Merge pull request #7 from protegeproject/Configure_access_policies_f…

…or_WHOFIC_editors_#46 Configure access policies for whofic editors #46
protegeproject · Jul 30, 2024 · 73e9b19 · 73e9b19
2 parents 3fa574d + 75b7373
commit 73e9b19
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 29 deletions.
diff --git a/pom.xml b/pom.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+		 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>org.springframework.boot</groupId>
@@ -49,7 +49,7 @@
 		<dependency>
 			<groupId>edu.stanford.protege</groupId>
 			<artifactId>webprotege-ipc</artifactId>
-			<version>1.0.0</version>
+			<version>1.0.5</version>
 		</dependency>
 
 		<dependency>

diff --git a/src/main/java/edu/stanford/protege/webprotege/authorization/AccessManagerImpl.java b/src/main/java/edu/stanford/protege/webprotege/authorization/AccessManagerImpl.java
@@ -162,7 +162,7 @@ public Collection<Subject> getSubjectsWithAccessToResource(Resource resource, Ac
     private Collection<Subject> getSubjectsWithAccessToResource(Resource resource, Optional<ActionId> action) {
         String projectId = toProjectId(resource);
         Query query = query(where(PROJECT_ID).is(projectId));
-        action.ifPresent(a -> query.addCriteria(where(ACTION_CLOSURE).in(a.toString())));
+        action.ifPresent(a -> query.addCriteria(where(ACTION_CLOSURE).in(a.id())));
         return mongoTemplate.find(query, RoleAssignment.class)
                 .stream()
                 .map(ra -> {

diff --git a/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java b/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java
@@ -86,7 +86,7 @@ public enum BuiltInRole {
                    DELETE_DATATYPE,
                    REVERT_CHANGES),
 
-    REGULAR_PROJECT_EDITOR(OBJECT_COMMENTER,
+    ICD_PROJECT_EDITOR(OBJECT_COMMENTER,
                    EDIT_ONTOLOGY,
                    EDIT_ONTOLOGY_ANNOTATIONS,
                    CREATE_CLASS,
@@ -122,6 +122,8 @@ public enum BuiltInRole {
 
     CAN_EDIT(PROJECT_EDITOR, CAN_COMMENT),
 
+    ICD_CAN_EDIT(ICD_PROJECT_EDITOR, CAN_COMMENT),
+
     CAN_MANAGE(CAN_EDIT, PROJECT_MANAGER, ISSUE_MANAGER)
 
     ;

diff --git a/src/main/java/edu/stanford/protege/webprotege/authorization/GetAuthorizedActionsHandler.java b/src/main/java/edu/stanford/protege/webprotege/authorization/GetAuthorizedActionsHandler.java
@@ -49,27 +49,7 @@ public Mono<GetAuthorizedActionsResponse> handleRequest(GetAuthorizedActionsRequ
         /*
         ToDo: Understand why we need this if else here
          */
-//        if(request.resource().isApplication()) {
-//            try {
-//                List<RoleId> roleIds = tokenValidator.getTokenClaims(executionContext.jwt()).stream()
-//                        .map(RoleId::new)
-//                        .toList();
-//                Set<ActionId> actions  = new HashSet<>(roleOracle.getActionsAssociatedToRoles(roleIds));
-//                return Mono.just(new GetAuthorizedActionsResponse(request.resource(),
-//                        request.subject(),
-//                        actions));
-//
-//            } catch (VerificationException e) {
-//                throw new RuntimeException(e);
-//            }
-//        }else {
-//            var actionClosure = accessManager.getActionClosure(request.subject(),
-//                    request.resource());
-//            return Mono.just(new GetAuthorizedActionsResponse(request.resource(),
-//                    request.subject(),
-//                    actionClosure));
-//        }
-
+        if(request.resource().isApplication()) {
             try {
                 List<RoleId> roleIds = tokenValidator.getTokenClaims(executionContext.jwt()).stream()
                         .map(RoleId::new)
@@ -82,5 +62,12 @@ public Mono<GetAuthorizedActionsResponse> handleRequest(GetAuthorizedActionsRequ
             } catch (VerificationException e) {
                 throw new RuntimeException(e);
             }
+        }else {
+            var actionClosure = accessManager.getActionClosure(request.subject(),
+                    request.resource());
+            return Mono.just(new GetAuthorizedActionsResponse(request.resource(),
+                    request.subject(),
+                    actionClosure));
+        }
     }
 }
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -1,8 +1,6 @@
 server:
   port: 7771
-logging:
-  level:
-    root: DEBUG
+
 spring:
   application:
     name: AuthorizationService
@@ -19,8 +17,8 @@ spring:
       auto-index-creation: true
 
 webprotege.rabbitmq:
-  timeout: 60000
   requestqueue: webprotege-authorization-queue
   responsequeue: webprotege-authorization-response-queue
+  timeout: 60000
 
 keycloak-issuer-url: http://webprotege-local.edu/auth/realms/webprotege/protocol/openid-connect/certs