diff --git a/annotation-service/annotation-web/src/main/resources/config/permissions.yml b/annotation-service/annotation-web/src/main/resources/config/permissions.yml index 8c08495a3..a7b23b9e9 100644 --- a/annotation-service/annotation-web/src/main/resources/config/permissions.yml +++ b/annotation-service/annotation-web/src/main/resources/config/permissions.yml @@ -56,9 +56,6 @@ permissions: BrowseAnnotation: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin entityAffiliated: true clients: [ ] @@ -67,9 +64,6 @@ permissions: NewAnnotation: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin entityAffiliated: true clients: [ ] @@ -78,9 +72,6 @@ permissions: EditAnnotation: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: true @@ -88,9 +79,6 @@ permissions: DeleteAnnotation: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin entityAffiliated: false clients: [ ] diff --git a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java index 133c7d9e6..61b5f6057 100644 --- a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java +++ b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java @@ -9,6 +9,7 @@ import java.util.List; public class AuthorizationProperties { private List globalAdminRoles; + private String adminRole; private String tenantAdminRole; private String globalUserRole; private String tenantUserRole; @@ -24,6 +25,14 @@ public class AuthorizationProperties { this.globalAdminRoles = globalAdminRoles; } + public String getAdminRole() { + return adminRole; + } + + public void setAdminRole(String adminRole) { + this.adminRole = adminRole; + } + public String getTenantAdminRole() { return this.tenantAdminRole; } diff --git a/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java index 282e38962..834c3a259 100644 --- a/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java @@ -185,7 +185,11 @@ public class TenantServiceImpl implements TenantService { item.setId(UUID.randomUUID()); item.setUserId(userId); item.setTenantId(tenant.getId()); - item.setRole(this.authorizationProperties.getTenantAdminRole()); + if (existingItems.stream().filter(x -> x.getUserId().equals(userId) && x.getRole().equals(this.authorizationProperties.getAdminRole())).findFirst().orElse(null) != null){ + item.setRole(this.authorizationProperties.getTenantAdminRole()); // admin + } else { + item.setRole(this.authorizationProperties.getTenantUserRole()); // installation admin + } item.setCreatedAt(Instant.now()); this.entityManager.persist(item); keycloakIdsToAddToTenantGroup.add(userCredential.getExternalId()); diff --git a/backend/web/src/main/resources/config/authorization.yml b/backend/web/src/main/resources/config/authorization.yml index c33ebe758..a91fc9cb9 100644 --- a/backend/web/src/main/resources/config/authorization.yml +++ b/backend/web/src/main/resources/config/authorization.yml @@ -2,6 +2,7 @@ authorization: globalAdminRoles: - Admin - InstallationAdmin + adminRole: Admin tenantAdminRole: TenantAdmin globalUserRole: User tenantUserRole: TenantUser diff --git a/backend/web/src/main/resources/config/permissions.yml b/backend/web/src/main/resources/config/permissions.yml index d36039f84..490367dae 100644 --- a/backend/web/src/main/resources/config/permissions.yml +++ b/backend/web/src/main/resources/config/permissions.yml @@ -6,8 +6,8 @@ permissions: roles: - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor + - TenantPlanManager + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -94,9 +94,6 @@ permissions: BrowseDeposit: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -104,9 +101,6 @@ permissions: EditDeposit: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -120,6 +114,7 @@ permissions: EditNotificationTemplate: roles: - Admin + - TenantAdmin - TenantConfigManager clients: [ ] allowAnonymous: false @@ -127,6 +122,7 @@ permissions: DeleteNotificationTemplate: roles: - Admin + - TenantAdmin - TenantConfigManager claims: [ ] clients: [ ] @@ -164,6 +160,7 @@ permissions: EditLanguage: roles: - Admin + - TenantAdmin - TenantConfigManager clients: [ ] allowAnonymous: false @@ -171,6 +168,7 @@ permissions: DeleteLanguage: roles: - Admin + - TenantAdmin - TenantConfigManager claims: [ ] clients: [ ] @@ -186,9 +184,6 @@ permissions: BrowseDescription: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -202,9 +197,6 @@ permissions: ReviewDescription: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -217,9 +209,6 @@ permissions: EditDescription: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -231,9 +220,6 @@ permissions: FinalizeDescription: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -245,9 +231,6 @@ permissions: DeleteDescription: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -260,9 +243,6 @@ permissions: CloneDescription: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -281,9 +261,6 @@ permissions: BrowseTag: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -291,9 +268,6 @@ permissions: EditTag: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -301,9 +275,6 @@ permissions: DeleteTag: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -314,8 +285,6 @@ permissions: roles: - Admin - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -346,9 +315,6 @@ permissions: BrowseDmpAssociatedUser: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -364,9 +330,7 @@ permissions: BrowseDescriptionTemplateType: roles: - Admin - - InstallationAdmin - TenantPlanManager - - TenantConfigManager - TenantAdmin - TenantUser clients: [ ] @@ -375,6 +339,7 @@ permissions: EditDescriptionTemplateType: roles: - Admin + - TenantAdmin - TenantPlanManager clients: [ ] allowAnonymous: false @@ -382,6 +347,7 @@ permissions: DeleteDescriptionTemplateType: roles: - Admin + - TenantAdmin - TenantPlanManager claims: [ ] clients: [ ] @@ -431,6 +397,7 @@ permissions: EditDescriptionTemplate: roles: - Admin + - TenantAdmin - TenantPlanManager clients: [ ] allowAnonymous: false @@ -438,6 +405,7 @@ permissions: DeleteDescriptionTemplate: roles: - Admin + - TenantAdmin - TenantPlanManager claims: [ ] clients: [ ] @@ -446,6 +414,7 @@ permissions: CloneDescriptionTemplate: roles: - Admin + - TenantAdmin - TenantPlanManager claims: [ ] clients: [ ] @@ -454,6 +423,7 @@ permissions: CreateNewVersionDescriptionTemplate: roles: - Admin + - TenantAdmin - TenantPlanManager claims: [ ] clients: [ ] @@ -462,6 +432,7 @@ permissions: ImportDescriptionTemplate: roles: - Admin + - TenantAdmin - TenantPlanManager claims: [ ] clients: [ ] @@ -470,6 +441,7 @@ permissions: ExportDescriptionTemplate: roles: - Admin + - TenantAdmin - TenantPlanManager claims: [ ] clients: [ ] @@ -479,9 +451,6 @@ permissions: BrowseDmp: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -495,9 +464,6 @@ permissions: EditDmp: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -519,9 +485,6 @@ permissions: DeleteDmp: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -533,9 +496,6 @@ permissions: DepositDmp: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -547,9 +507,6 @@ permissions: CloneDmp: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -567,9 +524,6 @@ permissions: CreateNewVersionDmp: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -581,9 +535,6 @@ permissions: FinalizeDmp: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -595,9 +546,6 @@ permissions: UndoFinalizeDmp: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -609,9 +557,6 @@ permissions: AssignDmpUsers: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -623,9 +568,6 @@ permissions: InviteDmpUsers: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin dmp: roles: @@ -649,6 +591,7 @@ permissions: EditDmpBlueprint: roles: - Admin + - TenantAdmin - TenantPlanManager clients: [ ] allowAnonymous: false @@ -656,6 +599,7 @@ permissions: CloneDmpBlueprint: roles: - Admin + - TenantAdmin - TenantPlanManager clients: [ ] allowAnonymous: false @@ -663,12 +607,14 @@ permissions: CreateNewVersionDmpBlueprint: roles: - Admin + - TenantAdmin - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false ExportDmpBlueprint: roles: + - TenantAdmin - TenantPlanManager - Admin clients: [ ] @@ -677,6 +623,7 @@ permissions: ImportDmpBlueprint: roles: - Admin + - TenantAdmin - TenantPlanManager claims: [ ] clients: [ ] @@ -685,6 +632,7 @@ permissions: DeleteDmpBlueprint: roles: - Admin + - TenantAdmin - TenantPlanManager claims: [ ] clients: [ ] @@ -694,9 +642,6 @@ permissions: BrowseEntityDoi: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -704,9 +649,6 @@ permissions: EditEntityDoi: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -714,9 +656,6 @@ permissions: DeleteEntityDoi: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -728,9 +667,6 @@ permissions: BrowseReference: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -753,9 +689,6 @@ permissions: BrowseDmpReference: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -763,9 +696,6 @@ permissions: EditDmpReference: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -773,9 +703,6 @@ permissions: DeleteDmpReference: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -786,9 +713,6 @@ permissions: BrowseDmpUser: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -796,9 +720,6 @@ permissions: EditDmpUser: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -806,9 +727,6 @@ permissions: DeleteDmpUser: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -824,12 +742,14 @@ permissions: - TenantConfigManager - TenantAdmin - TenantUser + - User clients: [ ] allowAnonymous: yes allowAuthenticated: yes EditSupportiveMaterial: roles: - Admin + - TenantAdmin - TenantConfigManager clients: [ ] allowAnonymous: false @@ -837,6 +757,7 @@ permissions: DeleteSupportiveMaterial: roles: - Admin + - TenantAdmin - TenantConfigManager claims: [ ] clients: [ ] @@ -858,14 +779,14 @@ permissions: EditReferenceType: roles: - Admin - - TenantPlanManager + - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteReferenceType: roles: - Admin - - TenantPlanManager + - TenantAdmin claims: [ ] clients: [ ] allowAnonymous: false @@ -923,9 +844,6 @@ permissions: BrowseDmpDescriptionTemplate: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -933,9 +851,6 @@ permissions: EditDmpDescriptionTemplate: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -943,9 +858,6 @@ permissions: DeleteDmpDescriptionTemplate: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -956,9 +868,6 @@ permissions: BrowseDescriptionReference: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -966,9 +875,6 @@ permissions: EditDescriptionReference: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -976,9 +882,6 @@ permissions: DeleteDescriptionReference: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -989,9 +892,6 @@ permissions: BrowseDescriptionTag: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -999,9 +899,6 @@ permissions: EditDescriptionTag: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -1009,9 +906,6 @@ permissions: DeleteDescriptionTag: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -1046,11 +940,6 @@ permissions: EditLock: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - - TenantAdmin - - TenantUser dmp: roles: - Owner @@ -1063,11 +952,6 @@ permissions: DeleteLock: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - - TenantAdmin - - TenantUser dmp: roles: - Owner @@ -1089,33 +973,21 @@ permissions: BrowseActionConfirmation: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin - - TenantUser clients: [ ] allowAnonymous: false allowAuthenticated: false EditActionConfirmation: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin - - TenantUser clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteActionConfirmation: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin - - TenantUser claims: [ ] clients: [ ] allowAnonymous: false @@ -1153,6 +1025,7 @@ permissions: ViewDescriptionTemplateTypePage: roles: - Admin + - TenantAdmin - TenantPlanManager clients: [ ] allowAnonymous: false @@ -1172,6 +1045,7 @@ permissions: ViewNotificationTemplatePage: roles: - Admin + - TenantAdmin - TenantConfigManager clients: [ ] allowAnonymous: false @@ -1179,6 +1053,7 @@ permissions: ViewSupportiveMaterialPage: roles: - Admin + - TenantAdmin - TenantConfigManager clients: [ ] allowAnonymous: false @@ -1186,6 +1061,7 @@ permissions: ViewLanguagePage: roles: - Admin + - TenantAdmin - TenantConfigManager clients: [ ] allowAnonymous: false @@ -1233,6 +1109,7 @@ permissions: ViewDescriptionTemplatePage: roles: - Admin + - TenantAdmin - TenantPlanManager clients: [ ] allowAnonymous: false @@ -1240,6 +1117,7 @@ permissions: ViewDmpBlueprintPage: roles: - Admin + - TenantAdmin - TenantPlanManager clients: [ ] allowAnonymous: false @@ -1257,9 +1135,6 @@ permissions: ViewMyDescriptionPage: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin - TenantUser clients: [ ] @@ -1268,9 +1143,6 @@ permissions: ViewMyDmpPage: roles: - Admin - - InstallationAdmin - - TenantPlanManager - - TenantConfigManager - TenantAdmin - TenantUser clients: [ ] diff --git a/notification-service/notification-web/src/main/resources/config/permissions.yml b/notification-service/notification-web/src/main/resources/config/permissions.yml index deb2d28e9..2e8452a4a 100644 --- a/notification-service/notification-web/src/main/resources/config/permissions.yml +++ b/notification-service/notification-web/src/main/resources/config/permissions.yml @@ -146,6 +146,7 @@ permissions: ViewNotificationTemplatePage: roles: - Admin + - TenantAdmin - TenantConfigManager clients: [ ] allowAnonymous: false @@ -155,6 +156,7 @@ permissions: BrowseNotificationTemplate: roles: - Admin + - TenantAdmin - TenantConfigManager clients: [ ] allowAnonymous: false @@ -162,6 +164,7 @@ permissions: EditNotificationTemplate: roles: - Admin + - TenantAdmin - TenantConfigManager clients: [ ] allowAnonymous: false @@ -169,6 +172,7 @@ permissions: DeleteNotificationTemplate: roles: - Admin + - TenantAdmin - TenantConfigManager clients: [ ] allowAnonymous: false