Add access management for projeccts (#349)

* Draft basic ProjectRoleList

* Draft grid which shows Users associated with project

* Draft for Acl based permission management

* Basic acl service implementation

* Comment out ACL based permission handling

* Refactor permission evaluator

* add todo

* Rename AclConfiguration.java to AclSecurityConfiguration.java

* Provide basic frontend implementation

* Implement User Selection Frontend

* Implement ACL

* change generation strategy to IDENTItY

* Change packages

* Add SQL Script for expected role setup

* Fix broken test

* Add Sid upon user registration

* Fix tests

* add admin role to every project

* fix granting

* Push adapted frontend

* Push adapted frontend again

* remove print command

* Allow user to delete or add users to project access and implement hashcode and equals method in user

* Show Roles from SID table in ProjectAccessComponent

* Show Roles with access to project within ProjectAccessComponent

* Grant rights for admin and project manager to projects

* Extract first annotation CanCreateProject

* Address Code Smells

* Remove Todo for now

* grant multiple permissions at once

Co-authored-by: steffengreiner <[email protected]>

* Audit success by default

* add user permissions utility

* set entry sid to null when deleting sids

---------

Co-authored-by: Steffengreiner <[email protected]>
Co-authored-by: steffengreiner <[email protected]>

authentication/pom.xml

@@ -79,5 +79,9 @@
       <groupId>com.fasterxml.jackson.datatype</groupId>
       <artifactId>jackson-datatype-jsr310</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-acl</artifactId>
+    </dependency>
   </dependencies>
 </project>

authentication/src/main/java/life/qbic/authentication/domain/user/concept/User.java

@@ -167,4 +167,24 @@ private void activate() {
     UserActivated event = UserActivated.create(id.get());
     DomainEventDispatcher.instance().dispatch(event);
   }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+
+    User user = (User) o;
+
+    return id.equals(user.id());
+  }
+
+  @Override
+  public int hashCode() {
+    return id.hashCode();
+  }
+
 }

authentication/src/main/java/life/qbic/authentication/domain/user/repository/SidDataStorage.java

@@ -0,0 +1,16 @@
+package life.qbic.authentication.domain.user.repository;
+
+/**
+ * Indirection layer to persistence
+ */
+public interface SidDataStorage {
+
+  /**
+   * adds an entry for sid
+   *
+   * @param sid       the username or role
+   * @param principal whether the sid is for a principal or a role
+   */
+  void addSid(String sid, boolean principal);
+
+}

authentication/src/main/java/life/qbic/authentication/domain/user/repository/UserDataStorage.java

@@ -46,4 +46,14 @@ public interface UserDataStorage {
    * @since 1.0.0
    */
   Optional<User> findUserById(UserId id);
+
+  /**
+   * Searches for all user entities which are set to active.
+   *
+   * @return a list of matching {@link User} entries. Is empty, if the user did not active its
+   * account
+   */
+  List<User> findAllActiveUsers();
+
+
 }

authentication/src/main/java/life/qbic/authentication/domain/user/repository/UserRepository.java

@@ -2,6 +2,7 @@
 
 import java.io.Serial;
 import java.io.Serializable;
+import java.util.List;
 import java.util.Optional;
 import life.qbic.authentication.domain.user.concept.EmailAddress;
 import life.qbic.authentication.domain.user.concept.User;
@@ -51,7 +52,7 @@ protected UserRepository(UserDataStorage dataStorage) {
    *
    * <p>
    *
-   * @param email the mail to find a matching user entry for
+   * @param emailAddress the mail to find a matching user entry for
    * @return the user object wrapped in an {@link Optional} if found, otherwise returns
    * {@link Optional#empty()}
    * @throws RuntimeException if there is more than one user matching the mail address
@@ -80,6 +81,15 @@ public Optional<User> findById(UserId userId) {
     return dataStorage.findUserById(userId);
   }
 
+  /**
+   * Retrieves all active users within the data manager application
+   *
+   * @return List of {@link User} objects with their active field set to true
+   */
+  public List<User> findAllActiveUsers() {
+    return dataStorage.findAllActiveUsers();
+  }
+
   /**
    * Adds a user to the repository. Publishes all domain events of the user if successful. If
    * unsuccessful, throws a {@link UserStorageException} Exception.

authentication/src/test/groovy/life/qbic/authentication/domain/usermanagement/registration/RegistrationSpec.groovy

@@ -105,6 +105,11 @@ class RegistrationSpec extends Specification {
         Optional<User> findUserById(UserId id) {
             return users.stream().filter(user -> user.id() == id).findAny()
         }
+
+        @Override
+        List<User> findAllActiveUsers() {
+            return users.findAll { it.active }
+        }
     }
 
 }

authorization/pom.xml

@@ -30,6 +30,10 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-data-jpa</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-acl</artifactId>
+    </dependency>
   </dependencies>
 
 </project>