Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: Introduce administrative permission service #3172

Merged
merged 29 commits into from Apr 9, 2024
Merged

refactor: Introduce administrative permission service #3172

merged 29 commits into from Apr 9, 2024

Conversation

seakayone
Copy link
Collaborator

@seakayone seakayone commented Apr 5, 2024
edited

  • refactor: Rename PermissionResponder and add AdministrativePermissionService
  • Integrate AdministrativePermissionService into PermissionsResponder and PermissionsRestService
  • disable login for builtIn users
  • fmt
  • refactor: make org.knora.webapi.responders.admin.PermissionsResponder#permissionsDataGetADM accept only a KnoraUser
  • simplify
  • rename getPermissionData
  • remove PermissionDataGetADM
  • move code which calculates User permissions from PermissionsResponder to KnoraUserToUserConverter

Pull Request Checklist

Task Description/Number

Issue Number: DEV-

PR Type

  • build/chore: maintenance tasks (no production code change)
  • docs: documentation changes (no production code change)
  • feat: represents new features
  • fix: represents bug fixes
  • perf: performance improvements
  • refactor: represents production code refactoring
  • test: adding or refactoring tests (no production code change)
  • deprecated: Deprecation warning (ideally referencing a migration guide)

Basic requirements for bug fixes and features

  • Tests for the changes have been added
  • Docs have been added / updated

Does this PR introduce a breaking change?

  • Yes

Does this PR change client-test-data?

  • Yes

@seakayone seakayone force-pushed the refactor/introduce-administrative-permission-service branch from f623943 to 817e78a Compare April 5, 2024 15:11
@codecov Codecov
Copy link

codecov bot commented Apr 5, 2024
edited

Codecov Report

Attention: Patch coverage is 93.96552% with 7 lines in your changes are missing coverage. Please review.

Project coverage is 88.80%. Comparing base (a622e4f) to head (055c4e3).
Report is 3 commits behind head on main.

❗ Current head 055c4e3 differs from pull request most recent head 9085f84. Consider uploading reports for the commit 9085f84 to get more accurate results

Files Patch % Lines
...webapi/responders/admin/PermissionsResponder.scala 95.12% 4 Missing ⚠️
...r/permissionsmessages/PermissionsMessagesADM.scala 87.50% 1 Missing ⚠️
...ice/admin/api/service/PermissionsRestService.scala 85.71% 1 Missing ⚠️
...bapi/slice/admin/domain/service/GroupService.scala 88.88% 1 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #3172       +/-   ##
===========================================
+ Coverage   13.22%   88.80%   +75.57%     
===========================================
  Files         270      271        +1     
  Lines       22244    22206       -38     
===========================================
+ Hits         2941    19719    +16778     
+ Misses      19303     2487    -16816

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@seakayone seakayone force-pushed the refactor/introduce-administrative-permission-service branch 2 times, most recently from 0e31326 to 06bd4ee Compare April 8, 2024 11:50
@seakayone
refactor: Rename PermissionResponder and add AdministrativePermission…
1dfa7f4 
…Service
@seakayone
Integrate AdministrativePermissionService into PermissionsResponder a…
7f1d222 
…nd PermissionsRestService
@seakayone
disable login for builtIn users
c97b28d
@seakayone
fmt
81962ae
@seakayone
refactor: make org.knora.webapi.responders.admin.PermissionsResponder…
665e1fb 
…#permissionsDataGetADM accept only a KnoraUser
@seakayone
simplify
fa414e7
@seakayone
rename getPermissionData
853d63c
@seakayone
cleanup spec
023fd87
@seakayone
cleanup GroupService
01a92a8
@seakayone
header
0c75589
@seakayone
Use ZIO.foreach (simplify)
bbe4779
@seakayone
Use ZIO.foreach (simplify)
f993963
@seakayone
cleanup
c60b915
@seakayone
remove unused tuple part
f086ef2
@seakayone
simplify
2a12b16
@seakayone
simplify
2ff0400
@seakayone
simplify
58966b5
@seakayone
simplify
53a26ac
@seakayone
fmt
7619126
@seakayone
cleanup
73ff423
@seakayone
add types
e3714d9
@seakayone
fmt
c717468
@seakayone
move code to KnoraUserToUserConverter
3c79e8c
@seakayone
improve type safety internally
e90b109
@seakayone
migrate KnoraUserToUserConverterSpec to zio-test E2EZSpec
c1a2d25
@seakayone
header
8f17f68
@seakayone seakayone force-pushed the refactor/introduce-administrative-permission-service branch from e806b4a to 8f17f68 Compare April 8, 2024 14:00
@seakayone seakayone marked this pull request as ready for review April 8, 2024 14:27
BalduinLandolt
BalduinLandolt approved these changes Apr 9, 2024
View reviewed changes
Copy link
Collaborator

@BalduinLandolt BalduinLandolt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

integration/src/test/scala/org/knora/webapi/core/LayersTest.scala
Comment on lines 88 to 96
ApiRoutes & AdminApiEndpoints & ApiV2Endpoints & AppRouter & AssetPermissionsResponder & Authenticator &
AuthorizationRestService & CacheServiceRequestMessageHandler & CardinalityHandler & ConstructResponseUtilV2 &
DspIngestClient & GravsearchTypeInspectionRunner & GroupsResponderADM & GroupsRestService & GroupService &
HttpServer & IIIFRequestMessageHandler & InferenceOptimizationService & IriConverter & ListsResponder &
HttpServer & IIIFRequestMessageHandler & InferenceOptimizationService & IriConverter & KnoraUserToUserConverter & ListsResponder &
ListsResponderV2 & MessageRelay & OntologyCache & OntologyHelpers & OntologyInferencer & OntologyRepo &
OntologyResponderV2 & PermissionUtilADM & PermissionsResponderADM & PermissionsRestService & ProjectExportService &
OntologyResponderV2 & PermissionUtilADM & PermissionsResponder & PermissionsRestService & ProjectExportService &
ProjectExportStorageService & ProjectImportService & ProjectService & ProjectRestService & QueryTraverser &
RepositoryUpdater & ResourceUtilV2 & ResourcesResponderV2 & RestCardinalityService & SearchApiRoutes &
SearchResponderV2 & StandoffResponderV2 & StandoffTagUtilV2 & State & TestClientService & TriplestoreService &
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: could we put those on one line each? Scalafmt doesn't do it automatically, but it doesn't undo it either, I think. And the diffs would be less nasty.

...rc/test/scala/org/knora/webapi/slice/admin/domain/service/KnoraUserToUserConverterSpec.scala
import org.knora.webapi.slice.admin.domain.model.UserStatus
import org.knora.webapi.slice.admin.domain.model.Username

object KnoraUserToUserConverterSpec extends E2EZSpec {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: in its nature, this test is not an end-to-end test. Should it really be derived from E2EZSpec?

webapi/src/main/scala/org/knora/webapi/core/LayersLive.scala
Comment on lines 75 to 82
CacheServiceRequestMessageHandler & CardinalityHandler & ConstructResponseUtilV2 &
GravsearchTypeInspectionRunner & GroupsResponderADM & GroupsRestService & GroupService & HttpServer &
IIIFRequestMessageHandler & InferenceOptimizationService & InstrumentationServerConfig & IriConverter &
JwtService & ListsResponder & ListsResponderV2 & MessageRelay & OntologyCache & OntologyHelpers &
OntologyInferencer & OntologyResponderV2 & PermissionsResponderADM & PermissionsRestService &
JwtService & KnoraUserToUserConverter & ListsResponder & ListsResponderV2 & MessageRelay & OntologyCache & OntologyHelpers &
OntologyInferencer & OntologyResponderV2 & PermissionsResponder & PermissionsRestService &
PermissionUtilADM & ProjectService & ProjectExportService & ProjectExportStorageService &
ProjectImportService & ProjectRestService & QueryTraverser & RepositoryUpdater & ResourcesResponderV2 &
ResourceUtilV2 & ResourceUtilV2 & RestCardinalityService & SearchApiRoutes &
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as above

webapi/src/main/scala/org/knora/webapi/slice/admin/api/AdminApiModule.scala
Comment on lines -41 to +45
AppConfig & AssetPermissionsResponder & AuthorizationRestService & BaseEndpoints & CacheService &
AppConfig & AdministrativePermissionService & AssetPermissionsResponder & AuthorizationRestService & BaseEndpoints & CacheService &
GroupsResponderADM & GroupService & HandlerMapper & KnoraProjectService & KnoraResponseRenderer &
KnoraUserService & KnoraUserToUserConverter & ListsResponder & MaintenanceService & OntologyCache &
PasswordService & PermissionsResponderADM & ProjectExportService & ProjectImportService & ProjectService &
PasswordService & PermissionsResponder & ProjectExportService & ProjectImportService & ProjectService &
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as above

mpro7
mpro7 approved these changes Apr 9, 2024
View reviewed changes
...pi/src/main/scala/org/knora/webapi/slice/admin/domain/service/KnoraUserToUserConverter.scala
Comment on lines +89 to +92
/* Follow the precedence rule:
1. ProjectAdmin > 2. CustomGroups > 3. ProjectMember > 4. KnownUser
Permissions are added following the precedence level from the highest to the lowest. As soon as one set
of permissions is written into the buffer, any additionally permissions do not need to be added. */
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest to move it to docsstring above, which will make it visible on function hover.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TBH, I was even considering to remove it. However it explains why the implementation below is how it is and I think that is the right place.

webapi/src/main/scala/org/knora/webapi/slice/admin/domain/service/GroupService.scala
Comment on lines -43 to -51
def toKnoraGroup(group: Group): KnoraGroup =
KnoraGroup(
id = GroupIri.unsafeFrom(group.id),
groupName = GroupName.unsafeFrom(group.name),
groupDescriptions = GroupDescriptions.unsafeFrom(group.descriptions),
status = GroupStatus.from(group.status),
belongsToProject = group.project.map(it => ProjectIri.unsafeFrom(it.id)),
hasSelfJoinEnabled = GroupSelfJoin.from(group.selfjoin),
)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you bring it back please? It is unused not, but will be soon - group slice WIP.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please readd it yourself when in use and ideally tested.

@seakayone seakayone merged commit 80ca581 into main Apr 9, 2024
11 checks passed
@seakayone seakayone deleted the refactor/introduce-administrative-permission-service branch April 9, 2024 12:18
@daschbot daschbot mentioned this pull request Apr 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mpro7 mpro7 mpro7 approved these changes

@BalduinLandolt BalduinLandolt BalduinLandolt approved these changes

@siers siers Awaiting requested review from siers siers is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@seakayone @mpro7 @BalduinLandolt