Merge pull request #190 from InseeFr/devNewRoleBangles

Add scheduler role permissions

Author: loichenninger

src/main/java/fr/insee/genesis/configuration/auth/security/ApplicationRole.java

@@ -5,6 +5,7 @@ public enum ApplicationRole {
     USER_KRAFTWERK,
     USER_PLATINE,
     COLLECT_PLATFORM,
+    SCHEDULER,
     READER
 }
 

src/main/java/fr/insee/genesis/configuration/auth/security/OIDCSecurityConfig.java

@@ -56,7 +56,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
             );
         }
         http
-                .authorizeHttpRequests(configurer -> configurer
+                .authorizeHttpRequests(configure -> configure
                         .requestMatchers(HttpMethod.GET,"/questionnaires/**").hasRole(String.valueOf(ApplicationRole.READER))
                         .requestMatchers(HttpMethod.GET,"/modes/**").hasRole(String.valueOf(ApplicationRole.READER))
                         .requestMatchers(HttpMethod.GET,"/interrogations/**").hasRole(String.valueOf(ApplicationRole.READER))

src/main/java/fr/insee/genesis/configuration/auth/security/RoleConfiguration.java

@@ -31,22 +31,27 @@ public class RoleConfiguration {
     @Value("#{'${app.role.collect-platform.claims}'.split(',')}")
     private List<String> collectPlatformClaims;
 
+    @Value("#{'${app.role.scheduler.claims}'.split(',')}")
+    private List<String> schedulerClaims;
+
     public Map<String, List<String>> getRolesByClaim() {
         return rolesByClaim;
     }
 
     private Map<String, List<String>> rolesByClaim;
 
     //Defines a role hierarchy
+    //For example if
     //ADMIN implies USER   role too
     //USER  implies READER role too
-    //so an admin has 2 roles: ADMIN/USER
+    //so an admin has 3 roles: ADMIN/USER/READER
     @Bean
     static RoleHierarchy roleHierarchy() {
         return RoleHierarchyImpl.withDefaultRolePrefix()
                 .role(ApplicationRole.ADMIN.toString()).implies(ApplicationRole.USER_KRAFTWERK.toString())
                 .role(ApplicationRole.ADMIN.toString()).implies(ApplicationRole.USER_PLATINE.toString())
                 .role(ApplicationRole.ADMIN.toString()).implies(ApplicationRole.COLLECT_PLATFORM.toString())
+                .role(ApplicationRole.ADMIN.toString()).implies(ApplicationRole.SCHEDULER.toString())
                 .role(ApplicationRole.USER_KRAFTWERK.toString()).implies(ApplicationRole.READER.toString())
                 .role(ApplicationRole.USER_PLATINE.toString()).implies(ApplicationRole.READER.toString())
                 .build();
@@ -65,31 +70,35 @@ public void initialization() {
 
         rolesByClaim = new HashMap<>();
 
-        // Ajout des claims pour le rôle ADMIN
+        // Add claims for the ADMIN role
         adminClaims.forEach(claim -> rolesByClaim
                 .computeIfAbsent(claim, k -> new ArrayList<>())
                 .add(String.valueOf(ApplicationRole.ADMIN)));
 
-        // Ajout des claims pour le rôle USER_KRAFTWERK
+        // Add claims for the USER_KRAFTWERK role
         userKraftwerkClaims.forEach(claim -> rolesByClaim
                 .computeIfAbsent(claim, k -> new ArrayList<>())
                 .add(String.valueOf(ApplicationRole.USER_KRAFTWERK)));
 
-        // Ajout des claims pour le rôle USER_PLATINE
+        // Ajout des claims pour le rôle USER_PLATINE role
         userPlatineClaims.forEach(claim -> rolesByClaim
                 .computeIfAbsent(claim, k -> new ArrayList<>())
                 .add(String.valueOf(ApplicationRole.USER_PLATINE)));
 
-        // Ajout des claims pour le rôle COLLECT_PLATFORM
+        // Add claims for the COLLECT_PLATFORM role
         collectPlatformClaims.forEach(claim -> rolesByClaim
                 .computeIfAbsent(claim, k -> new ArrayList<>())
                 .add(String.valueOf(ApplicationRole.COLLECT_PLATFORM)));
 
-        // Ajout des claims pour le rôle READER
+        // Add claims for the READER role
         readerClaims.forEach(claim -> rolesByClaim
                 .computeIfAbsent(claim, k -> new ArrayList<>())
                 .add(String.valueOf(ApplicationRole.READER)));
 
+        //Add claims for the SCHEDULER role
+        schedulerClaims.forEach(claim -> rolesByClaim
+                .computeIfAbsent(claim, k -> new ArrayList<>())
+                .add(String.valueOf(ApplicationRole.SCHEDULER)));
 
         log.info("Roles configuration : {}", rolesByClaim);
     }

src/main/java/fr/insee/genesis/controller/rest/ScheduleController.java

@@ -126,7 +126,7 @@ public ResponseEntity<Object> deleteSchedule(
 
     @Operation(summary = "Set last execution date with new date or empty")
     @PostMapping(path = "/setLastExecutionDate")
-    @PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("hasRole('SCHEDULER')")
     public ResponseEntity<Object> setSurveyLastExecution(
             @Parameter(description = "Survey name to call Kraftwerk on") @RequestBody String surveyName,
             @Parameter(description = "Date to save as last execution date", example = "2024-01-01T12:00:00") @RequestParam("newDate") LocalDateTime newDate
@@ -143,7 +143,7 @@ public ResponseEntity<Object> setSurveyLastExecution(
 
     @Operation(summary = "Delete expired schedules")
     @DeleteMapping(path = "/delete/expired-schedules")
-    @PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("hasRole('SCHEDULER')")
     public ResponseEntity<Object> deleteExpiredSchedules() throws NotFoundException, IOException {
         Set<String> storedSurveySchedulesNames = new HashSet<>();
         for(ScheduleModel scheduleModel : scheduleApiPort.getAllSchedules()){

src/main/java/fr/insee/genesis/controller/rest/UtilsController.java

@@ -48,7 +48,7 @@ public ResponseEntity<Object> saveResponsesFromXmlFile(@RequestParam("inputFolde
 
 	@Operation(summary = "Record volumetrics of each campaign in a folder")
 	@PutMapping(path = "/volumetrics/save-all-campaigns")
-	@PreAuthorize("hasRole('ADMIN')")
+	@PreAuthorize("hasRole('SCHEDULER')")
 	public ResponseEntity<Object> saveVolumetry() throws IOException {
 		volumetryLogService.writeVolumetries(surveyUnitService);
 		volumetryLogService.cleanOldFiles();

src/main/java/fr/insee/genesis/controller/rest/responses/ResponseController.java

@@ -160,7 +160,7 @@ public ResponseEntity<Object> saveResponsesFromXmlCampaignFolder(@RequestParam("
     //SAVE ALL
     @Operation(summary = "Save all files to Genesis Database (differential data folder only), regardless of the campaign")
     @PutMapping(path = "/lunatic-xml/save-all-campaigns")
-    @PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("hasRole('SCHEDULER')")
     public ResponseEntity<Object> saveResponsesFromAllCampaignFolders(){
         List<GenesisError> errors = new ArrayList<>();
         List<File> campaignFolders = fileUtils.listAllSpecsFolders();

src/main/resources/application-dev.properties

@@ -21,4 +21,5 @@ app.role.admin.claims=***
 app.role.user-kraftwerk.claims=***
 app.role.user-platine.claims=***
 app.role.reader.claims=***
-app.role.collect-platform.claims=***
+app.role.collect-platform.claims=***
+app.role.scheduler.claims=***

src/main/resources/application-preprod.properties

@@ -21,4 +21,5 @@ app.role.admin.claims=***
 app.role.user-kraftwerk.claims=***
 app.role.user-platine.claims=***
 app.role.reader.claims=***
-app.role.collect-platform.claims=***
+app.role.collect-platform.claims=***
+app.role.scheduler.claims=***

src/main/resources/application-prod.properties

@@ -21,4 +21,5 @@ app.role.admin.claims=***
 app.role.user-kraftwerk.claims=***
 app.role.user-platine.claims=***
 app.role.reader.claims=***
-app.role.collect-platform.claims=***
+app.role.collect-platform.claims=***
+app.role.scheduler.claims=***

src/main/resources/application-test-cucumber.properties

@@ -7,6 +7,7 @@ app.role.user-kraftwerk.claims=utilisateur_Kraftwerk
 app.role.user-platine.claims=utilisateur_Platine
 app.role.reader.claims=lecteur_traiter
 app.role.collect-platform.claims=protools
+app.role.scheduler.claims=scheduler_traiter
 
 logging.file.name = /logs/genesis-api.log