MaDgIK
/
dnet-role-management
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update 'Documentation'

Konstantinos Triantafyllou 2021-10-12 09:49:02 +02:00
parent 89d601f909
commit 3b56114a67
1 changed files with 32 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
Documentation.md

@ -18,30 +18,44 @@ ID is any identifier or alias used by OpenAIRE services to identify an entity su
OpenAIRE services are using Spring Security to authenticate users and check their authorities in OpenAIRE entitities. All these services are sharing a Spring Session through a Redis Database, which is created from OpenAIRE Login Services where a user authenticates himself through AAI Single Sign On Service. The Session contains an OIDCAuthenticationToken Object from [MitreId-Connect](https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server).
```
<!-- Mitre -->
<dependency>
<groupId>org.mitre</groupId>
<artifactId>openid-connect-client</artifactId>
<version>1.3.0</version>
<exclusions>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
</exclusions>
</dependency>
```
## Role Management
This service provides 4 controllers with methods to create, assign or revoke roles from users and retrieve information regarding users with a specific Authority. Add session id in a header named "session" in order to use logged in user instead of a user with a specific email. If Authorities' list of a user has been changed, the his active sessions will be updated automatically from this service.
This web service provides 4 controllers with methods to create, assign or revoke roles from users and retrieve information of users with a specific Authority. Add session id in a header named "session" in order to use logged in user instead of a user with a specific email. If Authorities' list of a user has been changed, the his active sessions will be updated automatically from this service.
### Curator Controller ("/curator")
### Admin Controller ("/admin")
Authority format: (TYPE)_(ID)_MANAGER, user must have Authority **(TYPE)_(ID)** in order to acquire this Authority.
| Method | Path | Path Variables | Params | Description
| -------- | -------- | -------- |-------- | -------- |
| DELETE | /{type} | **type**: Type of Entity | **email**: Email of user (optional) | Remove Authority CURATOR_(TYPE) from user(s) with this email or logged in user.
| DELETE | /{type}/{id} | **type**: Type of Entity, **id**: ID of Entity | **email**: Email of user (optional) | Remove Authority (TYPE)_(ID)_MANAGER from user(s) with this email or logged in user, if email isn't provided.
| GET | /{type}/{id} | **type**: Type of Entity, **id**: ID of Entity |**email**: Set to false to hide email information, default: true, **name**: Set to false to hide name information, default: true | Retrieve information of users with Authority (TYPE)_(ID)_MANAGER.
| POST | /{type}/{id} | **type**: Type of Entity, **id**: ID of Entity | **email**: Email of user, **force**: if true and Authority (TYPE)_(ID) doesn't exist or user has not Authority (TYPE)_(ID), the Authority will be created and assigned to user, default: false | Assign Authority (TYPE)_(ID)_MANAGER to user(s) with this email or logged in user, if email isn't provided.
### Curator Controller ("/curator")
Authority format: CURATOR_(TYPE)
| Method | Path | Path Variables | Params | Description
| -------- | -------- | -------- |-------- | -------- |
| DELETE | /{type} | **type**: Type of Entity | **email**: Email of user (optional) | Remove Authority CURATOR_(TYPE) from user(s) with this email or logged in user, if email isn't provided.
| GET | /{type} | **type**: Type of Entity |**email**: Set to false to hide email information, default: true, **name**: Set to false to hide name information, default: true | Retrieve information of users with Authority CURATOR_(TYPE).
| POST | /{type} | **type**: Type of Entity | **email**: Email of user, **force**: if true and Authority CURATOR_(TYPE) doesn't exist, the Authority will be created, default: false | Assign Authority CURATOR_(TYPE) to user(s) with this email or logged in user.
| POST | /{type} | **type**: Type of Entity | **email**: Email of user, **force**: if true and Authority CURATOR_(TYPE) doesn't exist, the Authority will be created, default: false | Assign Authority CURATOR_(TYPE) to user(s) with this email or logged in user, if email isn't provided.
| POST | /{type}/create | **type**: Type of Entity | **description**: Desciption of Authority CURATOR_(TYPE) (optional) | Create Authority CURATOR_(TYPE).
### Member Controller ("/member")
Authority format: (TYPE)_(ID)
| Method | Path | Path Variables | Params | Description
| -------- | -------- | -------- |-------- | -------- |
| DELETE | /{type}/{id} | **type**: Type of Entity, **id**: ID of Entity | **email**: Email of user (optional) | Remove Authority (TYPE)_(ID) from user(s) with this email or logged in user, if email isn't provided.
| GET | /{type}/{id} | **type**: Type of Entity, **id**: ID of Entity |**email**: Set to false to hide email information, default: true, **name**: Set to false to hide name information, default: true | Retrieve information of users with Authority (TYPE)_(ID).
| POST | /{type}/{id} | **type**: Type of Entity, **id**: ID of Entity | **email**: Email of user, **force**: if true and Authority (TYPE)_(ID) doesn't exist, the Authority will be created, default: false | Assign Authority CURATOR_(TYPE) to user(s) with this email or logged in user, if email isn't provided.
| POST | /{type}/{id} /create | **type**: Type of Entity, **id**: ID of Entity | **description**: Desciption of Authority (TYPE)_(ID) (optional) | Create Authority (TYPE)_(ID), along with (TYPE)_(ID)_(MANAGER).
### Super Admin Controller ("/super")
Methods to create other roles, regardless the previous schema.
| POST | /create | - | **name**: Name of Authority **description**: Desciption of Authority (optional) | Create Authority with this name e.g Test Authority will be TEST_AUTHORITY.