diff --git a/integration/src/test/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADMSpec.scala b/integration/src/test/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADMSpec.scala index 252d036104..6701ea0ca9 100644 --- a/integration/src/test/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADMSpec.scala +++ b/integration/src/test/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADMSpec.scala @@ -13,13 +13,14 @@ import dsp.errors.BadRequestException import dsp.errors.ForbiddenException import org.knora.webapi.CoreSpec import org.knora.webapi.messages.OntologyConstants -import org.knora.webapi.messages.OntologyConstants.KnoraAdmin.AdministrativePermissionAbbreviations import org.knora.webapi.responders.admin.PermissionsResponderADM import org.knora.webapi.routing.UnsafeZioRun import org.knora.webapi.sharedtestdata.SharedOntologyTestDataADM._ import org.knora.webapi.sharedtestdata.SharedTestDataADM2._ import org.knora.webapi.sharedtestdata._ import org.knora.webapi.slice.admin.api.service.PermissionsRestService +import org.knora.webapi.slice.admin.domain.model.AdministrativePermission +import org.knora.webapi.slice.admin.domain.model.AdministrativePermissions import org.knora.webapi.slice.admin.domain.model.ObjectAccessPermission import org.knora.webapi.slice.admin.domain.model.ObjectAccessPermissions import org.knora.webapi.util.ZioScalaTestUtil.assertFailsWithA @@ -74,7 +75,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { CreateAdministrativePermissionAPIRequestADM( forProject = "invalid-project-IRI", forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectAdminAllPermission), + hasPermissions = Set(PermissionADM.from(AdministrativePermission.ProjectAdminAll)), ), SharedTestDataADM.imagesUser01, ), @@ -89,7 +90,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { CreateAdministrativePermissionAPIRequestADM( forProject = SharedTestDataADM.imagesProjectIri, forGroup = groupIri, - hasPermissions = Set(PermissionADM.ProjectAdminAllPermission), + hasPermissions = Set(PermissionADM.from(AdministrativePermission.ProjectAdminAll)), ), SharedTestDataADM.imagesUser01, ), @@ -105,7 +106,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { id = Some(permissionIri), forProject = SharedTestDataADM.imagesProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectAdminAllPermission), + hasPermissions = Set(PermissionADM.from(AdministrativePermission.ProjectAdminAll)), ), SharedTestDataADM.imagesUser01, ), @@ -135,7 +136,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { assertFailsWithA[BadRequestException]( exit, s"Invalid value for name parameter of hasPermissions: $invalidName, it should be one of " + - s"${AdministrativePermissionAbbreviations.toString}", + s"${AdministrativePermissions.allTokens.mkString(", ")}", ) } @@ -159,7 +160,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { CreateAdministrativePermissionAPIRequestADM( forProject = SharedTestDataADM.imagesProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectAdminAllPermission), + hasPermissions = Set(PermissionADM.from(AdministrativePermission.ProjectAdminAll)), ), SharedTestDataADM.imagesReviewerUser, ), diff --git a/integration/src/test/scala/org/knora/webapi/messages/util/PermissionUtilADMSpec.scala b/integration/src/test/scala/org/knora/webapi/messages/util/PermissionUtilADMSpec.scala index 990576ae4d..33393334c2 100644 --- a/integration/src/test/scala/org/knora/webapi/messages/util/PermissionUtilADMSpec.scala +++ b/integration/src/test/scala/org/knora/webapi/messages/util/PermissionUtilADMSpec.scala @@ -16,6 +16,7 @@ import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionT import org.knora.webapi.messages.util.PermissionUtilADM import org.knora.webapi.sharedtestdata.SharedTestDataADM import org.knora.webapi.sharedtestdata.SharedTestDataADM2 +import org.knora.webapi.slice.admin.domain.model.AdministrativePermission import org.knora.webapi.slice.admin.domain.model.ObjectAccessPermission import pekko.testkit.ImplicitSender @@ -133,10 +134,16 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { "ProjectResourceCreateAllPermission|ProjectAdminAllPermission|ProjectResourceCreateRestrictedPermission ," val permissionsSet = Set( - PermissionADM.ProjectResourceCreateAllPermission, - PermissionADM.ProjectAdminAllPermission, - PermissionADM.projectResourceCreateRestrictedPermission("http://www.knora.org/ontology/00FF/images#bild"), - PermissionADM.projectResourceCreateRestrictedPermission("http://www.knora.org/ontology/00FF/images#bildformat"), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), + PermissionADM.from(AdministrativePermission.ProjectAdminAll), + PermissionADM.from( + AdministrativePermission.ProjectResourceCreateRestricted, + "http://www.knora.org/ontology/00FF/images#bild", + ), + PermissionADM.from( + AdministrativePermission.ProjectResourceCreateRestricted, + "http://www.knora.org/ontology/00FF/images#bildformat", + ), ) PermissionUtilADM.parsePermissionsWithType( @@ -147,13 +154,13 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { "build a 'PermissionADM' object" in { PermissionUtilADM.buildPermissionObject( - name = OntologyConstants.KnoraAdmin.ProjectResourceCreateRestrictedPermission, + name = AdministrativePermission.ProjectResourceCreateRestricted.token, iris = Set("1", "2", "3"), ) should equal( Set( - PermissionADM.projectResourceCreateRestrictedPermission("1"), - PermissionADM.projectResourceCreateRestrictedPermission("2"), - PermissionADM.projectResourceCreateRestrictedPermission("3"), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateRestricted, "1"), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateRestricted, "2"), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateRestricted, "3"), ), ) } @@ -181,25 +188,6 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { result should contain allElementsOf deduplicatedPermissions } - "remove lesser permissions" in { - val withLesserPermissions = Set( - PermissionADM.from(ObjectAccessPermission.View, "1"), - PermissionADM.from(ObjectAccessPermission.View, "1"), - PermissionADM.from(ObjectAccessPermission.Modify, "2"), - PermissionADM.from(ObjectAccessPermission.ChangeRights, "1"), - PermissionADM.from(ObjectAccessPermission.Delete, "2"), - ) - - val withoutLesserPermissions = Set( - PermissionADM.from(ObjectAccessPermission.ChangeRights, "1"), - PermissionADM.from(ObjectAccessPermission.Delete, "2"), - ) - - val result = PermissionUtilADM.removeLesserPermissions(withLesserPermissions, PermissionType.OAP) - result.size should equal(withoutLesserPermissions.size) - result should contain allElementsOf withoutLesserPermissions - } - "create permissions string" in { val permissions = Set( PermissionADM.from(ObjectAccessPermission.ChangeRights, "1"), diff --git a/integration/src/test/scala/org/knora/webapi/responders/admin/PermissionsResponderADMSpec.scala b/integration/src/test/scala/org/knora/webapi/responders/admin/PermissionsResponderADMSpec.scala index 65b847d00b..42dcf580c5 100644 --- a/integration/src/test/scala/org/knora/webapi/responders/admin/PermissionsResponderADMSpec.scala +++ b/integration/src/test/scala/org/knora/webapi/responders/admin/PermissionsResponderADMSpec.scala @@ -32,6 +32,7 @@ import org.knora.webapi.sharedtestdata.SharedTestDataADM.imagesUser02 import org.knora.webapi.sharedtestdata.SharedTestDataADM.incunabulaMemberUser import org.knora.webapi.sharedtestdata.SharedTestDataADM.normalUser import org.knora.webapi.sharedtestdata.SharedTestDataADM2 +import org.knora.webapi.slice.admin.domain.model.AdministrativePermission import org.knora.webapi.slice.admin.domain.model.GroupIri import org.knora.webapi.slice.admin.domain.model.KnoraProject.ProjectIri import org.knora.webapi.slice.admin.domain.model.ObjectAccessPermission @@ -226,7 +227,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { CreateAdministrativePermissionAPIRequestADM( forProject = imagesProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectResourceCreateAllPermission), + hasPermissions = Set(PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll)), ), rootUser, UUID.randomUUID(), @@ -251,7 +252,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { id = Some(customIri), forProject = SharedTestDataADM.anythingProjectIri, forGroup = SharedTestDataADM.thingSearcherGroup.id, - hasPermissions = Set(PermissionADM.ProjectResourceCreateAllPermission), + hasPermissions = Set(PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll)), ), rootUser, UUID.randomUUID(), @@ -267,18 +268,12 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { val customIri = "http://rdfh.ch/permissions/0001/0pd-VUDeShWNJ2Nq3fGGGQ" val hasPermissions = Set( PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectResourceCreateAllPermission, + name = AdministrativePermission.ProjectResourceCreateAll.token, additionalInformation = Some("blabla"), permissionCode = Some(8), ), ) - val expectedHasPermissions = Set( - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectResourceCreateAllPermission, - additionalInformation = None, - permissionCode = None, - ), - ) + val expectedHasPermissions = Set(PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll)) val actual = UnsafeZioRun.runOrThrow( ZIO.serviceWithZIO[PermissionsResponderADM]( _.createAdministrativePermission( @@ -1001,7 +996,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { "ask to update hasPermissions of a permission" should { "throw ForbiddenException for PermissionChangeHasPermissionsRequestADM if requesting user is not system or project Admin" in { val permissionIri = "http://rdfh.ch/permissions/00FF/buxHAlz8SHuu0FuiLN_tKQ" - val hasPermissions = NonEmptyChunk(PermissionADM.ProjectResourceCreateAllPermission) + val hasPermissions = NonEmptyChunk(PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll)) val exit = UnsafeZioRun.run( ZIO.serviceWithZIO[PermissionsResponderADM]( @@ -1022,7 +1017,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { "update hasPermissions of an administrative permission" in { val permissionIri = "http://rdfh.ch/permissions/00FF/buxHAlz8SHuu0FuiLN_tKQ" - val hasPermissions = NonEmptyChunk(PermissionADM.ProjectResourceCreateAllPermission) + val hasPermissions = NonEmptyChunk(PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll)) val actual = UnsafeZioRun.runOrThrow( ZIO.serviceWithZIO[PermissionsResponderADM]( _.updatePermissionHasPermissions( @@ -1044,7 +1039,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { val permissionIri = "http://rdfh.ch/permissions/00FF/buxHAlz8SHuu0FuiLN_tKQ" val hasPermissions = NonEmptyChunk( PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectAdminAllPermission, + name = AdministrativePermission.ProjectAdminAll.token, additionalInformation = Some("aIRI"), permissionCode = Some(1), ), @@ -1062,7 +1057,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { val ap = actual.asInstanceOf[AdministrativePermissionGetResponseADM].administrativePermission assert(ap.iri == permissionIri) ap.hasPermissions.size should be(1) - val expectedSetOfPermissions = Set(PermissionADM.ProjectAdminAllPermission) + val expectedSetOfPermissions = Set(PermissionADM.from(AdministrativePermission.ProjectAdminAll)) assert(ap.hasPermissions.equals(expectedSetOfPermissions)) } diff --git a/integration/src/test/scala/org/knora/webapi/responders/admin/ProjectRestServiceSpec.scala b/integration/src/test/scala/org/knora/webapi/responders/admin/ProjectRestServiceSpec.scala index 6da7f44a73..d2c799bc05 100644 --- a/integration/src/test/scala/org/knora/webapi/responders/admin/ProjectRestServiceSpec.scala +++ b/integration/src/test/scala/org/knora/webapi/responders/admin/ProjectRestServiceSpec.scala @@ -28,6 +28,7 @@ import org.knora.webapi.sharedtestdata.SharedTestDataADM import org.knora.webapi.slice.admin.api.model.ProjectsEndpointsRequestsAndResponses.ProjectCreateRequest import org.knora.webapi.slice.admin.api.model.ProjectsEndpointsRequestsAndResponses.ProjectUpdateRequest import org.knora.webapi.slice.admin.api.service.ProjectRestService +import org.knora.webapi.slice.admin.domain.model.AdministrativePermission import org.knora.webapi.slice.admin.domain.model.KnoraProject._ import org.knora.webapi.slice.admin.domain.model.ObjectAccessPermission import org.knora.webapi.slice.admin.domain.model.RestrictedView @@ -205,7 +206,10 @@ class ProjectRestServiceSpec extends CoreSpec with ImplicitSender { (ap: AdministrativePermissionADM) => ap.forProject == received.project.id && ap.forGroup == OntologyConstants.KnoraAdmin.ProjectAdmin && ap.hasPermissions.equals( - Set(PermissionADM.ProjectAdminAllPermission, PermissionADM.ProjectResourceCreateAllPermission), + Set( + PermissionADM.from(AdministrativePermission.ProjectAdminAll), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), + ), ) } @@ -215,7 +219,7 @@ class ProjectRestServiceSpec extends CoreSpec with ImplicitSender { val hasAPForProjectMember = receivedApAdmin.administrativePermissions.filter { (ap: AdministrativePermissionADM) => ap.forProject == received.project.id && ap.forGroup == OntologyConstants.KnoraAdmin.ProjectMember && - ap.hasPermissions.equals(Set(PermissionADM.ProjectResourceCreateAllPermission)) + ap.hasPermissions.equals(Set(PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll))) } hasAPForProjectMember.size shouldBe 1 diff --git a/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedPermissionsTestData.scala b/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedPermissionsTestData.scala index 0c754d133f..2ec5ae48d7 100644 --- a/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedPermissionsTestData.scala +++ b/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedPermissionsTestData.scala @@ -12,6 +12,7 @@ import org.knora.webapi.messages.admin.responder.permissionsmessages.ObjectAcces import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionADM import org.knora.webapi.sharedtestdata.SharedOntologyTestDataADM._ import org.knora.webapi.sharedtestdata.SharedTestDataADM2._ +import org.knora.webapi.slice.admin.domain.model.AdministrativePermission import org.knora.webapi.slice.admin.domain.model.ObjectAccessPermission /* Helper case classes */ @@ -92,7 +93,7 @@ object SharedPermissionsTestData { forProject = imagesProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, hasPermissions = Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ) @@ -105,8 +106,8 @@ object SharedPermissionsTestData { forProject = imagesProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectAdmin, hasPermissions = Set( - PermissionADM.ProjectResourceCreateAllPermission, - PermissionADM.ProjectAdminAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), + PermissionADM.from(AdministrativePermission.ProjectAdminAll), ), ), ) @@ -119,8 +120,11 @@ object SharedPermissionsTestData { forProject = imagesProjectIri, forGroup = "http://rdfh.ch/groups/00FF/images-reviewer", hasPermissions = Set( - PermissionADM.projectResourceCreateRestrictedPermission(s"$IMAGES_ONTOLOGY_IRI#bild"), - PermissionADM.projectResourceCreateRestrictedPermission(s"$IMAGES_ONTOLOGY_IRI#bildformat"), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateRestricted, s"$IMAGES_ONTOLOGY_IRI#bild"), + PermissionADM.from( + AdministrativePermission.ProjectResourceCreateRestricted, + s"$IMAGES_ONTOLOGY_IRI#bildformat", + ), ), ), ) @@ -179,7 +183,7 @@ object SharedPermissionsTestData { iri = "http://rdfh.ch/permissions/003-a1", forProject = SharedTestDataADM2.incunabulaProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectResourceCreateAllPermission), + hasPermissions = Set(PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll)), ), ) @@ -191,8 +195,8 @@ object SharedPermissionsTestData { forProject = SharedTestDataADM2.incunabulaProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectAdmin, hasPermissions = Set( - PermissionADM.ProjectResourceCreateAllPermission, - PermissionADM.ProjectAdminAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), + PermissionADM.from(AdministrativePermission.ProjectAdminAll), ), ), ) @@ -314,7 +318,7 @@ object SharedPermissionsTestData { iri = "http://rdfh.ch/permissions/00FF/XFozeICsTE2gHSOsm4ZMIw", forProject = SharedTestDataADM2.anythingProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectResourceCreateAllPermission), + hasPermissions = Set(PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll)), ), ) @@ -326,8 +330,8 @@ object SharedPermissionsTestData { forProject = SharedTestDataADM2.anythingProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectAdmin, hasPermissions = Set( - PermissionADM.ProjectResourceCreateAllPermission, - PermissionADM.ProjectAdminAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), + PermissionADM.from(AdministrativePermission.ProjectAdminAll), ), ), ) diff --git a/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM.scala b/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM.scala index 592e727475..957f826449 100644 --- a/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM.scala +++ b/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM.scala @@ -15,6 +15,7 @@ import org.knora.webapi.messages.admin.responder.permissionsmessages.Permissions import org.knora.webapi.messages.admin.responder.projectsmessages.Project import org.knora.webapi.messages.store.triplestoremessages.StringLiteralV2 import org.knora.webapi.messages.util.KnoraSystemInstances +import org.knora.webapi.slice.admin.domain.model.AdministrativePermission import org.knora.webapi.slice.admin.domain.model.Group import org.knora.webapi.slice.admin.domain.model.User @@ -138,12 +139,12 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectAdminAll), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), imagesProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectAdminAll), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -213,8 +214,8 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( imagesProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectAdminAll), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -239,7 +240,7 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( imagesProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -267,10 +268,12 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( imagesProjectIri -> Set( - PermissionADM.projectResourceCreateRestrictedPermission( + PermissionADM.from( + AdministrativePermission.ProjectResourceCreateRestricted, s"${SharedOntologyTestDataADM.IMAGES_ONTOLOGY_IRI}#bild", ), - PermissionADM.projectResourceCreateRestrictedPermission( + PermissionADM.from( + AdministrativePermission.ProjectResourceCreateRestricted, s"${SharedOntologyTestDataADM.IMAGES_ONTOLOGY_IRI}#bildformat", ), ), @@ -377,8 +380,8 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectAdminAll), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -403,7 +406,7 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -428,7 +431,7 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -545,8 +548,8 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( anythingProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectAdminAll), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -573,7 +576,7 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( anythingProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -597,7 +600,7 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( anythingProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -687,7 +690,7 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( beolProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, + PermissionADM.from(AdministrativePermission.ProjectAdminAll), ), ), ), diff --git a/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM2.scala b/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM2.scala index 46ee8afd08..78aae0a08f 100644 --- a/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM2.scala +++ b/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM2.scala @@ -11,6 +11,7 @@ import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionA import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionsDataADM import org.knora.webapi.sharedtestdata import org.knora.webapi.sharedtestdata.SharedOntologyTestDataADM.IMAGES_ONTOLOGY_IRI +import org.knora.webapi.slice.admin.domain.model.AdministrativePermission /** * This object holds the same user which are loaded with 'test_data/project_data/admin-data.ttl'. Using this object @@ -69,12 +70,12 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectAdminAll), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), imagesProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectAdminAll), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -112,8 +113,8 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( imagesProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectAdminAll), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -139,7 +140,7 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( imagesProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -168,8 +169,11 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( imagesProjectIri -> Set( - PermissionADM.projectResourceCreateRestrictedPermission(s"$IMAGES_ONTOLOGY_IRI#bild"), - PermissionADM.projectResourceCreateRestrictedPermission(s"$IMAGES_ONTOLOGY_IRI#bildformat"), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateRestricted, s"$IMAGES_ONTOLOGY_IRI#bild"), + PermissionADM.from( + AdministrativePermission.ProjectResourceCreateRestricted, + s"$IMAGES_ONTOLOGY_IRI#bildformat", + ), ), ), ), @@ -221,8 +225,8 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectAdminAll), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -248,7 +252,7 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -274,7 +278,7 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -329,8 +333,8 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( anythingProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectAdminAll), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -355,7 +359,7 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( anythingProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), @@ -380,7 +384,7 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( anythingProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), ), ), ), diff --git a/webapi/src/main/scala/org/knora/webapi/messages/OntologyConstants.scala b/webapi/src/main/scala/org/knora/webapi/messages/OntologyConstants.scala index 641c3e420a..8484aad13f 100644 --- a/webapi/src/main/scala/org/knora/webapi/messages/OntologyConstants.scala +++ b/webapi/src/main/scala/org/knora/webapi/messages/OntologyConstants.scala @@ -499,22 +499,6 @@ object OntologyConstants { val ForResourceClass: IRI = KnoraAdminPrefixExpansion + "forResourceClass" val ForProperty: IRI = KnoraAdminPrefixExpansion + "forProperty" - val ProjectResourceCreateAllPermission: String = "ProjectResourceCreateAllPermission" - val ProjectResourceCreateRestrictedPermission: String = "ProjectResourceCreateRestrictedPermission" - val ProjectAdminAllPermission: String = "ProjectAdminAllPermission" - val ProjectAdminGroupAllPermission: String = "ProjectAdminGroupAllPermission" - val ProjectAdminGroupRestrictedPermission: String = "ProjectAdminGroupRestrictedPermission" - val ProjectAdminRightsAllPermission: String = "ProjectAdminRightsAllPermission" - - val AdministrativePermissionAbbreviations: Seq[String] = Seq( - ProjectResourceCreateAllPermission, - ProjectResourceCreateRestrictedPermission, - ProjectAdminAllPermission, - ProjectAdminGroupAllPermission, - ProjectAdminGroupRestrictedPermission, - ProjectAdminRightsAllPermission, - ) - val HasDefaultRestrictedViewPermission: IRI = KnoraAdminPrefixExpansion + "hasDefaultRestrictedViewPermission" val HasDefaultViewPermission: IRI = KnoraAdminPrefixExpansion + "hasDefaultViewPermission" val HasDefaultModifyPermission: IRI = KnoraAdminPrefixExpansion + "hasDefaultModifyPermission" diff --git a/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADM.scala b/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADM.scala index b98faede8c..a228fbefc1 100644 --- a/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADM.scala +++ b/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADM.scala @@ -19,9 +19,12 @@ import org.knora.webapi.messages.OntologyConstants import org.knora.webapi.messages.ResponderRequest.KnoraRequestADM import org.knora.webapi.messages.StringFormatter import org.knora.webapi.messages.admin.responder.AdminKnoraResponseADM +import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionProfileType.Full +import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionProfileType.Restricted import org.knora.webapi.messages.admin.responder.projectsmessages.ProjectsADMJsonProtocol import org.knora.webapi.messages.store.triplestoremessages.TriplestoreJsonProtocol import org.knora.webapi.messages.traits.Jsonable +import org.knora.webapi.slice.admin.domain.model.AdministrativePermission import org.knora.webapi.slice.admin.domain.model.KnoraProject.ProjectIri import org.knora.webapi.slice.admin.domain.model.ObjectAccessPermission import org.knora.webapi.slice.admin.domain.model.PermissionIri @@ -561,7 +564,7 @@ case class PermissionsDataADM( /* Does the user have the 'ProjectAdminAllPermission' permission for the project */ def hasProjectAdminAllPermissionFor(projectIri: IRI): Boolean = administrativePermissionsPerProject.get(projectIri) match { - case Some(permissions) => permissions(PermissionADM.ProjectAdminAllPermission) + case Some(permissions) => permissions(PermissionADM.from(AdministrativePermission.ProjectAdminAll)) case None => false } @@ -583,8 +586,8 @@ case class PermissionsDataADM( case ResourceCreateOperation(resourceClassIri) => this.administrativePermissionsPerProject.get(insideProject) match { case Some(set) => - set(PermissionADM.ProjectResourceCreateAllPermission) || set( - PermissionADM.projectResourceCreateRestrictedPermission(resourceClassIri), + set(PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll)) || set( + PermissionADM.from(AdministrativePermission.ProjectResourceCreateRestricted, resourceClassIri), ) case None => { // println("FALSE: No administrative permissions defined for this project.") @@ -724,51 +727,11 @@ object PermissionADM { def from(permission: ObjectAccessPermission, restriction: IRI): PermissionADM = PermissionADM(permission.token, Some(restriction), Some(permission.code)) - /////////////////////////////////////////////////////////////////////////// - // Administrative Permissions - /////////////////////////////////////////////////////////////////////////// + def from(permission: AdministrativePermission): PermissionADM = + PermissionADM(permission.token, None, None) - val ProjectResourceCreateAllPermission: PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectResourceCreateAllPermission, - additionalInformation = None, - permissionCode = None, - ) - - def projectResourceCreateRestrictedPermission(restriction: IRI): PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectResourceCreateRestrictedPermission, - additionalInformation = Some(restriction), - permissionCode = None, - ) - - val ProjectAdminAllPermission: PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectAdminAllPermission, - additionalInformation = None, - permissionCode = None, - ) - - val ProjectAdminGroupAllPermission: PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectAdminGroupAllPermission, - additionalInformation = None, - permissionCode = None, - ) - - def projectAdminGroupRestrictedPermission(restriction: IRI): PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectAdminGroupRestrictedPermission, - additionalInformation = Some(restriction), - permissionCode = None, - ) - - val ProjectAdminRightsAllPermission: PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectAdminRightsAllPermission, - additionalInformation = None, - permissionCode = None, - ) + def from(permission: AdministrativePermission, restriction: IRI): PermissionADM = + PermissionADM(permission.token, Some(restriction), None) } /** @@ -818,7 +781,6 @@ trait PermissionsADMJsonProtocol with TriplestoreJsonProtocol { implicit object PermissionProfileTypeFormat extends JsonFormat[PermissionProfileType] { - import PermissionProfileType.* /** * Not implemented. diff --git a/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesUtilADM.scala b/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesUtilADM.scala index 28e2b191c3..d53101c6d0 100644 --- a/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesUtilADM.scala +++ b/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesUtilADM.scala @@ -7,7 +7,8 @@ package org.knora.webapi.messages.admin.responder.permissionsmessages import dsp.errors.BadRequestException import org.knora.webapi.IRI -import org.knora.webapi.messages.OntologyConstants.KnoraAdmin.AdministrativePermissionAbbreviations +import org.knora.webapi.slice.admin.domain.model.AdministrativePermission +import org.knora.webapi.slice.admin.domain.model.AdministrativePermissions import org.knora.webapi.slice.admin.domain.model.PermissionIri /** @@ -26,10 +27,10 @@ object PermissionsMessagesUtilADM { */ def verifyHasPermissionsAP(hasPermissions: Set[PermissionADM]): Set[PermissionADM] = { val updatedPermissions = hasPermissions.map { permission => - if (!AdministrativePermissionAbbreviations.contains(permission.name)) + if (AdministrativePermission.fromToken(permission.name).isEmpty) throw BadRequestException( s"Invalid value for name parameter of hasPermissions: ${permission.name}, it should be one of " + - s"${AdministrativePermissionAbbreviations.toString}", + s"${AdministrativePermissions.allTokens.mkString(", ")}", ) PermissionADM( name = permission.name, diff --git a/webapi/src/main/scala/org/knora/webapi/messages/util/PermissionUtilADM.scala b/webapi/src/main/scala/org/knora/webapi/messages/util/PermissionUtilADM.scala index fc1207140e..26f04d12bb 100644 --- a/webapi/src/main/scala/org/knora/webapi/messages/util/PermissionUtilADM.scala +++ b/webapi/src/main/scala/org/knora/webapi/messages/util/PermissionUtilADM.scala @@ -26,6 +26,7 @@ import org.knora.webapi.messages.store.triplestoremessages.LiteralV2 import org.knora.webapi.messages.store.triplestoremessages.SparqlExtendedConstructResponse.ConstructPredicateObjects import org.knora.webapi.messages.util.PermissionUtilADM.formatPermissionADMs import org.knora.webapi.messages.util.PermissionUtilADM.parsePermissions +import org.knora.webapi.slice.admin.domain.model.AdministrativePermission import org.knora.webapi.slice.admin.domain.model.ObjectAccessPermission import org.knora.webapi.slice.admin.domain.model.ObjectAccessPermissions import org.knora.webapi.slice.admin.domain.model.User @@ -337,7 +338,7 @@ object PermissionUtilADM extends LazyLogging { permissionType match { case PermissionType.AP => - if (!OntologyConstants.KnoraAdmin.AdministrativePermissionAbbreviations.contains(abbreviation)) { + if (AdministrativePermission.fromToken(abbreviation).isEmpty) { throw InconsistentRepositoryDataException(s"Unrecognized permission abbreviation '$abbreviation'") } @@ -388,31 +389,32 @@ object PermissionUtilADM extends LazyLogging { */ def buildPermissionObject(name: String, iris: Set[IRI]): Set[PermissionADM] = name match { - case OntologyConstants.KnoraAdmin.ProjectResourceCreateAllPermission => - Set(PermissionADM.ProjectResourceCreateAllPermission) + case AdministrativePermission.ProjectResourceCreateAll.token => + Set(PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll)) - case OntologyConstants.KnoraAdmin.ProjectResourceCreateRestrictedPermission => + case AdministrativePermission.ProjectResourceCreateRestricted.token => if (iris.nonEmpty) { logger.debug(s"buildPermissionObject - ProjectResourceCreateRestrictedPermission - iris: $iris") - iris.map(iri => PermissionADM.projectResourceCreateRestrictedPermission(iri)) + iris.map(iri => PermissionADM.from(AdministrativePermission.ProjectResourceCreateRestricted, iri)) } else { throw InconsistentRepositoryDataException(s"Missing additional permission information.") } - case OntologyConstants.KnoraAdmin.ProjectAdminAllPermission => Set(PermissionADM.ProjectAdminAllPermission) + case AdministrativePermission.ProjectAdminAll.token => + Set(PermissionADM.from(AdministrativePermission.ProjectAdminAll)) - case OntologyConstants.KnoraAdmin.ProjectAdminGroupAllPermission => - Set(PermissionADM.ProjectAdminGroupAllPermission) + case AdministrativePermission.ProjectAdminGroupAll.token => + Set(PermissionADM.from(AdministrativePermission.ProjectAdminGroupAll)) - case OntologyConstants.KnoraAdmin.ProjectAdminGroupRestrictedPermission => + case AdministrativePermission.ProjectAdminGroupRestricted.token => if (iris.nonEmpty) { - iris.map(iri => PermissionADM.projectAdminGroupRestrictedPermission(iri)) + iris.map(PermissionADM.from(AdministrativePermission.ProjectAdminGroupRestricted, _)) } else { throw InconsistentRepositoryDataException(s"Missing additional permission information.") } - case OntologyConstants.KnoraAdmin.ProjectAdminRightsAllPermission => - Set(PermissionADM.ProjectAdminRightsAllPermission) + case AdministrativePermission.ProjectAdminRightsAll.token => + Set(PermissionADM.from(AdministrativePermission.ProjectAdminRightsAll)) case ObjectAccessPermission.ChangeRights.token => if (iris.nonEmpty) { @@ -459,34 +461,6 @@ object PermissionUtilADM extends LazyLogging { def removeDuplicatePermissions(permissions: Seq[PermissionADM]): Set[PermissionADM] = permissions.groupBy(perm => perm.name + perm.additionalInformation).map { case (_, v) => v.head }.toSet - /** - * Helper method used to remove lesser permissions, i.e. permissions which are already given by - * the highest permission. - * - * @param permissions a set of permissions possibly containing lesser permissions. - * @param permissionType the type of permissions. - * @return a set of permissions without possible lesser permissions. - */ - def removeLesserPermissions(permissions: Set[PermissionADM], permissionType: PermissionType): Set[PermissionADM] = - permissionType match { - case PermissionType.OAP => - if (permissions.nonEmpty) { - /* Handling object access permissions which always have 'additionalInformation' and 'permissionCode' set */ - permissions - .groupBy(_.additionalInformation) - .map { case (_, perms) => - // sort in descending order and then take the first one (the highest permission) - perms.toArray.sortWith(_.permissionCode.get > _.permissionCode.get).head - } - .toSet - } else { - Set.empty[PermissionADM] - } - - case PermissionType.AP => ??? - case PermissionType.DOAP => ??? - } - /** * Helper method used to transform a set of permissions into a permissions string ready to be written into the * triplestore as the value for the 'knora-base:hasPermissions' property. diff --git a/webapi/src/main/scala/org/knora/webapi/responders/admin/PermissionsResponderADM.scala b/webapi/src/main/scala/org/knora/webapi/responders/admin/PermissionsResponderADM.scala index 1fc3461805..cfd9c3582e 100644 --- a/webapi/src/main/scala/org/knora/webapi/responders/admin/PermissionsResponderADM.scala +++ b/webapi/src/main/scala/org/knora/webapi/responders/admin/PermissionsResponderADM.scala @@ -35,6 +35,7 @@ import org.knora.webapi.responders.IriLocker import org.knora.webapi.responders.IriService import org.knora.webapi.responders.Responder import org.knora.webapi.slice.admin.AdminConstants +import org.knora.webapi.slice.admin.domain.model.AdministrativePermission import org.knora.webapi.slice.admin.domain.model.Group import org.knora.webapi.slice.admin.domain.model.GroupIri import org.knora.webapi.slice.admin.domain.model.KnoraProject.ProjectIri @@ -2217,8 +2218,10 @@ final case class PermissionsResponderADMLive( CreateAdministrativePermissionAPIRequestADM( forProject = projectIri.value, forGroup = OntologyConstants.KnoraAdmin.ProjectAdmin, - hasPermissions = - Set(PermissionADM.ProjectAdminAllPermission, PermissionADM.ProjectResourceCreateAllPermission), + hasPermissions = Set( + PermissionADM.from(AdministrativePermission.ProjectAdminAll), + PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll), + ), ), SystemUser, UUID.randomUUID(), @@ -2229,7 +2232,7 @@ final case class PermissionsResponderADMLive( CreateAdministrativePermissionAPIRequestADM( forProject = projectIri.value, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectResourceCreateAllPermission), + hasPermissions = Set(PermissionADM.from(AdministrativePermission.ProjectResourceCreateAll)), ), SystemUser, UUID.randomUUID(), diff --git a/webapi/src/main/scala/org/knora/webapi/slice/admin/domain/model/AdministrativePermission.scala b/webapi/src/main/scala/org/knora/webapi/slice/admin/domain/model/AdministrativePermission.scala new file mode 100644 index 0000000000..951bacbef2 --- /dev/null +++ b/webapi/src/main/scala/org/knora/webapi/slice/admin/domain/model/AdministrativePermission.scala @@ -0,0 +1,46 @@ +/* + * Copyright © 2021 - 2024 Swiss National Data and Service Center for the Humanities and/or DaSCH Service Platform contributors. + * SPDX-License-Identifier: Apache-2.0 + */ + +package org.knora.webapi.slice.admin.domain.model + +sealed trait AdministrativePermission { + def token: String +} + +object AdministrativePermission { + case object ProjectResourceCreateAll extends AdministrativePermission { + override val token: String = "ProjectResourceCreateAllPermission" + } + case object ProjectResourceCreateRestricted extends AdministrativePermission { + override val token: String = "ProjectResourceCreateRestrictedPermission" + } + case object ProjectAdminAll extends AdministrativePermission { + override val token: String = "ProjectAdminAllPermission" + } + case object ProjectAdminGroupAll extends AdministrativePermission { + override val token: String = "ProjectAdminGroupAllPermission" + } + case object ProjectAdminGroupRestricted extends AdministrativePermission { + override val token: String = "ProjectAdminGroupRestrictedPermission" + } + case object ProjectAdminRightsAll extends AdministrativePermission { + override val token: String = "ProjectAdminRightsAllPermission" + } + + def fromToken(token: String): Option[AdministrativePermission] = + AdministrativePermissions.all.find(_.token == token) +} + +object AdministrativePermissions { + val all: Set[AdministrativePermission] = Set( + AdministrativePermission.ProjectResourceCreateAll, + AdministrativePermission.ProjectResourceCreateRestricted, + AdministrativePermission.ProjectAdminAll, + AdministrativePermission.ProjectAdminGroupAll, + AdministrativePermission.ProjectAdminGroupRestricted, + AdministrativePermission.ProjectAdminRightsAll, + ) + val allTokens: Set[String] = all.map(_.token) +}