Merged in feature/shibui-2003 (pull request #505)

Feature/shibui 2003

backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy

@@ -18,6 +18,7 @@ import edu.internet2.tier.shibboleth.admin.ui.security.model.User
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
 import edu.internet2.tier.shibboleth.admin.util.ModelRepresentationConversions
 
@@ -47,14 +48,17 @@ class DevConfig {
               MetadataResolverRepository metadataResolverRepository,
               RoleRepository roleRepository,
               EntityDescriptorRepository entityDescriptorRepository,
-              OpenSamlObjects openSamlObjects) {
+              OpenSamlObjects openSamlObjects, 
+              IGroupService groupService) {
 
         this.userRepository = adminUserRepository
         this.metadataResolverRepository = metadataResolverRepository
         this.roleRepository = roleRepository
         this.entityDescriptorRepository = entityDescriptorRepository
         this.openSamlObjects = openSamlObjects
         this.groupsRepository = groupsRepository
+
+        groupService.ensureAdminGroupExists()
     }
 
     @Transactional

backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrap.groovy

@@ -6,6 +6,7 @@ import edu.internet2.tier.shibboleth.admin.ui.security.model.Role
 import edu.internet2.tier.shibboleth.admin.ui.security.model.User
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
 import groovy.util.logging.Slf4j
 import org.springframework.boot.context.event.ApplicationStartedEvent
@@ -22,11 +23,12 @@ class UserBootstrap {
     private final RoleRepository roleRepository
     private final UserService userService
 
-    UserBootstrap(ShibUIConfiguration shibUIConfiguration, UserRepository userRepository, RoleRepository roleRepository, UserService userService) {
+    UserBootstrap(ShibUIConfiguration shibUIConfiguration, UserRepository userRepository, RoleRepository roleRepository, UserService userService, IGroupService groupService) {
         this.shibUIConfiguration = shibUIConfiguration
         this.userRepository = userRepository
         this.roleRepository = roleRepository
         this.userService = userService
+        groupService.ensureAdminGroupExists()
     }
 
     @Transactional

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java

@@ -28,8 +28,13 @@
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolversPositionOrderContainerRepository;
 import edu.internet2.tier.shibboleth.admin.ui.scheduled.EntityDescriptorFilesScheduledTasks;
 import edu.internet2.tier.shibboleth.admin.ui.scheduled.MetadataProvidersScheduledTasks;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.listener.GroupUpdatedEntityListener;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.listener.UserUpdatedEntityListener;
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository;
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.OwnershipRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
+import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
 import edu.internet2.tier.shibboleth.admin.ui.service.DefaultMetadataResolversPositionOrderContainerService;
 import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryService;
@@ -201,8 +206,8 @@ public ModelRepresentationConversions modelRepresentationConversions() {
     }
 
     @Bean
-    public UserService userService(RoleRepository roleRepository, UserRepository userRepository) {
-        return new UserService(roleRepository, userRepository);
+    public UserService userService(IGroupService groupService, OwnershipRepository ownershipRepository, RoleRepository roleRepository, UserRepository userRepository) {
+        return new UserService(groupService, ownershipRepository, roleRepository, userRepository);
     }
 
     @Bean
@@ -216,4 +221,18 @@ public EntityDescriptorConversionUtils EntityDescriptorConverstionUtilsInit(Enti
         EntityDescriptorConversionUtils.setOpenSamlObjects(oso);
         return new EntityDescriptorConversionUtils();
     }
+
+    @Bean
+    public GroupUpdatedEntityListener groupUpdatedEntityListener(OwnershipRepository repo) {
+        GroupUpdatedEntityListener listener = new GroupUpdatedEntityListener();
+        listener.init(repo);
+        return listener;
+    }
+
+    @Bean
+    public UserUpdatedEntityListener userUpdatedEntityListener(OwnershipRepository repo, GroupsRepository groupRepo) {
+        UserUpdatedEntityListener listener = new UserUpdatedEntityListener();
+        listener.init(repo, groupRepo);
+        return listener;
+    }
 }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/MigrationTasksContextLoadedListener.java

@@ -0,0 +1,67 @@
+package edu.internet2.tier.shibboleth.admin.ui.configuration.auto;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.ContextRefreshedEvent;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Transactional;
+
+import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.Group;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.Ownership;
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.OwnershipRepository;
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
+import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService;
+import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
+
+/**
+ * After the context loads, do any needed migration tasks
+ */
+@Component
+public class MigrationTasksContextLoadedListener implements ApplicationListener<ContextRefreshedEvent> {
+    @Autowired
+    private EntityDescriptorRepository entityDescriptorRepository;
+
+    @Autowired
+    private IGroupService groupService;
+
+    @Autowired
+    private OwnershipRepository ownershipRepository;
+
+    @Autowired
+    private UserRepository userRepository;
+
+    @Autowired
+    private UserService userService;
+
+    @Override
+    public void onApplicationEvent(ContextRefreshedEvent event) {
+        doshibui_1740_migration(); // do first
+    }
+
+    @Transactional
+    private void doshibui_1740_migration() {
+        groupService.ensureAdminGroupExists();  // do first
+
+        // SHIBUI-1740: Adding admin group to all existing entity descriptors that do not have a group already.
+        // the ADMIN_GROUP has already been setup (just above)
+        try {
+            entityDescriptorRepository.findAllByIdOfOwnerIsNull().forEach(ed -> {
+                ed.setIdOfOwner(Group.ADMIN_GROUP.getOwnerId());
+                ed = entityDescriptorRepository.saveAndFlush(ed);
+                ownershipRepository.saveAndFlush(new Ownership(Group.ADMIN_GROUP, ed));
+            });
+        }
+        catch (NullPointerException e) {
+            // This block was added due to a number of mock test where NPEs happened. Rather than wire more mock junk
+            // into tests that are only trying to compensate for this migration, this is here
+        }
+
+        userRepository.findAll().forEach(user -> {
+            if (user.getGroupId() == null) {
+                userService.save(user); // this will ensure group is set as the default user group
+            }
+        });
+
+    }
+}

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/DangerController.java

@@ -12,6 +12,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.repository.FilterRepository;
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository;
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolversPositionOrderContainerRepository;
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.OwnershipRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService;
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService;
 import lombok.extern.slf4j.Slf4j;
@@ -39,14 +40,17 @@ public class DangerController {
     @Autowired
     private MetadataResolversPositionOrderContainerRepository metadataResolversPositionOrderContainerRepository;
 
+    @Autowired
+    private OwnershipRepository ownershipRepository;
+
     @Transactional
     @GetMapping
     public ResponseEntity<?> wipeOut() {
         edRepo.findAll().forEach(ed -> {
             try {
                 ed.setServiceEnabled(false);
                 edRepo.save(ed);
-                groupService.removeEntityFromGroup(ed);
+                ownershipRepository.deleteEntriesForOwnedObject(ed);
                 entityDescriptorService.delete(ed.getResourceId());
             }
             catch (Throwable e) {

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EntityDescriptor.java

@@ -4,7 +4,8 @@
 import com.google.common.base.MoreObjects;
 import com.google.common.collect.Lists;
 
-import edu.internet2.tier.shibboleth.admin.ui.security.model.Group;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.Ownable;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.OwnableType;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.Setter;
@@ -36,7 +37,7 @@
 @Entity
 @EqualsAndHashCode(callSuper = true)
 @Audited
-public class EntityDescriptor extends AbstractDescriptor implements org.opensaml.saml.saml2.metadata.EntityDescriptor {
+public class EntityDescriptor extends AbstractDescriptor implements org.opensaml.saml.saml2.metadata.EntityDescriptor, Ownable {
     @OneToMany(cascade = CascadeType.ALL)
     @JoinColumn(name = "entitydesc_addlmetdatlocations_id")
     @OrderColumn
@@ -61,18 +62,15 @@ public class EntityDescriptor extends AbstractDescriptor implements org.opensaml
 
     private String entityID;
 
-    @ManyToOne
-    @JoinColumn(name = "group_resource_id")
-    @EqualsAndHashCode.Exclude
-    @Setter
-    @Audited(targetAuditMode = RelationTargetAuditMode.NOT_AUDITED)
-    private Group group;
-
     private String localId;
 
     @OneToOne(cascade = CascadeType.ALL)
     private Organization organization;
 
+    @Getter
+    @Setter
+    private String idOfOwner;
+
     @OneToOne(cascade = CascadeType.ALL)
     @NotAudited
     private PDPDescriptor pdpDescriptor;
@@ -144,10 +142,6 @@ public IDPSSODescriptor getIDPSSODescriptor(String s) {
                 .orElse(null);
     }
 
-    public Group getGroup() {
-        return group == null ? Group.ADMIN_GROUP : group;
-    }
-
     @Transient
     public Optional<SPSSODescriptor> getOptionalSPSSODescriptor() {
         return this.getOptionalSPSSODescriptor("");
@@ -302,4 +296,12 @@ public String toString() {
                 .add("id", id)
                 .toString();
     }
+
+    public String getObjectId() {
+        return entityID;
+    }
+
+    public OwnableType getOwnableType() {
+        return OwnableType.ENTITY_DESCRIPTOR;
+    }
 }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/frontend/EntityDescriptorRepresentation.java

@@ -4,7 +4,6 @@
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
-import edu.internet2.tier.shibboleth.admin.ui.security.model.Group;
 import lombok.Getter;
 import lombok.Setter;
 
@@ -36,7 +35,8 @@ public class EntityDescriptorRepresentation implements Serializable {
     private String entityId;
 
     @Setter
-    private String groupId;
+    @Getter
+    private String idOfOwner;
 
     private String id;
 
@@ -108,10 +108,6 @@ public String getEntityId() {
     public String getId() {
         return id;
     }
-
-    public String getGroupId() {
-        return groupId == null ? Group.ADMIN_GROUP.getResourceId() : groupId;
-    }
 
     public List<LogoutEndpointRepresentation> getLogoutEndpoints() {
         return this.getLogoutEndpoints(false);

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepository.java

@@ -22,16 +22,16 @@ public interface EntityDescriptorRepository extends JpaRepository<EntityDescript
     @Query("select e from EntityDescriptor e")
     Stream<EntityDescriptor> findAllStreamByCustomQuery();
 
+    Stream<EntityDescriptor> findAllStreamByIdOfOwner(String ownerId);
+
     @Query("select e from EntityDescriptor e, User u join u.roles r " +
             "where e.createdBy = u.username and e.serviceEnabled = false and r.name in ('ROLE_USER', 'ROLE_NONE')")
     Stream<EntityDescriptor> findAllDisabledAndNotOwnedByAdmin();
-
-    Stream<EntityDescriptor> findAllStreamByGroup_resourceId(String resourceId);
-
+
     /**
      * SHIBUI-1740 This is here to aid in migration of systems using the SHIBUI prior to group functionality being added
      * @deprecated - this is intended to be removed at some future date and is here only for migration purposes.
      */
     @Deprecated
-    List<EntityDescriptor> findAllByGroupIsNull();
+    List<EntityDescriptor> findAllByIdOfOwnerIsNull();
 }