diff --git a/drafter/doc/drafter.yml b/drafter/doc/drafter.yml index b39eb7087..b04597198 100644 --- a/drafter/doc/drafter.yml +++ b/drafter/doc/drafter.yml @@ -56,8 +56,9 @@ info: depending on their permissions then choose to make further ammendments, `/publish` or submit the draftset to a new owner. - - `/publish` which can be used by clients with the `draft:publish` - permission to publish a reviewed draftset to the live site. + - `/publish` which can be used by clients with the + `drafter:draft:publish` permission to publish a reviewed draftset to + the live site. - `/claim` which a user must call on Draftset's submitted to them before they can perform any actions upon them. Claiming @@ -859,6 +860,10 @@ parameters: in: query required: false type: string + enum: + - editor + - publisher + - manager submit-user: name: user description: The username of the user to submit the draftset to. @@ -1093,8 +1098,12 @@ definitions: username: type: string description: Username of the user + role: + type: string + description: role of the user (deprecated, but provided for backward compatibility) example: username: user@example.com + role: publisher Endpoint: type: object @@ -1151,6 +1160,13 @@ definitions: claim-permission: type: string description: Only users with this permission can claim this Draftset + claim-role: + type: string + enum: + - editor + - publisher + - manager + description: The required role for users who can claim this Draftset (deprecated, but provided for backward compatibility) claim-user: type: string description: The user who can claim this Draftset diff --git a/drafter/src/drafter/backend/draftset/operations.clj b/drafter/src/drafter/backend/draftset/operations.clj index b5910a3e4..88d467287 100644 --- a/drafter/src/drafter/backend/draftset/operations.clj +++ b/drafter/src/drafter/backend/draftset/operations.clj @@ -221,6 +221,8 @@ :description description :current-owner (some-> owner (user/uri->username)) :claim-permission (keyword permission) + :claim-role (keyword (user/canonical-permission->role + permission)) :claim-user (some-> claimuser (user/uri->username)) :submitted-by (some-> submitter (user/uri->username))}] (merge required-fields (remove (comp nil? second) optional-fields)))) diff --git a/drafter/src/drafter/feature/draftset/submit.clj b/drafter/src/drafter/feature/draftset/submit.clj index d8e665e0e..40e11da6e 100644 --- a/drafter/src/drafter/feature/draftset/submit.clj +++ b/drafter/src/drafter/feature/draftset/submit.clj @@ -31,17 +31,12 @@ (keyword permission)) #(feat-common/draftset-sync-write-response % backend draftset-id))) -;; Maps a role to a permission that that role has, but less privileged roles -;; don't have. -(def role->canonical-permission - {"editor" "drafter:draft:edit" "publisher" "drafter:draft:publish"}) - (defn handler [{:keys [:drafter/manager :drafter.user/repo wrap-as-draftset-owner]}] (wrap-as-draftset-owner :drafter:draft:submit (fn [{{:keys [user permission role draftset-id]} :params owner :identity}] ;; The role parameter is deprecated - (let [permission (or permission (role->canonical-permission role))] + (let [permission (or permission (user/role->canonical-permission role))] (cond (and (some? user) (some? permission)) (unprocessable-entity-response diff --git a/drafter/src/drafter/user.clj b/drafter/src/drafter/user.clj index 0e33955ed..a56dbb7ad 100644 --- a/drafter/src/drafter/user.clj +++ b/drafter/src/drafter/user.clj @@ -1,6 +1,8 @@ (ns drafter.user - (:require [drafter.util :as util] - [integrant.core :as ig]) + (:require + [clojure.set :as set] + [drafter.util :as util] + [integrant.core :as ig]) (:import java.net.URI org.mindrot.jbcrypt.BCrypt)) @@ -34,6 +36,24 @@ :manager (conj (role->permissions :publisher) :drafter:draft:claim:manager) :system (recur :manager))) +(defn ^{:deprecated "For backward compatibility only"} permissions->role + "This is a shim to provide a role in the API when we only have permissions + internally. Deprecated and only to be used for backward compatibility." + [permissions] + (first (filter (fn [role] (set/subset? (role->permissions role) permissions)) + [:manager :publisher :editor :access :norole]))) + +(def ^{:deprecated "For backward compatibility only"} role->canonical-permission + "Maps a role to a permission that that role has, but less privileged roles + don't have. Deprecated, for backward compatibility only." + {"editor" "drafter:draft:edit" + "publisher" "drafter:draft:publish" + "manager" "drafter:draft:claim:manager"}) + +(def ^{:deprecated "For backward compatibility only"} canonical-permission->role + "Deprecated, for backward compatibility only." + (set/map-invert role->canonical-permission)) + (def permission-summary {:drafter:draft:claim "Claim submitted drafts" :drafter:draft:create "Create drafts" @@ -113,8 +133,9 @@ (defn get-summary "Returns a map containing summary information about a user." - [{:keys [email] :as user}] - {:username email}) + [user] + {:username (:email user) + :role (permissions->role (:permissions user))}) (defn has-permission? "Check if a user has a given permission." diff --git a/drafter/test/drafter/feature/draftset/submit_test.clj b/drafter/test/drafter/feature/draftset/submit_test.clj index 32fce9f07..50882706a 100644 --- a/drafter/test/drafter/feature/draftset/submit_test.clj +++ b/drafter/test/drafter/feature/draftset/submit_test.clj @@ -93,11 +93,12 @@ (let [draftset-location (help/create-draftset-through-api handler test-editor) submit-request (help/create-submit-to-permission-request test-editor draftset-location - :drafter:draft:claim) + :drafter:draft:edit) {ds-info :body :as submit-response} (handler submit-request)] (tc/assert-is-ok-response submit-response) (tc/assert-spec ::ds/Draftset ds-info) - + ;; For backward compatibility + (is (= :editor (:claim-role ds-info))) (is (= false (contains? ds-info :current-owner))))) ;; The role parameter is deprecated