Merge pull request #2098 from objectcomputing/develop

Admin permissions permission and remove guild restriction

Author: mkimberlin

server/src/main/java/com/objectcomputing/checkins/security/permissions/Permissions.java

@@ -8,6 +8,7 @@ public enum Permissions {
     CAN_DELETE_ORGANIZATION_MEMBERS,
     CAN_CREATE_ORGANIZATION_MEMBERS,
     CAN_VIEW_ROLE_PERMISSIONS,
+    CAN_ASSIGN_ROLE_PERMISSIONS,
     CAN_VIEW_PERMISSIONS,
     CAN_VIEW_SKILLS_REPORT,
     CAN_VIEW_RETENTION_REPORT,

server/src/main/java/com/objectcomputing/checkins/services/permissions/PermissionRepository.java

@@ -24,7 +24,9 @@ public interface PermissionRepository extends CrudRepository<Permission, UUID> {
             "    ON permissions.id = role_permissions.permissionid " +
             "WHERE member_profile.id = :id")
     List<Permission> findUserPermissions(UUID id);
-    
+
+    List<Permission> findByPermission(String permission);
+
     @NonNull
     List<Permission> findAll();
 

server/src/main/java/com/objectcomputing/checkins/services/role/role_permissions/RolePermissionController.java

@@ -4,10 +4,7 @@
 import com.objectcomputing.checkins.services.permissions.RequiredPermission;
 import io.micronaut.http.HttpResponse;
 import io.micronaut.http.MediaType;
-import io.micronaut.http.annotation.Consumes;
-import io.micronaut.http.annotation.Controller;
-import io.micronaut.http.annotation.Get;
-import io.micronaut.http.annotation.Produces;
+import io.micronaut.http.annotation.*;
 import io.micronaut.scheduling.TaskExecutors;
 import io.micronaut.security.annotation.Secured;
 import io.micronaut.security.rules.SecurityRule;
@@ -18,7 +15,9 @@
 import reactor.core.scheduler.Scheduler;
 import reactor.core.scheduler.Schedulers;
 
+import javax.validation.Valid;
 import java.util.List;
+import java.util.UUID;
 import java.util.concurrent.ExecutorService;
 
 @Secured(SecurityRule.IS_AUTHENTICATED)
@@ -47,11 +46,34 @@ public RolePermissionController(RolePermissionServices rolePermissionServices,
      */
     @RequiredPermission(Permissions.CAN_VIEW_ROLE_PERMISSIONS)
     @Get
-    public Mono<HttpResponse<List<RolePermissionResponseDTO>>> getAllRolePermissions() {
+    public Mono<HttpResponse<List<RolePermissionsResponseDTO>>> getAllRolePermissions() {
 
         return Mono.fromCallable(rolePermissionServices::findAll)
                 .publishOn(Schedulers.fromExecutor(eventLoopGroup))
-                .map(rolePermissions -> (HttpResponse<List<RolePermissionResponseDTO>>) HttpResponse.ok(rolePermissions))
+                .map(rolePermissions -> (HttpResponse<List<RolePermissionsResponseDTO>>) HttpResponse.ok(rolePermissions))
                 .subscribeOn(scheduler);
     }
+
+    @RequiredPermission(Permissions.CAN_ASSIGN_ROLE_PERMISSIONS)
+    @Post("/")
+    public Mono<HttpResponse<RolePermissionDTO>> save(@Body @Valid RolePermissionDTO rolePermission) {
+        return Mono.fromCallable(() -> rolePermissionServices.save(rolePermission.getRoleId(), rolePermission.getPermissionId()))
+                .publishOn(Schedulers.fromExecutor(eventLoopGroup))
+                .map(savedRolePermission -> (HttpResponse<RolePermissionDTO>) HttpResponse
+                        .created(fromEntity(savedRolePermission)))
+                .subscribeOn(scheduler);
+    }
+
+    @RequiredPermission(Permissions.CAN_ASSIGN_ROLE_PERMISSIONS)
+    @Delete("/")
+    public Mono<HttpResponse> delete(@Body RolePermissionDTO dto) {
+
+        return Mono.fromRunnable(() -> rolePermissionServices.delete(dto.getRoleId(), dto.getPermissionId()))
+                .publishOn(Schedulers.fromExecutor(eventLoopGroup))
+                .subscribeOn(scheduler).thenReturn(HttpResponse.ok());
+    }
+
+    private RolePermissionDTO fromEntity(RolePermission rolePermission) {
+        return new RolePermissionDTO(rolePermission.getRoleId(), rolePermission.getPermissionId());
+    }
 }

server/src/main/java/com/objectcomputing/checkins/services/role/role_permissions/RolePermissionDTO.java

@@ -0,0 +1,49 @@
+package com.objectcomputing.checkins.services.role.role_permissions;
+
+import io.micronaut.core.annotation.Introspected;
+import io.swagger.v3.oas.annotations.media.Schema;
+
+import javax.validation.constraints.NotNull;
+import java.util.UUID;
+
+@Introspected
+public class RolePermissionDTO {
+
+    @NotNull
+    @Schema(description = "id of the role", required = true)
+    private UUID roleId;
+
+    @NotNull
+    @Schema(description = "id of the permission", required = true)
+    private UUID permissionId;
+
+    public RolePermissionDTO(UUID roleId, UUID permissionId) {
+        this.roleId = roleId;
+        this.permissionId = permissionId;
+    }
+
+    public UUID getRoleId() {
+        return roleId;
+    }
+
+    public void setRoleId(UUID roleId) {
+        this.roleId = roleId;
+    }
+
+    public UUID getPermissionId() {
+        return permissionId;
+    }
+
+    public void setPermissionId(UUID permissionId) {
+        this.permissionId = permissionId;
+    }
+
+    @Override
+    public String toString() {
+        final StringBuilder sb = new StringBuilder("RolePermissionCreateDTO{");
+        sb.append("roleId=").append(roleId);
+        sb.append(", permissionId=").append(permissionId);
+        sb.append('}');
+        return sb.toString();
+    }
+}

server/src/main/java/com/objectcomputing/checkins/services/role/role_permissions/RolePermissionRepository.java

@@ -16,7 +16,17 @@ public interface RolePermissionRepository extends CrudRepository<RolePermission,
             "    (roleid, permissionid) " +
             "VALUES " +
             "    (:roleid, :permissionid)")
-    RolePermission saveByIds(UUID roleid, UUID permissionid);
+    void saveByIds(String roleid, String permissionid);
+
+    @Query("SELECT * from role_permissions " +
+            "WHERE roleid = :roleid " +
+            "AND permissionid = :permissionid")
+    List<RolePermission> findByIds(String roleid, String permissionid);
+
+    @Query("DELETE FROM role_permissions " +
+            "WHERE roleid = :roleid " +
+            "AND permissionid = :permissionid")
+    void deleteByIds(String roleid, String permissionid);
 
     @NonNull
     List<RolePermission> findAll();

server/src/main/java/com/objectcomputing/checkins/services/role/role_permissions/RolePermissionServices.java

@@ -1,7 +1,12 @@
 package com.objectcomputing.checkins.services.role.role_permissions;
 
 import java.util.List;
+import java.util.UUID;
 
 public interface RolePermissionServices {
-    List<RolePermissionResponseDTO> findAll();
+    List<RolePermissionsResponseDTO> findAll();
+
+    RolePermission save(UUID roleId, UUID permissionId);
+
+    void delete(UUID roleId, UUID permissionId);
 }

server/src/main/java/com/objectcomputing/checkins/services/role/role_permissions/RolePermissionServicesImpl.java

@@ -9,6 +9,7 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
+import java.util.UUID;
 
 @Singleton
 public class RolePermissionServicesImpl implements RolePermissionServices {
@@ -25,8 +26,8 @@ public RolePermissionServicesImpl(RolePermissionRepository rolePermissionReposit
         this.permissionServices = permissionServices;
     }
 
-    public List<RolePermissionResponseDTO> findAll() {
-        List<RolePermissionResponseDTO> roleInfo = new ArrayList<>();
+    public List<RolePermissionsResponseDTO> findAll() {
+        List<RolePermissionsResponseDTO> roleInfo = new ArrayList<>();
         List<RolePermission> records =  rolePermissionRepository.findAll();
         List<Role> roles = roleServices.findAllRoles();
         List<Permission> permissions = permissionServices.findAll();
@@ -40,14 +41,26 @@ public List<RolePermissionResponseDTO> findAll() {
                 }
             }
 
-            RolePermissionResponseDTO rolePermissionResponseDTO = new RolePermissionResponseDTO();
-            rolePermissionResponseDTO.setRoleId(role.getId());
-            rolePermissionResponseDTO.setRole(role.getRole());
-            rolePermissionResponseDTO.setDescription(role.getDescription());
-            rolePermissionResponseDTO.setPermissions(permissionsAssociatedWithRole);
-            roleInfo.add(rolePermissionResponseDTO);
+            RolePermissionsResponseDTO rolePermissionsResponseDTO = new RolePermissionsResponseDTO();
+            rolePermissionsResponseDTO.setRoleId(role.getId());
+            rolePermissionsResponseDTO.setRole(role.getRole());
+            rolePermissionsResponseDTO.setDescription(role.getDescription());
+            rolePermissionsResponseDTO.setPermissions(permissionsAssociatedWithRole);
+            roleInfo.add(rolePermissionsResponseDTO);
         }
 
         return roleInfo;
     }
+
+    @Override
+    public RolePermission save(UUID roleId, UUID permissionId) {
+        rolePermissionRepository.saveByIds(roleId.toString(), permissionId.toString());
+        RolePermission saved = rolePermissionRepository.findByIds(roleId.toString(), permissionId.toString()).get(0);
+        return saved;
+    }
+
+    @Override
+    public void delete(UUID roleId, UUID permissionId) {
+        rolePermissionRepository.deleteByIds(roleId.toString(), permissionId.toString());
+    }
 }

…rmissions/RolePermissionResponseDTO.java …missions/RolePermissionsResponseDTO.javaserver/src/main/java/com/objectcomputing/checkins/services/role/role_permissions/RolePermissionResponseDTO.java renamed to server/src/main/java/com/objectcomputing/checkins/services/role/role_permissions/RolePermissionsResponseDTO.java server/src/main/java/com/objectcomputing/checkins/services/role/role_permissions/RolePermissionResponseDTO.java renamed to server/src/main/java/com/objectcomputing/checkins/services/role/role_permissions/RolePermissionsResponseDTO.java

@@ -10,7 +10,7 @@
 import java.util.UUID;
 
 @Introspected
-public class RolePermissionResponseDTO {
+public class RolePermissionsResponseDTO {
 
     @NotNull
     @Schema(description = "id of the role", required = true)

server/src/main/resources/db/dev/R__Load_testing_data.sql

@@ -576,6 +576,11 @@ insert into permissions
 values
     ('1fd790d9-df9a-4201-818b-3a9ac5e5be3b', 'CAN_VIEW_ROLE_PERMISSIONS');
 
+insert into permissions
+    (id, permission)
+values
+    ('ba001065-bfef-41cc-a03d-6e168ba1c244', 'CAN_ASSIGN_ROLE_PERMISSIONS');
+
 insert into permissions
 (id, permission)
 values
@@ -659,6 +664,11 @@ insert into role_permissions
 values
     ('e8a4fff8-e984-4e59-be84-a713c9fa8d23', '1fd790d9-df9a-4201-818b-3a9ac5e5be3b'); -- CAN_VIEW_ROLE_PERMISSIONS
 
+insert into role_permissions
+    (roleid, permissionid)
+values
+    ('e8a4fff8-e984-4e59-be84-a713c9fa8d23', 'ba001065-bfef-41cc-a03d-6e168ba1c244'); -- CAN_ASSIGN_ROLE_PERMISSIONS
+
 insert into role_permissions
     (roleid, permissionid)
 values

server/src/test/java/com/objectcomputing/checkins/services/fixture/PermissionFixture.java

@@ -50,7 +50,8 @@ public interface PermissionFixture extends RepositoryFixture, RolePermissionFixt
         Permissions.CAN_VIEW_PROFILE_REPORT,
         Permissions.CAN_CREATE_CHECKINS,
         Permissions.CAN_VIEW_CHECKINS,
-        Permissions.CAN_UPDATE_CHECKINS
+        Permissions.CAN_UPDATE_CHECKINS,
+        Permissions.CAN_ASSIGN_ROLE_PERMISSIONS
     );
 
     default Permission createACustomPermission(Permissions perm) {