

core/src/main/java/org/openmbee/mms/core/dao/GroupPersistence.java

@@ -11,4 +11,5 @@ public interface GroupPersistence {
     void delete(GroupJson groupJson);
     Optional<GroupJson> findByName(String name);
     Collection<GroupJson> findAll();
+    boolean hasPublicPermissions(String projectId);
 }

core/src/main/java/org/openmbee/mms/core/dao/OrgPersistence.java

@@ -13,7 +13,9 @@ public interface OrgPersistence {
 
     Collection<OrgJson> findAll();
 
-    OrgJson deleteById(String orgId);
+    void deleteById(String orgId);
+
+    void archiveById(String orgId);
 
     boolean hasPublicPermissions(String orgId);
 }

core/src/main/java/org/openmbee/mms/core/dao/ProjectPersistence.java

@@ -21,9 +21,9 @@ public interface ProjectPersistence {
 
     Collection<ProjectJson> findAllByOrgId(String orgId);
 
-    void softDelete(String projectId);
+    void archiveById(String projectId);
 
-    void hardDelete(String projectId);
+    void deleteById(String projectId);
 
     boolean inheritsPermissions(String projectId);
 

core/src/main/java/org/openmbee/mms/core/delegation/PermissionsDelegateFactory.java

@@ -3,6 +3,7 @@
 import org.openmbee.mms.json.OrgJson;
 import org.openmbee.mms.json.ProjectJson;
 import org.openmbee.mms.json.RefJson;
+import org.openmbee.mms.json.GroupJson;
 
 public interface PermissionsDelegateFactory {
 
@@ -11,4 +12,6 @@ public interface PermissionsDelegateFactory {
     PermissionsDelegate getPermissionsDelegate(OrgJson organization);
 
     PermissionsDelegate getPermissionsDelegate(RefJson branch);
+
+    PermissionsDelegate getPermissionsDelegate(GroupJson group);
 }

core/src/main/java/org/openmbee/mms/core/objects/OrganizationsResponse.java

@@ -17,7 +17,8 @@ public List<OrgJson> getOrgs() {
         return orgs;
     }
 
-    public void setOrgs(List<OrgJson> orgs) {
+    public OrganizationsResponse setOrgs(List<OrgJson> orgs) {
         this.orgs = orgs;
+        return this;
     }
 }

core/src/main/java/org/openmbee/mms/core/objects/PermissionUpdateResponse.java

@@ -29,10 +29,12 @@ public static class PermissionUpdate {
 
         private boolean inherited;
 
+        private String groupName;
+
         public PermissionUpdate() {}
 
         public PermissionUpdate(Action action, String name, String role, String orgId, String orgName,
-                                String projectId, String projectName, String branchId, boolean inherited) {
+                                String projectId, String projectName, String branchId, String groupName, boolean inherited) {
             this.action = action;
             this.name = name;
             this.role = role;
@@ -42,6 +44,7 @@ public PermissionUpdate(Action action, String name, String role, String orgId, S
             this.projectName = projectName;
             this.branchId = branchId;
             this.inherited = inherited;
+            this.groupName = groupName;
         }
 
         public Action getAction() {
@@ -118,6 +121,14 @@ public boolean isInherited() {
         public void setInherited(boolean inherited) {
             this.inherited = inherited;
         }
+
+        public String getGroupName() {
+            return groupName;
+        }
+
+        public void setGroupName(String groupName) {
+            this.groupName = groupName;
+        }
     }
 
     public List<PermissionUpdate> getPermissionUpdates() {

core/src/main/java/org/openmbee/mms/core/security/MethodSecurityService.java

@@ -5,6 +5,7 @@
 import java.util.concurrent.CompletionException;
 
 import org.openmbee.mms.core.dao.BranchPersistence;
+import org.openmbee.mms.core.dao.GroupPersistence;
 import org.openmbee.mms.core.dao.ProjectPersistence;
 import org.openmbee.mms.core.exceptions.NotFoundException;
 import org.openmbee.mms.core.config.ContextHolder;
@@ -14,6 +15,7 @@
 import org.openmbee.mms.json.OrgJson;
 import org.openmbee.mms.json.ProjectJson;
 import org.openmbee.mms.json.RefJson;
+import org.openmbee.mms.json.GroupJson;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -26,6 +28,7 @@ public class MethodSecurityService {
     private ProjectPersistence projectPersistence;
     private BranchPersistence branchPersistence;
     private OrgPersistence orgPersistence;
+    private GroupPersistence groupPersistence;
 
     @Autowired
     public void setPermissionService(PermissionService permissionService) {
@@ -47,6 +50,11 @@ public void setBranchPersistence(BranchPersistence branchPersistence) {
         this.branchPersistence = branchPersistence;
     }
 
+    @Autowired
+    public void setGroupPersistence(GroupPersistence groupPersistence) {
+        this.groupPersistence = groupPersistence;
+    }
+
     public boolean hasOrgPrivilege(Authentication authentication, String orgId, String privilege, boolean allowAnonIfPublic) {
         CompletableFuture<Boolean> permissionsFuture = CompletableFuture.supplyAsync(() ->
         {
@@ -104,6 +112,25 @@ public boolean hasBranchPrivilege(Authentication authentication, String projectI
         return completeFutures(permissionsFuture, existsFuture, "Branch");
     }
 
+    public boolean hasGroupPrivilege(Authentication authentication, String groupName, String privilege, boolean allowAnonIfPublic) {
+        CompletableFuture<Boolean> permissionsFuture = CompletableFuture.supplyAsync(() ->
+        {
+            if (allowAnonIfPublic && permissionService.isGroupPublic(groupName)) {
+                return true;
+            }
+            if (authentication == null || authentication instanceof AnonymousAuthenticationToken) {
+                return false;
+            }
+            if (permissionService.hasGroupPrivilege(privilege, authentication.getName(), AuthenticationUtils.getGroups(authentication), groupName)) {
+                return true;
+            }
+            return false;
+        });
+
+        CompletableFuture<Boolean> existsFuture = CompletableFuture.supplyAsync(() -> groupExists(groupName));
+        return completeFutures(permissionsFuture, existsFuture, "Group");
+    }
+
     private boolean orgExists(String orgId) {
         Optional<OrgJson> o = orgPersistence.findById(orgId);
         return o.isPresent();
@@ -123,6 +150,11 @@ private boolean branchExists(String projectId, String branchId){
         return branchesOption.isPresent();
     }
 
+    private boolean groupExists(String groupName) {
+        Optional<GroupJson> g = groupPersistence.findByName(groupName);
+        return g.isPresent();
+    }
+
     private boolean completeFutures(CompletableFuture<Boolean> permissionsFuture, CompletableFuture<Boolean> existsFuture, String context) {
         try {
             if (!isBooleanFutureTrue(permissionsFuture)){