From 35ddb220ab8a64e52ac27df8f9ae5e34851b666d Mon Sep 17 00:00:00 2001
From: silag <silaghialexmihail@gmail.com>
Date: Wed, 17 Apr 2024 17:18:41 +0300
Subject: [PATCH 1/7] changed versions

---
 pom.xml                            | 29 +++++++++++++++++++++++++----
 src/main/resources/application.yml | 14 +++++++++++++-
 2 files changed, 38 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index 8e3c78c..5d32cf2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,7 +49,7 @@
 		<dependency>
 			<groupId>edu.stanford.protege</groupId>
 			<artifactId>webprotege-ipc</artifactId>
-			<version>0.10.2</version>
+			<version>0.10.4</version>
 		</dependency>
 
 		<dependency>
@@ -57,7 +57,22 @@
 			<artifactId>webprotege-authorization</artifactId>
 			<version>0.9.3</version>
 		</dependency>
-
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt</artifactId>
+			<version>0.9.1</version>
+		</dependency>
+		<!-- https://mvnrepository.com/artifact/org.keycloak/keycloak-core -->
+		<dependency>
+			<groupId>org.keycloak</groupId>
+			<artifactId>keycloak-core</artifactId>
+			<version>23.0.4</version>
+		</dependency>
+		<dependency>
+			<groupId>org.bitbucket.b_c</groupId>
+			<artifactId>jose4j</artifactId>
+			<version>0.9.4</version>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-data-mongodb</artifactId>
@@ -83,13 +98,19 @@
 		</dependency>
 		<dependency>
 			<groupId>org.testcontainers</groupId>
-			<artifactId>pulsar</artifactId>
+			<artifactId>mongodb</artifactId>
 			<version>1.18.1</version>
 		</dependency>
 		<dependency>
 			<groupId>org.testcontainers</groupId>
-			<artifactId>mongodb</artifactId>
+			<artifactId>rabbitmq</artifactId>
 			<version>1.18.1</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.testcontainers</groupId>
+			<artifactId>junit-jupiter</artifactId>
+			<scope>test</scope>
 		</dependency>
 
 	</dependencies>
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index e8a6555..ad77a26 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -4,6 +4,11 @@ server:
 spring:
   application:
     name: AuthorizationService
+  rabbitmq:
+    host: rabbitmq
+    port: 5672
+    username: guest
+    password: guest
   kafka:
     consumer:
       auto-offset-reset: earliest
@@ -13,4 +18,11 @@ spring:
       host: localhost
       port: 27017
       database: webprotege
-      auto-index-creation: true
\ No newline at end of file
+      auto-index-creation: true
+
+webprotege.rabbitmq:
+  requestqueue: webprotege-authorization-queue
+  responsequeue: webprotege-authorization-response-queue
+  timeout: 60000
+
+keycloak-issuer-url: http://webprotege-local.edu/auth/realms/webprotege/protocol/openid-connect/certs

From 1761d1cbcdd2dae52c547a248969e716f7982054 Mon Sep 17 00:00:00 2001
From: silag <silaghialexmihail@gmail.com>
Date: Wed, 17 Apr 2024 22:25:24 +0300
Subject: [PATCH 2/7] changed versions

---
 pom.xml | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/pom.xml b/pom.xml
index 189d7a9..87e4fa5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+		 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>org.springframework.boot</groupId>
@@ -49,7 +49,7 @@
 		<dependency>
 			<groupId>edu.stanford.protege</groupId>
 			<artifactId>webprotege-ipc</artifactId>
-			<version>0.10.4</version>
+			<version>1.0.1</version>
 		</dependency>
 
 		<dependency>
@@ -99,8 +99,6 @@
 		<dependency>
 			<groupId>org.testcontainers</groupId>
 			<artifactId>mongodb</artifactId>
-			<version>1.18.1</version>
-			<artifactId>mongodb</artifactId>
 			<version>1.19.7</version>
 			<scope>test</scope>
 		</dependency>
@@ -128,11 +126,6 @@
 			<artifactId>junit-jupiter</artifactId>
 			<scope>test</scope>
 		</dependency>
-		<dependency>
-			<groupId>org.testcontainers</groupId>
-			<artifactId>junit-jupiter</artifactId>
-			<scope>test</scope>
-		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>

From 32bb5eb52d58ca078aa86949b6345715fc944d4f Mon Sep 17 00:00:00 2001
From: silag <silaghialexmihail@gmail.com>
Date: Mon, 24 Jun 2024 14:55:56 +0300
Subject: [PATCH 3/7] fixed deserialization issue

---
 pom.xml                                                         | 2 +-
 .../protege/webprotege/authorization/AccessManagerImpl.java     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index f19ad27..88b6731 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
 	</parent>
 	<groupId>edu.stanford.protege</groupId>
 	<artifactId>webprotege-authorization-service</artifactId>
-	<version>1.0.2</version>
+	<version>1.0.3</version>
 	<name>webprotege-authorization-service</name>
 	<description>A service that checks users are authorized to execute operations in WebProtége</description>
 	<properties>
diff --git a/src/main/java/edu/stanford/protege/webprotege/authorization/AccessManagerImpl.java b/src/main/java/edu/stanford/protege/webprotege/authorization/AccessManagerImpl.java
index 669bb7d..0126771 100644
--- a/src/main/java/edu/stanford/protege/webprotege/authorization/AccessManagerImpl.java
+++ b/src/main/java/edu/stanford/protege/webprotege/authorization/AccessManagerImpl.java
@@ -162,7 +162,7 @@ public Collection<Subject> getSubjectsWithAccessToResource(Resource resource, Ac
     private Collection<Subject> getSubjectsWithAccessToResource(Resource resource, Optional<ActionId> action) {
         String projectId = toProjectId(resource);
         Query query = query(where(PROJECT_ID).is(projectId));
-        action.ifPresent(a -> query.addCriteria(where(ACTION_CLOSURE).in(a.toString())));
+        action.ifPresent(a -> query.addCriteria(where(ACTION_CLOSURE).in(a.id())));
         return mongoTemplate.find(query, RoleAssignment.class)
                             .stream()
                             .map(ra -> {

From 8e14e165054c9047e89da4300dd99d52fa062c6d Mon Sep 17 00:00:00 2001
From: Matthew Horridge <matthew.horridge@stanford.edu>
Date: Thu, 27 Jun 2024 12:01:03 -0700
Subject: [PATCH 4/7] Remove Kafka properties in application.yml

---
 src/main/resources/application.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index ad77a26..40ffe79 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -9,10 +9,6 @@ spring:
     port: 5672
     username: guest
     password: guest
-  kafka:
-    consumer:
-      auto-offset-reset: earliest
-      group-id: ${spring.application.name}
   data:
     mongodb:
       host: localhost

From 87fd54cef46ef75063c7a8f75036681464473ccd Mon Sep 17 00:00:00 2001
From: Matthew Horridge <matthew.horridge@stanford.edu>
Date: Thu, 27 Jun 2024 12:06:50 -0700
Subject: [PATCH 5/7] Upgraded webprotege-ipc dependency

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 88b6731..b9673b9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,7 +49,7 @@
 		<dependency>
 			<groupId>edu.stanford.protege</groupId>
 			<artifactId>webprotege-ipc</artifactId>
-			<version>1.0.1</version>
+			<version>1.0.5</version>
 		</dependency>
 
 		<dependency>

From d00b5eca624934063b0fdde6f9af0a022de2edd7 Mon Sep 17 00:00:00 2001
From: Gheorghe Soimu <soimugeo@gmail.com>
Date: Tue, 2 Jul 2024 14:07:23 +0300
Subject: [PATCH 6/7] reverted changes to GetAuthorizedActionsHandler. Added
 BuiltInRole of CAN_EDIT_REGULAR

---
 .../webprotege/authorization/BuiltInRole.java |  2 ++
 .../GetAuthorizedActionsHandler.java          | 29 +++++--------------
 2 files changed, 10 insertions(+), 21 deletions(-)

diff --git a/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java b/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java
index 63cab64..15f4922 100644
--- a/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java
+++ b/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java
@@ -122,6 +122,8 @@ public enum BuiltInRole {
 
     CAN_EDIT(PROJECT_EDITOR, CAN_COMMENT),
 
+    CAN_EDIT_REGULAR(REGULAR_PROJECT_EDITOR, CAN_COMMENT),
+
     CAN_MANAGE(CAN_EDIT, PROJECT_MANAGER, ISSUE_MANAGER)
 
     ;
diff --git a/src/main/java/edu/stanford/protege/webprotege/authorization/GetAuthorizedActionsHandler.java b/src/main/java/edu/stanford/protege/webprotege/authorization/GetAuthorizedActionsHandler.java
index a749a7e..29d9350 100644
--- a/src/main/java/edu/stanford/protege/webprotege/authorization/GetAuthorizedActionsHandler.java
+++ b/src/main/java/edu/stanford/protege/webprotege/authorization/GetAuthorizedActionsHandler.java
@@ -49,27 +49,7 @@ public Mono<GetAuthorizedActionsResponse> handleRequest(GetAuthorizedActionsRequ
         /*
         ToDo: Understand why we need this if else here
          */
-//        if(request.resource().isApplication()) {
-//            try {
-//                List<RoleId> roleIds = tokenValidator.getTokenClaims(executionContext.jwt()).stream()
-//                        .map(RoleId::new)
-//                        .toList();
-//                Set<ActionId> actions  = new HashSet<>(roleOracle.getActionsAssociatedToRoles(roleIds));
-//                return Mono.just(new GetAuthorizedActionsResponse(request.resource(),
-//                        request.subject(),
-//                        actions));
-//
-//            } catch (VerificationException e) {
-//                throw new RuntimeException(e);
-//            }
-//        }else {
-//            var actionClosure = accessManager.getActionClosure(request.subject(),
-//                    request.resource());
-//            return Mono.just(new GetAuthorizedActionsResponse(request.resource(),
-//                    request.subject(),
-//                    actionClosure));
-//        }
-
+        if(request.resource().isApplication()) {
             try {
                 List<RoleId> roleIds = tokenValidator.getTokenClaims(executionContext.jwt()).stream()
                         .map(RoleId::new)
@@ -82,5 +62,12 @@ public Mono<GetAuthorizedActionsResponse> handleRequest(GetAuthorizedActionsRequ
             } catch (VerificationException e) {
                 throw new RuntimeException(e);
             }
+        }else {
+            var actionClosure = accessManager.getActionClosure(request.subject(),
+                    request.resource());
+            return Mono.just(new GetAuthorizedActionsResponse(request.resource(),
+                    request.subject(),
+                    actionClosure));
+        }
     }
 }

From 75b7373d39b14b6a4349902f295af5469eaac56d Mon Sep 17 00:00:00 2001
From: Gheorghe Soimu <soimugeo@gmail.com>
Date: Tue, 2 Jul 2024 15:54:11 +0300
Subject: [PATCH 7/7] renamed icd role

---
 .../protege/webprotege/authorization/BuiltInRole.java         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java b/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java
index 15f4922..3fcc1cd 100644
--- a/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java
+++ b/src/main/java/edu/stanford/protege/webprotege/authorization/BuiltInRole.java
@@ -86,7 +86,7 @@ public enum BuiltInRole {
                    DELETE_DATATYPE,
                    REVERT_CHANGES),
 
-    REGULAR_PROJECT_EDITOR(OBJECT_COMMENTER,
+    ICD_PROJECT_EDITOR(OBJECT_COMMENTER,
                    EDIT_ONTOLOGY,
                    EDIT_ONTOLOGY_ANNOTATIONS,
                    CREATE_CLASS,
@@ -122,7 +122,7 @@ public enum BuiltInRole {
 
     CAN_EDIT(PROJECT_EDITOR, CAN_COMMENT),
 
-    CAN_EDIT_REGULAR(REGULAR_PROJECT_EDITOR, CAN_COMMENT),
+    ICD_CAN_EDIT(ICD_PROJECT_EDITOR, CAN_COMMENT),
 
     CAN_MANAGE(CAN_EDIT, PROJECT_MANAGER, ISSUE_MANAGER)