Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in / Register
  • S Schema
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 23
    • Issues 23
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 12
    • Merge requests 12
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Open Subsurface Data Universe SoftwareOpen Subsurface Data Universe Software
  • Platform
  • System
  • Schema
  • Issues
  • #19
Closed
Open
Issue created Aug 26, 2020 by Rucha Deshpande@deshruchMaintainer4 of 5 checklist items completed4/5 checklist items

[Schema Service] Consistent Entitlement group names using SchemaRole

Status

  • Proposed
  • Trialing
  • Under review
  • Approved
  • Retired

Context & Scope

The schema service currently uses roles defined in a constant file (SchemaConstants.java) in schema-core which uses plural service role names. In the code following is observed:

package org.opengroup.osdu.schema.constants;

public class SchemaConstants {
....
public static final String ENTITLEMENT_SERVICE_GROUP_VIEWERS = "service.schema-service.viewers";
public static final String ENTITLEMENT_SERVICE_GROUP_EDITORS = "service.schema-service.editors";
...
package org.opengroup.osdu.schema.api;
....

@RestController
@RequestMapping("schema")
public class SchemaController {

    @Autowired
    ISchemaService schemaService;

    @PostMapping()
    @PreAuthorize("@authorizationFilter.hasRole('" + SchemaConstants.ENTITLEMENT_SERVICE_GROUP_EDITORS + "')")
   

    @GetMapping("/{id}")
    @PreAuthorize("@authorizationFilter.hasRole('" + SchemaConstants.ENTITLEMENT_SERVICE_GROUP_VIEWERS + "')")
   

Note that SchemaConstants is used for auth.

Decision

A new Role model should be created called SchemaRole in core-common with group names consistent with other services and used to assign privileges.

Sample Code

public final class SchemaRole {
	public static final String VIEWER = "service.schema-service.viewer";
	public static final String EDITOR= "service.schema-service.editor";	
}

Rationale

Each individual core service should have consistency in the group naming convention and where they are defined for maintainability.

Consequences

Need to change Core Common and schema-core

Edited Aug 31, 2020 by ethiraj krishnamanaidu
Assignee
Assign to
Time tracking