diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/RoleService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/RoleService.java index 25daa95d..3c81fd2b 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/RoleService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/RoleService.java @@ -31,8 +31,8 @@ public class RoleService { private final RoleRepository roleRepository; private final PrivilegeService privilegeService; private final FenceMappingUtility fenceMappingUtility; - public static final String managed_open_access_role_name = "MANUAL_ROLE_OPEN_ACCESS"; - public static final String managed_role_named_dataset = "MANUAL_ROLE_NAMED_DATASET"; + public static final String MANAGED_OPEN_ACCESS_ROLE_NAME = "MANUAL_ROLE_OPEN_ACCESS"; + public static final String MANAGED_ROLE_NAMED_DATASET = "MANUAL_ROLE_NAMED_DATASET"; private final Set publicAccessRoles = new HashSet<>(); @Autowired diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java index 42ee3faa..31c9f5ff 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java @@ -19,7 +19,6 @@ import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jws; import jakarta.mail.MessagingException; -import jakarta.persistence.NoResultException; import jakarta.validation.constraints.NotNull; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; @@ -40,8 +39,8 @@ import java.util.*; import java.util.stream.Collectors; -import static edu.harvard.hms.dbmi.avillach.auth.service.impl.RoleService.managed_open_access_role_name; -import static edu.harvard.hms.dbmi.avillach.auth.service.impl.RoleService.managed_role_named_dataset; +import static edu.harvard.hms.dbmi.avillach.auth.service.impl.RoleService.MANAGED_OPEN_ACCESS_ROLE_NAME; +import static edu.harvard.hms.dbmi.avillach.auth.service.impl.RoleService.MANAGED_ROLE_NAMED_DATASET; @Service public class UserService { @@ -650,7 +649,7 @@ public User updateUserRoles(User current_user, Set roleNames) { .collect(Collectors.toSet()); Set rolesToRemove = current_user.getRoles().stream() - .filter(role -> !roleNames.contains(role.getName()) && !role.getName().equals(managed_open_access_role_name) + .filter(role -> !roleNames.contains(role.getName()) && !role.getName().equals(MANAGED_OPEN_ACCESS_ROLE_NAME) && !role.getName().startsWith("MANUAL_") && !role.getName().equals("PIC-SURE Top Admin") && !role.getName().equals("Admin")) .collect(Collectors.toSet()); @@ -674,18 +673,18 @@ public User updateUserRoles(User current_user, Set roleNames) { current_user.getRoles().addAll(newRoles); } - Role openAccessRole = roleService.findByName(managed_open_access_role_name); + Role openAccessRole = roleService.findByName(MANAGED_OPEN_ACCESS_ROLE_NAME); if (openAccessRole != null) { current_user.getRoles().add(openAccessRole); } else { logger.warn("Unable to find fence OPEN ACCESS role"); } - Role role = roleService.findByName(managed_role_named_dataset); + Role role = roleService.findByName(MANAGED_ROLE_NAMED_DATASET); if (role != null) { current_user.getRoles().add(role); } else { - logger.warn("upsertRole() Unable to find role named {}", managed_role_named_dataset); + logger.warn("upsertRole() Unable to find role named {}", MANAGED_ROLE_NAMED_DATASET); } // Every user has access to public datasets by default. diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/AimAheadAuthenticationService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/AimAheadAuthenticationService.java index bd3c2363..736198f0 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/AimAheadAuthenticationService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/AimAheadAuthenticationService.java @@ -20,7 +20,7 @@ import java.util.*; -import static edu.harvard.hms.dbmi.avillach.auth.service.impl.RoleService.managed_open_access_role_name; +import static edu.harvard.hms.dbmi.avillach.auth.service.impl.RoleService.MANAGED_OPEN_ACCESS_ROLE_NAME; @Service public class AimAheadAuthenticationService extends OktaAuthenticationService implements AuthenticationService { @@ -171,7 +171,7 @@ private User loadUser(JsonNode introspectResponse) { } // All users that login through OKTA should have the fence_open_access role, or they will not be able to interact with the UI - Role fenceOpenAccessRole = roleService.getRoleByName(managed_open_access_role_name); + Role fenceOpenAccessRole = roleService.getRoleByName(MANAGED_OPEN_ACCESS_ROLE_NAME); if (!user.get().getRoles().contains(fenceOpenAccessRole)) { logger.info("Adding fence_open_access role to user: {}", user.get().getUuid()); Set roles = user.get().getRoles(); diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/FENCEAuthenticationService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/FENCEAuthenticationService.java index 95b5b0ef..8c0542f1 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/FENCEAuthenticationService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/FENCEAuthenticationService.java @@ -3,9 +3,7 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.node.ObjectNode; import edu.harvard.hms.dbmi.avillach.auth.entity.Connection; -import edu.harvard.hms.dbmi.avillach.auth.entity.Role; import edu.harvard.hms.dbmi.avillach.auth.entity.User; import edu.harvard.hms.dbmi.avillach.auth.exceptions.NotAuthorizedException; import edu.harvard.hms.dbmi.avillach.auth.model.fenceMapping.StudyMetaData; @@ -28,9 +26,6 @@ import org.springframework.util.MultiValueMap; import java.util.*; -import java.util.stream.Collectors; - -import static edu.harvard.hms.dbmi.avillach.auth.service.impl.RoleService.managed_open_access_role_name; @Service public class FENCEAuthenticationService implements AuthenticationService { diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/OpenAuthenticationService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/OpenAuthenticationService.java index 6564541c..dccd6351 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/OpenAuthenticationService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authentication/OpenAuthenticationService.java @@ -16,7 +16,7 @@ import java.util.HashMap; import java.util.Map; -import static edu.harvard.hms.dbmi.avillach.auth.service.impl.RoleService.managed_open_access_role_name; +import static edu.harvard.hms.dbmi.avillach.auth.service.impl.RoleService.MANAGED_OPEN_ACCESS_ROLE_NAME; @Service public class OpenAuthenticationService implements AuthenticationService { @@ -53,7 +53,7 @@ public HashMap authenticate(Map authRequest, Str // If we can't find the user by UUID, create a new one if (currentUser == null) { - Role openAccessRole = roleService.getRoleByName(managed_open_access_role_name); + Role openAccessRole = roleService.getRoleByName(MANAGED_OPEN_ACCESS_ROLE_NAME); currentUser = userService.createOpenAccessUser(openAccessRole); //clear some cache entries if we register a new login