Accounts identified as connectors now bypass the review process and automatically publish assets. (#619)

* allow connectors to bypass the review workflow

* Add `platform_example` to `sdk-service` for developing connectors

Author: PGijsbers

authentication/import/aiod-realm.json

@@ -46,6 +46,14 @@
   "failureFactor" : 30,
   "roles" : {
     "realm" : [ {
+      "id" : "e08fe59a-cf81-451d-9f47-59141894dfc3",
+      "name" : "platform_example",
+      "description" : "Role for a connector which uploads assets from the \"example\" platform",
+      "composite" : false,
+      "clientRole" : false,
+      "containerId" : "3df7e07d-ebbd-41c4-bc0c-1ba0e1a40ac5",
+      "attributes" : { }
+    }, {
       "id" : "25a45d6d-fe0d-4855-945f-f5a27ec86ad0",
       "name" : "uma_authorization",
       "description" : "${role_uma_authorization}",
@@ -1416,7 +1424,7 @@
       "subType" : "authenticated",
       "subComponents" : { },
       "config" : {
-        "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper" ]
+        "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper" ]
       }
     }, {
       "id" : "10f8b9b2-1038-4c98-b7a5-a9ac88fed69e",
@@ -1458,7 +1466,7 @@
       "subType" : "anonymous",
       "subComponents" : { },
       "config" : {
-        "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper" ]
+        "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper" ]
       }
     }, {
       "id" : "1d21f027-e0ae-4b80-b95e-f21d9426f115",

authentication/import/aiod-users-0.json

@@ -37,6 +37,20 @@
     },
     "notBefore" : 0,
     "groups" : [ ]
+  }, {
+    "id" : "bbe1da8d-236c-40bb-9ca3-30d494b471cc",
+    "username" : "service-account-sdk-service",
+    "emailVerified" : false,
+    "createdTimestamp" : 1758277112410,
+    "enabled" : true,
+    "totp" : false,
+    "serviceAccountClientId" : "sdk-service",
+    "credentials" : [ ],
+    "disableableCredentialTypes" : [ ],
+    "requiredActions" : [ ],
+    "realmRoles" : [ "platform_example", "default-roles-aiod" ],
+    "notBefore" : 0,
+    "groups" : [ ]
   }, {
     "id" : "4a80f256-3928-4cfa-ba66-5e22bb36fc01",
     "username" : "user",
@@ -56,7 +70,7 @@
     } ],
     "disableableCredentialTypes" : [ ],
     "requiredActions" : [ ],
-    "realmRoles" : [ "default-roles-aiod"],
+    "realmRoles" : [ "default-roles-aiod" ],
     "notBefore" : 0,
     "groups" : [ ]
   } ]

src/routers/resource_router.py

@@ -513,6 +513,8 @@ def register_resource(
                         set_permission(
                             user, resource.aiod_entry, session, type_=PermissionType.ADMIN
                         )
+                        if user.is_connector:
+                            resource.aiod_entry.status = EntryStatus.PUBLISHED
                         session.commit()
                         return {"identifier": resource.identifier}
                     except Exception as e:

src/tests/routers/generic/test_router_post.py

@@ -2,6 +2,9 @@
 import pytest
 from starlette.testclient import TestClient
 
+from database.model.concept.aiod_entry import EntryStatus
+from database.model.knowledge_asset.publication import Publication
+from database.session import DbSession
 from tests.testutils.users import logged_in_user, kc_connector_with_roles
 from tests.routers.resource_routers.test_router_organisation import with_organisation_taxonomies
 from database.model.platform.platform_names import PlatformName
@@ -189,6 +192,24 @@ def test_connector_cannot_post_to_other_platform(
     assert response.json()["detail"] == "No permission to upload assets for aiod platform."
 
 
+def test_connector_uploads_bypass_review(client: TestClient, publication: Publication):
+    publication.platform = "example"
+    publication.platform_resource_identifier = "example_id"
+    with logged_in_user(kc_connector_with_roles()):
+        response = client.post(
+            "/publications",
+            content=publication.json(),
+            headers={"Authorization": "Fake token"}
+        )
+        assert response.status_code == HTTPStatus.OK, response.json()
+
+    identifier = response.json()["identifier"]
+    with DbSession() as session:
+        asset = session.get(Publication, identifier)
+        assert asset.aiod_entry.status == EntryStatus.PUBLISHED
+
+
+
 def test_taxonomy_is_enforced_for_user(
         client: TestClient,
         body_asset: dict