Rename role #191

AtlasOfLivingAustralia · Jun 12, 2024 · 1b85662 · 1b85662
1 parent c1659fc
commit 1b85662
Show file tree

Hide file tree

Showing 7 changed files with 18 additions and 18 deletions.
diff --git a/grails-app/controllers/au/org/ala/userdetails/AdminController.groovy b/grails-app/controllers/au/org/ala/userdetails/AdminController.groovy
@@ -34,12 +34,12 @@ class AdminController {
     def profileService
     def authorisedSystemService
 
-    @PreAuthorise(requiredRoles = ["ROLE_ADMIN", "ROLE_BIOSECURITY_ADMIN"])
+    @PreAuthorise(allowedRoles = ["ROLE_ADMIN", "ROLE_USER_CREATOR"])
     def index() {
         def user = userService.currentUser
 
         if (user) {
-            def isBiosecurityAdmin = request.isUserInRole("ROLE_BIOSECURITY_ADMIN")
+            def isBiosecurityAdmin = request.isUserInRole("ROLE_USER_CREATOR")
             [isBiosecurityAdmin: isBiosecurityAdmin]
         } else {
             log.info('my-profile without a user?')

diff --git a/grails-app/controllers/au/org/ala/userdetails/ProfileController.groovy b/grails-app/controllers/au/org/ala/userdetails/ProfileController.groovy
@@ -50,7 +50,7 @@ class ProfileController {
         if (user) {
             def props = user.propsAsMap()
             def isAdmin = request.isUserInRole("ROLE_ADMIN")
-            def isBiosecurityAdmin = request.isUserInRole("ROLE_BIOSECURITY_ADMIN")
+            def isBiosecurityAdmin = request.isUserInRole("ROLE_USER_CREATOR")
             render(view: "myprofile", model: [user: user, props: props, isAdmin: isAdmin, isBiosecurityAdmin: isBiosecurityAdmin])
         } else {
             log.info('my-profile without a user?')

diff --git a/grails-app/controllers/au/org/ala/userdetails/PropertyController.groovy b/grails-app/controllers/au/org/ala/userdetails/PropertyController.groovy
@@ -89,7 +89,7 @@ class PropertyController extends BaseController {
     )
     @Path("getProperty")
     @Produces("application/json")
-    @PreAuthorise(requiredScope = 'users/read', requiredRoles = [])
+    @PreAuthorise(requiredScope = 'users/read', allowedRoles = [])
     def getProperty() {
         String name = params.name
         Long alaId = params.long('alaId')
@@ -166,7 +166,7 @@ class PropertyController extends BaseController {
     )
     @Path("saveProperty")
     @Produces("application/json")
-    @PreAuthorise(requiredScope = 'users/write', requiredRoles = [])
+    @PreAuthorise(requiredScope = 'users/write', allowedRoles = [])
     def saveProperty(){
         String name = params.name;
         String value = params.value;

diff --git a/grails-app/controllers/au/org/ala/userdetails/RoleBasedInterceptor.groovy b/grails-app/controllers/au/org/ala/userdetails/RoleBasedInterceptor.groovy
@@ -42,7 +42,7 @@ class RoleBasedInterceptor {
             PreAuthorise pa = method.getAnnotation(PreAuthorise) ?: controllerClass.getAnnotation(PreAuthorise)
             response.withFormat {
                 json {
-                    if (!authorisedSystemService.isAuthorisedRequest(request, response, pa.requiredRoles(), pa.requiredScope())) {
+                    if (!authorisedSystemService.isAuthorisedRequest(request, response, pa.allowedRoles(), pa.requiredScope())) {
                         log.warn("Denying access to $actionName from remote addr: ${request.remoteAddr}, remote host: ${request.remoteHost}")
                         response.status = HttpStatus.SC_UNAUTHORIZED
                         render(['error': "Unauthorized"] as JSON)
@@ -51,8 +51,8 @@ class RoleBasedInterceptor {
                     }
                 }
                 '*' {
-                    def requiredRoles = pa.requiredRoles()
-                    def inRole = requiredRoles.any { role -> request?.isUserInRole(role) }
+                    def allowedRoles = pa.allowedRoles()
+                    def inRole = allowedRoles.any { role -> request?.isUserInRole(role) }
 
                     if (!inRole) {
                         log.warn("Denying access to $controllerName, $actionName to ${request?.userPrincipal?.name}")

diff --git a/grails-app/controllers/au/org/ala/userdetails/UserController.groovy b/grails-app/controllers/au/org/ala/userdetails/UserController.groovy
@@ -40,13 +40,13 @@ class UserController {
         }
     }
 
-    @PreAuthorise(requiredRoles = ["ROLE_ADMIN", "ROLE_BIOSECURITY_ADMIN"])
+    @PreAuthorise(allowedRoles = ["ROLE_ADMIN", "ROLE_USER_CREATOR"])
     def create() {
-        def isBiosecurityAdmin = request.isUserInRole("ROLE_BIOSECURITY_ADMIN")
+        def isBiosecurityAdmin = request.isUserInRole("ROLE_USER_CREATOR")
         [userInstance: new User(params), isBiosecurityAdmin: isBiosecurityAdmin]
     }
 
-    @PreAuthorise(requiredRoles = ["ROLE_ADMIN", "ROLE_BIOSECURITY_ADMIN"])
+    @PreAuthorise(allowedRoles = ["ROLE_ADMIN", "ROLE_USER_CREATOR"])
     @Transactional
     def save() {
         def userInstance = new User(params)
@@ -63,14 +63,14 @@ class UserController {
         userService.updateProperties(userInstance, params)
         userService.addUserRole(userInstance, "ROLE_USER")
 
-        def isBiosecurityAdmin = request.isUserInRole("ROLE_BIOSECURITY_ADMIN")
+        def isBiosecurityAdmin = request.isUserInRole("ROLE_USER_CREATOR")
 
         flash.message = message(code: 'default.created.message', args: [message(code: 'user.label', default: 'User'), userInstance.id])
         if(!isBiosecurityAdmin) {
             redirect(action: "show", id: userInstance.id)
         }
         else{
-            //ROLE_BIOSECURITY_ADMIN role does not have permission to show(id) action
+            //ROLE_USER_CREATOR role does not have permission to show(id) action
             redirect(controller: "user", action: 'create')
         }
     }

diff --git a/src/main/groovy/au/org/ala/auth/PreAuthorise.groovy b/src/main/groovy/au/org/ala/auth/PreAuthorise.groovy
@@ -34,7 +34,7 @@ public @interface PreAuthorise {
      *  A list of roles that is allowed to access the method. The user must have at least one role to access the method.
      * @return
      */
-    String[] requiredRoles() default ["ROLE_ADMIN"]
+    String[] allowedRoles() default ["ROLE_ADMIN"]
     String redirectController() default "userdetails"
     String redirectAction() default "index"
     String requiredScope() default "users/read"

diff --git a/src/test/groovy/au/org/ala/userdetails/RoleBasedInterceptorSpec.groovy b/src/test/groovy/au/org/ala/userdetails/RoleBasedInterceptorSpec.groovy
@@ -108,10 +108,10 @@ class RoleBasedInterceptorSpec extends UserDetailsSpec implements InterceptorUni
 
     }
 
-    void "ROLE_BIOSECURITY_ADMIN users should not be able to access the user role UI"(String action, boolean result) {
+    void "ROLE_USER_CREATOR users should not be able to access the user role UI"(String action, boolean result) {
 
         setup:
-        request.addUserRole("ROLE_BIOSECURITY_ADMIN")
+        request.addUserRole("ROLE_USER_CREATOR")
 
         when:
         request.setAttribute(GrailsApplicationAttributes.CONTROLLER_NAME_ATTRIBUTE, 'userRole')
@@ -129,10 +129,10 @@ class RoleBasedInterceptorSpec extends UserDetailsSpec implements InterceptorUni
         'deleteRole' | false
     }
 
-    void "ROLE_BIOSECURITY_ADMIN users should be able to access the user UI"(String action, boolean result) {
+    void "ROLE_USER_CREATOR users should be able to access the user UI"(String action, boolean result) {
 
         setup:
-        request.addUserRole("ROLE_BIOSECURITY_ADMIN")
+        request.addUserRole("ROLE_USER_CREATOR")
         controller = new UserController()
         grailsApplication.addArtefact("Controller", UserController)