Skip to main content
summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRyan D. Brooks2021-05-25 00:44:16 +0000
committerRyan D. Brooks2021-06-11 17:07:45 +0000
commit66ff59d5f136926aa6b4fff3de81112d01a9dd68 (patch)
treed821531fe94ee0ecfecf613b131c8c6b76318f5c
parentd5420cfa0c6d0ca6294471373623c15ba3c911bb (diff)
downloadorg.eclipse.osee-dev.tar.gz
org.eclipse.osee-dev.tar.xz
org.eclipse.osee-dev.zip
feature[TW19104]: Add UserService.requireRoledev
-rw-r--r--plugins/org.eclipse.osee.ats.api/src/org/eclipse/osee/ats/api/config/AtsConfigEndpointApi.java3
-rw-r--r--plugins/org.eclipse.osee.ats.rest/src/org/eclipse/osee/ats/rest/internal/config/AtsConfigEndpointImpl.java5
-rw-r--r--plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserService.java19
-rw-r--r--plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserToken.java7
-rw-r--r--plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserTokenDeserializer.java24
-rw-r--r--plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserTokens.java46
-rw-r--r--plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/enums/CoreUserGroups.java3
-rw-r--r--plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/enums/SystemUser.java2
-rw-r--r--plugins/org.eclipse.osee.framework.database.init/src/org/eclipse/osee/framework/database/init/internal/DbBootstrapTask.java3
-rw-r--r--plugins/org.eclipse.osee.framework.skynet.core/src/org/eclipse/osee/framework/skynet/core/User.java3
-rw-r--r--plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/CreateSystemBranches.java24
-rw-r--r--plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/OrcsAdminImpl.java5
-rw-r--r--plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/access/UserServiceImpl.java12
-rw-r--r--plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/DatastoreEndpoint.java9
-rw-r--r--plugins/org.eclipse.osee.orcs.rest/src/org/eclipse/osee/orcs/rest/internal/DatastoreEndpointImpl.java11
-rw-r--r--plugins/org.eclipse.osee.orcs/src/org/eclipse/osee/orcs/OrcsAdmin.java3
-rw-r--r--plugins/org.eclipse.osee.support.dev/design/ServerAccessControlDesign.adoc8
17 files changed, 104 insertions, 83 deletions
diff --git a/plugins/org.eclipse.osee.ats.api/src/org/eclipse/osee/ats/api/config/AtsConfigEndpointApi.java b/plugins/org.eclipse.osee.ats.api/src/org/eclipse/osee/ats/api/config/AtsConfigEndpointApi.java
index 02210aef15b..3b22d3f5c4b 100644
--- a/plugins/org.eclipse.osee.ats.api/src/org/eclipse/osee/ats/api/config/AtsConfigEndpointApi.java
+++ b/plugins/org.eclipse.osee.ats.api/src/org/eclipse/osee/ats/api/config/AtsConfigEndpointApi.java
@@ -30,6 +30,7 @@ import org.eclipse.osee.ats.api.version.Version;
import org.eclipse.osee.framework.core.data.ArtifactId;
import org.eclipse.osee.framework.core.data.ArtifactImage;
import org.eclipse.osee.framework.core.data.TransactionId;
+import org.eclipse.osee.framework.core.data.UserToken;
import org.eclipse.osee.framework.jdk.core.result.XResultData;
import org.eclipse.osee.framework.jdk.core.type.ViewModel;
@@ -128,7 +129,7 @@ public interface AtsConfigEndpointApi {
@POST
@Path("initialize/demo")
@Produces(MediaType.APPLICATION_JSON)
- TransactionId demoInitilize();
+ TransactionId demoInitilize(UserToken superUser);
@GET
@Path("validate")
diff --git a/plugins/org.eclipse.osee.ats.rest/src/org/eclipse/osee/ats/rest/internal/config/AtsConfigEndpointImpl.java b/plugins/org.eclipse.osee.ats.rest/src/org/eclipse/osee/ats/rest/internal/config/AtsConfigEndpointImpl.java
index 911d920b004..771012d6c74 100644
--- a/plugins/org.eclipse.osee.ats.rest/src/org/eclipse/osee/ats/rest/internal/config/AtsConfigEndpointImpl.java
+++ b/plugins/org.eclipse.osee.ats.rest/src/org/eclipse/osee/ats/rest/internal/config/AtsConfigEndpointImpl.java
@@ -45,6 +45,7 @@ import org.eclipse.osee.framework.core.data.ArtifactToken;
import org.eclipse.osee.framework.core.data.ArtifactTypeToken;
import org.eclipse.osee.framework.core.data.AttributeTypeToken;
import org.eclipse.osee.framework.core.data.TransactionId;
+import org.eclipse.osee.framework.core.data.UserToken;
import org.eclipse.osee.framework.core.enums.CoreAttributeTypes;
import org.eclipse.osee.framework.core.enums.CoreRelationTypes;
import org.eclipse.osee.framework.core.executor.ExecutorAdmin;
@@ -263,8 +264,8 @@ public final class AtsConfigEndpointImpl implements AtsConfigEndpointApi {
}
@Override
- public TransactionId demoInitilize() {
- TransactionId txId = orcsApi.getAdminOps().createDatastoreAndSystemBranches();
+ public TransactionId demoInitilize(UserToken superUser) {
+ TransactionId txId = orcsApi.getAdminOps().createDatastoreAndSystemBranches(superUser);
orcsApi.getAdminOps().createDemoBranches();
atsApi.getConfigService().configAtsDatabase(atsApi);
return txId;
diff --git a/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserService.java b/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserService.java
index 39c3cf1dc3c..2fb88a74e62 100644
--- a/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserService.java
+++ b/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserService.java
@@ -13,7 +13,9 @@
package org.eclipse.osee.framework.core.data;
+import java.util.Arrays;
import java.util.Collection;
+import org.eclipse.osee.framework.core.exception.OseeAccessDeniedException;
/**
* @author Donald G. Dunne
@@ -46,4 +48,21 @@ public interface UserService {
TransactionId createUsers(Iterable<UserToken> users, String comment);
+ /**
+ * Determines if the current thread's user is in at least one of the given groups. Otherwise throws
+ * OseeAccessDeniedException
+ */
+ default void requireRole(IUserGroupArtifactToken... userGroups) throws OseeAccessDeniedException {
+ UserToken user = getUser();
+ for (IUserGroupArtifactToken userGroup : userGroups) {
+ if (isUserMember(userGroup, user)) {
+ return;
+ }
+ }
+ throw new OseeAccessDeniedException("User %s is not in any of the user groups %s", user.toStringWithId(),
+ Arrays.deepToString(userGroups));
+ }
+
+ default void clearCaches() {
+ }
} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserToken.java b/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserToken.java
index f65b5a42a5e..f0006164aca 100644
--- a/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserToken.java
+++ b/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserToken.java
@@ -20,6 +20,7 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
import org.eclipse.jdt.annotation.NonNull;
import org.eclipse.osee.framework.core.enums.CoreArtifactTypes;
@@ -62,7 +63,7 @@ public interface UserToken extends ArtifactToken, UserId {
public Collection<ArtifactToken> getRoles();
- public Collection<String> getLoginIds();
+ public List<String> getLoginIds();
public ArtifactToken getArtifact();
@@ -74,7 +75,7 @@ public interface UserToken extends ArtifactToken, UserId {
private final boolean admin;
private final String email;
private final Set<ArtifactToken> roles = new HashSet<>();
- private final Collection<String> loginIds = new ArrayList<String>();
+ private final List<String> loginIds = new ArrayList<>();
private ArtifactToken artifact;
public UserTokenImpl(long id, String name, String userId, boolean active, String email, Collection<String> loginIds, ArtifactToken... roles) {
@@ -129,7 +130,7 @@ public interface UserToken extends ArtifactToken, UserId {
}
@Override
- public Collection<String> getLoginIds() {
+ public List<String> getLoginIds() {
return loginIds;
}
diff --git a/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserTokenDeserializer.java b/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserTokenDeserializer.java
index 29b9ce412d3..b2a1188dc57 100644
--- a/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserTokenDeserializer.java
+++ b/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserTokenDeserializer.java
@@ -42,18 +42,28 @@ public class UserTokenDeserializer extends StdDeserializer<@NonNull UserToken> {
public UserToken deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException {
JsonNode readTree = jp.getCodec().readTree(jp);
List<IUserGroupArtifactToken> userGroups = new ArrayList<IUserGroupArtifactToken>();
- for (JsonNode artToken : readTree.get("roles")) {
- IUserGroupArtifactToken roleToken =
- UserGroupArtifactToken.valueOf(artToken.get("id").asLong(), artToken.get("name").textValue());
- userGroups.add(roleToken);
+
+ JsonNode rolesNode = readTree.get("roles");
+ if (rolesNode != null) {
+ for (JsonNode artToken : rolesNode) {
+ IUserGroupArtifactToken roleToken =
+ UserGroupArtifactToken.valueOf(artToken.get("id").asLong(), artToken.get("name").textValue());
+ userGroups.add(roleToken);
+ }
}
List<String> loginIds = new ArrayList<String>();
for (JsonNode loginId : readTree.get("loginIds")) {
loginIds.add(loginId.asText());
}
- ArtifactToken.valueOf(readTree.get("id").asLong(), readTree.get("name").textValue());
+
+ boolean active = true;
+ JsonNode activeNode = readTree.get("active");
+ if (activeNode != null) {
+ active = activeNode.asBoolean();
+ }
+
return UserToken.create(readTree.get("id").asLong(), readTree.get("name").textValue(),
- readTree.get("email").textValue(), readTree.get("userId").textValue(), readTree.get("active").asBoolean(),
- loginIds, userGroups.toArray(new IUserGroupArtifactToken[userGroups.size()]));
+ readTree.get("email").textValue(), readTree.get("userId").textValue(), active, loginIds,
+ userGroups.toArray(new IUserGroupArtifactToken[userGroups.size()]));
}
} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserTokens.java b/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserTokens.java
deleted file mode 100644
index 079103840b0..00000000000
--- a/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/data/UserTokens.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*********************************************************************
- * Copyright (c) 2019 Boeing
- *
- * This program and the accompanying materials are made
- * available under the terms of the Eclipse Public License 2.0
- * which is available at https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- *
- * Contributors:
- * Boeing - initial API and implementation
- **********************************************************************/
-
-package org.eclipse.osee.framework.core.data;
-
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author Donald G. Dunne
- */
-public class UserTokens {
-
- List<UserToken> users = new LinkedList<UserToken>();
- UserToken account;
-
- public UserToken getAccount() {
- return account;
- }
-
- public void setAccount(UserToken account) {
- this.account = account;
- }
-
- public List<UserToken> getUsers() {
- return users;
- }
-
- public void setUsers(List<UserToken> users) {
- this.users = users;
- }
-
- public void addUser(UserToken user) {
- users.add(user);
- }
-}
diff --git a/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/enums/CoreUserGroups.java b/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/enums/CoreUserGroups.java
index f728a7404e8..dcc6eed2ca3 100644
--- a/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/enums/CoreUserGroups.java
+++ b/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/enums/CoreUserGroups.java
@@ -22,6 +22,7 @@ import org.eclipse.osee.framework.core.data.UserGroupArtifactToken;
public class CoreUserGroups {
public static final IUserGroupArtifactToken Everyone = UserGroupArtifactToken.valueOf(48656L, "Everyone");
+ public static final IUserGroupArtifactToken AccountAdmin = UserGroupArtifactToken.valueOf(8033604L, "Account Admin");
public static final IUserGroupArtifactToken OseeAccessAdmin =
UserGroupArtifactToken.valueOf(8033605L, "Osee Access Admin");
public static final IUserGroupArtifactToken OseeAdmin = UserGroupArtifactToken.valueOf(52247L, "OseeAdmin");
@@ -32,5 +33,5 @@ public class CoreUserGroups {
public static IUserGroupArtifactToken EarnedValueUser =
UserGroupArtifactToken.valueOf(10635662L, "Earner Value User");
public static IUserGroupArtifactToken DefaultArtifactEditor =
- UserGroupArtifactToken.valueOf(10862351L, "Deault Artifact Editor");
+ UserGroupArtifactToken.valueOf(10862351L, "Default Artifact Editor");
}
diff --git a/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/enums/SystemUser.java b/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/enums/SystemUser.java
index 8f4e29b75ea..bae6e0ed349 100644
--- a/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/enums/SystemUser.java
+++ b/plugins/org.eclipse.osee.framework.core/src/org/eclipse/osee/framework/core/enums/SystemUser.java
@@ -24,7 +24,7 @@ import org.eclipse.osee.framework.jdk.core.type.Id;
public final class SystemUser {
// @formatter:off
- public static final UserToken OseeSystem = UserToken.create(11, "OSEE System", "", "99999999", false, CoreUserGroups.OseeAdmin, CoreUserGroups.OseeAccessAdmin);
+ public static final UserToken OseeSystem = UserToken.create(11, "OSEE System", "", "99999999", false, CoreUserGroups.OseeAdmin, CoreUserGroups.OseeAccessAdmin, CoreUserGroups.AccountAdmin);
public static final UserToken Anonymous = UserToken.create(1896, "Anonymous", "", "99999998", false);
public static final UserToken BootStrap = UserToken.create(2184322, "Boot Strap", "bootstrap@osee.org", "bootstrap", true);
public static final UserToken UnAssigned = UserToken.create(33429, "UnAssigned", "", "99999997", true);
diff --git a/plugins/org.eclipse.osee.framework.database.init/src/org/eclipse/osee/framework/database/init/internal/DbBootstrapTask.java b/plugins/org.eclipse.osee.framework.database.init/src/org/eclipse/osee/framework/database/init/internal/DbBootstrapTask.java
index 5786eceb295..77785dbebfa 100644
--- a/plugins/org.eclipse.osee.framework.database.init/src/org/eclipse/osee/framework/database/init/internal/DbBootstrapTask.java
+++ b/plugins/org.eclipse.osee.framework.database.init/src/org/eclipse/osee/framework/database/init/internal/DbBootstrapTask.java
@@ -14,6 +14,7 @@
package org.eclipse.osee.framework.database.init.internal;
import static org.eclipse.osee.framework.core.enums.CoreBranches.SYSTEM_ROOT;
+import org.eclipse.osee.framework.core.enums.SystemUser;
import org.eclipse.osee.framework.core.services.IOseeCachingService;
import org.eclipse.osee.framework.core.util.OsgiUtil;
import org.eclipse.osee.framework.database.init.IDatabaseInitConfiguration;
@@ -40,7 +41,7 @@ public class DbBootstrapTask implements IDbInitializationTask {
OseeProperties.setInDbInit(true);
DatastoreEndpoint datastoreEndpoint = OsgiUtil.getService(getClass(), OseeClient.class).getDatastoreEndpoint();
- datastoreEndpoint.initialize();
+ datastoreEndpoint.initialize(SystemUser.BootStrap);
Conditions.checkNotNull(BranchManager.getBranchToken(SYSTEM_ROOT), "System root was not created - ");
diff --git a/plugins/org.eclipse.osee.framework.skynet.core/src/org/eclipse/osee/framework/skynet/core/User.java b/plugins/org.eclipse.osee.framework.skynet.core/src/org/eclipse/osee/framework/skynet/core/User.java
index c8ef03ccd23..10eef54e32d 100644
--- a/plugins/org.eclipse.osee.framework.skynet.core/src/org/eclipse/osee/framework/skynet/core/User.java
+++ b/plugins/org.eclipse.osee.framework.skynet.core/src/org/eclipse/osee/framework/skynet/core/User.java
@@ -17,6 +17,7 @@ import java.io.StringReader;
import java.io.StringWriter;
import java.util.Collection;
import java.util.HashSet;
+import java.util.List;
import org.eclipse.osee.framework.core.data.ArtifactToken;
import org.eclipse.osee.framework.core.data.BranchId;
import org.eclipse.osee.framework.core.data.BranchToken;
@@ -215,7 +216,7 @@ public class User extends Artifact implements UserToken {
}
@Override
- public Collection<String> getLoginIds() {
+ public List<String> getLoginIds() {
return getAttributeValues(CoreAttributeTypes.LoginId);
}
diff --git a/plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/CreateSystemBranches.java b/plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/CreateSystemBranches.java
index fdc109be0f9..870dcef7139 100644
--- a/plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/CreateSystemBranches.java
+++ b/plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/CreateSystemBranches.java
@@ -15,8 +15,12 @@ package org.eclipse.osee.orcs.core.internal;
import static org.eclipse.osee.framework.core.data.ApplicabilityToken.BASE;
import static org.eclipse.osee.framework.core.enums.CoreBranches.COMMON;
+import java.util.HashSet;
+import java.util.Set;
import org.eclipse.osee.framework.core.data.ArtifactId;
import org.eclipse.osee.framework.core.data.TransactionId;
+import org.eclipse.osee.framework.core.data.UserService;
+import org.eclipse.osee.framework.core.data.UserToken;
import org.eclipse.osee.framework.core.enums.CoreArtifactTokens;
import org.eclipse.osee.framework.core.enums.CoreArtifactTypes;
import org.eclipse.osee.framework.core.enums.CoreAttributeTypes;
@@ -54,14 +58,14 @@ public class CreateSystemBranches {
query = orcsApi.getQueryFactory().fromBranch(COMMON);
}
- public TransactionId create() {
+ public TransactionId create(UserToken superUser) {
orcsApi.getKeyValueOps().putByKey(BASE, BASE.getName());
populateSystemBranch();
orcsApi.getBranchOps().createTopLevelBranch(COMMON, SystemUser.OseeSystem);
- return populateCommonBranch();
+ return populateCommonBranch(superUser);
}
private void populateSystemBranch() {
@@ -72,7 +76,7 @@ public class CreateSystemBranches {
tx.commit();
}
- private TransactionId populateCommonBranch() {
+ private TransactionId populateCommonBranch(UserToken superUser) {
TransactionBuilder tx = txFactory.createTransaction(COMMON, SystemUser.OseeSystem, "Add Common branch artifacts");
orcsApi.tokenService().getArtifactTypeJoins().forEach(tx::addOrcsTypeJoin);
@@ -88,6 +92,7 @@ public class CreateSystemBranches {
tx.setSoleAttributeValue(everyOne, CoreAttributeTypes.DefaultGroup, true);
tx.createArtifact(userGroupsFolder, CoreUserGroups.OseeAdmin);
+ tx.createArtifact(userGroupsFolder, CoreUserGroups.AccountAdmin);
tx.createArtifact(userGroupsFolder, CoreUserGroups.OseeAccessAdmin);
ArtifactId globalPreferences = tx.createArtifact(oseeConfig, CoreArtifactTokens.GlobalPreferences);
@@ -101,7 +106,18 @@ public class CreateSystemBranches {
createDataRights(tx, documentTemplateFolder);
tx.commit();
- return orcsApi.userService().createUsers(SystemUser.values(), "Create System Users");
+ UserToken userWithRoles = UserToken.create(superUser.getId(), superUser.getName(), superUser.getEmail(),
+ superUser.getUserId(), true, superUser.getLoginIds(), CoreUserGroups.AccountAdmin,
+ CoreUserGroups.OseeAccessAdmin, CoreUserGroups.OseeAdmin);
+
+ UserService userService = orcsApi.userService();
+ userService.clearCaches();
+ Set<UserToken> users = new HashSet<>(SystemUser.values());
+ users.remove(userWithRoles); // Replace existing entry, if any
+ users.add(userWithRoles);
+ TransactionId txId = userService.createUsers(users, "Create System Users");
+ userService.setUserForCurrentThread(userWithRoles.getLoginIds().get(0));
+ return txId;
}
private void createWordTemplates(TransactionBuilder tx, ArtifactId documentTemplateFolder) {
diff --git a/plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/OrcsAdminImpl.java b/plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/OrcsAdminImpl.java
index 6e264a0529c..d000a985501 100644
--- a/plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/OrcsAdminImpl.java
+++ b/plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/OrcsAdminImpl.java
@@ -26,6 +26,7 @@ import org.eclipse.osee.framework.core.data.OrcsTypeJoin;
import org.eclipse.osee.framework.core.data.TransactionId;
import org.eclipse.osee.framework.core.data.Tuple2Type;
import org.eclipse.osee.framework.core.data.UserId;
+import org.eclipse.osee.framework.core.data.UserToken;
import org.eclipse.osee.framework.core.enums.CoreArtifactTokens;
import org.eclipse.osee.framework.core.enums.CoreRelationTypes;
import org.eclipse.osee.framework.core.enums.CoreTupleTypes;
@@ -67,13 +68,13 @@ public class OrcsAdminImpl implements OrcsAdmin {
}
@Override
- public TransactionId createDatastoreAndSystemBranches() {
+ public TransactionId createDatastoreAndSystemBranches(UserToken superUser) {
ActivityLog activityLog = orcsApi.getActivityLog();
try {
activityLog.setEnabled(false);
dataStoreAdmin.createDataStore();
- return new CreateSystemBranches(orcsApi).create();
+ return new CreateSystemBranches(orcsApi).create(superUser);
} finally {
activityLog.setEnabled(true);
}
diff --git a/plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/access/UserServiceImpl.java b/plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/access/UserServiceImpl.java
index 16c9c92593c..4ee8dccddfd 100644
--- a/plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/access/UserServiceImpl.java
+++ b/plugins/org.eclipse.osee.orcs.core/src/org/eclipse/osee/orcs/core/internal/access/UserServiceImpl.java
@@ -170,6 +170,13 @@ public class UserServiceImpl implements UserService {
@Override
public TransactionId createUsers(Iterable<UserToken> users, String comment) {
+ ensureLoaded();
+ if (loginIdToUser.isEmpty()) {
+ // During bootstrap allow user creation when no users have yet been created
+ } else {
+ requireRole(CoreUserGroups.AccountAdmin);
+ }
+
TransactionBuilder tx = orcsApi.getTransactionFactory().createTransaction(COMMON, getUser(), comment);
ArtifactToken userGroupHeader = orcsApi.getQueryFactory().fromBranch(CoreBranches.COMMON).andId(
@@ -233,4 +240,9 @@ public class UserServiceImpl implements UserService {
userGroupToArtifact.put(userGroup, userGroupArt);
return userGroupArt;
}
+
+ @Override
+ public void clearCaches() {
+ loginIdToUser.clear();
+ }
} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/DatastoreEndpoint.java b/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/DatastoreEndpoint.java
index 03fc40c3225..9d91dcf359e 100644
--- a/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/DatastoreEndpoint.java
+++ b/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/DatastoreEndpoint.java
@@ -13,6 +13,7 @@
package org.eclipse.osee.orcs.rest.model;
+import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
@@ -21,7 +22,7 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.eclipse.osee.framework.core.data.TransactionId;
-import org.eclipse.osee.framework.core.data.UserTokens;
+import org.eclipse.osee.framework.core.data.UserToken;
/**
* @author Roberto E. Escobar
@@ -36,9 +37,9 @@ public interface DatastoreEndpoint {
@POST
@Path("initialize")
- @Consumes(MediaType.TEXT_PLAIN)
+ @Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
- TransactionId initialize();
+ TransactionId initialize(UserToken superUser);
@POST
@Path("synonyms")
@@ -54,7 +55,7 @@ public interface DatastoreEndpoint {
@Path("user")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
- TransactionId createUsers(UserTokens users);
+ TransactionId createUsers(List<UserToken> users);
@POST
@Path("user/bootstrap")
diff --git a/plugins/org.eclipse.osee.orcs.rest/src/org/eclipse/osee/orcs/rest/internal/DatastoreEndpointImpl.java b/plugins/org.eclipse.osee.orcs.rest/src/org/eclipse/osee/orcs/rest/internal/DatastoreEndpointImpl.java
index 94a5822d520..686f2a406a7 100644
--- a/plugins/org.eclipse.osee.orcs.rest/src/org/eclipse/osee/orcs/rest/internal/DatastoreEndpointImpl.java
+++ b/plugins/org.eclipse.osee.orcs.rest/src/org/eclipse/osee/orcs/rest/internal/DatastoreEndpointImpl.java
@@ -15,6 +15,7 @@ package org.eclipse.osee.orcs.rest.internal;
import static org.eclipse.osee.orcs.rest.internal.OrcsRestUtil.executeCallable;
import java.net.URI;
+import java.util.List;
import java.util.concurrent.Callable;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.core.Context;
@@ -25,7 +26,7 @@ import org.eclipse.osee.framework.core.data.OseeClient;
import org.eclipse.osee.framework.core.data.TransactionId;
import org.eclipse.osee.framework.core.data.UserId;
import org.eclipse.osee.framework.core.data.UserService;
-import org.eclipse.osee.framework.core.data.UserTokens;
+import org.eclipse.osee.framework.core.data.UserToken;
import org.eclipse.osee.orcs.OrcsAdmin;
import org.eclipse.osee.orcs.OrcsApi;
import org.eclipse.osee.orcs.OrcsMetaData;
@@ -63,8 +64,8 @@ public class DatastoreEndpointImpl implements DatastoreEndpoint {
}
@Override
- public TransactionId initialize() {
- TransactionId txId = adminOps.createDatastoreAndSystemBranches();
+ public TransactionId initialize(UserToken superUser) {
+ TransactionId txId = adminOps.createDatastoreAndSystemBranches(superUser);
adminOps.createDemoBranches();
return txId;
}
@@ -97,8 +98,8 @@ public class DatastoreEndpointImpl implements DatastoreEndpoint {
}
@Override
- public TransactionId createUsers(UserTokens users) {
- return userService.createUsers(users.getUsers(), "DatastoreEndpointImpl.createUsers()");
+ public TransactionId createUsers(List<UserToken> users) {
+ return userService.createUsers(users, "DatastoreEndpointImpl.createUsers()");
}
@Override
diff --git a/plugins/org.eclipse.osee.orcs/src/org/eclipse/osee/orcs/OrcsAdmin.java b/plugins/org.eclipse.osee.orcs/src/org/eclipse/osee/orcs/OrcsAdmin.java
index 76c43f72602..8ad80f478b4 100644
--- a/plugins/org.eclipse.osee.orcs/src/org/eclipse/osee/orcs/OrcsAdmin.java
+++ b/plugins/org.eclipse.osee.orcs/src/org/eclipse/osee/orcs/OrcsAdmin.java
@@ -19,6 +19,7 @@ import org.eclipse.osee.framework.core.data.ArtifactId;
import org.eclipse.osee.framework.core.data.ArtifactTypeId;
import org.eclipse.osee.framework.core.data.TransactionId;
import org.eclipse.osee.framework.core.data.UserId;
+import org.eclipse.osee.framework.core.data.UserToken;
/**
* @author Roberto E. Escobar
@@ -27,7 +28,7 @@ public interface OrcsAdmin {
Callable<OrcsMetaData> createFetchOrcsMetaData();
- TransactionId createDatastoreAndSystemBranches();
+ TransactionId createDatastoreAndSystemBranches(UserToken user);
Callable<OrcsMetaData> migrateDatastore();
diff --git a/plugins/org.eclipse.osee.support.dev/design/ServerAccessControlDesign.adoc b/plugins/org.eclipse.osee.support.dev/design/ServerAccessControlDesign.adoc
index 2e73900f301..2aa1cc62bb6 100644
--- a/plugins/org.eclipse.osee.support.dev/design/ServerAccessControlDesign.adoc
+++ b/plugins/org.eclipse.osee.support.dev/design/ServerAccessControlDesign.adoc
@@ -6,7 +6,7 @@
* OSEE Access Control is handled in 3 levels. Branch Access is used to see if a user has access to the branch. Artifact Access is used for verifying a user has access to the artifact. Then finally, Configuration Management is used for checking if a user has access to individual pieces such as attributes.
== Data Read/Write Permission
-* Read and Write permissions are specified on individual artifacts and branches for users and user groups, the server will need to be able to handle this data to compute access control.
+* Read and Write permissions are specified on individual artifacts and branches for users and user groups, the server will need to be able to handle this data to compute access control.
** These permissions are changed and applied to the database via the OSEE_ARTIFACT_ACL and OSEE_BRANCH_ACL tables.
* Configuration Management Access Control specifies read/write permissions for data in the context of an ATS Workflow.
@@ -14,15 +14,15 @@
* Execute permission is specified for a given API method by role (not a on per-user basis)
== Design and Requirements
-* The server side Access Control will need the ability to identify the user that is communicating through the database. Whether it is through the client or web pages, and even from third party access such as build scripts or code commits.
+* The server side Access Control will need the ability to identify the user that is communicating through the database. Whether it is through the client or web pages, and even from third party access such as build scripts or code commits.
* When the server needs access control information it should query the database to get the exact information it needs.
-* AccessControlService is available from APIs, this service will provide the method requireRole(IUserGroupArtifactToken... userGroups) that determines if the current user is in at least one of the given groups. Otherwise an OseeAccessDeniedException is thrown.
+* AccessControlService is available from APIs, this service will provide the method requireRole(IUserGroupArtifactToken... userGroups) that determines if the current user is in at least one of the given groups. Otherwise an OseeAccessDeniedException is thrown.
* No database access should be allowed except via the JdbcClient.
* All access to the JdbcClient service must be via Orcs API calls that are protected via requireRole().
* In order to provide immediate feedback to the end user requireRole may be invoked at the beginning of the method.
== Extensibility and Configuration
-* Extensibility of the access control will come from the capabilities of User Group artifacts. These can be configured by specific users in OSEE, adding/removing users from various groups where these groups are granted artifact/branch permissions along with operational roles. The creation and modification of artifacts of type "User" (and its' sub-types) must be strictly controlled.
+* Extensibility of the access control will come from the capabilities of User Group artifacts. These can be configured by specific users in OSEE, adding/removing users from various groups where these groups are granted artifact/branch permissions along with operational roles. The creation and modification of artifacts of type "User" (and its' sub-types) must be strictly controlled.
== Future Actions
* UserGroup artifact type needs to be separated for the use case roles vs other uses such as email or distribution lists

Back to the top