Skip to content
This repository was archived by the owner on Sep 16, 2024. It is now read-only.

Commit 8f77938

Browse files
rjrudinrjrudin
committed
#119 New Makeig-ian set of users and roles
1 parent da28f71 commit 8f77938

File tree

2 files changed

+103
-18
lines changed

2 files changed

+103
-18
lines changed

src/main/java/com/marklogic/appdeployer/scaffold/ScaffoldGenerator.java

Lines changed: 95 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -66,32 +66,113 @@ protected ObjectNode buildRestPropertiesJson(AppConfig config) {
6666
protected void generateSecurityFiles(File configDir, AppConfig config) {
6767
File rolesDir = new File(configDir, "security/roles");
6868
rolesDir.mkdirs();
69-
writeFile(buildAppRole(config), new File(rolesDir, config.getName() + "-role.json"));
69+
writeFile(buildNobodyRole(config), new File(rolesDir, "1-" + config.getName() + "-nobody-role.json"));
70+
writeFile(buildReaderRole(config), new File(rolesDir, "2-" + config.getName() + "-reader-role.json"));
71+
writeFile(buildWriterRole(config), new File(rolesDir, "3-" + config.getName() + "-writer-role.json"));
72+
writeFile(buildInternalRole(config), new File(rolesDir, "4-" + config.getName() + "-internal-role.json"));
73+
writeFile(buildAdminRole(config), new File(rolesDir, "5-" + config.getName() + "-admin-role.json"));
7074

7175
File usersDir = new File(configDir, "security/users");
7276
usersDir.mkdirs();
73-
writeFile(buildAppUser(config), new File(usersDir, config.getName() + "-user.json"));
77+
writeFile(buildReaderUser(config), new File(usersDir, config.getName() + "-reader-user.json"));
78+
writeFile(buildWriterUser(config), new File(usersDir, config.getName() + "-writer-user.json"));
79+
writeFile(buildAdminUser(config), new File(usersDir, config.getName() + "-admin-user.json"));
7480
}
7581

76-
protected ObjectNode buildAppRole(AppConfig config) {
82+
protected ObjectNode buildNobodyRole(AppConfig config) {
83+
ObjectNode node = objectMapper.createObjectNode();
84+
node.put("role-name", config.getName() + "-nobody");
85+
node.put("description", "Unauthenticated user");
86+
node.putArray("role");
87+
return node;
88+
}
89+
90+
protected ObjectNode buildReaderRole(AppConfig config) {
91+
ObjectNode node = objectMapper.createObjectNode();
92+
node.put("role-name", config.getName() + "-reader");
93+
node.put("description", "Can view documents, but not edit");
94+
ArrayNode array = node.putArray("role");
95+
array.add("rest-reader");
96+
array.add(config.getName() + "-nobody");
97+
return node;
98+
}
99+
100+
protected ObjectNode buildWriterRole(AppConfig config) {
101+
ObjectNode node = objectMapper.createObjectNode();
102+
node.put("role-name", config.getName() + "-writer");
103+
node.put("description", "Can read and write documents");
104+
ArrayNode array = node.putArray("role");
105+
array.add("rest-writer");
106+
array.add(config.getName() + "-reader");
107+
array = node.putArray("privilege");
108+
array.add(buildPrivilege("any-uri", "http://marklogic.com/xdmp/privileges/any-uri", "execute"));
109+
array.add(buildPrivilege("unprotected-collections", "http://marklogic.com/xdmp/privileges/unprotected-collections", "execute"));
110+
return node;
111+
}
112+
113+
protected ObjectNode buildInternalRole(AppConfig config) {
114+
ObjectNode node = objectMapper.createObjectNode();
115+
node.put("role-name", config.getName() + "-internal");
116+
node.put("description", "Internal role used for amping");
117+
ArrayNode array = node.putArray("role");
118+
array.add(config.getName() + "-writer");
119+
return node;
120+
}
121+
122+
protected ObjectNode buildAdminRole(AppConfig config) {
123+
ObjectNode node = objectMapper.createObjectNode();
124+
node.put("role-name", config.getName() + "-admin");
125+
node.put("description", "Non-admin administrator");
126+
ArrayNode array = node.putArray("role");
127+
array.add("rest-admin");
128+
array.add("manage-admin");
129+
array.add(config.getName() + "-writer");
130+
array = node.putArray("privilege");
131+
array.add(buildPrivilege("any-uri", "http://marklogic.com/xdmp/privileges/any-uri", "execute"));
132+
array.add(buildPrivilege("xdbc:insert-in", "http://marklogic.com/xdmp/privileges/xdbc-insert-in", "execute"));
133+
array.add(buildPrivilege("xdmp:eval-in", "http://marklogic.com/xdmp/privileges/xdmp-eval-in", "execute"));
134+
return node;
135+
}
136+
137+
protected ObjectNode buildPrivilege(String name, String action, String kind) {
138+
ObjectNode node = objectMapper.createObjectNode();
139+
node.put("privilege-name", name);
140+
node.put("action", action);
141+
node.put("kind", kind);
142+
return node;
143+
}
144+
145+
protected ObjectNode buildReaderUser(AppConfig config) {
77146
ObjectNode node = objectMapper.createObjectNode();
78-
node.put("role-name", config.getName() + "-role");
79-
ArrayNode array = node.putArray("role");
80-
array.add("rest-writer");
81-
return node;
82-
}
83-
84-
protected ObjectNode buildAppUser(AppConfig config) {
85-
ObjectNode node = objectMapper.createObjectNode();
86-
String name = config.getName() + "-user";
147+
String name = config.getName() + "-reader";
87148
node.put("user-name", name);
88149
node.put("password", name);
89150
ArrayNode roles = node.putArray("role");
90-
roles.add(config.getName() + "-role");
151+
roles.add(config.getName() + "-reader");
91152
return node;
92153
}
93154

94-
protected void generateRestApiFile(File configDir, AppConfig config) {
155+
protected ObjectNode buildWriterUser(AppConfig config) {
156+
ObjectNode node = objectMapper.createObjectNode();
157+
String name = config.getName() + "-writer";
158+
node.put("user-name", name);
159+
node.put("password", name);
160+
ArrayNode roles = node.putArray("role");
161+
roles.add(config.getName() + "-writer");
162+
return node;
163+
}
164+
165+
protected ObjectNode buildAdminUser(AppConfig config) {
166+
ObjectNode node = objectMapper.createObjectNode();
167+
String name = config.getName() + "-admin";
168+
node.put("user-name", name);
169+
node.put("password", name);
170+
ArrayNode roles = node.putArray("role");
171+
roles.add(config.getName() + "-admin");
172+
return node;
173+
}
174+
175+
protected void generateRestApiFile(File configDir, AppConfig config) {
95176
writeFile(buildRestApiJson(config).getBytes(), new File(configDir, "rest-api.json"));
96177
}
97178

src/test/java/com/marklogic/appdeployer/scaffold/GenerateScaffoldTest.java

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -44,8 +44,14 @@ public void generateScaffoldAndThenDeploy() {
4444
assertTrue(dbMgr.exists(appConfig.getContentDatabaseName()));
4545
assertTrue(dbMgr.exists(appConfig.getTriggersDatabaseName()));
4646

47-
assertTrue(new UserManager(manageClient).exists("sample-app-user"));
48-
assertTrue(new RoleManager(manageClient).exists("sample-app-role"));
47+
assertTrue(new UserManager(manageClient).exists("sample-app-reader"));
48+
assertTrue(new UserManager(manageClient).exists("sample-app-writer"));
49+
assertTrue(new UserManager(manageClient).exists("sample-app-admin"));
50+
assertTrue(new RoleManager(manageClient).exists("sample-app-nobody"));
51+
assertTrue(new RoleManager(manageClient).exists("sample-app-reader"));
52+
assertTrue(new RoleManager(manageClient).exists("sample-app-writer"));
53+
assertTrue(new RoleManager(manageClient).exists("sample-app-internal"));
54+
assertTrue(new RoleManager(manageClient).exists("sample-app-admin"));
4955
} finally {
5056
undeploySampleApp();
5157
}
@@ -56,8 +62,6 @@ private void assertConfigFilesAreCreated(File dir) {
5662
assertTrue(configDir.exists());
5763
assertTrue(new File(configDir, "rest-api.json").exists());
5864
assertTrue(new File(configDir, "databases/content-database.json").exists());
59-
assertTrue(new File(configDir, "security/roles/sample-app-role.json").exists());
60-
assertTrue(new File(configDir, "security/users/sample-app-user.json").exists());
6165
}
6266

6367
private void assertModulesFilesAreCreated(File dir) {

0 commit comments

Comments
 (0)