Skip to content

Commit

Permalink
Merge pull request #630 from Swirrl/role-shim
Browse files Browse the repository at this point in the history 
Role shim
  • Loading branch information
@callum-oakley
callum-oakley authored Aug 15, 2022
2 parents 96b6bda + fddbf97 commit a1cb46b
Show file tree
Hide file tree
Showing 5 changed files with 49 additions and 14 deletions.
20 changes: 18 additions & 2 deletions drafter/doc/drafter.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,9 @@ info:
depending on their permissions then choose to make further ammendments,
`/publish` or submit the draftset to a new owner.
- `/publish` which can be used by clients with the `draft:publish`
permission to publish a reviewed draftset to the live site.
- `/publish` which can be used by clients with the
`drafter:draft:publish` permission to publish a reviewed draftset to
the live site.
- `/claim` which a user must call on Draftset's submitted to
them before they can perform any actions upon them. Claiming
Expand Down Expand Up @@ -859,6 +860,10 @@ parameters:
in: query
required: false
type: string
enum:
- editor
- publisher
- manager
submit-user:
name: user
description: The username of the user to submit the draftset to.
Expand Down Expand Up @@ -1093,8 +1098,12 @@ definitions:
username:
type: string
description: Username of the user
role:
type: string
description: role of the user (deprecated, but provided for backward compatibility)
example:
username: [email protected]
role: publisher

Endpoint:
type: object
Expand Down Expand Up @@ -1151,6 +1160,13 @@ definitions:
claim-permission:
type: string
description: Only users with this permission can claim this Draftset
claim-role:
type: string
enum:
- editor
- publisher
- manager
description: The required role for users who can claim this Draftset (deprecated, but provided for backward compatibility)
claim-user:
type: string
description: The user who can claim this Draftset
Expand Down
2 changes: 2 additions & 0 deletions drafter/src/drafter/backend/draftset/operations.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,8 @@
:description description
:current-owner (some-> owner (user/uri->username))
:claim-permission (keyword permission)
:claim-role (keyword (user/canonical-permission->role
permission))
:claim-user (some-> claimuser (user/uri->username))
:submitted-by (some-> submitter (user/uri->username))}]
(merge required-fields (remove (comp nil? second) optional-fields))))
Expand Down
7 changes: 1 addition & 6 deletions drafter/src/drafter/feature/draftset/submit.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,17 +31,12 @@
(keyword permission))
#(feat-common/draftset-sync-write-response % backend draftset-id)))

;; Maps a role to a permission that that role has, but less privileged roles
;; don't have.
(def role->canonical-permission
{"editor" "drafter:draft:edit" "publisher" "drafter:draft:publish"})

(defn handler
[{:keys [:drafter/manager :drafter.user/repo wrap-as-draftset-owner]}]
(wrap-as-draftset-owner :drafter:draft:submit
(fn [{{:keys [user permission role draftset-id]} :params owner :identity}]
;; The role parameter is deprecated
(let [permission (or permission (role->canonical-permission role))]
(let [permission (or permission (user/role->canonical-permission role))]
(cond
(and (some? user) (some? permission))
(unprocessable-entity-response
Expand Down
29 changes: 25 additions & 4 deletions drafter/src/drafter/user.clj
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
(ns drafter.user
(:require [drafter.util :as util]
[integrant.core :as ig])
(:require
[clojure.set :as set]
[drafter.util :as util]
[integrant.core :as ig])
(:import java.net.URI
org.mindrot.jbcrypt.BCrypt))

Expand Down Expand Up @@ -34,6 +36,24 @@
:manager (conj (role->permissions :publisher) :drafter:draft:claim:manager)
:system (recur :manager)))

(defn ^{:deprecated "For backward compatibility only"} permissions->role
"This is a shim to provide a role in the API when we only have permissions
internally. Deprecated and only to be used for backward compatibility."
[permissions]
(first (filter (fn [role] (set/subset? (role->permissions role) permissions))
[:manager :publisher :editor :access :norole])))

(def ^{:deprecated "For backward compatibility only"} role->canonical-permission
"Maps a role to a permission that that role has, but less privileged roles
don't have. Deprecated, for backward compatibility only."
{"editor" "drafter:draft:edit"
"publisher" "drafter:draft:publish"
"manager" "drafter:draft:claim:manager"})

(def ^{:deprecated "For backward compatibility only"} canonical-permission->role
"Deprecated, for backward compatibility only."
(set/map-invert role->canonical-permission))

(def permission-summary
{:drafter:draft:claim "Claim submitted drafts"
:drafter:draft:create "Create drafts"
Expand Down Expand Up @@ -113,8 +133,9 @@

(defn get-summary
"Returns a map containing summary information about a user."
[{:keys [email] :as user}]
{:username email})
[user]
{:username (:email user)
:role (permissions->role (:permissions user))})

(defn has-permission?
"Check if a user has a given permission."
Expand Down
5 changes: 3 additions & 2 deletions drafter/test/drafter/feature/draftset/submit_test.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,11 +93,12 @@
(let [draftset-location (help/create-draftset-through-api handler test-editor)
submit-request (help/create-submit-to-permission-request test-editor
draftset-location
:drafter:draft:claim)
:drafter:draft:edit)
{ds-info :body :as submit-response} (handler submit-request)]
(tc/assert-is-ok-response submit-response)
(tc/assert-spec ::ds/Draftset ds-info)

;; For backward compatibility
(is (= :editor (:claim-role ds-info)))
(is (= false (contains? ds-info :current-owner)))))

;; The role parameter is deprecated
Expand Down

0 comments on commit a1cb46b

Please sign in to comment.