Merge pull request #175 from gisaia/feat/deleteendpoints

Feat/deleteendpoints

arlas-iam-core/src/main/java/io/arlas/iam/core/AuthService.java

@@ -57,6 +57,7 @@ public interface AuthService {
 
     Role createGroup(User owner, String name, String description, UUID orgId) throws AlreadyExistsException, NotFoundException, NotOwnerException;
     Role updateGroup(User owner, String name, String description, UUID orgId, UUID roleId) throws NotFoundException, NotOwnerException, AlreadyExistsException, ForbiddenActionException;
+    void deleteGroup(User owner, UUID orgId, UUID roleId) throws NotFoundException, NotOwnerException, NotAllowedException;
     List<Role> listGroups(User owner, UUID orgId) throws NotFoundException, NotOwnerException;
     List<Role> listGroups(User owner, UUID orgId, UUID userId) throws NotFoundException, NotOwnerException;
 
@@ -69,6 +70,7 @@ User updateRolesOfUser(User owner, UUID orgId, UUID userId, Set<String> rids)
     Permission createColumnFilter(User user, UUID fromString, List<String> collections, String token) throws ArlasException;
     Permission updatePermission(User owner, UUID orgId, UUID permissionId, String value, String description) throws NotOwnerException, NotFoundException, AlreadyExistsException;
     Permission updateColumnFilter(User owner, UUID orgId, UUID permissionId, List<String> collections, String token) throws ArlasException;
+    void deletePermission(User owner, UUID orgId, UUID permissionId) throws NotFoundException, NotAllowedException, NotOwnerException;
     Set<Permission> listPermissions(User owner, UUID orgId) throws NotOwnerException, NotFoundException;
     List<String> getCollectionsOfColumnFilter(User owner, UUID orgId, UUID permissionId, String token) throws ArlasException;
     Set<Permission> listPermissions(User owner, UUID orgId, UUID userId) throws NotOwnerException, NotFoundException;

arlas-iam-core/src/main/java/io/arlas/iam/core/PermissionDao.java

@@ -5,4 +5,6 @@
 public interface PermissionDao {
 
     Permission createOrUpdatePermission(Permission permission);
+
+    void deletePermission(Permission permission);
 }

arlas-iam-core/src/main/java/io/arlas/iam/core/RoleDao.java

@@ -23,4 +23,6 @@ public interface RoleDao {
     Role removePermissionFromRole(Permission permission, Role role);
 
     List<Role> getSystemRoles();
+
+    void deleteRole(Role role);
 }

arlas-iam-core/src/main/java/io/arlas/iam/impl/HibernateAuthService.java

@@ -730,6 +730,18 @@ public Role updateGroup(User owner, String name, String description, UUID orgId,
         return updateRole(owner, TechnicalRoles.getNewDashboardGroupRole(org.getName(), name), description, orgId, roleId);
     }
 
+    @Override
+    public void deleteGroup(User owner, UUID orgId, UUID roleId) throws NotFoundException, NotOwnerException, NotAllowedException {
+        var org = getOrganisation(owner, orgId);
+        var group = getRole(org, roleId);
+        if (group.isTechnical()) {
+            throw new NotAllowedException("Group is technical and cannot be deleted.");
+        } else {
+            roleDao.deleteRole(group);
+            // cascade deletion is set, so it is also removed from associated users
+        }
+    }
+
     @Override
     public List<Role> listGroups(User owner, UUID orgId) throws NotOwnerException, NotFoundException {
         return listRoles(owner, orgId).stream().filter(Role::isGroup).toList();
@@ -907,6 +919,18 @@ public Permission updateColumnFilter(User owner, UUID orgId, UUID permissionId,
         return updatePermission(owner, orgId, permissionId, value, String.join(" ", collections));
     }
 
+    @Override
+    public void deletePermission(User owner, UUID orgId, UUID permissionId) throws NotFoundException, NotAllowedException, NotOwnerException {
+        var org = getOrganisation(owner, orgId);
+        var permission = getPermission(org, permissionId);
+        if (permission.getRoles().stream().anyMatch(Role::isTechnical)) {
+            throw new NotAllowedException("Permission of a technical role/group cannot be deleted.");
+        } else {
+            permissionDao.deletePermission(permission);
+            // cascade deletion is set, so it is also removed associated from roles/groups
+        }
+    }
+
     @Override
     public Role addPermissionToRole(User owner, UUID orgId, UUID roleId, UUID permissionId) throws NotFoundException, NotOwnerException {
         var org = getOrganisation(owner, orgId);

arlas-iam-core/src/main/java/io/arlas/iam/impl/HibernatePermissionDao.java

@@ -14,4 +14,9 @@ public HibernatePermissionDao(SessionFactory sessionFactory) {
     public Permission createOrUpdatePermission(Permission permission) {
         return persist(permission);
     }
+
+    @Override
+    public void deletePermission(Permission permission) {
+        currentSession().remove(permission);
+    }
 }

arlas-iam-core/src/main/java/io/arlas/iam/impl/HibernateRoleDao.java

@@ -61,4 +61,10 @@ public List<Role> getSystemRoles() {
                 .setParameter("system", Boolean.TRUE)
                 .list();
     }
+
+    @Override
+    public void deleteRole(Role role) {
+        currentSession().remove(role);
+    }
+
 }

arlas-iam-rest/src/main/java/io/arlas/iam/rest/service/IAMRestService.java

@@ -1513,6 +1513,46 @@ public Response updateGroupInOrganisation(
         return response;
     }
 
+    @Timed
+    @Path("organisations/{oid}/groups/{rid}")
+    @DELETE
+    @Produces(UTF8JSON)
+    @Consumes(UTF8JSON)
+    @Operation(
+            security = @SecurityRequirement(name = "JWT"),
+            summary = "Delete a group from an organisation"
+    )
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "202", description = "Successful operation",
+                    content = @Content(schema = @Schema(implementation = ArlasMessage.class))),
+            @ApiResponse(responseCode = "400", description = "Bad request",
+                    content = @Content(schema = @Schema(implementation = Error.class))),
+            @ApiResponse(responseCode = "404", description = "Organisation or role not found.",
+                    content = @Content(schema = @Schema(implementation = Error.class))),
+            @ApiResponse(responseCode = "500", description = "Arlas Error.",
+                    content = @Content(schema = @Schema(implementation = Error.class)))})
+
+    @UnitOfWork
+    public Response deleteGroupInOrganisation(
+            @Context UriInfo uriInfo,
+            @Context HttpHeaders headers,
+            @Context HttpServletRequest request,
+
+            @Parameter(name = "oid", required = true)
+            @PathParam(value = "oid") String oid,
+
+            @Parameter(name = "rid", required = true)
+            @PathParam(value = "rid") String rid
+
+    ) throws NotFoundException, NotOwnerException, NotAllowedException {
+        authService.deleteGroup(getUser(headers), UUID.fromString(oid), UUID.fromString(rid));
+        logUAM(request, headers,  oid, "organisations", String.format("delete-group (rid=%s)", rid));
+        return Response.accepted(uriInfo.getRequestUriBuilder().build())
+                .entity(new ArlasMessage("Group deleted."))
+                .type(MediaType.APPLICATION_JSON_TYPE)
+                .build();
+    }
+
     @Timed
     @Path("organisations/{oid}/groups")
     @GET
@@ -1803,6 +1843,44 @@ public Response updatePermission(
         return response;
     }
 
+    @Timed
+    @Path("organisations/{oid}/permissions/{pid}")
+    @DELETE
+    @Produces(UTF8JSON)
+    @Consumes(UTF8JSON)
+    @Operation(
+            security = @SecurityRequirement(name = "JWT"),
+            summary = "Delete a permission"
+    )
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "202", description = "Successful operation",
+                    content = @Content(schema = @Schema(implementation = ArlasMessage.class))),
+            @ApiResponse(responseCode = "404", description = "Organisation or permission not found.",
+                    content = @Content(schema = @Schema(implementation = Error.class))),
+            @ApiResponse(responseCode = "500", description = "Arlas Error.",
+                    content = @Content(schema = @Schema(implementation = Error.class)))})
+
+    @UnitOfWork
+    public Response deletePermission(
+            @Context UriInfo uriInfo,
+            @Context HttpHeaders headers,
+            @Context HttpServletRequest request,
+
+            @Parameter(name = "oid", required = true)
+            @PathParam(value = "oid") String oid,
+
+            @Parameter(name = "pid", required = true)
+            @PathParam(value = "pid") String pid
+
+    ) throws NotFoundException, NotOwnerException, NotAllowedException {
+        authService.deletePermission(getUser(headers), UUID.fromString(oid), UUID.fromString(pid));
+        logUAM(request, headers,  oid, "organisations", String.format("delete-permission (pid=%s)", pid));
+        return Response.accepted(uriInfo.getRequestUriBuilder().build())
+                .entity(new ArlasMessage("Permission deleted."))
+                .type(MediaType.APPLICATION_JSON_TYPE)
+                .build();
+    }
+
     @Timed
     @Path("organisations/{oid}/permissions/columnfilter/{pid}")
     @PUT

arlas-iam-tests/src/test/java/io/arlas/iam/test/AuthEndpoints.java

@@ -48,6 +48,7 @@ public class AuthEndpoints {
     protected static String token2;
     protected static String tokenAdmin;
     protected static String groupId1;
+    protected static String groupPublicId;
     protected static String apiKeyUUID;
     protected static String apiKeyId;
     protected static String apiKeySecret;
@@ -357,6 +358,16 @@ protected Response listGroups(String actingId, String userId) {
                 .get(arlasAppPath.concat("organisations/{oid}/users/{uid}/groups"));
     }
 
+    protected Response deleteGroup(String groupId) {
+        return given()
+                .header(AUTH_HEADER, getToken(userId1))
+                .header(ARLAS_ORG_FILTER, ORG)
+                .pathParam("oid", orgId)
+                .pathParam("rid", groupId)
+                .contentType("application/json")
+                .delete(arlasAppPath.concat("organisations/{oid}/groups/{rid}"));
+    }
+
     protected Response listGroups() {
         return given()
                 .header(AUTH_HEADER, getToken(userId1))
@@ -445,6 +456,16 @@ protected Response updatePermission(String actingId, String pid, String pvalue,
                 .put(arlasAppPath.concat("organisations/{oid}/permissions/{pid}"));
     }
 
+    protected Response deletePermission(String actingId, String pid) {
+        return given()
+                .header(AUTH_HEADER, getToken(actingId))
+                .header(ARLAS_ORG_FILTER, ORG)
+                .pathParam("oid", orgId)
+                .pathParam("pid", pid)
+                .contentType("application/json")
+                .delete(arlasAppPath.concat("organisations/{oid}/permissions/{pid}"));
+    }
+
     protected Response addPermissionToRole(String actingId, String rid, String pid) {
         return given()
                 .header(AUTH_HEADER, getToken(actingId))

arlas-iam-tests/src/test/java/io/arlas/iam/test/AuthITUser.java

@@ -133,6 +133,8 @@ public void test030CreateOwnDomainOrganisation() {
         getUser(userId1).then().statusCode(200)
                 .body("organisations", hasSize(2))
                 .body("organisations[1].name", equalTo(ORG));
+
+        groupPublicId = listGroups().then().extract().jsonPath().get("[0].id");
     }
 
     @Test
@@ -321,6 +323,20 @@ public void test067UpdatePermissionsOfRole() {
                 .body("", hasSize(1));
     }
 
+    @Test
+    public void test068DeletePermission() {
+        String pid = addPermission(userId1, "pdelete", "permission to be deleted").then().statusCode(201)
+                .body("value", equalTo("pdelete"))
+                .body("description", equalTo("permission to be deleted"))
+                .extract().jsonPath().get("id");
+        addPermissionToRole(userId1, fooRoleId1, pid).then().statusCode(201);
+        listPermissionsOfRole(userId1, fooRoleId1).then().statusCode(200)
+                .body("", hasSize(2));
+        deletePermission(userId1, pid).then().statusCode(202);
+        listPermissionsOfRole(userId1, fooRoleId1).then().statusCode(200)
+                .body("", hasSize(1));
+    }
+
     @Test
     public void test070AddGroup() {
         groupId1 = addGroup(userId1, GRP1, GRP1_DESC).then().statusCode(201)
@@ -356,6 +372,26 @@ public void test074AddGroupToUser() {
                 .body("", hasSize(1));
     }
 
+    @Test
+    public void test075DeleteGroup() {
+        String gid = addGroup(userId1, "gdelete", "group to be deleted").then().statusCode(201)
+                .body("name", equalTo("gdelete"))
+                .body("description", equalTo("group to be deleted"))
+                .extract().jsonPath().get("id");
+        addRoleToUser(userId1, userId2, gid).then().statusCode(201)
+                .body("roles", hasSize(10));
+        listGroups(userId1, userId2).then().statusCode(200)
+                .body("", hasSize(2));
+        deleteGroup(gid).then().statusCode(202);
+        listGroups(userId1, userId2).then().statusCode(200)
+                .body("", hasSize(1));
+    }
+
+    @Test
+    public void test075DeleteTechnicalGroup() {
+        deleteGroup(groupPublicId).then().statusCode(400);
+    }
+
     @Test
     public void test081AddForbiddenOrg() {
         addForbiddenOrg("gisaia.com").then().statusCode(201)

docker/docker-files/Dockerfile

@@ -17,7 +17,7 @@ RUN mvn install \
 ###################
 # PACKAGING STAGE #
 ###################
-FROM gisaia/arlas-openjdk-17-distroless:20240503100632
+FROM gisaia/arlas-openjdk-17-distroless:20240505183515
 
 # application placed into /opt/app
 WORKDIR /opt/app

docker/docker-files/Dockerfile-package-only

@@ -1,7 +1,7 @@
 ###################
 # PACKAGING STAGE #
 ###################
-FROM gisaia/arlas-openjdk-17-distroless:20240503100632
+FROM gisaia/arlas-openjdk-17-distroless:20240505183515
 
 # application placed into /opt/app
 WORKDIR /opt/app

pom.xml

@@ -36,7 +36,7 @@
         <maven.compiler.version>3.10.1</maven.compiler.version>
         <maven.shade.version>3.2.4</maven.shade.version>
 
-        <arlas.version>25.0.0-beta.6</arlas.version>
+        <arlas.version>25.0.0-rc.2</arlas.version>
         <dropwizard.version>4.0.7</dropwizard.version>
         <!-- required until we move to jakarta namespace:update with dropwizard 6: -->
         <servlet-api.version>5.0.2</servlet-api.version>