feat(core): filter by role

Added methods for filtering groups by user's role and its assignment.
CESNET · Oct 15, 2023 · 84e0ccd · 84e0ccd
1 parent 94adc3a
commit 84e0ccd
Show file tree

Hide file tree

Showing 15 changed files with 1,383 additions and 90 deletions.
diff --git a/perun-base/src/main/java/cz/metacentrum/perun/core/api/GroupsPageQuery.java b/perun-base/src/main/java/cz/metacentrum/perun/core/api/GroupsPageQuery.java
@@ -1,5 +1,7 @@
 package cz.metacentrum.perun.core.api;
 
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Objects;
 
 /**
@@ -14,6 +16,8 @@ public class GroupsPageQuery {
 	private GroupsOrderColumn sortColumn;
 	private String searchString = "";
 	private Integer memberId;
+	private List<String> roles = new ArrayList<>();
+	private List<RoleAssignmentType> types = new ArrayList<>();
 
 	public GroupsPageQuery() {}
 
@@ -37,6 +41,31 @@ public GroupsPageQuery(int pageSize, int offset, SortingOrder order, GroupsOrder
 		this.memberId = memberId;
 	}
 
+	public GroupsPageQuery(int pageSize, int offset, SortingOrder order, GroupsOrderColumn sortColumn, String searchString, Integer memberId, List<String> roles, List<RoleAssignmentType> types) {
+		this(pageSize, offset, order, sortColumn, searchString, memberId);
+		this.roles = roles;
+		this.types = types;
+	}
+
+	public GroupsPageQuery(int pageSize, int offset, SortingOrder order, GroupsOrderColumn sortColumn, String searchString, List<String> roles, List<RoleAssignmentType> types) {
+		this(pageSize, offset, order, sortColumn, searchString);
+		this.roles = roles;
+		this.types = types;
+	}
+
+	public GroupsPageQuery(int pageSize, int offset, SortingOrder order, GroupsOrderColumn sortColumn, List<String> roles, List<RoleAssignmentType> types) {
+		this(pageSize, offset, order, sortColumn);
+		this.roles = roles;
+		this.types = types;
+	}
+
+	public GroupsPageQuery(int pageSize, int offset, SortingOrder order, GroupsOrderColumn sortColumn, Integer memberId, List<String> roles, List<RoleAssignmentType> types) {
+		this(pageSize, offset, order, sortColumn);
+		this.memberId = memberId;
+		this.roles = roles;
+		this.types = types;
+	}
+
 	public int getPageSize() {
 		return pageSize;
 	}
@@ -83,6 +112,22 @@ public void setMemberId(Integer memberId) {
 		this.memberId = memberId;
 	}
 
+	public List<String> getRoles() {
+		return roles;
+	}
+
+	public void setRoles(List<String> roles) {
+		this.roles = roles;
+	}
+
+	public List<RoleAssignmentType> getTypes() {
+		return types;
+	}
+
+	public void setTypes(List<RoleAssignmentType> types) {
+		this.types = types;
+	}
+
 	@Override
 	public boolean equals(Object o) {
 		if (this == o) return true;
@@ -95,6 +140,8 @@ public boolean equals(Object o) {
 		if (getOrder() != that.getOrder()) return false;
 		if (getSortColumn() != that.getSortColumn()) return false;
 		if (!Objects.equals(getMemberId(), that.getMemberId())) return false;
+		if (getRoles() != that.getRoles()) return false;
+		if (getTypes() != that.getTypes()) return false;
 		return getSearchString().equals(that.getSearchString());
 	}
 
@@ -106,6 +153,8 @@ public int hashCode() {
 		result = 31 * result + (getSortColumn() != null ? getSortColumn().hashCode() : 0);
 		result = 31 * result + (getSearchString() != null ? getSearchString().hashCode() : 0);
 		result = 31 * result + (getMemberId() != null ? getMemberId().hashCode() : 0);
+		result = 31 * result + (getRoles() != null ? getRoles().hashCode() : 0);
+		result = 31 * result + (getTypes() != null ? getTypes().hashCode() : 0);
 		return result;
 	}
 }
diff --git a/perun-base/src/main/java/cz/metacentrum/perun/core/api/RoleAssignmentType.java b/perun-base/src/main/java/cz/metacentrum/perun/core/api/RoleAssignmentType.java
@@ -0,0 +1,6 @@
+package cz.metacentrum.perun.core.api;
+
+public enum RoleAssignmentType {
+	DIRECT,
+	INDIRECT
+}
diff --git a/perun-base/src/main/resources/perun-roles.yml b/perun-base/src/main/resources/perun-roles.yml
@@ -2265,6 +2265,21 @@ perun_policies:
     include_policies:
       - default_policy
 
+  getAllRichGroupsWithAttributesByNames_Vo_List<String>_List<String>_List<RoleAssignmentType>_policy:
+    policy_roles:
+      - RESOURCEADMIN: Vo
+      - RESOURCEOBSERVER: Vo
+      - GROUPADMIN: Vo
+      - GROUPOBSERVER: Vo
+      - GROUPMEMBERSHIPMANAGER: Vo
+      - PERUNOBSERVER:
+      - VOOBSERVER: Vo
+      - VOADMIN: Vo
+      - TOPGROUPCREATOR: Vo
+      - TRUSTEDFACILITYADMIN: Vo
+    include_policies:
+      - default_policy
+
   getMemberRichGroupsWithAttributesByNames_Member_List<String>_policy:
     policy_roles:
       - GROUPADMIN: Vo
@@ -2287,6 +2302,28 @@ perun_policies:
     include_policies:
       - default_policy
 
+  getMemberRichGroupsWithAttributesByNames_Member_List<String>_List<String>_List<RoleAssignmentType>_policy:
+    policy_roles:
+      - GROUPADMIN: Vo
+      - GROUPOBSERVER: Vo
+      - GROUPMEMBERSHIPMANAGER: Vo
+      - PERUNOBSERVER:
+      - VOOBSERVER: Vo
+      - VOADMIN: Vo
+    include_policies:
+      - default_policy
+
+  filter-getMemberRichGroupsWithAttributesByNames_Member_List<String>_List<String>_List<RoleAssignmentType>_policy:
+    policy_roles:
+      - GROUPADMIN: Group
+      - GROUPOBSERVER: Group
+      - GROUPMEMBERSHIPMANAGER: Group
+      - PERUNOBSERVER:
+      - VOOBSERVER: Vo
+      - VOADMIN: Vo
+    include_policies:
+      - default_policy
+
   getAllRichGroupsWithAttributesByNames_Vo_List<String>_policy:
     policy_roles:
       - RESOURCEADMIN: Vo
@@ -2316,6 +2353,20 @@ perun_policies:
     include_policies:
       - default_policy
 
+  filter-getAllRichGroupsWithAttributesByNames_Vo_List<String>_List<String>_List<RoleAssignmentType>_policy:
+    policy_roles:
+      - RESOURCEADMIN: Vo
+      - RESOURCEOBSERVER: Vo
+      - GROUPADMIN: Group
+      - GROUPOBSERVER: Group
+      - GROUPMEMBERSHIPMANAGER: Group
+      - PERUNOBSERVER:
+      - VOOBSERVER: Vo
+      - VOADMIN: Vo
+      - TRUSTEDFACILITYADMIN: Vo
+    include_policies:
+      - default_policy
+
   getRichSubGroupsWithAttributesByNames_Group_List<String>_policy:
     policy_roles:
       - RESOURCEADMIN: Vo
@@ -2372,6 +2423,34 @@ perun_policies:
     include_policies:
       - default_policy
 
+  getAllRichSubGroupsWithAttributesByNames_Group_List<String>_List<String>_List<RoleAssignmentType>_policy:
+    policy_roles:
+      - RESOURCEADMIN: Vo
+      - RESOURCEOBSERVER: Vo
+      - GROUPADMIN: Group
+      - GROUPOBSERVER: Group
+      - GROUPMEMBERSHIPMANAGER: Group
+      - PERUNOBSERVER:
+      - VOOBSERVER: Vo
+      - VOADMIN: Vo
+      - TRUSTEDFACILITYADMIN: Vo
+    include_policies:
+      - default_policy
+
+  filter-getAllRichSubGroupsWithAttributesByNames_Group_List<String>_List<String>_List<RoleAssignmentType>_policy:
+    policy_roles:
+      - RESOURCEADMIN: Vo
+      - RESOURCEOBSERVER: Vo
+      - GROUPADMIN: Group
+      - GROUPOBSERVER: Group
+      - GROUPMEMBERSHIPMANAGER: Group
+      - PERUNOBSERVER:
+      - VOOBSERVER: Vo
+      - VOADMIN: Vo
+      - TRUSTEDFACILITYADMIN: Vo
+    include_policies:
+      - default_policy
+
   getRichGroupByIdWithAttributesByNames_int_List<String>_policy:
     policy_roles:
       - RESOURCEADMIN: Vo

diff --git a/perun-core/src/main/java/cz/metacentrum/perun/core/api/GroupsManager.java b/perun-core/src/main/java/cz/metacentrum/perun/core/api/GroupsManager.java
@@ -1231,8 +1231,29 @@ public interface GroupsManager {
 	 * @throws MemberNotExistsException
 	 * @throws PrivilegeException
 	 */
+	@Deprecated
 	List<RichGroup> getMemberRichGroupsWithAttributesByNames(PerunSession sess, Member member, List<String> attrNames) throws MemberNotExistsException, PrivilegeException;
 
+	/**
+	 * Return all RichGroups for specified member, containing selected attributes filtered by role and its type.
+	 * "members" group is not included.
+	 *
+	 * Supported are attributes from these namespaces:
+	 *  - group
+	 *  - member-group
+	 *
+	 * @param sess internal session
+	 * @param member the member to get the rich groups for
+	 * @param attrNames list of selected attributes from supported namespaces
+	 * @param roles list of selected roles (if empty, then return groups by all roles)
+	 * @param types list of selected types of roles (if empty, then return by roles of all types)
+	 * @return list of rich groups with selected attributes
+	 * @throws InternalErrorException
+	 * @throws MemberNotExistsException
+	 * @throws PrivilegeException
+	 */
+	List<RichGroup> getMemberRichGroupsWithAttributesByNames(PerunSession sess, Member member, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) throws MemberNotExistsException, PrivilegeException;
+
 	/**
 	 * Return all RichGroups containing selected attributes
 	 *
@@ -1243,8 +1264,23 @@ public interface GroupsManager {
 	 * @throws InternalErrorException
 	 * @throws VoNotExistsException
 	 */
+	@Deprecated
 	List<RichGroup> getAllRichGroupsWithAttributesByNames(PerunSession sess, Vo vo, List<String> attrNames) throws VoNotExistsException, PrivilegeException;
 
+	/**
+	 * Return all RichGroups containing selected attributes filtered by role and its type
+	 *
+	 * @param sess perun session
+	 * @param vo vo
+	 * @param attrNames if attrNames is null method will return RichGroups containing all attributes
+	 * @param roles list of selected roles (if empty, then return groups by all roles)
+	 * @param types list of selected types of roles (if empty, then return by roles of all types)
+	 * @return List of RichGroups
+	 * @throws InternalErrorException
+	 * @throws VoNotExistsException
+	 */
+	List<RichGroup> getAllRichGroupsWithAttributesByNames(PerunSession sess, Vo vo, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) throws VoNotExistsException, PrivilegeException;
+
 	/**
 	 * Return RichSubGroups in parentGroup (only 1 level subgroups) containing selected attributes
 	 *
@@ -1267,8 +1303,23 @@ public interface GroupsManager {
 	 * @throws InternalErrorException
 	 * @throws GroupNotExistsException
 	 */
+	@Deprecated
 	List<RichGroup> getAllRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames) throws GroupNotExistsException, PrivilegeException;
 
+	/**
+	 * Return all RichSubGroups in parentGroup (all levels sub groups) containing selected attributes filtered by role and its type,
+	 *
+	 * @param sess perun session
+	 * @param parentGroup parent group
+	 * @param attrNames if attrNames is null method will return RichGroups containing all attributes
+	 * @param roles list of selected roles (if empty, then return groups by all roles)
+	 * @param types list of selected types of roles (if empty, then return by roles of all types)
+	 * @return List of RichGroups
+	 * @throws InternalErrorException
+	 * @throws GroupNotExistsException
+	 */
+	List<RichGroup> getAllRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) throws GroupNotExistsException, PrivilegeException;
+
 	/**
 	 * Return RichGroup selected by id containing selected attributes
 	 *