Skip to content

Commit

Permalink
Merge pull request #145 from JanssenProject/issue#144
Browse files Browse the repository at this point in the history 
feat: add POST /rolePermissionsMapping for adding new rolePermissionsMapping entry #144
  • Loading branch information
@syntrydy
syntrydy committed Jan 7, 2022
2 parents 6463758 + 41d5913 commit 3ef9dcf
Show file tree
Hide file tree
Showing 4 changed files with 111 additions and 45 deletions.
34 changes: 32 additions & 2 deletions docs/jans-config-api-swagger.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3066,7 +3066,7 @@ paths:
description: Get admin ui role-permissions mapping.
operationId: get-adminui-role-permissions
security:
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.read]
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly]
responses:
'200':
description: OK
Expand All @@ -3084,6 +3084,36 @@ paths:
$ref: '#/components/responses/Unauthorized'
'500':
$ref: '#/components/responses/InternalServerError'
post:
tags:
- Admin UI - Role-Permissions Mapping
summary: Add role-permissions mapping.
description: Add role-permissions mapping.
operationId: Add role-permissions mapping.
security:
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write]
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RolePermissionMapping'
responses:
'200':
description: OK
content:
application/json:
schema:
title: Add role-permissions mapping.
description: Add role-permissions mapping.
type: array
items:
$ref: '#/components/schemas/RolePermissionMapping'
'400':
$ref: '#/components/responses/NotAcceptable'
'401':
$ref: '#/components/responses/Unauthorized'
'500':
$ref: '#/components/responses/InternalServerError'
put:
tags:
- Admin UI - Role-Permissions Mapping
Expand Down Expand Up @@ -3152,7 +3182,7 @@ paths:
description: Get admin ui license details.
operationId: get-adminui-license
security:
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/license.read]
- oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly]
responses:
'200':
description: OK
Expand Down
19 changes: 19 additions & 0 deletions ...n-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,25 @@ public Response getAdminUIRolePermissionsMapping() {
}
}

@POST
@Path(ROLE_PERMISSIONS_MAPPING)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_WRITE)
public Response addPermissionsToRole(@Valid @NotNull RolePermissionMapping rolePermissionMappingArg) {
try {
log.info("Adding role-permissions to Admin-UI.");
List<RolePermissionMapping> roleScopeMapping = userManagementService.addPermissionsToRole(rolePermissionMappingArg);
log.info("Added role-permissions to Admin-UI..");
return Response.ok(roleScopeMapping).build();
} catch (ApplicationException e) {
log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e);
return Response.status(e.getErrorCode()).entity(e.getMessage()).build();
} catch (Exception e) {
log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e);
return Response.serverError().entity(e.getMessage()).build();
}
}

@PUT
@Path(ROLE_PERMISSIONS_MAPPING)
@Produces(MediaType.APPLICATION_JSON)
Expand Down
102 changes: 59 additions & 43 deletions ...ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import io.jans.ca.plugin.adminui.model.exception.ApplicationException;
import io.jans.ca.plugin.adminui.utils.ErrorResponse;
import io.jans.orm.PersistenceEntryManager;
import org.apache.commons.collections.CollectionUtils;
import org.slf4j.Logger;

import javax.inject.Inject;
Expand Down Expand Up @@ -211,24 +212,43 @@ public List<RolePermissionMapping> getAdminUIRolePermissionsMapping() throws App
}
}

public List<RolePermissionMapping> mapPermissionsToRole(RolePermissionMapping rolePermissionMappingArg) throws ApplicationException {
public List<RolePermissionMapping> addPermissionsToRole(RolePermissionMapping rolePermissionMappingArg) throws ApplicationException {
try {
AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN);
List<AdminRole> roles = adminConf.getDynamic().getRoles();
List<AdminPermission> permissions = adminConf.getDynamic().getPermissions();
List<RolePermissionMapping> roleScopeMappingList = getRolePermMapByRole(adminConf, rolePermissionMappingArg);

if (roles.stream().noneMatch(ele -> ele.getRole().equals(rolePermissionMappingArg.getRole()))) {
log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription());
throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription());
}
if (permissions.stream().noneMatch(ele -> rolePermissionMappingArg.getPermissions().contains(ele.getPermission()))) {
log.error(ErrorResponse.PERMISSION_NOT_FOUND.getDescription());
throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.PERMISSION_NOT_FOUND.getDescription());
if (CollectionUtils.isNotEmpty(roleScopeMappingList)) {
log.warn(ErrorResponse.ROLE_PERMISSION_MAPPING_PRESENT.getDescription());
throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_PERMISSION_MAPPING_PRESENT.getDescription());
}

List<RolePermissionMapping> roleScopeMappingList = adminConf.getDynamic().getRolePermissionMapping()
.stream().filter(ele -> ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
.collect(Collectors.toList());
//create new RolePermissionMapping
RolePermissionMapping rolePermissionMapping = new RolePermissionMapping();
//add role to it
rolePermissionMapping.setRole(rolePermissionMappingArg.getRole());
//remove duplicate permissions
Set<String> scopesSet = new LinkedHashSet<>(rolePermissionMappingArg.getPermissions());
List<String> combinedScopes = new ArrayList<>(scopesSet);
rolePermissionMapping.setPermissions(combinedScopes);
//add permission
roleScopeMappingList.add(rolePermissionMapping);
adminConf.getDynamic().getRolePermissionMapping().addAll(roleScopeMappingList);

entryManager.merge(adminConf);
return adminConf.getDynamic().getRolePermissionMapping();
} catch (ApplicationException e) {
log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription());
throw e;
} catch (Exception e) {
log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e);
throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription());
}
}

public List<RolePermissionMapping> mapPermissionsToRole(RolePermissionMapping rolePermissionMappingArg) throws ApplicationException {
try {
AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN);
List<RolePermissionMapping> roleScopeMappingList = getRolePermMapByRole(adminConf, rolePermissionMappingArg);

if (roleScopeMappingList == null || roleScopeMappingList.isEmpty()) {
RolePermissionMapping rolePermissionMapping = new RolePermissionMapping();
Expand All @@ -238,15 +258,8 @@ public List<RolePermissionMapping> mapPermissionsToRole(RolePermissionMapping ro
roleScopeMappingList.add(rolePermissionMapping);
}

Optional<RolePermissionMapping> rolePermissionMappingOptional = roleScopeMappingList.stream().findFirst();
List<String> mappedPermissions = Lists.newArrayList();
if (rolePermissionMappingOptional.isPresent()) {
mappedPermissions = rolePermissionMappingOptional.get().getPermissions();
}

//remove duplicate permissions
Set<String> scopesSet = new LinkedHashSet<>(mappedPermissions);
scopesSet.addAll(rolePermissionMappingArg.getPermissions());
Set<String> scopesSet = new LinkedHashSet<>(rolePermissionMappingArg.getPermissions());
List<String> combinedScopes = new ArrayList<>(scopesSet);

if (adminConf.getDynamic().getRolePermissionMapping()
Expand Down Expand Up @@ -275,34 +288,37 @@ public List<RolePermissionMapping> removePermissionsFromRole(RolePermissionMappi
try {
AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN);
List<RolePermissionMapping> roleScopeMapping = adminConf.getDynamic().getRolePermissionMapping()
.stream().filter(ele -> ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
.stream().filter(ele -> !ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
.collect(Collectors.toList());

if (roleScopeMapping == null || roleScopeMapping.isEmpty()) {
log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription());
throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription());
}

Optional<RolePermissionMapping> rolePermissionMappingOptional = roleScopeMapping.stream().findFirst();

if (rolePermissionMappingOptional.isPresent()) {
List<String> permissions = rolePermissionMappingOptional.get().getPermissions();
permissions.removeIf(ele -> rolePermissionMappingArg.getPermissions().contains(ele));

adminConf.getDynamic().getRolePermissionMapping()
.stream().filter(ele -> ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
.collect(Collectors.toList()).forEach(ele -> ele.setPermissions(permissions));

entryManager.merge(adminConf);
}
adminConf.getDynamic().setRolePermissionMapping(roleScopeMapping);
entryManager.merge(adminConf);

return adminConf.getDynamic().getRolePermissionMapping();
} catch (ApplicationException e) {
log.error(ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription());
throw e;
} catch (Exception e) {
log.error(ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription(), e);
throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription());
}
}

private List<RolePermissionMapping> getRolePermMapByRole(AdminConf adminConf, RolePermissionMapping rolePermissionMappingArg) throws ApplicationException {
validateRolePermissionMapping(adminConf, rolePermissionMappingArg);

return adminConf.getDynamic().getRolePermissionMapping()
.stream().filter(ele -> ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
.collect(Collectors.toList());
}

private void validateRolePermissionMapping(AdminConf adminConf, RolePermissionMapping rolePermissionMappingArg) throws ApplicationException {
List<AdminRole> roles = adminConf.getDynamic().getRoles();
List<AdminPermission> permissions = adminConf.getDynamic().getPermissions();

if (roles.stream().noneMatch(ele -> ele.getRole().equals(rolePermissionMappingArg.getRole()))) {
log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription());
throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription());
}
if (permissions.stream().noneMatch(ele -> rolePermissionMappingArg.getPermissions().contains(ele.getPermission()))) {
log.error(ErrorResponse.PERMISSION_NOT_FOUND.getDescription());
throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.PERMISSION_NOT_FOUND.getDescription());
}
}
}
1 change: 1 addition & 0 deletions plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ public enum ErrorResponse {
PERMISSION_NOT_FOUND("Bad Request: Admin UI permission not found in Auth Server."),
ERROR_IN_MAPPING_ROLE_PERMISSION("Error in mapping role-permission."),
ERROR_IN_DELETING_ROLE_PERMISSION("Error in deleting role-permission."),
ROLE_PERMISSION_MAPPING_PRESENT("Role permission mapping already present. Please use HTTP PUT request to modify mapping."),
GET_ADMIUI_ROLES_ERROR("Error in fetching Admin UI roles."),
SAVE_ADMIUI_ROLES_ERROR("Error in saving Admin UI roles."),
EDIT_ADMIUI_ROLES_ERROR("Error in editing Admin UI roles."),
Expand Down

0 comments on commit 3ef9dcf

Please sign in to comment.