Remove Role enum and GroupRoleCheck

[#150118440] https://www.pivotaltracker.com/story/show/150118440

Signed-off-by: Mikhail Vyshegorodtsev <medvedzver@inbox.ru>

model/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimGroupMember.java

@@ -16,9 +16,6 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import org.cloudfoundry.identity.uaa.constants.OriginKeys;
 
-import java.util.Arrays;
-import java.util.List;
-
 @JsonInclude(JsonInclude.Include.NON_NULL)
 public class ScimGroupMember<TEntity extends ScimCore> {
 
@@ -30,13 +27,21 @@ public void setEntity(TEntity entity) {
         this.entity = entity;
     }
 
-    @JsonInclude(JsonInclude.Include.NON_NULL)
-    public enum Role {
-        MEMBER, READER, WRITER
+    public ScimGroupMember() {
     }
 
-    public static final List<Role> GROUP_MEMBER = Arrays.asList(Role.MEMBER);
-    public static final List<Role> GROUP_ADMIN = Arrays.asList(Role.READER, Role.WRITER);
+    public ScimGroupMember(String memberId) {
+        this(memberId, Type.USER);
+    }
+
+    public ScimGroupMember(TEntity entity) {
+        this(entity.getId(), getEntityType(entity));
+    }
+
+    public ScimGroupMember(String memberId, Type type) {
+        this.memberId = memberId;
+        this.type = type;
+    }
 
     @JsonProperty("value")
     private String memberId;
@@ -54,16 +59,6 @@ public enum Type {
 
     private TEntity entity;
 
-//    @JsonIgnore
-//    private List<Role> roles;
-//
-//    public List<Role> getRoles() {
-//        return new LinkedList<>();
-//    }
-//
-//    public void setRoles(List<Role> permissions) {
-//    }
-
     public String getMemberId() {
         return memberId;
     }
@@ -123,28 +118,8 @@ public int hashCode() {
         return result;
     }
 
-    public ScimGroupMember() {
-    }
-
-    public ScimGroupMember(String memberId) {
-        this(memberId, Type.USER);
-    }
 
 
-    public ScimGroupMember(String memberId, Type type) {
-        this.memberId = memberId;
-        this.type = type;
-    }
-
-    public ScimGroupMember(TEntity entity) {
-        this(entity, GROUP_MEMBER);
-    }
-
-    public ScimGroupMember(TEntity entity, List<Role> roles) {
-        this(entity.getId(), getEntityType(entity));
-        this.entity = entity;
-    }
-
     private static Type getEntityType(ScimCore entity) {
         Type type = null;
         if(entity instanceof ScimGroup) { type = Type.GROUP; }

server/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimGroupMembershipManager.java

@@ -46,18 +46,6 @@ ScimGroupMember addMember(String groupId, ScimGroupMember member, final String z
     List<ScimGroupMember> getMembers(String groupId, boolean includeEntities, String zoneId)
         throws ScimResourceNotFoundException;
 
-    /**
-     * Retrieve members that have the specified authority on the group
-     *
-     * @param groupId
-     * @param permission
-     * @param zoneId
-     * @return
-     * @throws ScimResourceNotFoundException
-     */
-    List<ScimGroupMember> getMembers(String groupId, ScimGroupMember.Role permission, final String zoneId)
-        throws ScimResourceNotFoundException;
-
     /**
      * Retrieve all groups that the given member belongs to
      *

server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManager.java

@@ -67,8 +67,6 @@ public class JdbcScimGroupMembershipManager implements ScimGroupMembershipManage
 
     public static final String GET_GROUPS_BY_MEMBER_SQL = String.format("select distinct(group_id) from %s where member_id=? and identity_zone_id=?", MEMBERSHIP_TABLE);
 
-    public static final String GET_MEMBERS_WITH_AUTHORITY_SQL = String.format("select %s from %s where group_id=? and lower(authorities) like ? and identity_zone_id=?", MEMBERSHIP_FIELDS,MEMBERSHIP_TABLE);
-
     public static final String GET_MEMBERS_SQL = String.format("select %s from %s where group_id=? and identity_zone_id=?",MEMBERSHIP_FIELDS, MEMBERSHIP_TABLE);
 
     public static final String GET_MEMBER_SQL = String.format("select %s from %s where member_id=? and group_id=? and identity_zone_id=?",MEMBERSHIP_FIELDS, MEMBERSHIP_TABLE);
@@ -154,17 +152,14 @@ public ScimGroupMember addMember(final String groupId, final ScimGroupMember mem
         final String type = (member.getType() == null ? ScimGroupMember.Type.USER : member.getType()).toString();
         try {
             logger.debug("Associating group:"+groupId+" with member:"+member);
-            jdbcTemplate.update(ADD_MEMBER_SQL, new PreparedStatementSetter() {
-                @Override
-                public void setValues(PreparedStatement ps) throws SQLException {
-                    ps.setString(1, groupId);
-                    ps.setString(2, member.getMemberId());
-                    ps.setString(3, type);
-                    ps.setNull(4, Types.NVARCHAR);
-                    ps.setTimestamp(5, new Timestamp(new Date().getTime()));
-                    ps.setString(6, member.getOrigin());
-                    ps.setString(7, zoneId);
-                }
+            jdbcTemplate.update(ADD_MEMBER_SQL, ps -> {
+                ps.setString(1, groupId);
+                ps.setString(2, member.getMemberId());
+                ps.setString(3, type);
+                ps.setNull(4, Types.VARCHAR);
+                ps.setTimestamp(5, new Timestamp(new Date().getTime()));
+                ps.setString(6, member.getOrigin());
+                ps.setString(7, zoneId);
             });
         } catch (DuplicateKeyException e) {
             throw new MemberAlreadyExistsException(member.getMemberId() + " is already part of the group: " + groupId);
@@ -260,23 +255,6 @@ public Set<ScimGroup> getGroupsWithExternalMember(final String memberId, final S
         return new HashSet<>(results);
     }
 
-    @Override
-    public List<ScimGroupMember> getMembers(final String groupId, final ScimGroupMember.Role permission, final String zoneId)
-                    throws ScimResourceNotFoundException {
-        logger.debug("getting members of type: " + permission + " from group: " + groupId);
-        List<ScimGroupMember> members = new ArrayList<ScimGroupMember>();
-        members.addAll(jdbcTemplate.query(GET_MEMBERS_WITH_AUTHORITY_SQL, new PreparedStatementSetter() {
-            @Override
-            public void setValues(PreparedStatement ps) throws SQLException {
-                ps.setString(1, groupId);
-                ps.setString(2, "%" + permission.toString().toLowerCase() + "%");
-                ps.setString(3, zoneId);
-            }
-        }, rowMapper)
-                        );
-        return members;
-    }
-
     @Override
     public ScimGroupMember getMemberById(String groupId, String memberId, String zoneId) throws ScimResourceNotFoundException,
                     MemberNotFoundException {

server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java

@@ -59,6 +59,7 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNotSame;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
@@ -469,58 +470,33 @@ public void canGetMembers_Fails_In_Other_Zone() throws Exception {
         assertEquals(0, dao.getMembers("g1", false, IdentityZoneHolder.get().getId()).size());
     }
 
-//    @Test
-//    public void testBackwardsCompatibilityToMemberAuthorities() {
-//        addMember("g1", "m1", "USER", "READ");
-//        addMember("g1", "g2", "GROUP", "member");
-//        addMember("g1", "m2", "USER", "READER,write");
-//
-//        List<ScimGroupMember> members = dao.getMembers("g1", false, IdentityZoneHolder.get().getId());
-//        assertNotNull(members);
-//        assertEquals(3, members.size());
-//        List<ScimGroupMember> readers = new ArrayList<ScimGroupMember>(), writers = new ArrayList<ScimGroupMember>();
-//        for (ScimGroupMember member : members) {
-//            if (member.getRoles().contains(ScimGroupMember.Role.READER)) {
-//                readers.add(member);
-//            }
-//            if (member.getRoles().contains(ScimGroupMember.Role.WRITER)) {
-//                writers.add(member);
-//            }
-//        }
-//        assertEquals(2, readers.size());
-//        assertEquals(1, writers.size());
-//    }
-
     @Test
-    public void canGetDefaultGroupsUsingGetGroupsForMember() {
-        Set<ScimGroup> groups = dao.getGroupsWithMember("m1", false, IdentityZoneHolder.get().getId());
-        assertNotNull(groups);
-        assertEquals(1, groups.size());
+    public void canReadNullFromAuthoritiesColumn() {
+        String addNullAuthoritySQL =
+            "insert into group_membership (group_id, member_id, member_type, authorities, origin, identity_zone_id) values ('%s', '%s', '%s', NULL, '%s', '%s')";
+        jdbcTemplate.execute(String.format(addNullAuthoritySQL, "g1", "m1", "USER", "uaa", IdentityZoneHolder.get().getId()));
+
+        ScimGroupMember member = dao.getMemberById("g1", "m1", IdentityZoneHolder.get().getId());
+        assertNotNull(member);
+        assertEquals("m1", member.getMemberId());
     }
 
     @Test
-    public void canGetAdminMembers() {
-        addMember("g1", "m3", "USER", "READER,WRITER");
-        addMember("g1", "g2", "GROUP", "READER");
+    public void canReadNonNullFromAuthoritiesColumn() {
+        String addNullAuthoritySQL =
+            "insert into group_membership (group_id, member_id, member_type, authorities, origin, identity_zone_id) values ('%s', '%s', '%s', '%s', '%s', '%s')";
+        jdbcTemplate.execute(String.format(addNullAuthoritySQL, "g1", "m1", "USER", "ANYTHING", "uaa", IdentityZoneHolder.get().getId()));
 
-        assertEquals(1, dao.getMembers("g1", ScimGroupMember.Role.WRITER, IdentityZoneHolder.get().getId()).size());
-        assertTrue(dao.getMembers("g1", ScimGroupMember.Role.WRITER, IdentityZoneHolder.get().getId()).contains(new ScimGroupMember("m3")));
-
-        assertEquals(0, dao.getMembers("g2", ScimGroupMember.Role.WRITER, IdentityZoneHolder.get().getId()).size());
+        ScimGroupMember member = dao.getMemberById("g1", "m1", IdentityZoneHolder.get().getId());
+        assertNotNull(member);
+        assertEquals("m1", member.getMemberId());
     }
 
     @Test
-    public void canGetMembersByAuthority() {
-        addMember("g1", "m3", "USER", "READER,WRITER");
-        addMember("g1", "g2", "GROUP", "READER,MEMBER");
-        addMember("g2", "g3", "GROUP", "MEMBER");
-
-        assertEquals(1, dao.getMembers("g1", ScimGroupMember.Role.MEMBER, IdentityZoneHolder.get().getId()).size());
-        assertEquals(2, dao.getMembers("g1", ScimGroupMember.Role.READER, IdentityZoneHolder.get().getId()).size());
-        assertEquals(1, dao.getMembers("g1", ScimGroupMember.Role.WRITER, IdentityZoneHolder.get().getId()).size());
-
-        assertEquals(1, dao.getMembers("g2", ScimGroupMember.Role.MEMBER, IdentityZoneHolder.get().getId()).size());
-        assertEquals(0, dao.getMembers("g2", ScimGroupMember.Role.WRITER, IdentityZoneHolder.get().getId()).size());
+    public void canGetDefaultGroupsUsingGetGroupsForMember() {
+        Set<ScimGroup> groups = dao.getGroupsWithMember("m1", false, IdentityZoneHolder.get().getId());
+        assertNotNull(groups);
+        assertEquals(1, groups.size());
     }
 
     @Test