Merge pull request #3964 from HejdaJakub/st-1029_embedded_groups_extension

feat: allow embedded group form item in group applications

Author: HejdaJakub

perun-base/src/main/java/cz/metacentrum/perun/core/api/exceptions/FormItemNotExistsException.java

@@ -0,0 +1,35 @@
+package cz.metacentrum.perun.core.api.exceptions;
+
+/**
+ * This exception is thrown when the form item does not exist in any application form
+ *
+ * @author Jakub Hejda <[email protected]>
+ */
+public class FormItemNotExistsException extends PerunException {
+	static final long serialVersionUID = 0;
+
+	/**
+	 * Simple constructor with a message
+	 * @param message message with details about the cause
+	 */
+	public FormItemNotExistsException(String message) {
+		super(message);
+	}
+
+	/**
+	 * Constructor with a message and Throwable object
+	 * @param message message with details about the cause
+	 * @param cause Throwable that caused throwing of this exception
+	 */
+	public FormItemNotExistsException(String message, Throwable cause) {
+		super(message, cause);
+	}
+
+	/**
+	 * Constructor with a Throwable object
+	 * @param cause Throwable that caused throwing of this exception
+	 */
+	public FormItemNotExistsException(Throwable cause) {
+		super(cause);
+	}
+}

perun-base/src/main/java/cz/metacentrum/perun/core/api/exceptions/GroupIsNotASubgroupException.java

@@ -0,0 +1,39 @@
+package cz.metacentrum.perun.core.api.exceptions;
+
+/**
+ * Exception thrown when relation of two groups as parent-sub should exist, but does not.
+ *
+ * @author Dominik Frantisek Bucik <[email protected]>
+ */
+public class GroupIsNotASubgroupException extends PerunException {
+
+	/**
+	 * Constructor without arguments
+	 */
+	public GroupIsNotASubgroupException() {}
+
+	/**
+	 * Simple constructor with a message
+	 * @param message message with details about the cause
+	 */
+	public GroupIsNotASubgroupException(String message) {
+		super(message);
+	}
+
+	/**
+	 * Constructor with a message and Throwable object
+	 * @param message message with details about the cause
+	 * @param cause Throwable that caused throwing of this exception
+	 */
+	public GroupIsNotASubgroupException(String message, Throwable cause) {
+		super(message, cause);
+	}
+
+	/**
+	 * Constructor with a Throwable object
+	 * @param cause Throwable that caused throwing of this exception
+	 */
+	public GroupIsNotASubgroupException(Throwable cause) {
+		super(cause);
+	}
+}

perun-base/src/main/java/cz/metacentrum/perun/registrar/model/ApplicationFormItem.java

@@ -248,8 +248,8 @@ public static enum Type {
 		 */
 		TIMEZONE,
 		/**
-		 * Special type for specifying if will be allowed to register to group(s) through VO application form. This type
-		 * is represented by standard HTML checkbox.
+		 * Special type for specifying if it will be allowed to register to group(s) through single application form.
+		 * This type is represented by standard HTML checkbox.
 		 */
 		EMBEDDED_GROUP_APPLICATION,
 		/**

perun-base/src/main/resources/perun-roles.yml

@@ -2465,6 +2465,27 @@ perun_policies:
     include_policies:
       - default_policy
 
+  getAllGroupsForAutoRegistration_policy:
+    policy_roles: []
+    include_policies:
+      - default_policy
+
+  getGroupsForAutoRegistration_Vo_ApplicationFormItem_policy:
+    policy_roles:
+      - VOADMIN: Vo
+      - VOOBSERVER: Vo
+    include_policies:
+      - default_policy
+
+  getGroupsForAutoRegistration_Group_ApplicationFormItem_policy:
+    policy_roles:
+      - VOADMIN: Vo
+      - VOOBSERVER: Vo
+      - GROUPADMIN: Group
+      - GROUPOBSERVER: Group
+    include_policies:
+      - default_policy
+
   deleteGroupsFromAutoRegistration_List<Group>_policy:
     policy_roles:
       - GROUPADMIN: Group
@@ -2475,6 +2496,26 @@ perun_policies:
       - MFA: Group
       - MFA: Vo
 
+  deleteGroupsFromAutoRegistration_List<Group>_ApplicationFormItem_policy:
+    policy_roles:
+      - GROUPADMIN: Group
+      - VOADMIN: Vo
+    include_policies:
+      - default_policy
+    mfa_rules:
+      - MFA: Group
+      - MFA: Vo
+
+  deleteGroupsFromAutoRegistration_List<Group>_Group_ApplicationFormItem_policy:
+    policy_roles:
+      - GROUPADMIN: Group
+      - VOADMIN: Vo
+    include_policies:
+      - default_policy
+    mfa_rules:
+      - MFA: Group
+      - MFA: Vo
+
   addGroupsToAutoRegistration_List<Group>_policy:
     policy_roles:
       - GROUPADMIN: Group
@@ -2485,6 +2526,26 @@ perun_policies:
       - MFA: Group
       - MFA: Vo
 
+  addGroupsToAutoRegistration_List<Group>_ApplicationFormItem_policy:
+    policy_roles:
+      - GROUPADMIN: Group
+      - VOADMIN: Vo
+    include_policies:
+      - default_policy
+    mfa_rules:
+      - MFA: Group
+      - MFA: Vo
+
+  addGroupsToAutoRegistration_List<Group>_Group_ApplicationFormItem_policy:
+    policy_roles:
+      - GROUPADMIN: Group
+      - VOADMIN: Vo
+    include_policies:
+      - default_policy
+    mfa_rules:
+      - MFA: Group
+      - MFA: Vo
+
   getIndirectMembershipPaths_Member_Group_policy:
     policy_roles:
       - VOOBSERVER: Vo

perun-base/src/test/resources/test-schema.sql

@@ -1,4 +1,4 @@
--- database version 3.2.13 (don't forget to update insert statement at the end of file)
+-- database version 3.2.14 (don't forget to update insert statement at the end of file)
 CREATE EXTENSION IF NOT EXISTS "unaccent";
 CREATE EXTENSION IF NOT EXISTS "pgcrypto";
 
@@ -1616,8 +1616,16 @@ create table authz (
 );
 
 create table groups_to_register (
-						group_id integer,
-						constraint grpreg_group_fk foreign key (group_id) references groups(id) on delete cascade
+	  group_id integer,
+	  constraint grpreg_group_fk foreign key (group_id) references groups(id) on delete cascade
+);
+
+create table auto_registration_groups (
+	  group_id integer not null,
+	  application_form_item_id integer not null,
+	  constraint auto_reg_grps_group_fk foreign key (group_id) references groups(id) on delete cascade,
+	  constraint auto_reg_grps_app_forms_fk foreign key (application_form_item_id) references application_form_items(id) on delete cascade,
+	  constraint auto_reg_grps_grp_app_form_u unique (group_id, application_form_item_id)
 );
 
 create type consent_status as enum (
@@ -1732,6 +1740,7 @@ create unique index idx_grp_nam_vo_parentg_u on groups (name,vo_id,coalesce(pare
 create index idx_namespace on attr_names(namespace);
 create index idx_authz_user_role_id on authz (user_id,role_id);
 create index idx_authz_authz_group_role_id on authz (authorized_group_id,role_id);
+create index idx_auto_reg_grps_grp_app_form on auto_registration_groups (group_id,application_form_item_id);
 create index idx_fk_cabthank_pub on cabinet_thanks(publicationid);
 create index idx_fk_conhubfac_ch on consent_hubs_facilities(consent_hub_id);
 create index idx_fk_conhubfac_fac on consent_hubs_facilities(facility_id);
@@ -1896,7 +1905,7 @@ create index idx_fk_attr_critops ON attribute_critical_actions(attr_id);
 create index app_state_idx ON application (state);
 
 -- set initial Perun DB version
-insert into configurations values ('DATABASE VERSION','3.2.13');
+insert into configurations values ('DATABASE VERSION','3.2.14');
 -- insert membership types
 insert into membership_types (id, membership_type, description) values (1, 'DIRECT', 'Member is directly added into group');
 insert into membership_types (id, membership_type, description) values (2, 'INDIRECT', 'Member is added indirectly through UNION relation');

perun-core/src/main/java/cz/metacentrum/perun/core/bl/GroupsManagerBl.java

@@ -24,6 +24,7 @@
 import cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException;
 import cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException;
 import cz.metacentrum.perun.core.api.exceptions.ExtendMembershipException;
+import cz.metacentrum.perun.core.api.exceptions.FormItemNotExistsException;
 import cz.metacentrum.perun.core.api.exceptions.GroupAlreadyRemovedException;
 import cz.metacentrum.perun.core.api.exceptions.GroupAlreadyRemovedFromResourceException;
 import cz.metacentrum.perun.core.api.exceptions.GroupExistsException;
@@ -51,6 +52,7 @@
 import cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException;
 import cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException;
 import cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException;
+import cz.metacentrum.perun.registrar.model.ApplicationFormItem;
 
 import java.util.List;
 import java.util.Map;
@@ -2036,6 +2038,35 @@ public interface GroupsManagerBl {
 	 */
 	List<Group> getGroupsForAutoRegistration(PerunSession sess, Vo vo);
 
+	/**
+	 * Returns all groups which can be registered into during any vo registration.
+	 * This method serves only for migration to new functionality related to the new table.
+	 *
+	 * @param sess session
+	 * @return list of groups
+	 */
+	List<Group> getAllGroupsForAutoRegistration(PerunSession sess);
+
+	/**
+	 * Returns all groups which can be registered into during vo registration.
+	 *
+	 * @param sess session
+	 * @param vo vo
+	 * @param formItem application form item
+	 * @return list of groups
+	 */
+	List<Group> getGroupsForAutoRegistration(PerunSession sess, Vo vo, ApplicationFormItem formItem);
+
+	/**
+	 * Returns all groups which can be registered into during group registration.
+	 *
+	 * @param sess session
+	 * @param registrationGroup group
+	 * @param formItem application form item
+	 * @return list of groups
+	 */
+	List<Group> getGroupsForAutoRegistration(PerunSession sess, Group registrationGroup, ApplicationFormItem formItem);
+
 	/**
 	 * Deletes groups from a list of groups which can be registered into during vo registration.
 	 *
@@ -2044,6 +2075,15 @@ public interface GroupsManagerBl {
 	 */
 	void deleteGroupsFromAutoRegistration(PerunSession sess, List<Group> groups);
 
+	/**
+	 * Deletes groups from a list of groups which can be registered into during vo or group registration.
+	 *
+	 * @param sess session
+	 * @param groups list of groups
+	 * @param formItem application form item
+	 */
+	void deleteGroupsFromAutoRegistration(PerunSession sess, List<Group> groups, ApplicationFormItem formItem) throws FormItemNotExistsException;
+
 	/**
 	 * Adds groups to a list of groups which can be registered into during vo registration.
 	 * This will NOT create empty application form for groups and will throw exception if none exists.
@@ -2054,6 +2094,17 @@ public interface GroupsManagerBl {
 	 */
 	void addGroupsToAutoRegistration(PerunSession sess, List<Group> groups) throws GroupNotAllowedToAutoRegistrationException;
 
+	/**
+	 * Adds groups to a list of groups which can be registered into during vo or group registration.
+	 * This will NOT create empty application form for groups and will throw exception if none exists.
+	 *
+	 * @param sess session
+	 * @param groups list of groups
+	 * @param formItem application form item
+	 * @throws GroupNotAllowedToAutoRegistrationException if given group cannot be added to auto registration
+	 */
+	void addGroupsToAutoRegistration(PerunSession sess, List<Group> groups, ApplicationFormItem formItem) throws GroupNotAllowedToAutoRegistrationException, FormItemNotExistsException;
+
 	/**
 	 * Get unique paths of groups via which member is indirectly included to the group.
 	 * Cuts off after first included group.
@@ -2066,12 +2117,21 @@ public interface GroupsManagerBl {
 	List<List<Group>> getIndirectMembershipPaths(PerunSession sess, Member member, Group group) throws MemberNotExistsException, GroupNotExistsException;
 
 	/**
-	 *  Check if group has automatic registration enabled.
+	 *  Check if group has automatic registration enabled in any form item.
+	 *
+	 * @param sess session
+	 * @param group group to check
+	 */
+	boolean isGroupForAnyAutoRegistration(PerunSession sess, Group group);
+
+	/**
+	 *  Check if group has automatic registration enabled in the given form item.
 	 *
 	 * @param sess session
 	 * @param group group to check
+	 * @param formItems form items for which the group can be configured
 	 */
-	boolean isGroupForAutoRegistration(PerunSession sess, Group group);
+	boolean isGroupForAutoRegistration(PerunSession sess, Group group, List<Integer> formItems);
 
 	/**
 	 * Creates enrichedGroup from given group and load attributes with given names.
@@ -2130,4 +2190,5 @@ public interface GroupsManagerBl {
 	 * @return list of allowed groups to hierarchical VO
 	 */
 	List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo, Vo memberVo);
+
 }