feat: add POST /rolePermissionsMapping for adding new rolePermissions…

…Mapping entry #144
JanssenProject · Jan 6, 2022 · 4b2bea7 · 4b2bea7
1 parent 8d525a7
commit 4b2bea7
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 25 deletions.
diff --git a/...n-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java b/...n-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java
@@ -207,6 +207,25 @@ public Response getAdminUIRolePermissionsMapping() {
         }
     }
 
+    @POST
+    @Path(ROLE_PERMISSIONS_MAPPING)
+    @Produces(MediaType.APPLICATION_JSON)
+    @ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_WRITE)
+    public Response addPermissionsToRole(@Valid @NotNull RolePermissionMapping rolePermissionMappingArg) {
+        try {
+            log.info("Adding role-permissions to Admin-UI.");
+            List<RolePermissionMapping> roleScopeMapping = userManagementService.addPermissionsToRole(rolePermissionMappingArg);
+            log.info("Added role-permissions to Admin-UI..");
+            return Response.ok(roleScopeMapping).build();
+        } catch (ApplicationException e) {
+            log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e);
+            return Response.status(e.getErrorCode()).entity(e.getMessage()).build();
+        } catch (Exception e) {
+            log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e);
+            return Response.serverError().entity(e.getMessage()).build();
+        }
+    }
+
     @PUT
     @Path(ROLE_PERMISSIONS_MAPPING)
     @Produces(MediaType.APPLICATION_JSON)

diff --git a/...ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java b/...ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java
@@ -8,6 +8,7 @@
 import io.jans.ca.plugin.adminui.model.exception.ApplicationException;
 import io.jans.ca.plugin.adminui.utils.ErrorResponse;
 import io.jans.orm.PersistenceEntryManager;
+import org.apache.commons.collections.CollectionUtils;
 import org.slf4j.Logger;
 
 import javax.inject.Inject;
@@ -211,6 +212,53 @@ public List<RolePermissionMapping> getAdminUIRolePermissionsMapping() throws App
         }
     }
 
+    public List<RolePermissionMapping> addPermissionsToRole(RolePermissionMapping rolePermissionMappingArg) throws ApplicationException {
+        try {
+            AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN);
+            List<AdminRole> roles = adminConf.getDynamic().getRoles();
+            List<AdminPermission> permissions = adminConf.getDynamic().getPermissions();
+
+            if (roles.stream().noneMatch(ele -> ele.getRole().equals(rolePermissionMappingArg.getRole()))) {
+                log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription());
+                throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription());
+            }
+            if (permissions.stream().noneMatch(ele -> rolePermissionMappingArg.getPermissions().contains(ele.getPermission()))) {
+                log.error(ErrorResponse.PERMISSION_NOT_FOUND.getDescription());
+                throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.PERMISSION_NOT_FOUND.getDescription());
+            }
+
+            List<RolePermissionMapping> roleScopeMappingList = adminConf.getDynamic().getRolePermissionMapping()
+                    .stream().filter(ele -> ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
+                    .collect(Collectors.toList());
+
+            if (CollectionUtils.isNotEmpty(roleScopeMappingList)) {
+                log.warn(ErrorResponse.ROLE_PERMISSION_MAPPING_PRESENT.getDescription());
+                throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_PERMISSION_MAPPING_PRESENT.getDescription());
+            }
+
+            //create new RolePermissionMapping
+            RolePermissionMapping rolePermissionMapping = new RolePermissionMapping();
+            //add role to it
+            rolePermissionMapping.setRole(rolePermissionMappingArg.getRole());
+            //remove duplicate permissions
+            Set<String> scopesSet = new LinkedHashSet<>(rolePermissionMappingArg.getPermissions());
+            List<String> combinedScopes = new ArrayList<>(scopesSet);
+            rolePermissionMapping.setPermissions(combinedScopes);
+            //add permission
+            roleScopeMappingList.add(rolePermissionMapping);
+            adminConf.getDynamic().getRolePermissionMapping().addAll(roleScopeMappingList);
+
+            entryManager.merge(adminConf);
+            return adminConf.getDynamic().getRolePermissionMapping();
+        } catch (ApplicationException e) {
+            log.error(e.getMessage());
+            throw e;
+        } catch (Exception e) {
+            log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e);
+            throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription());
+        }
+    }
+
     public List<RolePermissionMapping> mapPermissionsToRole(RolePermissionMapping rolePermissionMappingArg) throws ApplicationException {
         try {
             AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN);
@@ -245,8 +293,8 @@ public List<RolePermissionMapping> mapPermissionsToRole(RolePermissionMapping ro
             }
 
             //remove duplicate permissions
-            Set<String> scopesSet = new LinkedHashSet<>(mappedPermissions);
-            scopesSet.addAll(rolePermissionMappingArg.getPermissions());
+            Set<String> scopesSet = new LinkedHashSet<>(rolePermissionMappingArg.getPermissions());
+            //scopesSet.addAll(rolePermissionMappingArg.getPermissions());
             List<String> combinedScopes = new ArrayList<>(scopesSet);
 
             if (adminConf.getDynamic().getRolePermissionMapping()
@@ -263,7 +311,7 @@ public List<RolePermissionMapping> mapPermissionsToRole(RolePermissionMapping ro
             entryManager.merge(adminConf);
             return adminConf.getDynamic().getRolePermissionMapping();
         } catch (ApplicationException e) {
-            log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription());
+            log.error(e.getMessage());
             throw e;
         } catch (Exception e) {
             log.error(ErrorResponse.ERROR_IN_MAPPING_ROLE_PERMISSION.getDescription(), e);
@@ -275,31 +323,12 @@ public List<RolePermissionMapping> removePermissionsFromRole(RolePermissionMappi
         try {
             AdminConf adminConf = entryManager.find(AdminConf.class, CONFIG_DN);
             List<RolePermissionMapping> roleScopeMapping = adminConf.getDynamic().getRolePermissionMapping()
-                    .stream().filter(ele -> ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
+                    .stream().filter(ele -> !ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
                     .collect(Collectors.toList());
-
-            if (roleScopeMapping == null || roleScopeMapping.isEmpty()) {
-                log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription());
-                throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription());
-            }
-
-            Optional<RolePermissionMapping> rolePermissionMappingOptional = roleScopeMapping.stream().findFirst();
-
-            if (rolePermissionMappingOptional.isPresent()) {
-                List<String> permissions = rolePermissionMappingOptional.get().getPermissions();
-                permissions.removeIf(ele -> rolePermissionMappingArg.getPermissions().contains(ele));
-
-                adminConf.getDynamic().getRolePermissionMapping()
-                        .stream().filter(ele -> ele.getRole().equalsIgnoreCase(rolePermissionMappingArg.getRole()))
-                        .collect(Collectors.toList()).forEach(ele -> ele.setPermissions(permissions));
-
-                entryManager.merge(adminConf);
-            }
+            adminConf.getDynamic().setRolePermissionMapping(roleScopeMapping);
+            entryManager.merge(adminConf);
 
             return adminConf.getDynamic().getRolePermissionMapping();
-        } catch (ApplicationException e) {
-            log.error(ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription());
-            throw e;
         } catch (Exception e) {
             log.error(ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription(), e);
             throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.ERROR_IN_DELETING_ROLE_PERMISSION.getDescription());

diff --git a/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java b/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java
@@ -20,6 +20,7 @@ public enum ErrorResponse {
     PERMISSION_NOT_FOUND("Bad Request: Admin UI permission not found in Auth Server."),
     ERROR_IN_MAPPING_ROLE_PERMISSION("Error in mapping role-permission."),
     ERROR_IN_DELETING_ROLE_PERMISSION("Error in deleting role-permission."),
+    ROLE_PERMISSION_MAPPING_PRESENT("Role permission mapping already present. Please use HTTP PUT request to modify mapping."),
     GET_ADMIUI_ROLES_ERROR("Error in fetching Admin UI roles."),
     SAVE_ADMIUI_ROLES_ERROR("Error in saving Admin UI roles."),
     EDIT_ADMIUI_ROLES_ERROR("Error in editing Admin UI roles."),