diff --git a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java index b2f403ac2..f396c6e59 100644 --- a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java +++ b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java @@ -18,9 +18,10 @@ package org.breedinginsight.api.auth; public enum ProgramSecuredRole { - MEMBER("member"), - BREEDER("breeder"), - SYSTEM_ADMIN("admin"), + + READ_ONLY("Read Only"), + PROGRAM_ADMIN("Program Administrator"), + SYSTEM_ADMIN("System Administrator"), EXPERIMENTAL_COLLABORATOR("Experimental Collaborator"); private String domain; diff --git a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRoleGroup.java b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRoleGroup.java index 8daf522e7..37e657a32 100644 --- a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRoleGroup.java +++ b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRoleGroup.java @@ -22,7 +22,7 @@ import java.util.List; public enum ProgramSecuredRoleGroup { - ALL_PROGRAM_ROLES(List.of(ProgramSecuredRole.MEMBER, ProgramSecuredRole.BREEDER)), + ALL_PROGRAM_ROLES(List.of(ProgramSecuredRole.READ_ONLY, ProgramSecuredRole.PROGRAM_ADMIN)), ALL(ListUtils.union(ALL_PROGRAM_ROLES.getProgramRoles(), List.of(ProgramSecuredRole.SYSTEM_ADMIN))); private List programRoles; diff --git a/src/main/java/org/breedinginsight/api/v1/controller/BreedingMethodController.java b/src/main/java/org/breedinginsight/api/v1/controller/BreedingMethodController.java index 9d80f9115..e92e11fb2 100644 --- a/src/main/java/org/breedinginsight/api/v1/controller/BreedingMethodController.java +++ b/src/main/java/org/breedinginsight/api/v1/controller/BreedingMethodController.java @@ -58,7 +58,7 @@ public HttpResponse>> getSyst @Post("programs/{programId}/breeding-methods") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse createProgramBreedingMethod(@PathVariable UUID programId, @Body ProgramBreedingMethodEntity breedingMethod) throws ApiException{ log.debug("Saving new program breeding method"); @@ -106,7 +106,7 @@ public HttpResponse>> getProg @Put("programs/{programId}/breeding-methods/{breedingMethodId}") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse updateProgramBreedingMethod(@PathVariable UUID programId, @PathVariable UUID breedingMethodId, @Body ProgramBreedingMethodEntity breedingMethod) throws ApiException { log.debug("Saving new program breeding method"); @@ -152,7 +152,7 @@ public HttpResponse enableSystemBreedingMethods(@PathVariable UUID programId, @B } @Delete("programs/{programId}/breeding-methods/{breedingMethodId}") - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse deleteProgramBreedingMethod(@PathVariable UUID programId, @PathVariable UUID breedingMethodId) throws BadRequestException, ApiException { try { AuthenticatedUser user = securityService.getUser(); diff --git a/src/main/java/org/breedinginsight/api/v1/controller/OntologyController.java b/src/main/java/org/breedinginsight/api/v1/controller/OntologyController.java index b4d675075..0644bc1c5 100644 --- a/src/main/java/org/breedinginsight/api/v1/controller/OntologyController.java +++ b/src/main/java/org/breedinginsight/api/v1/controller/OntologyController.java @@ -65,7 +65,7 @@ public OntologyController(SecurityService securityService, OntologyService ontol @Get("/programs/{programId}/ontology/shared/programs{?shared}") @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse>> getAvailablePrograms( @PathVariable UUID programId, @QueryValue(defaultValue = "false") Boolean shared) { try { @@ -97,7 +97,7 @@ public HttpResponse>> getAvailablePrograms */ @Post("/programs/{programId}/ontology/shared/programs") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse>> shareOntology( @PathVariable UUID programId, @Body List request) { try { @@ -131,7 +131,7 @@ public HttpResponse>> shareOntology( */ @Delete("/programs/{programId}/ontology/shared/programs/{sharedProgramId}") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse revokeOntology( @PathVariable UUID programId, @PathVariable UUID sharedProgramId) { try { @@ -156,7 +156,7 @@ public HttpResponse revokeOntology( @Put("/programs/{programId}/ontology/subscribe/{sharingProgramId}") @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse> subscribeOntology( @PathVariable UUID programId, @PathVariable UUID sharingProgramId) { try { @@ -181,7 +181,7 @@ public HttpResponse> subscribeOntology( */ @Delete("/programs/{programId}/ontology/subscribe/{sharingProgramId}") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse unsubscribeOntology( @PathVariable UUID programId, @PathVariable UUID sharingProgramId) { try { diff --git a/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java b/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java index fedcbd751..5464fc315 100644 --- a/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java +++ b/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java @@ -122,7 +122,7 @@ public HttpResponse> getProgram(@PathVariable UUID programId) @Post("/programs") @Produces(MediaType.APPLICATION_JSON) - @Secured({"ADMIN"}) + @Secured("SYSTEM ADMINISTRATOR") @AddMetadata public HttpResponse> createProgram(@Valid @Body ProgramRequest programRequest) { @@ -142,7 +142,7 @@ public HttpResponse> createProgram(@Valid @Body ProgramRequest @Put("/programs/{programId}") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN}) @AddMetadata public HttpResponse> updateProgram(@PathVariable UUID programId, @Valid @Body ProgramRequest programRequest) { @@ -162,7 +162,7 @@ public HttpResponse> updateProgram(@PathVariable UUID programI @Delete("/programs/archive/{programId}") @Produces(MediaType.APPLICATION_JSON) - @Secured({"ADMIN"}) + @Secured("SYSTEM ADMINISTRATOR") @AddMetadata public HttpResponse archiveProgram(@PathVariable UUID programId) { /* Archive a program */ @@ -229,7 +229,7 @@ public HttpResponse> getProgramUser(@PathVariable UUID pro @Post("/programs/{programId}/users") @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN}) public HttpResponse> addProgramUser(@PathVariable UUID programId, @Valid @Body ProgramUserRequest programUserRequest) { /* Add a user to a program. Create the user if they don't exist. */ @@ -253,7 +253,7 @@ public HttpResponse> addProgramUser(@PathVariable UUID pro @Put("/programs/{programId}/users/{userId}") @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.SYSTEM_ADMIN, ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.SYSTEM_ADMIN, ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse> updateProgramUser(@PathVariable UUID programId, @PathVariable UUID userId, @Valid @Body ProgramUserRequest programUserRequest) { try { @@ -278,7 +278,7 @@ public HttpResponse> updateProgramUser(@PathVariable UUID @Delete("/programs/{programId}/users/{userId}") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN}) public HttpResponse archiveProgramUser(@PathVariable UUID programId, @PathVariable UUID userId) { try { @@ -359,7 +359,7 @@ public HttpResponse> getProgramLocations(@PathVariable @Post("/programs/{programId}/locations") @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse> addProgramLocation(@PathVariable UUID programId, @Valid @Body ProgramLocationRequest locationRequest) { @@ -383,7 +383,7 @@ public HttpResponse> addProgramLocation(@PathVariable @Put("/programs/{programId}/locations/{locationId}") @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse> updateProgramLocation(@PathVariable UUID programId, @PathVariable UUID locationId, @Valid @Body ProgramLocationRequest locationRequest) { @@ -407,7 +407,7 @@ public HttpResponse> updateProgramLocation(@PathVariable UUID @Delete("/programs/{programId}/locations/{locationId}") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse archiveProgramLocation(@PathVariable UUID programId, @PathVariable UUID locationId) { diff --git a/src/main/java/org/breedinginsight/api/v1/controller/TraitController.java b/src/main/java/org/breedinginsight/api/v1/controller/TraitController.java index 3e6e1869c..775bcc859 100644 --- a/src/main/java/org/breedinginsight/api/v1/controller/TraitController.java +++ b/src/main/java/org/breedinginsight/api/v1/controller/TraitController.java @@ -162,7 +162,7 @@ public HttpResponse> getTraitEditable(@PathVariable UUID prog @Post("/programs/{programId}/traits") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse createTraits(@PathVariable UUID programId, @Body @Valid List traits) { AuthenticatedUser actingUser = securityService.getUser(); try { @@ -190,7 +190,7 @@ public HttpResponse createTraits(@PathVariable UUID programId, @Body @Valid List @Put("/programs/{programId}/traits") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse updateTraits(@PathVariable UUID programId, @Body @Valid List traits) { AuthenticatedUser actingUser = securityService.getUser(); try { @@ -219,7 +219,7 @@ public HttpResponse updateTraits(@PathVariable UUID programId, @Body @Valid List @Put("/programs/{programId}/traits/{traitId}/archive{?active}") @AddMetadata @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse> archiveTrait(@PathVariable UUID programId, @PathVariable UUID traitId, @QueryValue(defaultValue = "false") Boolean active) { AuthenticatedUser actingUser = securityService.getUser(); diff --git a/src/main/java/org/breedinginsight/api/v1/controller/TraitUploadController.java b/src/main/java/org/breedinginsight/api/v1/controller/TraitUploadController.java index 59bbd7280..4a7e8eb30 100644 --- a/src/main/java/org/breedinginsight/api/v1/controller/TraitUploadController.java +++ b/src/main/java/org/breedinginsight/api/v1/controller/TraitUploadController.java @@ -65,7 +65,7 @@ public TraitUploadController(TraitUploadService traitUploadService, SecurityServ @Consumes(MediaType.MULTIPART_FORM_DATA) @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse> putTraitUpload(@PathVariable UUID programId, @Part CompletedFileUpload file) { try { @@ -94,7 +94,7 @@ public HttpResponse> putTraitUpload(@PathVariable UUID p @Get("/programs/{programId}/trait-upload{?queryParams*}") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse> getTraitUpload( @PathVariable UUID programId, @QueryValue @QueryValid(using = TraitQueryMapper.class) @Valid QueryParams queryParams) { @@ -112,7 +112,7 @@ public HttpResponse> getTraitUpload( @Post("/programs/{programId}/trait-upload/search{?queryParams*}") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse> searchTraitUpload( @PathVariable UUID programId, @QueryValue @QueryValid(using = TraitQueryMapper.class) @Valid QueryParams queryParams, @@ -131,7 +131,7 @@ public HttpResponse> searchTraitUpload( @Delete("/programs/{programId}/trait-upload") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse deleteTraitUpload(@PathVariable UUID programId) { try { @@ -147,7 +147,7 @@ public HttpResponse deleteTraitUpload(@PathVariable UUID programId) { @Post("/programs/{programId}/trait-upload/{traitUploadId}") @Produces(MediaType.APPLICATION_JSON) - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse confirmTraitUpload(@PathVariable UUID programId, @PathVariable UUID traitUploadId) { try { diff --git a/src/main/java/org/breedinginsight/api/v1/controller/UserController.java b/src/main/java/org/breedinginsight/api/v1/controller/UserController.java index 360379a49..460c6c760 100644 --- a/src/main/java/org/breedinginsight/api/v1/controller/UserController.java +++ b/src/main/java/org/breedinginsight/api/v1/controller/UserController.java @@ -123,7 +123,7 @@ public HttpResponse>> postUsersSearch( @Post("/users") @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @Secured({"ADMIN"}) + @Secured("SYSTEM ADMINISTRATOR") public HttpResponse> createUser(@Body @Valid UserRequest requestUser){ try { @@ -165,7 +165,7 @@ public HttpResponse> updateUser(@PathVariable UUID userId, @Body @Delete("/users/{userId}") @Produces(MediaType.APPLICATION_JSON) - @Secured({"ADMIN"}) + @Secured("SYSTEM ADMINISTRATOR") public HttpResponse archiveUser(@PathVariable UUID userId){ try { @@ -184,7 +184,7 @@ public HttpResponse archiveUser(@PathVariable UUID userId){ @Put("users/{userId}/roles") @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @Secured({"ADMIN"}) + @Secured("SYSTEM ADMINISTRATOR") public HttpResponse> updateUserSystemRoles(@PathVariable UUID userId, @Body @Valid SystemRolesRequest requestUser) { try { @@ -206,7 +206,7 @@ public HttpResponse> updateUserSystemRoles(@PathVariable UUID use @Put("users/{userId}/resend-email") @Produces(MediaType.APPLICATION_JSON) - @Secured({"ADMIN"}) + @Secured("SYSTEM ADMINISTRATOR") public HttpResponse resendWelcomeEmail(@PathVariable UUID userId) { try { userService.createAndSendAccountToken(userId); diff --git a/src/main/java/org/breedinginsight/api/v1/controller/geno/GenotypeDataUploadController.java b/src/main/java/org/breedinginsight/api/v1/controller/geno/GenotypeDataUploadController.java index 5977bd504..df6615458 100644 --- a/src/main/java/org/breedinginsight/api/v1/controller/geno/GenotypeDataUploadController.java +++ b/src/main/java/org/breedinginsight/api/v1/controller/geno/GenotypeDataUploadController.java @@ -36,7 +36,7 @@ public GenotypeDataUploadController(GenotypeService genoService, SecurityService @Consumes(MediaType.MULTIPART_FORM_DATA) @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN}) public HttpResponse> uploadData(@PathVariable UUID programId, @PathVariable UUID experimentId, @Part("file") CompletedFileUpload upload) { AuthenticatedUser actingUser = securityService.getUser(); try { diff --git a/src/main/java/org/breedinginsight/brapps/importer/controllers/ImportController.java b/src/main/java/org/breedinginsight/brapps/importer/controllers/ImportController.java index c9ea3ec39..9555c3856 100644 --- a/src/main/java/org/breedinginsight/brapps/importer/controllers/ImportController.java +++ b/src/main/java/org/breedinginsight/brapps/importer/controllers/ImportController.java @@ -84,7 +84,7 @@ public HttpResponse>> getImportTypes @Get("/programs/{programId}/import/mappings{?draft}") @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN}) public HttpResponse>> getMappings(@PathVariable UUID programId, @QueryValue(defaultValue = "false") Boolean draft) { diff --git a/src/main/java/org/breedinginsight/brapps/importer/controllers/UploadController.java b/src/main/java/org/breedinginsight/brapps/importer/controllers/UploadController.java index 68c15014b..0943bdd81 100644 --- a/src/main/java/org/breedinginsight/brapps/importer/controllers/UploadController.java +++ b/src/main/java/org/breedinginsight/brapps/importer/controllers/UploadController.java @@ -56,7 +56,7 @@ public class UploadController { @Consumes(MediaType.MULTIPART_FORM_DATA) @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN}) public HttpResponse> uploadData(@PathVariable UUID programId, @PathVariable UUID mappingId, @Part("file") CompletedFileUpload file) { try { @@ -88,7 +88,7 @@ public HttpResponse> uploadData(@PathVariable UUID prog @Consumes(MediaType.MULTIPART_FORM_DATA) @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN}) public HttpResponse> getUploadData(@PathVariable UUID programId, @PathVariable UUID mappingId, @PathVariable UUID uploadId, @QueryValue(defaultValue = "false") Boolean mapping) { try { @@ -109,7 +109,7 @@ public HttpResponse> getUploadData(@PathVariable UUID p @Put("programs/{programId}/import/mappings/{mappingId}/data/{uploadId}/commit") @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN}) public HttpResponse> commitData(@PathVariable UUID programId, @PathVariable UUID mappingId, @PathVariable UUID uploadId, @Body @Nullable Map userInput) { try { @@ -135,7 +135,7 @@ public HttpResponse> commitData(@PathVariable UUID prog @Put("programs/{programId}/import/mappings/{mappingId}/data/{uploadId}/preview") @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN}) public HttpResponse> previewData(@PathVariable UUID programId, @PathVariable UUID mappingId, @PathVariable UUID uploadId) { try { @@ -161,7 +161,7 @@ public HttpResponse> previewData(@PathVariable UUID pro @Put("programs/{programId}/import/mappings/{mappingId}/workflows/{workflowId}/data/{uploadId}/preview") @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN}) public HttpResponse> previewData(@PathVariable UUID programId, @PathVariable UUID mappingId, @PathVariable String workflowId, @PathVariable UUID uploadId) { try { @@ -187,7 +187,7 @@ public HttpResponse> previewData(@PathVariable UUID pro @Put("programs/{programId}/import/mappings/{mappingId}/workflows/{workflowId}/data/{uploadId}/commit") @Produces(MediaType.APPLICATION_JSON) @AddMetadata - @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN}) + @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN}) public HttpResponse> commitData(@PathVariable UUID programId, @PathVariable UUID mappingId, @PathVariable String workflowId, @PathVariable UUID uploadId, @Body @Nullable Map userInput) { diff --git a/src/main/resources/db/migration/V1.25.0__update_roles.sql b/src/main/resources/db/migration/V1.25.0__update_roles.sql new file mode 100644 index 000000000..ff4f7b738 --- /dev/null +++ b/src/main/resources/db/migration/V1.25.0__update_roles.sql @@ -0,0 +1,28 @@ +/* + * See the NOTICE file distributed with this work for additional information + * regarding copyright ownership. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +UPDATE system_role +SET domain = 'System Administrator' +WHERE domain = 'admin'; + +UPDATE role +SET domain = 'Program Administrator' +WHERE domain = 'breeder'; + +UPDATE role +SET domain = 'Read Only' +WHERE domain = 'member'; \ No newline at end of file diff --git a/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java b/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java index f9367c6db..b3ef32a2b 100644 --- a/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java +++ b/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java @@ -289,7 +289,7 @@ public Species getTestSpecies() { public Role getTestRole() { List roles = roleService.getAll(); - return roles.stream().filter(role -> role.getDomain().equals("breeder")).collect(Collectors.toList()).get(0); + return roles.stream().filter(role -> role.getDomain().equals("Program Administrator")).collect(Collectors.toList()).get(0); } public Country getTestCountry() { @@ -2474,7 +2474,7 @@ public void searchProgramUsers() { SearchRequest searchRequest = new SearchRequest(); searchRequest.setFilters(new ArrayList<>()); - searchRequest.getFilters().add(new FilterRequest("roles", "breed")); + searchRequest.getFilters().add(new FilterRequest("roles", "Program Administrator")); Flowable> call = client.exchange( POST("/programs/" + validProgram.getId() + "/users/search?page=1&pageSize=20&sortField=roles&sortOrder=ASC", searchRequest).cookie(new NettyCookie("phylo-token", "test-registered-user")), String.class diff --git a/src/test/java/org/breedinginsight/api/v1/controller/TestTokenValidator.java b/src/test/java/org/breedinginsight/api/v1/controller/TestTokenValidator.java index 8e12633a5..644ddc046 100644 --- a/src/test/java/org/breedinginsight/api/v1/controller/TestTokenValidator.java +++ b/src/test/java/org/breedinginsight/api/v1/controller/TestTokenValidator.java @@ -56,7 +56,7 @@ public Publisher validateToken(String token) { Optional testUser = userService.getByOrcid(TEST_USER_ORCID); Map adminClaims = new HashMap<>(); List roles = new ArrayList<>(); - roles.add("ADMIN"); + roles.add("SYSTEM ADMINISTRATOR"); adminClaims.put("roles", roles); adminClaims.put("id", testUser.get().getId().toString()); return Flowable.just(new DefaultAuthentication(TEST_USER_ORCID, adminClaims)); @@ -77,7 +77,7 @@ public Publisher validateToken(String token) { } else if (token.equals("non-existent-user")){ Map adminClaims = new HashMap<>(); List roles = new ArrayList<>(); - roles.add("ADMIN"); + roles.add("SYSTEM ADMINISTRATOR"); adminClaims.put("roles", roles); adminClaims.put("id", NON_EXISTENT_USER_ID); return Flowable.just(new DefaultAuthentication(NON_EXISTENT_USER_ID, adminClaims)); @@ -85,7 +85,7 @@ public Publisher validateToken(String token) { Optional inactiveUser = userService.getByOrcid(INACTIVE_USER_ORCID); Map adminClaims = new HashMap<>(); List roles = new ArrayList<>(); - roles.add("ADMIN"); + roles.add("SYSTEM ADMINISTRATOR"); adminClaims.put("roles", roles); adminClaims.put("id", inactiveUser.get().getId().toString()); return Flowable.just(new DefaultAuthentication(INACTIVE_USER_ORCID, adminClaims)); diff --git a/src/test/java/org/breedinginsight/utilities/response/mappers/UserQueryMapperUnitTest.java b/src/test/java/org/breedinginsight/utilities/response/mappers/UserQueryMapperUnitTest.java index 1229f2597..8e5be117d 100644 --- a/src/test/java/org/breedinginsight/utilities/response/mappers/UserQueryMapperUnitTest.java +++ b/src/test/java/org/breedinginsight/utilities/response/mappers/UserQueryMapperUnitTest.java @@ -49,7 +49,7 @@ public void testMappings() { .name("Test User") .email("test@user.com") .orcid("000000-000000-000000-00000") - .systemRoles(List.of(SystemRole.builder().domain("admin").build())) + .systemRoles(List.of(SystemRole.builder().domain("System Administrator").build())) .programRoles(List.of(ProgramUser.builder().program(Program.builder().name("Test program").build()).build())) .active(false) .createdAt(OffsetDateTime.now()) diff --git a/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql b/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql index 42e5193e5..d413c28c1 100644 --- a/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql +++ b/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql @@ -35,14 +35,14 @@ join bi_user on bi_user.name = 'system' and program.name = 'Test Program' limit insert into program_user_role (program_id, user_id, role_id, created_by, updated_by) select program.id, bi_user.id, role.id, bi_user.id, bi_user.id from bi_user join program on program.name = 'Test Program' -join role on role.domain = 'member' +join role on role.domain = 'Read Only' where bi_user.name = 'Test User' -- name: InsertOtherTestProgramUser insert into program_user_role (program_id, user_id, role_id, created_by, updated_by) select program.id, bi_user.id, role.id, bi_user.id, bi_user.id from bi_user join program on program.name = 'Test Program' -join role on role.domain = 'member' +join role on role.domain = 'Read Only' where bi_user.name = 'Other Test User' -- name: InsertOtherProgram @@ -64,6 +64,6 @@ join bi_user on bi_user.name = 'system' and program.name = 'Other Test Program' insert into program_user_role (program_id, user_id, role_id, created_by, updated_by) select program.id, bi_user.id, role.id, bi_user.id, bi_user.id from bi_user join program on program.name = 'Other Test Program' -join role on role.domain = 'member' +join role on role.domain = 'Read Only' where bi_user.name = 'Other Test User' diff --git a/src/test/resources/sql/ProgramControllerIntegrationTest.sql b/src/test/resources/sql/ProgramControllerIntegrationTest.sql index 0c05b39d3..a1da2c56a 100644 --- a/src/test/resources/sql/ProgramControllerIntegrationTest.sql +++ b/src/test/resources/sql/ProgramControllerIntegrationTest.sql @@ -82,7 +82,7 @@ select bi_user.id, ?::uuid, role.id, bi_user.id, bi_user.id from bi_user -join role on role.domain = 'member' +join role on role.domain = 'Read Only' where bi_user.name like 'user1%'; @@ -91,7 +91,7 @@ select bi_user.id, ?::uuid, role.id, bi_user.id, bi_user.id from bi_user -join role on role.domain = 'breeder' +join role on role.domain = 'Program Administrator' where bi_user.name like 'user2%'; @@ -100,7 +100,7 @@ select bi_user.id, ?::uuid, role.id, bi_user.id, bi_user.id from bi_user -join role on role.domain = 'member' +join role on role.domain = 'Read Only' where bi_user.name like 'user2%'; @@ -109,6 +109,6 @@ select bi_user.id, ?::uuid, role.id, bi_user.id, bi_user.id from bi_user -join role on role.domain = 'breeder' +join role on role.domain = 'Program Administrator' where bi_user.name like 'user9'; \ No newline at end of file diff --git a/src/test/resources/sql/ProgramSecuredAnnotationRuleIntegrationTest.sql b/src/test/resources/sql/ProgramSecuredAnnotationRuleIntegrationTest.sql index 221d11009..17f08c19d 100644 --- a/src/test/resources/sql/ProgramSecuredAnnotationRuleIntegrationTest.sql +++ b/src/test/resources/sql/ProgramSecuredAnnotationRuleIntegrationTest.sql @@ -41,7 +41,7 @@ select ?::uuid, ?::uuid, role.id, bi_user.id, bi_user.id from bi_user -join role on role.domain = 'member'; +join role on role.domain = 'Read Only'; -- name: InsertProgramRolesBreeder @@ -50,7 +50,7 @@ select ?::uuid, ?::uuid, role.id, bi_user.id, bi_user.id from bi_user -join role on role.domain = 'breeder' +join role on role.domain = 'Program Administrator' where bi_user.name = 'system'; -- name: InsertSystemRoleAdmin @@ -60,6 +60,6 @@ select ?::uuid, system_role.id, bi_user.id, bi_user.id from bi_user join -system_role on system_role.domain = 'admin' +system_role on system_role.domain = 'System Administrator' where bi_user.name = 'system'; diff --git a/src/test/resources/sql/UploadControllerIntegrationTest.sql b/src/test/resources/sql/UploadControllerIntegrationTest.sql index ea205f4c7..17aabbec1 100644 --- a/src/test/resources/sql/UploadControllerIntegrationTest.sql +++ b/src/test/resources/sql/UploadControllerIntegrationTest.sql @@ -26,13 +26,13 @@ join bi_user on bi_user.name = 'system' limit 1; insert into program_user_role(program_id, user_id, role_id, active, created_by, updated_by) select program.id, bi_user.id, role.id, 'true', bi_user.id, bi_user.id from program join bi_user on bi_user.name = 'Test User' -join role on role.domain = 'breeder' limit 1; +join role on role.domain = 'Program Administrator' limit 1; -- name: InsertInactiveProgramUser insert into program_user_role(program_id, user_id, role_id, active, created_by, updated_by) select program.id, bi_user.id, role.id, 'false', bi_user.id, bi_user.id from program join bi_user on bi_user.name = 'Another Test User' -join role on role.domain = 'breeder' limit 1; +join role on role.domain = 'Program Administrator' limit 1; -- name: InsertProgramObservationLevel insert into program_observation_level(program_id, name, created_by, updated_by) diff --git a/src/test/resources/sql/UserControllerIntegrationTest.sql b/src/test/resources/sql/UserControllerIntegrationTest.sql index 4363f73a3..55cafed8d 100644 --- a/src/test/resources/sql/UserControllerIntegrationTest.sql +++ b/src/test/resources/sql/UserControllerIntegrationTest.sql @@ -30,7 +30,7 @@ insert into program_user_role (program_id, user_id, role_id, created_by, updated select program.id, bi_user.id, role.id, system_user.id, system_user.id from program join bi_user on bi_user.name = 'Test User' or bi_user.name = 'Other Test User' -join role on role.domain = 'member' +join role on role.domain = 'Read Only' join bi_user as system_user on system_user.name = 'system' where program.name = 'Test Program'; @@ -38,7 +38,7 @@ insert into program_user_role (program_id, user_id, role_id, active, created_by, select program.id, bi_user.id, role.id, false, system_user.id, system_user.id from program join bi_user on bi_user.name = 'Test User' or bi_user.name = 'Other Test User' -join role on role.domain = 'member' +join role on role.domain = 'Read Only' join bi_user as system_user on system_user.name = 'system' where program.name = 'Test Program1'; @@ -98,7 +98,7 @@ values insert into system_user_role (bi_user_id, system_role_id, created_by, updated_by) select bi_user.id, system_role.id, user_id, user_id from bi_user -join system_role on system_role.domain = 'admin' where bi_user.name like 'user1%'; +join system_role on system_role.domain = 'System Administrator' where bi_user.name like 'user1%'; insert into program_user_role (user_id, program_id, role_id, created_by, updated_by) @@ -106,7 +106,7 @@ select bi_user.id, program1, role.id, bi_user.id, bi_user.id from bi_user -join role on role.domain = 'member' +join role on role.domain = 'Read Only' where bi_user.name like 'user%'; @@ -115,7 +115,7 @@ select bi_user.id, program2, role.id, bi_user.id, bi_user.id from bi_user -join role on role.domain = 'breeder' +join role on role.domain = 'Program Administrator' where bi_user.name like 'user2%'; @@ -132,5 +132,5 @@ select ?::uuid, system_role.id, bi_user.id, bi_user.id from bi_user join -system_role on system_role.domain = 'admin' +system_role on system_role.domain = 'System Administrator' where bi_user.name = 'system'; \ No newline at end of file