Skip to content

Commit

Permalink
Merge pull request #1196 from oncokb/feat/add-service-account
Browse files Browse the repository at this point in the history
Revert "Revert "update models to allow creating service user""
  • Loading branch information
bprize15 authored Dec 27, 2024
2 parents f324e34 + d6ce2de commit a8dd72c
Show file tree
Hide file tree
Showing 39 changed files with 1,287 additions and 89 deletions.
4 changes: 4 additions & 0 deletions .jhipster/Token.json
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,10 @@
"fieldName": "renewable",
"fieldType": "Boolean",
"fieldValidateRules": ["required"]
},
{
"fieldName": "name",
"fieldType": "String"
}
],
"changelogDate": "20190823204705",
Expand Down
8 changes: 8 additions & 0 deletions screenshot-test/App.screenshot.js
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,14 @@ function getMockResponse(url) {
body: companyDetails,
};
break;
case `${SERVER_URL}api/companies/service-account/token`:
case `${SERVER_URL}api/companies/1/service-account/token`:
res = {
status: 200,
contentType: 'application/json',
body: companyUserToken,
};
break;
case `${SERVER_URL}api/users/non-company-emails`:
res = {
status: 200,
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion screenshot-test/data/api-account.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"createdDate" : null,
"lastModifiedBy" : "admin",
"lastModifiedDate" : "2019-11-14T11:30:46Z",
"authorities" : [ "ROLE_USER", "ROLE_PREMIUM_USER", "ROLE_ADMIN", "ROLE_API" ]
"authorities" : [ "ROLE_USER", "ROLE_PREMIUM_USER", "ROLE_ADMIN", "ROLE_API", "ROLE_COMPANY_ADMIN" ]
}
1 change: 1 addition & 0 deletions screenshot-test/data/api-company-user-tokens.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
"usageLimit": null,
"currentUsage": 0,
"renewable": true,
"name": "Token",
"user": {
"id": 4,
"login": "user",
Expand Down
2 changes: 2 additions & 0 deletions src/main/java/org/mskcc/cbio/oncokb/config/Constants.java
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ public final class Constants {

public static final String ONCOKB_S3_BUCKET = "oncokb-v2";

public static final int MAX_SERVICE_ACCOUNT_TOKENS = 10;

private Constants() {
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ public void configure(HttpSecurity http) throws Exception {
.antMatchers("/api/v1/v2/api-docs").permitAll()
.antMatchers("/api/private/utils/data/**").hasAnyAuthority(AuthoritiesConstants.DATA_DOWNLOAD)

.antMatchers("/api/v1/annotate/**").hasAnyAuthority(AuthoritiesConstants.API)
.antMatchers("/api/v1/annotate/**").hasAnyAuthority(AuthoritiesConstants.API, AuthoritiesConstants.ROLE_SERVICE_ACCOUNT)

.antMatchers("/api/v1/genes/lookup").hasAnyAuthority(AuthoritiesConstants.PUBLIC_WEBSITE, AuthoritiesConstants.USER, AuthoritiesConstants.ADMIN)
.antMatchers("/api/v1/variants/lookup").hasAnyAuthority(AuthoritiesConstants.PUBLIC_WEBSITE, AuthoritiesConstants.USER, AuthoritiesConstants.ADMIN)
Expand Down Expand Up @@ -135,6 +135,7 @@ public void configure(HttpSecurity http) throws Exception {
.antMatchers("/api/tokens/**").hasAnyAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/api/token-stats/**").hasAnyAuthority(AuthoritiesConstants.ADMIN)

.antMatchers("/api/companies/service-account/token").hasAnyAuthority(AuthoritiesConstants.ROLE_COMPANY_ADMIN)
.antMatchers("/api/companies/**").hasAnyAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/api/company-domains/**").hasAnyAuthority(AuthoritiesConstants.ADMIN)

Expand Down
17 changes: 17 additions & 0 deletions src/main/java/org/mskcc/cbio/oncokb/domain/Token.java
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ public class Token implements Serializable {
@Column(name = "renewable", nullable = false)
private Boolean renewable = true;

@Column(name = "name")
private String name;

@ManyToOne
@JsonIgnoreProperties(value = "tokens", allowSetters = true)
private User user;
Expand Down Expand Up @@ -135,6 +138,19 @@ public void setRenewable(Boolean renewable) {
this.renewable = renewable;
}

public String getName() {
return name;
}

public Token name(String name) {
this.name = name;
return this;
}

public void setName(String name) {
this.name = name;
}

public User getUser() {
return user;
}
Expand Down Expand Up @@ -176,6 +192,7 @@ public String toString() {
", usageLimit=" + getUsageLimit() +
", currentUsage=" + getCurrentUsage() +
", renewable='" + isRenewable() + "'" +
", name='" + getName() + "'" +
"}";
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import org.springframework.data.jpa.repository.EntityGraph;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;
import org.springframework.stereotype.Repository;

import java.util.List;
Expand Down Expand Up @@ -42,7 +43,8 @@ public interface UserRepository extends JpaRepository<User, Long> {
@Cacheable(cacheResolver = "userCacheResolver")
Optional<User> findOneWithAuthoritiesByEmailIgnoreCase(String email);

Page<User> findAllByLoginNot(Pageable pageable, String login);
@Query("select user from User user where :authorityName not in (select authority.name FROM user.authorities authority) and user.login != :login")
List<User> findAllUsersWithoutAuthorityAndLoginNot(@Param("authorityName") String authorityName, @Param("login") String login);

@Query("select user, userDetails from User as user left join UserDetails as userDetails on user.id = userDetails.user WHERE user in ?1")
List<Object[]> findAllUsersWithUserDetailsByUsersIn(List<User> users);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ public final class AuthoritiesConstants {

public static final String API = "ROLE_API";

public static final String ROLE_COMPANY_ADMIN = "ROLE_COMPANY_ADMIN";

public static final String ROLE_SERVICE_ACCOUNT = "ROLE_SERVICE_ACCOUNT";

private AuthoritiesConstants() {
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -80,20 +80,23 @@ private Token getNewToken(Set<Authority> authorities, Optional<Instant> definedE
public Token createTokenForCurrentUserLogin(Optional<Instant> definedExpirationTime, Optional<Boolean> isRenewable) {
Optional<User> userOptional = userRepository.findOneWithAuthoritiesByLogin(SecurityUtils.getCurrentUserLogin().get());
if(userOptional.isPresent()) {
return createToken(userOptional.get(), definedExpirationTime, isRenewable);
return createToken(userOptional.get(), definedExpirationTime, isRenewable, Optional.empty());
}
return null;
}

public Token createToken(User user, Optional<Instant> definedExpirationTime, Optional<Boolean> isRenewable) {
public Token createToken(User user, Optional<Instant> definedExpirationTime, Optional<Boolean> isRenewable, Optional<String> name) {
Token token = getNewToken(user.getAuthorities(), definedExpirationTime, isRenewable);
token.setUser(user);
if (name.isPresent()) {
token.setName(name.get());
}
tokenService.save(token);
return token;
}

public void createToken(Token token){
Token newToken = createToken(token.getUser(), Optional.of(token.getExpiration()), Optional.of(token.isRenewable()));
public void createToken(Token token, Optional<String> name){
Token newToken = createToken(token.getUser(), Optional.of(token.getExpiration()), Optional.of(token.isRenewable()), name);
newToken.setCreation(token.getCreation());
newToken.setCurrentUsage(token.getCurrentUsage());
newToken.setUsageLimit(token.getUsageLimit());
Expand Down
14 changes: 14 additions & 0 deletions src/main/java/org/mskcc/cbio/oncokb/service/CompanyService.java
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
package org.mskcc.cbio.oncokb.service;

import org.mskcc.cbio.oncokb.domain.Token;
import org.mskcc.cbio.oncokb.domain.User;
import org.mskcc.cbio.oncokb.domain.enumeration.LicenseStatus;
import org.mskcc.cbio.oncokb.service.dto.CompanyDTO;
import org.mskcc.cbio.oncokb.service.dto.UserDTO;
import org.mskcc.cbio.oncokb.web.rest.errors.TooManyTokensException;
import org.mskcc.cbio.oncokb.web.rest.vm.CompanyVM;

import java.util.List;
Expand Down Expand Up @@ -58,4 +62,14 @@ public interface CompanyService {
* @param id the id of the entity.
*/
void delete(Long id);

Optional<User> createServiceAccount(Long id);

void deleteServiceAccount(CompanyDTO companyDTO);

Optional<Token> createServiceAccountToken(Long id, String name) throws TooManyTokensException;

Optional<List<Token>> getServiceAccountTokensForCompany(Long id);

Optional<UserDTO> getServiceUserForCompany(Long companyId);
}
Original file line number Diff line number Diff line change
Expand Up @@ -58,11 +58,13 @@ public interface TokenService {

void expireToken(Token token);

void delete(Long id);

/**
* Delete the token and associates its token stats with a new token.
* @param id id of token
*/
void delete(Long id);
void deleteAndAssociateStats(Long id);

/**
* Delete all tokens related to the user
Expand Down
11 changes: 8 additions & 3 deletions src/main/java/org/mskcc/cbio/oncokb/service/UserService.java
Original file line number Diff line number Diff line change
Expand Up @@ -313,7 +313,7 @@ public User registerUser(UserDTO userDTO, String password) {
return newUser;
}

public User createUser(UserDTO userDTO, Optional<Integer> tokenValidDays, Optional<Boolean> tokenIsRenewable) {
public User createUser(UserDTO userDTO, boolean isServiceUser, Optional<Integer> tokenValidDays, Optional<Boolean> tokenIsRenewable) {
User user = new User();
user.setLogin(userDTO.getLogin().toLowerCase());
user.setFirstName(userDTO.getFirstName());
Expand Down Expand Up @@ -355,6 +355,10 @@ public User createUser(UserDTO userDTO, Optional<Integer> tokenValidDays, Option
userDetails.setCompany(companyMapper.toEntity(userDTO.getCompany()));
userDetailsRepository.save(userDetails);

if (isServiceUser) {
log.debug("Created Information for Service User: {}", user);
return user;
}

// Check if the user is a part of licensed company and then continue with approval procedure
if(userDetails.getCompany() != null){
Expand Down Expand Up @@ -534,7 +538,7 @@ public List<UserDTO> findAllUsersWithUserDetailsByUsersIn(List<User> users) {
@Transactional(readOnly = true)
@Cacheable(cacheResolver = "userCacheResolver", key = "#root.methodName")
public Page<UserDTO> getAllManagedUsers(Pageable pageable) {
List<User> users = userRepository.findAllByLoginNot(pageable, Constants.ANONYMOUS_USER).getContent();
List<User> users = userRepository.findAllUsersWithoutAuthorityAndLoginNot(AuthoritiesConstants.ROLE_SERVICE_ACCOUNT, Constants.ANONYMOUS_USER);
List<UserDTO> userDTOs = findAllUsersWithUserDetailsByUsersIn(users);
return new PageImpl<>(userDTOs, pageable, users.size());
}
Expand Down Expand Up @@ -642,7 +646,8 @@ private List<Token> generateTokenForUserIfNotExist(UserDTO userDTO, Optional<Int
Token token = tokenProvider.createToken(
userMapper.userDTOToUser(userDTO),
tokenValidDays.isPresent() ? Optional.of(Instant.now().plusSeconds(DAY_IN_SECONDS * (long) tokenValidDays.get())) : Optional.empty(),
tokenIsRenewable
tokenIsRenewable,
Optional.empty()
);
tokens.add(token);
}
Expand Down
Loading

0 comments on commit a8dd72c

Please sign in to comment.