diff --git a/integration/src/test/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADMSpec.scala b/integration/src/test/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADMSpec.scala index 711b3c89a4..a78fc243ec 100644 --- a/integration/src/test/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADMSpec.scala +++ b/integration/src/test/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADMSpec.scala @@ -13,15 +13,13 @@ import dsp.errors.BadRequestException import dsp.errors.ForbiddenException import org.knora.webapi.CoreSpec import org.knora.webapi.messages.OntologyConstants -import org.knora.webapi.messages.OntologyConstants.KnoraAdmin.AdministrativePermissionAbbreviations -import org.knora.webapi.messages.OntologyConstants.KnoraBase.EntityPermissionAbbreviations -import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionsMessagesUtilADM.PermissionTypeAndCodes import org.knora.webapi.responders.admin.PermissionsResponderADM import org.knora.webapi.routing.UnsafeZioRun import org.knora.webapi.sharedtestdata.SharedOntologyTestDataADM._ import org.knora.webapi.sharedtestdata.SharedTestDataADM2._ import org.knora.webapi.sharedtestdata._ import org.knora.webapi.slice.admin.api.service.PermissionsRestService +import org.knora.webapi.slice.admin.domain.model.Permission import org.knora.webapi.util.ZioScalaTestUtil.assertFailsWithA /** @@ -74,7 +72,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { CreateAdministrativePermissionAPIRequestADM( forProject = "invalid-project-IRI", forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectAdminAllPermission), + hasPermissions = Set(PermissionADM.from(Permission.Administrative.ProjectAdminAll)), ), SharedTestDataADM.imagesUser01, ), @@ -89,7 +87,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { CreateAdministrativePermissionAPIRequestADM( forProject = SharedTestDataADM.imagesProjectIri, forGroup = groupIri, - hasPermissions = Set(PermissionADM.ProjectAdminAllPermission), + hasPermissions = Set(PermissionADM.from(Permission.Administrative.ProjectAdminAll)), ), SharedTestDataADM.imagesUser01, ), @@ -105,7 +103,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { id = Some(permissionIri), forProject = SharedTestDataADM.imagesProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectAdminAllPermission), + hasPermissions = Set(PermissionADM.from(Permission.Administrative.ProjectAdminAll)), ), SharedTestDataADM.imagesUser01, ), @@ -135,7 +133,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { assertFailsWithA[BadRequestException]( exit, s"Invalid value for name parameter of hasPermissions: $invalidName, it should be one of " + - s"${AdministrativePermissionAbbreviations.toString}", + s"${Permission.Administrative.allTokens.mkString(", ")}", ) } @@ -159,7 +157,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { CreateAdministrativePermissionAPIRequestADM( forProject = SharedTestDataADM.imagesProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectAdminAllPermission), + hasPermissions = Set(PermissionADM.from(Permission.Administrative.ProjectAdminAll)), ), SharedTestDataADM.imagesReviewerUser, ), @@ -422,7 +420,8 @@ class PermissionsMessagesADMSpec extends CoreSpec { CreateDefaultObjectAccessPermissionAPIRequestADM( forProject = forProject, forGroup = Some(OntologyConstants.KnoraAdmin.ProjectMember), - hasPermissions = Set(PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.ProjectMember)), + hasPermissions = + Set(PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.ProjectMember)), ), SharedTestDataADM.imagesUser01, ), @@ -437,7 +436,8 @@ class PermissionsMessagesADMSpec extends CoreSpec { CreateDefaultObjectAccessPermissionAPIRequestADM( forProject = SharedTestDataADM.imagesProjectIri, forGroup = Some(groupIri), - hasPermissions = Set(PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.ProjectMember)), + hasPermissions = + Set(PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.ProjectMember)), ), SharedTestDataADM.imagesUser01, ), @@ -453,7 +453,8 @@ class PermissionsMessagesADMSpec extends CoreSpec { id = Some(permissionIri), forProject = SharedTestDataADM.imagesProjectIri, forGroup = Some(OntologyConstants.KnoraAdmin.ProjectMember), - hasPermissions = Set(PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.ProjectMember)), + hasPermissions = + Set(PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.ProjectMember)), ), SharedTestDataADM.imagesUser01, ), @@ -488,7 +489,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { assertFailsWithA[BadRequestException]( exit, "Invalid value for name parameter of hasPermissions: invalid, it should be one of " + - s"${EntityPermissionAbbreviations.toString}", + s"${Permission.ObjectAccess.allTokens.mkString(", ")}", ) } @@ -496,7 +497,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { val invalidCode = 10 val hasPermissions = Set( PermissionADM( - name = OntologyConstants.KnoraBase.ChangeRightsPermission, + name = Permission.ObjectAccess.ChangeRights.token, additionalInformation = Some(OntologyConstants.KnoraAdmin.Creator), permissionCode = Some(invalidCode), ), @@ -507,18 +508,16 @@ class PermissionsMessagesADMSpec extends CoreSpec { assertFailsWithA[BadRequestException]( exit, s"Invalid value for permissionCode parameter of hasPermissions: $invalidCode, it should be one of " + - s"${PermissionTypeAndCodes.values.toString}", + s"${Permission.ObjectAccess.allCodes.mkString(", ")}", ) } "not create a DefaultObjectAccessPermission for project and property if hasPermissions set contained permission with inconsistent code and name" in { - val code = 2 - val name = OntologyConstants.KnoraBase.ChangeRightsPermission val hasPermissions = Set( PermissionADM( - name = name, + name = Permission.ObjectAccess.ChangeRights.token, additionalInformation = Some(OntologyConstants.KnoraAdmin.Creator), - permissionCode = Some(code), + permissionCode = Some(Permission.ObjectAccess.View.code), ), ) @@ -526,7 +525,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { UnsafeZioRun.run(ZIO.serviceWithZIO[PermissionsResponderADM](_.verifyHasPermissionsDOAP(hasPermissions))) assertFailsWithA[BadRequestException]( exit, - s"Given permission code $code and permission name $name are not consistent.", + s"Given permission code 2 and permission name CR are not consistent.", ) } @@ -552,7 +551,7 @@ class PermissionsMessagesADMSpec extends CoreSpec { val hasPermissions = Set( PermissionADM( - name = OntologyConstants.KnoraBase.ChangeRightsPermission, + name = Permission.ObjectAccess.ChangeRights.token, additionalInformation = None, permissionCode = Some(8), ), @@ -571,7 +570,8 @@ class PermissionsMessagesADMSpec extends CoreSpec { CreateDefaultObjectAccessPermissionAPIRequestADM( forProject = SharedTestDataADM.anythingProjectIri, forGroup = Some(SharedTestDataADM.thingSearcherGroup.id), - hasPermissions = Set(PermissionADM.restrictedViewPermission(SharedTestDataADM.thingSearcherGroup.id)), + hasPermissions = + Set(PermissionADM.from(Permission.ObjectAccess.RestrictedView, SharedTestDataADM.thingSearcherGroup.id)), ), SharedTestDataADM.anythingUser2, ), @@ -589,7 +589,8 @@ class PermissionsMessagesADMSpec extends CoreSpec { forProject = anythingProjectIri, forGroup = Some(OntologyConstants.KnoraAdmin.ProjectMember), forResourceClass = Some(ANYTHING_THING_RESOURCE_CLASS_LocalHost), - hasPermissions = Set(PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.ProjectMember)), + hasPermissions = + Set(PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.ProjectMember)), ), SharedTestDataADM.rootUser, ), @@ -604,7 +605,8 @@ class PermissionsMessagesADMSpec extends CoreSpec { forProject = anythingProjectIri, forGroup = Some(OntologyConstants.KnoraAdmin.ProjectMember), forProperty = Some(ANYTHING_HasDate_PROPERTY_LocalHost), - hasPermissions = Set(PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.ProjectMember)), + hasPermissions = + Set(PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.ProjectMember)), ), SharedTestDataADM.rootUser, ), @@ -618,7 +620,8 @@ class PermissionsMessagesADMSpec extends CoreSpec { CreateDefaultObjectAccessPermissionAPIRequestADM( forProject = anythingProjectIri, forProperty = Some(SharedTestDataADM.customValueIRI), - hasPermissions = Set(PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.ProjectMember)), + hasPermissions = + Set(PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.ProjectMember)), ), SharedTestDataADM.rootUser, ), @@ -632,7 +635,8 @@ class PermissionsMessagesADMSpec extends CoreSpec { CreateDefaultObjectAccessPermissionAPIRequestADM( forProject = anythingProjectIri, forResourceClass = Some(ANYTHING_THING_RESOURCE_CLASS_LocalHost), - hasPermissions = Set(PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.ProjectMember)), + hasPermissions = + Set(PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.ProjectMember)), ), SharedTestDataADM.rootUser, ), @@ -648,7 +652,8 @@ class PermissionsMessagesADMSpec extends CoreSpec { PermissionsRestService.createDefaultObjectAccessPermission( CreateDefaultObjectAccessPermissionAPIRequestADM( forProject = anythingProjectIri, - hasPermissions = Set(PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.ProjectMember)), + hasPermissions = + Set(PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.ProjectMember)), ), SharedTestDataADM.rootUser, ), diff --git a/integration/src/test/scala/org/knora/webapi/messages/util/ConstructResponseUtilV2SpecFullData.scala b/integration/src/test/scala/org/knora/webapi/messages/util/ConstructResponseUtilV2SpecFullData.scala index 38c338219f..7e0f3aa40c 100644 --- a/integration/src/test/scala/org/knora/webapi/messages/util/ConstructResponseUtilV2SpecFullData.scala +++ b/integration/src/test/scala/org/knora/webapi/messages/util/ConstructResponseUtilV2SpecFullData.scala @@ -11,8 +11,6 @@ import dsp.valueobjects.UuidUtil import org.knora.webapi.InternalSchema import org.knora.webapi.messages.IriConversions._ import org.knora.webapi.messages.StringFormatter -import org.knora.webapi.messages.util.PermissionUtilADM.ChangeRightsPermission -import org.knora.webapi.messages.util.PermissionUtilADM.ViewPermission import org.knora.webapi.messages.v2.responder.resourcemessages.ReadResourceV2 import org.knora.webapi.messages.v2.responder.resourcemessages.ReadResourcesSequenceV2 import org.knora.webapi.messages.v2.responder.standoffmessages.StandoffDataTypeClasses @@ -20,6 +18,7 @@ import org.knora.webapi.messages.v2.responder.standoffmessages.StandoffTagIriAtt import org.knora.webapi.messages.v2.responder.standoffmessages.StandoffTagV2 import org.knora.webapi.messages.v2.responder.valuemessages._ import org.knora.webapi.sharedtestdata.SharedTestDataADM +import org.knora.webapi.slice.admin.domain.model.Permission class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormatter) { @@ -33,7 +32,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", resourceClassIri = "http://www.knora.org/ontology/0001/anything#Thing".toSmartIri, creationDate = Instant.parse("2019-11-29T10:00:00.673298Z"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, values = Map( "http://www.knora.org/ontology/0001/anything#hasInteger".toSmartIri -> Vector( ReadOtherValueV2( @@ -48,7 +47,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", previousValueIri = None, valueHasUUID = UuidUtil.decode("F2xCr0S2QfWRQxJDWY9L0g"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ReadOtherValueV2( @@ -63,7 +62,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", previousValueIri = None, valueHasUUID = UuidUtil.decode("yVTqO37cRkCSvXbFc3vTyw"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -87,7 +86,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", resourceClassIri = "http://www.knora.org/ontology/0001/anything#Thing".toSmartIri, creationDate = Instant.parse("2019-11-29T10:00:00.673298Z"), - userPermission = ViewPermission, + userPermission = Permission.ObjectAccess.View, values = Map(), projectADM = SharedTestDataADM.anythingProject, lastModificationDate = None, @@ -108,7 +107,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", resourceClassIri = "http://www.knora.org/ontology/0001/anything#Thing".toSmartIri, creationDate = Instant.parse("2020-04-07T09:12:56.710717Z"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, values = Map( "http://www.knora.org/ontology/0001/anything#hasOtherThingValue".toSmartIri -> Vector( ReadLinkValueV2( @@ -127,7 +126,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/BhkfBc3hTeS_IDo-JgXRbQ", resourceClassIri = "http://www.knora.org/ontology/0001/anything#Thing".toSmartIri, creationDate = Instant.parse("2020-04-07T09:12:56.710717Z"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, values = Map(), projectADM = SharedTestDataADM.anythingProject, lastModificationDate = None, @@ -142,7 +141,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", previousValueIri = None, valueHasUUID = UuidUtil.decode("UgSp5mXTTSKdI02ZU1KIAA"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -159,7 +158,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", previousValueIri = None, valueHasUUID = UuidUtil.decode("U1PwfNaVRQebbOSFWNdMqQ"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -183,7 +182,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", resourceClassIri = "http://www.knora.org/ontology/0001/anything#Thing".toSmartIri, creationDate = Instant.parse("2020-04-07T09:12:56.710717Z"), - userPermission = ViewPermission, + userPermission = Permission.ObjectAccess.View, values = Map( "http://www.knora.org/ontology/0001/anything#hasInteger".toSmartIri -> Vector( ReadOtherValueV2( @@ -198,7 +197,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", previousValueIri = None, valueHasUUID = UuidUtil.decode("U1PwfNaVRQebbOSFWNdMqQ"), - userPermission = ViewPermission, + userPermission = Permission.ObjectAccess.View, deletionInfo = None, ), ), @@ -222,7 +221,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", resourceClassIri = "http://www.knora.org/ontology/0001/anything#Thing".toSmartIri, creationDate = Instant.parse("2016-03-02T15:05:10Z"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, values = Map( "http://www.knora.org/ontology/0001/anything#hasText".toSmartIri -> Vector( ReadTextValueV2( @@ -276,7 +275,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", previousValueIri = None, valueHasUUID = UuidUtil.decode("1"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ReadTextValueV2( @@ -330,7 +329,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", previousValueIri = None, valueHasUUID = UuidUtil.decode("2"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -351,7 +350,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", resourceClassIri = "http://www.knora.org/ontology/0001/anything#Thing".toSmartIri, creationDate = Instant.parse("2016-03-02T15:05:10Z"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, values = Map(), projectADM = SharedTestDataADM.anythingProject, lastModificationDate = None, @@ -366,7 +365,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://www.knora.org/ontology/knora-admin#SystemUser", previousValueIri = None, valueHasUUID = UuidUtil.decode("0"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -391,7 +390,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#page".toSmartIri, creationDate = Instant.parse("2016-03-02T15:05:23Z"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, values = Map( "http://www.knora.org/ontology/0803/incunabula#partOfValue".toSmartIri -> Vector( ReadLinkValueV2( @@ -411,7 +410,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#book".toSmartIri, creationDate = Instant.parse("2016-03-02T15:05:23Z"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, values = Map( "http://www.knora.org/ontology/0803/incunabula#title".toSmartIri -> Vector( ReadTextValueV2( @@ -429,7 +428,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("d9a522845006"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -448,7 +447,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("bbd4d6a9-8b73-4670-b0cd-e851cd0a7c5d"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -466,7 +465,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("fae17f4f6106"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -484,7 +483,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#page".toSmartIri, creationDate = Instant.parse("2016-03-02T15:05:10Z"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, values = Map( "http://www.knora.org/ontology/0803/incunabula#partOfValue".toSmartIri -> Vector( ReadLinkValueV2( @@ -504,7 +503,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#book".toSmartIri, creationDate = Instant.parse("2016-03-02T15:05:10Z"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, values = Map( "http://www.knora.org/ontology/0803/incunabula#title".toSmartIri -> Vector( ReadTextValueV2( @@ -522,7 +521,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("c3295339"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -541,7 +540,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("25c5e9fd-2cb2-4350-88bb-882be3373745"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -559,7 +558,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("53feeaf80a"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -584,7 +583,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#book".toSmartIri, creationDate = Instant.parse("2016-03-02T15:05:10Z"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, values = Map( "http://www.knora.org/ontology/0803/incunabula#title".toSmartIri -> Vector( ReadTextValueV2( @@ -602,7 +601,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("c3295339"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -624,7 +623,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#page".toSmartIri, creationDate = Instant.parse("2016-03-02T15:05:10Z"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, values = Map( "http://www.knora.org/ontology/0803/incunabula#partOfValue".toSmartIri -> Vector( ReadLinkValueV2( @@ -644,7 +643,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("25c5e9fd-2cb2-4350-88bb-882be3373745"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -662,7 +661,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("53feeaf80a"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -681,7 +680,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("25c5e9fd-2cb2-4350-88bb-882be3373745"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -699,7 +698,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#book".toSmartIri, creationDate = Instant.parse("2016-03-02T15:05:23Z"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, values = Map( "http://www.knora.org/ontology/0803/incunabula#title".toSmartIri -> Vector( ReadTextValueV2( @@ -717,7 +716,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("d9a522845006"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -739,7 +738,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#page".toSmartIri, creationDate = Instant.parse("2016-03-02T15:05:23Z"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, values = Map( "http://www.knora.org/ontology/0803/incunabula#partOfValue".toSmartIri -> Vector( ReadLinkValueV2( @@ -759,7 +758,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("bbd4d6a9-8b73-4670-b0cd-e851cd0a7c5d"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -777,7 +776,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("fae17f4f6106"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), @@ -796,7 +795,7 @@ class ConstructResponseUtilV2SpecFullData(implicit stringFormatter: StringFormat attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, valueHasUUID = UuidUtil.decode("bbd4d6a9-8b73-4670-b0cd-e851cd0a7c5d"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, deletionInfo = None, ), ), diff --git a/integration/src/test/scala/org/knora/webapi/messages/util/PermissionUtilADMSpec.scala b/integration/src/test/scala/org/knora/webapi/messages/util/PermissionUtilADMSpec.scala index c6f2de9b2f..2b7cae977e 100644 --- a/integration/src/test/scala/org/knora/webapi/messages/util/PermissionUtilADMSpec.scala +++ b/integration/src/test/scala/org/knora/webapi/messages/util/PermissionUtilADMSpec.scala @@ -14,9 +14,9 @@ import org.knora.webapi.messages.OntologyConstants import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionADM import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionType import org.knora.webapi.messages.util.PermissionUtilADM -import org.knora.webapi.messages.util.PermissionUtilADM._ import org.knora.webapi.sharedtestdata.SharedTestDataADM import org.knora.webapi.sharedtestdata.SharedTestDataADM2 +import org.knora.webapi.slice.admin.domain.model.Permission import pekko.testkit.ImplicitSender @@ -25,11 +25,11 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { val permissionLiteral = "RV knora-admin:UnknownUser|V knora-admin:KnownUser|M knora-admin:ProjectMember|CR knora-admin:Creator" - val parsedPermissionLiteral: Map[EntityPermission, Set[IRI]] = Map( - RestrictedViewPermission -> Set(OntologyConstants.KnoraAdmin.UnknownUser), - ViewPermission -> Set(OntologyConstants.KnoraAdmin.KnownUser), - ModifyPermission -> Set(OntologyConstants.KnoraAdmin.ProjectMember), - ChangeRightsPermission -> Set(OntologyConstants.KnoraAdmin.Creator), + val parsedPermissionLiteral: Map[Permission.ObjectAccess, Set[IRI]] = Map( + Permission.ObjectAccess.RestrictedView -> Set(OntologyConstants.KnoraAdmin.UnknownUser), + Permission.ObjectAccess.View -> Set(OntologyConstants.KnoraAdmin.KnownUser), + Permission.ObjectAccess.Modify -> Set(OntologyConstants.KnoraAdmin.ProjectMember), + Permission.ObjectAccess.ChangeRights -> Set(OntologyConstants.KnoraAdmin.Creator), ) "PermissionUtil" should { @@ -40,7 +40,7 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { entityProject = SharedTestDataADM2.incunabulaProjectIri, entityPermissionLiteral = permissionLiteral, requestingUser = SharedTestDataADM.incunabulaMemberUser, - ) should equal(Some(ModifyPermission)) // modify permission + ) should equal(Some(Permission.ObjectAccess.Modify)) // modify permission } "return user's max permission for a specific resource (incunabula project admin user)" in { @@ -49,7 +49,7 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { entityProject = SharedTestDataADM2.incunabulaProjectIri, entityPermissionLiteral = permissionLiteral, requestingUser = SharedTestDataADM.incunabulaProjectAdminUser, - ) should equal(Some(ChangeRightsPermission)) // change rights permission + ) should equal(Some(Permission.ObjectAccess.ChangeRights)) // change rights permission } "return user's max permission for a specific resource (incunabula creator user)" in { @@ -58,7 +58,7 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { entityProject = SharedTestDataADM2.incunabulaProjectIri, entityPermissionLiteral = permissionLiteral, requestingUser = SharedTestDataADM.incunabulaCreatorUser, - ) should equal(Some(ChangeRightsPermission)) // change rights permission + ) should equal(Some(Permission.ObjectAccess.ChangeRights)) // change rights permission } "return user's max permission for a specific resource (root user)" in { @@ -67,7 +67,7 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { entityProject = SharedTestDataADM2.incunabulaProjectIri, entityPermissionLiteral = permissionLiteral, requestingUser = SharedTestDataADM.rootUser, - ) should equal(Some(ChangeRightsPermission)) // change rights permission + ) should equal(Some(Permission.ObjectAccess.ChangeRights)) // change rights permission } "return user's max permission for a specific resource (normal user)" in { @@ -76,7 +76,7 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { entityProject = SharedTestDataADM2.incunabulaProjectIri, entityPermissionLiteral = permissionLiteral, requestingUser = SharedTestDataADM.normalUser, - ) should equal(Some(ViewPermission)) // view permission + ) should equal(Some(Permission.ObjectAccess.View)) // view permission } "return user's max permission for a specific resource (anonymous user)" in { @@ -85,7 +85,7 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { entityProject = SharedTestDataADM2.incunabulaProjectIri, entityPermissionLiteral = permissionLiteral, requestingUser = SharedTestDataADM.anonymousUser, - ) should equal(Some(RestrictedViewPermission)) // restricted view permission + ) should equal(Some(Permission.ObjectAccess.RestrictedView)) // restricted view permission } "return user's max permission from assertions for a specific resource" in { @@ -99,7 +99,7 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { entityIri = "http://rdfh.ch/00014b43f902", assertions = assertions, requestingUser = SharedTestDataADM.incunabulaMemberUser, - ) should equal(Some(ModifyPermission)) // modify permissions + ) should equal(Some(Permission.ObjectAccess.Modify)) // modify permissions } "return user's max permission on link value" ignore { @@ -115,11 +115,11 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { "M knora-admin:Creator,knora-admin:ProjectMember|V knora-admin:KnownUser,http://rdfh.ch/groups/customgroup|RV knora-admin:UnknownUser" val permissionsSet = Set( - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.Creator), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), - PermissionADM.viewPermission("http://rdfh.ch/groups/customgroup"), - PermissionADM.restrictedViewPermission(OntologyConstants.KnoraAdmin.UnknownUser), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.View, "http://rdfh.ch/groups/customgroup"), + PermissionADM.from(Permission.ObjectAccess.RestrictedView, OntologyConstants.KnoraAdmin.UnknownUser), ) PermissionUtilADM.parsePermissionsWithType( @@ -133,10 +133,16 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { "ProjectResourceCreateAllPermission|ProjectAdminAllPermission|ProjectResourceCreateRestrictedPermission ," val permissionsSet = Set( - PermissionADM.ProjectResourceCreateAllPermission, - PermissionADM.ProjectAdminAllPermission, - PermissionADM.projectResourceCreateRestrictedPermission("http://www.knora.org/ontology/00FF/images#bild"), - PermissionADM.projectResourceCreateRestrictedPermission("http://www.knora.org/ontology/00FF/images#bildformat"), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), + PermissionADM.from(Permission.Administrative.ProjectAdminAll), + PermissionADM.from( + Permission.Administrative.ProjectResourceCreateRestricted, + "http://www.knora.org/ontology/00FF/images#bild", + ), + PermissionADM.from( + Permission.Administrative.ProjectResourceCreateRestricted, + "http://www.knora.org/ontology/00FF/images#bildformat", + ), ) PermissionUtilADM.parsePermissionsWithType( @@ -147,13 +153,13 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { "build a 'PermissionADM' object" in { PermissionUtilADM.buildPermissionObject( - name = OntologyConstants.KnoraAdmin.ProjectResourceCreateRestrictedPermission, + name = Permission.Administrative.ProjectResourceCreateRestricted.token, iris = Set("1", "2", "3"), ) should equal( Set( - PermissionADM.projectResourceCreateRestrictedPermission("1"), - PermissionADM.projectResourceCreateRestrictedPermission("2"), - PermissionADM.projectResourceCreateRestrictedPermission("3"), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateRestricted, "1"), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateRestricted, "2"), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateRestricted, "3"), ), ) } @@ -161,53 +167,33 @@ class PermissionUtilADMSpec extends CoreSpec with ImplicitSender { "remove duplicate permissions" in { val duplicatedPermissions = Seq( - PermissionADM.restrictedViewPermission("1"), - PermissionADM.restrictedViewPermission("1"), - PermissionADM.restrictedViewPermission("2"), - PermissionADM.changeRightsPermission("2"), - PermissionADM.changeRightsPermission("3"), - PermissionADM.changeRightsPermission("3"), + PermissionADM.from(Permission.ObjectAccess.View, "1"), + PermissionADM.from(Permission.ObjectAccess.View, "1"), + PermissionADM.from(Permission.ObjectAccess.View, "2"), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, "2"), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, "3"), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, "3"), ) val deduplicatedPermissions = Set( - PermissionADM.restrictedViewPermission("1"), - PermissionADM.restrictedViewPermission("2"), - PermissionADM.changeRightsPermission("2"), - PermissionADM.changeRightsPermission("3"), + PermissionADM.from(Permission.ObjectAccess.View, "1"), + PermissionADM.from(Permission.ObjectAccess.View, "2"), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, "2"), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, "3"), ) val result = PermissionUtilADM.removeDuplicatePermissions(duplicatedPermissions) result.size should equal(deduplicatedPermissions.size) result should contain allElementsOf deduplicatedPermissions - - } - - "remove lesser permissions" in { - val withLesserPermissions = Set( - PermissionADM.restrictedViewPermission("1"), - PermissionADM.viewPermission("1"), - PermissionADM.modifyPermission("2"), - PermissionADM.changeRightsPermission("1"), - PermissionADM.deletePermission("2"), - ) - - val withoutLesserPermissions = Set( - PermissionADM.changeRightsPermission("1"), - PermissionADM.deletePermission("2"), - ) - - val result = PermissionUtilADM.removeLesserPermissions(withLesserPermissions, PermissionType.OAP) - result.size should equal(withoutLesserPermissions.size) - result should contain allElementsOf withoutLesserPermissions } "create permissions string" in { val permissions = Set( - PermissionADM.changeRightsPermission("1"), - PermissionADM.deletePermission("2"), - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.Creator), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, "1"), + PermissionADM.from(Permission.ObjectAccess.Delete, "2"), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), ) val permissionsString = "CR 1,knora-admin:Creator|D 2|M knora-admin:ProjectMember|V knora-admin:KnownUser" diff --git a/integration/src/test/scala/org/knora/webapi/responders/admin/PermissionsResponderADMSpec.scala b/integration/src/test/scala/org/knora/webapi/responders/admin/PermissionsResponderADMSpec.scala index 8b93a7e78d..7912c62f8d 100644 --- a/integration/src/test/scala/org/knora/webapi/responders/admin/PermissionsResponderADMSpec.scala +++ b/integration/src/test/scala/org/knora/webapi/responders/admin/PermissionsResponderADMSpec.scala @@ -19,8 +19,6 @@ import dsp.errors.ForbiddenException import dsp.errors.NotFoundException import org.knora.webapi._ import org.knora.webapi.messages.OntologyConstants -import org.knora.webapi.messages.OntologyConstants.KnoraBase.EntityPermissionAbbreviations -import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionsMessagesUtilADM.PermissionTypeAndCodes import org.knora.webapi.messages.admin.responder.permissionsmessages._ import org.knora.webapi.messages.store.triplestoremessages.RdfDataObject import org.knora.webapi.messages.util.KnoraSystemInstances @@ -36,6 +34,7 @@ import org.knora.webapi.sharedtestdata.SharedTestDataADM.normalUser import org.knora.webapi.sharedtestdata.SharedTestDataADM2 import org.knora.webapi.slice.admin.domain.model.GroupIri import org.knora.webapi.slice.admin.domain.model.KnoraProject.ProjectIri +import org.knora.webapi.slice.admin.domain.model.Permission import org.knora.webapi.slice.admin.domain.model.PermissionIri import org.knora.webapi.util.ZioScalaTestUtil.assertFailsWithA @@ -172,7 +171,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { "ask about administrative permissions " should { - "return all AdministrativePermissions for project" in { + "return all Permission.Administrative for project" in { val result = UnsafeZioRun.runOrThrow( ZIO.serviceWithZIO[PermissionsResponderADM](_.getPermissionsApByProjectIri(imagesProjectIri)), ) @@ -181,7 +180,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { ) } - "return AdministrativePermission for project and group" in { + "return Permission.Administrative for project and group" in { val result = UnsafeZioRun.runOrThrow( ZIO.serviceWithZIO[PermissionsResponderADM]( _.getPermissionsApByProjectAndGroupIri( @@ -193,7 +192,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { result shouldEqual AdministrativePermissionGetResponseADM(perm002_a1.p) } - "return AdministrativePermission for IRI" in { + "return Permission.Administrative for IRI" in { appActor ! AdministrativePermissionForIriGetRequestADM( administrativePermissionIri = perm002_a1.iri, requestingUser = rootUser, @@ -226,7 +225,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { CreateAdministrativePermissionAPIRequestADM( forProject = imagesProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectResourceCreateAllPermission), + hasPermissions = Set(PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll)), ), rootUser, UUID.randomUUID(), @@ -251,7 +250,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { id = Some(customIri), forProject = SharedTestDataADM.anythingProjectIri, forGroup = SharedTestDataADM.thingSearcherGroup.id, - hasPermissions = Set(PermissionADM.ProjectResourceCreateAllPermission), + hasPermissions = Set(PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll)), ), rootUser, UUID.randomUUID(), @@ -267,18 +266,12 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { val customIri = "http://rdfh.ch/permissions/0001/0pd-VUDeShWNJ2Nq3fGGGQ" val hasPermissions = Set( PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectResourceCreateAllPermission, + name = Permission.Administrative.ProjectResourceCreateAll.token, additionalInformation = Some("blabla"), permissionCode = Some(8), ), ) - val expectedHasPermissions = Set( - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectResourceCreateAllPermission, - additionalInformation = None, - permissionCode = None, - ), - ) + val expectedHasPermissions = Set(PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll)) val actual = UnsafeZioRun.runOrThrow( ZIO.serviceWithZIO[PermissionsResponderADM]( _.createAdministrativePermission( @@ -440,7 +433,9 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { CreateDefaultObjectAccessPermissionAPIRequestADM( forProject = SharedTestDataADM.anythingProjectIri, forGroup = Some(SharedTestDataADM.thingSearcherGroup.id), - hasPermissions = Set(PermissionADM.restrictedViewPermission(SharedTestDataADM.thingSearcherGroup.id)), + hasPermissions = Set( + PermissionADM.from(Permission.ObjectAccess.RestrictedView, SharedTestDataADM.thingSearcherGroup.id), + ), ), rootUser, UUID.randomUUID(), @@ -452,7 +447,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { assert(actual.defaultObjectAccessPermission.forGroup.contains(SharedTestDataADM.thingSearcherGroup.id)) assert( actual.defaultObjectAccessPermission.hasPermissions.contains( - PermissionADM.restrictedViewPermission(SharedTestDataADM.thingSearcherGroup.id), + PermissionADM.from(Permission.ObjectAccess.RestrictedView, SharedTestDataADM.thingSearcherGroup.id), ), ) } @@ -466,7 +461,9 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { id = Some(customIri), forProject = SharedTestDataADM.anythingProjectIri, forGroup = Some(OntologyConstants.KnoraAdmin.UnknownUser), - hasPermissions = Set(PermissionADM.restrictedViewPermission(OntologyConstants.KnoraAdmin.UnknownUser)), + hasPermissions = Set( + PermissionADM.from(Permission.ObjectAccess.RestrictedView, OntologyConstants.KnoraAdmin.UnknownUser), + ), ), rootUser, UUID.randomUUID(), @@ -478,7 +475,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { assert(received.defaultObjectAccessPermission.forProject == SharedTestDataADM.anythingProjectIri) assert( received.defaultObjectAccessPermission.hasPermissions - .contains(PermissionADM.restrictedViewPermission(unknownUser)), + .contains(PermissionADM.from(Permission.ObjectAccess.RestrictedView, unknownUser)), ) } @@ -489,7 +486,8 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { CreateDefaultObjectAccessPermissionAPIRequestADM( forProject = imagesProjectIri, forResourceClass = Some(SharedOntologyTestDataADM.IMAGES_BILD_RESOURCE_CLASS), - hasPermissions = Set(PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.KnownUser)), + hasPermissions = + Set(PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.KnownUser)), ), rootUser, UUID.randomUUID(), @@ -503,7 +501,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { ) assert( actual.defaultObjectAccessPermission.hasPermissions - .contains(PermissionADM.modifyPermission(knownUser)), + .contains(PermissionADM.from(Permission.ObjectAccess.Modify, knownUser)), ) } @@ -514,7 +512,8 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { CreateDefaultObjectAccessPermissionAPIRequestADM( forProject = imagesProjectIri, forProperty = Some(SharedOntologyTestDataADM.IMAGES_TITEL_PROPERTY), - hasPermissions = Set(PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.Creator)), + hasPermissions = + Set(PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.Creator)), ), rootUser, UUID.randomUUID(), @@ -528,7 +527,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { ) assert( actual.defaultObjectAccessPermission.hasPermissions - .contains(PermissionADM.changeRightsPermission(creator)), + .contains(PermissionADM.from(Permission.ObjectAccess.ChangeRights, creator)), ) } @@ -539,7 +538,9 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { CreateDefaultObjectAccessPermissionAPIRequestADM( forProject = SharedTestDataADM2.incunabulaProjectIri, forGroup = Some(OntologyConstants.KnoraAdmin.ProjectMember), - hasPermissions = Set(PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.ProjectMember)), + hasPermissions = Set( + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.ProjectMember), + ), ), rootUser, UUID.randomUUID(), @@ -564,8 +565,8 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { forProject = SharedTestDataADM2.incunabulaProjectIri, forResourceClass = Some(SharedOntologyTestDataADM.INCUNABULA_BOOK_RESOURCE_CLASS), hasPermissions = Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.Creator), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), ), ), rootUser, @@ -591,7 +592,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { forProject = SharedTestDataADM2.incunabulaProjectIri, forProperty = Some(SharedOntologyTestDataADM.INCUNABULA_PartOf_Property), hasPermissions = Set( - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.KnownUser), ), ), rootUser, @@ -618,8 +619,8 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { forResourceClass = Some(SharedOntologyTestDataADM.INCUNABULA_PAGE_RESOURCE_CLASS), forProperty = Some(SharedOntologyTestDataADM.INCUNABULA_PartOf_Property), hasPermissions = Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.Creator), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), ), ), rootUser, @@ -663,7 +664,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { assert(actual.defaultObjectAccessPermission.forGroup.contains(unknownUser)) assert( actual.defaultObjectAccessPermission.hasPermissions.contains( - PermissionADM.restrictedViewPermission(unknownUser), + PermissionADM.from(Permission.ObjectAccess.RestrictedView, unknownUser), ), ) } @@ -671,14 +672,14 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { "create a DefaultObjectAccessPermission for project and property even if permissionCode of a permission was missing" in { val hasPermissions = Set( PermissionADM( - name = OntologyConstants.KnoraBase.DeletePermission, + name = Permission.ObjectAccess.Delete.token, additionalInformation = Some(OntologyConstants.KnoraAdmin.ProjectAdmin), permissionCode = None, ), ) val expectedPermissions = Set( PermissionADM( - name = OntologyConstants.KnoraBase.DeletePermission, + name = Permission.ObjectAccess.Delete.token, additionalInformation = Some(projectAdmin), permissionCode = Some(7), ), @@ -993,7 +994,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { "ask to update hasPermissions of a permission" should { "throw ForbiddenException for PermissionChangeHasPermissionsRequestADM if requesting user is not system or project Admin" in { val permissionIri = "http://rdfh.ch/permissions/00FF/buxHAlz8SHuu0FuiLN_tKQ" - val hasPermissions = NonEmptyChunk(PermissionADM.ProjectResourceCreateAllPermission) + val hasPermissions = NonEmptyChunk(PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll)) val exit = UnsafeZioRun.run( ZIO.serviceWithZIO[PermissionsResponderADM]( @@ -1014,7 +1015,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { "update hasPermissions of an administrative permission" in { val permissionIri = "http://rdfh.ch/permissions/00FF/buxHAlz8SHuu0FuiLN_tKQ" - val hasPermissions = NonEmptyChunk(PermissionADM.ProjectResourceCreateAllPermission) + val hasPermissions = NonEmptyChunk(PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll)) val actual = UnsafeZioRun.runOrThrow( ZIO.serviceWithZIO[PermissionsResponderADM]( _.updatePermissionHasPermissions( @@ -1036,7 +1037,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { val permissionIri = "http://rdfh.ch/permissions/00FF/buxHAlz8SHuu0FuiLN_tKQ" val hasPermissions = NonEmptyChunk( PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectAdminAllPermission, + name = Permission.Administrative.ProjectAdminAll.token, additionalInformation = Some("aIRI"), permissionCode = Some(1), ), @@ -1054,15 +1055,15 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { val ap = actual.asInstanceOf[AdministrativePermissionGetResponseADM].administrativePermission assert(ap.iri == permissionIri) ap.hasPermissions.size should be(1) - val expectedSetOfPermissions = Set(PermissionADM.ProjectAdminAllPermission) + val expectedSetOfPermissions = Set(PermissionADM.from(Permission.Administrative.ProjectAdminAll)) assert(ap.hasPermissions.equals(expectedSetOfPermissions)) } "update hasPermissions of a default object access permission" in { val permissionIri = "http://rdfh.ch/permissions/00FF/Q3OMWyFqStGYK8EXmC7KhQ" val hasPermissions = NonEmptyChunk( - PermissionADM.changeRightsPermission(creator), - PermissionADM.modifyPermission(projectMember), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, creator), + PermissionADM.from(Permission.ObjectAccess.Modify, projectMember), ) val actual = UnsafeZioRun.runOrThrow( @@ -1094,7 +1095,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { val expectedHasPermissions = Set( PermissionADM( - name = OntologyConstants.KnoraBase.ChangeRightsPermission, + name = Permission.ObjectAccess.ChangeRights.token, additionalInformation = Some(creator), permissionCode = Some(8), ), @@ -1119,7 +1120,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { val permissionIri = "http://rdfh.ch/permissions/00FF/Q3OMWyFqStGYK8EXmC7KhQ" val hasPermissions = NonEmptyChunk( PermissionADM( - name = OntologyConstants.KnoraBase.DeletePermission, + name = Permission.ObjectAccess.Delete.token, additionalInformation = Some(OntologyConstants.KnoraAdmin.ProjectAdmin), permissionCode = None, ), @@ -1127,7 +1128,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { val expectedHasPermissions = Set( PermissionADM( - name = OntologyConstants.KnoraBase.DeletePermission, + name = Permission.ObjectAccess.Delete.token, additionalInformation = Some(projectAdmin), permissionCode = Some(7), ), @@ -1150,7 +1151,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { "not update hasPermissions of a default object access permission, if both name and project code of a permission were missing" in { val permissionIri = "http://rdfh.ch/permissions/00FF/Q3OMWyFqStGYK8EXmC7KhQ" val code = 1 - val name = OntologyConstants.KnoraBase.DeletePermission + val name = Permission.ObjectAccess.Delete.token val hasPermissions = NonEmptyChunk( PermissionADM( name = name, @@ -1198,7 +1199,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { assertFailsWithA[BadRequestException]( exit, s"Invalid value for name parameter of hasPermissions: $name, it should be one of " + - s"${EntityPermissionAbbreviations.toString}", + s"${Permission.ObjectAccess.allTokens.mkString(", ")}", ) } @@ -1207,7 +1208,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { val code = 10 val hasPermissions = NonEmptyChunk( PermissionADM( - name = OntologyConstants.KnoraBase.DeletePermission, + name = Permission.ObjectAccess.Delete.token, additionalInformation = Some(OntologyConstants.KnoraAdmin.ProjectAdmin), permissionCode = Some(code), ), @@ -1226,7 +1227,7 @@ class PermissionsResponderADMSpec extends CoreSpec with ImplicitSender { assertFailsWithA[BadRequestException]( exit, s"Invalid value for permissionCode parameter of hasPermissions: $code, it should be one of " + - s"${PermissionTypeAndCodes.values.toString}", + s"${Permission.ObjectAccess.allCodes.mkString(", ")}", ) } diff --git a/integration/src/test/scala/org/knora/webapi/responders/admin/ProjectRestServiceSpec.scala b/integration/src/test/scala/org/knora/webapi/responders/admin/ProjectRestServiceSpec.scala index 6c22901ab5..92e517ce2f 100644 --- a/integration/src/test/scala/org/knora/webapi/responders/admin/ProjectRestServiceSpec.scala +++ b/integration/src/test/scala/org/knora/webapi/responders/admin/ProjectRestServiceSpec.scala @@ -29,6 +29,7 @@ import org.knora.webapi.slice.admin.api.model.ProjectsEndpointsRequestsAndRespon import org.knora.webapi.slice.admin.api.model.ProjectsEndpointsRequestsAndResponses.ProjectUpdateRequest import org.knora.webapi.slice.admin.api.service.ProjectRestService import org.knora.webapi.slice.admin.domain.model.KnoraProject._ +import org.knora.webapi.slice.admin.domain.model.Permission import org.knora.webapi.slice.admin.domain.model.RestrictedView import org.knora.webapi.util.MutableTestIri import org.knora.webapi.util.ZioScalaTestUtil.assertFailsWithA @@ -204,7 +205,10 @@ class ProjectRestServiceSpec extends CoreSpec with ImplicitSender { (ap: AdministrativePermissionADM) => ap.forProject == received.project.id && ap.forGroup == OntologyConstants.KnoraAdmin.ProjectAdmin && ap.hasPermissions.equals( - Set(PermissionADM.ProjectAdminAllPermission, PermissionADM.ProjectResourceCreateAllPermission), + Set( + PermissionADM.from(Permission.Administrative.ProjectAdminAll), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), + ), ) } @@ -214,7 +218,7 @@ class ProjectRestServiceSpec extends CoreSpec with ImplicitSender { val hasAPForProjectMember = receivedApAdmin.administrativePermissions.filter { (ap: AdministrativePermissionADM) => ap.forProject == received.project.id && ap.forGroup == OntologyConstants.KnoraAdmin.ProjectMember && - ap.hasPermissions.equals(Set(PermissionADM.ProjectResourceCreateAllPermission)) + ap.hasPermissions.equals(Set(PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll))) } hasAPForProjectMember.size shouldBe 1 @@ -233,8 +237,8 @@ class ProjectRestServiceSpec extends CoreSpec with ImplicitSender { ) && doap.hasPermissions.equals( Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.ProjectAdmin), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.ProjectAdmin), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), ), ) } @@ -248,8 +252,8 @@ class ProjectRestServiceSpec extends CoreSpec with ImplicitSender { ) && doap.hasPermissions.equals( Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.ProjectAdmin), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.ProjectAdmin), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), ), ) } diff --git a/integration/src/test/scala/org/knora/webapi/responders/v2/ResourcesResponderV2SpecFullData.scala b/integration/src/test/scala/org/knora/webapi/responders/v2/ResourcesResponderV2SpecFullData.scala index 1234422068..4b0096e8d1 100644 --- a/integration/src/test/scala/org/knora/webapi/responders/v2/ResourcesResponderV2SpecFullData.scala +++ b/integration/src/test/scala/org/knora/webapi/responders/v2/ResourcesResponderV2SpecFullData.scala @@ -13,10 +13,10 @@ import org.knora.webapi.messages.IriConversions._ import org.knora.webapi.messages.StringFormatter import org.knora.webapi.messages.util.CalendarNameJulian import org.knora.webapi.messages.util.DatePrecisionYear -import org.knora.webapi.messages.util.PermissionUtilADM._ import org.knora.webapi.messages.v2.responder.resourcemessages._ import org.knora.webapi.messages.v2.responder.valuemessages._ import org.knora.webapi.sharedtestdata.SharedTestDataADM +import org.knora.webapi.slice.admin.domain.model.Permission // FIXME: Rename to something more generic and without spec in the name since it is not a spec and is used in more then one spec class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter) { @@ -26,7 +26,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter resourceIri = "http://rdfh.ch/0803/c5058f3a", permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser|RV knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#book".toSmartIri, projectADM = SharedTestDataADM.incunabulaProject, @@ -46,7 +46,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("5524469101"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:UnknownUser,knora-admin:KnownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:10Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -66,7 +66,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("184e99ca01"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:10Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -84,7 +84,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("db77ec0302"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:UnknownUser,knora-admin:KnownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:10Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -102,7 +102,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("9ea13f3d02"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:10Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -122,7 +122,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("497df9ab"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:10Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -141,7 +141,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueIri = "http://rdfh.ch/0803/c5058f3a/values/8653a672", valueHasUUID = UuidUtil.decode("8653a672"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:10Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -162,7 +162,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("10e00c7acc2704"), permissions = "CR knora-admin:Creator|D knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:10Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -182,7 +182,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("92faf25701"), permissions = "CR knora-admin:Creator|D knora-admin:ProjectMember|V knora-admin:UnknownUser,knora-admin:KnownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:10Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -202,7 +202,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("0ca74ce5"), permissions = "CR knora-admin:Creator|V knora-admin:UnknownUser,knora-admin:KnownUser,knora-admin:ProjectMember", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:10Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -224,7 +224,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("cfd09f1e01"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:10Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -244,7 +244,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("c3295339"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:10Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -261,7 +261,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter resourceIri = "http://rdfh.ch/0803/c5058f3a", permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser|RV knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#book".toSmartIri, projectADM = SharedTestDataADM.incunabulaProject, @@ -277,7 +277,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter resourceIri = "http://rdfh.ch/0803/2a6221216701", permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser|RV knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#book".toSmartIri, projectADM = SharedTestDataADM.incunabulaProject, @@ -297,7 +297,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("e94fa8a09205"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -317,7 +317,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("7b4a9bf89305"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -335,7 +335,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("3e74ee319405"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -353,7 +353,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("019e416b9405"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -371,7 +371,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("c4c794a49405"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -389,7 +389,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("87f1e7dd9405"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -407,7 +407,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("4a1b3b179505"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -425,7 +425,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("0d458e509505"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -443,7 +443,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("d06ee1899505"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -461,7 +461,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("939834c39505"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -481,7 +481,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("dda85bbb9105"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -500,7 +500,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueIri = "http://rdfh.ch/0803/2a6221216701/values/1a7f08829105", valueHasUUID = UuidUtil.decode("1a7f08829105"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -520,7 +520,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("56c287fc9505"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -541,7 +541,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("f89173afca2704"), permissions = "CR knora-admin:Creator|D knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -561,7 +561,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("ac79fbd99205"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -579,7 +579,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("6fa34e139305"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -597,7 +597,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("32cda14c9305"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -615,7 +615,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("f5f6f4859305"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -635,7 +635,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("b82048bf9305"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -655,7 +655,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("262655679205"), permissions = "CR knora-admin:Creator|D knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -675,7 +675,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("a0d2aef49105"), permissions = "CR knora-admin:Creator|V knora-admin:ProjectMember,knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -697,7 +697,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("63fc012e9205"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -717,7 +717,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("d1010fd69005"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -735,7 +735,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("942b620f9105"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -753,7 +753,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueHasUUID = UuidUtil.decode("5755b5489105"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -772,7 +772,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter resourceIri = "http://rdfh.ch/0803/2a6221216701", permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser|RV knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, attachedToUser = "http://rdfh.ch/users/91e19f1e01", projectADM = SharedTestDataADM.incunabulaProject, values = Map(), @@ -800,7 +800,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter label = "A thing with version history", resourceIri = "http://rdfh.ch/0001/thing-with-history", permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:UnknownUser", - userPermission = ModifyPermission, + userPermission = Permission.ObjectAccess.Modify, attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", resourceClassIri = "http://www.knora.org/ontology/0001/anything#Thing".toSmartIri, creationDate = Instant.parse("2019-02-08T15:05:10Z"), @@ -817,7 +817,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueIri = "http://rdfh.ch/0001/thing-with-history/values/2b", valueHasUUID = UuidUtil.decode("W5fm67e0QDWxRZumcXcs6g"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2019-02-11T10:05:10Z"), attachedToUser = "http://rdfh.ch/users/BhkfBc3hTeS_IDo-JgXRbQ", previousValueIri = Some("http://rdfh.ch/0001/thing-with-history/values/2a"), @@ -836,7 +836,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueIri = "http://rdfh.ch/0001/thing-with-history/values/3a", valueHasUUID = UuidUtil.decode("IZGOjVqxTfSNO4ieKyp0SA"), permissions = "V knora-admin:UnknownUser|M knora-admin:ProjectMember", - userPermission = ModifyPermission, + userPermission = Permission.ObjectAccess.Modify, valueCreationDate = Instant.parse("2019-02-10T10:30:10Z"), attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", previousValueIri = None, @@ -853,7 +853,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueIri = "http://rdfh.ch/0001/thing-with-history/values/1a", valueHasUUID = UuidUtil.decode("pLlW4ODASumZfZFbJdpw1g"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2019-02-11T09:05:10Z"), attachedToUser = "http://rdfh.ch/users/BhkfBc3hTeS_IDo-JgXRbQ", previousValueIri = None, @@ -966,7 +966,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", resourceClassIri = "http://www.knora.org/ontology/0001/anything#Thing".toSmartIri, creationDate = Instant.parse("2019-02-08T15:05:10Z"), - userPermission = ModifyPermission, + userPermission = Permission.ObjectAccess.Modify, values = Map( "http://www.knora.org/ontology/0001/anything#hasInteger".toSmartIri -> Vector( ReadOtherValueV2( @@ -980,7 +980,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueCreationDate = Instant.parse("2019-02-13T09:05:10Z"), attachedToUser = "http://rdfh.ch/users/BhkfBc3hTeS_IDo-JgXRbQ", valueHasUUID = UuidUtil.decode("pLlW4ODASumZfZFbJdpw1g"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, previousValueIri = Some("http://rdfh.ch/0001/thing-with-history/values/1b"), deletionInfo = None, ), @@ -1004,7 +1004,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter attachedToUser = "http://rdfh.ch/users/9XBCrDV3SRa7kS1WwynB4Q", resourceClassIri = "http://www.knora.org/ontology/0001/anything#Thing".toSmartIri, creationDate = Instant.parse("2019-02-08T15:05:10Z"), - userPermission = ModifyPermission, + userPermission = Permission.ObjectAccess.Modify, values = Map( "http://www.knora.org/ontology/0001/anything#hasInteger".toSmartIri -> Vector( ReadOtherValueV2( @@ -1018,7 +1018,7 @@ class ResourcesResponderV2SpecFullData(implicit stringFormatter: StringFormatter valueCreationDate = Instant.parse("2019-02-12T09:05:10Z"), attachedToUser = "http://rdfh.ch/users/BhkfBc3hTeS_IDo-JgXRbQ", valueHasUUID = UuidUtil.decode("pLlW4ODASumZfZFbJdpw1g"), - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, previousValueIri = Some("http://rdfh.ch/0001/thing-with-history/values/1a"), deletionInfo = None, ), diff --git a/integration/src/test/scala/org/knora/webapi/responders/v2/ResourcesResponseCheckerV2SpecFullData.scala b/integration/src/test/scala/org/knora/webapi/responders/v2/ResourcesResponseCheckerV2SpecFullData.scala index 7a1dd4c6c5..a5bed861f4 100644 --- a/integration/src/test/scala/org/knora/webapi/responders/v2/ResourcesResponseCheckerV2SpecFullData.scala +++ b/integration/src/test/scala/org/knora/webapi/responders/v2/ResourcesResponseCheckerV2SpecFullData.scala @@ -13,10 +13,10 @@ import org.knora.webapi.messages.IriConversions._ import org.knora.webapi.messages.StringFormatter import org.knora.webapi.messages.util.CalendarNameJulian import org.knora.webapi.messages.util.DatePrecisionYear -import org.knora.webapi.messages.util.PermissionUtilADM._ import org.knora.webapi.messages.v2.responder.resourcemessages._ import org.knora.webapi.messages.v2.responder.valuemessages._ import org.knora.webapi.sharedtestdata.SharedTestDataADM +import org.knora.webapi.slice.admin.domain.model.Permission // FIXME: Rename to something without spec in the name since it is not a spec class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFormatter) { @@ -27,7 +27,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor resourceIri = "http://rdfh.ch/2a6221216701", permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser|RV knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#book".toSmartIri, projectADM = SharedTestDataADM.incunabulaProject, @@ -46,7 +46,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("e94fa8a09205"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -66,7 +66,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("7b4a9bf89305"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -84,7 +84,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("3e74ee319405"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -102,7 +102,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("019e416b9405"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -120,7 +120,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("c4c794a49405"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -138,7 +138,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("87f1e7dd9405"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -156,7 +156,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("4a1b3b179505"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -174,7 +174,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("0d458e509505"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -192,7 +192,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("d06ee1899505"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -210,7 +210,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("939834c39505"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -230,7 +230,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("dda85bbb9105"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -249,7 +249,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueIri = "http://rdfh.ch/2a6221216701/values/1a7f08829105", valueHasUUID = UuidUtil.decode("1a7f08829105"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -269,7 +269,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("56c287fc9505"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:21Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -290,7 +290,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("f89173afca2704"), permissions = "CR knora-admin:Creator|D knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -310,7 +310,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("ac79fbd99205"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -328,7 +328,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("6fa34e139305"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -346,7 +346,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("32cda14c9305"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -364,7 +364,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("f5f6f4859305"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -384,7 +384,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("b82048bf9305"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -404,7 +404,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("262655679205"), permissions = "CR knora-admin:Creator|D knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -424,7 +424,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("a0d2aef49105"), permissions = "CR knora-admin:Creator|V knora-admin:ProjectMember,knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -446,7 +446,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("63fc012e9205"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -466,7 +466,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("d1010fd69005"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, @@ -484,7 +484,7 @@ class ResourcesResponseCheckerV2SpecFullData(implicit stringFormatter: StringFor valueHasUUID = UuidUtil.decode("942b620f9105"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, valueCreationDate = Instant.parse("2016-03-02T15:05:20Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", previousValueIri = None, diff --git a/integration/src/test/scala/org/knora/webapi/responders/v2/SearchResponderV2SpecFullData.scala b/integration/src/test/scala/org/knora/webapi/responders/v2/SearchResponderV2SpecFullData.scala index 156361f54e..b53d98113a 100644 --- a/integration/src/test/scala/org/knora/webapi/responders/v2/SearchResponderV2SpecFullData.scala +++ b/integration/src/test/scala/org/knora/webapi/responders/v2/SearchResponderV2SpecFullData.scala @@ -13,11 +13,11 @@ import dsp.valueobjects.UuidUtil import org.knora.webapi._ import org.knora.webapi.messages.IriConversions._ import org.knora.webapi.messages.StringFormatter -import org.knora.webapi.messages.util.PermissionUtilADM._ import org.knora.webapi.messages.util.search._ import org.knora.webapi.messages.v2.responder.resourcemessages._ import org.knora.webapi.messages.v2.responder.valuemessages._ import org.knora.webapi.sharedtestdata.SharedTestDataADM +import org.knora.webapi.slice.admin.domain.model.Permission import pekko.actor.ActorSystem @@ -34,7 +34,7 @@ class SearchResponderV2SpecFullData(implicit stringFormatter: StringFormatter) { resourceIri = "", permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser|RV knora-admin:UnknownUser", - userPermission = ChangeRightsPermission, + userPermission = Permission.ObjectAccess.ChangeRights, attachedToUser = testUser1, resourceClassIri = booksBookIri.toSmartIri, projectADM = SharedTestDataADM.anythingProject, @@ -53,7 +53,7 @@ class SearchResponderV2SpecFullData(implicit stringFormatter: StringFormatter) { valueHasUUID = UuidUtil.decode("d34d34d3-4d34-d34d-3496-2b2dfef6a5b9"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser|RV knora-admin:UnknownUser", - userPermission = ModifyPermission, + userPermission = Permission.ObjectAccess.Modify, previousValueIri = None, valueCreationDate = Instant.parse("2018-05-29T16:42:04.381Z"), attachedToUser = testUser2, @@ -137,7 +137,7 @@ class SearchResponderV2SpecFullData(implicit stringFormatter: StringFormatter) { resourceIri = "http://rdfh.ch/0803/c5058f3a", permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser|RV knora-admin:UnknownUser", - userPermission = RestrictedViewPermission, + userPermission = Permission.ObjectAccess.RestrictedView, attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#book".toSmartIri, projectADM = SharedTestDataADM.incunabulaProject, @@ -156,7 +156,7 @@ class SearchResponderV2SpecFullData(implicit stringFormatter: StringFormatter) { valueHasUUID = UuidUtil.decode("c3295339"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ViewPermission, + userPermission = Permission.ObjectAccess.View, previousValueIri = None, valueCreationDate = Instant.parse("2016-03-02T15:05:10Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", @@ -173,7 +173,7 @@ class SearchResponderV2SpecFullData(implicit stringFormatter: StringFormatter) { resourceIri = "http://rdfh.ch/0803/ff17e5ef9601", permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser|RV knora-admin:UnknownUser", - userPermission = RestrictedViewPermission, + userPermission = Permission.ObjectAccess.RestrictedView, attachedToUser = "http://rdfh.ch/users/91e19f1e01", resourceClassIri = "http://www.knora.org/ontology/0803/incunabula#book".toSmartIri, projectADM = SharedTestDataADM.incunabulaProject, @@ -192,7 +192,7 @@ class SearchResponderV2SpecFullData(implicit stringFormatter: StringFormatter) { valueHasUUID = UuidUtil.decode("d9a522845006"), permissions = "CR knora-admin:Creator|M knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser", - userPermission = ViewPermission, + userPermission = Permission.ObjectAccess.View, previousValueIri = None, valueCreationDate = Instant.parse("2016-03-02T15:05:23Z"), attachedToUser = "http://rdfh.ch/users/91e19f1e01", diff --git a/integration/src/test/scala/org/knora/webapi/responders/v2/ValuesResponderV2Spec.scala b/integration/src/test/scala/org/knora/webapi/responders/v2/ValuesResponderV2Spec.scala index 4ca04a641a..1a1f8da72d 100644 --- a/integration/src/test/scala/org/knora/webapi/responders/v2/ValuesResponderV2Spec.scala +++ b/integration/src/test/scala/org/knora/webapi/responders/v2/ValuesResponderV2Spec.scala @@ -2607,7 +2607,7 @@ class ValuesResponderV2Spec extends CoreSpec with ImplicitSender { } } - "not update a value with custom permissions if the requesting user does not have ChangeRightsPermission on the value" in { + "not update a value with custom permissions if the requesting user does not have Permission.ObjectAccess.ChangeRights on the value" in { val resourceIri: IRI = aThingIri val propertyIri: SmartIri = "http://0.0.0.0:3333/ontology/0001/anything/v2#hasInteger".toSmartIri val permissions = "CR knora-admin:Creator" @@ -2733,7 +2733,7 @@ class ValuesResponderV2Spec extends CoreSpec with ImplicitSender { updatedValueFromTriplestore.permissions should ===(permissions) } - "not update a value, changing only its permissions, if the requesting user does not have ChangeRightsPermission on the value" in { + "not update a value, changing only its permissions, if the requesting user does not have Permission.ObjectAccess.ChangeRights on the value" in { val resourceIri: IRI = aThingIri val propertyIri: SmartIri = "http://0.0.0.0:3333/ontology/0001/anything/v2#hasInteger".toSmartIri val permissions = "CR knora-admin:Creator" diff --git a/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedPermissionsTestData.scala b/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedPermissionsTestData.scala index 3509234852..ecd3c6d269 100644 --- a/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedPermissionsTestData.scala +++ b/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedPermissionsTestData.scala @@ -12,6 +12,7 @@ import org.knora.webapi.messages.admin.responder.permissionsmessages.ObjectAcces import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionADM import org.knora.webapi.sharedtestdata.SharedOntologyTestDataADM._ import org.knora.webapi.sharedtestdata.SharedTestDataADM2._ +import org.knora.webapi.slice.admin.domain.model.Permission /* Helper case classes */ case class ap(iri: String, p: AdministrativePermissionADM) @@ -38,9 +39,9 @@ object SharedPermissionsTestData { forProject = OntologyConstants.KnoraAdmin.SystemProject, forResourceClass = Some(OntologyConstants.KnoraBase.LinkObj), hasPermissions = Set( - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.UnknownUser), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.UnknownUser), ), ), ) @@ -53,9 +54,9 @@ object SharedPermissionsTestData { forProject = OntologyConstants.KnoraAdmin.SystemProject, forResourceClass = Some(OntologyConstants.KnoraBase.Region), hasPermissions = Set( - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.UnknownUser), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.UnknownUser), ), ), ) @@ -68,10 +69,10 @@ object SharedPermissionsTestData { forProject = OntologyConstants.KnoraAdmin.SystemProject, forProperty = Some(OntologyConstants.KnoraBase.HasStillImageFileValue), hasPermissions = Set( - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.Creator), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.UnknownUser), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.UnknownUser), ), ), ) @@ -91,7 +92,7 @@ object SharedPermissionsTestData { forProject = imagesProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, hasPermissions = Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ) @@ -104,8 +105,8 @@ object SharedPermissionsTestData { forProject = imagesProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectAdmin, hasPermissions = Set( - PermissionADM.ProjectResourceCreateAllPermission, - PermissionADM.ProjectAdminAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), + PermissionADM.from(Permission.Administrative.ProjectAdminAll), ), ), ) @@ -118,8 +119,11 @@ object SharedPermissionsTestData { forProject = imagesProjectIri, forGroup = "http://rdfh.ch/groups/00FF/images-reviewer", hasPermissions = Set( - PermissionADM.projectResourceCreateRestrictedPermission(s"$IMAGES_ONTOLOGY_IRI#bild"), - PermissionADM.projectResourceCreateRestrictedPermission(s"$IMAGES_ONTOLOGY_IRI#bildformat"), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateRestricted, s"$IMAGES_ONTOLOGY_IRI#bild"), + PermissionADM.from( + Permission.Administrative.ProjectResourceCreateRestricted, + s"$IMAGES_ONTOLOGY_IRI#bildformat", + ), ), ), ) @@ -130,7 +134,7 @@ object SharedPermissionsTestData { iri = "http://rdfh.ch/permissions/00FF/PNTn7ZvsS_OabbexCxr_Eg", forProject = imagesProjectIri, forGroup = Some("http://rdfh.ch/groups/00FF/images-reviewer"), - hasPermissions = Set(PermissionADM.deletePermission(OntologyConstants.KnoraAdmin.Creator)), + hasPermissions = Set(PermissionADM.from(Permission.ObjectAccess.Delete, OntologyConstants.KnoraAdmin.Creator)), ), ) @@ -142,9 +146,9 @@ object SharedPermissionsTestData { forProject = imagesProjectIri, forGroup = Some(OntologyConstants.KnoraAdmin.ProjectMember), hasPermissions = Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.Creator), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), ), ), ) @@ -157,9 +161,9 @@ object SharedPermissionsTestData { forProject = imagesProjectIri, forGroup = Some(OntologyConstants.KnoraAdmin.KnownUser), hasPermissions = Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.Creator), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), ), ), ) @@ -178,7 +182,7 @@ object SharedPermissionsTestData { iri = "http://rdfh.ch/permissions/003-a1", forProject = SharedTestDataADM2.incunabulaProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectResourceCreateAllPermission), + hasPermissions = Set(PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll)), ), ) @@ -190,8 +194,8 @@ object SharedPermissionsTestData { forProject = SharedTestDataADM2.incunabulaProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectAdmin, hasPermissions = Set( - PermissionADM.ProjectResourceCreateAllPermission, - PermissionADM.ProjectAdminAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), + PermissionADM.from(Permission.Administrative.ProjectAdminAll), ), ), ) @@ -202,10 +206,10 @@ object SharedPermissionsTestData { p = ObjectAccessPermissionADM( forResource = Some("http://rdfh.ch/0803/00014b43f902"), hasPermissions = Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.Creator), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), - PermissionADM.restrictedViewPermission(OntologyConstants.KnoraAdmin.UnknownUser), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.RestrictedView, OntologyConstants.KnoraAdmin.UnknownUser), ), ), ) @@ -216,10 +220,10 @@ object SharedPermissionsTestData { p = ObjectAccessPermissionADM( forValue = Some("http://rdfh.ch/0803/00014b43f902/values/1ad3999ad60b"), hasPermissions = Set( - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.UnknownUser), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.ProjectMember), - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.UnknownUser), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.Creator), ), ), ) @@ -232,10 +236,10 @@ object SharedPermissionsTestData { forProject = SharedTestDataADM2.incunabulaProjectIri, forGroup = Some(OntologyConstants.KnoraAdmin.ProjectMember), hasPermissions = Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.Creator), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), - PermissionADM.restrictedViewPermission(OntologyConstants.KnoraAdmin.UnknownUser), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.RestrictedView, OntologyConstants.KnoraAdmin.UnknownUser), ), ), ) @@ -248,10 +252,10 @@ object SharedPermissionsTestData { forProject = SharedTestDataADM2.incunabulaProjectIri, forResourceClass = Some(INCUNABULA_BOOK_RESOURCE_CLASS), hasPermissions = Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.Creator), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), - PermissionADM.restrictedViewPermission(OntologyConstants.KnoraAdmin.UnknownUser), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.RestrictedView, OntologyConstants.KnoraAdmin.UnknownUser), ), ), ) @@ -264,9 +268,9 @@ object SharedPermissionsTestData { forProject = SharedTestDataADM2.incunabulaProjectIri, forResourceClass = Some(INCUNABULA_PAGE_RESOURCE_CLASS), hasPermissions = Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.Creator), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), ), ), ) @@ -279,8 +283,8 @@ object SharedPermissionsTestData { forProject = SharedTestDataADM2.incunabulaProjectIri, forProperty = Some(INCUNABULA_PartOf_Property), hasPermissions = Set( - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), - PermissionADM.restrictedViewPermission(OntologyConstants.KnoraAdmin.UnknownUser), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.RestrictedView, OntologyConstants.KnoraAdmin.UnknownUser), ), ), ) @@ -294,7 +298,7 @@ object SharedPermissionsTestData { forResourceClass = Some(INCUNABULA_PAGE_RESOURCE_CLASS), forProperty = Some(INCUNABULA_PartOf_Property), hasPermissions = Set( - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), ), ), ) @@ -313,7 +317,7 @@ object SharedPermissionsTestData { iri = "http://rdfh.ch/permissions/00FF/XFozeICsTE2gHSOsm4ZMIw", forProject = SharedTestDataADM2.anythingProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectResourceCreateAllPermission), + hasPermissions = Set(PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll)), ), ) @@ -325,8 +329,8 @@ object SharedPermissionsTestData { forProject = SharedTestDataADM2.anythingProjectIri, forGroup = OntologyConstants.KnoraAdmin.ProjectAdmin, hasPermissions = Set( - PermissionADM.ProjectResourceCreateAllPermission, - PermissionADM.ProjectAdminAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), + PermissionADM.from(Permission.Administrative.ProjectAdminAll), ), ), ) @@ -339,10 +343,10 @@ object SharedPermissionsTestData { forProject = SharedTestDataADM2.anythingProjectIri, forGroup = Some(OntologyConstants.KnoraAdmin.ProjectMember), hasPermissions = Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.Creator), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.KnownUser), - PermissionADM.restrictedViewPermission(OntologyConstants.KnoraAdmin.UnknownUser), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.KnownUser), + PermissionADM.from(Permission.ObjectAccess.RestrictedView, OntologyConstants.KnoraAdmin.UnknownUser), ), ), ) diff --git a/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM.scala b/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM.scala index 592e727475..419a052560 100644 --- a/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM.scala +++ b/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM.scala @@ -16,6 +16,7 @@ import org.knora.webapi.messages.admin.responder.projectsmessages.Project import org.knora.webapi.messages.store.triplestoremessages.StringLiteralV2 import org.knora.webapi.messages.util.KnoraSystemInstances import org.knora.webapi.slice.admin.domain.model.Group +import org.knora.webapi.slice.admin.domain.model.Permission import org.knora.webapi.slice.admin.domain.model.User /** @@ -138,12 +139,12 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectAdminAll), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), imagesProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectAdminAll), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -213,8 +214,8 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( imagesProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectAdminAll), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -239,7 +240,7 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( imagesProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -267,10 +268,12 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( imagesProjectIri -> Set( - PermissionADM.projectResourceCreateRestrictedPermission( + PermissionADM.from( + Permission.Administrative.ProjectResourceCreateRestricted, s"${SharedOntologyTestDataADM.IMAGES_ONTOLOGY_IRI}#bild", ), - PermissionADM.projectResourceCreateRestrictedPermission( + PermissionADM.from( + Permission.Administrative.ProjectResourceCreateRestricted, s"${SharedOntologyTestDataADM.IMAGES_ONTOLOGY_IRI}#bildformat", ), ), @@ -377,8 +380,8 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectAdminAll), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -403,7 +406,7 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -428,7 +431,7 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -545,8 +548,8 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( anythingProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectAdminAll), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -573,7 +576,7 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( anythingProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -597,7 +600,7 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( anythingProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -687,7 +690,7 @@ object SharedTestDataADM { ), administrativePermissionsPerProject = Map( beolProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, + PermissionADM.from(Permission.Administrative.ProjectAdminAll), ), ), ), diff --git a/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM2.scala b/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM2.scala index 46ee8afd08..81fdb43db8 100644 --- a/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM2.scala +++ b/integration/src/test/scala/org/knora/webapi/sharedtestdata/SharedTestDataADM2.scala @@ -11,6 +11,7 @@ import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionA import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionsDataADM import org.knora.webapi.sharedtestdata import org.knora.webapi.sharedtestdata.SharedOntologyTestDataADM.IMAGES_ONTOLOGY_IRI +import org.knora.webapi.slice.admin.domain.model.Permission /** * This object holds the same user which are loaded with 'test_data/project_data/admin-data.ttl'. Using this object @@ -69,12 +70,12 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectAdminAll), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), imagesProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectAdminAll), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -112,8 +113,8 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( imagesProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectAdminAll), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -139,7 +140,7 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( imagesProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -168,8 +169,11 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( imagesProjectIri -> Set( - PermissionADM.projectResourceCreateRestrictedPermission(s"$IMAGES_ONTOLOGY_IRI#bild"), - PermissionADM.projectResourceCreateRestrictedPermission(s"$IMAGES_ONTOLOGY_IRI#bildformat"), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateRestricted, s"$IMAGES_ONTOLOGY_IRI#bild"), + PermissionADM.from( + Permission.Administrative.ProjectResourceCreateRestricted, + s"$IMAGES_ONTOLOGY_IRI#bildformat", + ), ), ), ), @@ -221,8 +225,8 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectAdminAll), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -248,7 +252,7 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -274,7 +278,7 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( incunabulaProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -329,8 +333,8 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( anythingProjectIri -> Set( - PermissionADM.ProjectAdminAllPermission, - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectAdminAll), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -355,7 +359,7 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( anythingProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), @@ -380,7 +384,7 @@ object SharedTestDataADM2 { ), administrativePermissionsPerProject = Map( anythingProjectIri -> Set( - PermissionADM.ProjectResourceCreateAllPermission, + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), ), ), ), diff --git a/webapi/src/main/scala/org/knora/webapi/messages/OntologyConstants.scala b/webapi/src/main/scala/org/knora/webapi/messages/OntologyConstants.scala index e43e01a4a7..8484aad13f 100644 --- a/webapi/src/main/scala/org/knora/webapi/messages/OntologyConstants.scala +++ b/webapi/src/main/scala/org/knora/webapi/messages/OntologyConstants.scala @@ -366,21 +366,6 @@ object OntologyConstants { val PermissionListDelimiter: Char = '|' val GroupListDelimiter: Char = ',' - val RestrictedViewPermission: String = "RV" - val ViewPermission: String = "V" - val ModifyPermission: String = "M" - val DeletePermission: String = "D" - val ChangeRightsPermission: String = "CR" - val MaxPermission: String = ChangeRightsPermission - - val EntityPermissionAbbreviations: Seq[String] = Seq( - RestrictedViewPermission, - ViewPermission, - ModifyPermission, - DeletePermission, - ChangeRightsPermission, - ) - /* Standoff */ val StandoffTag: IRI = KnoraBasePrefixExpansion + "StandoffTag" @@ -514,22 +499,6 @@ object OntologyConstants { val ForResourceClass: IRI = KnoraAdminPrefixExpansion + "forResourceClass" val ForProperty: IRI = KnoraAdminPrefixExpansion + "forProperty" - val ProjectResourceCreateAllPermission: String = "ProjectResourceCreateAllPermission" - val ProjectResourceCreateRestrictedPermission: String = "ProjectResourceCreateRestrictedPermission" - val ProjectAdminAllPermission: String = "ProjectAdminAllPermission" - val ProjectAdminGroupAllPermission: String = "ProjectAdminGroupAllPermission" - val ProjectAdminGroupRestrictedPermission: String = "ProjectAdminGroupRestrictedPermission" - val ProjectAdminRightsAllPermission: String = "ProjectAdminRightsAllPermission" - - val AdministrativePermissionAbbreviations: Seq[String] = Seq( - ProjectResourceCreateAllPermission, - ProjectResourceCreateRestrictedPermission, - ProjectAdminAllPermission, - ProjectAdminGroupAllPermission, - ProjectAdminGroupRestrictedPermission, - ProjectAdminRightsAllPermission, - ) - val HasDefaultRestrictedViewPermission: IRI = KnoraAdminPrefixExpansion + "hasDefaultRestrictedViewPermission" val HasDefaultViewPermission: IRI = KnoraAdminPrefixExpansion + "hasDefaultViewPermission" val HasDefaultModifyPermission: IRI = KnoraAdminPrefixExpansion + "hasDefaultModifyPermission" diff --git a/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADM.scala b/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADM.scala index d1b856e791..401e449a39 100644 --- a/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADM.scala +++ b/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADM.scala @@ -19,10 +19,13 @@ import org.knora.webapi.messages.OntologyConstants import org.knora.webapi.messages.ResponderRequest.KnoraRequestADM import org.knora.webapi.messages.StringFormatter import org.knora.webapi.messages.admin.responder.AdminKnoraResponseADM +import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionProfileType.Full +import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionProfileType.Restricted import org.knora.webapi.messages.admin.responder.projectsmessages.ProjectsADMJsonProtocol import org.knora.webapi.messages.store.triplestoremessages.TriplestoreJsonProtocol import org.knora.webapi.messages.traits.Jsonable import org.knora.webapi.slice.admin.domain.model.KnoraProject.ProjectIri +import org.knora.webapi.slice.admin.domain.model.Permission import org.knora.webapi.slice.admin.domain.model.PermissionIri import org.knora.webapi.slice.admin.domain.model.User @@ -304,7 +307,7 @@ case class DefaultObjectAccessPermissionForIriGetRequestADM( requestingUser: User, apiRequestID: UUID, ) extends PermissionsResponderRequestADM { - PermissionsMessagesUtilADM.checkPermissionIri(defaultObjectAccessPermissionIri) + PermissionIri.from(defaultObjectAccessPermissionIri).fold(e => throw BadRequestException(e), _.value) } /** @@ -395,7 +398,7 @@ case class DefaultObjectAccessPermissionsStringForPropertyGetADM( */ case class PermissionByIriGetRequestADM(permissionIri: IRI, requestingUser: User) extends PermissionsResponderRequestADM { - PermissionsMessagesUtilADM.checkPermissionIri(permissionIri) + PermissionIri.from(permissionIri).fold(e => throw BadRequestException(e), _.value) } ////////////////////////////////////////////////////////////////////////////////////////////////////////////////// @@ -560,7 +563,7 @@ case class PermissionsDataADM( /* Does the user have the 'ProjectAdminAllPermission' permission for the project */ def hasProjectAdminAllPermissionFor(projectIri: IRI): Boolean = administrativePermissionsPerProject.get(projectIri) match { - case Some(permissions) => permissions(PermissionADM.ProjectAdminAllPermission) + case Some(permissions) => permissions(PermissionADM.from(Permission.Administrative.ProjectAdminAll)) case None => false } @@ -582,8 +585,8 @@ case class PermissionsDataADM( case ResourceCreateOperation(resourceClassIri) => this.administrativePermissionsPerProject.get(insideProject) match { case Some(set) => - set(PermissionADM.ProjectResourceCreateAllPermission) || set( - PermissionADM.projectResourceCreateRestrictedPermission(resourceClassIri), + set(PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll)) || set( + PermissionADM.from(Permission.Administrative.ProjectResourceCreateRestricted, resourceClassIri), ) case None => { // println("FALSE: No administrative permissions defined for this project.") @@ -720,91 +723,16 @@ case class PermissionADM(name: String, additionalInformation: Option[IRI] = None */ object PermissionADM { - /////////////////////////////////////////////////////////////////////////// - // Administrative Permissions - /////////////////////////////////////////////////////////////////////////// + def from(permission: Permission): PermissionADM = + PermissionADM(permission.token, None, codeFrom(permission)) - val ProjectResourceCreateAllPermission: PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectResourceCreateAllPermission, - additionalInformation = None, - permissionCode = None, - ) - - def projectResourceCreateRestrictedPermission(restriction: IRI): PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectResourceCreateRestrictedPermission, - additionalInformation = Some(restriction), - permissionCode = None, - ) - - val ProjectAdminAllPermission: PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectAdminAllPermission, - additionalInformation = None, - permissionCode = None, - ) - - val ProjectAdminGroupAllPermission: PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectAdminGroupAllPermission, - additionalInformation = None, - permissionCode = None, - ) - - def projectAdminGroupRestrictedPermission(restriction: IRI): PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectAdminGroupRestrictedPermission, - additionalInformation = Some(restriction), - permissionCode = None, - ) - - val ProjectAdminRightsAllPermission: PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraAdmin.ProjectAdminRightsAllPermission, - additionalInformation = None, - permissionCode = None, - ) - - /////////////////////////////////////////////////////////////////////////// - // Object Access Permissions - /////////////////////////////////////////////////////////////////////////// - - def changeRightsPermission(restriction: IRI): PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraBase.ChangeRightsPermission, - additionalInformation = Some(restriction), - permissionCode = Some(8), - ) - - def deletePermission(restriction: IRI): PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraBase.DeletePermission, - additionalInformation = Some(restriction), - permissionCode = Some(7), - ) - - def modifyPermission(restriction: IRI): PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraBase.ModifyPermission, - additionalInformation = Some(restriction), - permissionCode = Some(6), - ) - - def viewPermission(restriction: IRI): PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraBase.ViewPermission, - additionalInformation = Some(restriction), - permissionCode = Some(2), - ) - - def restrictedViewPermission(restriction: IRI): PermissionADM = - PermissionADM( - name = OntologyConstants.KnoraBase.RestrictedViewPermission, - additionalInformation = Some(restriction), - permissionCode = Some(1), - ) + def from(permission: Permission, restriction: IRI): PermissionADM = + PermissionADM(permission.token, Some(restriction), codeFrom(permission)) + private def codeFrom(permission: Permission) = permission match { + case oa: Permission.ObjectAccess => Some(oa.code) + case _: Permission.Administrative => None + } } /** @@ -854,7 +782,6 @@ trait PermissionsADMJsonProtocol with TriplestoreJsonProtocol { implicit object PermissionProfileTypeFormat extends JsonFormat[PermissionProfileType] { - import PermissionProfileType.* /** * Not implemented. diff --git a/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesUtilADM.scala b/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesUtilADM.scala deleted file mode 100644 index c1cb0af090..0000000000 --- a/webapi/src/main/scala/org/knora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesUtilADM.scala +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright © 2021 - 2024 Swiss National Data and Service Center for the Humanities and/or DaSCH Service Platform contributors. - * SPDX-License-Identifier: Apache-2.0 - */ - -package org.knora.webapi.messages.admin.responder.permissionsmessages - -import dsp.errors.BadRequestException -import org.knora.webapi.IRI -import org.knora.webapi.messages.OntologyConstants.KnoraAdmin.AdministrativePermissionAbbreviations -import org.knora.webapi.messages.OntologyConstants.KnoraBase._ -import org.knora.webapi.slice.admin.domain.model.PermissionIri - -/** - * Providing helper methods. - */ -object PermissionsMessagesUtilADM { - - val PermissionTypeAndCodes: Map[String, Int] = Map( - RestrictedViewPermission -> 1, - ViewPermission -> 2, - ModifyPermission -> 6, - DeletePermission -> 7, - ChangeRightsPermission -> 8, - ) - - //////////////////// - // Helper Methods // - //////////////////// - - /** - * For administrative permission we only need the name parameter of each PermissionADM given in hasPermissions collection. - * This method, validates the content of hasPermissions collection by only keeping the values of name params. - * @param hasPermissions Set of the permissions. - */ - def verifyHasPermissionsAP(hasPermissions: Set[PermissionADM]): Set[PermissionADM] = { - val updatedPermissions = hasPermissions.map { permission => - if (!AdministrativePermissionAbbreviations.contains(permission.name)) - throw BadRequestException( - s"Invalid value for name parameter of hasPermissions: ${permission.name}, it should be one of " + - s"${AdministrativePermissionAbbreviations.toString}", - ) - PermissionADM( - name = permission.name, - additionalInformation = None, - permissionCode = None, - ) - } - updatedPermissions - } - - def checkPermissionIri(iri: IRI): IRI = PermissionIri.from(iri).fold(e => throw BadRequestException(e), _.value) -} diff --git a/webapi/src/main/scala/org/knora/webapi/messages/util/ConstructResponseUtilV2.scala b/webapi/src/main/scala/org/knora/webapi/messages/util/ConstructResponseUtilV2.scala index fa7e17eb5e..46b0b88cc4 100644 --- a/webapi/src/main/scala/org/knora/webapi/messages/util/ConstructResponseUtilV2.scala +++ b/webapi/src/main/scala/org/knora/webapi/messages/util/ConstructResponseUtilV2.scala @@ -38,7 +38,6 @@ import org.knora.webapi.messages.util.ConstructResponseUtilV2.ValueRdfData import org.knora.webapi.messages.util.ConstructResponseUtilV2.emptyFlatStatements import org.knora.webapi.messages.util.ConstructResponseUtilV2.emptyRdfPropertyValues import org.knora.webapi.messages.util.ConstructResponseUtilV2.emptyRdfResources -import org.knora.webapi.messages.util.PermissionUtilADM.EntityPermission import org.knora.webapi.messages.util.standoff.StandoffTagUtilV2 import org.knora.webapi.messages.v2.responder.listsmessages.NodeGetRequestV2 import org.knora.webapi.messages.v2.responder.listsmessages.NodeGetResponseV2 @@ -52,6 +51,7 @@ import org.knora.webapi.messages.v2.responder.standoffmessages.GetXSLTransformat import org.knora.webapi.messages.v2.responder.standoffmessages.MappingXMLtoStandoff import org.knora.webapi.messages.v2.responder.valuemessages._ import org.knora.webapi.slice.admin.domain.model.KnoraProject.ProjectIri +import org.knora.webapi.slice.admin.domain.model.Permission import org.knora.webapi.slice.admin.domain.model.User import org.knora.webapi.slice.admin.domain.service.ProjectService import org.knora.webapi.slice.resources.IiifImageRequestUrl @@ -360,7 +360,7 @@ object ConstructResponseUtilV2 { valueObjectClass: SmartIri, nestedResource: Option[ResourceWithValueRdfData] = None, isIncomingLink: Boolean = false, - userPermission: EntityPermission, + userPermission: Permission.ObjectAccess, assertions: FlatPredicateObjects, standoff: FlatStatements, ) extends RdfData @@ -378,7 +378,7 @@ object ConstructResponseUtilV2 { subjectIri: IRI, assertions: FlatPredicateObjects, isMainResource: Boolean, - userPermission: Option[EntityPermission], + userPermission: Option[Permission.ObjectAccess], valuePropertyAssertions: RdfPropertyValues, ) extends RdfData @@ -412,7 +412,10 @@ object ConstructResponseUtilV2 { * @param assertions RDF assertions about the entity. * @param maybeUserPermission the user's permission on the entity, if any. */ - case class RdfWithUserPermission(assertions: ConstructPredicateObjects, maybeUserPermission: Option[EntityPermission]) + case class RdfWithUserPermission( + assertions: ConstructPredicateObjects, + maybeUserPermission: Option[Permission.ObjectAccess], + ) } @@ -517,7 +520,7 @@ final case class ConstructResponseUtilV2Live( case (pred: SmartIri, objs: Seq[LiteralV2]) => pred -> objs.head } - val userPermission: Option[EntityPermission] = + val userPermission: Option[Permission.ObjectAccess] = PermissionUtilADM.getUserPermissionFromConstructAssertionsADM(resourceIri, assertions, requestingUser) // Make a ResourceWithValueRdfData for each resource IRI. diff --git a/webapi/src/main/scala/org/knora/webapi/messages/util/PermissionUtilADM.scala b/webapi/src/main/scala/org/knora/webapi/messages/util/PermissionUtilADM.scala index 826a6f8e0c..7606148d9c 100644 --- a/webapi/src/main/scala/org/knora/webapi/messages/util/PermissionUtilADM.scala +++ b/webapi/src/main/scala/org/knora/webapi/messages/util/PermissionUtilADM.scala @@ -7,7 +7,6 @@ package org.knora.webapi.messages.util import com.typesafe.scalalogging.LazyLogging import zio.Task -import zio.URLayer import zio.ZIO import zio.ZLayer @@ -27,6 +26,7 @@ import org.knora.webapi.messages.store.triplestoremessages.LiteralV2 import org.knora.webapi.messages.store.triplestoremessages.SparqlExtendedConstructResponse.ConstructPredicateObjects import org.knora.webapi.messages.util.PermissionUtilADM.formatPermissionADMs import org.knora.webapi.messages.util.PermissionUtilADM.parsePermissions +import org.knora.webapi.slice.admin.domain.model.Permission import org.knora.webapi.slice.admin.domain.model.User /** @@ -34,131 +34,6 @@ import org.knora.webapi.slice.admin.domain.model.User */ object PermissionUtilADM extends LazyLogging { - // TODO: unify EntityPermission with PermissionADM. - - /** - * Represents a permission granted to a group on an entity. The `toString` method of an `EntityPermission` - * returns one of the codes in [[OntologyConstants.KnoraBase.EntityPermissionAbbreviations]]. - */ - sealed trait EntityPermission extends Ordered[EntityPermission] { - - /** - * Represents this [[EntityPermission]] as an integer, as required by Knora API v1. - */ - def toInt: Int - - override def compare(that: EntityPermission): Int = this.toInt - that.toInt - - def getName: String - - def toPermissionADM(groupIri: IRI): PermissionADM - } - - /** - * Represents restricted view permission on an entity. - */ - case object RestrictedViewPermission extends EntityPermission { - override def toInt: Int = 1 - - override def toString: String = OntologyConstants.KnoraBase.RestrictedViewPermission - - override val getName: String = "restricted view permission" - - override def toPermissionADM(groupIri: IRI): PermissionADM = - PermissionADM.restrictedViewPermission(groupIri) - } - - /** - * Represents unrestricted view permission on an entity. - */ - case object ViewPermission extends EntityPermission { - override def toInt: Int = 2 - - override def toString: String = OntologyConstants.KnoraBase.ViewPermission - - override val getName: String = "view permission" - - override def toPermissionADM(groupIri: IRI): PermissionADM = - PermissionADM.viewPermission(groupIri) - } - - /** - * Represents modify permission on an entity. - */ - case object ModifyPermission extends EntityPermission { - override def toInt: Int = 6 - - override def toString: String = OntologyConstants.KnoraBase.ModifyPermission - - override val getName: String = "modify permission" - - override def toPermissionADM(groupIri: IRI): PermissionADM = - PermissionADM.modifyPermission(groupIri) - } - - /** - * Represents delete permission on an entity. - */ - case object DeletePermission extends EntityPermission { - override def toInt: Int = 7 - - override def toString: String = OntologyConstants.KnoraBase.DeletePermission - - override val getName: String = "delete permission" - - override def toPermissionADM(groupIri: IRI): PermissionADM = - PermissionADM.deletePermission(groupIri) - } - - /** - * Represents permission to change the permissions on an entity. - */ - case object ChangeRightsPermission extends EntityPermission { - override def toInt: Int = 8 - - override def toString: String = OntologyConstants.KnoraBase.ChangeRightsPermission - - override val getName: String = "change rights permission" - - override def toPermissionADM(groupIri: IRI): PermissionADM = - PermissionADM.changeRightsPermission(groupIri) - } - - /** - * The highest permission, i.e. the one that is least restrictive. - */ - private val MaxPermissionLevel: EntityPermission = ChangeRightsPermission - - private val permissionStringsToPermissionLevels: Map[String, EntityPermission] = Set( - RestrictedViewPermission, - ViewPermission, - ModifyPermission, - DeletePermission, - ChangeRightsPermission, - ).map { level => - level.toString -> level - }.toMap - - /** - * A set of assertions that are relevant for calculating permissions. - */ - private val permissionRelevantAssertions = Set( - OntologyConstants.KnoraBase.AttachedToUser, - OntologyConstants.KnoraBase.AttachedToProject, - OntologyConstants.KnoraBase.HasPermissions, - ) - - /** - * Given the IRI of an RDF property, returns `true` if the property is relevant to calculating permissions. This - * is the case if the property is [[OntologyConstants.KnoraBase.AttachedToUser]], - * [[OntologyConstants.KnoraBase.AttachedToProject]], or - * or [[OntologyConstants.KnoraBase.HasPermissions]]. - * - * @param p the IRI of the property. - * @return `true` if the property is relevant to calculating permissions. - */ - def isPermissionRelevant(p: IRI): Boolean = permissionRelevantAssertions.contains(p) - /** * Calculates the highest permission level a user can be granted on a entity. * @@ -168,18 +43,18 @@ object PermissionUtilADM extends LazyLogging { * on the entity. */ private def calculateHighestGrantedPermissionLevel( - entityPermissions: Map[EntityPermission, Set[IRI]], + entityPermissions: Map[Permission.ObjectAccess, Set[IRI]], userGroups: Set[IRI], - ): Option[EntityPermission] = { + ): Option[Permission.ObjectAccess] = { // Make a set of all the permissions the user can obtain for this entity. - val permissionLevels: Set[EntityPermission] = entityPermissions.foldLeft(Set.empty[EntityPermission]) { - case (acc, (permissionLevel, grantedToGroups)) => + val permissionLevels: Set[Permission.ObjectAccess] = + entityPermissions.foldLeft(Set.empty[Permission.ObjectAccess]) { case (acc, (permissionLevel, grantedToGroups)) => if (grantedToGroups.intersect(userGroups).nonEmpty) { acc + permissionLevel } else { acc } - } + } if (permissionLevels.nonEmpty) { // The user has some permissions; return the code of the highest one. @@ -191,13 +66,13 @@ object PermissionUtilADM extends LazyLogging { } /** - * Determines the permissions that a user has on a entity, and returns an [[EntityPermission]]. + * Determines the permissions that a user has on a entity, and returns an [[Permission.ObjectAccess]]. * * @param entityCreator the IRI of the user that created the entity. * @param entityProject the IRI of the entity's project. * @param entityPermissionLiteral the literal that is the object of the entity's `knora-base:hasPermissions` predicate. * @param requestingUser the user making the request. - * @return an [[EntityPermission]] representing the user's permission level for the entity, or `None` if the user + * @return an [[Permission.ObjectAccess]] representing the user's permission level for the entity, or `None` if the user * has no permissions on the entity. */ def getUserPermissionADM( @@ -205,16 +80,16 @@ object PermissionUtilADM extends LazyLogging { entityProject: IRI, entityPermissionLiteral: String, requestingUser: User, - ): Option[EntityPermission] = { + ): Option[Permission.ObjectAccess] = { val maybePermissionLevel = if ( requestingUser.isSystemUser || requestingUser.isSystemAdmin || requestingUser.permissions .hasProjectAdminAllPermissionFor(entityProject) ) { // If the user is the system user, is in the SystemAdmin group, or has ProjectAdminAllPermission, just give them the maximum permission. - Some(MaxPermissionLevel) + Some(Permission.ObjectAccess.maxPermission) } else { - val entityPermissions: Map[EntityPermission, Set[IRI]] = parsePermissions(entityPermissionLiteral) + val entityPermissions: Map[Permission.ObjectAccess, Set[IRI]] = parsePermissions(entityPermissionLiteral) // Make a list of all the groups (both built-in and custom) that the user belongs to in relation // to the entity. @@ -282,7 +157,6 @@ object PermissionUtilADM extends LazyLogging { * - [[AEqualToB]] if `permissionLiteralA` and `permissionLiteralB` would give the user the same permission. * - [[AGreaterThanB]] if the user would have a higher permission with `permissionLiteralA`. * - * @param entityCreator the IRI of the user that created the entity. * @param entityProject the IRI of the entity's project. * @param permissionLiteralA the first permission string. * @param permissionLiteralB the second permission string. @@ -295,14 +169,14 @@ object PermissionUtilADM extends LazyLogging { permissionLiteralB: String, requestingUser: User, ): PermissionComparisonResult = { - val maybePermissionA: Option[EntityPermission] = getUserPermissionADM( + val maybePermissionA: Option[Permission.ObjectAccess] = getUserPermissionADM( entityCreator = requestingUser.id, entityProject = entityProject, entityPermissionLiteral = permissionLiteralA, requestingUser = requestingUser, ) - val maybePermissionB: Option[EntityPermission] = getUserPermissionADM( + val maybePermissionB: Option[Permission.ObjectAccess] = getUserPermissionADM( entityCreator = requestingUser.id, entityProject = entityProject, entityPermissionLiteral = permissionLiteralB, @@ -314,7 +188,7 @@ object PermissionUtilADM extends LazyLogging { case (None, Some(_)) => ALessThanB case (Some(_), None) => AGreaterThanB - case (Some(permissionA: EntityPermission), Some(permissionB: EntityPermission)) => + case (Some(permissionA: Permission.ObjectAccess), Some(permissionB: Permission.ObjectAccess)) => if (permissionA == permissionB) { AEqualToB } else if (permissionA < permissionB) { @@ -327,7 +201,7 @@ object PermissionUtilADM extends LazyLogging { /** * Given data from a [[org.knora.webapi.messages.store.triplestoremessages.SparqlExtendedConstructResponse]], determines the permissions that a user has on a entity, - * and returns an [[EntityPermission]]. + * and returns an [[Permission.ObjectAccess]]. * * @param entityIri the IRI of the entity. * @param assertions a [[Seq]] containing all the permission-relevant predicates and objects @@ -344,7 +218,7 @@ object PermissionUtilADM extends LazyLogging { entityIri: IRI, assertions: ConstructPredicateObjects, requestingUser: User, - ): Option[EntityPermission] = { + ): Option[Permission.ObjectAccess] = { val assertionsAsStrings: Seq[(IRI, String)] = assertions.toSeq.flatMap { case (pred: SmartIri, objs: Seq[LiteralV2]) => objs.map { obj => @@ -360,7 +234,7 @@ object PermissionUtilADM extends LazyLogging { } /** - * Determines the permissions that a user has on a entity, and returns an [[EntityPermission]]. + * Determines the permissions that a user has on a entity, and returns an [[Permission.ObjectAccess]]. * * @param entityIri the IRI of the entity. * @param assertions a [[Seq]] containing all the permission-relevant predicates and objects @@ -377,7 +251,7 @@ object PermissionUtilADM extends LazyLogging { entityIri: IRI, assertions: Seq[(IRI, String)], requestingUser: User, - ): Option[EntityPermission] = { + ): Option[Permission.ObjectAccess] = { // Get the entity's creator, project, and permissions. val assertionMap: Map[IRI, String] = assertions.toMap @@ -407,16 +281,14 @@ object PermissionUtilADM extends LazyLogging { * Parses the literal object of the predicate `knora-base:hasPermissions`. * * @param permissionLiteral the literal to parse. - * @return a [[Map]] in which the keys are permission abbreviations in - * [[OntologyConstants.KnoraBase.EntityPermissionAbbreviations]], and the values are sets of - * user group IRIs. + * @return a [[Map]] in which the keys are permission tokens, and the values are sets of user group IRIs. */ def parsePermissions( permissionLiteral: String, errorFun: String => Nothing = { (permissionLiteral: String) => throw InconsistentRepositoryDataException(s"invalid permission literal: $permissionLiteral") }, - ): Map[EntityPermission, Set[IRI]] = { + ): Map[Permission.ObjectAccess, Set[IRI]] = { val permissions: Seq[String] = permissionLiteral.split(OntologyConstants.KnoraBase.PermissionListDelimiter).toIndexedSeq @@ -428,16 +300,15 @@ object PermissionUtilADM extends LazyLogging { } val abbreviation: String = splitPermission(0) - - if (!OntologyConstants.KnoraBase.EntityPermissionAbbreviations.contains(abbreviation)) { - errorFun(permissionLiteral) - } + val perm = Permission.ObjectAccess + .fromToken(abbreviation) + .getOrElse(errorFun(permissionLiteral)) val shortGroups: Set[String] = splitPermission(1).split(OntologyConstants.KnoraBase.GroupListDelimiter).toSet val groups = shortGroups.map( _.replace(OntologyConstants.KnoraAdmin.KnoraAdminPrefix, OntologyConstants.KnoraAdmin.KnoraAdminPrefixExpansion), ) - (permissionStringsToPermissionLevels(abbreviation), groups) + (perm, groups) }.toMap } @@ -445,8 +316,7 @@ object PermissionUtilADM extends LazyLogging { * Parses the literal object of the predicate `knora-base:hasPermissions`. * * @param maybePermissionListStr the literal to parse. - * @return a [[Map]] in which the keys are permission abbreviations in - * [[OntologyConstants.KnoraBase.EntityPermissionAbbreviations]], and the values are sets of + * @return a [[Map]] in which the keys are permission tokens, and the values are sets of * user group IRIs. */ def parsePermissionsWithType( @@ -466,7 +336,7 @@ object PermissionUtilADM extends LazyLogging { permissionType match { case PermissionType.AP => - if (!OntologyConstants.KnoraAdmin.AdministrativePermissionAbbreviations.contains(abbreviation)) { + if (Permission.Administrative.fromToken(abbreviation).isEmpty) { throw InconsistentRepositoryDataException(s"Unrecognized permission abbreviation '$abbreviation'") } @@ -487,7 +357,7 @@ object PermissionUtilADM extends LazyLogging { } case PermissionType.OAP => - if (!OntologyConstants.KnoraBase.EntityPermissionAbbreviations.contains(abbreviation)) { + if (!Permission.ObjectAccess.allTokens.contains(abbreviation)) { throw InconsistentRepositoryDataException(s"Unrecognized permission abbreviation '$abbreviation'") } val shortGroups: Array[String] = @@ -517,63 +387,64 @@ object PermissionUtilADM extends LazyLogging { */ def buildPermissionObject(name: String, iris: Set[IRI]): Set[PermissionADM] = name match { - case OntologyConstants.KnoraAdmin.ProjectResourceCreateAllPermission => - Set(PermissionADM.ProjectResourceCreateAllPermission) + case Permission.Administrative.ProjectResourceCreateAll.token => + Set(PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll)) - case OntologyConstants.KnoraAdmin.ProjectResourceCreateRestrictedPermission => + case Permission.Administrative.ProjectResourceCreateRestricted.token => if (iris.nonEmpty) { logger.debug(s"buildPermissionObject - ProjectResourceCreateRestrictedPermission - iris: $iris") - iris.map(iri => PermissionADM.projectResourceCreateRestrictedPermission(iri)) + iris.map(iri => PermissionADM.from(Permission.Administrative.ProjectResourceCreateRestricted, iri)) } else { throw InconsistentRepositoryDataException(s"Missing additional permission information.") } - case OntologyConstants.KnoraAdmin.ProjectAdminAllPermission => Set(PermissionADM.ProjectAdminAllPermission) + case Permission.Administrative.ProjectAdminAll.token => + Set(PermissionADM.from(Permission.Administrative.ProjectAdminAll)) - case OntologyConstants.KnoraAdmin.ProjectAdminGroupAllPermission => - Set(PermissionADM.ProjectAdminGroupAllPermission) + case Permission.Administrative.ProjectAdminGroupAll.token => + Set(PermissionADM.from(Permission.Administrative.ProjectAdminGroupAll)) - case OntologyConstants.KnoraAdmin.ProjectAdminGroupRestrictedPermission => + case Permission.Administrative.ProjectAdminGroupRestricted.token => if (iris.nonEmpty) { - iris.map(iri => PermissionADM.projectAdminGroupRestrictedPermission(iri)) + iris.map(PermissionADM.from(Permission.Administrative.ProjectAdminGroupRestricted, _)) } else { throw InconsistentRepositoryDataException(s"Missing additional permission information.") } - case OntologyConstants.KnoraAdmin.ProjectAdminRightsAllPermission => - Set(PermissionADM.ProjectAdminRightsAllPermission) + case Permission.Administrative.ProjectAdminRightsAll.token => + Set(PermissionADM.from(Permission.Administrative.ProjectAdminRightsAll)) - case OntologyConstants.KnoraBase.ChangeRightsPermission => + case Permission.ObjectAccess.ChangeRights.token => if (iris.nonEmpty) { - iris.map(iri => PermissionADM.changeRightsPermission(iri)) + iris.map(iri => PermissionADM.from(Permission.ObjectAccess.ChangeRights, iri)) } else { throw InconsistentRepositoryDataException(s"Missing additional permission information.") } - case OntologyConstants.KnoraBase.DeletePermission => + case Permission.ObjectAccess.Delete.token => if (iris.nonEmpty) { - iris.map(iri => PermissionADM.deletePermission(iri)) + iris.map(iri => PermissionADM.from(Permission.ObjectAccess.Delete, iri)) } else { throw InconsistentRepositoryDataException(s"Missing additional permission information.") } - case OntologyConstants.KnoraBase.ModifyPermission => + case Permission.ObjectAccess.Modify.token => if (iris.nonEmpty) { - iris.map(iri => PermissionADM.modifyPermission(iri)) + iris.map(iri => PermissionADM.from(Permission.ObjectAccess.Modify, iri)) } else { throw InconsistentRepositoryDataException(s"Missing additional permission information.") } - case OntologyConstants.KnoraBase.ViewPermission => + case Permission.ObjectAccess.View.token => if (iris.nonEmpty) { - iris.map(iri => PermissionADM.viewPermission(iri)) + iris.map(iri => PermissionADM.from(Permission.ObjectAccess.View, iri)) } else { throw InconsistentRepositoryDataException(s"Missing additional permission information.") } - case OntologyConstants.KnoraBase.RestrictedViewPermission => + case Permission.ObjectAccess.RestrictedView.token => if (iris.nonEmpty) { - iris.map(iri => PermissionADM.restrictedViewPermission(iri)) + iris.map(iri => PermissionADM.from(Permission.ObjectAccess.RestrictedView, iri)) } else { throw InconsistentRepositoryDataException(s"Missing additional permission information.") } @@ -585,40 +456,8 @@ object PermissionUtilADM extends LazyLogging { * @param permissions the sequence of permissions with possible duplicates. * @return a set containing only unique permission. */ - def removeDuplicatePermissions(permissions: Seq[PermissionADM]): Set[PermissionADM] = { - - val result = permissions.groupBy(perm => perm.name + perm.additionalInformation).map { case (_, v) => v.head }.toSet - // log.debug(s"removeDuplicatePermissions - result: $result") - result - } - - /** - * Helper method used to remove lesser permissions, i.e. permissions which are already given by - * the highest permission. - * - * @param permissions a set of permissions possibly containing lesser permissions. - * @param permissionType the type of permissions. - * @return a set of permissions without possible lesser permissions. - */ - def removeLesserPermissions(permissions: Set[PermissionADM], permissionType: PermissionType): Set[PermissionADM] = - permissionType match { - case PermissionType.OAP => - if (permissions.nonEmpty) { - /* Handling object access permissions which always have 'additionalInformation' and 'permissionCode' set */ - permissions - .groupBy(_.additionalInformation) - .map { case (_, perms) => - // sort in descending order and then take the first one (the highest permission) - perms.toArray.sortWith(_.permissionCode.get > _.permissionCode.get).head - } - .toSet - } else { - Set.empty[PermissionADM] - } - - case PermissionType.AP => ??? - case PermissionType.DOAP => ??? - } + def removeDuplicatePermissions(permissions: Seq[PermissionADM]): Set[PermissionADM] = + permissions.groupBy(perm => perm.name + perm.additionalInformation).map { case (_, v) => v.head }.toSet /** * Helper method used to transform a set of permissions into a permissions string ready to be written into the @@ -633,7 +472,7 @@ object PermissionUtilADM extends LazyLogging { case PermissionType.OAP => if (permissions.nonEmpty) { - /* a map with permission names, shortened groups, and full group names. */ + /* a levelsByToken with permission names, shortened groups, and full group names. */ val groupedPermissions: Map[String, String] = permissions.groupBy(_.name).map { case (name: String, perms: Set[PermissionADM]) => val shortGroupsString = perms.toVector.sortBy(_.additionalInformation.get).foldLeft("") { @@ -655,7 +494,7 @@ object PermissionUtilADM extends LazyLogging { /* Sort permissions in descending order */ val sortedPermissions: Array[(String, String)] = groupedPermissions.toArray.sortWith { (left, right) => - permissionStringsToPermissionLevels(left._1) > permissionStringsToPermissionLevels(right._1) + Permission.ObjectAccess.codeByToken(left._1) > Permission.ObjectAccess.codeByToken(right._1) } /* create the permissions string */ @@ -688,23 +527,6 @@ object PermissionUtilADM extends LazyLogging { } case PermissionType.DOAP => ??? } - - ///////////////////////////////////////// - // API v1 methods - - /** - * Checks whether an integer permission code implies a particular permission property. - * - * @param userHasPermissionCode the integer permission code that the user has, or [[None]] if the user has no permissions - * (in which case this method returns `false`). - * @param userNeedsPermission the abbreviation of the permission that the user needs. - * @return `true` if the user has the needed permission. - */ - def impliesPermissionCodeV1(userHasPermissionCode: Option[Int], userNeedsPermission: String): Boolean = - userHasPermissionCode match { - case Some(permissionCode) => permissionCode >= permissionStringsToPermissionLevels(userNeedsPermission).toInt - case None => false - } } trait PermissionUtilADM { @@ -756,14 +578,11 @@ final case class PermissionUtilADMLive(messageRelay: MessageRelay, stringFormatt // Reformat the permission literal. permissionADMs: Set[PermissionADM] = parsedPermissions.flatMap { case (entityPermission, groupIris) => - groupIris.map { groupIri => - entityPermission.toPermissionADM(groupIri) - } + groupIris.map(PermissionADM.from(entityPermission, _)) }.toSet } yield formatPermissionADMs(permissions = permissionADMs, permissionType = PermissionType.OAP) } object PermissionUtilADMLive { - val layer: URLayer[StringFormatter & MessageRelay, PermissionUtilADMLive] = - ZLayer.fromFunction(PermissionUtilADMLive.apply _) + val layer = ZLayer.derive[PermissionUtilADMLive] } diff --git a/webapi/src/main/scala/org/knora/webapi/messages/v2/responder/resourcemessages/ResourceMessagesV2.scala b/webapi/src/main/scala/org/knora/webapi/messages/v2/responder/resourcemessages/ResourceMessagesV2.scala index c8b841ec88..f9089c3e62 100644 --- a/webapi/src/main/scala/org/knora/webapi/messages/v2/responder/resourcemessages/ResourceMessagesV2.scala +++ b/webapi/src/main/scala/org/knora/webapi/messages/v2/responder/resourcemessages/ResourceMessagesV2.scala @@ -24,7 +24,6 @@ import org.knora.webapi.messages.SmartIri import org.knora.webapi.messages.StringFormatter import org.knora.webapi.messages.ValuesValidator.xsdDateTimeStampToInstant import org.knora.webapi.messages.admin.responder.projectsmessages.Project -import org.knora.webapi.messages.util.PermissionUtilADM.EntityPermission import org.knora.webapi.messages.util._ import org.knora.webapi.messages.util.rdf._ import org.knora.webapi.messages.util.standoff.StandoffTagUtilV2 @@ -35,6 +34,7 @@ import org.knora.webapi.messages.v2.responder.resourcemessages.CreateResourceReq import org.knora.webapi.messages.v2.responder.standoffmessages.MappingXMLtoStandoff import org.knora.webapi.messages.v2.responder.valuemessages._ import org.knora.webapi.slice.admin.domain.model.KnoraProject.ProjectIri +import org.knora.webapi.slice.admin.domain.model.Permission import org.knora.webapi.slice.admin.domain.model.User import org.knora.webapi.slice.admin.domain.service.ProjectService import org.knora.webapi.slice.admin.domain.service.UserService @@ -383,7 +383,7 @@ case class ReadResourceV2( attachedToUser: IRI, projectADM: Project, permissions: String, - userPermission: EntityPermission, + userPermission: Permission.ObjectAccess, values: Map[SmartIri, Seq[ReadValueV2]], creationDate: Instant, lastModificationDate: Option[Instant], diff --git a/webapi/src/main/scala/org/knora/webapi/messages/v2/responder/valuemessages/ValueMessagesV2.scala b/webapi/src/main/scala/org/knora/webapi/messages/v2/responder/valuemessages/ValueMessagesV2.scala index e144a3a181..7dda89deff 100644 --- a/webapi/src/main/scala/org/knora/webapi/messages/v2/responder/valuemessages/ValueMessagesV2.scala +++ b/webapi/src/main/scala/org/knora/webapi/messages/v2/responder/valuemessages/ValueMessagesV2.scala @@ -31,7 +31,6 @@ import org.knora.webapi.messages.SmartIri import org.knora.webapi.messages.StringFormatter import org.knora.webapi.messages.ValuesValidator import org.knora.webapi.messages.admin.responder.projectsmessages.Project -import org.knora.webapi.messages.util.PermissionUtilADM.EntityPermission import org.knora.webapi.messages.util._ import org.knora.webapi.messages.util.rdf._ import org.knora.webapi.messages.util.standoff.StandoffStringUtil @@ -46,6 +45,7 @@ import org.knora.webapi.routing.RouteUtilV2 import org.knora.webapi.routing.RouteUtilZ import org.knora.webapi.slice.admin.api.model.MaintenanceRequests.AssetId import org.knora.webapi.slice.admin.domain.model.KnoraProject.Shortcode +import org.knora.webapi.slice.admin.domain.model.Permission import org.knora.webapi.slice.admin.domain.model.User import org.knora.webapi.slice.resourceinfo.domain.IriConverter import org.knora.webapi.slice.resources.IiifImageRequestUrl @@ -342,7 +342,7 @@ sealed trait ReadValueV2 extends IOValueV2 { /** * The permission that the requesting user has on the value. */ - def userPermission: EntityPermission + def userPermission: Permission.ObjectAccess /** * The date when the value was created. @@ -493,7 +493,7 @@ case class ReadTextValueV2( valueIri: IRI, attachedToUser: IRI, permissions: String, - userPermission: EntityPermission, + userPermission: Permission.ObjectAccess, valueCreationDate: Instant, valueHasUUID: UUID, valueContent: TextValueContentV2, @@ -532,7 +532,7 @@ case class ReadLinkValueV2( valueIri: IRI, attachedToUser: IRI, permissions: String, - userPermission: EntityPermission, + userPermission: Permission.ObjectAccess, valueCreationDate: Instant, valueHasUUID: UUID, valueContent: LinkValueContentV2, @@ -569,7 +569,7 @@ case class ReadOtherValueV2( valueIri: IRI, attachedToUser: IRI, permissions: String, - userPermission: EntityPermission, + userPermission: Permission.ObjectAccess, valueCreationDate: Instant, valueHasUUID: UUID, valueContent: ValueContentV2, diff --git a/webapi/src/main/scala/org/knora/webapi/responders/admin/AssetPermissionsResponder.scala b/webapi/src/main/scala/org/knora/webapi/responders/admin/AssetPermissionsResponder.scala index 04f77e7623..bc03b7b1b1 100644 --- a/webapi/src/main/scala/org/knora/webapi/responders/admin/AssetPermissionsResponder.scala +++ b/webapi/src/main/scala/org/knora/webapi/responders/admin/AssetPermissionsResponder.scala @@ -73,7 +73,7 @@ final case class AssetPermissionsResponder( PermissionUtilADM .getUserPermissionFromAssertionsADM(fileValueIriSubject.toString, assertions, requestingUser) - .map(_.toInt) + .map(_.code) .getOrElse(0) } diff --git a/webapi/src/main/scala/org/knora/webapi/responders/admin/PermissionsResponderADM.scala b/webapi/src/main/scala/org/knora/webapi/responders/admin/PermissionsResponderADM.scala index e79188faa0..1b5d2ddde8 100644 --- a/webapi/src/main/scala/org/knora/webapi/responders/admin/PermissionsResponderADM.scala +++ b/webapi/src/main/scala/org/knora/webapi/responders/admin/PermissionsResponderADM.scala @@ -20,13 +20,11 @@ import org.knora.webapi.core.MessageHandler import org.knora.webapi.core.MessageRelay import org.knora.webapi.messages.IriConversions._ import org.knora.webapi.messages.OntologyConstants -import org.knora.webapi.messages.OntologyConstants.KnoraBase.EntityPermissionAbbreviations import org.knora.webapi.messages.ResponderRequest import org.knora.webapi.messages.SmartIri import org.knora.webapi.messages.StringFormatter import org.knora.webapi.messages.admin.responder.groupsmessages.GroupGetADM import org.knora.webapi.messages.admin.responder.permissionsmessages -import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionsMessagesUtilADM.PermissionTypeAndCodes import org.knora.webapi.messages.admin.responder.permissionsmessages._ import org.knora.webapi.messages.twirl.queries.sparql import org.knora.webapi.messages.util.KnoraSystemInstances.Users.SystemUser @@ -40,6 +38,7 @@ import org.knora.webapi.slice.admin.AdminConstants import org.knora.webapi.slice.admin.domain.model.Group import org.knora.webapi.slice.admin.domain.model.GroupIri import org.knora.webapi.slice.admin.domain.model.KnoraProject.ProjectIri +import org.knora.webapi.slice.admin.domain.model.Permission import org.knora.webapi.slice.admin.domain.model.PermissionIri import org.knora.webapi.slice.admin.domain.model.User import org.knora.webapi.slice.admin.domain.service.KnoraProjectService @@ -103,7 +102,7 @@ trait PermissionsResponderADM { * Delete a permission. * * @param permissionIri the IRI of the permission. - * @param requestingUser the [[UserADM]] of the requesting user. + * @param requestingUser the [[User]] of the requesting user. * @param apiRequestID the API request ID. * @return [[PermissionDeleteResponseADM]]. * fails with an UpdateNotPerformedException if permission was in use and could not be deleted or something else went wrong. @@ -708,9 +707,30 @@ final case class PermissionsResponderADMLive( GroupIri.from(req.forGroup).getOrElse(throw BadRequestException(s"Invalid group IRI ${req.forGroup}")) } - PermissionsMessagesUtilADM.verifyHasPermissionsAP(req.hasPermissions) + verifyHasPermissionsAP(req.hasPermissions) + }.unit + /** + * For administrative permission we only need the name parameter of each PermissionADM given in hasPermissions collection. + * This method validates the content of hasPermissions collection by only keeping the values of name params. + * @param hasPermissions Set of the permissions. + */ + private def verifyHasPermissionsAP(hasPermissions: Set[PermissionADM]): Set[PermissionADM] = + hasPermissions + .map(_.name) + .map { name => + Permission.Administrative + .fromToken(name) + .getOrElse( + throw BadRequestException( + s"Invalid value for name parameter of hasPermissions: $name, it should be one of " + s"${Permission.Administrative.allTokens + .mkString(", ")}", + ), + ) + } + .map(PermissionADM.from) + override def createAdministrativePermission( createRequest: CreateAdministrativePermissionAPIRequestADM, requestingUser: User, @@ -1419,7 +1439,7 @@ final case class PermissionsResponderADMLive( _ = if (permissionsListBuffer.isEmpty) { val defaultFallbackPermission = Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.Creator), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.Creator), ) permissionsListBuffer += (("Fallback", defaultFallbackPermission)) } else { @@ -1624,16 +1644,16 @@ final case class PermissionsResponderADMLive( validateDOAPHasPermissions(hasPermissions) hasPermissions.map { permission => val code: Int = permission.permissionCode match { - case None => PermissionTypeAndCodes(permission.name) + case None => Permission.ObjectAccess.codeByToken(permission.name) case Some(code) => code } - val name = permission.name.isEmpty match { - case true => - val nameCodeSet: Option[(String, Int)] = PermissionTypeAndCodes.find { case (_, code) => - code == permission.permissionCode.get - } - nameCodeSet.get._1 - case false => permission.name + val name = if (permission.name.isEmpty) { + val nameCodeSet: Option[(String, Int)] = Permission.ObjectAccess.codeByToken.find { case (_, code) => + code == permission.permissionCode.get + } + nameCodeSet.get._1 + } else { + permission.name } PermissionADM( name = name, @@ -1653,17 +1673,17 @@ final case class PermissionsResponderADMLive( if (permission.additionalInformation.isEmpty) { throw BadRequestException(s"additionalInformation of a default object access permission type cannot be empty.") } - if (permission.name.nonEmpty && !EntityPermissionAbbreviations.contains(permission.name)) + if (permission.name.nonEmpty && !Permission.ObjectAccess.allTokens(permission.name)) throw BadRequestException( s"Invalid value for name parameter of hasPermissions: ${permission.name}, it should be one of " + - s"${EntityPermissionAbbreviations.toString}", + s"${Permission.ObjectAccess.allTokens.mkString(", ")}", ) if (permission.permissionCode.nonEmpty) { val code = permission.permissionCode.get - if (!PermissionTypeAndCodes.values.toSet.contains(code)) { + if (Permission.ObjectAccess.from(code).isEmpty) { throw BadRequestException( s"Invalid value for permissionCode parameter of hasPermissions: $code, it should be one of " + - s"${PermissionTypeAndCodes.values.toString}", + s"${Permission.ObjectAccess.allCodes.mkString(", ")}", ) } } @@ -1674,7 +1694,7 @@ final case class PermissionsResponderADMLive( } if (permission.permissionCode.nonEmpty && permission.name.nonEmpty) { val code = permission.permissionCode.get - if (PermissionTypeAndCodes(permission.name) != code) { + if (!Permission.ObjectAccess.fromToken(permission.name).map(_.code).contains(code)) { throw BadRequestException( s"Given permission code $code and permission name ${permission.name} are not consistent.", ) @@ -1818,7 +1838,7 @@ final case class PermissionsResponderADMLive( case ap: AdministrativePermissionADM => // Yes. val verifiedPermissions = - PermissionsMessagesUtilADM.verifyHasPermissionsAP(newHasPermissions.toSet) + verifyHasPermissionsAP(newHasPermissions.toSet) for { formattedPermissions <- ZIO.attempt( @@ -2217,8 +2237,10 @@ final case class PermissionsResponderADMLive( CreateAdministrativePermissionAPIRequestADM( forProject = projectIri.value, forGroup = OntologyConstants.KnoraAdmin.ProjectAdmin, - hasPermissions = - Set(PermissionADM.ProjectAdminAllPermission, PermissionADM.ProjectResourceCreateAllPermission), + hasPermissions = Set( + PermissionADM.from(Permission.Administrative.ProjectAdminAll), + PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll), + ), ), SystemUser, UUID.randomUUID(), @@ -2229,7 +2251,7 @@ final case class PermissionsResponderADMLive( CreateAdministrativePermissionAPIRequestADM( forProject = projectIri.value, forGroup = OntologyConstants.KnoraAdmin.ProjectMember, - hasPermissions = Set(PermissionADM.ProjectResourceCreateAllPermission), + hasPermissions = Set(PermissionADM.from(Permission.Administrative.ProjectResourceCreateAll)), ), SystemUser, UUID.randomUUID(), @@ -2242,8 +2264,8 @@ final case class PermissionsResponderADMLive( forProject = projectIri.value, forGroup = Some(OntologyConstants.KnoraAdmin.ProjectAdmin), hasPermissions = Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.ProjectAdmin), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.ProjectAdmin), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), ), ), SystemUser, @@ -2257,8 +2279,8 @@ final case class PermissionsResponderADMLive( forProject = projectIri.value, forGroup = Some(OntologyConstants.KnoraAdmin.ProjectMember), hasPermissions = Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.ProjectAdmin), - PermissionADM.modifyPermission(OntologyConstants.KnoraAdmin.ProjectMember), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.ProjectAdmin), + PermissionADM.from(Permission.ObjectAccess.Modify, OntologyConstants.KnoraAdmin.ProjectMember), ), ), SystemUser, diff --git a/webapi/src/main/scala/org/knora/webapi/responders/v2/ResourceUtilV2.scala b/webapi/src/main/scala/org/knora/webapi/responders/v2/ResourceUtilV2.scala index f3a51fe164..2bc46a467b 100644 --- a/webapi/src/main/scala/org/knora/webapi/responders/v2/ResourceUtilV2.scala +++ b/webapi/src/main/scala/org/knora/webapi/responders/v2/ResourceUtilV2.scala @@ -22,13 +22,13 @@ import org.knora.webapi.messages.store.sipimessages.MoveTemporaryFileToPermanent import org.knora.webapi.messages.twirl.queries.sparql import org.knora.webapi.messages.util.KnoraSystemInstances import org.knora.webapi.messages.util.PermissionUtilADM -import org.knora.webapi.messages.util.PermissionUtilADM.EntityPermission import org.knora.webapi.messages.v2.responder.SuccessResponseV2 import org.knora.webapi.messages.v2.responder.UpdateResultInProject import org.knora.webapi.messages.v2.responder.resourcemessages.ReadResourceV2 import org.knora.webapi.messages.v2.responder.valuemessages.FileValueContentV2 import org.knora.webapi.messages.v2.responder.valuemessages.ReadValueV2 import org.knora.webapi.messages.v2.responder.valuemessages.StillImageExternalFileValueContentV2 +import org.knora.webapi.slice.admin.domain.model.Permission import org.knora.webapi.slice.admin.domain.model.User import org.knora.webapi.store.triplestore.api.TriplestoreService import org.knora.webapi.store.triplestore.api.TriplestoreService.Queries.Construct @@ -42,13 +42,13 @@ trait ResourceUtilV2 { * Checks that a user has the specified permission on a resource. * * @param resourceInfo the resource to be updated. - * @param permissionNeeded the necessary EntityPermission, + * @param permissionNeeded the necessary Permission.ObjectAccess, * @param requestingUser the requesting user. * @return [[ForbiddenException]] if user does not have permission needed on the resource. */ def checkResourcePermission( resourceInfo: ReadResourceV2, - permissionNeeded: EntityPermission, + permissionNeeded: Permission.ObjectAccess, requestingUser: User, ): IO[ForbiddenException, Unit] @@ -57,14 +57,14 @@ trait ResourceUtilV2 { * * @param resourceInfo the resource containing the value. * @param valueInfo the value to be updated. - * @param permissionNeeded the necessary EntityPermission, + * @param permissionNeeded the necessary Permission.ObjectAccess, * @param requestingUser the requesting user. * @return [[ForbiddenException]] if user does not have permissions on the value. */ def checkValuePermission( resourceInfo: ReadResourceV2, valueInfo: ReadValueV2, - permissionNeeded: EntityPermission, + permissionNeeded: Permission.ObjectAccess, requestingUser: User, ): IO[ForbiddenException, Unit] @@ -124,15 +124,15 @@ final case class ResourceUtilV2Live(triplestore: TriplestoreService, messageRela * Checks that a user has the specified permission on a resource. * * @param resourceInfo the resource to be updated. - * @param permissionNeeded the necessary EntityPermission, + * @param permissionNeeded the necessary Permission.ObjectAccess, * @param requestingUser the requesting user. */ override def checkResourcePermission( resourceInfo: ReadResourceV2, - permissionNeeded: EntityPermission, + permissionNeeded: Permission.ObjectAccess, requestingUser: User, ): IO[ForbiddenException, Unit] = { - val maybeUserPermission: Option[EntityPermission] = PermissionUtilADM.getUserPermissionADM( + val maybeUserPermission: Option[Permission.ObjectAccess] = PermissionUtilADM.getUserPermissionADM( entityCreator = resourceInfo.attachedToUser, entityProject = resourceInfo.projectADM.id, entityPermissionLiteral = resourceInfo.permissions, @@ -140,14 +140,14 @@ final case class ResourceUtilV2Live(triplestore: TriplestoreService, messageRela ) val hasRequiredPermission: Boolean = maybeUserPermission match { - case Some(userPermission: EntityPermission) => userPermission >= permissionNeeded - case None => false + case Some(userPermission: Permission.ObjectAccess) => userPermission >= permissionNeeded + case None => false } ZIO .fail( ForbiddenException( - s"User ${requestingUser.email} does not have ${permissionNeeded.getName} on resource <${resourceInfo.resourceIri}>", + s"User ${requestingUser.email} does not have ${permissionNeeded.token} on resource <${resourceInfo.resourceIri}>", ), ) .when(!hasRequiredPermission) @@ -159,16 +159,16 @@ final case class ResourceUtilV2Live(triplestore: TriplestoreService, messageRela * * @param resourceInfo the resource containing the value. * @param valueInfo the value to be updated. - * @param permissionNeeded the necessary EntityPermission, + * @param permissionNeeded the necessary Permission.ObjectAccess, * @param requestingUser the requesting user. */ override def checkValuePermission( resourceInfo: ReadResourceV2, valueInfo: ReadValueV2, - permissionNeeded: EntityPermission, + permissionNeeded: Permission.ObjectAccess, requestingUser: User, ): IO[ForbiddenException, Unit] = { - val maybeUserPermission: Option[EntityPermission] = PermissionUtilADM.getUserPermissionADM( + val maybeUserPermission: Option[Permission.ObjectAccess] = PermissionUtilADM.getUserPermissionADM( entityCreator = valueInfo.attachedToUser, entityProject = resourceInfo.projectADM.id, entityPermissionLiteral = valueInfo.permissions, @@ -176,14 +176,14 @@ final case class ResourceUtilV2Live(triplestore: TriplestoreService, messageRela ) val hasRequiredPermission: Boolean = maybeUserPermission match { - case Some(userPermission: EntityPermission) => userPermission >= permissionNeeded - case None => false + case Some(userPermission: Permission.ObjectAccess) => userPermission >= permissionNeeded + case None => false } ZIO .fail( ForbiddenException( - s"User ${requestingUser.email} does not have ${permissionNeeded.getName} on value <${valueInfo.valueIri}>", + s"User ${requestingUser.email} does not have ${permissionNeeded.token} on value <${valueInfo.valueIri}>", ), ) .when(!hasRequiredPermission) diff --git a/webapi/src/main/scala/org/knora/webapi/responders/v2/ResourcesResponderV2.scala b/webapi/src/main/scala/org/knora/webapi/responders/v2/ResourcesResponderV2.scala index 5b59bbe739..d28d794bf0 100644 --- a/webapi/src/main/scala/org/knora/webapi/responders/v2/ResourcesResponderV2.scala +++ b/webapi/src/main/scala/org/knora/webapi/responders/v2/ResourcesResponderV2.scala @@ -27,8 +27,6 @@ import org.knora.webapi.messages.store.sipimessages.SipiGetTextFileRequest import org.knora.webapi.messages.store.sipimessages.SipiGetTextFileResponse import org.knora.webapi.messages.twirl.queries.sparql import org.knora.webapi.messages.util.ConstructResponseUtilV2.MappingAndXSLTransformation -import org.knora.webapi.messages.util.PermissionUtilADM.DeletePermission -import org.knora.webapi.messages.util.PermissionUtilADM.ModifyPermission import org.knora.webapi.messages.util._ import org.knora.webapi.messages.util.rdf._ import org.knora.webapi.messages.util.search.gravsearch.GravsearchParser @@ -45,6 +43,7 @@ import org.knora.webapi.responders.IriService import org.knora.webapi.responders.Responder import org.knora.webapi.responders.v2.resources.CreateResourceV2Handler import org.knora.webapi.slice.admin.domain.model.KnoraProject.ProjectIri +import org.knora.webapi.slice.admin.domain.model.Permission import org.knora.webapi.slice.admin.domain.model.User import org.knora.webapi.slice.admin.domain.service.KnoraProjectService import org.knora.webapi.slice.admin.domain.service.ProjectService @@ -238,7 +237,7 @@ final case class ResourcesResponderV2( // Check that the user has permission to modify the resource. _ <- resourceUtilV2.checkResourcePermission( resource, - ModifyPermission, + Permission.ObjectAccess.Modify, updateResourceMetadataRequestV2.requestingUser, ) @@ -383,7 +382,11 @@ final case class ResourcesResponderV2( } // Check that the user has permission to mark the resource as deleted. - _ <- resourceUtilV2.checkResourcePermission(resource, DeletePermission, deleteResourceV2.requestingUser) + _ <- resourceUtilV2.checkResourcePermission( + resource, + Permission.ObjectAccess.Delete, + deleteResourceV2.requestingUser, + ) // Get the IRI of the named graph in which the resource is stored. dataNamedGraph = ProjectService.projectDataNamedGraphV2(resource.projectADM).value diff --git a/webapi/src/main/scala/org/knora/webapi/responders/v2/ValuesResponderV2.scala b/webapi/src/main/scala/org/knora/webapi/responders/v2/ValuesResponderV2.scala index aa660efed1..66aa8241fc 100644 --- a/webapi/src/main/scala/org/knora/webapi/responders/v2/ValuesResponderV2.scala +++ b/webapi/src/main/scala/org/knora/webapi/responders/v2/ValuesResponderV2.scala @@ -38,6 +38,7 @@ import org.knora.webapi.messages.v2.responder.valuemessages._ import org.knora.webapi.responders.IriLocker import org.knora.webapi.responders.IriService import org.knora.webapi.responders.Responder +import org.knora.webapi.slice.admin.domain.model.Permission import org.knora.webapi.slice.admin.domain.model.User import org.knora.webapi.slice.admin.domain.service.ProjectService import org.knora.webapi.slice.ontology.domain.model.Cardinality.AtLeastOne @@ -177,7 +178,7 @@ final case class ValuesResponderV2Live( // Check that the user has permission to modify the resource. _ <- resourceUtilV2.checkResourcePermission( resourceInfo = resourceInfo, - permissionNeeded = ModifyPermission, + permissionNeeded = Permission.ObjectAccess.Modify, requestingUser = requestingUser, ) @@ -1014,7 +1015,7 @@ final case class ValuesResponderV2Live( // Validate and reformat the submitted permissions. newValuePermissionLiteral <- permissionUtilADM.validatePermissions(updateValuePermissionsV2.permissions) - // Check that the user has ChangeRightsPermission on the value, and that the new permissions are + // Check that the user has Permission.ObjectAccess.ChangeRights on the value, and that the new permissions are // different from the current ones. currentPermissionsParsed <- ZIO.attempt(PermissionUtilADM.parsePermissions(currentValue.permissions)) newPermissionsParsed <- @@ -1032,7 +1033,7 @@ final case class ValuesResponderV2Live( _ <- resourceUtilV2.checkValuePermission( resourceInfo = resourceInfo, valueInfo = currentValue, - permissionNeeded = ChangeRightsPermission, + permissionNeeded = Permission.ObjectAccess.ChangeRights, requestingUser = requestingUser, ) @@ -1102,7 +1103,7 @@ final case class ValuesResponderV2Live( } // Check that the user has permission to do the update. If they want to change the permissions - // on the value, they need ChangeRightsPermission, otherwise they need ModifyPermission. + // on the value, they need Permission.ObjectAccess.ChangeRights, otherwise they need Permission.ObjectAccess.Modify. currentPermissionsParsed <- ZIO.attempt(PermissionUtilADM.parsePermissions(currentValue.permissions)) newPermissionsParsed <- ZIO.attempt( @@ -1113,8 +1114,8 @@ final case class ValuesResponderV2Live( ) permissionNeeded = - if (newPermissionsParsed != currentPermissionsParsed) { ChangeRightsPermission } - else { ModifyPermission } + if (newPermissionsParsed != currentPermissionsParsed) { Permission.ObjectAccess.ChangeRights } + else { Permission.ObjectAccess.Modify } _ <- resourceUtilV2.checkValuePermission( resourceInfo = resourceInfo, @@ -1172,7 +1173,7 @@ final case class ValuesResponderV2Live( // check that the user has permission to modify the resource. resourceUtilV2.checkResourcePermission( resourceInfo = resourceInfo, - permissionNeeded = ModifyPermission, + permissionNeeded = Permission.ObjectAccess.Modify, requestingUser = requestingUser, ) @@ -1596,7 +1597,7 @@ final case class ValuesResponderV2Live( _ <- resourceUtilV2.checkValuePermission( resourceInfo = resourceInfo, valueInfo = currentValue, - permissionNeeded = DeletePermission, + permissionNeeded = Permission.ObjectAccess.Delete, requestingUser, ) @@ -2379,8 +2380,8 @@ final case class ValuesResponderV2Live( */ private lazy val standoffLinkValuePermissions: String = { val permissions: Set[PermissionADM] = Set( - PermissionADM.changeRightsPermission(OntologyConstants.KnoraAdmin.SystemUser), - PermissionADM.viewPermission(OntologyConstants.KnoraAdmin.UnknownUser), + PermissionADM.from(Permission.ObjectAccess.ChangeRights, OntologyConstants.KnoraAdmin.SystemUser), + PermissionADM.from(Permission.ObjectAccess.View, OntologyConstants.KnoraAdmin.UnknownUser), ) PermissionUtilADM.formatPermissionADMs(permissions, PermissionType.OAP) diff --git a/webapi/src/main/scala/org/knora/webapi/slice/admin/domain/model/Permission.scala b/webapi/src/main/scala/org/knora/webapi/slice/admin/domain/model/Permission.scala new file mode 100644 index 0000000000..bac17d2332 --- /dev/null +++ b/webapi/src/main/scala/org/knora/webapi/slice/admin/domain/model/Permission.scala @@ -0,0 +1,104 @@ +/* + * Copyright © 2021 - 2024 Swiss National Data and Service Center for the Humanities and/or DaSCH Service Platform contributors. + * SPDX-License-Identifier: Apache-2.0 + */ + +package org.knora.webapi.slice.admin.domain.model + +sealed trait Permission { + def token: String +} + +object Permission { + sealed trait ObjectAccess extends Ordered[ObjectAccess] with Permission { + self => + def code: Int + final override def compare(that: ObjectAccess): Int = self.code - that.code + final override def toString: String = token + } + + object ObjectAccess { + case object RestrictedView extends ObjectAccess { + override val token: String = "RV" + override val code: Int = 1 + } + + case object View extends ObjectAccess { + override val token: String = "V" + override val code: Int = 2 + } + + case object Modify extends ObjectAccess { + override val token: String = "M" + override val code: Int = 6 + } + + case object Delete extends ObjectAccess { + override val token: String = "D" + override val code: Int = 7 + } + + case object ChangeRights extends ObjectAccess { + override val token: String = "CR" + override val code: Int = 8 + } + + val maxPermission: ObjectAccess = ChangeRights + + def from(code: Int): Option[ObjectAccess] = all.find(_.code == code) + + def fromToken(token: String): Option[ObjectAccess] = all.find(_.token == token) + + val all: Set[ObjectAccess] = Set( + ObjectAccess.ChangeRights, + ObjectAccess.Delete, + ObjectAccess.Modify, + ObjectAccess.RestrictedView, + ObjectAccess.View, + ) + val allCodes: Set[Int] = all.map(_.code) + val allTokens: Set[String] = all.map(_.token) + val codeByToken: Map[String, Int] = all.map(p => p.token -> p.code).toMap + } + + sealed trait Administrative extends Permission + + object Administrative { + case object ProjectResourceCreateAll extends Administrative { + override val token: String = "ProjectResourceCreateAllPermission" + } + + case object ProjectResourceCreateRestricted extends Administrative { + override val token: String = "ProjectResourceCreateRestrictedPermission" + } + + case object ProjectAdminAll extends Administrative { + override val token: String = "ProjectAdminAllPermission" + } + + case object ProjectAdminGroupAll extends Administrative { + override val token: String = "ProjectAdminGroupAllPermission" + } + + case object ProjectAdminGroupRestricted extends Administrative { + override val token: String = "ProjectAdminGroupRestrictedPermission" + } + + case object ProjectAdminRightsAll extends Administrative { + override val token: String = "ProjectAdminRightsAllPermission" + } + + def fromToken(token: String): Option[Administrative] = all.find(_.token == token) + + val all: Set[Administrative] = Set( + Administrative.ProjectResourceCreateAll, + Administrative.ProjectResourceCreateRestricted, + Administrative.ProjectAdminAll, + Administrative.ProjectAdminGroupAll, + Administrative.ProjectAdminGroupRestricted, + Administrative.ProjectAdminRightsAll, + ) + + val allTokens: Set[String] = all.map(_.token) + } +} diff --git a/webapi/src/main/scala/org/knora/webapi/slice/admin/domain/model/PermissionIri.scala b/webapi/src/main/scala/org/knora/webapi/slice/admin/domain/model/PermissionIri.scala index 91382fc88e..3147cc108e 100644 --- a/webapi/src/main/scala/org/knora/webapi/slice/admin/domain/model/PermissionIri.scala +++ b/webapi/src/main/scala/org/knora/webapi/slice/admin/domain/model/PermissionIri.scala @@ -12,10 +12,12 @@ import dsp.valueobjects.Iri.isIri import dsp.valueobjects.UuidUtil import org.knora.webapi.messages.OntologyConstants.KnoraAdmin.DefaultPermissionProperties import org.knora.webapi.slice.admin.domain.model.KnoraProject.Shortcode +import org.knora.webapi.slice.common.StringValueCompanion +import org.knora.webapi.slice.common.Value.StringValue -final case class PermissionIri private (value: String) extends AnyVal +final case class PermissionIri private (value: String) extends AnyVal with StringValue -object PermissionIri { +object PermissionIri extends StringValueCompanion[PermissionIri] { implicit val tapirCodec: Codec[String, PermissionIri, CodecFormat.TextPlain] = Codec.string.mapEither(PermissionIri.from)(_.value) @@ -40,9 +42,6 @@ object PermissionIri { case _ => Left(s"Invalid permission IRI: $value.") } - def unsafeFrom(value: String): PermissionIri = - from(value).fold(msg => throw new IllegalArgumentException(msg), identity) - /** * Creates a new permission IRI based on a UUID. *