[Schema Service] Consistent Entitlement group names using SchemaRole
Status
- Proposed
- Trialing
- Under review
- Approved
- Retired
Context & Scope
The schema service currently uses roles defined in a constant file (SchemaConstants.java) in schema-core which uses plural service role names. In the code following is observed:
package org.opengroup.osdu.schema.constants;
public class SchemaConstants {
....
public static final String ENTITLEMENT_SERVICE_GROUP_VIEWERS = "service.schema-service.viewers";
public static final String ENTITLEMENT_SERVICE_GROUP_EDITORS = "service.schema-service.editors";
...
package org.opengroup.osdu.schema.api;
....
@RestController
@RequestMapping("schema")
public class SchemaController {
@Autowired
ISchemaService schemaService;
@PostMapping()
@PreAuthorize("@authorizationFilter.hasRole('" + SchemaConstants.ENTITLEMENT_SERVICE_GROUP_EDITORS + "')")
@GetMapping("/{id}")
@PreAuthorize("@authorizationFilter.hasRole('" + SchemaConstants.ENTITLEMENT_SERVICE_GROUP_VIEWERS + "')")
Note that SchemaConstants is used for auth.
Decision
A new Role model should be created called SchemaRole in core-common with group names consistent with other services and used to assign privileges.
Sample Code
public final class SchemaRole {
public static final String VIEWER = "service.schema-service.viewer";
public static final String EDITOR= "service.schema-service.editor";
}Rationale
Each individual core service should have consistency in the group naming convention and where they are defined for maintainability.
Consequences
Need to change Core Common and schema-core