From 2b0511f684a495585d369e2c57eac3ff9fd7ab01 Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Wed, 14 Jul 2021 12:11:30 -0700
Subject: [PATCH 01/24] SHIBUI-1844

Added controller for roles
---
 .../ui/exception/EntityNotFoundException.java |  7 ++
 .../security/controller/RolesController.java  | 65 +++++++++++++++++++
 .../controller/RolesExceptionHandler.java     | 38 +++++++++++
 .../exception/RoleDeleteException.java        |  7 ++
 .../RoleExistsConflictException.java          |  9 +++
 .../admin/ui/security/model/Role.java         | 39 ++++++-----
 .../security/repository/RoleRepository.java   |  4 ++
 .../ui/security/service/IRolesService.java    | 22 +++++++
 .../ui/security/service/RolesServiceImpl.java | 62 ++++++++++++++++++
 9 files changed, 236 insertions(+), 17 deletions(-)
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesExceptionHandler.java
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/exception/RoleDeleteException.java
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/exception/RoleExistsConflictException.java
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IRolesService.java
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/RolesServiceImpl.java

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java
new file mode 100644
index 000000000..4d0009523
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java
@@ -0,0 +1,7 @@
+package edu.internet2.tier.shibboleth.admin.ui.exception;
+
+public class EntityNotFoundException extends Exception {
+    public EntityNotFoundException(String message) {
+        super(message);
+    }
+}
\ No newline at end of file
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java
new file mode 100644
index 000000000..12cfe7025
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java
@@ -0,0 +1,65 @@
+package edu.internet2.tier.shibboleth.admin.ui.security.controller;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException;
+import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleDeleteException;
+import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleExistsConflictException;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.Role;
+import edu.internet2.tier.shibboleth.admin.ui.security.service.IRolesService;
+
+@RestController
+@RequestMapping("/api/admin/roles")
+public class RolesController {
+    @Autowired
+    private IRolesService rolesService;
+
+    @Secured("ROLE_ADMIN")
+    @PostMapping
+    @Transactional
+    public ResponseEntity<?> create(@RequestBody Role role) throws RoleExistsConflictException {
+        Role result = rolesService.createRole(role);
+        return ResponseEntity.status(HttpStatus.CREATED).body(result);
+    }
+
+    @Secured("ROLE_ADMIN")
+    @DeleteMapping("/{resourceId}")
+    @Transactional
+    public ResponseEntity<?> delete(@PathVariable String resourceId) throws EntityNotFoundException, RoleDeleteException {
+        rolesService.deleteDefinition(resourceId);
+        return ResponseEntity.noContent().build();
+    }
+
+    @GetMapping
+    @Transactional(readOnly = true)
+    public ResponseEntity<?> getAll() {
+        return ResponseEntity.ok(rolesService.findAll());
+    }
+
+    @GetMapping("/{resourceId}")
+    @Transactional(readOnly = true)
+    public ResponseEntity<?> getOne(@PathVariable String resourceId) throws EntityNotFoundException {
+        Role role = rolesService.findByResourceId(resourceId);
+        return ResponseEntity.ok(role);
+    }
+
+    @Secured("ROLE_ADMIN")
+    @PutMapping
+    @Transactional
+    public ResponseEntity<?> update(@RequestBody Role role) throws EntityNotFoundException {
+        Role result = rolesService.updateRole(role);
+        return ResponseEntity.ok(result);
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesExceptionHandler.java
new file mode 100644
index 000000000..e4b840f1a
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesExceptionHandler.java
@@ -0,0 +1,38 @@
+package edu.internet2.tier.shibboleth.admin.ui.security.controller;
+
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.context.request.WebRequest;
+import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
+import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
+
+import edu.internet2.tier.shibboleth.admin.ui.controller.ErrorResponse;
+import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException;
+import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleDeleteException;
+import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleExistsConflictException;
+
+@ControllerAdvice(assignableTypes = {RolesController.class})
+public class RolesExceptionHandler extends ResponseEntityExceptionHandler {
+    
+    @ExceptionHandler({ EntityNotFoundException.class })
+    public ResponseEntity<?> handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) {
+        return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage()));
+    }
+    
+    @ExceptionHandler({ RoleDeleteException.class })
+    public ResponseEntity<?> handleForbiddenAccess(RoleDeleteException e, WebRequest request) {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setLocation(ServletUriComponentsBuilder.fromCurrentServletMapping().path("/api/admin/role/{resourceId}").build().toUri());
+        return ResponseEntity.status(HttpStatus.CONFLICT).headers(headers)
+                        .body(new ErrorResponse(String.valueOf(HttpStatus.CONFLICT.value()), e.getMessage()));
+
+    }
+    
+    @ExceptionHandler({RoleExistsConflictException.class})
+    public ResponseEntity<?> handleRoleExistsConflictException(RoleExistsConflictException e, WebRequest request) {
+        return ResponseEntity.status(HttpStatus.CONFLICT).body(new ErrorResponse(HttpStatus.CONFLICT, e.getMessage()));
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/exception/RoleDeleteException.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/exception/RoleDeleteException.java
new file mode 100644
index 000000000..a7a35ab4f
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/exception/RoleDeleteException.java
@@ -0,0 +1,7 @@
+package edu.internet2.tier.shibboleth.admin.ui.security.exception;
+
+public class RoleDeleteException extends Exception {
+    public RoleDeleteException(String message) {
+        super(message);
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/exception/RoleExistsConflictException.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/exception/RoleExistsConflictException.java
new file mode 100644
index 000000000..f5364c6ff
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/exception/RoleExistsConflictException.java
@@ -0,0 +1,9 @@
+package edu.internet2.tier.shibboleth.admin.ui.security.exception;
+
+public class RoleExistsConflictException extends Exception {
+
+    public RoleExistsConflictException(String message) {
+        super(message);
+    }
+
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/Role.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/Role.java
index 64792774d..63484618d 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/Role.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/Role.java
@@ -1,6 +1,16 @@
 package edu.internet2.tier.shibboleth.admin.ui.security.model;
 
+import java.util.HashSet;
+import java.util.Set;
+import java.util.UUID;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.ManyToMany;
+
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+
 import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractAuditable;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
@@ -8,14 +18,6 @@
 import lombok.Setter;
 import lombok.ToString;
 
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.ManyToMany;
-import java.util.HashSet;
-import java.util.Set;
-
 /**
  * Models a basic administrative role concept in the system.
  *
@@ -29,24 +31,27 @@
 @ToString(exclude = "users")
 public class Role extends AbstractAuditable {
 
-    public Role(String name) {
-        this.name = name;
-    }
-
-    public Role(String name, int rank) {
-        this.name = name;
-        this.rank = rank;
-    }
-
     @Column(unique = true)
     private String name;
 
     @Column(name = "ROLE_RANK")
     private int rank;
 
+    @Column(name = "resource_id")
+    String resourceId = UUID.randomUUID().toString();
+
     //Ignore properties annotation here is to prevent stack overflow recursive error during JSON serialization
     @JsonIgnoreProperties("roles")
     @ManyToMany(mappedBy = "roles", fetch = FetchType.LAZY)
     private Set<User> users = new HashSet<>();
 
+    public Role(String name) {
+        this.name = name;
+    }
+    
+    public Role(String name, int rank) {
+        this.name = name;
+        this.rank = rank;
+    }
+
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/repository/RoleRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/repository/RoleRepository.java
index 120f2938e..fb77d0e9d 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/repository/RoleRepository.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/repository/RoleRepository.java
@@ -12,5 +12,9 @@
  */
 public interface RoleRepository extends JpaRepository<Role, Long> {
 
+    void deleteByResourceId(String resourceId);
+
     Optional<Role> findByName(final String name);
+
+    Optional<Role> findByResourceId(String resourceId);
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IRolesService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IRolesService.java
new file mode 100644
index 000000000..26653d241
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IRolesService.java
@@ -0,0 +1,22 @@
+package edu.internet2.tier.shibboleth.admin.ui.security.service;
+
+import java.util.List;
+
+import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException;
+import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleDeleteException;
+import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleExistsConflictException;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.Role;
+
+public interface IRolesService {
+
+    Role createRole(Role role) throws RoleExistsConflictException;
+
+    Role updateRole(Role role) throws EntityNotFoundException;
+
+    List<Role> findAll();
+
+    Role findByResourceId(String resourceId) throws EntityNotFoundException;
+
+    void deleteDefinition(String resourceId) throws EntityNotFoundException, RoleDeleteException;
+
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/RolesServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/RolesServiceImpl.java
new file mode 100644
index 000000000..cfbe57fb0
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/RolesServiceImpl.java
@@ -0,0 +1,62 @@
+package edu.internet2.tier.shibboleth.admin.ui.security.service;
+
+import java.util.List;
+import java.util.Optional;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException;
+import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleDeleteException;
+import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleExistsConflictException;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.Role;
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
+
+@Service
+public class RolesServiceImpl implements IRolesService {
+    @Autowired
+    private RoleRepository roleRepository;
+    
+    @Override
+    public Role createRole(Role role) throws RoleExistsConflictException {
+        Optional<Role> found = roleRepository.findByName(role.getName());
+        // If already defined, we don't want to create a new one, nor do we want this call update the definition
+        if (found.isPresent()) {
+            throw new RoleExistsConflictException(
+                            String.format("Call update (PUT) to modify the role with name: [%s]", role.getName()));
+        }
+        return roleRepository.save(role);
+    }
+
+    @Override
+    public void deleteDefinition(String resourceId) throws EntityNotFoundException, RoleDeleteException {
+        Optional<Role> found = roleRepository.findByResourceId(resourceId);
+        if (found.isPresent() && !found.get().getUsers().isEmpty()) {
+            throw new RoleDeleteException(String.format("Unable to delete role with resource id: [%s] - remove role from all users first", resourceId));
+        }
+        roleRepository.deleteByResourceId(resourceId);        
+    }
+
+    @Override
+    public List<Role> findAll() {
+        return roleRepository.findAll();
+    }
+
+    @Override
+    public Role findByResourceId(String resourceId) throws EntityNotFoundException {
+        Optional<Role> found = roleRepository.findByResourceId(resourceId);
+        if (found.isEmpty()) {
+            throw new EntityNotFoundException(String.format("Unable to find role with resource id: [%s]", resourceId));
+        }
+        return found.get();
+    }
+
+    @Override
+    public Role updateRole(Role role) throws EntityNotFoundException {
+        Optional<Role> found = roleRepository.findByName(role.getName());
+        if (found.isEmpty()) {
+            throw new EntityNotFoundException(String.format("Unable to find role with name: [%s]", role.getName()));
+        }
+        return roleRepository.save(role);
+    }
+}

From 5b043981651f8f88d832da956f5524a17752daad Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Thu, 22 Jul 2021 15:27:53 -0700
Subject: [PATCH 02/24] Separated enabled functionality

---
 .../main/resources/i18n/messages.properties   |  2 +
 ui/src/app/admin/container/MetadataActions.js | 45 +++++++++++
 ui/src/app/admin/container/SourcesActions.js  | 31 --------
 ui/src/app/dashboard/view/ActionsTab.js       |  9 ++-
 ui/src/app/dashboard/view/ProvidersTab.js     | 23 ++++--
 ui/src/app/dashboard/view/SourcesTab.js       | 14 +++-
 ui/src/app/metadata/Metadata.js               |  4 +-
 .../app/metadata/component/MetadataHeader.js  |  2 +-
 .../EntityAttributesFilterDefinition.js       |  1 -
 .../definition/NameIdFilterDefinition.js      |  1 -
 .../domain/provider/component/ProviderList.js | 31 ++++++--
 .../DynamicHttpMetadataProviderDefinition.js  |  5 +-
 ...ileBackedHttpMetadataProviderDefinition.js | 11 +--
 .../FileSystemMetadataProviderDefinition.js   | 12 +--
 .../LocalDynamicMetadataProviderDefinition.js | 12 +--
 .../domain/source/component/SourceList.js     | 74 ++++++++++---------
 .../source/definition/SourceDefinition.js     | 10 +--
 ui/src/app/metadata/hoc/MetadataSelector.js   |  5 +-
 ui/src/app/metadata/view/MetadataOptions.js   | 57 ++++++++++----
 ui/src/app/metadata/view/MetadataWizard.js    | 37 +++++++++-
 .../metadata/wizard/MetadataProviderWizard.js | 48 ++----------
 .../metadata/wizard/MetadataSourceWizard.js   | 33 +--------
 .../app/metadata/wizard/MetadataWizardForm.js |  2 +-
 23 files changed, 248 insertions(+), 221 deletions(-)
 create mode 100644 ui/src/app/admin/container/MetadataActions.js
 delete mode 100644 ui/src/app/admin/container/SourcesActions.js

diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties
index ee6ab56ed..1c103c695 100644
--- a/backend/src/main/resources/i18n/messages.properties
+++ b/backend/src/main/resources/i18n/messages.properties
@@ -63,6 +63,8 @@ action.advanced=Advanced
 action.add-new-attribute=Add new attribute
 action.add-attribute=Add Attribute
 action.custom-entity-attributes=Custom Entity Attributes
+action.enable=Enable
+action.disable=Disable
 
 value.enabled=Enabled
 value.disabled=Disabled
diff --git a/ui/src/app/admin/container/MetadataActions.js b/ui/src/app/admin/container/MetadataActions.js
new file mode 100644
index 000000000..80f43d56a
--- /dev/null
+++ b/ui/src/app/admin/container/MetadataActions.js
@@ -0,0 +1,45 @@
+import React from 'react';
+import { DeleteConfirmation } from '../../metadata/component/DeleteConfirmation';
+import { useMetadataEntity } from '../../metadata/hooks/api';
+
+import { NotificationContext, createNotificationAction } from '../../notifications/hoc/Notifications';
+
+export function MetadataActions ({type, children}) {
+
+    const { dispatch } = React.useContext(NotificationContext);
+
+    const { del, put, response } = useMetadataEntity(type, {
+        cachePolicy: 'no-cache'
+    });
+
+    async function enableEntity(entity, enabled, cb = () => {}) {
+        await put(`/${type === 'source' ? entity.id : entity.resourceId}`, {
+            ...entity,
+            [type === 'source' ? 'serviceEnabled' : 'enabled']: enabled
+        });
+        if (response.ok) {
+            dispatch(createNotificationAction(
+                `Metadata ${type} has been ${enabled ? 'enabled' : 'disabled'}.`
+            ));
+            cb();
+        }
+    }
+
+    async function deleteEntity(id, cb = () => {}) {
+        await del(`/${id}`);
+        if (response.ok) {
+            dispatch(createNotificationAction(
+                `Metadata ${type} has been deleted.`
+            ));
+            cb();
+        }
+    }
+
+    return (
+        <DeleteConfirmation title={`message.delete-${type}-title`} body={`message.delete-${type}-body`}>
+            {(block) =>
+                <>{children(enableEntity, (id, cb) => block(() => deleteEntity(id, cb)))}</>
+            }
+        </DeleteConfirmation>
+    );
+}
\ No newline at end of file
diff --git a/ui/src/app/admin/container/SourcesActions.js b/ui/src/app/admin/container/SourcesActions.js
deleted file mode 100644
index 1d7316735..000000000
--- a/ui/src/app/admin/container/SourcesActions.js
+++ /dev/null
@@ -1,31 +0,0 @@
-import React from 'react';
-import SourceList from '../../metadata/domain/source/component/SourceList';
-import { useMetadataEntity } from '../../metadata/hooks/api';
-
-import { NotificationContext, createNotificationAction } from '../../notifications/hoc/Notifications';
-
-export function SourcesActions ({sources, reloadSources}) {
-
-    const { dispatch } = React.useContext(NotificationContext);
-
-    const { put, response } = useMetadataEntity('source', {
-        cachePolicy: 'no-cache'
-    });
-
-    async function enableSource(source) {
-        await put(`/${source.id}`, {
-            ...source,
-            serviceEnabled: true
-        });
-        if (response.ok) {
-            dispatch(createNotificationAction(
-                `Metadata Source has been enabled.`
-            ));
-            reloadSources();
-        }
-    }
-
-    return (
-        <SourceList entities={sources} onDelete={ reloadSources } onEnable={ enableSource } />
-    );
-}
\ No newline at end of file
diff --git a/ui/src/app/dashboard/view/ActionsTab.js b/ui/src/app/dashboard/view/ActionsTab.js
index 76d1ff592..30bc9e371 100644
--- a/ui/src/app/dashboard/view/ActionsTab.js
+++ b/ui/src/app/dashboard/view/ActionsTab.js
@@ -1,8 +1,9 @@
 import React from 'react';
-import { SourcesActions } from '../../admin/container/SourcesActions';
+import { MetadataActions } from '../../admin/container/MetadataActions';
 import UserActions from '../../admin/container/UserActions';
 
 import Translate from '../../i18n/components/translate';
+import SourceList from '../../metadata/domain/source/component/SourceList';
 
 export function ActionsTab({ sources, users, reloadSources, reloadUsers }) {
 
@@ -18,7 +19,11 @@ export function ActionsTab({ sources, users, reloadSources, reloadUsers }) {
                         </div>
                     </div>
                     <div className="p-3">
-                        <SourcesActions sources={sources} reloadSources={reloadSources} />
+                        <MetadataActions type="source">
+                            {(enable) =>
+                                <SourceList entities={sources} onDelete={reloadSources} onEnable={(s, e) => enable(s, e, reloadSources)} />
+                            }
+                        </MetadataActions>
                     </div>
                 </div>
             </section>
diff --git a/ui/src/app/dashboard/view/ProvidersTab.js b/ui/src/app/dashboard/view/ProvidersTab.js
index 123e54f41..023a7f78a 100644
--- a/ui/src/app/dashboard/view/ProvidersTab.js
+++ b/ui/src/app/dashboard/view/ProvidersTab.js
@@ -7,7 +7,7 @@ import {Search} from '../component/Search';
 import { Ordered } from '../component/Ordered';
 import { useIsAdmin } from '../../core/user/UserContext';
 import Alert from 'react-bootstrap/Alert';
-
+import { MetadataActions } from '../../admin/container/MetadataActions';
 const searchProps = ['name', '@type', 'createdBy'];
 
 export function ProvidersTab () {
@@ -44,13 +44,20 @@ export function ProvidersTab () {
                         <Ordered entities={providers} prop="resourceIds">
                             {(ordered, first, last, onOrderUp, onOrderDown) =>
                             <Search entities={ordered} searchable={searchProps}>
-                                {(searched) => <ProviderList
-                                    entities={searched}
-                                    reorder={providers.length === searched.length}
-                                    first={first}
-                                    last={last}
-                                    onOrderUp={onOrderUp}
-                                    onOrderDown={onOrderDown}></ProviderList>}
+                                {(searched) =>
+                                <MetadataActions type="provider">
+                                    {(enable) =>
+                                        <ProviderList
+                                            entities={searched}
+                                            reorder={providers.length === searched.length}
+                                            first={first}
+                                            last={last}
+                                            onEnable={(p, e) => enable(p, e, loadProviders)}
+                                            onOrderUp={onOrderUp}
+                                            onOrderDown={onOrderDown}></ProviderList>
+                                    }
+                                </MetadataActions>
+                                }
                             </Search>
                             }
                         </Ordered>
diff --git a/ui/src/app/dashboard/view/SourcesTab.js b/ui/src/app/dashboard/view/SourcesTab.js
index 852ec221a..b40a94aa9 100644
--- a/ui/src/app/dashboard/view/SourcesTab.js
+++ b/ui/src/app/dashboard/view/SourcesTab.js
@@ -1,4 +1,5 @@
 import React from 'react';
+import { MetadataActions } from '../../admin/container/MetadataActions';
 import Translate from '../../i18n/components/translate';
 
 import SourceList from '../../metadata/domain/source/component/SourceList';
@@ -22,8 +23,6 @@ export function SourcesTab () {
         }
     }
 
-    const updateSources = () => loadSources();
-
     /*eslint-disable react-hooks/exhaustive-deps*/
     React.useEffect(() => { loadSources() }, []);
 
@@ -37,7 +36,16 @@ export function SourcesTab () {
                 </div>
                 <div className="p-3">
                     <Search entities={sources} searchable={searchProps}>
-                        {(searched) => <SourceList entities={ searched } onDelete={ updateSources }></SourceList>}
+                        {(searched) =>
+                            <MetadataActions type="source">
+                                {(enable, remove) => 
+                                    <SourceList
+                                        entities={sources}
+                                        onDelete={(id) => remove(id, loadSources)}
+                                        onEnable={(s, e) => enable(s, e, loadSources) } />
+                                }
+                            </MetadataActions>
+                        }
                     </Search>
                 </div>
             </div>
diff --git a/ui/src/app/metadata/Metadata.js b/ui/src/app/metadata/Metadata.js
index 0d1e38b07..9fb70ad44 100644
--- a/ui/src/app/metadata/Metadata.js
+++ b/ui/src/app/metadata/Metadata.js
@@ -20,13 +20,13 @@ export function Metadata () {
     return (
         <>
             <MetadataSelector>
-                {(entity) =>
+                {(entity, reload) =>
                 <MetadataXmlLoader>
                     <MetadataSchema type={entity['@type'] ? entity['@type'] : 'source'}>
                         <Switch>
                             <Route path={`${path}/configuration/options`} render={ () =>
                                 <MetadataDetail>
-                                    <MetadataOptions></MetadataOptions>
+                                    <MetadataOptions reload={reload}></MetadataOptions>
                                 </MetadataDetail>
                             } />
                             <Route path={`${path}/configuration/xml`} render={() =>
diff --git a/ui/src/app/metadata/component/MetadataHeader.js b/ui/src/app/metadata/component/MetadataHeader.js
index d8a2baa85..e9cd62aea 100644
--- a/ui/src/app/metadata/component/MetadataHeader.js
+++ b/ui/src/app/metadata/component/MetadataHeader.js
@@ -8,7 +8,7 @@ export function MetadataHeader ({ model, current = true, enabled = true, childre
         <div className="card enabled-status" {...props}>
             <div className="card-body">
                 <div className="d-flex justify-content-between">
-                    <h5 className="card-title version-title">
+                    <h5 className="card-title version-title flex-grow-1">
                         <Translate value="label.saved">Saved</Translate>:&nbsp;
                         <span className="save-date">
                             <FormattedDate date={model.modifiedDate} time={true} />
diff --git a/ui/src/app/metadata/domain/filter/definition/EntityAttributesFilterDefinition.js b/ui/src/app/metadata/domain/filter/definition/EntityAttributesFilterDefinition.js
index aab3adb4d..3260f79a1 100644
--- a/ui/src/app/metadata/domain/filter/definition/EntityAttributesFilterDefinition.js
+++ b/ui/src/app/metadata/domain/filter/definition/EntityAttributesFilterDefinition.js
@@ -100,7 +100,6 @@ export const EntityAttributesFilterEditor= {
                 'name',
                 '@type',
                 'resourceId',
-                'filterEnabled',
                 'entityAttributesFilterTarget'
             ]
         },
diff --git a/ui/src/app/metadata/domain/filter/definition/NameIdFilterDefinition.js b/ui/src/app/metadata/domain/filter/definition/NameIdFilterDefinition.js
index e4abd17eb..aa575cefd 100644
--- a/ui/src/app/metadata/domain/filter/definition/NameIdFilterDefinition.js
+++ b/ui/src/app/metadata/domain/filter/definition/NameIdFilterDefinition.js
@@ -66,7 +66,6 @@ export const NameIDFilterEditor = {
             index: 1,
             fields: [
                 'name',
-                'filterEnabled',
                 '@type',
                 'resourceId',
                 'nameIdFormatFilterTarget'
diff --git a/ui/src/app/metadata/domain/provider/component/ProviderList.js b/ui/src/app/metadata/domain/provider/component/ProviderList.js
index 86e0d83ea..4cd26c2b9 100644
--- a/ui/src/app/metadata/domain/provider/component/ProviderList.js
+++ b/ui/src/app/metadata/domain/provider/component/ProviderList.js
@@ -2,14 +2,21 @@ import React from 'react';
 import { Link } from 'react-router-dom';
 import Badge from 'react-bootstrap/Badge';
 import Button from 'react-bootstrap/Button';
+import Form from 'react-bootstrap/Form';
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
 import { faChevronCircleDown, faChevronCircleUp } from '@fortawesome/free-solid-svg-icons';
 
 import FormattedDate from '../../../../core/components/FormattedDate';
 import Translate from '../../../../i18n/components/translate';
 import { Scroller } from '../../../../dashboard/component/Scroller';
+import { useIsAdmin } from '../../../../core/user/UserContext';
+import { useTranslator } from '../../../../i18n/hooks';
+
+export function ProviderList({ entities, reorder = true, first, last, onEnable, onOrderUp, onOrderDown }) {
+
+    const isAdmin = useIsAdmin();
+    const translator = useTranslator();
 
-export function ProviderList({ entities, reorder = true, first, last, onOrderUp, onOrderDown }) {
     return (
         <Scroller entities={entities}>
         {(limited) => <div className="table-responsive mt-3 provider-list!">
@@ -61,10 +68,24 @@ export function ProviderList({ entities, reorder = true, first, last, onOrderUp,
                             <td className="align-middle">{ provider['@type'] }</td>
                             <td className="align-middle">{ provider.createdBy }</td>
                             <td className="align-middle"><FormattedDate date={provider.createdDate} /></td>
-                            <td className="text-right align-middle">
-                                <Badge variant={provider.enabled ? 'success' : 'danger'}>
-                                    <Translate value={provider.enabled ? 'value.enabled' : 'value.disabled'}></Translate>
-                                </Badge>
+                            <td className="">
+                                <span className="d-flex justify-content-end">
+                                {onEnable && isAdmin ?
+                                    <Form.Check
+                                        size="lg"
+                                        type="switch"
+                                        id="custom-switch"
+                                        aria-label={translator(provider.enabled ? 'label.disable' : 'label.enable')}
+                                        onChange={({ target: { checked } }) => onEnable(provider, checked)}
+                                        checked={provider.enabled}
+                                    >
+                                    </Form.Check>
+                                    :
+                                    <Badge variant={provider.enabled ? 'success' : 'danger'}>
+                                        <Translate value={provider.enabnled ? 'value.enabled' : 'value.disabled'}></Translate>
+                                    </Badge>
+                                }
+                                </span>
                             </td>
                         </tr>
                     )}
diff --git a/ui/src/app/metadata/domain/provider/definition/DynamicHttpMetadataProviderDefinition.js b/ui/src/app/metadata/domain/provider/definition/DynamicHttpMetadataProviderDefinition.js
index 87ed3bb31..58bb0002b 100644
--- a/ui/src/app/metadata/domain/provider/definition/DynamicHttpMetadataProviderDefinition.js
+++ b/ui/src/app/metadata/domain/provider/definition/DynamicHttpMetadataProviderDefinition.js
@@ -61,9 +61,7 @@ export const DynamicHttpMetadataProviderWizard = {
             label: 'label.finished',
             index: 5,
             initialValues: [],
-            fields: [
-                'enabled'
-            ]
+            fields: []
         }
     ],
     uiSchema: defaultsDeep({
@@ -191,7 +189,6 @@ export const DynamicHttpMetadataProviderEditor = {
                 '@type',
                 'xmlId',
                 'metadataRequestURLConstructionScheme',
-                'enabled',
                 'requireValidMetadata',
                 'failFastInitialization'
             ]
diff --git a/ui/src/app/metadata/domain/provider/definition/FileBackedHttpMetadataProviderDefinition.js b/ui/src/app/metadata/domain/provider/definition/FileBackedHttpMetadataProviderDefinition.js
index 5d2d8e009..4d7146c98 100644
--- a/ui/src/app/metadata/domain/provider/definition/FileBackedHttpMetadataProviderDefinition.js
+++ b/ui/src/app/metadata/domain/provider/definition/FileBackedHttpMetadataProviderDefinition.js
@@ -52,9 +52,7 @@ export const FileBackedHttpMetadataProviderWizard = {
             label: 'label.finished',
             index: 5,
             initialValues: [],
-            fields: [
-                'enabled'
-            ]
+            fields: []
         }
     ],
     uiSchema: defaultsDeep({
@@ -68,12 +66,6 @@ export const FileBackedHttpMetadataProviderWizard = {
                         '@type'
                     ]
                 },
-                {
-                    size: 8,
-                    fields: [
-                        'enabled'
-                    ]
-                },
                 {
                     size: 8,
                     fields: [
@@ -181,7 +173,6 @@ export const FileBackedHttpMetadataProviderEditor = {
             fields: [
                 'name',
                 '@type',
-                'enabled',
                 'xmlId',
                 'metadataURL',
                 'initializeFromBackupFile',
diff --git a/ui/src/app/metadata/domain/provider/definition/FileSystemMetadataProviderDefinition.js b/ui/src/app/metadata/domain/provider/definition/FileSystemMetadataProviderDefinition.js
index 8738ffad2..57d3447af 100644
--- a/ui/src/app/metadata/domain/provider/definition/FileSystemMetadataProviderDefinition.js
+++ b/ui/src/app/metadata/domain/provider/definition/FileSystemMetadataProviderDefinition.js
@@ -35,9 +35,7 @@ export const FileSystemMetadataProviderWizard = {
             label: 'label.finished',
             index: 4,
             initialValues: [],
-            fields: [
-                'enabled'
-            ]
+            fields: []
         }
     ],
     uiSchema: defaultsDeep({
@@ -51,12 +49,6 @@ export const FileSystemMetadataProviderWizard = {
                         '@type'
                     ]
                 },
-                {
-                    size: 8,
-                    fields: [
-                        'enabled'
-                    ]
-                },
                 {
                     size: 8,
                     fields: [
@@ -115,7 +107,6 @@ export const FileSystemMetadataProviderEditor = {
                 'xmlId',
                 '@type',
                 'metadataFile',
-                'enabled',
                 'doInitialization'
             ],
             override: {
@@ -140,7 +131,6 @@ export const FileSystemMetadataProviderEditor = {
                     type: 'group-lg',
                     class: ['col-12'],
                     fields: [
-                        'enabled',
                         'xmlId',
                         'metadataFile',
                         'doInitialization'
diff --git a/ui/src/app/metadata/domain/provider/definition/LocalDynamicMetadataProviderDefinition.js b/ui/src/app/metadata/domain/provider/definition/LocalDynamicMetadataProviderDefinition.js
index 339c0c606..eea5d3541 100644
--- a/ui/src/app/metadata/domain/provider/definition/LocalDynamicMetadataProviderDefinition.js
+++ b/ui/src/app/metadata/domain/provider/definition/LocalDynamicMetadataProviderDefinition.js
@@ -35,9 +35,7 @@ export const LocalDynamicMetadataProviderWizard = {
             label: 'label.finished',
             index: 4,
             initialValues: [],
-            fields: [
-                'enabled'
-            ]
+            fields: []
         }
     ],
     uiSchema: defaultsDeep({
@@ -51,12 +49,6 @@ export const LocalDynamicMetadataProviderWizard = {
                         '@type'
                     ]
                 },
-                {
-                    size: 8,
-                    fields: [
-                        'enabled'
-                    ]
-                },
                 {
                     size: 8,
                     fields: [
@@ -125,7 +117,6 @@ export const LocalDynamicMetadataProviderEditor = {
             fields: [
                 'name',
                 '@type',
-                'enabled',
                 'xmlId',
                 'sourceDirectory',
             ],
@@ -150,7 +141,6 @@ export const LocalDynamicMetadataProviderEditor = {
                     type: 'group-lg',
                     class: ['col-12'],
                     fields: [
-                        'enabled',
                         'xmlId',
                         'sourceDirectory',
                     ]
diff --git a/ui/src/app/metadata/domain/source/component/SourceList.js b/ui/src/app/metadata/domain/source/component/SourceList.js
index 41e2c7adb..04ea8f983 100644
--- a/ui/src/app/metadata/domain/source/component/SourceList.js
+++ b/ui/src/app/metadata/domain/source/component/SourceList.js
@@ -3,24 +3,27 @@ import { Link } from 'react-router-dom';
 import Badge from 'react-bootstrap/Badge';
 import Popover from 'react-bootstrap/Popover';
 import Button from 'react-bootstrap/Button';
+import Form from 'react-bootstrap/Form';
 import OverlayTrigger from 'react-bootstrap/OverlayTrigger';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faTrash, faCheck } from '@fortawesome/free-solid-svg-icons';
+import { faTrash } from '@fortawesome/free-solid-svg-icons';
 
 import FormattedDate from '../../../../core/components/FormattedDate';
 import Translate from '../../../../i18n/components/translate';
 import { Scroller } from '../../../../dashboard/component/Scroller';
-import { DeleteSourceConfirmation } from './DeleteSourceConfirmation';
+import { useTranslator } from '../../../../i18n/hooks';
+import { useIsAdmin } from '../../../../core/user/UserContext';
 
 export default function SourceList({ entities, onDelete, onEnable }) {
+
+    const translator = useTranslator();
+    const isAdmin = useIsAdmin();
+
     return (
-        <DeleteSourceConfirmation>
-            {(onDeleteSource) =>
-            <Scroller entities={entities}>
+        <Scroller entities={entities}>
             {(limited) =>
                 <div className="table-responsive mt-3 source-list">
-                    
                     <table className="table table-striped w-100 table-hover">
                         <thead>
                             <tr>
@@ -29,7 +32,7 @@ export default function SourceList({ entities, onDelete, onEnable }) {
                                 <th className="w-15"><Translate value="label.author">Author</Translate></th>
                                 <th className="w-15"><Translate value="label.creation-date">Created Date</Translate></th>
                                 <th className="text-center w-15"><Translate value="label.enabled">Enabled</Translate></th>
-                                {onDeleteSource && <th className="w-auto"></th>}
+                                {onDelete && <th className="w-auto"></th>}
                             </tr>
                         </thead>
                         <tbody>
@@ -46,39 +49,40 @@ export default function SourceList({ entities, onDelete, onEnable }) {
                                     </td>
                                     <td><FormattedDate date={source.createdDate} /></td>
                                     <td className="text-center">
-                                        {onEnable ?
-                                            <Button
-                                                variant="success"
-                                                size="sm"
-                                                onClick={() => onEnable(source)}
-                                                aria-label="Enable this service provider">
-                                                <Translate value={ source.enabled ? 'label.disable' : 'label.enable' }>Disable</Translate>
-                                                {!source.enabled && <>&nbsp;<FontAwesomeIcon icon={faCheck} size="lg" /></> }
-                                            </Button>
-                                            :
-                                            <Badge variant={source.serviceEnabled ? 'success' : 'danger'}>
-                                                <Translate value={source.serviceEnabled ? 'value.enabled' : 'value.disabled'}></Translate>
-                                            </Badge>
-                                        }
+                                        <span className="d-flex justify-content-center">
+                                            {onEnable && isAdmin ?
+                                                <Form.Check
+                                                    type="switch"
+                                                    id="custom-switch"
+                                                    size="lg"
+                                                    aria-label={translator(source.serviceEnabled ? 'label.disable' : 'label.enable')}
+                                                    onChange={({ target: { checked } }) => onEnable(source, checked)}
+                                                    checked={source.serviceEnabled}
+                                                >
+                                                </Form.Check>
+                                                :
+                                                <Badge variant={source.serviceEnabled ? 'success' : 'danger'}>
+                                                    <Translate value={source.serviceEnabled ? 'value.enabled' : 'value.disabled'}></Translate>
+                                                </Badge>
+                                            }
+                                        </span>
                                     </td>
-                                    
-                                        
-                                    {onDeleteSource && <td className="text-right">
+                                    {onDelete && <td className="text-right">
                                         <OverlayTrigger trigger={source.serviceEnabled ? ['hover', 'focus'] : []} placement="left"
                                             overlay={
                                                 <Popover id={`delete-source-btn-${idx}`}>
                                                     <Popover.Content>A metadata source must be disabled before it can be deleted.</Popover.Content>
                                                 </Popover>
                                             }>
-                                                <span className="d-inline-block">
-                                                    <Button variant="danger" size="sm"
-                                                        type="button"
-                                                        disabled={source.serviceEnabled}
-                                                        onClick={() => onDeleteSource(source.id, onDelete)}>
-                                                        <span className="sr-only">Delete</span>
-                                                        <FontAwesomeIcon icon={faTrash} />
-                                                    </Button>
-                                                </span>
+                                            <span className="d-inline-block">
+                                                <Button variant="danger" size="sm"
+                                                    type="button"
+                                                    disabled={source.serviceEnabled}
+                                                    onClick={() => onDelete(source.id, onDelete)}>
+                                                    <span className="sr-only">Delete</span>
+                                                    <FontAwesomeIcon icon={faTrash} />
+                                                </Button>
+                                            </span>
                                         </OverlayTrigger>
                                     </td>}
                                 </tr>
@@ -87,8 +91,6 @@ export default function SourceList({ entities, onDelete, onEnable }) {
                     </table>
                 </div>
             }
-            </Scroller>
-            }
-        </DeleteSourceConfirmation>
+        </Scroller>
     );
 }
diff --git a/ui/src/app/metadata/domain/source/definition/SourceDefinition.js b/ui/src/app/metadata/domain/source/definition/SourceDefinition.js
index bc11108ee..6f7276255 100644
--- a/ui/src/app/metadata/domain/source/definition/SourceDefinition.js
+++ b/ui/src/app/metadata/domain/source/definition/SourceDefinition.js
@@ -89,7 +89,6 @@ export const SourceBase = {
                     fields: [
                         'serviceProviderName',
                         'entityId',
-                        'serviceEnabled',
                         'organization'
                     ]
                 },
@@ -291,7 +290,6 @@ export const SourceEditor = {
             fields: [
                 'serviceProviderName',
                 'entityId',
-                'serviceEnabled',
                 'organization',
                 'contacts'
             ]
@@ -424,9 +422,7 @@ export const SourceWizard = {
                 },
                 {
                     size: 6,
-                    fields: [
-                        'serviceEnabled'
-                    ]
+                    fields: []
                 }
             ]
         }
@@ -510,9 +506,7 @@ export const SourceWizard = {
             index: 10,
             id: 'summary',
             label: 'label.finished',
-            fields: [
-                'serviceEnabled'
-            ]
+            fields: []
         }
     ]
 }
\ No newline at end of file
diff --git a/ui/src/app/metadata/hoc/MetadataSelector.js b/ui/src/app/metadata/hoc/MetadataSelector.js
index 7d7155066..fd37ed2c3 100644
--- a/ui/src/app/metadata/hoc/MetadataSelector.js
+++ b/ui/src/app/metadata/hoc/MetadataSelector.js
@@ -31,6 +31,9 @@ export function MetadataSelector({ children, ...props }) {
             setMetadata(source);
         }
     }
+
+    const reload = () => loadMetadata(id);
+
     React.useEffect(() => { loadMetadata(id) }, [id]);
 
     return (
@@ -38,7 +41,7 @@ export function MetadataSelector({ children, ...props }) {
         {type &&
             <MetadataTypeContext.Provider value={type}>
                 {metadata && metadata.version &&
-                    <MetadataObjectContext.Provider value={metadata}>{children(metadata)}</MetadataObjectContext.Provider>
+                    <MetadataObjectContext.Provider value={metadata}>{children(metadata, reload)}</MetadataObjectContext.Provider>
                 }
             </MetadataTypeContext.Provider>
         }
diff --git a/ui/src/app/metadata/view/MetadataOptions.js b/ui/src/app/metadata/view/MetadataOptions.js
index 93011229a..04242016d 100644
--- a/ui/src/app/metadata/view/MetadataOptions.js
+++ b/ui/src/app/metadata/view/MetadataOptions.js
@@ -1,5 +1,5 @@
 import React from 'react';
-import { faArrowDown, faArrowUp, faHistory, faPlus, faTrash } from '@fortawesome/free-solid-svg-icons';
+import { faArrowDown, faArrowUp, faHistory, faPlus, faToggleOff, faToggleOn, faTrash } from '@fortawesome/free-solid-svg-icons';
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
 import { Link, useHistory, useParams } from 'react-router-dom';
 import Button from 'react-bootstrap/Button';
@@ -14,14 +14,14 @@ import { MetadataDefinitionContext, MetadataSchemaContext } from '../hoc/Metadat
 
 import { useMetadataConfiguration } from '../hooks/configuration';
 import { MetadataViewToggle } from '../component/MetadataViewToggle';
-import { DeleteSourceConfirmation } from '../domain/source/component/DeleteSourceConfirmation';
+import { MetadataActions } from '../../admin/container/MetadataActions';
 import { MetadataFilters } from '../domain/filter/component/MetadataFilters';
 import { MetadataFilterConfigurationList } from '../domain/filter/component/MetadataFilterConfigurationList';
 import { MetadataFilterTypes } from '../domain/filter';
 import { useMetadataSchema } from '../hooks/schema';
 import { FilterableProviders } from '../domain/provider';
 
-export function MetadataOptions () {
+export function MetadataOptions ({reload}) {
 
     const metadata = React.useContext(MetadataObjectContext);
     const definition = React.useContext(MetadataDefinitionContext);
@@ -49,9 +49,11 @@ export function MetadataOptions () {
 
     const canFilter = FilterableProviders.indexOf(definition.type) > -1;
 
+    const enabled = type === 'source' ? metadata.serviceEnabled : metadata.enabled;
+
     return (
-        <DeleteSourceConfirmation>
-            {(onDeleteSource) =>
+        <MetadataActions type={type}>
+            {(enable, remove) =>
             <>
             <h2 className="mb-4" id="header">
                 <Translate value={`label.${type}-configuration`}>[{type}] configuration</Translate>
@@ -61,14 +63,41 @@ export function MetadataOptions () {
                     current={true}
                     enabled={type === 'source' ? metadata.serviceEnabled : metadata.enabled}
                     model={metadata}>
-                    {type === 'source' && onDeleteSource &&
-                        <Button className="btn btn-outline btn-sm btn-danger align-self-start"
-                            disabled={metadata.serviceEnabled}
-                            onClick={() => onDeleteSource(metadata.id, redirectOnDelete)}>
-                            <Translate value="action.delete" />
-                            <FontAwesomeIcon icon={faTrash} className="ml-2" />
-                        </Button>
-                    }
+                    <div className="d-flex align-items-start btn-group">
+                        {/*enable &&
+                            <Form.Check
+                                type="switch"
+                                inline="true"
+                                id="custom-switch"
+                                className="mr-2"
+                                size="lg"
+                                label={translator((type === 'source' ? metadata.serviceEnabled : metadata.enabled) ? 'label.disable' : 'label.enable')}
+                                aria-label={translator((type === 'source' ? metadata.serviceEnabled : metadata.enabled) ? 'label.disable' : 'label.enable')}
+                                onChange={({ target: { checked } }) => enable(metadata, checked, reload)}
+                                checked={(type === 'source' ? metadata.serviceEnabled : metadata.enabled)}
+                            >
+                            </Form.Check>
+                        */}
+                        {enable &&
+                                    <Button variant={enabled ? 'outline-secondary' : 'outline-secondary' } size="sm" className=""
+                                onClick={() => enable(metadata, !enabled, reload)}>
+                                    <span className=" mr-1">
+                                        <Translate value={enabled ? 'label.disable' : 'label.enable'} />
+                                    </span>
+                                    <FontAwesomeIcon size="lg" icon={enabled ? faToggleOn : faToggleOff} />
+                            </Button>
+                        }
+                        {type === 'source' && remove &&
+                            <Button
+                                size="sm"
+                                variant={ 'danger' }
+                                disabled={enabled}
+                                onClick={() => remove(metadata.id, redirectOnDelete)}>
+                                <Translate value="action.delete" />
+                                <FontAwesomeIcon icon={faTrash} className="ml-2" />
+                            </Button>
+                        }
+                    </div>
                 </MetadataHeader>
                 <div className="px-3 my-3 d-flex justify-content-between" id="navigation">
                     <div>
@@ -115,6 +144,6 @@ export function MetadataOptions () {
                 </Button>
             </div>
             </>}
-        </DeleteSourceConfirmation>
+        </MetadataActions>
     );
 }
\ No newline at end of file
diff --git a/ui/src/app/metadata/view/MetadataWizard.js b/ui/src/app/metadata/view/MetadataWizard.js
index 00031692a..4a4b4b5c7 100644
--- a/ui/src/app/metadata/view/MetadataWizard.js
+++ b/ui/src/app/metadata/view/MetadataWizard.js
@@ -4,15 +4,48 @@ import { MetadataForm } from '../hoc/MetadataFormContext';
 import { MetadataSourceWizard } from '../wizard/MetadataSourceWizard';
 import { MetadataProviderWizard } from '../wizard/MetadataProviderWizard';
 import { Wizard } from '../wizard/Wizard';
+import { useMetadataEntity } from '../hooks/api';
+import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications';
+import { Prompt, useHistory } from 'react-router';
 
 export function MetadataWizard ({type, data, onCallback}) {
+
+    const history = useHistory();
+
+    const { post, loading, response } = useMetadataEntity(type === 'source' ? 'source' : 'provider');
+
+    const notificationDispatch = useNotificationDispatcher();
+
+    const [blocking, setBlocking] = React.useState(false);
+
+    async function save(metadata) {
+        console.log(metadata);
+        await post('', metadata);
+        if (response.ok) {
+            setBlocking(false);
+            history.push(`/dashboard/metadata/manager/${type === 'source' ? 'resolvers' : 'providers'}`);
+        } else {
+            const { errorCode, errorMessage, cause } = response.data;
+            notificationDispatch(createNotificationAction(
+                `${errorCode}: ${errorMessage} ${cause ? `-${cause}` : ''}`,
+                NotificationTypes.ERROR
+            ));
+        }
+    }
+
     return (
         <MetadataForm initial={data}>
+            <Prompt
+                when={blocking}
+                message={location =>
+                    `message.unsaved-editor`
+                }
+            />
             <Wizard>
                 {type === 'source' ?
-                    <MetadataSourceWizard onShowNav={onCallback} />
+                    <MetadataSourceWizard onSave={save} loading={loading} block={setBlocking} onShowNav={onCallback} />
                     :
-                    <MetadataProviderWizard onRestart={onCallback} />
+                    <MetadataProviderWizard onSave={save} loading={loading} block={setBlocking} onRestart={onCallback} />
                 }
             </Wizard>
         </MetadataForm>
diff --git a/ui/src/app/metadata/wizard/MetadataProviderWizard.js b/ui/src/app/metadata/wizard/MetadataProviderWizard.js
index 37022bd13..19808d918 100644
--- a/ui/src/app/metadata/wizard/MetadataProviderWizard.js
+++ b/ui/src/app/metadata/wizard/MetadataProviderWizard.js
@@ -7,19 +7,14 @@ import { checkChanges, useMetadataSchema } from '../hooks/schema';
 import { useMetadataFormDispatcher, setFormDataAction, setFormErrorAction, useMetadataFormData, useMetadataFormErrors } from '../hoc/MetadataFormContext';
 import { MetadataConfiguration } from '../component/MetadataConfiguration';
 import { Configuration } from '../hoc/Configuration';
-import { useMetadataEntity, useMetadataProviders } from '../hooks/api';
-import { Prompt, useHistory } from 'react-router';
-import { removeNull } from '../../core/utility/remove_null';
+import { useMetadataProviders } from '../hooks/api';
 
-import { useNotificationDispatcher, createNotificationAction, NotificationTypes } from '../../notifications/hoc/Notifications';
+import { removeNull } from '../../core/utility/remove_null';
 
-export function MetadataProviderWizard({onRestart}) {
+export function MetadataProviderWizard({onSave, loading, block}) {
 
     const { data } = useMetadataProviders({cachePolicy: 'no-cache'}, []);
 
-    const { post, loading, response } = useMetadataEntity('provider');
-    const history = useHistory();
-
     const definition = useMetadataDefinitionContext();
     const schema = useMetadataSchemaContext();
 
@@ -33,56 +28,30 @@ export function MetadataProviderWizard({onRestart}) {
 
     const wizardDispatch = useWizardDispatcher();
 
-    const notificationDispatch = useNotificationDispatcher();
-
     const current = useCurrentIndex();
 
     const onChange = (changes) => {
         formDispatch(setFormDataAction(changes.formData));
         formDispatch(setFormErrorAction(changes.errors));
-        setBlocking(checkChanges(metadata, changes.formData));
+        block(checkChanges(metadata, changes.formData));
     };
 
     const onEditFromSummary = (idx) => {
         wizardDispatch(setWizardIndexAction(idx));
     };
 
-    const onBlur = (form) => {
-        // console.log(form);
-    }
-
     const validator = definition.validator(data);
 
-    async function save() {
-        const body = removeNull(definition.parser(metadata), true);
-        await post('', body);
-        if (response.ok) {
-            setBlocking(false);
-            history.push('/dashboard/metadata/manager/providers');
-        } else {
-            const { errorCode, errorMessage, cause } = response.data;
-            notificationDispatch(createNotificationAction(
-                `${errorCode}: ${errorMessage} ${cause ? `-${cause}` : ''}`,
-                NotificationTypes.ERROR
-            ));
-        }
-    }
-
-    const [blocking, setBlocking] = React.useState(false);
+    const save = () => onSave(removeNull(definition.parser(metadata), true))
 
     return (
         <>
-            <Prompt
-                when={blocking}
-                message={location =>
-                    `message.unsaved-editor`
-                }
-            />
+            
             <div className="row mb-4">
                 <div className="col-12">
                     <WizardNav onSave={save}
-                        onRestart={onRestart}
-                        disabled={errors.length > 0 || loading} saving={loading} />
+                        disabled={errors.length > 0 || loading}
+                        saving={loading} />
                 </div>
             </div>
             <hr />
@@ -94,7 +63,6 @@ export function MetadataProviderWizard({onRestart}) {
                         schema={schema || {}}
                         current={current}
                         onChange={onChange}
-                        onBlur={onBlur}
                         validator={ validator } />
                 </div>
             </div>
diff --git a/ui/src/app/metadata/wizard/MetadataSourceWizard.js b/ui/src/app/metadata/wizard/MetadataSourceWizard.js
index 0d23b34af..57369b0dc 100644
--- a/ui/src/app/metadata/wizard/MetadataSourceWizard.js
+++ b/ui/src/app/metadata/wizard/MetadataSourceWizard.js
@@ -12,18 +12,13 @@ import { useMetadataDefinitionContext, useMetadataSchemaContext } from '../hoc/M
 import { useMetadataFormDispatcher, setFormDataAction, setFormErrorAction, useMetadataFormData, useMetadataFormErrors } from '../hoc/MetadataFormContext';
 import { MetadataConfiguration } from '../component/MetadataConfiguration';
 import { Configuration } from '../hoc/Configuration';
-import { useMetadataEntity, useMetadataSources } from '../hooks/api';
-import { Prompt, useHistory } from 'react-router';
-import { removeNull } from '../../core/utility/remove_null';
+import { useMetadataSources } from '../hooks/api';
 
 import Translate from '../../i18n/components/translate';
 import { checkChanges } from '../hooks/utility';
 
 
-export function MetadataSourceWizard ({ onShowNav }) {
-
-    const { post, loading, response } = useMetadataEntity('source');
-    const history = useHistory();
+export function MetadataSourceWizard ({ onShowNav, onSave, block, loading }) {
 
     const { data } = useMetadataSources({
         cachePolicy: 'no-cache'
@@ -50,39 +45,20 @@ export function MetadataSourceWizard ({ onShowNav }) {
     const onChange = (changes) => {
         formDispatch(setFormDataAction(changes.formData));
         formDispatch(setFormErrorAction(changes.errors));
-        setBlocking(checkChanges(metadata, changes.formData));
+        block(checkChanges(metadata, changes.formData));
     };
 
     const onEditFromSummary = (idx) => {
         wizardDispatch(setWizardIndexAction(idx));
     };
 
-    const onBlur = (form) => {
-        // console.log(form);
-    }
-
-    async function save () {
-        const body = removeNull(metadata, true);
-        await post('', body);
-        if (response.ok) {
-            setBlocking(false);
-            history.push('/');
-        }
-    }
-
-    const [blocking, setBlocking] = React.useState(false);
+    const save = () => onSave(definition.parser(metadata));
 
     const validator = definition.validator(data);
     const warnings = definition.warnings && definition.warnings(metadata);
 
     return (
         <>
-            <Prompt
-                when={blocking}
-                message={location =>
-                    `message.unsaved-editor`
-                }
-            />
             <div className="row mb-4">
                 <div className="col-12">
                     <WizardNav onSave={save} disabled={ errors.length > 0 || loading } saving={loading} />
@@ -109,7 +85,6 @@ export function MetadataSourceWizard ({ onShowNav }) {
                         schema={schema || {}}
                         current={current}
                         onChange={onChange}
-                        onBlur={onBlur}
                         validator={validator} />
                 </div>
             </div>
diff --git a/ui/src/app/metadata/wizard/MetadataWizardForm.js b/ui/src/app/metadata/wizard/MetadataWizardForm.js
index c508bd267..58000c605 100644
--- a/ui/src/app/metadata/wizard/MetadataWizardForm.js
+++ b/ui/src/app/metadata/wizard/MetadataWizardForm.js
@@ -12,7 +12,7 @@ function ErrorListTemplate () {
     return (<></>);
 }
 
-export function MetadataWizardForm ({ metadata, definition, schema, current, onChange, onBlur = false, validator }) {
+export function MetadataWizardForm ({ metadata, definition, schema, current, onChange, onBlur = () => {}, validator }) {
 
     const {uiSchema} = useUiSchema(definition, schema, current);
 

From 99381396ea5608266fdf65edfbdf10d55c36b5e9 Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Fri, 23 Jul 2021 14:00:52 -0700
Subject: [PATCH 03/24] Fixed issues with provider loading, updated filter
 enable functionality

---
 ui/src/app/metadata/Metadata.js               | 24 +++----
 .../MetadataFilterConfigurationList.js        | 69 ++++++++++---------
 .../MetadataFilterConfigurationListItem.js    | 16 +++--
 .../component/MetadataFilterEditorList.js     |  4 +-
 .../filter/component/MetadataFilters.js       | 24 ++++++-
 .../app/metadata/editor/MetadataFilterList.js |  3 +-
 ui/src/app/metadata/hoc/MetadataSchema.js     |  4 +-
 ui/src/app/metadata/hoc/MetadataSelector.js   |  4 +-
 ui/src/app/metadata/hooks/api.js              |  3 +-
 9 files changed, 94 insertions(+), 57 deletions(-)

diff --git a/ui/src/app/metadata/Metadata.js b/ui/src/app/metadata/Metadata.js
index 9fb70ad44..81cd1e35a 100644
--- a/ui/src/app/metadata/Metadata.js
+++ b/ui/src/app/metadata/Metadata.js
@@ -18,13 +18,12 @@ export function Metadata () {
     let { path } = useRouteMatch();
 
     return (
-        <>
-            <MetadataSelector>
-                {(entity, reload) =>
+        <MetadataSelector>
+            {(entity, reload) =>
                 <MetadataXmlLoader>
                     <MetadataSchema type={entity['@type'] ? entity['@type'] : 'source'}>
                         <Switch>
-                            <Route path={`${path}/configuration/options`} render={ () =>
+                            <Route path={`${path}/configuration/options`} render={() =>
                                 <MetadataDetail>
                                     <MetadataOptions reload={reload}></MetadataOptions>
                                 </MetadataDetail>
@@ -34,36 +33,35 @@ export function Metadata () {
                                     <MetadataXml></MetadataXml>
                                 </MetadataDetail>
                             } />
-                            <Route path={`${path}/configuration/history`} render={ () =>
+                            <Route path={`${path}/configuration/history`} render={() =>
                                 <MetadataDetail>
                                     <MetadataHistory></MetadataHistory>
                                 </MetadataDetail>
                             } />
-                            <Route path={`${path}/configuration/compare`} render={ () =>
+                            <Route path={`${path}/configuration/compare`} render={() =>
                                 <MetadataDetail>
                                     <MetadataComparison></MetadataComparison>
                                 </MetadataDetail>
                             } />
-                            <Route path={`${path}/configuration/version/:versionId/options`} render={ () =>
+                            <Route path={`${path}/configuration/version/:versionId/options`} render={() =>
                                 <MetadataDetail>
                                     <MetadataVersion></MetadataVersion>
                                 </MetadataDetail>
                             } />
-                            <Route path={`${path}/edit/:section`} render={ () =>
+                            <Route path={`${path}/edit/:section`} render={() =>
                                 <MetadataEdit />
                             } />
-                            <Route path={`${path}/restore/:versionId/:section`} exact render={ () =>
+                            <Route path={`${path}/restore/:versionId/:section`} exact render={() =>
                                 <MetadataConfirmRestore />
                             } />
-                            <Route path={`${path}/restore/:versionId/:section/edit`} render={ () =>
+                            <Route path={`${path}/restore/:versionId/:section/edit`} render={() =>
                                 <MetadataRestore />
                             } />
                             <Redirect exact path={`${path}`} to={`${path}/configuration/options`} />
                         </Switch>
                     </MetadataSchema>
                 </MetadataXmlLoader>
-                }
-            </MetadataSelector>
-        </>
+            }
+        </MetadataSelector>
     );
 }
\ No newline at end of file
diff --git a/ui/src/app/metadata/domain/filter/component/MetadataFilterConfigurationList.js b/ui/src/app/metadata/domain/filter/component/MetadataFilterConfigurationList.js
index 521055c12..04c33c10f 100644
--- a/ui/src/app/metadata/domain/filter/component/MetadataFilterConfigurationList.js
+++ b/ui/src/app/metadata/domain/filter/component/MetadataFilterConfigurationList.js
@@ -2,43 +2,50 @@ import React from 'react';
 
 import { Ordered } from '../../../../dashboard/component/Ordered';
 import { Translate } from '../../../../i18n/components/translate';
-import { MetadataFiltersContext } from './MetadataFilters';
+import { MetadataFilters, MetadataFiltersContext } from './MetadataFilters';
 
 import { MetadataFilterConfigurationListItem } from './MetadataFilterConfigurationListItem';
+import { MetadataFilterTypes } from '..';
 
 export function MetadataFilterConfigurationList ({provider, onDelete, editable = true}) {
-    const filters = React.useContext(MetadataFiltersContext);
+    // const filters = React.useContext(MetadataFiltersContext);
 
     return (
-        <Ordered path={`/MetadataResolvers/${provider.resourceId}/FiltersPositionOrder` } entities={filters}>
-            {(ordered, first, last, onOrderUp, onOrderDown) =>
-                <>
-                    {ordered.length > 0 && 
-                    <ul className="list-group list-group-flush">
-                        {ordered.map((filter, i) =>
-                            <li className="list-group-item" key={i}>
-                                <MetadataFilterConfigurationListItem
-                                    filter={ filter }
-                                    index={i}
-                                    isFirst={ first === filter.resourceId }
-                                    isLast={ last === filter.resourceId }
-                                    editable={ editable }
-                                    onOrderDown={onOrderDown}
-                                    onOrderUp={onOrderUp}
-                                    onRemove={() => onDelete(filter.resourceId)}
-                                />
-                            </li>
-                        )}
-                    </ul>
-                    }
-                    { filters && filters.length < 1 &&
-                    <div className="alert alert-info m-4">
-                        <h3><Translate value="message.no-filters">No Filters</Translate></h3>
-                        <p><Translate value="message.no-filters-added">No filters have been added to this Metadata Provider</Translate></p>
-                    </div>
-                    }
-                </>
+        <MetadataFilters providerId={provider.resourceId} types={MetadataFilterTypes}>
+            {(filters, onUpdate, onDelete, onEnable, loading) =>
+            <Ordered path={`/MetadataResolvers/${provider.resourceId}/FiltersPositionOrder` } entities={filters}>
+                {(ordered, first, last, onOrderUp, onOrderDown) =>
+                    <>
+                        {ordered.length > 0 && 
+                        <ul className="list-group list-group-flush">
+                            {ordered.map((filter, i) =>
+                                <li className="list-group-item" key={i}>
+                                    <MetadataFilterConfigurationListItem
+                                        filter={ filter }
+                                        index={i}
+                                        loading={loading}
+                                        isFirst={ first === filter.resourceId }
+                                        isLast={ last === filter.resourceId }
+                                        editable={ editable }
+                                        onOrderDown={onOrderDown}
+                                        onOrderUp={onOrderUp}
+                                        onEnable={ onEnable }
+                                        onRemove={() => onDelete(filter.resourceId)}
+                                    />
+                                </li>
+                            )}
+                        </ul>
+                        }
+                        { filters && filters.length < 1 &&
+                        <div className="alert alert-info m-4">
+                            <h3><Translate value="message.no-filters">No Filters</Translate></h3>
+                            <p><Translate value="message.no-filters-added">No filters have been added to this Metadata Provider</Translate></p>
+                        </div>
+                        }
+                    </>
+                }
+            </Ordered>
             }
-        </Ordered>
+        </MetadataFilters>
     );
 }
\ No newline at end of file
diff --git a/ui/src/app/metadata/domain/filter/component/MetadataFilterConfigurationListItem.js b/ui/src/app/metadata/domain/filter/component/MetadataFilterConfigurationListItem.js
index 4601db323..3c336a27e 100644
--- a/ui/src/app/metadata/domain/filter/component/MetadataFilterConfigurationListItem.js
+++ b/ui/src/app/metadata/domain/filter/component/MetadataFilterConfigurationListItem.js
@@ -3,6 +3,7 @@ import React from 'react';
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
 import { faArrowCircleDown, faArrowCircleUp, faChevronUp, faEdit, faTrash } from '@fortawesome/free-solid-svg-icons';
 import Button from 'react-bootstrap/Button';
+import Form from 'react-bootstrap/Form';
 
 import { Translate } from '../../../../i18n/components/translate';
 import { Link } from 'react-router-dom';
@@ -11,7 +12,7 @@ import { MetadataConfiguration } from '../../../component/MetadataConfiguration'
 import { useMetadataConfiguration } from '../../../hooks/configuration';
 import useFetch from 'use-http';
 
-export function MetadataFilterConfigurationListItem ({ filter, isLast, isFirst, onOrderUp, onOrderDown, editable, onRemove, index }) {
+export function MetadataFilterConfigurationListItem ({ filter, isLast, isFirst, onOrderUp, onOrderDown, onEnable, editable, onRemove, loading, index }) {
     const [open, setOpen] = React.useState(false);
 
     const definition = React.useMemo(() => getDefinition(filter['@type'], ), [filter]);
@@ -49,10 +50,15 @@ export function MetadataFilterConfigurationListItem ({ filter, isLast, isFirst,
             }
             <Button variant="link" className="mx-4" onClick={ () => setOpen(!open) }>{ filter.name }</Button>
             <span className="">{ filter['@type'] }</span>
-            <span className="ml-4">
-                <span className="badge badge-primary">
-                    <Translate value={filter.filterEnabled ? 'label.enabled' : 'label.disabled'} />
-                </span>
+            <span className="ml-auto">
+                <Form.Check type="switch"
+                    id={`customSwitch-${filter.resourceId}`}
+                    label={<Translate value={filter.filterEnabled ? 'label.enabled' : 'label.disabled'} />}
+                    checked={filter.filterEnabled}
+                    disabled={loading}
+                    onChange={({ target: { checked } }) => onEnable(filter, checked)} />
+                {filter.disabled && <i className="fa fa-spinner fa-pulse fa-lg fa-fw"></i>}
+                
             </span>
         </div>
         {open &&
diff --git a/ui/src/app/metadata/domain/filter/component/MetadataFilterEditorList.js b/ui/src/app/metadata/domain/filter/component/MetadataFilterEditorList.js
index f5b23aa23..befeef819 100644
--- a/ui/src/app/metadata/domain/filter/component/MetadataFilterEditorList.js
+++ b/ui/src/app/metadata/domain/filter/component/MetadataFilterEditorList.js
@@ -9,7 +9,7 @@ import { faArrowCircleDown, faArrowCircleUp, faEdit, faTrash } from '@fortawesom
 import { Ordered } from '../../../../dashboard/component/Ordered';
 import { Translate } from '../../../../i18n/components/translate';
 
-export function MetadataFilterEditorList ({provider, filters, onDelete, onUpdate, loading}) {
+export function MetadataFilterEditorList ({provider, filters, onDelete, onUpdate, onEnable, loading}) {
 
     return (
         <Ordered path={`/MetadataResolvers/${provider.resourceId}/FiltersPositionOrder` } entities={filters}>
@@ -51,7 +51,7 @@ export function MetadataFilterEditorList ({provider, filters, onDelete, onUpdate
                                             label={<span className="sr-only">Toggle this switch element</span>}
                                             checked={filter.filterEnabled}
                                             disabled={loading}
-                                            onChange={() => onUpdate({ ...filter, filterEnabled: !filter.filterEnabled })} />
+                                            onChange={({target: { checked }}) => onEnable(filter, checked)} />
                                         {filter.disabled && <i className="fa fa-spinner fa-pulse fa-lg fa-fw"></i>}
                                     </div>
                                 </td>
diff --git a/ui/src/app/metadata/domain/filter/component/MetadataFilters.js b/ui/src/app/metadata/domain/filter/component/MetadataFilters.js
index 13a22b53c..d38c97013 100644
--- a/ui/src/app/metadata/domain/filter/component/MetadataFilters.js
+++ b/ui/src/app/metadata/domain/filter/component/MetadataFilters.js
@@ -1,11 +1,14 @@
 import React from 'react';
 import { useMetadataFilters } from '../../../hooks/api';
 import { DeleteConfirmation } from '../../../component/DeleteConfirmation';
+import { NotificationContext, createNotificationAction } from '../../../../notifications/hoc/Notifications';
 
 export const MetadataFiltersContext = React.createContext();
 
 export function MetadataFilters ({ providerId, types = [], filters, children }) {
 
+    const { dispatch } = React.useContext(NotificationContext);
+
     const { put, del, get, response, loading } = useMetadataFilters(providerId, {
         cachePolicy: 'no-cache'
     });
@@ -23,12 +26,31 @@ export function MetadataFilters ({ providerId, types = [], filters, children })
         await put(`/${filter.resourceId}`, filter);
         if (response.ok) {
             loadFilters(providerId);
+            dispatch(createNotificationAction(
+                `Metadata Filter has been updated.`
+            ));
+        }
+    }
+
+    async function enableFilter(filter, enabled) {
+        await put(`/${filter.resourceId}`, {
+            ...filter,
+            filterEnabled: enabled
+        });
+        if (response.ok) {
+            dispatch(createNotificationAction(
+                `Metadata Filter has been ${enabled ? 'enabled' : 'disabled'}.`
+            ));
+            loadFilters(providerId);
         }
     }
 
     async function deleteFilter(filterId) {
         await del(`/${filterId}`);
         if (response.ok) {
+            dispatch(createNotificationAction(
+                `Metadata Filter has been deleted.`
+            ));
             loadFilters();
         }
     }
@@ -50,7 +72,7 @@ export function MetadataFilters ({ providerId, types = [], filters, children })
         <DeleteConfirmation title={`message.delete-filter-title`} body={`message.delete-filter-body`}>
             {(block) =>
                 <MetadataFiltersContext.Provider value={filterData}>
-                    {children(filterData, onUpdate, (id) => block(() => onDelete(id)), loading)}
+                    {children(filterData, onUpdate, (id) => block(() => onDelete(id)), enableFilter, loading)}
                 </MetadataFiltersContext.Provider>
             }
         </DeleteConfirmation>
diff --git a/ui/src/app/metadata/editor/MetadataFilterList.js b/ui/src/app/metadata/editor/MetadataFilterList.js
index 9b71f6ee5..699b1c400 100644
--- a/ui/src/app/metadata/editor/MetadataFilterList.js
+++ b/ui/src/app/metadata/editor/MetadataFilterList.js
@@ -90,12 +90,13 @@ export function MetadataFilterList() {
                         <div className="col-lg-9">
                             {definition && schema && current &&
                                 <MetadataFilters providerId={current.resourceId} types={MetadataFilterTypes}>
-                                    {(filters, onUpdate, onDelete, loading) =>
+                                    {(filters, onUpdate, onDelete, onEnable, loading) =>
                                         <MetadataFilterEditorList
                                             editable={true}
                                             loading={loading}
                                             provider={current}
                                             filters={filters}
+                                            onEnable={onEnable}
                                             onUpdate={onUpdate}
                                             onDelete={onDelete} />
                                     }
diff --git a/ui/src/app/metadata/hoc/MetadataSchema.js b/ui/src/app/metadata/hoc/MetadataSchema.js
index ec6dd49f0..c8a8365ee 100644
--- a/ui/src/app/metadata/hoc/MetadataSchema.js
+++ b/ui/src/app/metadata/hoc/MetadataSchema.js
@@ -9,7 +9,9 @@ export function MetadataSchema({ type, children, wizard = false }) {
 
     const definition = React.useMemo(() => wizard ? getWizard(type) : getDefinition(type), [type, wizard]);
 
-    const { get, response } = useFetch(``, {}, []);
+    const { get, response } = useFetch(``, {
+        cachePolicy: 'no-cache'
+    });
 
     const [schema, setSchema] = React.useState();
 
diff --git a/ui/src/app/metadata/hoc/MetadataSelector.js b/ui/src/app/metadata/hoc/MetadataSelector.js
index fd37ed2c3..6174d2e3a 100644
--- a/ui/src/app/metadata/hoc/MetadataSelector.js
+++ b/ui/src/app/metadata/hoc/MetadataSelector.js
@@ -23,7 +23,7 @@ export function MetadataSelector({ children, ...props }) {
 
     const { get, response } = useMetadataEntity(type);
 
-    const [metadata, setMetadata] = React.useState([]);
+    const [metadata, setMetadata] = React.useState();
 
     async function loadMetadata(id) {
         const source = await get(`/${id}`);
@@ -34,7 +34,7 @@ export function MetadataSelector({ children, ...props }) {
 
     const reload = () => loadMetadata(id);
 
-    React.useEffect(() => { loadMetadata(id) }, [id]);
+    React.useEffect(reload, [id]);
 
     return (
         <>
diff --git a/ui/src/app/metadata/hooks/api.js b/ui/src/app/metadata/hooks/api.js
index d0f30ef38..cc2afa9c7 100644
--- a/ui/src/app/metadata/hooks/api.js
+++ b/ui/src/app/metadata/hooks/api.js
@@ -61,7 +61,8 @@ export const xmlRequestInterceptor = ({ options }) => {
 export function useMetadataEntityXml(type = 'source', opts = {
     interceptors: {
         request: xmlRequestInterceptor
-    }
+    },
+    cachePolicy: 'no-cache'
 }) {
     return useFetch(`${API_BASE_PATH}${getMetadataPath(type)}`, opts);
 }

From 066318b0a1f3540cd41948034436184c1196fb59 Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Wed, 28 Jul 2021 15:28:03 -0700
Subject: [PATCH 04/24] SHIBUI-1844

correcting API for role
---
 .../ui/controller/ActivateController.java     | 23 +++++++++++++++++++
 .../security/controller/RolesController.java  | 15 +++++++++---
 2 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java
new file mode 100644
index 000000000..10b0a742b
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java
@@ -0,0 +1,23 @@
+package edu.internet2.tier.shibboleth.admin.ui.controller;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository;
+import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
+
+@RestController
+@RequestMapping("/api/activate")
+public class ActivateController {
+    @Autowired
+    private UserService userService;
+    
+    @Autowired
+    private EntityDescriptorRepository entityDescriptorRepo;
+    
+    
+    
+    
+// Enable/disable for : entity descriptor, provider, filter
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java
index 12cfe7025..d576e0630 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java
@@ -1,5 +1,7 @@
 package edu.internet2.tier.shibboleth.admin.ui.security.controller;
 
+import java.util.Optional;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -56,10 +58,17 @@ public ResponseEntity<?> getOne(@PathVariable String resourceId) throws EntityNo
     }
 
     @Secured("ROLE_ADMIN")
-    @PutMapping
+    @PutMapping(path = {"/", "/{resourceId}" })
     @Transactional
-    public ResponseEntity<?> update(@RequestBody Role role) throws EntityNotFoundException {
-        Role result = rolesService.updateRole(role);
+    public ResponseEntity<?> update(@RequestBody Role incomingRoleDetail, @PathVariable Optional<String> resourceId) throws EntityNotFoundException {
+        Role updateRole;
+        if (resourceId.isPresent()) {
+            updateRole = rolesService.findByResourceId(resourceId.get());
+        } else {
+            updateRole = rolesService.findByResourceId(incomingRoleDetail.getResourceId());
+        }
+        updateRole.setName(incomingRoleDetail.getName());
+        Role result = rolesService.updateRole(updateRole);
         return ResponseEntity.ok(result);
     }
 }

From 9445355b20ea87ffef1794801672ede0de9898af Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Thu, 29 Jul 2021 08:49:44 -0700
Subject: [PATCH 05/24] Added roles management

---
 .../main/resources/i18n/messages.properties   |  19 +++-
 ui/public/assets/schema/roles/role.json       |  15 +++
 ui/src/app/App.js                             |   2 +
 ui/src/app/admin/Roles.js                     |  32 ++++++
 ui/src/app/admin/component/RoleForm.js        |  68 ++++++++++++
 ui/src/app/admin/container/EditRole.js        |  91 +++++++++++++++
 ui/src/app/admin/container/MetadataActions.js |   2 +-
 ui/src/app/admin/container/NewRole.js         |  79 +++++++++++++
 ui/src/app/admin/container/RoleList.js        |  78 +++++++++++++
 ui/src/app/admin/hoc/RoleProvider.js          |  20 ++++
 ui/src/app/admin/hoc/RolesProvider.js         |  42 +++++++
 ui/src/app/admin/hooks.js                     |  20 ++++
 .../components}/DeleteConfirmation.js         |   2 +-
 .../components}/DeleteConfirmation.test.js    |   2 +-
 ui/src/app/core/components/Header.js          |   6 +-
 .../core/components/UserConfirmation.test.js  |   2 +-
 ui/src/app/form/FormManager.js                | 105 ++++++++++++++++++
 ui/src/app/form/Schema.js                     |  24 ++++
 .../filter/component/MetadataFilters.js       |   2 +-
 .../metadata/view/MetadataAttributeList.js    |   2 +-
 20 files changed, 605 insertions(+), 8 deletions(-)
 create mode 100644 ui/public/assets/schema/roles/role.json
 create mode 100644 ui/src/app/admin/Roles.js
 create mode 100644 ui/src/app/admin/component/RoleForm.js
 create mode 100644 ui/src/app/admin/container/EditRole.js
 create mode 100644 ui/src/app/admin/container/NewRole.js
 create mode 100644 ui/src/app/admin/container/RoleList.js
 create mode 100644 ui/src/app/admin/hoc/RoleProvider.js
 create mode 100644 ui/src/app/admin/hoc/RolesProvider.js
 create mode 100644 ui/src/app/admin/hooks.js
 rename ui/src/app/{metadata/component => core/components}/DeleteConfirmation.js (93%)
 rename ui/src/app/{metadata/component => core/components}/DeleteConfirmation.test.js (97%)
 create mode 100644 ui/src/app/form/FormManager.js
 create mode 100644 ui/src/app/form/Schema.js

diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties
index 1c103c695..749267367 100644
--- a/backend/src/main/resources/i18n/messages.properties
+++ b/backend/src/main/resources/i18n/messages.properties
@@ -66,6 +66,10 @@ action.custom-entity-attributes=Custom Entity Attributes
 action.enable=Enable
 action.disable=Disable
 
+action.add-new-role=Add new role
+action.roles=Roles
+action.source-role=Role
+
 value.enabled=Enabled
 value.disabled=Disabled
 value.current=Current
@@ -483,6 +487,16 @@ label.by=By
 label.source=Metadata Source
 label.provider=Metadata Provider
 
+label.roles-management=Role Management
+label.new-role=New Role
+label.role-name=Role Name
+label.role-description=Role Description
+label.role=Role
+
+message.delete-role-title=Delete Role?
+
+message.delete-role-body=You are requesting to delete a role. If you complete this process the role will be removed. This cannot be undone. Do you wish to continue?
+
 message.delete-user-title=Delete User?
 message.delete-user-body=You are requesting to delete a user. If you complete this process the user will be removed. This cannot be undone. Do you wish to continue?
 
@@ -669,4 +683,7 @@ tooltip.match=A regular expression against which the entityID is evaluated.
 tooltip.remove-existing-formats=Whether to remove any existing formats from a role if any are added by the filter (unmodified roles will be untouched regardless of this setting)
 tooltip.nameid-formats-format=Format
 tooltip.nameid-formats-value=Value
-tooltip.nameid-formats-type=Type
\ No newline at end of file
+tooltip.nameid-formats-type=Type
+
+tooltip.role-name=Role Name
+tooltip.role-description=Role Description
\ No newline at end of file
diff --git a/ui/public/assets/schema/roles/role.json b/ui/public/assets/schema/roles/role.json
new file mode 100644
index 000000000..8145fae88
--- /dev/null
+++ b/ui/public/assets/schema/roles/role.json
@@ -0,0 +1,15 @@
+{
+    "type": "object",
+    "required": [
+        "name"
+    ],
+    "properties": {
+        "name": {
+            "title": "label.role-name",
+            "description": "tooltip.role-name",
+            "type": "string",
+            "minLength": 1,
+            "maxLength": 255
+        }
+    }
+}
\ No newline at end of file
diff --git a/ui/src/app/App.js b/ui/src/app/App.js
index 5d0c4e1e4..c65324bb9 100644
--- a/ui/src/app/App.js
+++ b/ui/src/app/App.js
@@ -26,6 +26,7 @@ import { NewProvider } from './metadata/new/NewProvider';
 import { Filter } from './metadata/Filter';
 import { Contention } from './metadata/contention/ContentionContext';
 import { SessionModal } from './core/user/SessionModal';
+import { Roles } from './admin/Roles';
 import Button from 'react-bootstrap/Button';
 
 
@@ -79,6 +80,7 @@ function App() {
                                                     <Route path="/metadata/attributes" component={Attribute} />
                                                     <Route path={`/metadata/provider/:id/filter`} component={Filter} />
                                                     <Route path="/metadata/:type/:id" component={Metadata} />
+                                                    <Route path="/roles" component={Roles} />
                                                     <Route path="*">
                                                         <Redirect to="/dashboard" />
                                                     </Route>
diff --git a/ui/src/app/admin/Roles.js b/ui/src/app/admin/Roles.js
new file mode 100644
index 000000000..08daed90d
--- /dev/null
+++ b/ui/src/app/admin/Roles.js
@@ -0,0 +1,32 @@
+import React from 'react';
+import { Switch, Route, useRouteMatch, Redirect } from 'react-router-dom';
+import { RolesProvider } from './hoc/RolesProvider';
+import { NewRole } from './container/NewRole';
+import { EditRole } from './container/EditRole';
+import { RoleList } from './container/RoleList';
+
+export function Roles() {
+
+    let { path } = useRouteMatch();
+
+    return (
+        <>
+            <Switch>
+                <Route path={`${path}/list`} render={() =>
+                    <RolesProvider>
+                        {(roles, onDelete) =>
+                            <RoleList roles={roles} onDelete={onDelete} />
+                        }
+                    </RolesProvider>
+                } />
+                <Route path={`${path}/new`} render={() =>
+                    <NewRole />
+                } />
+                <Route path={`${path}/:id/edit`} render={() =>
+                    <EditRole />
+                } />
+                <Redirect exact path={`${path}`} to={`${path}/list`} />
+            </Switch>
+        </>
+    );
+}
\ No newline at end of file
diff --git a/ui/src/app/admin/component/RoleForm.js b/ui/src/app/admin/component/RoleForm.js
new file mode 100644
index 000000000..074cb5b09
--- /dev/null
+++ b/ui/src/app/admin/component/RoleForm.js
@@ -0,0 +1,68 @@
+import React from 'react';
+import Button from 'react-bootstrap/Button';
+import Form from '@rjsf/bootstrap-4';
+import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
+import { faSpinner, faSave } from '@fortawesome/free-solid-svg-icons';
+import Translate from '../../i18n/components/translate';
+
+import { useRoleUiSchema } from '../hooks';
+import { fields, widgets } from '../../form/component';
+import { templates } from '../../form/component';
+import { FormContext, setFormDataAction, setFormErrorAction } from '../../form/FormManager';
+
+function ErrorListTemplate() {
+    return (<></>);
+}
+
+export function RoleForm({ role = {}, errors = [], loading = false, schema, onSave, onCancel }) {
+
+    const { dispatch } = React.useContext(FormContext);
+    const onChange = ({ formData, errors }) => {
+        dispatch(setFormDataAction(formData));
+        dispatch(setFormErrorAction(errors));
+    };
+
+    const uiSchema = useRoleUiSchema();
+
+    return (<>
+        <div className="container-fluid">
+            <div className="d-flex justify-content-end align-items-center">
+                <React.Fragment>
+                    <Button variant="info" className="mr-2"
+                        type="button"
+                        onClick={() => onSave(role)}
+                        disabled={errors.length > 0 || loading}
+                        aria-label="Save changes to the metadata source. You will return to the dashboard">
+                        <FontAwesomeIcon icon={loading ? faSpinner : faSave} pulse={loading} />&nbsp;
+                        <Translate value="action.save">Save</Translate>
+                    </Button>
+                    <Button variant="secondary"
+                        type="button"
+                        onClick={() => onCancel()} aria-label="Cancel changes, go back to dashboard">
+                        <Translate value="action.cancel">Cancel</Translate>
+                    </Button>
+                </React.Fragment>
+            </div>
+            <hr />
+            <div className="row">
+                <div className="col-12 col-lg-6 order-2">
+                    <Form formData={role}
+                        noHtml5Validate={true}
+                        onChange={(form) => onChange(form)}
+                        schema={schema}
+                        uiSchema={uiSchema}
+                        FieldTemplate={templates.FieldTemplate}
+                        ObjectFieldTemplate={templates.ObjectFieldTemplate}
+                        ArrayFieldTemplate={templates.ArrayFieldTemplate}
+                        fields={fields}
+                        widgets={widgets}
+                        liveValidate={true}
+                        ErrorList={ErrorListTemplate}>
+                        <></>
+                    </Form>
+                </div>
+            </div>
+        </div>
+    </>)
+}
+/**/
\ No newline at end of file
diff --git a/ui/src/app/admin/container/EditRole.js b/ui/src/app/admin/container/EditRole.js
new file mode 100644
index 000000000..cc8d802ed
--- /dev/null
+++ b/ui/src/app/admin/container/EditRole.js
@@ -0,0 +1,91 @@
+import React from 'react';
+
+import { Prompt, useHistory } from 'react-router';
+import { useParams } from 'react-router-dom';
+import Translate from '../../i18n/components/translate';
+import { useRoles } from '../hooks';
+import { Schema } from '../../form/Schema';
+import { FormManager } from '../../form/FormManager';
+
+import { RoleForm } from '../component/RoleForm';
+import { RoleProvider } from '../hoc/RoleProvider';
+import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications';
+import { useTranslator } from '../../i18n/hooks';
+
+export function EditRole() {
+
+    const { id } = useParams();
+
+    const notifier = useNotificationDispatcher();
+    const translator = useTranslator();
+
+    const history = useHistory();
+
+    const { put, response, loading } = useRoles();
+
+    const [blocking, setBlocking] = React.useState(false);
+
+    async function save(role) {
+        let toast;
+        const resp = await put(``, role);
+        if (response.ok) {
+            gotoDetail({ refresh: true });
+            toast = createNotificationAction(`Updated role successfully.`, NotificationTypes.SUCCESS);
+        } else {
+            toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR);
+        }
+        if (toast) {
+            notifier(toast);
+        }
+    };
+
+    const cancel = () => {
+        gotoDetail();
+    };
+
+    const gotoDetail = (state = null) => {
+        setBlocking(false);
+        history.push(`/roles`, state);
+    };
+
+    return (
+        <div className="container-fluid p-3">
+            <Prompt
+                when={blocking}
+                message={location =>
+                    `message.unsaved-editor`
+                }
+            />
+            <section className="section" tabIndex="0">
+                <div className="section-header bg-info p-2 text-white">
+                    <div className="row justify-content-between">
+                        <div className="col-md-12">
+                            <span className="display-6"><Translate value="label.edit-role">Edit role</Translate></span>
+                        </div>
+                    </div>
+                </div>
+                <div className="section-body p-4 border border-top-0 border-info">
+                    <RoleProvider id={id}>
+                        {(role) =>
+                            <Schema path={`/assets/schema/roles/role.json`}>
+                                {(schema) =>
+                                    <>{role &&
+                                        <FormManager initial={role}>
+                                            {(data, errors) =>
+                                                <RoleForm
+                                                    role={data}
+                                                    errors={errors}
+                                                    schema={schema}
+                                                    loading={loading}
+                                                    onSave={(data) => save(data)}
+                                                    onCancel={() => cancel()} />}
+                                        </FormManager>
+                                    }</>}
+                            </Schema>
+                        }
+                    </RoleProvider>
+                </div>
+            </section>
+        </div>
+    );
+}
\ No newline at end of file
diff --git a/ui/src/app/admin/container/MetadataActions.js b/ui/src/app/admin/container/MetadataActions.js
index 80f43d56a..4500354f4 100644
--- a/ui/src/app/admin/container/MetadataActions.js
+++ b/ui/src/app/admin/container/MetadataActions.js
@@ -1,5 +1,5 @@
 import React from 'react';
-import { DeleteConfirmation } from '../../metadata/component/DeleteConfirmation';
+import { DeleteConfirmation } from '../../core/components/DeleteConfirmation';
 import { useMetadataEntity } from '../../metadata/hooks/api';
 
 import { NotificationContext, createNotificationAction } from '../../notifications/hoc/Notifications';
diff --git a/ui/src/app/admin/container/NewRole.js b/ui/src/app/admin/container/NewRole.js
new file mode 100644
index 000000000..6d1abfc56
--- /dev/null
+++ b/ui/src/app/admin/container/NewRole.js
@@ -0,0 +1,79 @@
+import React from 'react';
+
+import { Prompt, useHistory } from 'react-router';
+import Translate from '../../i18n/components/translate';
+import { useRoles } from '../hooks';
+import { Schema } from '../../form/Schema';
+import { FormManager } from '../../form/FormManager';
+import { RoleForm } from '../component/RoleForm';
+
+import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications';
+import { useTranslator } from '../../i18n/hooks';
+
+export function NewRole() {
+    const history = useHistory();
+    const notifier = useNotificationDispatcher();
+    const translator = useTranslator();
+
+    const { post, response, loading } = useRoles({});
+
+    const [blocking, setBlocking] = React.useState(false);
+
+    async function save(role) {
+        let toast;
+        const resp = await post(``, role);
+        if (response.ok) {
+            gotoDetail({ refresh: true });
+            toast = createNotificationAction(`Added role successfully.`, NotificationTypes.SUCCESS);
+        } else {
+            toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR);
+        }
+        if (toast) {
+            notifier(toast);
+        }
+    };
+
+    const cancel = () => {
+        gotoDetail();
+    };
+
+    const gotoDetail = (state = null) => {
+        setBlocking(false);
+        history.push(`/roles`, state);
+    };
+
+    return (
+        <div className="container-fluid p-3">
+            <Prompt
+                when={blocking}
+                message={location =>
+                    `message.unsaved-editor`
+                }
+            />
+            <section className="section" tabIndex="0">
+                <div className="section-header bg-info p-2 text-white">
+                    <div className="row justify-content-between">
+                        <div className="col-md-12">
+                            <span className="display-6"><Translate value="label.new-role">Add a new role</Translate></span>
+                        </div>
+                    </div>
+                </div>
+                <div className="section-body p-4 border border-top-0 border-info">
+                    <Schema path={`/assets/schema/roles/role.json`}>
+                        {(schema) =>
+                            <FormManager initial={{}}>
+                                {(data, errors) =>
+                                    <RoleForm
+                                        role={data}
+                                        errors={errors}
+                                        schema={schema}
+                                        loading={loading}
+                                        onSave={(data) => save(data)}
+                                        onCancel={() => cancel()} />}
+                            </FormManager>}
+                    </Schema>
+                </div>
+            </section>
+        </div>
+    );
+}
\ No newline at end of file
diff --git a/ui/src/app/admin/container/RoleList.js b/ui/src/app/admin/container/RoleList.js
new file mode 100644
index 000000000..e48851f90
--- /dev/null
+++ b/ui/src/app/admin/container/RoleList.js
@@ -0,0 +1,78 @@
+import React from 'react';
+import { faEdit, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons';
+import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
+
+import Button from 'react-bootstrap/Button';
+import { Link } from 'react-router-dom';
+
+import { Translate } from '../../i18n/components/translate';
+
+import { DeleteConfirmation } from '../../core/components/DeleteConfirmation';
+
+export function RoleList({ roles, onDelete }) {
+
+    const remove = (id) => {
+        onDelete(id);
+    }
+
+    return (
+        <DeleteConfirmation title={`message.delete-role-title`} body={`message.delete-role-body`}>
+            {(block) =>
+                <div className="container-fluid p-3">
+                    <section className="section">
+                        <div className="section-body border border-top-0 border-primary">
+                            <div className="section-header bg-primary p-2 text-light">
+                                <span className="lead">
+                                    <Translate value="label.roles-management">Roles Management</Translate>
+                                </span>
+                            </div>
+                            <div className="p-3">
+                                <div className="d-flex justify-content-end w-100">
+                                    <Link to="./new" className="btn btn-sm btn-success">
+                                        <FontAwesomeIcon icon={faPlusCircle} /> &nbsp;
+                                        <Translate value="action.add-new-role">Add new role</Translate>
+                                    </Link>
+                                </div>
+                                <div className="table-responsive mt-3">
+                                    <table className="table table-striped w-100 table-hover">
+                                        <thead>
+                                            <tr>
+                                                <th>
+                                                    <Translate value="label.role-name">Role Name</Translate>
+                                                </th>
+                                                <th><span className="sr-only"><Translate value="label.actions">Actions</Translate></span></th>
+                                            </tr>
+                                        </thead>
+                                        <tbody>
+                                            {(roles?.length > 0) ? roles.map((role, i) =>
+                                                <tr key={i}>
+                                                    <td>{role.name}</td>
+                                                    <td className="text-right">
+                                                        <Link to={`../roles/${role.resourceId}/edit`} className="btn btn-link text-primary">
+                                                            <FontAwesomeIcon icon={faEdit} size="lg" />
+                                                            <span className="sr-only">
+                                                                <Translate value="action.edit">Edit</Translate>
+                                                            </span>
+                                                        </Link>
+                                                        <Button variant="link" className="text-danger" onClick={() => block(() => remove(role.resourceId))}>
+                                                            <FontAwesomeIcon icon={faTrash} size="lg" />
+                                                            <span className="sr-only">
+                                                                <Translate value="action.delete">Delete</Translate>
+                                                            </span>
+                                                        </Button>
+                                                    </td>
+                                                </tr>
+                                            ) : <tr>
+                                                <td colSpan="3">No roles defined.</td>
+                                            </tr>}
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                    </section>
+                </div>
+            }
+        </DeleteConfirmation>
+    );
+}
\ No newline at end of file
diff --git a/ui/src/app/admin/hoc/RoleProvider.js b/ui/src/app/admin/hoc/RoleProvider.js
new file mode 100644
index 000000000..ce4000cf8
--- /dev/null
+++ b/ui/src/app/admin/hoc/RoleProvider.js
@@ -0,0 +1,20 @@
+import React from 'react';
+import { useRole } from '../hooks';
+
+export function RoleProvider({ id, children }) {
+
+    const [role, setRole] = React.useState();
+    const { get, response } = useRole(id);
+
+    async function loadRole() {
+        const role = await get(``);
+        if (response.ok) {
+            setRole(role);
+        }
+    }
+
+    /*eslint-disable react-hooks/exhaustive-deps*/
+    React.useEffect(() => { loadRole() }, []);
+
+    return (<>{children(role)}</>);
+}
\ No newline at end of file
diff --git a/ui/src/app/admin/hoc/RolesProvider.js b/ui/src/app/admin/hoc/RolesProvider.js
new file mode 100644
index 000000000..e87d96539
--- /dev/null
+++ b/ui/src/app/admin/hoc/RolesProvider.js
@@ -0,0 +1,42 @@
+import React from 'react';
+import { useRoles } from '../hooks';
+import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications';
+import { useTranslator } from '../../i18n/hooks';
+
+export function RolesProvider({ children, cache = 'no-cache' }) {
+
+    const [roles, setRoles] = React.useState([]);
+
+    const notifier = useNotificationDispatcher();
+    const translator = useTranslator();
+
+    const { get, del, response, loading } = useRoles({
+        cachePolicy: cache
+    });
+
+    async function loadRoles() {
+        const list = await get(``);
+        if (response.ok) {
+            setRoles(list);
+        }
+    }
+
+    async function removeRole(id) {
+        let toast;
+        const resp = await del(`/${id}`);
+        if (response.ok) {
+            loadRoles();
+            toast = createNotificationAction(`Deleted role successfully.`, NotificationTypes.SUCCESS);
+        } else {
+            toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR);
+        }
+        if (toast) {
+            notifier(toast);
+        }
+    }
+
+    /*eslint-disable react-hooks/exhaustive-deps*/
+    React.useEffect(() => { loadRoles() }, []);
+
+    return (<>{children(roles, removeRole, loading)}</>);
+}
\ No newline at end of file
diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js
new file mode 100644
index 000000000..919be8e4e
--- /dev/null
+++ b/ui/src/app/admin/hooks.js
@@ -0,0 +1,20 @@
+import useFetch from 'use-http';
+import API_BASE_PATH from '../App.constant';
+
+export function useRoles(opts = { cachePolicy: 'no-cache' }) {
+    return useFetch(`${API_BASE_PATH}/admin/roles`, opts);
+}
+
+export function useRole(id) {
+    return useFetch(`${API_BASE_PATH}/admin/roles/${id}`, {
+        cachePolicy: 'no-cache'
+    });
+}
+
+export function useRoleUiSchema() {
+    return {
+        description: {
+            'ui:widget': 'textarea'
+        }
+    };
+}
\ No newline at end of file
diff --git a/ui/src/app/metadata/component/DeleteConfirmation.js b/ui/src/app/core/components/DeleteConfirmation.js
similarity index 93%
rename from ui/src/app/metadata/component/DeleteConfirmation.js
rename to ui/src/app/core/components/DeleteConfirmation.js
index a0f2f8c09..ac699063e 100644
--- a/ui/src/app/metadata/component/DeleteConfirmation.js
+++ b/ui/src/app/core/components/DeleteConfirmation.js
@@ -37,7 +37,7 @@ export function DeleteConfirmation({ children, body, title }) {
                 <Modal.Body className="d-flex align-content-center">
                     <FontAwesomeIcon className="text-danger mr-4" size="4x" icon={faExclamationTriangle} />
                     <p className="text-danger font-weight-bold mb-0">
-                        <Translate value={ body }>You are deleting an entity. This cannot be undone. Continue?</Translate>
+                        <Translate value={body}>You are deleting an entity. This cannot be undone. Continue?</Translate>
                     </p>
                 </Modal.Body>
                 <Modal.Footer>
diff --git a/ui/src/app/metadata/component/DeleteConfirmation.test.js b/ui/src/app/core/components/DeleteConfirmation.test.js
similarity index 97%
rename from ui/src/app/metadata/component/DeleteConfirmation.test.js
rename to ui/src/app/core/components/DeleteConfirmation.test.js
index 8aa4a57ee..76abf8dd6 100644
--- a/ui/src/app/metadata/component/DeleteConfirmation.test.js
+++ b/ui/src/app/core/components/DeleteConfirmation.test.js
@@ -28,7 +28,7 @@ test('Delete confirmation', () => {
             <DeleteConfirmation title={`message.delete-filter-title`} body={`message.delete-filter-body`}>
                 {(block) => <button onClick={() => block(() => noop())}></button>}
             </DeleteConfirmation>,
-        container);
+            container);
     });
 
     const initiator = container.querySelector('button');
diff --git a/ui/src/app/core/components/Header.js b/ui/src/app/core/components/Header.js
index 54d0c402c..b464dffe6 100644
--- a/ui/src/app/core/components/Header.js
+++ b/ui/src/app/core/components/Header.js
@@ -6,7 +6,7 @@ import Navbar from 'react-bootstrap/Navbar';
 import Dropdown from 'react-bootstrap/Dropdown';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faTh, faSignOutAlt, faPlusCircle, faCube, faCubes } from '@fortawesome/free-solid-svg-icons';
+import { faTh, faSignOutAlt, faPlusCircle, faCube, faCubes, faUserTag } from '@fortawesome/free-solid-svg-icons';
 
 import Translate from '../../i18n/components/translate';
 import { useTranslator } from '../../i18n/hooks';
@@ -41,6 +41,10 @@ export function Header () {
                                 <FontAwesomeIcon icon={faCube} className="mr-2" />
                                 <Translate value="action.custom-entity-attributes" />
                             </Dropdown.Item>
+                            <Dropdown.Item as={Link} to="/roles" className="text-primary py-2">
+                                <FontAwesomeIcon icon={faUserTag} className="mr-2" />
+                                <Translate value="action.roles" />
+                            </Dropdown.Item>
                         </Dropdown.Menu>
                     </Dropdown>
                     }
diff --git a/ui/src/app/core/components/UserConfirmation.test.js b/ui/src/app/core/components/UserConfirmation.test.js
index 9c2835d9b..58f73c3b8 100644
--- a/ui/src/app/core/components/UserConfirmation.test.js
+++ b/ui/src/app/core/components/UserConfirmation.test.js
@@ -1,5 +1,5 @@
 import React from 'react';
-import { act, render, fireEvent, waitFor, screen } from '@testing-library/react';
+import { render, fireEvent, screen } from '@testing-library/react';
 import { UserConfirmation, ConfirmWindow } from './UserConfirmation';
 
 jest.mock('../../i18n/hooks', () => ({
diff --git a/ui/src/app/form/FormManager.js b/ui/src/app/form/FormManager.js
new file mode 100644
index 000000000..41b39d520
--- /dev/null
+++ b/ui/src/app/form/FormManager.js
@@ -0,0 +1,105 @@
+import React from 'react';
+
+const initialState = {
+    data: {},
+    errors: []
+};
+
+const FormContext = React.createContext();
+
+const { Provider, Consumer } = FormContext;
+
+export const FormActions = {
+    SET_FORM_ERROR: 'set form error',
+    SET_FORM_DATA: 'set form data'
+};
+
+export const setFormDataAction = (payload) => {
+    return {
+        type: FormActions.SET_FORM_DATA,
+        payload
+    }
+}
+
+export const setFormErrorAction = (errors) => {
+    return {
+        type: FormActions.SET_FORM_ERROR,
+        payload: errors
+    }
+}
+
+function reducer(state, action) {
+    switch (action.type) {
+
+        case FormActions.SET_FORM_ERROR:
+            return {
+                ...state,
+                errors: action.payload
+            };
+        case FormActions.SET_FORM_DATA:
+            return {
+                ...state,
+                data: action.payload
+            };
+        default:
+            return state;
+    }
+}
+
+/*eslint-disable react-hooks/exhaustive-deps*/
+function FormManager({ children, initial = {} }) {
+
+    const data = {
+        ...initial
+    };
+
+    const [state, dispatch] = React.useReducer(reducer, {
+        ...initialState,
+        data
+    });
+    const contextValue = React.useMemo(() => ({ state, dispatch }), [state, dispatch]);
+
+    return (
+        <React.Fragment>
+            <Provider value={contextValue}>{children(state.data, state.errors)}</Provider>
+        </React.Fragment>
+    );
+}
+
+function useFormErrors() {
+    const { state } = React.useContext(FormContext);
+    const { errors } = state;
+
+    return errors;
+}
+
+function useFormContext() {
+    return React.useContext(FormContext);
+}
+
+function useFormDispatcher() {
+    const { dispatch } = useFormContext();
+    return dispatch;
+}
+
+function useFormState() {
+    const { state } = useFormContext();
+    return state;
+}
+
+function useFormData() {
+    const { data } = useFormContext();
+    return data;
+}
+
+export {
+    useFormErrors,
+    useFormContext,
+    useFormDispatcher,
+    useFormState,
+    useFormData,
+    FormManager,
+    FormContext,
+    Provider as FormProvider,
+    Consumer as FormConsumer
+};
\ No newline at end of file
diff --git a/ui/src/app/form/Schema.js b/ui/src/app/form/Schema.js
new file mode 100644
index 000000000..92aefe325
--- /dev/null
+++ b/ui/src/app/form/Schema.js
@@ -0,0 +1,24 @@
+import React from 'react';
+import useFetch from 'use-http';
+
+export function Schema({ path, children }) {
+
+    const [schema, setSchema] = React.useState({});
+
+
+    const { get, response } = useFetch(path, {
+        cachePolicy: 'no-cache'
+    });
+
+    async function loadSchema() {
+        const list = await get(``);
+        if (response.ok) {
+            setSchema(list);
+        }
+    }
+
+    /*eslint-disable react-hooks/exhaustive-deps*/
+    React.useEffect(() => { loadSchema() }, []);
+
+    return (<>{children(schema)}</>);
+}
\ No newline at end of file
diff --git a/ui/src/app/metadata/domain/filter/component/MetadataFilters.js b/ui/src/app/metadata/domain/filter/component/MetadataFilters.js
index d38c97013..26c63f131 100644
--- a/ui/src/app/metadata/domain/filter/component/MetadataFilters.js
+++ b/ui/src/app/metadata/domain/filter/component/MetadataFilters.js
@@ -1,6 +1,6 @@
 import React from 'react';
 import { useMetadataFilters } from '../../../hooks/api';
-import { DeleteConfirmation } from '../../../component/DeleteConfirmation';
+import { DeleteConfirmation } from '../../../../core/components/DeleteConfirmation';
 import { NotificationContext, createNotificationAction } from '../../../../notifications/hoc/Notifications';
 
 export const MetadataFiltersContext = React.createContext();
diff --git a/ui/src/app/metadata/view/MetadataAttributeList.js b/ui/src/app/metadata/view/MetadataAttributeList.js
index f585f805f..69e6754f6 100644
--- a/ui/src/app/metadata/view/MetadataAttributeList.js
+++ b/ui/src/app/metadata/view/MetadataAttributeList.js
@@ -8,7 +8,7 @@ import { Link } from 'react-router-dom';
 import { Translate } from '../../i18n/components/translate';
 import { useTranslator } from '../../i18n/hooks';
 
-import { DeleteConfirmation } from '../component/DeleteConfirmation';
+import { DeleteConfirmation } from '../../core/components/DeleteConfirmation';
 
 export function MetadataAttributeList ({entities, onDelete}) {
 

From 7f4eca829925cb2cd8b268f7e6e59dbdffd7e9bf Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Thu, 29 Jul 2021 11:56:35 -0700
Subject: [PATCH 06/24] SHIBUI-2001

mid-work save
---
 .../ui/controller/ActivateController.java     | 37 +++++++--
 .../controller/ActivateExceptionHandler.java  | 32 ++++++++
 .../ui/exception/ForbiddenException.java      | 11 +++
 .../ui/security/service/UserService.java      | 22 +++--
 .../ui/service/EntityDescriptorService.java   |  5 ++
 .../admin/ui/service/FilterService.java       |  7 ++
 .../JPAEntityDescriptorServiceImpl.java       | 22 ++++-
 .../ui/service/JPAFilterServiceImpl.java      | 80 +++++++++++++++++--
 8 files changed, 195 insertions(+), 21 deletions(-)
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/ForbiddenException.java

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java
index 10b0a742b..1a3ecf0a4 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java
@@ -1,23 +1,46 @@
 package edu.internet2.tier.shibboleth.admin.ui.controller;
 
+import javax.script.ScriptException;
+
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.annotation.PatchMapping;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository;
-import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
+import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter;
+import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation;
+import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException;
+import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException;
+import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService;
+import edu.internet2.tier.shibboleth.admin.ui.service.FilterService;
 
 @RestController
 @RequestMapping("/api/activate")
 public class ActivateController {
+
     @Autowired
-    private UserService userService;
+    private EntityDescriptorService entityDescriptorService;
     
     @Autowired
-    private EntityDescriptorRepository entityDescriptorRepo;
-    
-    
+    private FilterService filterService;
     
+    @PatchMapping(path = "/entityDescriptor/{resourceId}/{mode}")
+    @Transactional
+    public ResponseEntity<?> enableEntityDescriptor(@PathVariable String resourceId, @PathVariable String mode) throws EntityNotFoundException, ForbiddenException {
+        boolean status = "enable".equalsIgnoreCase(mode);
+        EntityDescriptorRepresentation edr = entityDescriptorService.updateEntityDescriptorEnabledStatus(resourceId, status);
+        return ResponseEntity.ok(edr);
+    }
     
-// Enable/disable for : entity descriptor, provider, filter
+    @PatchMapping(path = "/MetadataResolvers/{metadataResolverId}/Filter/{resourceId}/{mode}")
+    @Transactional
+    public ResponseEntity<?> enableFilter(@PathVariable String metadataResolverId, @PathVariable String resourceId, @PathVariable String mode) throws EntityNotFoundException, ForbiddenException, ScriptException {
+        boolean status = "enable".equalsIgnoreCase(mode);
+        MetadataFilter persistedFilter = filterService.updateFilterEnabledStatus(metadataResolverId, resourceId, status);
+        return ResponseEntity.ok(persistedFilter);
+    }    
+// Enable/disable for : , provider
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java
new file mode 100644
index 000000000..85264b582
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java
@@ -0,0 +1,32 @@
+package edu.internet2.tier.shibboleth.admin.ui.controller;
+
+import javax.script.ScriptException;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.context.request.WebRequest;
+import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
+
+import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException;
+import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException;
+
+@ControllerAdvice(assignableTypes = {ActivateController.class})
+public class ActivateExceptionHandler extends ResponseEntityExceptionHandler {
+    
+    @ExceptionHandler({ EntityNotFoundException.class })
+    public ResponseEntity<?> handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) {
+        return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage()));
+    }
+    
+    @ExceptionHandler({ ForbiddenException.class })
+    public ResponseEntity<?> handleForbiddenAccess(ForbiddenException e, WebRequest request) {
+        return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new ErrorResponse(String.valueOf(HttpStatus.FORBIDDEN.value()), e.getMessage()));
+    }
+    
+    @ExceptionHandler({ ScriptException.class })
+    public ResponseEntity<?> handleScriptException(ScriptException e, WebRequest request) {
+        return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(new ErrorResponse(String.valueOf(HttpStatus.INTERNAL_SERVER_ERROR.value()), e.getMessage()));
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/ForbiddenException.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/ForbiddenException.java
new file mode 100644
index 000000000..66f2e61c5
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/ForbiddenException.java
@@ -0,0 +1,11 @@
+package edu.internet2.tier.shibboleth.admin.ui.exception;
+
+public class ForbiddenException extends Exception {
+    public ForbiddenException() {
+        super("You are not authorized to perform the requested operation.");
+    }
+    
+    public ForbiddenException(String message) {
+        super(message);
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
index a2d11a1ab..898e99e00 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
@@ -1,15 +1,17 @@
 package edu.internet2.tier.shibboleth.admin.ui.security.service;
 
+import java.util.HashSet;
+import java.util.List;
+import java.util.Optional;
+import java.util.Set;
+
+import org.apache.commons.lang.StringUtils;
+import org.springframework.security.core.context.SecurityContextHolder;
+
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Role;
 import edu.internet2.tier.shibboleth.admin.ui.security.model.User;
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
-import org.apache.commons.lang.StringUtils;
-import org.springframework.security.core.context.SecurityContextHolder;
-
-import java.util.HashSet;
-import java.util.Optional;
-import java.util.Set;
 
 /**
  * @author Bill Smith (wsmith@unicon.net)
@@ -70,4 +72,12 @@ public Set<String> getUserRoles(String username) {
         }
         return result;
     }
+    
+    /**
+     * Current logic is pretty dumb, this will need to change/expand once a user can have more than one role.
+     */
+    public boolean currentUserHasExpectedRole(List<String> acceptedRoles) {
+        User user = getCurrentUser();
+        return acceptedRoles.contains(user.getRole());
+    }
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorService.java
index ea57c4d06..5d635d493 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorService.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorService.java
@@ -2,6 +2,9 @@
 
 import edu.internet2.tier.shibboleth.admin.ui.domain.Attribute;
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation;
+import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException;
+import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException;
+
 import org.opensaml.saml.saml2.metadata.EntityDescriptor;
 
 import java.util.List;
@@ -54,4 +57,6 @@ public interface EntityDescriptorService {
      */
     Map<String, Object> getRelyingPartyOverridesRepresentationFromAttributeList(List<Attribute> attributeList);
 
+    EntityDescriptorRepresentation updateEntityDescriptorEnabledStatus(String resourceId, boolean status) throws EntityNotFoundException, ForbiddenException;
+
 }
\ No newline at end of file
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/FilterService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/FilterService.java
index 2ef9ab08e..6d752928b 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/FilterService.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/FilterService.java
@@ -1,7 +1,12 @@
 package edu.internet2.tier.shibboleth.admin.ui.service;
 
+import javax.script.ScriptException;
+
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter;
+import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter;
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.FilterRepresentation;
+import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException;
+import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException;
 
 /**
  * Main backend facade API that defines operations pertaining to manipulating <code>{@link EntityAttributesFilter}</code> objects.
@@ -25,4 +30,6 @@ public interface FilterService {
      * @return FilterRepresentation front end representation
      */
     FilterRepresentation createRepresentationFromFilter(final EntityAttributesFilter entityAttributesFilter);
+
+    MetadataFilter updateFilterEnabledStatus(String metadataResolverId, String resourceId, boolean status) throws EntityNotFoundException, ForbiddenException, ScriptException;
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
index 05477d616..ab93343c8 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
@@ -42,7 +42,10 @@
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.OrganizationRepresentation;
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.SecurityInfoRepresentation;
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.ServiceProviderSsoDescriptorRepresentation;
+import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException;
+import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException;
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
+import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
 import edu.internet2.tier.shibboleth.admin.util.MDDCConstants;
 import edu.internet2.tier.shibboleth.admin.util.ModelRepresentationConversions;
@@ -76,8 +79,8 @@
  * @since 1.0
  */
 public class JPAEntityDescriptorServiceImpl implements EntityDescriptorService {
-
-    private static final Logger LOGGER = LoggerFactory.getLogger(JPAEntityDescriptorServiceImpl.class);
+    @Autowired
+    private EntityDescriptorRepository entityDescriptorRepository;
 
     @Autowired
     private OpenSamlObjects openSamlObjects;
@@ -709,4 +712,19 @@ public List<String> getAttributeReleaseListFromAttributeList(List<Attribute> att
     public Map<String, Object> getRelyingPartyOverridesRepresentationFromAttributeList(List<Attribute> attributeList) {
         return ModelRepresentationConversions.getRelyingPartyOverridesRepresentationFromAttributeList(attributeList);
     }
+
+    @Override
+    public EntityDescriptorRepresentation updateEntityDescriptorEnabledStatus(String resourceId, boolean status) throws EntityNotFoundException, ForbiddenException {
+        EntityDescriptor ed = entityDescriptorRepository.findByResourceId(resourceId);
+        if (ed == null) {
+            throw new EntityNotFoundException("Entity with resourceid[" + resourceId + "] was not found for update");
+        }
+        // @TODO: when merged with groups, this should maybe be merged with group check as they have to have the role in the right group
+        if (!userService.currentUserHasExpectedRole(Arrays.asList(new String[] { "ROLE_ADMIN", "ROLE_ENABLE" }))) {
+            throw new ForbiddenException("You do not have the permissions necessary to change the enable status of this entity descriptor.");
+        }
+        ed.setServiceEnabled(status);
+        ed = entityDescriptorRepository.save(ed);
+        return createRepresentationFromDescriptor(ed);
+    }
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java
index 0693b538a..6810fa243 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java
@@ -1,13 +1,24 @@
 package edu.internet2.tier.shibboleth.admin.ui.service;
 
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter;
+import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter;
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.FilterRepresentation;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver;
+import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException;
+import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException;
+import edu.internet2.tier.shibboleth.admin.ui.repository.FilterRepository;
+import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository;
+import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
+
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.transaction.interceptor.TransactionAspectSupport;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
+import java.util.Optional;
+
+import javax.script.ScriptException;
 
 /**
  * Default implementation of {@link FilterService}
@@ -16,18 +27,27 @@
  * @author Bill Smith (wsmith@unicon.net)
  */
 public class JPAFilterServiceImpl implements FilterService {
-
-    private static final Logger LOGGER = LoggerFactory.getLogger(JPAFilterServiceImpl.class);
-
     @Autowired
     EntityDescriptorService entityDescriptorService;
-
+    
     @Autowired
     EntityService entityService;
 
+    @Autowired
+    FilterRepository filterRepository;
+
     @Autowired
     FilterTargetService filterTargetService;
+    
+    @Autowired
+    private MetadataResolverRepository metadataResolverRepository;
+    
+    @Autowired
+    private MetadataResolverService metadataResolverService;
 
+    @Autowired
+    private UserService userService;
+    
     @Override
     public EntityAttributesFilter createFilterFromRepresentation(FilterRepresentation representation) {
         //TODO? use OpenSamlObjects.buildDefaultInstanceOfType(EntityAttributesFilter.class)?
@@ -66,4 +86,52 @@ public FilterRepresentation createRepresentationFromFilter(EntityAttributesFilte
         representation.setVersion(entityAttributesFilter.hashCode());
         return representation;
     }
+
+    private void reloadFiltersAndHandleScriptException(String resolverResourceId) throws ScriptException {
+        try {
+            metadataResolverService.reloadFilters(resolverResourceId);
+        } catch (Throwable ex) {
+            //explicitly mark transaction for rollback when we get ScriptException as we call reloadFilters
+            //after persistence call. Then re-throw the exception with pertinent message
+            if (ex instanceof ScriptException) {
+                TransactionAspectSupport.currentTransactionStatus().setRollbackOnly();
+                throw new ScriptException("Caught invalid script parsing error when reloading filters. Please fix the script data");
+            }
+        }
+    }
+    
+    /**
+     * Logic taken directly from the MetadataFiltersController and then modified slightly.
+     */
+    @Override
+    public MetadataFilter updateFilterEnabledStatus(String metadataResolverId, String resourceId, boolean status)
+                    throws EntityNotFoundException, ForbiddenException, ScriptException {
+        
+        MetadataResolver metadataResolver = metadataResolverRepository.findByResourceId(metadataResolverId);
+        // Now we operate directly on the filter attached to MetadataResolver,
+        // Instead of fetching filter separately, to accommodate correct envers versioning with uni-directional one-to-many
+        Optional<MetadataFilter> filterTobeUpdatedOptional = metadataResolver.getMetadataFilters().stream()
+                        .filter(it -> it.getResourceId().equals(resourceId)).findFirst();
+        if (filterTobeUpdatedOptional.isEmpty()) {
+            throw new EntityNotFoundException("Filter with resource id[" + resourceId + "] not found");
+        }
+        
+        // @TODO: when merged with groups, this should maybe be merged with group check as they have to have the role in the right group
+        if (!userService.currentUserHasExpectedRole(Arrays.asList(new String[] { "ROLE_ADMIN", "ROLE_ENABLE" }))) {
+            throw new ForbiddenException("You do not have the permissions necessary to change the enable status of this filter.");
+        }
+        
+        MetadataFilter filterTobeUpdated = filterTobeUpdatedOptional.get();
+        filterTobeUpdated.setFilterEnabled(status);
+        MetadataFilter persistedFilter = filterRepository.save(filterTobeUpdated);
+
+        // To support envers versioning from MetadataResolver side
+        metadataResolver.markAsModified();
+        metadataResolverRepository.save(metadataResolver);
+
+        // TODO: do we need to reload filters here?
+        reloadFiltersAndHandleScriptException(metadataResolver.getResourceId());
+
+        return persistedFilter;
+    }
 }

From 43ea0b8a5cb7d3d8c609d9a4d59a724e2dcb6d1c Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Thu, 29 Jul 2021 12:42:44 -0700
Subject: [PATCH 07/24] Added tests

---
 ui/src/app/admin/hoc/RoleProvider.js       |  2 +-
 ui/src/app/admin/hoc/RoleProvider.test.js  | 35 ++++++++++++++
 ui/src/app/admin/hoc/RolesProvider.test.js | 43 +++++++++++++++++
 ui/src/app/admin/hooks.js                  |  6 +--
 ui/src/app/admin/hooks.test.js             | 55 ++++++++++++++++++++++
 ui/src/app/metadata/hooks/schema.js        | 17 +------
 ui/src/testing/sourceSchema.js             |  2 +-
 ui/src/testing/uiSchema.js                 |  2 -
 8 files changed, 137 insertions(+), 25 deletions(-)
 create mode 100644 ui/src/app/admin/hoc/RoleProvider.test.js
 create mode 100644 ui/src/app/admin/hoc/RolesProvider.test.js
 create mode 100644 ui/src/app/admin/hooks.test.js

diff --git a/ui/src/app/admin/hoc/RoleProvider.js b/ui/src/app/admin/hoc/RoleProvider.js
index ce4000cf8..091ac1bd6 100644
--- a/ui/src/app/admin/hoc/RoleProvider.js
+++ b/ui/src/app/admin/hoc/RoleProvider.js
@@ -3,7 +3,7 @@ import { useRole } from '../hooks';
 
 export function RoleProvider({ id, children }) {
 
-    const [role, setRole] = React.useState();
+    const [role, setRole] = React.useState({id: 'foo'});
     const { get, response } = useRole(id);
 
     async function loadRole() {
diff --git a/ui/src/app/admin/hoc/RoleProvider.test.js b/ui/src/app/admin/hoc/RoleProvider.test.js
new file mode 100644
index 000000000..9c063a41a
--- /dev/null
+++ b/ui/src/app/admin/hoc/RoleProvider.test.js
@@ -0,0 +1,35 @@
+import { render, screen } from "@testing-library/react";
+import { act } from 'react-dom/test-utils';
+import React from 'react';
+import {RoleProvider} from './RoleProvider';
+
+import {useRole} from '../hooks';
+
+jest.mock('../hooks');
+
+describe('RoleProvider component', () => {
+
+    beforeEach(() => {
+        useRole.mockImplementation(() => {
+            return {
+                get: jest.fn().mockResolvedValue({ id: 'foo' }),
+                response: {
+                    ok: false,
+                    status: 200
+                }
+            };
+        });
+    })
+
+    test('should provide the role context', async () => {
+        act(() => {
+            render(<RoleProvider id={'foo'}>
+            {(role) => <div>{role?.id}</div>}
+            </RoleProvider>);
+        });
+
+        expect(useRole).toHaveBeenCalled();
+        expect(screen.getByText('foo')).toBeInTheDocument();
+    });
+
+})
\ No newline at end of file
diff --git a/ui/src/app/admin/hoc/RolesProvider.test.js b/ui/src/app/admin/hoc/RolesProvider.test.js
new file mode 100644
index 000000000..11c01481e
--- /dev/null
+++ b/ui/src/app/admin/hoc/RolesProvider.test.js
@@ -0,0 +1,43 @@
+import { render, screen } from "@testing-library/react";
+import { act } from 'react-dom/test-utils';
+import React from 'react';
+import { RolesProvider } from './RolesProvider';
+
+import { useRoles } from '../hooks';
+import { useNotificationDispatcher } from "../../notifications/hoc/Notifications";
+
+jest.mock('../hooks');
+
+jest.mock('../../notifications/hoc/Notifications');
+
+describe('RolesProvider component', () => {
+
+    beforeEach(() => {
+
+        useNotificationDispatcher.mockImplementation(() => {
+            return {};
+        });
+
+        useRoles.mockImplementation(() => {
+            return {
+                get: jest.fn().mockResolvedValue([]),
+                response: {
+                    ok: false,
+                    status: 200
+                }
+            };
+        });
+    })
+
+    test('should provide the roles context', async () => {
+        act(() => {
+            render(<RolesProvider>
+                {(roles) => <div>{roles.length}</div>}
+            </RolesProvider>);
+        });
+
+        expect(useRoles).toHaveBeenCalled();
+        expect(screen.getByText('0')).toBeInTheDocument();
+    });
+
+})
\ No newline at end of file
diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js
index 919be8e4e..30e840dc8 100644
--- a/ui/src/app/admin/hooks.js
+++ b/ui/src/app/admin/hooks.js
@@ -12,9 +12,5 @@ export function useRole(id) {
 }
 
 export function useRoleUiSchema() {
-    return {
-        description: {
-            'ui:widget': 'textarea'
-        }
-    };
+    return {};
 }
\ No newline at end of file
diff --git a/ui/src/app/admin/hooks.test.js b/ui/src/app/admin/hooks.test.js
new file mode 100644
index 000000000..d739c9aa1
--- /dev/null
+++ b/ui/src/app/admin/hooks.test.js
@@ -0,0 +1,55 @@
+import {
+    useRoles,
+    useRole,
+} from './hooks';
+
+import useFetch from 'use-http';
+import API_BASE_PATH from '../App.constant';
+
+jest.mock('use-http');
+
+describe('api hooks', () => {
+
+    let mockPut;
+    let mockGet;
+
+    beforeEach(() => {
+
+        mockPut = jest.fn().mockResolvedValue({ response: { ok: true } });
+        mockGet = jest.fn().mockResolvedValue({ response: { ok: true } });
+
+        useFetch.mockImplementation(() => {
+            return {
+                request: {
+                    ok: true
+                },
+                put: mockPut,
+                get: mockGet,
+                error: null,
+                response: {
+                    status: 409
+                }
+            };
+        });
+    })
+
+    describe('useRoles', () => {
+        it('should call useFetch', () => {
+            const opts = {};
+            const roles = useRoles(opts);
+
+            expect(useFetch).toHaveBeenCalledWith(`${API_BASE_PATH}/admin/roles`, opts)
+        });
+    });
+
+    describe('useRole', () => {
+        it('should call useFetch', () => {
+            const opts = {
+                cachePolicy: 'no-cache'
+            };
+            const role = useRole('foo');
+
+            expect(useFetch).toHaveBeenCalledWith(`${API_BASE_PATH}/admin/roles/foo`, opts)
+        });
+    });
+});
\ No newline at end of file
diff --git a/ui/src/app/metadata/hooks/schema.js b/ui/src/app/metadata/hooks/schema.js
index ecde47f05..5083559b1 100644
--- a/ui/src/app/metadata/hooks/schema.js
+++ b/ui/src/app/metadata/hooks/schema.js
@@ -1,5 +1,4 @@
 import React from 'react';
-import { useIsAdmin } from '../../core/user/UserContext';
 
 export const fillInRootProperties = (keys, ui) => keys.reduce((sch, key, idx) => {
     if (!sch.hasOwnProperty(key)) {
@@ -31,21 +30,7 @@ export function useUiSchema(definition, schema, current, locked = true) {
         }
     ), [mapped, step.locked, locked]);
 
-    const isAdmin = useIsAdmin();
-
-    const hideEnableFromNonAdmins = React.useMemo(() => {
-        if (!isAdmin) {
-            return {
-                ...isLocked,
-                serviceEnabled: {
-                    'ui:widget': 'hidden'
-                }
-            };
-        }
-        return isLocked;
-    }, [isAdmin, isLocked]);
-
-    return { uiSchema: hideEnableFromNonAdmins, step};
+    return { uiSchema: isLocked, step};
 }
 
 
diff --git a/ui/src/testing/sourceSchema.js b/ui/src/testing/sourceSchema.js
index 93262c5f4..c723fd548 100644
--- a/ui/src/testing/sourceSchema.js
+++ b/ui/src/testing/sourceSchema.js
@@ -1,3 +1,3 @@
-const SCHEMA = { "type": "object", "required": ["serviceProviderName", "entityId"], "properties": { "serviceProviderName": { "title": "label.service-provider-name", "description": "tooltip.service-provider-name", "type": "string", "minLength": 1, "maxLength": 255 }, "entityId": { "title": "label.entity-id", "description": "tooltip.entity-id", "type": "string", "minLength": 1, "maxLength": 255 }, "serviceEnabled": { "title": "label.enable-this-service", "description": "tooltip.enable-this-service-upon-saving", "type": "boolean", "default": false }, "organization": { "$ref": "#/definitions/Organization" }, "contacts": { "title": "label.contact-information", "description": "tooltip.contact-information", "type": "array", "items": { "$ref": "#/definitions/Contact" } }, "mdui": { "$ref": "#/definitions/MDUI" }, "securityInfo": { "type": "object", "widget": { "id": "fieldset" }, "dependencies": { "authenticationRequestsSigned": { "oneOf": [{ "properties": { "authenticationRequestsSigned": { "enum": [true] }, "x509Certificates": { "minItems": 1 } } }, { "properties": { "authenticationRequestsSigned": { "enum": [false] }, "x509Certificates": { "minItems": 0 } } }] } }, "properties": { "x509CertificateAvailable": { "type": "boolean", "default": true }, "authenticationRequestsSigned": { "title": "label.authentication-requests-signed", "description": "tooltip.authentication-requests-signed", "type": "boolean", "enumNames": ["value.true", "value.false"] }, "wantAssertionsSigned": { "title": "label.want-assertions-signed", "description": "tooltip.want-assertions-signed", "type": "boolean", "enumNames": ["value.true", "value.false"] }, "x509Certificates": { "title": "label.x509-certificates", "type": "array", "items": { "$ref": "#/definitions/Certificate" } } } }, "assertionConsumerServices": { "title": "label.assertion-consumer-service-endpoints", "description": "", "type": "array", "items": { "$ref": "#/definitions/AssertionConsumerService" } }, "serviceProviderSsoDescriptor": { "type": "object", "properties": { "protocolSupportEnum": { "title": "label.protocol-support-enumeration", "description": "tooltip.protocol-support-enumeration", "type": "string", "widget": { "id": "select" }, "oneOf": [{ "enum": ["SAML 2"], "description": "SAML 2" }, { "enum": ["SAML 1.1"], "description": "SAML 1.1" }] }, "nameIdFormats": { "$ref": "#/definitions/nameIdFormats" } }, "dependencies": { "nameIdFormats": ["protocolSupportEnum"] } }, "logoutEndpoints": { "title": "label.logout-endpoints", "description": "tooltip.logout-endpoints", "type": "array", "items": { "$ref": "#/definitions/LogoutEndpoint" } }, "relyingPartyOverrides": { "type": "object", "properties": { "signAssertion": { "title": "label.sign-the-assertion", "description": "tooltip.sign-assertion", "type": "boolean", "default": false }, "dontSignResponse": { "title": "label.dont-sign-the-response", "description": "tooltip.dont-sign-response", "type": "boolean", "default": false }, "turnOffEncryption": { "title": "label.turn-off-encryption-of-response", "description": "tooltip.turn-off-encryption", "type": "boolean", "default": false }, "useSha": { "title": "label.use-sha1-signing-algorithm", "description": "tooltip.usa-sha-algorithm", "type": "boolean", "default": false }, "ignoreAuthenticationMethod": { "title": "label.ignore-any-sp-requested-authentication-method", "description": "tooltip.ignore-auth-method", "type": "boolean", "default": false }, "omitNotBefore": { "title": "label.omit-not-before-condition", "description": "tooltip.omit-not-before-condition", "type": "boolean", "default": false }, "responderId": { "title": "label.responder-id", "description": "tooltip.responder-id", "type": "string", "default": "" }, "nameIdFormats": { "$ref": "#/definitions/nameIdFormats" }, "authenticationMethods": { "$ref": "#/definitions/authenticationMethods" }, "forceAuthn": { "title": "label.force-authn", "description": "tooltip.force-authn", "type": "boolean", "default": false } } }, "attributeRelease": { "type": "array", "title": "label.attribute-release", "description": "Attribute release table - select the attributes you want to release (default unchecked)", "items": { "type": "string", "enum": ["eduPersonPrincipalName", "uid", "mail", "surname", "givenName", "eduPersonAffiliation", "eduPersonScopedAffiliation", "eduPersonPrimaryAffiliation", "eduPersonEntitlement", "eduPersonAssurance", "eduPersonUniqueId", "employeeNumber"] }, "uniqueItems": true } }, "definitions": { "Contact": { "type": "object", "required": ["name", "type", "emailAddress"], "properties": { "name": { "title": "label.contact-name", "description": "tooltip.contact-name", "type": "string", "minLength": 1, "maxLength": 255 }, "type": { "title": "label.contact-type", "description": "tooltip.contact-type", "type": "string", "widget": "select", "minLength": 1, "oneOf": [{ "enum": ["support"], "description": "value.support" }, { "enum": ["technical"], "description": "value.technical" }, { "enum": ["administrative"], "description": "value.administrative" }, { "enum": ["other"], "description": "value.other" }] }, "emailAddress": { "title": "label.contact-email-address", "description": "tooltip.contact-email", "type": "string", "pattern": "^(mailto:)?(?=.{1,254}$)(?=.{1,64}@)[-!#$%&'*+/0-9=?A-Z^_`a-z{|}~]+(\\.[-!#$%&'*+/0-9=?A-Z^_`a-z{|}~]+)*@[A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?(\\.[A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?)*$", "minLength": 1, "maxLength": 255 } } }, "Certificate": { "type": "object", "required": ["type", "value"], "properties": { "name": { "title": "label.certificate-name-display-only", "description": "tooltip.certificate-name", "type": "string", "maxLength": 255 }, "type": { "title": "label.certificate-type", "type": "string", "widget": { "id": "radio", "class": "form-check-inline" }, "oneOf": [{ "enum": ["signing"], "description": "value.signing" }, { "enum": ["encryption"], "description": "value.encryption" }, { "enum": ["both"], "description": "value.both" }] }, "value": { "title": "label.certificate", "description": "tooltip.certificate", "type": "string", "widget": "textarea", "minLength": 1 } } }, "AssertionConsumerService": { "type": "object", "required": ["locationUrl", "binding"], "properties": { "locationUrl": { "title": "label.assertion-consumer-service-location", "description": "tooltip.assertion-consumer-service-location", "type": "string", "widget": { "id": "string", "help": "message.valid-url" }, "minLength": 1, "maxLength": 255 }, "binding": { "title": "label.assertion-consumer-service-location-binding", "description": "tooltip.assertion-consumer-service-location-binding", "type": "string", "widget": "select", "oneOf": [{ "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }, { "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" }, { "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" }, { "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:PAOS"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS" }, { "enum": ["urn:oasis:names:tc:SAML:1.0:profiles:browser-post"], "description": "urn:oasis:names:tc:SAML:1.0:profiles:browser-post" }, { "enum": ["urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"], "description": "urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" }] }, "makeDefault": { "title": "label.mark-as-default", "description": "tooltip.mark-as-default", "type": "boolean" } } }, "LogoutEndpoint": { "description": "tooltip.new-endpoint", "type": "object", "fieldsets": [{ "fields": ["url", "bindingType"] }], "required": ["url", "bindingType"], "properties": { "url": { "title": "label.url", "description": "tooltip.url", "type": "string", "minLength": 1, "maxLength": 255 }, "bindingType": { "title": "label.binding-type", "description": "tooltip.binding-type", "type": "string", "widget": "select", "oneOf": [{ "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }, { "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, { "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:SOAP"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP" }, { "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" }] } } }, "MDUI": { "type": "object", "widget": { "id": "fieldset" }, "fieldsets": [{ "type": "group", "fields": ["displayName", "informationUrl", "description"] }, { "type": "group", "fields": ["privacyStatementUrl", "logoUrl", "logoWidth", "logoHeight"] }], "properties": { "displayName": { "title": "label.display-name", "description": "tooltip.mdui-display-name", "type": "string", "minLength": 1, "maxLength": 255 }, "informationUrl": { "title": "label.information-url", "description": "tooltip.mdui-information-url", "type": "string", "minLength": 1, "maxLength": 255 }, "privacyStatementUrl": { "title": "label.privacy-statement-url", "description": "tooltip.mdui-privacy-statement-url", "type": "string", "minLength": 1, "maxLength": 255 }, "description": { "title": "label.description", "description": "tooltip.mdui-description", "type": "string", "widget": { "id": "textarea" }, "minLength": 1, "maxLength": 255 }, "logoUrl": { "title": "label.logo-url", "description": "tooltip.mdui-logo-url", "type": "string", "minLength": 1, "maxLength": 255 }, "logoHeight": { "title": "label.logo-height", "description": "tooltip.mdui-logo-height", "minimum": 0, "type": "integer" }, "logoWidth": { "title": "label.logo-width", "description": "tooltip.mdui-logo-width", "minimum": 0, "type": "integer" } } }, "Organization": { "type": "object", "properties": { "name": { "title": "label.organization-name", "description": "tooltip.organization-name", "type": "string", "minLength": 1, "maxLength": 255 }, "displayName": { "title": "label.organization-display-name", "description": "tooltip.organization-display-name", "type": "string", "minLength": 1, "maxLength": 255 }, "url": { "title": "label.organization-url", "description": "tooltip.organization-url", "type": "string", "minLength": 1, "maxLength": 255 } }, "dependencies": { "name": { "required": ["displayName", "url"] }, "displayName": { "required": ["name", "url"] }, "url": { "required": ["name", "displayName"] } } }, "nameIdFormats": { "title": "label.nameid-format-to-send", "description": "tooltip.nameid-format", "type": "array", "uniqueItems": true, "items": { "type": "string", "minLength": 1, "maxLength": 255, "examples": ["urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"] } }, "authenticationMethods": { "title": "label.authentication-methods-to-use", "description": "tooltip.authentication-methods-to-use", "type": "array", "uniqueItems": true, "items": { "type": "string", "minLength": 1, "maxLength": 255, "examples": ["https://refeds.org/profile/mfa", "urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken", "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"] } } } };
+const SCHEMA = { "type": "object", "required": ["serviceProviderName", "entityId"], "properties": { "serviceProviderName": { "title": "label.service-provider-name", "description": "tooltip.service-provider-name", "type": "string", "minLength": 1, "maxLength": 255 }, "entityId": { "title": "label.entity-id", "description": "tooltip.entity-id", "type": "string", "minLength": 1, "maxLength": 255 }, "organization": { "$ref": "#/definitions/Organization" }, "contacts": { "title": "label.contact-information", "description": "tooltip.contact-information", "type": "array", "items": { "$ref": "#/definitions/Contact" } }, "mdui": { "$ref": "#/definitions/MDUI" }, "securityInfo": { "type": "object", "widget": { "id": "fieldset" }, "dependencies": { "authenticationRequestsSigned": { "oneOf": [{ "properties": { "authenticationRequestsSigned": { "enum": [true] }, "x509Certificates": { "minItems": 1 } } }, { "properties": { "authenticationRequestsSigned": { "enum": [false] }, "x509Certificates": { "minItems": 0 } } }] } }, "properties": { "x509CertificateAvailable": { "type": "boolean", "default": true }, "authenticationRequestsSigned": { "title": "label.authentication-requests-signed", "description": "tooltip.authentication-requests-signed", "type": "boolean", "enumNames": ["value.true", "value.false"] }, "wantAssertionsSigned": { "title": "label.want-assertions-signed", "description": "tooltip.want-assertions-signed", "type": "boolean", "enumNames": ["value.true", "value.false"] }, "x509Certificates": { "title": "label.x509-certificates", "type": "array", "items": { "$ref": "#/definitions/Certificate" } } } }, "assertionConsumerServices": { "title": "label.assertion-consumer-service-endpoints", "description": "", "type": "array", "items": { "$ref": "#/definitions/AssertionConsumerService" } }, "serviceProviderSsoDescriptor": { "type": "object", "properties": { "protocolSupportEnum": { "title": "label.protocol-support-enumeration", "description": "tooltip.protocol-support-enumeration", "type": "string", "widget": { "id": "select" }, "oneOf": [{ "enum": ["SAML 2"], "description": "SAML 2" }, { "enum": ["SAML 1.1"], "description": "SAML 1.1" }] }, "nameIdFormats": { "$ref": "#/definitions/nameIdFormats" } }, "dependencies": { "nameIdFormats": ["protocolSupportEnum"] } }, "logoutEndpoints": { "title": "label.logout-endpoints", "description": "tooltip.logout-endpoints", "type": "array", "items": { "$ref": "#/definitions/LogoutEndpoint" } }, "relyingPartyOverrides": { "type": "object", "properties": { "signAssertion": { "title": "label.sign-the-assertion", "description": "tooltip.sign-assertion", "type": "boolean", "default": false }, "dontSignResponse": { "title": "label.dont-sign-the-response", "description": "tooltip.dont-sign-response", "type": "boolean", "default": false }, "turnOffEncryption": { "title": "label.turn-off-encryption-of-response", "description": "tooltip.turn-off-encryption", "type": "boolean", "default": false }, "useSha": { "title": "label.use-sha1-signing-algorithm", "description": "tooltip.usa-sha-algorithm", "type": "boolean", "default": false }, "ignoreAuthenticationMethod": { "title": "label.ignore-any-sp-requested-authentication-method", "description": "tooltip.ignore-auth-method", "type": "boolean", "default": false }, "omitNotBefore": { "title": "label.omit-not-before-condition", "description": "tooltip.omit-not-before-condition", "type": "boolean", "default": false }, "responderId": { "title": "label.responder-id", "description": "tooltip.responder-id", "type": "string", "default": "" }, "nameIdFormats": { "$ref": "#/definitions/nameIdFormats" }, "authenticationMethods": { "$ref": "#/definitions/authenticationMethods" }, "forceAuthn": { "title": "label.force-authn", "description": "tooltip.force-authn", "type": "boolean", "default": false } } }, "attributeRelease": { "type": "array", "title": "label.attribute-release", "description": "Attribute release table - select the attributes you want to release (default unchecked)", "items": { "type": "string", "enum": ["eduPersonPrincipalName", "uid", "mail", "surname", "givenName", "eduPersonAffiliation", "eduPersonScopedAffiliation", "eduPersonPrimaryAffiliation", "eduPersonEntitlement", "eduPersonAssurance", "eduPersonUniqueId", "employeeNumber"] }, "uniqueItems": true } }, "definitions": { "Contact": { "type": "object", "required": ["name", "type", "emailAddress"], "properties": { "name": { "title": "label.contact-name", "description": "tooltip.contact-name", "type": "string", "minLength": 1, "maxLength": 255 }, "type": { "title": "label.contact-type", "description": "tooltip.contact-type", "type": "string", "widget": "select", "minLength": 1, "oneOf": [{ "enum": ["support"], "description": "value.support" }, { "enum": ["technical"], "description": "value.technical" }, { "enum": ["administrative"], "description": "value.administrative" }, { "enum": ["other"], "description": "value.other" }] }, "emailAddress": { "title": "label.contact-email-address", "description": "tooltip.contact-email", "type": "string", "pattern": "^(mailto:)?(?=.{1,254}$)(?=.{1,64}@)[-!#$%&'*+/0-9=?A-Z^_`a-z{|}~]+(\\.[-!#$%&'*+/0-9=?A-Z^_`a-z{|}~]+)*@[A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?(\\.[A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?)*$", "minLength": 1, "maxLength": 255 } } }, "Certificate": { "type": "object", "required": ["type", "value"], "properties": { "name": { "title": "label.certificate-name-display-only", "description": "tooltip.certificate-name", "type": "string", "maxLength": 255 }, "type": { "title": "label.certificate-type", "type": "string", "widget": { "id": "radio", "class": "form-check-inline" }, "oneOf": [{ "enum": ["signing"], "description": "value.signing" }, { "enum": ["encryption"], "description": "value.encryption" }, { "enum": ["both"], "description": "value.both" }] }, "value": { "title": "label.certificate", "description": "tooltip.certificate", "type": "string", "widget": "textarea", "minLength": 1 } } }, "AssertionConsumerService": { "type": "object", "required": ["locationUrl", "binding"], "properties": { "locationUrl": { "title": "label.assertion-consumer-service-location", "description": "tooltip.assertion-consumer-service-location", "type": "string", "widget": { "id": "string", "help": "message.valid-url" }, "minLength": 1, "maxLength": 255 }, "binding": { "title": "label.assertion-consumer-service-location-binding", "description": "tooltip.assertion-consumer-service-location-binding", "type": "string", "widget": "select", "oneOf": [{ "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }, { "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" }, { "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" }, { "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:PAOS"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS" }, { "enum": ["urn:oasis:names:tc:SAML:1.0:profiles:browser-post"], "description": "urn:oasis:names:tc:SAML:1.0:profiles:browser-post" }, { "enum": ["urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"], "description": "urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" }] }, "makeDefault": { "title": "label.mark-as-default", "description": "tooltip.mark-as-default", "type": "boolean" } } }, "LogoutEndpoint": { "description": "tooltip.new-endpoint", "type": "object", "fieldsets": [{ "fields": ["url", "bindingType"] }], "required": ["url", "bindingType"], "properties": { "url": { "title": "label.url", "description": "tooltip.url", "type": "string", "minLength": 1, "maxLength": 255 }, "bindingType": { "title": "label.binding-type", "description": "tooltip.binding-type", "type": "string", "widget": "select", "oneOf": [{ "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }, { "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, { "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:SOAP"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP" }, { "enum": ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"], "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" }] } } }, "MDUI": { "type": "object", "widget": { "id": "fieldset" }, "fieldsets": [{ "type": "group", "fields": ["displayName", "informationUrl", "description"] }, { "type": "group", "fields": ["privacyStatementUrl", "logoUrl", "logoWidth", "logoHeight"] }], "properties": { "displayName": { "title": "label.display-name", "description": "tooltip.mdui-display-name", "type": "string", "minLength": 1, "maxLength": 255 }, "informationUrl": { "title": "label.information-url", "description": "tooltip.mdui-information-url", "type": "string", "minLength": 1, "maxLength": 255 }, "privacyStatementUrl": { "title": "label.privacy-statement-url", "description": "tooltip.mdui-privacy-statement-url", "type": "string", "minLength": 1, "maxLength": 255 }, "description": { "title": "label.description", "description": "tooltip.mdui-description", "type": "string", "widget": { "id": "textarea" }, "minLength": 1, "maxLength": 255 }, "logoUrl": { "title": "label.logo-url", "description": "tooltip.mdui-logo-url", "type": "string", "minLength": 1, "maxLength": 255 }, "logoHeight": { "title": "label.logo-height", "description": "tooltip.mdui-logo-height", "minimum": 0, "type": "integer" }, "logoWidth": { "title": "label.logo-width", "description": "tooltip.mdui-logo-width", "minimum": 0, "type": "integer" } } }, "Organization": { "type": "object", "properties": { "name": { "title": "label.organization-name", "description": "tooltip.organization-name", "type": "string", "minLength": 1, "maxLength": 255 }, "displayName": { "title": "label.organization-display-name", "description": "tooltip.organization-display-name", "type": "string", "minLength": 1, "maxLength": 255 }, "url": { "title": "label.organization-url", "description": "tooltip.organization-url", "type": "string", "minLength": 1, "maxLength": 255 } }, "dependencies": { "name": { "required": ["displayName", "url"] }, "displayName": { "required": ["name", "url"] }, "url": { "required": ["name", "displayName"] } } }, "nameIdFormats": { "title": "label.nameid-format-to-send", "description": "tooltip.nameid-format", "type": "array", "uniqueItems": true, "items": { "type": "string", "minLength": 1, "maxLength": 255, "examples": ["urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"] } }, "authenticationMethods": { "title": "label.authentication-methods-to-use", "description": "tooltip.authentication-methods-to-use", "type": "array", "uniqueItems": true, "items": { "type": "string", "minLength": 1, "maxLength": 255, "examples": ["https://refeds.org/profile/mfa", "urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken", "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"] } } } };
 
 export default SCHEMA;
\ No newline at end of file
diff --git a/ui/src/testing/uiSchema.js b/ui/src/testing/uiSchema.js
index eb557bcf2..c1af6f4fa 100644
--- a/ui/src/testing/uiSchema.js
+++ b/ui/src/testing/uiSchema.js
@@ -11,7 +11,6 @@ const schema = {
                 "fields": [
                     "serviceProviderName",
                     "entityId",
-                    "serviceEnabled",
                     "organization"
                 ]
             },
@@ -208,7 +207,6 @@ const schema = {
     },
     "serviceProviderName": {},
     "entityId": {},
-    "serviceEnabled": {},
     "organization": {},
     "ui:disabled": false
 };

From afbe10e51dc508b7fda3fb751e1afb48b69fff62 Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Thu, 29 Jul 2021 21:47:40 -0700
Subject: [PATCH 08/24] SHIBUI-2001

Enable endpoint
---
 .../JPAMetadataResolverServiceImpl.groovy     | 454 ++++++++++--------
 .../admin/ui/service/UserBootstrap.groovy     |   7 +-
 .../CoreShibUiConfiguration.java              |  73 ++-
 ...etadataResolverConverterConfiguration.java |  17 -
 .../ui/controller/ActivateController.java     |  21 +-
 .../controller/ActivateExceptionHandler.java  |  16 +
 .../ui/exception/InitializationException.java |   7 +
 .../ui/security/service/UserService.java      |   8 +
 .../JPAEntityDescriptorServiceImpl.java       |   3 +
 .../ui/service/JPAFilterServiceImpl.java      |   2 +
 .../MetadataResolverConverterServiceImpl.java |   2 +
 .../ui/service/MetadataResolverService.java   |  12 +-
 .../MetadataFiltersControllerTests.groovy     |  16 +
 ...JPAMetadataResolverServiceImplTests.groovy |   3 +-
 ...taResolverConverterServiceImplTests.groovy |   4 +
 .../ui/service/UserBootstrapTests.groovy      |  12 +-
 16 files changed, 392 insertions(+), 265 deletions(-)
 delete mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/MetadataResolverConverterConfiguration.java
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/InitializationException.java

diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
index 5dfbf65eb..f8f2118cb 100644
--- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
+++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
@@ -2,6 +2,7 @@ package edu.internet2.tier.shibboleth.admin.ui.service
 
 import com.google.common.base.Predicate
 import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityRoleWhiteListFilter
@@ -20,8 +21,13 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMet
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.TemplateScheme
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.Refilterable
+import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException
+import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException
+import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
+import edu.internet2.tier.shibboleth.admin.util.OpenSamlChainingMetadataResolverUtil
 import groovy.util.logging.Slf4j
 import groovy.xml.DOMBuilder
 import groovy.xml.MarkupBuilder
@@ -34,9 +40,11 @@ import org.opensaml.saml.metadata.resolver.filter.impl.NameIDFormatFilter
 import org.opensaml.saml.saml2.core.Attribute
 import org.opensaml.saml.saml2.metadata.EntityDescriptor
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.stereotype.Service
 import org.w3c.dom.Document
 
 import javax.annotation.Nonnull
+import javax.transaction.Transactional
 
 import static edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilterTarget.NameIdFormatFilterTargetType.ENTITY
 import static edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilterTarget.NameIdFormatFilterTargetType.CONDITION_SCRIPT
@@ -45,171 +53,32 @@ import static edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBa
 import static edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver.ResourceType.SVN
 
 @Slf4j
+@Service
 class JPAMetadataResolverServiceImpl implements MetadataResolverService {
+    
+    @Autowired
+    org.opensaml.saml.metadata.resolver.MetadataResolver chainingMetadataResolver
 
     @Autowired
     private MetadataResolver metadataResolver
 
     @Autowired
-    private MetadataResolverRepository metadataResolverRepository
+    MetadataResolverConverterService metadataResolverConverterService
 
+    @Autowired
+    private MetadataResolverRepository metadataResolverRepository
+    
     @Autowired
     private OpenSamlObjects openSamlObjects
-
+    
     @Autowired
     private MetadataResolversPositionOrderContainerService resolversPositionOrderContainerService
-
+    
     @Autowired
     private ShibUIConfiguration shibUIConfiguration
-
-    // TODO: enhance
-    @Override
-    void reloadFilters(String metadataResolverResourceId) {
-        OpenSamlChainingMetadataResolver chainingMetadataResolver = (OpenSamlChainingMetadataResolver) metadataResolver
-        MetadataResolver targetMetadataResolver = chainingMetadataResolver.getResolvers().find {
-            it.id == metadataResolverResourceId
-        }
-        edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver jpaMetadataResolver = metadataResolverRepository.findByResourceId(metadataResolverResourceId)
-
-        if (targetMetadataResolver && targetMetadataResolver.getMetadataFilter() instanceof MetadataFilterChain) {
-            MetadataFilterChain metadataFilterChain = (MetadataFilterChain) targetMetadataResolver.getMetadataFilter()
-
-            List<MetadataFilter> metadataFilters = new ArrayList<>()
-
-            // set up namespace protection
-            if (shibUIConfiguration.protectedAttributeNamespaces && shibUIConfiguration.protectedAttributeNamespaces.size() > 0 && targetMetadataResolver && jpaMetadataResolver.type in ['FileBackedHttpMetadataResolver', 'DynamicHttpMetadataResolver']) {
-                def target = new org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter()
-                target.attributeFilter = new ScriptedPredicate(new EvaluableScript(protectedNamespaceScript()))
-                metadataFilters.add(target)
-            }
-
-            for (edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter metadataFilter : jpaMetadataResolver.getMetadataFilters()) {
-                if (metadataFilter instanceof EntityAttributesFilter) {
-                    EntityAttributesFilter entityAttributesFilter = (EntityAttributesFilter) metadataFilter
-
-                    org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter target = new org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter()
-                    Map<Predicate<EntityDescriptor>, Collection<Attribute>> rules = new HashMap<>()
-                    switch (entityAttributesFilter.getEntityAttributesFilterTarget().getEntityAttributesFilterTargetType()) {
-                        case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.ENTITY:
-                            rules.put(
-                                    new EntityIdPredicate(entityAttributesFilter.getEntityAttributesFilterTarget().getValue()),
-                                    (List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes()
-                            )
-                            break
-                        case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.CONDITION_SCRIPT:
-                            rules.put(new ScriptedPredicate(new EvaluableScript(entityAttributesFilter.entityAttributesFilterTarget.value[0])),
-                                    (List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes())
-                            break
-                        case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.REGEX:
-                            rules.put(new ScriptedPredicate(new EvaluableScript(generateJavaScriptRegexScript(entityAttributesFilter.entityAttributesFilterTarget.value[0]))),
-                                    (List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes())
-                            break
-                        default:
-                            // do nothing, we'd have exploded elsewhere previously.
-                            break
-                    }
-                    target.setRules(rules)
-                    metadataFilters.add(target)
-                }
-                if (metadataFilter instanceof NameIdFormatFilter) {
-                    NameIdFormatFilter nameIdFormatFilter = NameIdFormatFilter.cast(metadataFilter)
-                    NameIDFormatFilter openSamlTargetFilter = new OpenSamlNameIdFormatFilter()
-                    openSamlTargetFilter.removeExistingFormats = nameIdFormatFilter.removeExistingFormats
-                    Map<Predicate<EntityDescriptor>, Collection<String>> predicateRules = [:]
-                    def type = nameIdFormatFilter.nameIdFormatFilterTarget.nameIdFormatFilterTargetType
-                    def values = nameIdFormatFilter.nameIdFormatFilterTarget.value
-                    switch (type) {
-                        case ENTITY:
-                            predicateRules[new EntityIdPredicate(values)] = nameIdFormatFilter.formats
-                            break
-                        case CONDITION_SCRIPT:
-                            predicateRules[new ScriptedPredicate(new EvaluableScript(values[0]))] = nameIdFormatFilter.formats
-                            break
-                        case REGEX:
-                            predicateRules[new ScriptedPredicate(new EvaluableScript(generateJavaScriptRegexScript(values[0])))] = nameIdFormatFilter.formats
-                            break
-                        default:
-                            // do nothing, we'd have exploded elsewhere previously.
-                            break
-                    }
-                    openSamlTargetFilter.rules = predicateRules
-                    metadataFilters << openSamlTargetFilter
-                }
-            }
-            metadataFilterChain.setFilters(metadataFilters)
-        }
-
-        if (targetMetadataResolver != null && targetMetadataResolver instanceof Refilterable) {
-            (Refilterable) targetMetadataResolver.refilter()
-        } else {
-            //TODO: Do something here if we need to refilter other non-Batch resolvers
-            log.warn("Target resolver is not a Refilterable resolver. Skipping refilter()")
-        }
-    }
-
-    private String protectedNamespaceScript() {
-        return """(function (attribute) {
-                "use strict";
-                var namespaces = [${shibUIConfiguration.protectedAttributeNamespaces.collect({"\"${it}\""}).join(', ')}];
-                // check the parameter
-                if (attribute === null) { return true; }
-                for (var i in namespaces) {
-                    if (attribute.getName().startsWith(namespaces[i])) {
-                        return false;
-                    }
-                }
-                return true;
-            }(input));"""
-    }
-
-    private class ScriptedPredicate extends net.shibboleth.utilities.java.support.logic.ScriptedPredicate<EntityDescriptor> {
-        protected ScriptedPredicate(@Nonnull EvaluableScript theScript) {
-            super(theScript)
-        }
-    }
-
-    // TODO: enhance
-    @Override
-    Document generateConfiguration() {
-        // TODO: this can probably be a better writer
-        new StringWriter().withCloseable { writer ->
-            def xml = new MarkupBuilder(writer)
-            xml.omitEmptyAttributes = true
-            xml.omitNullAttributes = true
-
-            xml.MetadataProvider(id: 'ShibbolethMetadata',
-                    xmlns: 'urn:mace:shibboleth:2.0:metadata',
-                    'xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance',
-                    'xsi:type': 'ChainingMetadataProvider',
-                    'xsi:schemaLocation': 'urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd'
-            ) {
-
-
-                resolversPositionOrderContainerService.allMetadataResolversInDefinedOrderOrUnordered.each {
-                    edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver mr ->
-                        //TODO: We do not currently marshall the internal incommon chaining resolver (with BaseMetadataResolver type)
-                        if ((mr.type != 'BaseMetadataResolver') && (mr.enabled)) {
-                            constructXmlNodeForResolver(mr, delegate) {
-                                //TODO: enhance
-                                def didNamespaceProtectionFilter = !(shibUIConfiguration.protectedAttributeNamespaces && shibUIConfiguration.protectedAttributeNamespaces.size() > 0)
-                                def doNamespaceProtectionFilter = { def filter ->
-                                    if (mr.type in ['FileBackedMetadataResolver', 'DynamicHttpMetadataResolver'] && (filter == null || filter instanceof EntityAttributesFilter) && !didNamespaceProtectionFilter) {
-                                        constructXmlNodeForEntityAttributeNamespaceProtection(delegate)
-                                        didNamespaceProtectionFilter = true
-                                    }
-                                }
-                                mr.metadataFilters.each { edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter filter ->
-                                    doNamespaceProtectionFilter()
-                                    constructXmlNodeForFilter(filter, delegate)
-                                }
-                                doNamespaceProtectionFilter()
-                            }
-                        }
-                }
-            }
-            return DOMBuilder.newInstance().parseText(writer.toString())
-        }
-    }
+    
+    @Autowired
+    private UserService userService
 
     void constructXmlNodeForEntityAttributeNamespaceProtection(def markupBuilderDelegate) {
         markupBuilderDelegate.MetadataFilter('xsi:type': 'EntityAttributes') {
@@ -221,21 +90,6 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         }
     }
 
-    void constructXmlNodeForFilter(SignatureValidationFilter filter, def markupBuilderDelegate) {
-        if (filter.xmlShouldBeGenerated()) {
-            markupBuilderDelegate.MetadataFilter(id: filter.name,
-                    'xsi:type': 'SignatureValidation',
-                    'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
-                    'requireSignedRoot': !filter.requireSignedRoot ?: null,
-                    'certificateFile': filter.certificateFile,
-                    'defaultCriteriaRef': filter.defaultCriteriaRef,
-                    'signaturePrevalidatorRef': filter.signaturePrevalidatorRef,
-                    'dynamicTrustedNamesStrategyRef': filter.dynamicTrustedNamesStrategyRef,
-                    'trustEngineRef': filter.trustEngineRef,
-                    'publicKey': filter.publicKey)
-        }
-    }
-
     void constructXmlNodeForFilter(EntityAttributesFilter filter, def markupBuilderDelegate) {
         markupBuilderDelegate.MetadataFilter('xsi:type': 'EntityAttributes') {
             // TODO: enhance. currently this does weird things with namespaces
@@ -274,12 +128,6 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         }
     }
 
-    private String generateJavaScriptRegexScript(String regex) {
-        return """
-    "use strict";
-    ${regex.startsWith('/') ? '' : '/'}${regex}${regex.endsWith('/') ? '' : '/'}.test(input.getEntityID());\n"""
-    }
-
     void constructXmlNodeForFilter(EntityRoleWhiteListFilter filter, def markupBuilderDelegate) {
         if (!filter.retainedRoles?.isEmpty()) {
             markupBuilderDelegate.MetadataFilter(
@@ -294,15 +142,6 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         }
     }
 
-    void constructXmlNodeForFilter(RequiredValidUntilFilter filter, def markupBuilderDelegate) {
-        if (filter.xmlShouldBeGenerated()) {
-            markupBuilderDelegate.MetadataFilter(
-                    'xsi:type': 'RequiredValidUntil',
-                    maxValidityInterval: filter.maxValidityInterval
-            )
-        }
-    }
-
     void constructXmlNodeForFilter(NameIdFormatFilter filter, def markupBuilderDelegate) {
         def type = filter.nameIdFormatFilterTarget.nameIdFormatFilterTargetType
         markupBuilderDelegate.MetadataFilter(
@@ -341,27 +180,27 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         }
     }
 
-    void constructXmlNodeForResolver(FilesystemMetadataResolver resolver, def markupBuilderDelegate, Closure childNodes) {
-        markupBuilderDelegate.MetadataProvider(id: resolver.xmlId,
-                'xsi:type': 'FilesystemMetadataProvider',
-                metadataFile: resolver.metadataFile,
-
-                requireValidMetadata: !resolver.requireValidMetadata ?: null,
-                failFastInitialization: !resolver.failFastInitialization ?: null,
-                sortKey: resolver.sortKey,
-                criterionPredicateRegistryRef: resolver.criterionPredicateRegistryRef,
-                useDefaultPredicateRegistry: !resolver.useDefaultPredicateRegistry ?: null,
-                satisfyAnyPredicates: resolver.satisfyAnyPredicates ?: null,
-
-                parserPoolRef: resolver.reloadableMetadataResolverAttributes?.parserPoolRef,
-                minRefreshDelay: resolver.reloadableMetadataResolverAttributes?.minRefreshDelay,
-                maxRefreshDelay: resolver.reloadableMetadataResolverAttributes?.maxRefreshDelay,
-                refreshDelayFactor: resolver.reloadableMetadataResolverAttributes?.refreshDelayFactor,
-                indexesRef: resolver.reloadableMetadataResolverAttributes?.indexesRef,
-                resolveViaPredicatesOnly: resolver.reloadableMetadataResolverAttributes?.resolveViaPredicatesOnly ?: null,
-                expirationWarningThreshold: resolver.reloadableMetadataResolverAttributes?.expirationWarningThreshold) {
+    void constructXmlNodeForFilter(RequiredValidUntilFilter filter, def markupBuilderDelegate) {
+        if (filter.xmlShouldBeGenerated()) {
+            markupBuilderDelegate.MetadataFilter(
+                    'xsi:type': 'RequiredValidUntil',
+                    maxValidityInterval: filter.maxValidityInterval
+            )
+        }
+    }
 
-            childNodes()
+    void constructXmlNodeForFilter(SignatureValidationFilter filter, def markupBuilderDelegate) {
+        if (filter.xmlShouldBeGenerated()) {
+            markupBuilderDelegate.MetadataFilter(id: filter.name,
+                    'xsi:type': 'SignatureValidation',
+                    'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
+                    'requireSignedRoot': !filter.requireSignedRoot ?: null,
+                    'certificateFile': filter.certificateFile,
+                    'defaultCriteriaRef': filter.defaultCriteriaRef,
+                    'signaturePrevalidatorRef': filter.signaturePrevalidatorRef,
+                    'dynamicTrustedNamesStrategyRef': filter.dynamicTrustedNamesStrategyRef,
+                    'trustEngineRef': filter.trustEngineRef,
+                    'publicKey': filter.publicKey)
         }
     }
 
@@ -483,6 +322,30 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         }
     }
 
+    void constructXmlNodeForResolver(FilesystemMetadataResolver resolver, def markupBuilderDelegate, Closure childNodes) {
+        markupBuilderDelegate.MetadataProvider(id: resolver.xmlId,
+                'xsi:type': 'FilesystemMetadataProvider',
+                metadataFile: resolver.metadataFile,
+
+                requireValidMetadata: !resolver.requireValidMetadata ?: null,
+                failFastInitialization: !resolver.failFastInitialization ?: null,
+                sortKey: resolver.sortKey,
+                criterionPredicateRegistryRef: resolver.criterionPredicateRegistryRef,
+                useDefaultPredicateRegistry: !resolver.useDefaultPredicateRegistry ?: null,
+                satisfyAnyPredicates: resolver.satisfyAnyPredicates ?: null,
+
+                parserPoolRef: resolver.reloadableMetadataResolverAttributes?.parserPoolRef,
+                minRefreshDelay: resolver.reloadableMetadataResolverAttributes?.minRefreshDelay,
+                maxRefreshDelay: resolver.reloadableMetadataResolverAttributes?.maxRefreshDelay,
+                refreshDelayFactor: resolver.reloadableMetadataResolverAttributes?.refreshDelayFactor,
+                indexesRef: resolver.reloadableMetadataResolverAttributes?.indexesRef,
+                resolveViaPredicatesOnly: resolver.reloadableMetadataResolverAttributes?.resolveViaPredicatesOnly ?: null,
+                expirationWarningThreshold: resolver.reloadableMetadataResolverAttributes?.expirationWarningThreshold) {
+
+            childNodes()
+        }
+    }
+
     void constructXmlNodeForResolver(LocalDynamicMetadataResolver resolver, def markupBuilderDelegate, Closure childNodes) {
         markupBuilderDelegate.MetadataProvider(sourceDirectory: resolver.sourceDirectory,
                 sourceManagerRef: resolver.sourceManagerRef,
@@ -556,7 +419,194 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
 
             childNodes()
         }
+    }
 
+    public edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver findByResourceId(String resourceId) throws EntityNotFoundException {
+        edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver result = metadataResolverRepository.findByResourceId(resourceId)
+        if (result == null ) {
+            throw new EntityNotFoundException("No Provider with resourceId[" + resourceId + "] was found")
+        }
+        return result
+    }
+
+    // TODO: enhance
+    @Override
+    Document generateConfiguration() {
+        // TODO: this can probably be a better writer
+        new StringWriter().withCloseable { writer ->
+            def xml = new MarkupBuilder(writer)
+            xml.omitEmptyAttributes = true
+            xml.omitNullAttributes = true
+
+            xml.MetadataProvider(id: 'ShibbolethMetadata',
+                    xmlns: 'urn:mace:shibboleth:2.0:metadata',
+                    'xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance',
+                    'xsi:type': 'ChainingMetadataProvider',
+                    'xsi:schemaLocation': 'urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd'
+            ) {
+
+
+                resolversPositionOrderContainerService.allMetadataResolversInDefinedOrderOrUnordered.each {
+                    edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver mr ->
+                        //TODO: We do not currently marshall the internal incommon chaining resolver (with BaseMetadataResolver type)
+                        if ((mr.type != 'BaseMetadataResolver') && (mr.enabled)) {
+                            constructXmlNodeForResolver(mr, delegate) {
+                                //TODO: enhance
+                                def didNamespaceProtectionFilter = !(shibUIConfiguration.protectedAttributeNamespaces && shibUIConfiguration.protectedAttributeNamespaces.size() > 0)
+                                def doNamespaceProtectionFilter = { def filter ->
+                                    if (mr.type in ['FileBackedMetadataResolver', 'DynamicHttpMetadataResolver'] && (filter == null || filter instanceof EntityAttributesFilter) && !didNamespaceProtectionFilter) {
+                                        constructXmlNodeForEntityAttributeNamespaceProtection(delegate)
+                                        didNamespaceProtectionFilter = true
+                                    }
+                                }
+                                mr.metadataFilters.each { edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter filter ->
+                                    doNamespaceProtectionFilter()
+                                    constructXmlNodeForFilter(filter, delegate)
+                                }
+                                doNamespaceProtectionFilter()
+                            }
+                        }
+                }
+            }
+            return DOMBuilder.newInstance().parseText(writer.toString())
+        }
+    }
+
+    private String generateJavaScriptRegexScript(String regex) {
+        return """
+    "use strict";
+    ${regex.startsWith('/') ? '' : '/'}${regex}${regex.endsWith('/') ? '' : '/'}.test(input.getEntityID());\n"""
+    }
+
+    private String protectedNamespaceScript() {
+        return """(function (attribute) {
+                "use strict";
+                var namespaces = [${shibUIConfiguration.protectedAttributeNamespaces.collect({"\"${it}\""}).join(', ')}];
+                // check the parameter
+                if (attribute === null) { return true; }
+                for (var i in namespaces) {
+                    if (attribute.getName().startsWith(namespaces[i])) {
+                        return false;
+                    }
+                }
+                return true;
+            }(input));"""
+    }
+    
+    // TODO: enhance
+    @Override
+    void reloadFilters(String metadataResolverResourceId) {
+        OpenSamlChainingMetadataResolver chainingMetadataResolver = (OpenSamlChainingMetadataResolver) metadataResolver
+        MetadataResolver targetMetadataResolver = chainingMetadataResolver.getResolvers().find {
+            it.id == metadataResolverResourceId
+        }
+        edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver jpaMetadataResolver = metadataResolverRepository.findByResourceId(metadataResolverResourceId)
+
+        if (targetMetadataResolver && targetMetadataResolver.getMetadataFilter() instanceof MetadataFilterChain) {
+            MetadataFilterChain metadataFilterChain = (MetadataFilterChain) targetMetadataResolver.getMetadataFilter()
+
+            List<MetadataFilter> metadataFilters = new ArrayList<>()
+
+            // set up namespace protection
+            if (shibUIConfiguration.protectedAttributeNamespaces && shibUIConfiguration.protectedAttributeNamespaces.size() > 0 && targetMetadataResolver && jpaMetadataResolver.type in ['FileBackedHttpMetadataResolver', 'DynamicHttpMetadataResolver']) {
+                def target = new org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter()
+                target.attributeFilter = new ScriptedPredicate(new EvaluableScript(protectedNamespaceScript()))
+                metadataFilters.add(target)
+            }
+
+            for (edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter metadataFilter : jpaMetadataResolver.getMetadataFilters()) {
+                if (metadataFilter instanceof EntityAttributesFilter) {
+                    EntityAttributesFilter entityAttributesFilter = (EntityAttributesFilter) metadataFilter
+
+                    org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter target = new org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter()
+                    Map<Predicate<EntityDescriptor>, Collection<Attribute>> rules = new HashMap<>()
+                    switch (entityAttributesFilter.getEntityAttributesFilterTarget().getEntityAttributesFilterTargetType()) {
+                        case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.ENTITY:
+                            rules.put(
+                                    new EntityIdPredicate(entityAttributesFilter.getEntityAttributesFilterTarget().getValue()),
+                                    (List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes()
+                            )
+                            break
+                        case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.CONDITION_SCRIPT:
+                            rules.put(new ScriptedPredicate(new EvaluableScript(entityAttributesFilter.entityAttributesFilterTarget.value[0])),
+                                    (List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes())
+                            break
+                        case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.REGEX:
+                            rules.put(new ScriptedPredicate(new EvaluableScript(generateJavaScriptRegexScript(entityAttributesFilter.entityAttributesFilterTarget.value[0]))),
+                                    (List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes())
+                            break
+                        default:
+                            // do nothing, we'd have exploded elsewhere previously.
+                            break
+                    }
+                    target.setRules(rules)
+                    metadataFilters.add(target)
+                }
+                if (metadataFilter instanceof NameIdFormatFilter) {
+                    NameIdFormatFilter nameIdFormatFilter = NameIdFormatFilter.cast(metadataFilter)
+                    NameIDFormatFilter openSamlTargetFilter = new OpenSamlNameIdFormatFilter()
+                    openSamlTargetFilter.removeExistingFormats = nameIdFormatFilter.removeExistingFormats
+                    Map<Predicate<EntityDescriptor>, Collection<String>> predicateRules = [:]
+                    def type = nameIdFormatFilter.nameIdFormatFilterTarget.nameIdFormatFilterTargetType
+                    def values = nameIdFormatFilter.nameIdFormatFilterTarget.value
+                    switch (type) {
+                        case ENTITY:
+                            predicateRules[new EntityIdPredicate(values)] = nameIdFormatFilter.formats
+                            break
+                        case CONDITION_SCRIPT:
+                            predicateRules[new ScriptedPredicate(new EvaluableScript(values[0]))] = nameIdFormatFilter.formats
+                            break
+                        case REGEX:
+                            predicateRules[new ScriptedPredicate(new EvaluableScript(generateJavaScriptRegexScript(values[0])))] = nameIdFormatFilter.formats
+                            break
+                        default:
+                            // do nothing, we'd have exploded elsewhere previously.
+                            break
+                    }
+                    openSamlTargetFilter.rules = predicateRules
+                    metadataFilters << openSamlTargetFilter
+                }
+            }
+            metadataFilterChain.setFilters(metadataFilters)
+        }
+
+        if (targetMetadataResolver != null && targetMetadataResolver instanceof Refilterable) {
+            (Refilterable) targetMetadataResolver.refilter()
+        } else {
+            //TODO: Do something here if we need to refilter other non-Batch resolvers
+            log.warn("Target resolver is not a Refilterable resolver. Skipping refilter()")
+        }
+    }
+    
+    public edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver updateMetadataResolverEnabledStatus(edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver updatedResolver) throws ForbiddenException, MetadataFileNotFoundException, InitializationException {
+        // @TODO: when merged with groups, this should maybe be merged with group check as they have to have the role in the right group
+        if (!userService.currentUserHasExpectedRole(["ROLE_ADMIN", "ROLE_ENABLE"])) {
+            throw new ForbiddenException("You do not have the permissions necessary to change the enable status of this filter.")
+        }
+        
+        edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver persistedResolver = metadataResolverRepository.save(updatedResolver)
+        
+        if (persistedResolver.getDoInitialization()) {
+            MetadataResolver openSamlRepresentation = null
+            try {
+                openSamlRepresentation = metadataResolverConverterService.convertToOpenSamlRepresentation(persistedResolver)
+            } catch (FileNotFoundException e) {
+                throw new MetadataFileNotFoundException("message.file-doesnt-exist")
+            }
+            try {
+                OpenSamlChainingMetadataResolverUtil.updateChainingMetadataResolver((OpenSamlChainingMetadataResolver) chainingMetadataResolver, openSamlRepresentation);
+            }
+            catch (Throwable e) {
+                throw new InitializationException(e);
+            }
+        }
+    
+    }
+    
+    private class ScriptedPredicate extends net.shibboleth.utilities.java.support.logic.ScriptedPredicate<EntityDescriptor> {
+        protected ScriptedPredicate(@Nonnull EvaluableScript theScript) {
+            super(theScript)
+        }
     }
 
 }
diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrap.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrap.groovy
index 4ca5b435b..2635f908c 100644
--- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrap.groovy
+++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrap.groovy
@@ -6,6 +6,7 @@ import edu.internet2.tier.shibboleth.admin.ui.security.model.Role
 import edu.internet2.tier.shibboleth.admin.ui.security.model.User
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
 import groovy.util.logging.Slf4j
 import org.springframework.boot.context.event.ApplicationStartedEvent
 import org.springframework.context.event.EventListener
@@ -19,11 +20,13 @@ class UserBootstrap {
     private final ShibUIConfiguration shibUIConfiguration
     private final UserRepository userRepository
     private final RoleRepository roleRepository
+    private final UserService userService
 
-    UserBootstrap(ShibUIConfiguration shibUIConfiguration, UserRepository userRepository, RoleRepository roleRepository) {
+    UserBootstrap(ShibUIConfiguration shibUIConfiguration, UserRepository userRepository, RoleRepository roleRepository, UserService userService) {
         this.shibUIConfiguration = shibUIConfiguration
         this.userRepository = userRepository
         this.roleRepository = roleRepository
+        this.userService = userService
     }
 
     @Transactional
@@ -50,7 +53,7 @@ class UserBootstrap {
                     it.emailAddress = email
                     it
                 }
-                userRepository.saveAndFlush(user)
+                userService.save(user)
             }
         }
     }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
index da33c53f8..06299172a 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
@@ -1,6 +1,27 @@
 package edu.internet2.tier.shibboleth.admin.ui.configuration;
 
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.lucene.analysis.Analyzer;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.context.support.ResourceBundleMessageSource;
+import org.springframework.core.io.Resource;
+import org.springframework.web.servlet.LocaleResolver;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
+import org.springframework.web.util.UrlPathHelper;
+
 import com.fasterxml.jackson.databind.Module;
+
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
 import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository;
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository;
@@ -13,49 +34,25 @@
 import edu.internet2.tier.shibboleth.admin.ui.service.DefaultMetadataResolversPositionOrderContainerService;
 import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryService;
 import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryServiceImpl;
-import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService;
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityIdsSearchService;
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityIdsSearchServiceImpl;
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityService;
 import edu.internet2.tier.shibboleth.admin.ui.service.FileCheckingFileWritingService;
 import edu.internet2.tier.shibboleth.admin.ui.service.FileWritingService;
-import edu.internet2.tier.shibboleth.admin.ui.service.FilterService;
 import edu.internet2.tier.shibboleth.admin.ui.service.FilterTargetService;
-import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityDescriptorServiceImpl;
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityServiceImpl;
-import edu.internet2.tier.shibboleth.admin.ui.service.JPAFilterServiceImpl;
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAFilterTargetServiceImpl;
-import edu.internet2.tier.shibboleth.admin.ui.service.JPAMetadataResolverServiceImpl;
 import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolverService;
 import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolversPositionOrderContainerService;
 import edu.internet2.tier.shibboleth.admin.util.AttributeUtility;
 import edu.internet2.tier.shibboleth.admin.util.LuceneUtility;
 import edu.internet2.tier.shibboleth.admin.util.ModelRepresentationConversions;
-import org.apache.lucene.analysis.Analyzer;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.support.ResourceBundleMessageSource;
-import org.springframework.core.io.Resource;
-import org.springframework.web.servlet.LocaleResolver;
-import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
-import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
-import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
-import org.springframework.web.util.UrlPathHelper;
-
-import javax.servlet.http.HttpServletRequest;
 
 @Configuration
+@Import(SearchConfiguration.class)
+@ComponentScan(basePackages="{ edu.internet2.tier.shibboleth.admin.ui.service }")
 @EnableConfigurationProperties({CustomPropertiesConfiguration.class, ShibUIConfiguration.class})
 public class CoreShibUiConfiguration {
-    private static final Logger logger = LoggerFactory.getLogger(CoreShibUiConfiguration.class);
-
     @Bean
     public OpenSamlObjects openSamlObjects() {
         return new OpenSamlObjects();
@@ -66,25 +63,25 @@ public EntityService jpaEntityService() {
         return new JPAEntityServiceImpl(openSamlObjects());
     }
 
-    @Bean
-    public EntityDescriptorService jpaEntityDescriptorService(UserService userService) {
-        return new JPAEntityDescriptorServiceImpl(openSamlObjects(), jpaEntityService(), userService);
-    }
+//    @Bean
+//    public EntityDescriptorService JPAEntityDescriptorServiceImpl(UserService userService) {
+//        return new JPAEntityDescriptorServiceImpl(openSamlObjects(), jpaEntityService(), userService);
+//    }
 
-    @Bean
-    public FilterService jpaFilterService() {
-        return new JPAFilterServiceImpl();
-    }
+//    @Bean
+//    public FilterService jpaFilterService() {
+//        return new JPAFilterServiceImpl();
+//    }
 
     @Bean
     public FilterTargetService jpaFilterTargetService() {
         return new JPAFilterTargetServiceImpl();
     }
 
-    @Bean
-    public MetadataResolverService metadataResolverService() {
-        return new JPAMetadataResolverServiceImpl();
-    }
+//    @Bean
+//    public MetadataResolverService metadataResolverService() {
+//        return new JPAMetadataResolverServiceImpl();
+//    }
 
     @Bean
     public AttributeUtility attributeUtility() {
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/MetadataResolverConverterConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/MetadataResolverConverterConfiguration.java
deleted file mode 100644
index 6380e0018..000000000
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/MetadataResolverConverterConfiguration.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package edu.internet2.tier.shibboleth.admin.ui.configuration;
-
-import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolverConverterService;
-import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolverConverterServiceImpl;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-/**
- * @author Bill Smith (wsmith@unicon.net)
- */
-@Configuration
-public class MetadataResolverConverterConfiguration {
-    @Bean
-    public MetadataResolverConverterService metadataResolverConverterService() {
-        return new MetadataResolverConverterServiceImpl();
-    }
-}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java
index 1a3ecf0a4..60705cd15 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java
@@ -3,19 +3,25 @@
 import javax.script.ScriptException;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException;
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter;
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation;
+import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver;
 import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException;
 import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException;
+import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException;
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService;
 import edu.internet2.tier.shibboleth.admin.ui.service.FilterService;
+import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolverService;
 
 @RestController
 @RequestMapping("/api/activate")
@@ -27,6 +33,9 @@ public class ActivateController {
     @Autowired
     private FilterService filterService;
     
+    @Autowired
+    private MetadataResolverService metadataResolverService;
+    
     @PatchMapping(path = "/entityDescriptor/{resourceId}/{mode}")
     @Transactional
     public ResponseEntity<?> enableEntityDescriptor(@PathVariable String resourceId, @PathVariable String mode) throws EntityNotFoundException, ForbiddenException {
@@ -42,5 +51,15 @@ public ResponseEntity<?> enableFilter(@PathVariable String metadataResolverId, @
         MetadataFilter persistedFilter = filterService.updateFilterEnabledStatus(metadataResolverId, resourceId, status);
         return ResponseEntity.ok(persistedFilter);
     }    
-// Enable/disable for : , provider
+    
+    @PatchMapping("/MetadataResolvers/{resourceId}/{mode}") 
+    @Transactional
+    public ResponseEntity<?> enableProvider(@PathVariable String resourceId, @PathVariable String mode) throws EntityNotFoundException, ForbiddenException, MetadataFileNotFoundException, InitializationException {
+        boolean status = "enable".equalsIgnoreCase(mode);
+        MetadataResolver existingResolver = metadataResolverService.findByResourceId(resourceId);
+        existingResolver.setEnabled(status);
+        existingResolver = metadataResolverService.updateMetadataResolverEnabledStatus(existingResolver);
+
+        return ResponseEntity.ok(existingResolver);
+    }
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java
index 85264b582..0c766c53c 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java
@@ -1,5 +1,7 @@
 package edu.internet2.tier.shibboleth.admin.ui.controller;
 
+import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR;
+
 import javax.script.ScriptException;
 
 import org.springframework.http.HttpStatus;
@@ -9,8 +11,10 @@
 import org.springframework.web.context.request.WebRequest;
 import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
 
+import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException;
 import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException;
 import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException;
+import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException;
 
 @ControllerAdvice(assignableTypes = {ActivateController.class})
 public class ActivateExceptionHandler extends ResponseEntityExceptionHandler {
@@ -25,8 +29,20 @@ public ResponseEntity<?> handleForbiddenAccess(ForbiddenException e, WebRequest
         return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new ErrorResponse(String.valueOf(HttpStatus.FORBIDDEN.value()), e.getMessage()));
     }
     
+    @ExceptionHandler({ InitializationException.class })
+    public ResponseEntity<?> handleInitializationException(InitializationException e, WebRequest request) {
+        return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(new ErrorResponse(String.valueOf(HttpStatus.INTERNAL_SERVER_ERROR.value()), e.getMessage()));
+    }
+    
+    @ExceptionHandler({ MetadataFileNotFoundException.class })
+    public ResponseEntity<?> handleMetadataFileNotFoundException(MetadataFileNotFoundException e, WebRequest request) {
+        return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(new ErrorResponse(INTERNAL_SERVER_ERROR.toString(), e.getLocalizedMessage()));
+    }
+    
     @ExceptionHandler({ ScriptException.class })
     public ResponseEntity<?> handleScriptException(ScriptException e, WebRequest request) {
         return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(new ErrorResponse(String.valueOf(HttpStatus.INTERNAL_SERVER_ERROR.value()), e.getMessage()));
     }
+     
+    
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/InitializationException.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/InitializationException.java
new file mode 100644
index 000000000..f18483176
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/InitializationException.java
@@ -0,0 +1,7 @@
+package edu.internet2.tier.shibboleth.admin.ui.exception;
+
+public class InitializationException extends Exception {
+    public InitializationException(Exception e) {
+        super(e);
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
index 898e99e00..c3bac03de 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
@@ -5,6 +5,8 @@
 import java.util.Optional;
 import java.util.Set;
 
+import javax.transaction.Transactional;
+
 import org.apache.commons.lang.StringUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 
@@ -80,4 +82,10 @@ public boolean currentUserHasExpectedRole(List<String> acceptedRoles) {
         User user = getCurrentUser();
         return acceptedRoles.contains(user.getRole());
     }
+    
+    @Transactional
+    public User save(User user) {
+        // NOTE: REPLACE ENTIRELY WITH 1740 code
+        return userRepository.save(user);
+    }
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
index ab93343c8..291e300c2 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
@@ -58,6 +58,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 
 import java.time.LocalDateTime;
 import java.util.ArrayList;
@@ -78,6 +79,7 @@
  *
  * @since 1.0
  */
+@Service
 public class JPAEntityDescriptorServiceImpl implements EntityDescriptorService {
     @Autowired
     private EntityDescriptorRepository entityDescriptorRepository;
@@ -88,6 +90,7 @@ public class JPAEntityDescriptorServiceImpl implements EntityDescriptorService {
     @Autowired
     private EntityService entityService;
 
+    @Autowired
     private UserService userService;
 
     public JPAEntityDescriptorServiceImpl(OpenSamlObjects openSamlObjects, EntityService entityService, UserService userService) {
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java
index 6810fa243..23a70268a 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java
@@ -11,6 +11,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 import org.springframework.transaction.interceptor.TransactionAspectSupport;
 
 import java.util.ArrayList;
@@ -26,6 +27,7 @@
  * @since 1.0
  * @author Bill Smith (wsmith@unicon.net)
  */
+@Service
 public class JPAFilterServiceImpl implements FilterService {
     @Autowired
     EntityDescriptorService entityDescriptorService;
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java
index ee5f8cec3..2343206a7 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java
@@ -22,6 +22,7 @@
 import org.opensaml.saml.metadata.resolver.MetadataResolver;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.io.ClassPathResource;
+import org.springframework.stereotype.Service;
 
 import java.io.File;
 import java.io.FileNotFoundException;
@@ -32,6 +33,7 @@
 /**
  * @author Bill Smith (wsmith@unicon.net)
  */
+@Service
 public class MetadataResolverConverterServiceImpl implements MetadataResolverConverterService {
 
     @Autowired
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java
index 376c34aa5..5fd205c20 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java
@@ -2,8 +2,18 @@
 
 import org.w3c.dom.Document;
 
+import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException;
+import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver;
+import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException;
+import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException;
+import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException;
+
 public interface MetadataResolverService {
-    public void reloadFilters(String metadataResolverName);
+    public MetadataResolver findByResourceId(String resourceId) throws EntityNotFoundException;
 
     public Document generateConfiguration();
+
+    public void reloadFilters(String metadataResolverName);
+
+    public MetadataResolver updateMetadataResolverEnabledStatus(MetadataResolver existingResolver) throws ForbiddenException, MetadataFileNotFoundException, InitializationException;
 }
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy
index 280294aa1..b915d6fac 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy
@@ -7,10 +7,14 @@ import edu.internet2.tier.shibboleth.admin.ui.configuration.Internationalization
 import edu.internet2.tier.shibboleth.admin.ui.configuration.TestConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.CoreShibUiConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.SearchConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver
+import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException
+import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException
+import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException
 import edu.internet2.tier.shibboleth.admin.ui.repository.FilterRepository
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository
 import edu.internet2.tier.shibboleth.admin.ui.service.FilterService
@@ -86,6 +90,18 @@ class MetadataFiltersControllerTests extends Specification {
                     Document generateConfiguration() {
                         return null
                     }
+                    
+                    @Override
+                    public MetadataResolver updateMetadataResolverEnabledStatus(MetadataResolver existingResolver) throws ForbiddenException, MetadataFileNotFoundException, InitializationException {
+                        // This won't get called
+                        return null
+                    }
+                    
+                    @Override
+                    public MetadataResolver findByResourceId(String resourceId) throws EntityNotFoundException {
+                        // This won't get called
+                        return null
+                    }
                 },
                 chainingMetadataResolver: new OpenSamlChainingMetadataResolver().with {
                     it.id = 'chain'
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy
index 3ab2154ea..1f3c7962a 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy
@@ -2,7 +2,6 @@ package edu.internet2.tier.shibboleth.admin.ui.service
 
 import edu.internet2.tier.shibboleth.admin.ui.configuration.CoreShibUiConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.InternationalizationConfiguration
-import edu.internet2.tier.shibboleth.admin.ui.configuration.MetadataResolverConverterConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.PlaceholderResolverComponentsConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.SearchConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration
@@ -51,7 +50,7 @@ import spock.lang.Unroll
 import static edu.internet2.tier.shibboleth.admin.ui.util.TestHelpers.generatedXmlIsTheSameAsExpectedXml
 
 @DataJpaTest
-@ContextConfiguration(classes=[CoreShibUiConfiguration, MetadataResolverConverterConfiguration, SearchConfiguration, InternationalizationConfiguration, PlaceholderResolverComponentsConfiguration, edu.internet2.tier.shibboleth.admin.ui.configuration.TestConfiguration ,Config])
+@ContextConfiguration(classes=[CoreShibUiConfiguration, SearchConfiguration, InternationalizationConfiguration, PlaceholderResolverComponentsConfiguration, edu.internet2.tier.shibboleth.admin.ui.configuration.TestConfiguration ,Config])
 @EnableJpaRepositories(basePackages = ["edu.internet2.tier.shibboleth.admin.ui"])
 @EntityScan("edu.internet2.tier.shibboleth.admin.ui")
 @DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImplTests.groovy
index 8a261565e..f5d0f72e3 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImplTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImplTests.groovy
@@ -1,9 +1,13 @@
 package edu.internet2.tier.shibboleth.admin.ui.service
 
+import edu.internet2.tier.shibboleth.admin.ui.configuration.CoreShibUiConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.configuration.InternationalizationConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicMetadataResolverAttributes
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.LocalDynamicMetadataResolver
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.context.SpringBootTest
+import org.springframework.test.context.ContextConfiguration
+
 import spock.lang.Specification
 
 @SpringBootTest
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrapTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrapTests.groovy
index 0a5db2bcf..93857449e 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrapTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrapTests.groovy
@@ -7,6 +7,7 @@ import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.TestConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.autoconfigure.domain.EntityScan
 import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest
@@ -33,12 +34,19 @@ class UserBootstrapTests extends Specification {
 
     @Autowired
     RoleRepository roleRepository
+    
+    @Autowired
+    UserService userService
 
+    def setup() {
+        roleRepository.deleteAll();
+    }
+    
     def "simple test"() {
         setup:
         shibUIConfiguration.roles = []
         shibUIConfiguration.userBootstrapResource = new ClassPathResource('/conf/1044.csv')
-        def userBootstrap = new UserBootstrap(shibUIConfiguration, userRepository, roleRepository)
+        def userBootstrap = new UserBootstrap(shibUIConfiguration, userRepository, roleRepository, userService)
 
         when:
         userBootstrap.bootstrapUsersAndRoles(null)
@@ -52,7 +60,7 @@ class UserBootstrapTests extends Specification {
     def "bootstrap roles"() {
         setup:
         shibUIConfiguration.roles = ['ROLE_ADMIN', 'ROLE_USER']
-        def userbootstrap = new UserBootstrap(shibUIConfiguration, userRepository, roleRepository)
+        def userbootstrap = new UserBootstrap(shibUIConfiguration, userRepository, roleRepository, userService)
 
         when:
         userbootstrap.bootstrapUsersAndRoles(null)

From e4a60cab84a93d5f0f06308d9d3b5242edbcfa07 Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Tue, 10 Aug 2021 18:42:36 -0700
Subject: [PATCH 09/24] SHIBUI-1742 Fixing tests after merging master changes
 in

---
 .../JPAMetadataResolverServiceImpl.groovy     | 52 ++++++-------------
 ...JPAMetadataResolverServiceImplTests.groovy |  4 ++
 2 files changed, 20 insertions(+), 36 deletions(-)

diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
index 83e35a4c6..365125395 100644
--- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
+++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
@@ -3,22 +3,9 @@ package edu.internet2.tier.shibboleth.admin.ui.service
 import com.google.common.base.Predicate
 import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException
-import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter
-import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget
-import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityRoleWhiteListFilter
-import edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilter
-import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter
-import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter
+import edu.internet2.tier.shibboleth.admin.ui.domain.filters.*
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.opensaml.OpenSamlNameIdFormatFilter
-import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver
-import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.FileBackedHttpMetadataResolver
-import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.FilesystemMetadataResolver
-import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.LocalDynamicMetadataResolver
-import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataQueryProtocolScheme
-import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataRequestURLConstructionScheme
-import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.RegexScheme
-import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver
-import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.TemplateScheme
+import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.*
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.Refilterable
 import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException
@@ -44,20 +31,14 @@ import org.springframework.stereotype.Service
 import org.w3c.dom.Document
 
 import javax.annotation.Nonnull
-import javax.transaction.Transactional
 
-import static edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilterTarget.NameIdFormatFilterTargetType.ENTITY
-import static edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilterTarget.NameIdFormatFilterTargetType.CONDITION_SCRIPT
-import static edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilterTarget.NameIdFormatFilterTargetType.REGEX
+import static edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilterTarget.NameIdFormatFilterTargetType.*
 import static edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver.ResourceType.CLASSPATH
 import static edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver.ResourceType.SVN
 
 @Slf4j
 @Service
 class JPAMetadataResolverServiceImpl implements MetadataResolverService {
-    
-    @Autowired
-    org.opensaml.saml.metadata.resolver.MetadataResolver chainingMetadataResolver
 
     @Autowired
     private MetadataResolver metadataResolver
@@ -67,16 +48,16 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
 
     @Autowired
     private MetadataResolverRepository metadataResolverRepository
-    
+
     @Autowired
     private OpenSamlObjects openSamlObjects
-    
+
     @Autowired
     private MetadataResolversPositionOrderContainerService resolversPositionOrderContainerService
-    
+
     @Autowired
     private ShibUIConfiguration shibUIConfiguration
-    
+
     @Autowired
     private UserService userService
 
@@ -142,6 +123,7 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         }
     }
 
+
     void constructXmlNodeForFilter(NameIdFormatFilter filter, def markupBuilderDelegate) {
         def type = filter.nameIdFormatFilterTarget.nameIdFormatFilterTargetType
         markupBuilderDelegate.MetadataFilter(
@@ -429,7 +411,6 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         return result
     }
 
-    // TODO: enhance
     @Override
     Document generateConfiguration() {
         // TODO: this can probably be a better writer
@@ -481,7 +462,7 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
     private String protectedNamespaceScript() {
         return """(function (attribute) {
                 "use strict";
-                var namespaces = [${shibUIConfiguration.protectedAttributeNamespaces.collect({"\"${it}\""}).join(', ')}];
+                var namespaces = [${shibUIConfiguration.protectedAttributeNamespaces.collect({ "\"${it}\"" }).join(', ')}];
                 // check the parameter
                 if (attribute === null) { return true; }
                 for (var i in namespaces) {
@@ -492,8 +473,7 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
                 return true;
             }(input));"""
     }
-    
-    // TODO: enhance
+
     @Override
     void reloadFilters(String metadataResolverResourceId) {
         OpenSamlChainingMetadataResolver chainingMetadataResolver = (OpenSamlChainingMetadataResolver) metadataResolver
@@ -577,15 +557,15 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
             log.warn("Target resolver is not a Refilterable resolver. Skipping refilter()")
         }
     }
-    
+
     public edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver updateMetadataResolverEnabledStatus(edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver updatedResolver) throws ForbiddenException, MetadataFileNotFoundException, InitializationException {
         // @TODO: when merged with groups, this should maybe be merged with group check as they have to have the role in the right group
         if (!userService.currentUserHasExpectedRole(["ROLE_ADMIN", "ROLE_ENABLE"])) {
             throw new ForbiddenException("You do not have the permissions necessary to change the enable status of this filter.")
         }
-        
+
         edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver persistedResolver = metadataResolverRepository.save(updatedResolver)
-        
+
         if (persistedResolver.getDoInitialization()) {
             MetadataResolver openSamlRepresentation = null
             try {
@@ -600,13 +580,13 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
                 throw new InitializationException(e);
             }
         }
-    
+
     }
-    
+
     private class ScriptedPredicate extends net.shibboleth.utilities.java.support.logic.ScriptedPredicate<EntityDescriptor> {
         protected ScriptedPredicate(@Nonnull EvaluableScript theScript) {
             super(theScript)
         }
     }
 
-}
+}
\ No newline at end of file
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/IncommonJPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/IncommonJPAMetadataResolverServiceImplTests.groovy
index 31cec75b2..5ac4a7a02 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/IncommonJPAMetadataResolverServiceImplTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/IncommonJPAMetadataResolverServiceImplTests.groovy
@@ -22,7 +22,9 @@ import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest
 import org.springframework.boot.test.context.SpringBootTest
 import org.springframework.boot.test.context.TestConfiguration
 import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Profile
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories
+import org.springframework.test.context.ActiveProfiles
 import org.springframework.test.context.ContextConfiguration
 
 import spock.lang.Specification
@@ -33,6 +35,7 @@ import static edu.internet2.tier.shibboleth.admin.ui.util.TestHelpers.*
 @ContextConfiguration(classes = [CoreShibUiConfiguration, SearchConfiguration, InternationalizationConfiguration, edu.internet2.tier.shibboleth.admin.ui.configuration.TestConfiguration ,LocalConfig])
 @EnableJpaRepositories(basePackages = ["edu.internet2.tier.shibboleth.admin.ui"])
 @EntityScan("edu.internet2.tier.shibboleth.admin.ui")
+@ActiveProfiles(["local"])
 class IncommonJPAMetadataResolverServiceImplTests extends Specification {
     @Autowired
     MetadataResolverService metadataResolverService
@@ -106,6 +109,7 @@ class IncommonJPAMetadataResolverServiceImplTests extends Specification {
 
     //TODO: check that this configuration is sufficient
     @TestConfiguration
+    @Profile("local")
     static class LocalConfig {
         @Autowired
         OpenSamlObjects openSamlObjects

From e9e80fffa82091c5256af1b1221d7e12b9a57525 Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Thu, 12 Aug 2021 08:58:38 -0700
Subject: [PATCH 10/24] Fixed issues with merge

---
 ui/src/app/admin/component/UserMaintenance.js | 18 ++++-----
 .../domain/provider/component/ProviderList.js |  2 +-
 .../domain/source/component/SourceList.js     | 40 +++++++++----------
 ui/src/app/metadata/view/MetadataOptions.js   |  8 ----
 4 files changed, 30 insertions(+), 38 deletions(-)

diff --git a/ui/src/app/admin/component/UserMaintenance.js b/ui/src/app/admin/component/UserMaintenance.js
index c4542438f..e9a7b8c33 100644
--- a/ui/src/app/admin/component/UserMaintenance.js
+++ b/ui/src/app/admin/component/UserMaintenance.js
@@ -23,10 +23,10 @@ export default function UserMaintenance({ users, roles, loading, onDeleteUser, o
                 <thead>
                     <tr>
                         <th scope="col"><Translate value="label.user-id">UserId</Translate></th>
-                        <th scope="col" ><Translate value="label.name">Name</Translate></th>
+                        <th scope="col"><Translate value="label.name">Name</Translate></th>
                         <th scope="col"><Translate value="label.email">Email</Translate></th>
-                        <th scope="col" ><Translate value="label.role">Role</Translate></th>
-                        <th scope="col" ><Translate value="label.group">Group</Translate></th>
+                        <th scope="col"><Translate value="label.role">Role</Translate></th>
+                        <th scope="col"><Translate value="label.group">Group</Translate></th>
                         <th scope="col"><Translate value="label.delete">Delete?</Translate></th>
                     </tr>
                 </thead>
@@ -36,10 +36,10 @@ export default function UserMaintenance({ users, roles, loading, onDeleteUser, o
                             <React.Fragment>
                                 {users.map((user, idx) =>
                                     <tr key={idx}>
-                                        <th>{user.username}</th>
-                                        <td>{user.firstName} {user.lastName}</td>
-                                        <td>{user.emailAddress}</td>
-                                        <td>
+                                        <td className="align-middle">{user.username}</td>
+                                        <td className="align-middle">{user.firstName} {user.lastName}</td>
+                                        <td className="align-middle">{user.emailAddress}</td>
+                                        <td className="align-middle">
                                             <label htmlFor={`role-${user.username}`} className="sr-only"><Translate value="action.user-role">User role</Translate></label>
                                             <select
                                                 id={`role-${user.username}`}
@@ -54,7 +54,7 @@ export default function UserMaintenance({ users, roles, loading, onDeleteUser, o
                                                 ))}
                                             </select>
                                         </td>
-                                        <td>
+                                        <td className="align-middle">
                                             <OverlayTrigger
                                                 trigger={user.role === 'ROLE_ADMIN' ? ['hover', 'focus'] : []}
                                                 overlay={
@@ -79,7 +79,7 @@ export default function UserMaintenance({ users, roles, loading, onDeleteUser, o
                                             </OverlayTrigger>
                                             
                                         </td>
-                                        <td>
+                                        <td className="align-middle">
                                             {currentUser.username !== user.username &&
                                                 <Button className="text-danger" variant="link" onClick={() => onDeleteUser(user.username)}>
                                                     <span className="sr-only">
diff --git a/ui/src/app/metadata/domain/provider/component/ProviderList.js b/ui/src/app/metadata/domain/provider/component/ProviderList.js
index 4cd26c2b9..e97b8c4ce 100644
--- a/ui/src/app/metadata/domain/provider/component/ProviderList.js
+++ b/ui/src/app/metadata/domain/provider/component/ProviderList.js
@@ -68,7 +68,7 @@ export function ProviderList({ entities, reorder = true, first, last, onEnable,
                             <td className="align-middle">{ provider['@type'] }</td>
                             <td className="align-middle">{ provider.createdBy }</td>
                             <td className="align-middle"><FormattedDate date={provider.createdDate} /></td>
-                            <td className="">
+                            <td className="align-middle">
                                 <span className="d-flex justify-content-end">
                                 {onEnable && isAdmin ?
                                     <Form.Check
diff --git a/ui/src/app/metadata/domain/source/component/SourceList.js b/ui/src/app/metadata/domain/source/component/SourceList.js
index 039228bd2..992f96b92 100644
--- a/ui/src/app/metadata/domain/source/component/SourceList.js
+++ b/ui/src/app/metadata/domain/source/component/SourceList.js
@@ -7,17 +7,16 @@ import Form from 'react-bootstrap/Form';
 import OverlayTrigger from 'react-bootstrap/OverlayTrigger';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faTrash } from '@fortawesome/free-solid-svg-icons';
+import { faTrash, faCheck } from '@fortawesome/free-solid-svg-icons';
 
 import FormattedDate from '../../../../core/components/FormattedDate';
 import Translate from '../../../../i18n/components/translate';
 import { Scroller } from '../../../../dashboard/component/Scroller';
 import { useTranslator } from '../../../../i18n/hooks';
-import { DeleteSourceConfirmation } from './DeleteSourceConfirmation';
 import { useIsAdmin } from '../../../../core/user/UserContext';
 import { GroupsProvider } from '../../../../admin/hoc/GroupsProvider';
 
-export default function SourceList({ entities, onDelete, onEnable }) {
+export default function SourceList({ entities, onDelete, onEnable, onChangeGroup }) {
 
     const translator = useTranslator();
     const isAdmin = useIsAdmin();
@@ -33,7 +32,7 @@ export default function SourceList({ entities, onDelete, onEnable }) {
                                 <th className="w-25"><Translate value="label.entity-id">Entity ID</Translate></th>
                                 <th className=""><Translate value="label.author">Author</Translate></th>
                                 <th className=""><Translate value="label.creation-date">Created Date</Translate></th>
-                                <th className=""><Translate value="label.enabled">Enabled</Translate></th>
+                                <th className="text-center"><Translate value="label.enabled">Enabled</Translate></th>
                                 {isAdmin && onChangeGroup && <th className=""><Translate value="label.group">Group</Translate></th> }
                                 {onDelete && <th className="w-auto"></th>}
                             </tr>
@@ -41,36 +40,37 @@ export default function SourceList({ entities, onDelete, onEnable }) {
                         <tbody>
                             {limited.map((source, idx) =>
                                 <tr key={idx}>
-                                    <td>
+                                    <td className="align-middle">
                                         <Link to={`/metadata/source/${source.id}/configuration/options`}>{source.serviceProviderName}</Link>
                                     </td>
-                                    <td>
+                                    <td className="align-middle">
                                         {source.entityId}
                                     </td>
-                                    <td>
+                                    <td className="align-middle">
                                         {source.createdBy}
                                     </td>
-                                    <td><FormattedDate date={source.createdDate} /></td>
-                                    <td className="">
+                                    <td className="align-middle"><FormattedDate date={source.createdDate} /></td>
+                                    <td className="text-center align-middle">
+                                        <span className="d-flex justify-content-center align-items-center">
                                         {onEnable && isAdmin ?
-                                            <Button
-                                                variant="success"
-                                                size="sm"
-                                                checked={source.serviceEnabled}
-                                                onClick={() => onEnable(source)}
+                                            <Form.Check
+                                                type="switch"
+                                                id="custom-switch"
+                                                size="lg"
+                                                aria-label={translator(source.serviceEnabled ? 'label.disable' : 'label.enable')}
                                                 onChange={({ target: { checked } }) => onEnable(source, checked)}
-                                                aria-label={translator(source.serviceEnabled ? 'label.disable' : 'label.enable')}>
-                                                <Translate value={ source.enabled ? 'label.disable' : 'label.enable' }>Disable</Translate>
-                                                {!source.enabled && <>&nbsp;<FontAwesomeIcon icon={faCheck} size="lg" /></> }
-                                            </Button>
+                                                checked={source.serviceEnabled}
+                                            >
+                                            </Form.Check>
                                             :
                                             <Badge variant={source.serviceEnabled ? 'success' : 'danger'}>
                                                 <Translate value={source.serviceEnabled ? 'value.enabled' : 'value.disabled'}></Translate>
                                             </Badge>
                                         }
+                                        </span>
                                     </td>
                                     {isAdmin && onChangeGroup &&
-                                    <td className="">
+                                    <td className="align-middle">
                                         <GroupsProvider>
                                             {(groups, removeGroup, loadingGroups) =>
                                                 <React.Fragment>
@@ -94,7 +94,7 @@ export default function SourceList({ entities, onDelete, onEnable }) {
                                     </td>
                                     }
                                     {onDelete &&
-                                    <td className="text-right">
+                                    <td className="text-right align-middle">
                                         <OverlayTrigger trigger={source.serviceEnabled ? ['hover', 'focus'] : []} placement="left"
                                             overlay={
                                                 <Popover id={`delete-source-btn-${idx}`}>
diff --git a/ui/src/app/metadata/view/MetadataOptions.js b/ui/src/app/metadata/view/MetadataOptions.js
index d66949ab2..3c78b46d0 100644
--- a/ui/src/app/metadata/view/MetadataOptions.js
+++ b/ui/src/app/metadata/view/MetadataOptions.js
@@ -85,14 +85,6 @@ export function MetadataOptions ({reload}) {
                         </Button>
                         }
                     </div>
-                    {type === 'source' && remove &&
-                    <Button className="btn btn-outline btn-sm btn-danger align-self-start"
-                            disabled={metadata.serviceEnabled}
-                            onClick={() => remove(metadata.id, redirectOnDelete)}>
-                        <Translate value="action.delete" />
-                        <FontAwesomeIcon icon={faTrash} className="ml-2" />
-                    </Button>
-                    }
                 </MetadataHeader>
                 <div className="px-3 my-3 d-flex justify-content-between" id="navigation">
                     <div>

From a2f1b38cfb3556101bd82475d19b2098e8cc93ec Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Thu, 12 Aug 2021 10:08:17 -0700
Subject: [PATCH 11/24] SHIBUI-1742 merged from 1740 code (master)

---
 .../admin/ui/security/model/Group.java        |  2 +-
 .../repository/GroupsRepositoryTests.groovy   | 25 +++++++++++--------
 2 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/Group.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/Group.java
index 2da8fc60b..aeded7229 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/Group.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/Group.java
@@ -35,7 +35,7 @@ public class Group implements Owner {
     @Exclude
     private ILazyLoaderHelper lazyLoaderHelper;
 
-    @Column(name = "name")
+    @Column(name = "name", nullable = false)
     private String name;
 
     @Transient
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/repository/GroupsRepositoryTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/repository/GroupsRepositoryTests.groovy
index 1a23778da..b2d079dfc 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/repository/GroupsRepositoryTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/repository/GroupsRepositoryTests.groovy
@@ -1,5 +1,9 @@
 package edu.internet2.tier.shibboleth.admin.ui.security.repository
 
+import org.springframework.boot.test.context.TestConfiguration
+import org.springframework.context.annotation.Profile
+import org.springframework.dao.DataIntegrityViolationException
+
 import javax.persistence.EntityManager
 import javax.transaction.Transactional
 
@@ -26,7 +30,7 @@ import spock.lang.Specification
 @ContextConfiguration(classes=[InternationalizationConfiguration, LocalConfig])
 @EnableJpaRepositories(basePackages = ["edu.internet2.tier.shibboleth.admin.ui"])
 @EntityScan("edu.internet2.tier.shibboleth.admin.ui")
-@ActiveProfiles("test")
+@ActiveProfiles(["test","local"])
 class GroupsRepositoryTests extends Specification {
     @Autowired
     GroupsRepository groupsRepo
@@ -95,8 +99,8 @@ class GroupsRepositoryTests extends Specification {
             it.resourceId = "g1"
             it
         }
-        def Group savedGroup = groupsRepo.saveAndFlush(group)
-        def Collection all = ownershipRepository.findAllByOwner(savedGroup)
+        Group savedGroup = groupsRepo.saveAndFlush(group)
+        Collection all = ownershipRepository.findAllByOwner(savedGroup)
         
         then:
         all.size() == 3
@@ -131,7 +135,7 @@ class GroupsRepositoryTests extends Specification {
         def gList = groupsRepo.findAll()
         gList.size() == 1
         def groupFromDb = gList.get(0).asType(Group)
-        groupFromDb.equals(group) == true
+        groupFromDb.equals(group)
       
         // fetch checks
         groupsRepo.findByResourceId("not an id") == null
@@ -154,11 +158,11 @@ class GroupsRepositoryTests extends Specification {
         
         // save check
         when:
-        def savedGroup = groupsRepo.save(group)
+        groupsRepo.save(group)
         
         then:
         // Missing non-nullable field (name) should thrown error
-        final def exception = thrown(org.springframework.dao.DataIntegrityViolationException)
+        thrown(DataIntegrityViolationException)
     }
     
     @Rollback
@@ -186,7 +190,7 @@ class GroupsRepositoryTests extends Specification {
         def gList = groupsRepo.findAll()
         gList.size() == 1
         def groupFromDb = gList.get(0).asType(Group)
-        groupFromDb.equals(group) == true
+        groupFromDb.equals(group)
              
         // update check
         groupFromDb.with {
@@ -202,7 +206,7 @@ class GroupsRepositoryTests extends Specification {
         gList2.size() == 1
         def groupFromDb2 = gList2.get(0).asType(Group)
         groupFromDb2.equals(group) == false
-        groupFromDb2.equals(groupFromDb) == true
+        groupFromDb2.equals(groupFromDb)
         
         // delete tests
         when:
@@ -212,13 +216,14 @@ class GroupsRepositoryTests extends Specification {
         groupsRepo.findAll().size() == 0
         
         when:
-        def nothingThere = groupsRepo.findByResourceId(null);
+        def nothingThere = groupsRepo.findByResourceId(null)
         
         then:
         nothingThere == null
     }
     
-    @org.springframework.boot.test.context.TestConfiguration
+    @TestConfiguration
+    @Profile("local")
     static class LocalConfig {
         @Bean
         GroupUpdatedEntityListener groupUpdatedEntityListener(OwnershipRepository repo) {

From b0f5a899bd02701d3663978b505e2fe3a482330f Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Fri, 13 Aug 2021 08:52:16 -0700
Subject: [PATCH 12/24] SHIBUI-1742 merged from 1740 code (master)

---
 .../JPAMetadataResolverServiceImpl.groovy     |  4 +-
 .../admin/ui/domain/ActivatableType.java      |  5 +++
 .../admin/ui/domain/EntityDescriptor.java     | 23 +++++++---
 .../admin/ui/domain/IActivatable.java         |  7 +++
 .../ui/domain/filters/MetadataFilter.java     | 24 +++++++---
 .../ui/domain/resolvers/MetadataResolver.java | 44 +++++++++++--------
 .../ui/security/service/UserService.java      | 37 +++++++++++-----
 .../JPAEntityDescriptorServiceImpl.java       |  4 +-
 .../ui/service/JPAFilterServiceImpl.java      | 13 +++---
 9 files changed, 110 insertions(+), 51 deletions(-)
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ActivatableType.java
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/IActivatable.java

diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
index 365125395..abd4ec060 100644
--- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
+++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
@@ -559,8 +559,8 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
     }
 
     public edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver updateMetadataResolverEnabledStatus(edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver updatedResolver) throws ForbiddenException, MetadataFileNotFoundException, InitializationException {
-        // @TODO: when merged with groups, this should maybe be merged with group check as they have to have the role in the right group
-        if (!userService.currentUserHasExpectedRole(["ROLE_ADMIN", "ROLE_ENABLE"])) {
+        if (!userService.currentUserCanEnable(updatedResolver)) {
+//        if (!userService.currentUserHasExpectedRole(["ROLE_ADMIN", "ROLE_ENABLE"])) {
             throw new ForbiddenException("You do not have the permissions necessary to change the enable status of this filter.")
         }
 
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ActivatableType.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ActivatableType.java
new file mode 100644
index 000000000..8042d56d4
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ActivatableType.java
@@ -0,0 +1,5 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain;
+
+public enum ActivatableType {
+    ENTITY_DESCRIPTOR, METADATA_RESOLVER, FILTER
+}
\ No newline at end of file
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EntityDescriptor.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EntityDescriptor.java
index a3acff06b..185b43918 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EntityDescriptor.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EntityDescriptor.java
@@ -33,11 +33,12 @@
 import java.util.UUID;
 import java.util.stream.Collectors;
 
+import static edu.internet2.tier.shibboleth.admin.ui.domain.ActivatableType.ENTITY_DESCRIPTOR;
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
 @Audited
-public class EntityDescriptor extends AbstractDescriptor implements org.opensaml.saml.saml2.metadata.EntityDescriptor, Ownable {
+public class EntityDescriptor extends AbstractDescriptor implements org.opensaml.saml.saml2.metadata.EntityDescriptor, Ownable, IActivatable {
     @OneToMany(cascade = CascadeType.ALL)
     @JoinColumn(name = "entitydesc_addlmetdatlocations_id")
     @OrderColumn
@@ -47,7 +48,7 @@ public class EntityDescriptor extends AbstractDescriptor implements org.opensaml
     @OneToOne(cascade = CascadeType.ALL)
     @NotAudited
     private AffiliationDescriptor affiliationDescriptor;
-    
+
     @OneToOne(cascade = CascadeType.ALL)
     @NotAudited
     private AttributeAuthorityDescriptor attributeAuthorityDescriptor;
@@ -61,7 +62,7 @@ public class EntityDescriptor extends AbstractDescriptor implements org.opensaml
     private List<ContactPerson> contactPersons = new ArrayList<>();
 
     private String entityID;
-    
+
     private String localId;
 
     @OneToOne(cascade = CascadeType.ALL)
@@ -70,7 +71,7 @@ public class EntityDescriptor extends AbstractDescriptor implements org.opensaml
     @Getter
     @Setter
     private String idOfOwner;
-    
+
     @OneToOne(cascade = CascadeType.ALL)
     @NotAudited
     private PDPDescriptor pdpDescriptor;
@@ -254,6 +255,10 @@ public void setEntityID(String entityID) {
         this.entityID = entityID;
     }
 
+    public void setEnabled(Boolean serviceEnabled) {
+        this.serviceEnabled = (serviceEnabled == null) ? false : serviceEnabled;
+    }
+
     @Override
     public void setID(String id) {
         this.localId = id;
@@ -296,12 +301,16 @@ public String toString() {
                 .add("id", id)
                 .toString();
     }
-    
+
     public String getObjectId() {
         return entityID;
     }
-    
+
     public OwnableType getOwnableType() {
         return OwnableType.ENTITY_DESCRIPTOR;
     }
-}
+
+    @Override public ActivatableType getActivatableType() {
+        return ENTITY_DESCRIPTOR;
+    }
+}
\ No newline at end of file
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/IActivatable.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/IActivatable.java
new file mode 100644
index 000000000..84a31078a
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/IActivatable.java
@@ -0,0 +1,7 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain;
+
+public interface IActivatable {
+    ActivatableType getActivatableType();
+
+    void setEnabled(Boolean enabled);
+}
\ No newline at end of file
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java
index 9363f5711..33b763231 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java
@@ -5,6 +5,8 @@
 import com.fasterxml.jackson.annotation.JsonSubTypes;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractAuditable;
+import edu.internet2.tier.shibboleth.admin.ui.domain.ActivatableType;
+import edu.internet2.tier.shibboleth.admin.ui.domain.IActivatable;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
@@ -20,6 +22,8 @@
 import javax.persistence.Transient;
 import java.util.UUID;
 
+import static edu.internet2.tier.shibboleth.admin.ui.domain.ActivatableType.*;
+
 /**
  * Domain class to store information about {@link org.opensaml.saml.metadata.resolver.filter.MetadataFilter}
  */
@@ -38,22 +42,26 @@
         @JsonSubTypes.Type(value=NameIdFormatFilter.class, name="NameIDFormat")})
 @Audited
 @AuditOverride(forClass = AbstractAuditable.class)
-public abstract class MetadataFilter extends AbstractAuditable implements IConcreteMetadataFilterType<MetadataFilter> {
+public abstract class MetadataFilter extends AbstractAuditable implements IConcreteMetadataFilterType<MetadataFilter>, IActivatable {
 
-    @JsonProperty("@type")
-    @Transient
-    String type;
+    private boolean filterEnabled;
 
     private String name;
 
     @Column(unique=true)
     private String resourceId = UUID.randomUUID().toString();
 
-    private boolean filterEnabled;
+    @JsonProperty("@type")
+    @Transient
+    String type;
 
     @Transient
     private transient Integer version;
 
+    public ActivatableType getActivatableType() {
+        return FILTER;
+    }
+
     @JsonGetter("version")
     public int getVersion() {
         if (version != null && version != 0) {
@@ -61,4 +69,8 @@ public int getVersion() {
         }
         return this.hashCode();
     }
-}
+
+    public void setEnabled(Boolean serviceEnabled) {
+        this.filterEnabled = (serviceEnabled == null) ? false : serviceEnabled;
+    }
+}
\ No newline at end of file
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/MetadataResolver.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/MetadataResolver.java
index 13d573b56..a777aa3ca 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/MetadataResolver.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/MetadataResolver.java
@@ -6,6 +6,8 @@
 import com.fasterxml.jackson.annotation.JsonSubTypes;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractAuditable;
+import edu.internet2.tier.shibboleth.admin.ui.domain.ActivatableType;
+import edu.internet2.tier.shibboleth.admin.ui.domain.IActivatable;
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter;
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter;
 import lombok.EqualsAndHashCode;
@@ -28,6 +30,8 @@
 import java.util.List;
 import java.util.UUID;
 
+import static edu.internet2.tier.shibboleth.admin.ui.domain.ActivatableType.*;
+
 @Entity
 @Inheritance(strategy = InheritanceType.TABLE_PER_CLASS)
 @EqualsAndHashCode(callSuper = true, exclude = {"version", "versionModifiedTimestamp"})
@@ -43,7 +47,7 @@
         @JsonSubTypes.Type(value = ResourceBackedMetadataResolver.class, name = "ResourceBackedMetadataResolver")})
 @Audited
 @AuditOverride(forClass = AbstractAuditable.class)
-public class MetadataResolver extends AbstractAuditable {
+public class MetadataResolver extends AbstractAuditable implements IActivatable {
 
     @JsonProperty("@type")
     @Transient
@@ -84,31 +88,35 @@ public class MetadataResolver extends AbstractAuditable {
     @Transient
     private Integer version;
 
-    @JsonGetter("version")
-    public int getVersion() {
-        if (this.version != null && this.version != 0 ) {
-            return this.version;
-        }
-        return this.hashCode();
-    }
-
     public void addFilter(MetadataFilter metadataFilter) {
         //To make sure that Spring Data auditing infrastructure recognizes update and "touched" modifiedDate
         markAsModified();
         this.metadataFilters.add(metadataFilter);
     }
 
-    public void markAsModified() {
-        this.versionModifiedTimestamp = System.currentTimeMillis();
-    }
-
     public void entityAttributesFilterIntoTransientRepresentation() {
         //expose explicit API to call to convert into transient representation
         //used in unit/integration tests where JPA's @PostLoad callback execution engine is not available
         this.metadataFilters
-                .stream()
-                .filter(EntityAttributesFilter.class::isInstance)
-                .map(EntityAttributesFilter.class::cast)
-                .forEach(EntityAttributesFilter::intoTransientRepresentation);
+                        .stream()
+                        .filter(EntityAttributesFilter.class::isInstance)
+                        .map(EntityAttributesFilter.class::cast)
+                        .forEach(EntityAttributesFilter::intoTransientRepresentation);
+    }
+
+    @Override public ActivatableType getActivatableType() {
+        return METADATA_RESOLVER;
+    }
+
+    @JsonGetter("version")
+    public int getVersion() {
+        if (this.version != null && this.version != 0 ) {
+            return this.version;
+        }
+        return this.hashCode();
+    }
+
+    public void markAsModified() {
+        this.versionModifiedTimestamp = System.currentTimeMillis();
     }
-}
+}
\ No newline at end of file
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
index 2081f02f5..4c1bdc4c2 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
@@ -1,10 +1,10 @@
 package edu.internet2.tier.shibboleth.admin.ui.security.service;
 
-import java.util.HashSet;
-import java.util.List;
-import java.util.Optional;
-import java.util.Set;
+import java.util.*;
 
+import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor;
+import edu.internet2.tier.shibboleth.admin.ui.domain.IActivatable;
+import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -25,6 +25,8 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
 import lombok.NoArgsConstructor;
 
+import static edu.internet2.tier.shibboleth.admin.ui.security.service.UserAccess.*;
+
 @Service
 @NoArgsConstructor
 public class UserService {
@@ -47,10 +49,25 @@ public UserService(IGroupService groupService, OwnershipRepository ownershipRepo
         this.userRepository = userRepository;
     }
 
+    public boolean currentUserCanEnable(IActivatable activatableObject) {
+        switch (activatableObject.getActivatableType()) {
+        case ENTITY_DESCRIPTOR: {
+            if (getCurrentUserAccess() == ADMIN) { return true; }
+            if (currentUserHasExpectedRole(Arrays.asList("ROLE_ENABLE" )) && getCurrentUserGroup().getOwnerId().equals(((EntityDescriptor) activatableObject).getIdOfOwner())) {
+                return true;
+            }
+        }
+        case FILTER:
+        case METADATA_RESOLVER:
+            return currentUserHasExpectedRole(Arrays.asList("ROLE_ADMIN", "ROLE_ENABLE" ));
+        }
+        return false;
+    }
+
     /**
-     * Current logic is pretty dumb, this will need to change/expand once a user can have more than one role.
+     * This basic logic assumes users only have a single role (despite users having a list of roles, we assume only 1 currently)
      */
-    public boolean currentUserHasExpectedRole(List<String> acceptedRoles) {
+    private boolean currentUserHasExpectedRole(List<String> acceptedRoles) {
         User user = getCurrentUser();
         return acceptedRoles.contains(user.getRole());
     }
@@ -91,15 +108,15 @@ public User getCurrentUser() {
     public UserAccess getCurrentUserAccess() {
         User user = getCurrentUser();
         if (user == null) {
-            return UserAccess.NONE;
+            return NONE;
         }
         if (user.getRole().equals("ROLE_ADMIN")) {
-            return UserAccess.ADMIN;
+            return ADMIN;
         }
         if (user.getRole().equals("ROLE_USER")) {
-            return UserAccess.GROUP;
+            return GROUP;
         }
-        return UserAccess.NONE;
+        return NONE;
     }
 
     public Group getCurrentUserGroup() {
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
index 7752eafa2..668f2636b 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
@@ -391,8 +391,8 @@ public EntityDescriptorRepresentation updateEntityDescriptorEnabledStatus(String
         if (ed == null) {
             throw new EntityNotFoundException("Entity with resourceid[" + resourceId + "] was not found for update");
         }
-        // @TODO: when merged with groups, this should maybe be merged with group check as they have to have the role in the right group
-        if (!userService.currentUserHasExpectedRole(Arrays.asList(new String[] { "ROLE_ADMIN", "ROLE_ENABLE" }))) {
+        if (!userService.currentUserCanEnable(ed)) {
+//        if (!userService.currentUserHasExpectedRole(Arrays.asList(new String[] { "ROLE_ADMIN", "ROLE_ENABLE" }))) {
             throw new ForbiddenException("You do not have the permissions necessary to change the enable status of this entity descriptor.");
         }
         ed.setServiceEnabled(status);
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java
index 23a70268a..c42bd7cad 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java
@@ -1,5 +1,6 @@
 package edu.internet2.tier.shibboleth.admin.ui.service;
 
+import edu.internet2.tier.shibboleth.admin.ui.domain.IActivatable;
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter;
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter;
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.FilterRepresentation;
@@ -117,13 +118,13 @@ public MetadataFilter updateFilterEnabledStatus(String metadataResolverId, Strin
         if (filterTobeUpdatedOptional.isEmpty()) {
             throw new EntityNotFoundException("Filter with resource id[" + resourceId + "] not found");
         }
-        
-        // @TODO: when merged with groups, this should maybe be merged with group check as they have to have the role in the right group
-        if (!userService.currentUserHasExpectedRole(Arrays.asList(new String[] { "ROLE_ADMIN", "ROLE_ENABLE" }))) {
+
+        MetadataFilter filterTobeUpdated = filterTobeUpdatedOptional.get();
+
+        if (!userService.currentUserCanEnable(filterTobeUpdated)) {
             throw new ForbiddenException("You do not have the permissions necessary to change the enable status of this filter.");
         }
-        
-        MetadataFilter filterTobeUpdated = filterTobeUpdatedOptional.get();
+
         filterTobeUpdated.setFilterEnabled(status);
         MetadataFilter persistedFilter = filterRepository.save(filterTobeUpdated);
 
@@ -136,4 +137,4 @@ public MetadataFilter updateFilterEnabledStatus(String metadataResolverId, Strin
 
         return persistedFilter;
     }
-}
+}
\ No newline at end of file

From 0b12ec9ed27e8a0b4ae194796ba2101ce09915ea Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Mon, 16 Aug 2021 10:50:05 -0700
Subject: [PATCH 13/24] SHIBUI-2001

Wrapping up endpoint for enabling
---
 .../JPAMetadataResolverServiceImpl.groovy     |   1 -
 .../ui/domain/filters/MetadataFilter.java     |   6 +-
 .../ui/domain/resolvers/MetadataResolver.java |   4 +-
 .../ui/security/service/UserService.java      |  13 +-
 .../JPAEntityDescriptorServiceImpl.java       |   3 +-
 .../src/main/resources/application.properties |   4 +-
 ...ResolversControllerIntegrationTests.groovy |   9 +-
 .../security/service/UserServiceTests.groovy  | 345 ++++++++++++++----
 8 files changed, 287 insertions(+), 98 deletions(-)

diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
index abd4ec060..03e041322 100644
--- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
+++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
@@ -560,7 +560,6 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
 
     public edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver updateMetadataResolverEnabledStatus(edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver updatedResolver) throws ForbiddenException, MetadataFileNotFoundException, InitializationException {
         if (!userService.currentUserCanEnable(updatedResolver)) {
-//        if (!userService.currentUserHasExpectedRole(["ROLE_ADMIN", "ROLE_ENABLE"])) {
             throw new ForbiddenException("You do not have the permissions necessary to change the enable status of this filter.")
         }
 
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java
index 33b763231..548c97356 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java
@@ -1,9 +1,6 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain.filters;
 
-import com.fasterxml.jackson.annotation.JsonGetter;
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.annotation.JsonSubTypes;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import com.fasterxml.jackson.annotation.*;
 import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractAuditable;
 import edu.internet2.tier.shibboleth.admin.ui.domain.ActivatableType;
 import edu.internet2.tier.shibboleth.admin.ui.domain.IActivatable;
@@ -58,6 +55,7 @@ public abstract class MetadataFilter extends AbstractAuditable implements IConcr
     @Transient
     private transient Integer version;
 
+    @JsonIgnore
     public ActivatableType getActivatableType() {
         return FILTER;
     }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/MetadataResolver.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/MetadataResolver.java
index a777aa3ca..995fab868 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/MetadataResolver.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/MetadataResolver.java
@@ -104,7 +104,9 @@ public void entityAttributesFilterIntoTransientRepresentation() {
                         .forEach(EntityAttributesFilter::intoTransientRepresentation);
     }
 
-    @Override public ActivatableType getActivatableType() {
+    @Override
+    @JsonIgnore
+    public ActivatableType getActivatableType() {
         return METADATA_RESOLVER;
     }
 
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
index 4c1bdc4c2..4118b8881 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
@@ -50,18 +50,18 @@ public UserService(IGroupService groupService, OwnershipRepository ownershipRepo
     }
 
     public boolean currentUserCanEnable(IActivatable activatableObject) {
+        if (currentUserIsAdmin()) { return true; }
         switch (activatableObject.getActivatableType()) {
         case ENTITY_DESCRIPTOR: {
-            if (getCurrentUserAccess() == ADMIN) { return true; }
-            if (currentUserHasExpectedRole(Arrays.asList("ROLE_ENABLE" )) && getCurrentUserGroup().getOwnerId().equals(((EntityDescriptor) activatableObject).getIdOfOwner())) {
-                return true;
-            }
+            return currentUserHasExpectedRole(Arrays.asList("ROLE_ENABLE" )) && getCurrentUserGroup().getOwnerId().equals(((EntityDescriptor) activatableObject).getIdOfOwner());
         }
+        // Currently filters and providers dont have ownership, so we just look for the right role
         case FILTER:
         case METADATA_RESOLVER:
-            return currentUserHasExpectedRole(Arrays.asList("ROLE_ADMIN", "ROLE_ENABLE" ));
+            return currentUserHasExpectedRole(Arrays.asList("ROLE_ENABLE" ));
+        default:
+            return false;
         }
-        return false;
     }
 
     /**
@@ -137,6 +137,7 @@ public Set<String> getUserRoles(String username) {
         return result;
     }
 
+     // @TODO - probably delegate this out to something plugable at some point
     public boolean isAuthorizedFor(Ownable ownableObject) {
         switch (getCurrentUserAccess()) {
         case ADMIN: // Pure admin is authorized to do anything
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
index 668f2636b..764d75f6b 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
@@ -363,7 +363,7 @@ public EntityDescriptorRepresentation update(EntityDescriptorRepresentation edRe
         if (existingEd == null) {
             throw new EntityNotFoundException(String.format("The entity descriptor with entity id [%s] was not found for update.", edRep.getId()));
         }
-        if (edRep.isServiceEnabled() && !userService.currentUserIsAdmin()) {
+        if (edRep.isServiceEnabled() && !userService.currentUserCanEnable(existingEd)) {
             throw new ForbiddenException("You do not have the permissions necessary to enable this service.");
         }
         if (!userService.isAuthorizedFor(existingEd)) {
@@ -392,7 +392,6 @@ public EntityDescriptorRepresentation updateEntityDescriptorEnabledStatus(String
             throw new EntityNotFoundException("Entity with resourceid[" + resourceId + "] was not found for update");
         }
         if (!userService.currentUserCanEnable(ed)) {
-//        if (!userService.currentUserHasExpectedRole(Arrays.asList(new String[] { "ROLE_ADMIN", "ROLE_ENABLE" }))) {
             throw new ForbiddenException("You do not have the permissions necessary to change the enable status of this entity descriptor.");
         }
         ed.setServiceEnabled(status);
diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties
index 83f2635e0..6f8b837e3 100644
--- a/backend/src/main/resources/application.properties
+++ b/backend/src/main/resources/application.properties
@@ -87,7 +87,7 @@ shibui.mail.text-email-template-path-prefix=/mail/text/
 shibui.mail.html.email-template-path-prefix=/mail/html/
 shibui.mail.system-email-address=doNotReply@shibui.org
 
-shibui.roles=ROLE_ADMIN,ROLE_USER,ROLE_NONE
+shibui.roles=ROLE_ADMIN,ROLE_ENABLE,ROLE_USER,ROLE_NONE
 
 #In order to enable authentication via configured pac4j library (with external SAMl Idp, for example)
 #This property must be set to true and pac4j properties configured. For sample pac4j properties, see application.yml
@@ -97,4 +97,4 @@ shibui.roles=ROLE_ADMIN,ROLE_USER,ROLE_NONE
 #This property must be set to true in order to enable posting stats to beacon endpoint. Furthermore, appropriate
 #environment variables must be set for beacon publisher to be used (the ones that are set when running shib-ui in
 #docker container
-shibui.beacon-enabled=true
+shibui.beacon-enabled=true
\ No newline at end of file
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversControllerIntegrationTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversControllerIntegrationTests.groovy
index b8487c9c8..05f6b62c8 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversControllerIntegrationTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversControllerIntegrationTests.groovy
@@ -4,6 +4,7 @@ import com.fasterxml.jackson.databind.ObjectMapper
 import com.fasterxml.jackson.databind.SerializationFeature
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule
 import edu.internet2.tier.shibboleth.admin.ui.configuration.CustomPropertiesConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.configuration.StringTrimModule
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.FileBackedHttpMetadataResolver
@@ -21,6 +22,7 @@ import org.springframework.boot.test.context.SpringBootTest
 import org.springframework.boot.test.context.TestConfiguration
 import org.springframework.boot.test.web.client.TestRestTemplate
 import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Profile
 import org.springframework.http.HttpEntity
 import org.springframework.http.HttpHeaders
 import org.springframework.test.annotation.DirtiesContext
@@ -63,6 +65,7 @@ class MetadataResolversControllerIntegrationTests extends Specification {
         mapper.enable(SerializationFeature.INDENT_OUTPUT)
         mapper.setSerializationInclusion(NON_NULL)
         mapper.registerModule(new JavaTimeModule())
+        mapper.registerModule(new StringTrimModule())
         metadataResolverRepository.deleteAll()
     }
 
@@ -206,7 +209,7 @@ class MetadataResolversControllerIntegrationTests extends Specification {
             'ResourceBacked' | _
             'Filesystem'     | _
     }
-    
+
     @DirtiesContext
     def "SHIBUI-1992 - error creating FileBackedHTTPMetadata"() {
         def resolver = new FileBackedHttpMetadataResolver().with {
@@ -360,10 +363,10 @@ class MetadataResolversControllerIntegrationTests extends Specification {
     }
 
     @TestConfiguration
-    static class Config {
+    static class LocalConfig {
         @Bean
         MetadataResolver metadataResolver() {
             new OpenSamlChainingMetadataResolver()
         }
     }
-}
+}
\ No newline at end of file
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/service/UserServiceTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/service/UserServiceTests.groovy
index b6431f79f..80ce68ab9 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/service/UserServiceTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/service/UserServiceTests.groovy
@@ -1,19 +1,28 @@
 package edu.internet2.tier.shibboleth.admin.ui.security.service
 
-import java.time.LocalDateTime
-import java.time.format.DateTimeFormatter
-
-import javax.persistence.EntityManager
-
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.fasterxml.jackson.databind.SerializationFeature
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule
+import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer
+import edu.internet2.tier.shibboleth.admin.ui.configuration.CoreShibUiConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.configuration.CustomPropertiesConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.domain.ActivatableType
+import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor
+import edu.internet2.tier.shibboleth.admin.ui.domain.IActivatable
+import edu.internet2.tier.shibboleth.admin.ui.security.model.*
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.OwnershipRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.autoconfigure.domain.EntityScan
 import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest
-import org.springframework.boot.test.context.SpringBootTest
 import org.springframework.boot.test.context.TestConfiguration
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.ComponentScan
 import org.springframework.context.annotation.Profile
-import org.springframework.context.annotation.PropertySource
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories
 import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder
 import org.springframework.security.test.context.support.WithMockUser
@@ -22,34 +31,12 @@ import org.springframework.test.annotation.Rollback
 import org.springframework.test.context.ActiveProfiles
 import org.springframework.test.context.ContextConfiguration
 import org.springframework.transaction.annotation.Transactional
-
-import com.fasterxml.jackson.databind.ObjectMapper
-import com.fasterxml.jackson.databind.SerializationFeature
-import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule
-import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer
-
-import edu.internet2.tier.shibboleth.admin.ui.ShibbolethUiApplication
-import edu.internet2.tier.shibboleth.admin.ui.configuration.CoreShibUiConfiguration
-import edu.internet2.tier.shibboleth.admin.ui.configuration.CustomPropertiesConfiguration
-import edu.internet2.tier.shibboleth.admin.ui.configuration.InternationalizationConfiguration
-import edu.internet2.tier.shibboleth.admin.ui.configuration.SearchConfiguration
-import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor
-import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation
-import edu.internet2.tier.shibboleth.admin.ui.security.model.Group
-import edu.internet2.tier.shibboleth.admin.ui.security.model.OwnerType
-import edu.internet2.tier.shibboleth.admin.ui.security.model.Ownership
-import edu.internet2.tier.shibboleth.admin.ui.security.model.Role
-import edu.internet2.tier.shibboleth.admin.ui.security.model.User
-import edu.internet2.tier.shibboleth.admin.ui.security.model.listener.GroupUpdatedEntityListener
-import edu.internet2.tier.shibboleth.admin.ui.security.model.listener.UserUpdatedEntityListener
-import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository
-import edu.internet2.tier.shibboleth.admin.ui.security.repository.OwnershipRepository
-import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository
-import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
-import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService
-import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
 import spock.lang.Specification
 
+import javax.persistence.EntityManager
+import java.time.LocalDateTime
+import java.time.format.DateTimeFormatter
+
 @DataJpaTest
 @ContextConfiguration(classes=[CoreShibUiConfiguration, CustomPropertiesConfiguration, LocalConfig])
 @EnableJpaRepositories(basePackages = ["edu.internet2.tier.shibboleth.admin.ui"])
@@ -70,13 +57,18 @@ class UserServiceTests extends Specification {
     
     @Autowired
     RoleRepository roleRepository
-        
+
+    @Autowired
+    ShibUIConfiguration shibUIConfiguration
+
     @Autowired
     UserRepository userRepository
     
     @Autowired
     UserService userService
-        
+
+    def users
+
     @Transactional
     def setup() {
         userRepository.findAll().forEach {
@@ -87,22 +79,217 @@ class UserServiceTests extends Specification {
         roleRepository.deleteAll()
         roleRepository.flush()
         groupService.clearAllForTesting() //leaves us just the admingroup
-        
-        def roles = [new Role().with {
-            name = 'ROLE_ADMIN'
-            it
-        }, new Role().with {
-            name = 'ROLE_USER'
+
+        shibUIConfiguration.roles.each { it ->
+            def role = new Role(name: it)
+            roleRepository.saveAndFlush(role)
+        }
+
+        if (userRepository.count() == 0) {
+            users = [new User().with {
+                username = 'admin'
+                password = '{noop}adminpass'
+                firstName = 'Joe'
+                lastName = 'Doe'
+                emailAddress = 'joe@institution.edu'
+                roles.add(roleRepository.findByName('ROLE_ADMIN').get())
+                it
+            }, new User().with {
+                username = 'nonadmin'
+                password = '{noop}nonadminpass'
+                firstName = 'Peter'
+                lastName = 'Vandelay'
+                emailAddress = 'peter@institution.edu'
+                roles.add(roleRepository.findByName('ROLE_USER').get())
+                it
+            }, new User().with {
+                username = 'robot'
+                password = '{noop}nonepass'
+                firstName = 'Bad'
+                lastName = 'robot'
+                emailAddress = 'badboy@institution.edu'
+                roles.add(roleRepository.findByName('ROLE_ENABLE').get())
+                it
+            }, new User().with {
+                username = 'robot2'
+                password = '{noop}nonepass'
+                firstName = 'Bad2'
+                lastName = 'robot2'
+                emailAddress = 'badboy2@institution.edu'
+                roles.add(roleRepository.findByName('ROLE_ENABLE').get())
+                it
+            }]
+            users.each {
+                it = userService.save(it)
+            }
+        }
+    }
+
+    @WithMockUser(value = "admin", roles = ["ADMIN"])
+    def "Validate isAuthorizedFor with admin user (always auth)"() {
+        when: "the object doesn't matter if user is admin"
+        def isAuth = userService.isAuthorizedFor(new Ownable(){
+            String getObjectId() { return null }
+            OwnableType getOwnableType() { return null }
+        });
+
+        then:
+        isAuth
+    }
+
+    @WithMockUser(value = "admin", roles = ["ADMIN"])
+    def "Admin can activate"() {
+        when: "the object doesn't matter if user is admin"
+        def canEnable = userService.currentUserCanEnable(new IActivatable() {
+            ActivatableType getActivatableType() { return ActivatableType.ENTITY_DESCRIPTOR }
+            void setEnabled(Boolean enabled) { }
+        });
+
+        then:
+        canEnable
+
+        when: "the object doesn't matter if user is admin"
+        canEnable = userService.currentUserCanEnable(new IActivatable() {
+            ActivatableType getActivatableType() { return ActivatableType.FILTER }
+            void setEnabled(Boolean enabled) { }
+        });
+
+        then:
+        canEnable
+
+        when: "the object doesn't matter if user is admin"
+        canEnable = userService.currentUserCanEnable(new IActivatable() {
+            ActivatableType getActivatableType() { return ActivatableType.METADATA_RESOLVER }
+            void setEnabled(Boolean enabled) { }
+        });
+
+        then:
+        canEnable
+    }
+
+    @WithMockUser(value = "nonadmin", roles = ["USER"])
+    def "nonadmin cannot activate without enable role"() {
+        when:
+        def canEnable = userService.currentUserCanEnable(new IActivatable() {
+            ActivatableType getActivatableType() { return ActivatableType.ENTITY_DESCRIPTOR }
+            void setEnabled(Boolean enabled) { }
+        });
+
+        then:
+        !canEnable
+
+        when:
+        canEnable = userService.currentUserCanEnable(new IActivatable() {
+            ActivatableType getActivatableType() { return ActivatableType.FILTER }
+            void setEnabled(Boolean enabled) { }
+        });
+
+        then:
+        !canEnable
+
+        when:
+        canEnable = userService.currentUserCanEnable(new IActivatable() {
+            ActivatableType getActivatableType() { return ActivatableType.METADATA_RESOLVER }
+            void setEnabled(Boolean enabled) { }
+        });
+
+        then:
+        !canEnable
+    }
+
+    @WithMockUser(value = "robot", roles = ["ENABLE"])
+    def "nonadmin can activate with enable role"() {
+        given:
+        def ed = new EntityDescriptor().with {
+            it.idOfOwner = 'robot'
             it
-        }, new Role().with {
-            name = 'ROLE_NONE'
+        }
+        when:
+        def canEnable = userService.currentUserCanEnable(ed);
+
+        then:
+        canEnable
+
+        when:
+        canEnable = userService.currentUserCanEnable(new IActivatable() {
+            ActivatableType getActivatableType() { return ActivatableType.FILTER }
+            void setEnabled(Boolean enabled) { }
+        });
+
+        then:
+        canEnable
+
+        when:
+        canEnable = userService.currentUserCanEnable(new IActivatable() {
+            ActivatableType getActivatableType() { return ActivatableType.METADATA_RESOLVER }
+            void setEnabled(Boolean enabled) { }
+        });
+
+        then:
+        canEnable
+    }
+
+    @WithMockUser(value = "robot2", roles = ["ENABLE"])
+    def "nonadmin cannot activate entity descriptor with enable role"() {
+        given:
+        def ed = new EntityDescriptor().with {
+            it.idOfOwner = 'robot'
             it
-        }]
-        roles.each {
-            roleRepository.save(it)
-        }      
+        }
+        when:
+        def canEnable = userService.currentUserCanEnable(ed);
+
+        then:
+        !canEnable
+
+        when:
+        canEnable = userService.currentUserCanEnable(new IActivatable() {
+            ActivatableType getActivatableType() { return ActivatableType.FILTER }
+            void setEnabled(Boolean enabled) { }
+        });
+
+        then:
+        canEnable
+
+        when:
+        canEnable = userService.currentUserCanEnable(new IActivatable() {
+            ActivatableType getActivatableType() { return ActivatableType.METADATA_RESOLVER }
+            void setEnabled(Boolean enabled) { }
+        });
+
+        then:
+        canEnable
     }
-    
+
+    @WithMockUser(value = "nonadmin", roles = ["USER"])
+    @Rollback
+    def "Validate isAuthorizedFor with non-admin user"() {
+        given:
+        ownershipRepository.saveAndFlush(new Ownership(new Owner() {
+            String getOwnerId() { return "nonadmin" }
+            OwnerType getOwnerType() { return OwnerType.GROUP }
+        }, new Ownable() {
+            String getObjectId() { return "foothing" }
+            OwnableType getOwnableType() { return OwnableType.ENTITY_DESCRIPTOR }
+        }))
+        when:
+        def isAuth = userService.isAuthorizedFor(new Ownable(){
+            String getObjectId() { return "foothing" }
+            OwnableType getOwnableType() { return OwnableType.ENTITY_DESCRIPTOR }
+        });
+
+        then:
+        isAuth
+    }
+
+    def "Double Check that shibUIConfiguration includes the enable role"() {
+        when:
+        def Optional<Role> role = roleRepository.findByName("ROLE_ENABLE")
+
+        then:
+        role.isPresent()
+    }
+
     @Rollback
     def "When creating user, user is set to the correct group"() {
         given:
@@ -110,24 +297,24 @@ class UserServiceTests extends Specification {
         gb.setResourceId("testingGroupBBB")
         gb.setName("Group BBB")
         gb = groupService.createGroup(gb)
-        
+
         Optional<Role> userRole = roleRepository.findByName("ROLE_USER")
         def User user = new User(username: "someUser", roles:[userRole.get()], password: "foo")
         user.setGroup(gb)
-        
-        when:        
+
+        when:
         def User result = userService.save(user)
-        
+
         then:
         result.groupId == "testingGroupBBB"
         result.username == "someUser"
         result.userGroups.size() == 1
-        
+
         // Raw check that the DB is correct for ownership
         def Set<Ownership> users = ownershipRepository.findUsersByOwner(gb)
         users.size() == 1
         users.getAt(0).ownedId == "someUser"
-        
+
         // Validate that loading the group has the correct list as well
         Group g = groupService.find("testingGroupBBB");
         g.ownedItems.size() == 1
@@ -140,31 +327,31 @@ class UserServiceTests extends Specification {
         ga.setResourceId("testingGroup")
         ga.setName("Group A")
         ga = groupService.createGroup(ga)
-        
+
         Group gb = new Group();
         gb.setResourceId("testingGroupBBB")
         gb.setName("Group BBB")
         gb = groupService.createGroup(gb)
-        
+
         Optional<Role> userRole = roleRepository.findByName("ROLE_USER")
         def User user = new User(username: "someUser", roles:[userRole.get()], password: "foo")
         user.setGroup(gb)
         def User userInB = userService.save(user)
-        
+
         when:
         userInB.setGroupId("testingGroup") // changing groups will happen by updating the user's groupid (from the ui)
         def User result = userService.save(userInB)
-                
+
         then:
         result.groupId == "testingGroup"
         result.username == "someUser"
         result.userGroups.size() == 1
-        
+
         // Raw check that the DB is correct for ownership
         def Set<Ownership> users = ownershipRepository.findUsersByOwner(ga)
         users.size() == 1
         users.getAt(0).ownedId == "someUser"
-        
+
         // check db is correct for the previous group as well
         def Set<Ownership> users2 = ownershipRepository.findUsersByOwner(gb)
         users2.size() == 0
@@ -172,11 +359,11 @@ class UserServiceTests extends Specification {
         // Validate that loading the group has the correct list as well
         Group g = groupService.find("testingGroup");
         g.ownedItems.size() == 1
-        
+
         Group g2 = groupService.find("testingGroupBBB");
         g2.ownedItems.size() == 0
     }
-        
+
     @Rollback
     def "logically try to match user controller test causing headaches"() {
         given:
@@ -184,26 +371,26 @@ class UserServiceTests extends Specification {
         ga.setResourceId("testingGroup")
         ga.setName("Group A")
         ga = groupService.createGroup(ga)
-        
+
         Optional<Role> userRole = roleRepository.findByName("ROLE_USER")
         def User user = new User(username: "someUser", firstName: "Fred", lastName: "Flintstone", roles:[userRole.get()], password: "foo")
         user.setGroup(ga)
         userService.save(user)
-        
+
         when:
         def User flintstoneUser = userRepository.findByUsername("someUser").get()
         flintstoneUser.setFirstName("Wilma")
         flintstoneUser.setGroupId("testingGroup")
-        
+
         def User result = userService.save(flintstoneUser)
-                
+
         then:
         result.groupId == "testingGroup"
         result.username == "someUser"
         result.userGroups.size() == 1
         result.firstName == "Wilma"
     }
-    
+
     @Rollback
     def "When creating user, user with multiple groups is saved correctly"() {
         given:
@@ -211,12 +398,12 @@ class UserServiceTests extends Specification {
         ga.setResourceId("testingGroup")
         ga.setName("Group A")
         ga = groupService.createGroup(ga)
-        
+
         Group gb = new Group();
         gb.setResourceId("testingGroupBBB")
         gb.setName("Group BBB")
         gb = groupService.createGroup(gb)
-        
+
         Optional<Role> userRole = roleRepository.findByName("ROLE_USER")
         User user = new User().with( {
             it.username = "someUser"
@@ -224,41 +411,41 @@ class UserServiceTests extends Specification {
             it.password = "foo"
             it
         })
-        
+
         HashSet<Group> groups = new HashSet<>()
         groups.add(ga)
         groups.add(gb)
         user.setGroups(groups)
-        
+
         when:
         def result = userService.save(user)
-        
+
         then:
         result.userGroups.size() == 2
-        
+
         // Raw check that the DB is correct for ownership
         def Set<Ownership> users = ownershipRepository.findUsersByOwner(ga)
         users.size() == 1
         users.getAt(0).ownedId == "someUser"
-        
+
         def Set<Ownership> users2 = ownershipRepository.findUsersByOwner(gb)
         users2.size() == 1
         users2.getAt(0).ownedId == "someUser"
-        
+
         when:
         def userFromDb = userRepository.findById(result.id).get();
-        
+
         then:
         userFromDb.getUserGroups().size() == 2
-        
+
         when:
         Group gbUpdated = groupService.find("testingGroupBBB")
-        
+
         then:
         gbUpdated.ownedItems.size() == 1
     }
     
-    @org.springframework.boot.test.context.TestConfiguration
+    @TestConfiguration
     @Profile("local")
     static class LocalConfig {
         @Bean

From 6ef03d327fd280408f0100f25b1c5f0b465806f5 Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Wed, 18 Aug 2021 10:31:44 -0700
Subject: [PATCH 14/24] Updated API calls for enable/disable metadata objects

---
 ui/src/app/admin/container/MetadataActions.js       | 13 ++++++-------
 .../component/MetadataFilterConfigurationList.js    |  5 ++---
 .../domain/filter/component/MetadataFilters.js      |  8 ++++++--
 .../metadata/domain/source/component/SourceList.js  |  2 +-
 ui/src/app/metadata/hooks/api.js                    | 12 ++++++++++++
 5 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/ui/src/app/admin/container/MetadataActions.js b/ui/src/app/admin/container/MetadataActions.js
index 4500354f4..4af521db5 100644
--- a/ui/src/app/admin/container/MetadataActions.js
+++ b/ui/src/app/admin/container/MetadataActions.js
@@ -1,6 +1,6 @@
 import React from 'react';
 import { DeleteConfirmation } from '../../core/components/DeleteConfirmation';
-import { useMetadataEntity } from '../../metadata/hooks/api';
+import { useMetadataActivator, useMetadataEntity } from '../../metadata/hooks/api';
 
 import { NotificationContext, createNotificationAction } from '../../notifications/hoc/Notifications';
 
@@ -8,16 +8,15 @@ export function MetadataActions ({type, children}) {
 
     const { dispatch } = React.useContext(NotificationContext);
 
-    const { del, put, response } = useMetadataEntity(type, {
+    const { del, response } = useMetadataEntity(type, {
         cachePolicy: 'no-cache'
     });
 
+    const activator = useMetadataActivator(type);
+
     async function enableEntity(entity, enabled, cb = () => {}) {
-        await put(`/${type === 'source' ? entity.id : entity.resourceId}`, {
-            ...entity,
-            [type === 'source' ? 'serviceEnabled' : 'enabled']: enabled
-        });
-        if (response.ok) {
+        await activator.patch(`/${type === 'source' ? entity.id : entity.resourceId}/${enabled ? 'enable' : 'disable'}`);
+        if (activator?.response.ok) {
             dispatch(createNotificationAction(
                 `Metadata ${type} has been ${enabled ? 'enabled' : 'disabled'}.`
             ));
diff --git a/ui/src/app/metadata/domain/filter/component/MetadataFilterConfigurationList.js b/ui/src/app/metadata/domain/filter/component/MetadataFilterConfigurationList.js
index 04c33c10f..74b879698 100644
--- a/ui/src/app/metadata/domain/filter/component/MetadataFilterConfigurationList.js
+++ b/ui/src/app/metadata/domain/filter/component/MetadataFilterConfigurationList.js
@@ -2,13 +2,12 @@ import React from 'react';
 
 import { Ordered } from '../../../../dashboard/component/Ordered';
 import { Translate } from '../../../../i18n/components/translate';
-import { MetadataFilters, MetadataFiltersContext } from './MetadataFilters';
+import { MetadataFilters } from './MetadataFilters';
 
 import { MetadataFilterConfigurationListItem } from './MetadataFilterConfigurationListItem';
 import { MetadataFilterTypes } from '..';
 
-export function MetadataFilterConfigurationList ({provider, onDelete, editable = true}) {
-    // const filters = React.useContext(MetadataFiltersContext);
+export function MetadataFilterConfigurationList ({provider, editable = true}) {
 
     return (
         <MetadataFilters providerId={provider.resourceId} types={MetadataFilterTypes}>
diff --git a/ui/src/app/metadata/domain/filter/component/MetadataFilters.js b/ui/src/app/metadata/domain/filter/component/MetadataFilters.js
index c9f7d39a4..d8a1d8242 100644
--- a/ui/src/app/metadata/domain/filter/component/MetadataFilters.js
+++ b/ui/src/app/metadata/domain/filter/component/MetadataFilters.js
@@ -1,5 +1,5 @@
 import React from 'react';
-import { useMetadataFilters } from '../../../hooks/api';
+import { useMetadataFilters, useFilterActivator } from '../../../hooks/api';
 import { DeleteConfirmation } from '../../../../core/components/DeleteConfirmation';
 import { NotificationContext, createNotificationAction } from '../../../../notifications/hoc/Notifications';
 
@@ -13,6 +13,10 @@ export function MetadataFilters ({ providerId, types = [], filters, children })
         cachePolicy: 'no-cache'
     });
 
+    const { patch } = useFilterActivator(providerId, {
+        cachePolicy: 'no-cache'
+    });
+
     const [filterData, setFilterData] = React.useState([]);
 
     async function loadFilters(id) {
@@ -33,7 +37,7 @@ export function MetadataFilters ({ providerId, types = [], filters, children })
     }
 
     async function enableFilter(filter, enabled) {
-        await put(`/${filter.resourceId}`, {
+        await patch(`/${filter.resourceId}/${enabled ? 'enable' : 'disable'}`, {
             ...filter,
             filterEnabled: enabled
         });
diff --git a/ui/src/app/metadata/domain/source/component/SourceList.js b/ui/src/app/metadata/domain/source/component/SourceList.js
index 992f96b92..60bce07f2 100644
--- a/ui/src/app/metadata/domain/source/component/SourceList.js
+++ b/ui/src/app/metadata/domain/source/component/SourceList.js
@@ -7,7 +7,7 @@ import Form from 'react-bootstrap/Form';
 import OverlayTrigger from 'react-bootstrap/OverlayTrigger';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faTrash, faCheck } from '@fortawesome/free-solid-svg-icons';
+import { faTrash } from '@fortawesome/free-solid-svg-icons';
 
 import FormattedDate from '../../../../core/components/FormattedDate';
 import Translate from '../../../../i18n/components/translate';
diff --git a/ui/src/app/metadata/hooks/api.js b/ui/src/app/metadata/hooks/api.js
index cc2afa9c7..49e11f338 100644
--- a/ui/src/app/metadata/hooks/api.js
+++ b/ui/src/app/metadata/hooks/api.js
@@ -132,6 +132,18 @@ export function useMetadataUpdater (path, current) {
     }
 }
 
+export function useMetadataActivator(type, opts = {
+    cachePolicy: 'no-cache'
+}) {
+    return useFetch(`${API_BASE_PATH}/activate/${type === 'source' ? 'entityDescriptor' : 'MetadataResolvers'}/`, opts);
+}
+
+export function useFilterActivator(providerId, opts = {
+    cachePolicy: 'no-cache'
+}) {
+    return useFetch(`${API_BASE_PATH}/activate${getMetadataPath('provider')}/${providerId}/Filter`, opts);
+}
+
 export function useMetadataAttributes (opts = {}, onMount) {
     //
     return useFetch(`${API_BASE_PATH}/custom/entity/attributes`, opts, onMount);

From d5965988429673b11d9314bddab9f1332b30090e Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Wed, 18 Aug 2021 14:50:26 -0700
Subject: [PATCH 15/24] Fixed role management update

---
 .../main/resources/i18n/messages.properties   |  3 ++
 ui/src/app/admin/container/EditRole.js        |  2 +-
 ui/src/app/admin/container/RoleList.js        | 28 ++++++++++---------
 ui/src/app/admin/hoc/RoleProvider.js          |  6 ++--
 4 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties
index fc9ad5b53..2b3ca2ee8 100644
--- a/backend/src/main/resources/i18n/messages.properties
+++ b/backend/src/main/resources/i18n/messages.properties
@@ -492,10 +492,13 @@ label.by=By
 label.source=Metadata Source
 label.provider=Metadata Provider
 
+
+
 message.user-role-admin-group=Cannot change group for ROLE_ADMIN users.
 
 label.roles-management=Role Management
 label.new-role=New Role
+label.edit-role=Edit Role
 label.role-name=Role Name
 label.role-description=Role Description
 label.role=Role
diff --git a/ui/src/app/admin/container/EditRole.js b/ui/src/app/admin/container/EditRole.js
index cc8d802ed..16b503aed 100644
--- a/ui/src/app/admin/container/EditRole.js
+++ b/ui/src/app/admin/container/EditRole.js
@@ -27,7 +27,7 @@ export function EditRole() {
 
     async function save(role) {
         let toast;
-        const resp = await put(``, role);
+        const resp = await put(`/${role.resourceId}`, role);
         if (response.ok) {
             gotoDetail({ refresh: true });
             toast = createNotificationAction(`Updated role successfully.`, NotificationTypes.SUCCESS);
diff --git a/ui/src/app/admin/container/RoleList.js b/ui/src/app/admin/container/RoleList.js
index e48851f90..96278d0b4 100644
--- a/ui/src/app/admin/container/RoleList.js
+++ b/ui/src/app/admin/container/RoleList.js
@@ -46,20 +46,22 @@ export function RoleList({ roles, onDelete }) {
                                         <tbody>
                                             {(roles?.length > 0) ? roles.map((role, i) =>
                                                 <tr key={i}>
-                                                    <td>{role.name}</td>
+                                                    <td className="align-middle">{role.name}</td>
                                                     <td className="text-right">
-                                                        <Link to={`../roles/${role.resourceId}/edit`} className="btn btn-link text-primary">
-                                                            <FontAwesomeIcon icon={faEdit} size="lg" />
-                                                            <span className="sr-only">
-                                                                <Translate value="action.edit">Edit</Translate>
-                                                            </span>
-                                                        </Link>
-                                                        <Button variant="link" className="text-danger" onClick={() => block(() => remove(role.resourceId))}>
-                                                            <FontAwesomeIcon icon={faTrash} size="lg" />
-                                                            <span className="sr-only">
-                                                                <Translate value="action.delete">Delete</Translate>
-                                                            </span>
-                                                        </Button>
+                                                        <React.Fragment>
+                                                            <Link disabled={role.name === 'ROLE_ADMIN'} to={`../roles/${role.resourceId}/edit`} className={`btn btn-link text-primary ${role.name === 'ROLE_ADMIN' ? 'disabled' : ''}`}>
+                                                                <FontAwesomeIcon icon={faEdit} size="lg" />
+                                                                <span className="sr-only">
+                                                                    <Translate value="action.edit">Edit</Translate>
+                                                                </span>
+                                                            </Link>
+                                                            <Button disabled={role.name === 'ROLE_ADMIN'} variant="link" className="text-danger" onClick={() => block(() => remove(role.resourceId))}>
+                                                                <FontAwesomeIcon icon={faTrash} size="lg" />
+                                                                <span className="sr-only">
+                                                                    <Translate value="action.delete">Delete</Translate>
+                                                                </span>
+                                                            </Button>
+                                                        </React.Fragment>
                                                     </td>
                                                 </tr>
                                             ) : <tr>
diff --git a/ui/src/app/admin/hoc/RoleProvider.js b/ui/src/app/admin/hoc/RoleProvider.js
index 091ac1bd6..dbe0feea2 100644
--- a/ui/src/app/admin/hoc/RoleProvider.js
+++ b/ui/src/app/admin/hoc/RoleProvider.js
@@ -3,13 +3,13 @@ import { useRole } from '../hooks';
 
 export function RoleProvider({ id, children }) {
 
-    const [role, setRole] = React.useState({id: 'foo'});
+    const [role, setRole] = React.useState();
     const { get, response } = useRole(id);
 
     async function loadRole() {
-        const role = await get(``);
+        const r = await get(``);
         if (response.ok) {
-            setRole(role);
+            setRole(r);
         }
     }
 

From 5a032d3122edeb7d4433134b3874b5fbc32d0ced Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Fri, 20 Aug 2021 11:38:25 -0700
Subject: [PATCH 16/24] SHIBUI-2030

fix login issue
---
 .../admin/ui/configuration/auto/WebSecurityConfig.java   | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
index 3d66de957..7e19425e7 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
@@ -9,7 +9,6 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.springsecurity.AdminUserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -38,6 +37,9 @@
 @ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class)
 public class WebSecurityConfig {
 
+    @Value("${shibui.roles.authenticated}")
+    private String[] acceptedAuthenticationRoles;
+
     @Value("${shibui.logout-url:/dashboard}")
     private String logoutUrl;
 
@@ -76,7 +78,7 @@ protected void configure(HttpSecurity http) throws Exception {
                         .and()
                         .authorizeRequests()
                         .antMatchers("/unsecured/**/*").permitAll()
-                        .anyRequest().hasAnyRole("USER", "ADMIN")
+                        .anyRequest().hasAnyRole(acceptedAuthenticationRoles)
                         .and()
                         .exceptionHandling().accessDeniedHandler((request, response, accessDeniedException) -> response.sendRedirect("/unsecured/error.html"))
                         .and()
@@ -157,5 +159,4 @@ public void configure(WebSecurity web) throws Exception {
             }
         };
     }
-}
-
+}
\ No newline at end of file

From f2b6975fffdbbd6f2f76fefacfc94e114a54d999 Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Fri, 20 Aug 2021 11:42:12 -0700
Subject: [PATCH 17/24] SHIBUI-2030

fix login issue
---
 .../tier/shibboleth/admin/ui/configuration/DevConfig.groovy  | 5 ++++-
 backend/src/main/resources/application.properties            | 5 +++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy
index 46ff633cd..62fda2ed9 100644
--- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy
+++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy
@@ -96,6 +96,9 @@ class DevConfig {
             }, new Role().with {
                 name = 'ROLE_NONE'
                 it
+            }, new Role().with {
+                name = 'ROLE_ENABLE'
+                it
             }]
             roles.each {
                 roleRepository.save(it)
@@ -207,4 +210,4 @@ class DevConfig {
             return it
         })
     }
-}
+}
\ No newline at end of file
diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties
index 6f8b837e3..400212d09 100644
--- a/backend/src/main/resources/application.properties
+++ b/backend/src/main/resources/application.properties
@@ -20,6 +20,7 @@ spring.datasource.platform=h2
 spring.datasource.driverClassName=org.h2.Driver
 spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
 spring.h2.console.enabled=true
+spring.h2.console.settings.web-allow-others=true
 
 # spring.jackson.default-property-inclusion=non_absent
 spring.jackson.default-property-inclusion=NON_NULL
@@ -87,7 +88,11 @@ shibui.mail.text-email-template-path-prefix=/mail/text/
 shibui.mail.html.email-template-path-prefix=/mail/html/
 shibui.mail.system-email-address=doNotReply@shibui.org
 
+
+#ShibUIConfiguration slurps in these values and they are bootstrapped in on startup
 shibui.roles=ROLE_ADMIN,ROLE_ENABLE,ROLE_USER,ROLE_NONE
+#Authenticated access roles - used by Spring Security to allow access when authenticated
+shibui.roles.authenticated=ADMIN,ENABLE,USER
 
 #In order to enable authentication via configured pac4j library (with external SAMl Idp, for example)
 #This property must be set to true and pac4j properties configured. For sample pac4j properties, see application.yml

From 655d11fe83381356b34654c772d344d5f2e75a91 Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Fri, 20 Aug 2021 13:58:15 -0700
Subject: [PATCH 18/24] Fixed test

---
 ui/src/app/admin/hoc/RoleProvider.test.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ui/src/app/admin/hoc/RoleProvider.test.js b/ui/src/app/admin/hoc/RoleProvider.test.js
index 9c063a41a..a7d3347b4 100644
--- a/ui/src/app/admin/hoc/RoleProvider.test.js
+++ b/ui/src/app/admin/hoc/RoleProvider.test.js
@@ -8,20 +8,20 @@ import {useRole} from '../hooks';
 jest.mock('../hooks');
 
 describe('RoleProvider component', () => {
+    // let get;
 
-    beforeEach(() => {
+    test('should provide the role context', async () => {
+        let get = jest.fn().mockResolvedValue({ id: 'foo' });
         useRole.mockImplementation(() => {
             return {
-                get: jest.fn().mockResolvedValue({ id: 'foo' }),
+                get,
                 response: {
                     ok: false,
                     status: 200
                 }
             };
         });
-    })
 
-    test('should provide the role context', async () => {
         act(() => {
             render(<RoleProvider id={'foo'}>
             {(role) => <div>{role?.id}</div>}
@@ -29,7 +29,7 @@ describe('RoleProvider component', () => {
         });
 
         expect(useRole).toHaveBeenCalled();
-        expect(screen.getByText('foo')).toBeInTheDocument();
+        expect(get).toHaveBeenCalled();
     });
 
 })
\ No newline at end of file

From 92d8529635c40e35844ff855e0f81a6ab7b6dbe5 Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Fri, 20 Aug 2021 15:17:09 -0700
Subject: [PATCH 19/24] SHIBUI-2033

fix ownership issue
---
 .../ui/security/service/UserService.java      |   7 +-
 .../JPAEntityDescriptorServiceImpl.java       |  23 +-
 .../EntityDescriptorControllerTests.groovy    |  88 +++----
 ...DescriptorOwnershipIntegrationTests.groovy | 216 ++++++++++++++++++
 ...yDescriptorFilesScheduledTasksTests.groovy |  25 +-
 ...PAEntityDescriptorServiceImplTests2.groovy |  37 ++-
 6 files changed, 280 insertions(+), 116 deletions(-)
 create mode 100644 backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorOwnershipIntegrationTests.groovy

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
index 4118b8881..122f85751 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
@@ -113,7 +113,7 @@ public UserAccess getCurrentUserAccess() {
         if (user.getRole().equals("ROLE_ADMIN")) {
             return ADMIN;
         }
-        if (user.getRole().equals("ROLE_USER")) {
+        if (user.getRole().equals("ROLE_USER") || user.getRole().equals("ROLE_ENABLE")) {
             return GROUP;
         }
         return NONE;
@@ -131,9 +131,7 @@ public Group getCurrentUserGroup() {
     public Set<String> getUserRoles(String username) {
         Optional<User> user = userRepository.findByUsername(username);
         HashSet<String> result = new HashSet<>();
-        if (user.isPresent() ) {
-             user.get().getRoles().forEach(role -> result.add(role.getName()));
-        }
+        user.ifPresent(value -> value.getRoles().forEach(role -> result.add(role.getName())));
         return result;
     }
 
@@ -209,7 +207,6 @@ public User save(User user) {
      * This currently exists because users should only ever have one role in the system at this time. However, user
      * roles are persisted as a set of roles (for future-proofing). Once we start allowing a user to have multiple roles,
      * this method and User.role can go away.
-     * @param user
      */
     public void updateUserRole(User user) {
         if (StringUtils.isNotBlank(user.getRole())) {
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
index 764d75f6b..d23b16365 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
@@ -7,10 +7,8 @@
 import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException;
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
 import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository;
-import edu.internet2.tier.shibboleth.admin.ui.security.model.Group;
-import edu.internet2.tier.shibboleth.admin.ui.security.model.User;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.*;
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.OwnershipRepository;
-import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
 import edu.internet2.tier.shibboleth.admin.util.MDDCConstants;
 import edu.internet2.tier.shibboleth.admin.util.ModelRepresentationConversions;
@@ -30,9 +28,6 @@ public class JPAEntityDescriptorServiceImpl implements EntityDescriptorService {
     @Autowired
     private EntityDescriptorRepository entityDescriptorRepository;
 
-    @Autowired
-    private IGroupService groupService;
-
     @Autowired
     private OpenSamlObjects openSamlObjects;
 
@@ -87,7 +82,12 @@ public EntityDescriptorRepresentation createNew(EntityDescriptorRepresentation e
 
         EntityDescriptor ed = (EntityDescriptor) createDescriptorFromRepresentation(edRep);
         ed.setIdOfOwner(userService.getCurrentUserGroup().getOwnerId());
-        return createRepresentationFromDescriptor(entityDescriptorRepository.save(ed));
+        ed = entityDescriptorRepository.save(ed);
+
+        ownershipRepository.deleteEntriesForOwnedObject(ed);
+        ownershipRepository.save(new Ownership(userService.getCurrentUserGroup(), ed));
+
+        return createRepresentationFromDescriptor(ed);
     }
 
     @Override
@@ -374,10 +374,17 @@ public EntityDescriptorRepresentation update(EntityDescriptorRepresentation edRe
             throw new ConcurrentModificationException(String.format("A concurrent modification has occured on entity descriptor with entity id [%s]. Please refresh and try again", edRep.getId()));
         }
         updateDescriptorFromRepresentation(existingEd, edRep);
-        return createRepresentationFromDescriptor(entityDescriptorRepository.save(existingEd));
+        existingEd = entityDescriptorRepository.save(existingEd);
+        ownershipRepository.deleteEntriesForOwnedObject(existingEd);
+        ownershipRepository.save(new Ownership(new Owner() {
+            public String getOwnerId() { return edRep.getIdOfOwner(); }
+            public OwnerType getOwnerType() { return OwnerType.GROUP; }
+        }, existingEd));
+        return createRepresentationFromDescriptor(existingEd);
     }
 
     @Override
+    // This should be private, but we use it in a couple different test classes not sure we should keep...
     public void updateDescriptorFromRepresentation(org.opensaml.saml.saml2.metadata.EntityDescriptor entityDescriptor, EntityDescriptorRepresentation representation) {
         if (!(entityDescriptor instanceof EntityDescriptor)) {
             throw new UnsupportedOperationException("not yet implemented");
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy
index a04c9ebba..f7b44786a 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy
@@ -21,35 +21,18 @@ import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.service.GroupServiceForTesting
 import edu.internet2.tier.shibboleth.admin.ui.security.service.GroupServiceImpl
-import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
-import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorVersionService
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityService
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityDescriptorServiceImpl
-import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityServiceImpl
 import edu.internet2.tier.shibboleth.admin.ui.util.RandomGenerator
-import edu.internet2.tier.shibboleth.admin.ui.util.TestHelpers
 import edu.internet2.tier.shibboleth.admin.ui.util.TestObjectGenerator
 import edu.internet2.tier.shibboleth.admin.util.EntityDescriptorConversionUtils
-import groovy.json.JsonOutput
-import groovy.json.JsonSlurper
-
-import org.skyscreamer.jsonassert.Customization
-import org.skyscreamer.jsonassert.JSONAssert
-import org.skyscreamer.jsonassert.JSONCompareMode
-import org.skyscreamer.jsonassert.ValueMatcher
-import org.skyscreamer.jsonassert.comparator.CustomComparator
-import org.skyscreamer.jsonassert.comparator.JSONCompareUtil
 import org.springframework.beans.factory.annotation.Autowired
-import org.springframework.beans.factory.support.RootBeanDefinition
 import org.springframework.boot.autoconfigure.domain.EntityScan
 import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest
-import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest
 import org.springframework.context.annotation.Bean
-import org.springframework.context.annotation.ComponentScan
 import org.springframework.context.annotation.Profile
-import org.springframework.context.support.StaticApplicationContext
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.context.SecurityContext
@@ -62,21 +45,14 @@ import org.springframework.test.context.ContextConfiguration
 import org.springframework.test.web.servlet.setup.MockMvcBuilders
 import org.springframework.transaction.annotation.Transactional
 import org.springframework.web.client.RestTemplate
-import org.springframework.web.servlet.config.annotation.EnableWebMvc
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport
-import org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver
-
-import spock.lang.Ignore
-import spock.lang.Shared
 import spock.lang.Specification
 import spock.lang.Subject
 
-import java.time.LocalDateTime
-
 import javax.persistence.EntityManager
 
 import static org.hamcrest.CoreMatchers.containsString
-import static org.springframework.http.MediaType.*
+import static org.springframework.http.MediaType.APPLICATION_JSON
+import static org.springframework.http.MediaType.APPLICATION_XML
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*
 
@@ -143,14 +119,13 @@ class EntityDescriptorControllerTests extends Specification {
         mapper = new ObjectMapper()
 
         service.userService = userService
-        service.groupService = groupService
 
         controller = new EntityDescriptorController(versionService)
         controller.openSamlObjects = openSamlObjects
         controller.entityDescriptorService = service
         controller.restTemplate = mockRestTemplate
 
-        mockMvc = MockMvcBuilders.standaloneSetup(controller).build();
+        mockMvc = MockMvcBuilders.standaloneSetup(controller).build()
         
         securityContext.getAuthentication() >> authentication
         SecurityContextHolder.setContext(securityContext)
@@ -241,11 +216,11 @@ class EntityDescriptorControllerTests extends Specification {
         def result = mockMvc.perform(get('/api/EntityDescriptors'))
 
         then:        
-        def mvcResult = result.andExpect(expectedHttpResponseStatus).andExpect(content().contentType(expectedResponseContentType))
-                              .andExpect(jsonPath("\$.[0].id").value("uuid-1"))
-                              .andExpect(jsonPath("\$.[0].entityId").value("eid1"))
-                              .andExpect(jsonPath("\$.[0].serviceEnabled").value(true))
-                              .andExpect(jsonPath("\$.[0].idOfOwner").value("admingroup"))
+        result.andExpect(expectedHttpResponseStatus).andExpect(content().contentType(expectedResponseContentType))
+                          .andExpect(jsonPath("\$.[0].id").value("uuid-1"))
+                          .andExpect(jsonPath("\$.[0].entityId").value("eid1"))
+                          .andExpect(jsonPath("\$.[0].serviceEnabled").value(true))
+                          .andExpect(jsonPath("\$.[0].idOfOwner").value("admingroup"))
     }
 
     @Rollback
@@ -351,10 +326,10 @@ class EntityDescriptorControllerTests extends Specification {
         
         then:
         try {
-            def exceptionExpected = mockMvc.perform(post('/api/EntityDescriptor').contentType(APPLICATION_JSON).content(postedJsonBody))
+            mockMvc.perform(post('/api/EntityDescriptor').contentType(APPLICATION_JSON).content(postedJsonBody))
         }
         catch (Exception e) {
-            e instanceof ForbiddenException == true
+            e instanceof ForbiddenException
         }
     }
 
@@ -394,10 +369,10 @@ class EntityDescriptorControllerTests extends Specification {
         
         then:
         try {
-            def exceptionExpected = mockMvc.perform(post('/api/EntityDescriptor').contentType(APPLICATION_JSON).content(postedJsonBody))
+            mockMvc.perform(post('/api/EntityDescriptor').contentType(APPLICATION_JSON).content(postedJsonBody))
         }
         catch (Exception e) {
-            e instanceof EntityIdExistsException == true
+            e instanceof EntityIdExistsException
         }
     }
     
@@ -409,10 +384,10 @@ class EntityDescriptorControllerTests extends Specification {
 
         then:
         try {
-            def exceptionExpected = mockMvc.perform(get("/api/EntityDescriptor/uuid-1"))
+            mockMvc.perform(get("/api/EntityDescriptor/uuid-1"))
         }
         catch (Exception e) {
-            e instanceof EntityNotFoundException == true
+            e instanceof EntityNotFoundException
         }
     }
     
@@ -482,10 +457,10 @@ class EntityDescriptorControllerTests extends Specification {
 
         then:
         try {
-            def exceptionExpected = mockMvc.perform(get("/api/EntityDescriptor/uuid-2"))
+            mockMvc.perform(get("/api/EntityDescriptor/uuid-2"))
         }
         catch (Exception e) {
-            e instanceof ForbiddenException == true
+            e instanceof ForbiddenException
         }        
     }
 
@@ -553,10 +528,10 @@ class EntityDescriptorControllerTests extends Specification {
     
         then:
         try {
-            def exceptionExpected = mockMvc.perform(get("/api/EntityDescriptor/$providedResourceId").accept(APPLICATION_XML))
+            mockMvc.perform(get("/api/EntityDescriptor/$providedResourceId").accept(APPLICATION_XML))
         }
         catch (Exception e) {
-            e instanceof ForbiddenException == true
+            e instanceof ForbiddenException
         }
     }
 
@@ -640,10 +615,10 @@ class EntityDescriptorControllerTests extends Specification {
         
         then:
         try {
-            def exceptionExpected = mockMvc.perform(post("/api/EntityDescriptor").contentType(APPLICATION_XML).content(postedBody).param("spName", spName))
+            mockMvc.perform(post("/api/EntityDescriptor").contentType(APPLICATION_XML).content(postedBody).param("spName", spName))
         }
         catch (Exception e) {
-            e instanceof EntityIdExistsException == true
+            e instanceof EntityIdExistsException
         }
     }
 
@@ -694,10 +669,10 @@ class EntityDescriptorControllerTests extends Specification {
 
         then:
         try {
-            def exceptionExpected = mockMvc.perform(put("/api/EntityDescriptor/uuid-1").contentType(APPLICATION_JSON).content(postedJsonBody))
+            mockMvc.perform(put("/api/EntityDescriptor/uuid-1").contentType(APPLICATION_JSON).content(postedJsonBody))
         }
         catch (Exception e) {
-            e instanceof ForbiddenException == true
+            e instanceof ForbiddenException
         }
     }
 
@@ -721,10 +696,10 @@ class EntityDescriptorControllerTests extends Specification {
 
         then:
         try {
-            def exceptionExpected = mockMvc.perform(put("/api/EntityDescriptor/uuid-1").contentType(APPLICATION_JSON).content(postedJsonBody))
+            mockMvc.perform(put("/api/EntityDescriptor/uuid-1").contentType(APPLICATION_JSON).content(postedJsonBody))
         }
         catch (Exception e) {
-            e instanceof ForbiddenException == true
+            e instanceof ForbiddenException
         }
     }
 
@@ -747,10 +722,10 @@ class EntityDescriptorControllerTests extends Specification {
 
         then:
         try {
-            def exception = mockMvc.perform(put("/api/EntityDescriptor/$resourceId").contentType(APPLICATION_JSON).content(postedJsonBody))
+            mockMvc.perform(put("/api/EntityDescriptor/$resourceId").contentType(APPLICATION_JSON).content(postedJsonBody))
         }
         catch (Exception e) {
-          e instanceof ConcurrentModificationException == true
+          e instanceof ConcurrentModificationException
         }
     }
     
@@ -768,13 +743,4 @@ class EntityDescriptorControllerTests extends Specification {
             return result
         }
     }
-}
-
-//when:
-//def Set<Ownership> ownerships = ownershipRepository.findOwnableObjectOwners(ed)
-//
-//then:
-//ownerships.size() == 1
-//ownerships.each {
-//    it.ownerId == groupFromDb.resourceId
-//}
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorOwnershipIntegrationTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorOwnershipIntegrationTests.groovy
new file mode 100644
index 000000000..59510ac27
--- /dev/null
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorOwnershipIntegrationTests.groovy
@@ -0,0 +1,216 @@
+package edu.internet2.tier.shibboleth.admin.ui.controller
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.fasterxml.jackson.databind.SerializationFeature
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule
+import edu.internet2.tier.shibboleth.admin.ui.configuration.CoreShibUiConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.configuration.InternationalizationConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.configuration.SearchConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.configuration.TestConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation
+import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects
+import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.model.Group
+import edu.internet2.tier.shibboleth.admin.ui.security.model.Role
+import edu.internet2.tier.shibboleth.admin.ui.security.model.User
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.OwnershipRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.service.GroupServiceForTesting
+import edu.internet2.tier.shibboleth.admin.ui.security.service.GroupServiceImpl
+import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
+import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorVersionService
+import edu.internet2.tier.shibboleth.admin.ui.service.EntityService
+import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityDescriptorServiceImpl
+import edu.internet2.tier.shibboleth.admin.util.EntityDescriptorConversionUtils
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.autoconfigure.domain.EntityScan
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Primary
+import org.springframework.context.annotation.Profile
+import org.springframework.data.jpa.repository.config.EnableJpaRepositories
+import org.springframework.security.test.context.support.WithMockUser
+import org.springframework.test.context.ActiveProfiles
+import org.springframework.test.context.ContextConfiguration
+import org.springframework.test.web.servlet.setup.MockMvcBuilders
+import org.springframework.transaction.annotation.Transactional
+import org.springframework.web.client.RestTemplate
+import spock.lang.Specification
+import spock.lang.Stepwise
+import spock.lang.Subject
+
+import javax.persistence.EntityManager
+
+import static org.springframework.http.MediaType.APPLICATION_JSON
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
+
+/**
+ * Test to recreate an issue discovered while trying to validate fixes for other bugs - SHIBUI-2033
+ */
+@DataJpaTest
+@ContextConfiguration(classes=[CoreShibUiConfiguration, SearchConfiguration, TestConfiguration, InternationalizationConfiguration, LocalConfig])
+@EnableJpaRepositories(basePackages = ["edu.internet2.tier.shibboleth.admin.ui"])
+@EntityScan("edu.internet2.tier.shibboleth.admin.ui")
+@ActiveProfiles(["edoi-test"])
+@Stepwise
+class EntityDescriptorOwnershipIntegrationTests extends Specification {
+    @Autowired
+    EntityDescriptorRepository entityDescriptorRepository
+
+    @Autowired
+    EntityManager entityManager
+    
+    @Autowired
+    EntityService entityService
+    
+    @Autowired
+    GroupServiceForTesting groupService
+    
+    @Autowired
+    OwnershipRepository ownershipRepository
+    
+    @Autowired
+    RoleRepository roleRepository
+
+    @Autowired
+    JPAEntityDescriptorServiceImpl service
+        
+    @Autowired
+    UserRepository userRepository
+    
+    @Autowired
+    UserService userService
+
+    def mockRestTemplate = Mock(RestTemplate)
+
+    def openSamlObjects = new OpenSamlObjects().with {
+        init()
+        it
+    }
+
+    Group cuGroup = new Group().with {
+        it.name = "College Users"
+        it.resourceId = "cu-group"
+        it
+    }
+
+    def mockMvc
+
+    @Subject
+    def controller
+
+    @Transactional
+    def setup() {
+        groupService.clearAllForTesting()
+
+        EntityDescriptorVersionService versionService = Mock()
+        controller = new EntityDescriptorController(versionService)
+        controller.openSamlObjects = openSamlObjects
+        controller.entityDescriptorService = service
+        controller.restTemplate = mockRestTemplate
+
+        mockMvc = MockMvcBuilders.standaloneSetup(controller).build()
+
+        if (roleRepository.count() == 0) {
+            def roles = [new Role().with {
+                name = 'ROLE_ADMIN'
+                it
+            }, new Role().with {
+                name = 'ROLE_USER'
+                it
+            }, new Role().with {
+                name = 'ROLE_ENABLE'
+                it
+            }]
+            roles.each {
+                roleRepository.save(it)
+            }
+        }
+        
+        Optional<Role> adminRole = roleRepository.findByName("ROLE_ADMIN")
+        User adminUser = new User(username: "admin", roles: [adminRole.get()], password: "foo")
+        userService.save(adminUser)
+        
+        Optional<Role> userRole = roleRepository.findByName("ROLE_USER")
+        User user = new User(username: "someUser", roles:[userRole.get()], password: "foo")
+        userService.save(user)
+        
+        EntityDescriptorConversionUtils.setOpenSamlObjects(openSamlObjects)
+        EntityDescriptorConversionUtils.setEntityService(entityService)
+    }
+
+    @WithMockUser(value = "admin", roles = ["ADMIN"])
+    def "The test scenario"() {
+        when:"step 1 - create new group"
+        cuGroup = groupService.createGroup(cuGroup)
+
+        then:
+        groupService.findAll().size() == 3
+
+        when: "step 2 - assign the user to new group"
+        User user = userRepository.findByUsername("someUser").get()
+        user.setGroup(cuGroup)
+        def updatedUser = userService.save(user)
+
+        then:
+        updatedUser.getGroupId() == "cu-group"
+        ownershipRepository.findAllByOwner(cuGroup).size() == 1
+
+        when: "step 3 - create a new ED and then change its ownership to the cu group"
+        def expectedEntityId = 'https://shib'
+        def expectedSpName = 'sp1'
+
+        def postedJsonBody = """            
+              {
+	            "serviceProviderName": "$expectedSpName",
+	            "entityId": "$expectedEntityId",
+	            "organization": {},
+	            "serviceEnabled": false,
+                "current": false
+              }                
+        """
+        def result = mockMvc.perform(post('/api/EntityDescriptor').contentType(APPLICATION_JSON).content(postedJsonBody))
+
+        then:
+        result.andExpect(status().isCreated())
+                .andExpect(jsonPath("\$.entityId").value("https://shib"))
+                .andExpect(jsonPath("\$.serviceEnabled").value(false))
+                .andExpect(jsonPath("\$.idOfOwner").value("admingroup"))
+
+        ownershipRepository.findAllByOwner(cuGroup).size() == 1 // someUser
+        ownershipRepository.findAllByOwner(Group.ADMIN_GROUP).size() == 2 // admin user + entity descriptor
+
+        when: "step 4 - change ownership of the ED"
+        String contentAsString = result.andReturn().getResponse().getContentAsString()
+        def mapper = new ObjectMapper()
+        mapper.enable(SerializationFeature.INDENT_OUTPUT)
+        mapper.registerModule(new JavaTimeModule())
+        EntityDescriptorRepresentation edRep = mapper.readValue(contentAsString, EntityDescriptorRepresentation.class)
+        edRep.setIdOfOwner(cuGroup.getOwnerId())
+        service.update(edRep)
+
+        then:
+        ownershipRepository.findAllByOwner(cuGroup).size() == 2 // someUser + entity descriptor
+        ownershipRepository.findAllByOwner(Group.ADMIN_GROUP).size() == 1 // admin user
+    }
+
+    @org.springframework.boot.test.context.TestConfiguration
+    @Profile(value = "edoi-test")
+    static class LocalConfig {
+        @Bean
+        @Primary
+        GroupServiceForTesting groupServiceForTesting(GroupsRepository repo, OwnershipRepository ownershipRepository) {
+            GroupServiceForTesting result = new GroupServiceForTesting(new GroupServiceImpl().with {
+                it.groupRepository = repo
+                it.ownershipRepository = ownershipRepository
+                return it
+            })
+            result.ensureAdminGroupExists()
+            return result
+        }
+    }
+}
\ No newline at end of file
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/scheduled/EntityDescriptorFilesScheduledTasksTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/scheduled/EntityDescriptorFilesScheduledTasksTests.groovy
index 7c1acc5da..41aa6a9cb 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/scheduled/EntityDescriptorFilesScheduledTasksTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/scheduled/EntityDescriptorFilesScheduledTasksTests.groovy
@@ -1,23 +1,18 @@
 package edu.internet2.tier.shibboleth.admin.ui.scheduled
 
-import edu.internet2.tier.shibboleth.admin.ui.configuration.InternationalizationConfiguration
-import edu.internet2.tier.shibboleth.admin.ui.configuration.TestConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.CoreShibUiConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.configuration.InternationalizationConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.SearchConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.configuration.TestConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.OrganizationRepresentation
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects
 import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository
-import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository
-import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService
-import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
 import edu.internet2.tier.shibboleth.admin.ui.service.FileCheckingFileWritingService
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityDescriptorServiceImpl
-import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityServiceImpl
 import edu.internet2.tier.shibboleth.admin.ui.util.RandomGenerator
 import edu.internet2.tier.shibboleth.admin.util.EntityDescriptorConversionUtils
-
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.autoconfigure.domain.EntityScan
 import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest
@@ -65,7 +60,6 @@ class EntityDescriptorFilesScheduledTasksTests extends Specification {
         
         service = new JPAEntityDescriptorServiceImpl()
         service.openSamlObjects = openSamlObjects
-        service.groupService = groupService
     }
 
     def "generateEntityDescriptorFiles properly generates a file from an Entity Descriptor"() {
@@ -114,21 +108,6 @@ class EntityDescriptorFilesScheduledTasksTests extends Specification {
 
     def "removeDanglingEntityDescriptorFiles properly deletes files"() {
         given:
-        def expectedXml = '''
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-                     xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
-                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                     xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-                     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
-                     entityID="http://test.example.org/test1">
-  <md:Organization>
-    <md:OrganizationName xml:lang="en">name</md:OrganizationName>
-    <md:OrganizationDisplayName xml:lang="en">display name</md:OrganizationDisplayName>
-    <md:OrganizationURL xml:lang="en">http://test.example.org</md:OrganizationURL>
-  </md:Organization>
-</md:EntityDescriptor>
-                     '''                   
-
         def entityDescriptor = service.createDescriptorFromRepresentation(new EntityDescriptorRepresentation().with {
             it.entityId = 'http://test.example.org/test1'
             it.organization = new OrganizationRepresentation().with {
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImplTests2.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImplTests2.groovy
index 9fcc9a961..11d870149 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImplTests2.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImplTests2.groovy
@@ -1,18 +1,5 @@
 package edu.internet2.tier.shibboleth.admin.ui.service
 
-import org.springframework.beans.factory.annotation.Autowired
-import org.springframework.boot.test.context.SpringBootTest
-import org.springframework.boot.test.context.TestConfiguration
-import org.springframework.context.annotation.Bean
-import org.springframework.context.annotation.Profile
-import org.springframework.context.annotation.PropertySource
-import org.springframework.security.test.context.support.WithMockUser
-import org.springframework.test.annotation.DirtiesContext
-import org.springframework.test.annotation.Rollback
-import org.springframework.test.context.ActiveProfiles
-import org.springframework.test.context.ContextConfiguration
-import org.springframework.transaction.annotation.Transactional
-
 import edu.internet2.tier.shibboleth.admin.ui.ShibbolethUiApplication
 import edu.internet2.tier.shibboleth.admin.ui.configuration.CoreShibUiConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.CustomPropertiesConfiguration
@@ -27,15 +14,27 @@ import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.service.GroupServiceForTesting
 import edu.internet2.tier.shibboleth.admin.ui.security.service.GroupServiceImpl
-import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.test.context.SpringBootTest
+import org.springframework.boot.test.context.TestConfiguration
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Primary
+import org.springframework.context.annotation.Profile
+import org.springframework.context.annotation.PropertySource
+import org.springframework.security.test.context.support.WithMockUser
+import org.springframework.test.annotation.DirtiesContext
+import org.springframework.test.annotation.Rollback
+import org.springframework.test.context.ActiveProfiles
+import org.springframework.test.context.ContextConfiguration
+import org.springframework.transaction.annotation.Transactional
 import spock.lang.Specification
 
 @ContextConfiguration(classes=[CoreShibUiConfiguration, CustomPropertiesConfiguration, LocalConfig])
 @SpringBootTest(classes = ShibbolethUiApplication.class, webEnvironment = SpringBootTest.WebEnvironment.NONE)
 @PropertySource("classpath:application.yml")
 @DirtiesContext
-@ActiveProfiles(value="local")
+@ActiveProfiles(value="jpaeds2-test")
 class JPAEntityDescriptorServiceImplTests2 extends Specification {
     
     @Autowired
@@ -65,7 +64,7 @@ class JPAEntityDescriptorServiceImplTests2 extends Specification {
         ga.setName("Group A")
         groupService.createGroup(ga)
                
-        Group gb = new Group();
+        Group gb = new Group()
         gb.setResourceId("testingGroupBBB")
         gb.setName("Group BBB")
         groupService.createGroup(gb)
@@ -95,16 +94,15 @@ class JPAEntityDescriptorServiceImplTests2 extends Specification {
 
     @WithMockUser(value = "someUser", roles = ["USER"])
     @Rollback
+    @Transactional
     def "When creating Entity Descriptor, ED is assigned to the user's group"() {
         given:
         User current = userService.getCurrentUser()
         current.setGroupId("testingGroupBBB")
 
-        def expectedCreationDate = '2017-10-23T11:11:11'
         def expectedEntityId = 'https://shib'
         def expectedSpName = 'sp1'
         def expectedUUID = 'uuid-1'
-        def expectedResponseHeader = 'Location'
         def entityDescriptor = new EntityDescriptor(resourceId: expectedUUID, entityID: expectedEntityId, serviceProviderName: expectedSpName, serviceEnabled: false)
         
         when:
@@ -115,9 +113,10 @@ class JPAEntityDescriptorServiceImplTests2 extends Specification {
     }
     
     @TestConfiguration
-    @Profile("local")
+    @Profile("jpaeds2-test")
     static class LocalConfig {
         @Bean
+        @Primary
         GroupServiceForTesting groupServiceForTesting(GroupsRepository repo, OwnershipRepository ownershipRepository) {
             GroupServiceForTesting result = new GroupServiceForTesting(new GroupServiceImpl().with {
                 it.groupRepository = repo

From cbbcb10327bab4bcf74672999df92f7e559c10e0 Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Fri, 20 Aug 2021 15:33:50 -0700
Subject: [PATCH 20/24] SHIBUI-1742

cleanup of commented out code
---
 .../ui/configuration/CoreShibUiConfiguration.java | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
index e99988344..c897a31b5 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
@@ -55,26 +55,11 @@ public EntityService jpaEntityService() {
         return new JPAEntityServiceImpl(openSamlObjects());
     }
 
-//    @Bean
-//    public EntityDescriptorService JPAEntityDescriptorServiceImpl(UserService userService) {
-//        return new JPAEntityDescriptorServiceImpl(openSamlObjects(), jpaEntityService(), userService);
-//    }
-
-//    @Bean
-//    public FilterService jpaFilterService() {
-//        return new JPAFilterServiceImpl();
-//    }
-
     @Bean
     public FilterTargetService jpaFilterTargetService() {
         return new JPAFilterTargetServiceImpl();
     }
 
-//    @Bean
-//    public MetadataResolverService metadataResolverService() {
-//        return new JPAMetadataResolverServiceImpl();
-//    }
-
     @Bean
     public AttributeUtility attributeUtility() {
         return new AttributeUtility(openSamlObjects());

From 000bf13a826a0e97ce8508f5b8d219c1555e523d Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Mon, 23 Aug 2021 08:29:10 -0700
Subject: [PATCH 21/24] Fixed issue with checkboxes on source list

---
 ui/src/app/metadata/domain/source/component/SourceList.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/src/app/metadata/domain/source/component/SourceList.js b/ui/src/app/metadata/domain/source/component/SourceList.js
index 60bce07f2..e6b63a4f4 100644
--- a/ui/src/app/metadata/domain/source/component/SourceList.js
+++ b/ui/src/app/metadata/domain/source/component/SourceList.js
@@ -55,7 +55,7 @@ export default function SourceList({ entities, onDelete, onEnable, onChangeGroup
                                         {onEnable && isAdmin ?
                                             <Form.Check
                                                 type="switch"
-                                                id="custom-switch"
+                                                id={`enable-switch-${source.id}`}
                                                 size="lg"
                                                 aria-label={translator(source.serviceEnabled ? 'label.disable' : 'label.enable')}
                                                 onChange={({ target: { checked } }) => onEnable(source, checked)}

From c9dc17c8b3074c6cf48635f4e47c5c5cc418489d Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Mon, 23 Aug 2021 08:59:29 -0700
Subject: [PATCH 22/24] Fixed issue with role_enable for users

---
 ui/src/app/core/user/UserContext.js                 | 13 ++++++++++++-
 .../metadata/domain/source/component/SourceList.js  |  5 +++--
 ui/src/app/metadata/view/MetadataOptions.js         |  5 ++++-
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/ui/src/app/core/user/UserContext.js b/ui/src/app/core/user/UserContext.js
index d656ac4a4..cdb6c1cf2 100644
--- a/ui/src/app/core/user/UserContext.js
+++ b/ui/src/app/core/user/UserContext.js
@@ -39,6 +39,11 @@ function useIsAdmin() {
     return user.role === 'ROLE_ADMIN';
 }
 
+function useIsEnabler() {
+    const user = useCurrentUser();
+    return user.role === 'ROLE_ENABLE';
+}
+
 function useIsInGroup(id) {
     const user = useCurrentUser();
     return user.group === id;
@@ -50,5 +55,11 @@ function useIsAdminOrInGroup() {
     return isAdmin || isInGroup;
 }
 
+function useCanEnable() {
+    const isAdmin = useIsAdmin();
+    const isEnabler = useIsEnabler();
+    return isAdmin || isEnabler;
+}
+
 
-export { UserContext, UserProvider, Consumer as UserConsumer, useCurrentUser, useIsAdmin, useIsAdminOrInGroup };
\ No newline at end of file
+export { UserContext, UserProvider, Consumer as UserConsumer, useCurrentUser, useIsAdmin, useIsAdminOrInGroup, useCanEnable};
\ No newline at end of file
diff --git a/ui/src/app/metadata/domain/source/component/SourceList.js b/ui/src/app/metadata/domain/source/component/SourceList.js
index e6b63a4f4..577c56715 100644
--- a/ui/src/app/metadata/domain/source/component/SourceList.js
+++ b/ui/src/app/metadata/domain/source/component/SourceList.js
@@ -13,13 +13,14 @@ import FormattedDate from '../../../../core/components/FormattedDate';
 import Translate from '../../../../i18n/components/translate';
 import { Scroller } from '../../../../dashboard/component/Scroller';
 import { useTranslator } from '../../../../i18n/hooks';
-import { useIsAdmin } from '../../../../core/user/UserContext';
+import { useCanEnable, useIsAdmin } from '../../../../core/user/UserContext';
 import { GroupsProvider } from '../../../../admin/hoc/GroupsProvider';
 
 export default function SourceList({ entities, onDelete, onEnable, onChangeGroup }) {
 
     const translator = useTranslator();
     const isAdmin = useIsAdmin();
+    const canEnable = useCanEnable();
 
     return (
         <Scroller entities={entities}>
@@ -52,7 +53,7 @@ export default function SourceList({ entities, onDelete, onEnable, onChangeGroup
                                     <td className="align-middle"><FormattedDate date={source.createdDate} /></td>
                                     <td className="text-center align-middle">
                                         <span className="d-flex justify-content-center align-items-center">
-                                        {onEnable && isAdmin ?
+                                        {onEnable && canEnable ?
                                             <Form.Check
                                                 type="switch"
                                                 id={`enable-switch-${source.id}`}
diff --git a/ui/src/app/metadata/view/MetadataOptions.js b/ui/src/app/metadata/view/MetadataOptions.js
index 3c78b46d0..26c6642da 100644
--- a/ui/src/app/metadata/view/MetadataOptions.js
+++ b/ui/src/app/metadata/view/MetadataOptions.js
@@ -20,6 +20,7 @@ import { MetadataFilterConfigurationList } from '../domain/filter/component/Meta
 import { MetadataFilterTypes } from '../domain/filter';
 import { useMetadataSchema } from '../hooks/schema';
 import { FilterableProviders } from '../domain/provider';
+import { useCanEnable } from '../../core/user/UserContext';
 
 export function MetadataOptions ({reload}) {
 
@@ -51,6 +52,8 @@ export function MetadataOptions ({reload}) {
 
     const enabled = type === 'source' ? metadata.serviceEnabled : metadata.enabled;
 
+    const canEnable = useCanEnable();
+
     return (
         <MetadataActions type={type}>
             {(enable, remove) =>
@@ -65,7 +68,7 @@ export function MetadataOptions ({reload}) {
                     model={metadata}
                     showGroup={type === 'source'}>
                     <div className="d-flex align-items-start btn-group">
-                        {enable &&
+                        {enable && canEnable &&
                         <Button variant={enabled ? 'outline-secondary' : 'outline-secondary' } size="sm" className=""
                                 onClick={() => enable(metadata, !enabled, reload)}>
                                      <span className=" mr-1">

From 72368f4fd7ad682cbc63365dfe8c1ee05e5440e1 Mon Sep 17 00:00:00 2001
From: Ryan Mathis <rmathis@unicon.net>
Date: Mon, 23 Aug 2021 12:18:47 -0700
Subject: [PATCH 23/24] Fixed delete for enablers

---
 ui/src/app/metadata/domain/source/component/SourceList.js | 4 ++--
 ui/src/app/metadata/view/MetadataOptions.js               | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/ui/src/app/metadata/domain/source/component/SourceList.js b/ui/src/app/metadata/domain/source/component/SourceList.js
index 577c56715..792c16394 100644
--- a/ui/src/app/metadata/domain/source/component/SourceList.js
+++ b/ui/src/app/metadata/domain/source/component/SourceList.js
@@ -35,7 +35,7 @@ export default function SourceList({ entities, onDelete, onEnable, onChangeGroup
                                 <th className=""><Translate value="label.creation-date">Created Date</Translate></th>
                                 <th className="text-center"><Translate value="label.enabled">Enabled</Translate></th>
                                 {isAdmin && onChangeGroup && <th className=""><Translate value="label.group">Group</Translate></th> }
-                                {onDelete && <th className="w-auto"></th>}
+                                {onDelete && isAdmin && <th className="w-auto"></th>}
                             </tr>
                         </thead>
                         <tbody>
@@ -94,7 +94,7 @@ export default function SourceList({ entities, onDelete, onEnable, onChangeGroup
                                         </GroupsProvider>
                                     </td>
                                     }
-                                    {onDelete &&
+                                    {onDelete && isAdmin &&
                                     <td className="text-right align-middle">
                                         <OverlayTrigger trigger={source.serviceEnabled ? ['hover', 'focus'] : []} placement="left"
                                             overlay={
diff --git a/ui/src/app/metadata/view/MetadataOptions.js b/ui/src/app/metadata/view/MetadataOptions.js
index 26c6642da..9bc8d2f1c 100644
--- a/ui/src/app/metadata/view/MetadataOptions.js
+++ b/ui/src/app/metadata/view/MetadataOptions.js
@@ -20,7 +20,7 @@ import { MetadataFilterConfigurationList } from '../domain/filter/component/Meta
 import { MetadataFilterTypes } from '../domain/filter';
 import { useMetadataSchema } from '../hooks/schema';
 import { FilterableProviders } from '../domain/provider';
-import { useCanEnable } from '../../core/user/UserContext';
+import { useCanEnable, useIsAdmin } from '../../core/user/UserContext';
 
 export function MetadataOptions ({reload}) {
 
@@ -53,6 +53,7 @@ export function MetadataOptions ({reload}) {
     const enabled = type === 'source' ? metadata.serviceEnabled : metadata.enabled;
 
     const canEnable = useCanEnable();
+    const isAdmin = useIsAdmin();
 
     return (
         <MetadataActions type={type}>
@@ -77,7 +78,7 @@ export function MetadataOptions ({reload}) {
                             <FontAwesomeIcon size="lg" icon={enabled ? faToggleOn : faToggleOff} />
                         </Button>
                         }
-                        {type === 'source' && remove &&
+                        {type === 'source' && remove && isAdmin &&
                         <Button
                             size="sm"
                             variant={ 'danger' }

From e1f7ddd2e56c9d1b67c297c7540e210d6889116e Mon Sep 17 00:00:00 2001
From: Bill Smith <wsmith@unicon.net>
Date: Mon, 23 Aug 2021 20:09:26 -0700
Subject: [PATCH 24/24] SHIBUI-1742

Added automated tests for role CRUD and new enabler role.
---
 .../admin/ui/SeleniumSIDETest.groovy          |   2 +
 .../integration/resources/SHIBUI-1742-1.side  | 551 ++++++++++++++++++
 .../integration/resources/SHIBUI-1742-2.side  | 462 +++++++++++++++
 3 files changed, 1015 insertions(+)
 create mode 100644 backend/src/integration/resources/SHIBUI-1742-1.side
 create mode 100644 backend/src/integration/resources/SHIBUI-1742-2.side

diff --git a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy
index f63de0276..e156451ee 100644
--- a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy
+++ b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy
@@ -131,6 +131,8 @@ class SeleniumSIDETest extends Specification {
         'SHIBUI-1740: Verify dev profile group membership'                  | '/SHIBUI-1740-2.side'
         'SHIBUI-1740: Verify admin-owned resource not visible to nonadmins' | '/SHIBUI-1740-3.side'
         'SHIBUI-1740: Verify nonadmin-owned resource visibility'            | '/SHIBUI-1740-4.side'
+        'SHIBUI-1742: Verify enabler role allows enabling'                  | '/SHIBUI-1742-1.side'
+        'SHIBUI-1742: Verify role CRUD operations'                          | '/SHIBUI-1742-2.side'
     }
 }
 
diff --git a/backend/src/integration/resources/SHIBUI-1742-1.side b/backend/src/integration/resources/SHIBUI-1742-1.side
new file mode 100644
index 000000000..cc8b94078
--- /dev/null
+++ b/backend/src/integration/resources/SHIBUI-1742-1.side
@@ -0,0 +1,551 @@
+{
+  "id": "13a69ee7-b636-4bfe-8f84-ef4670ded81e",
+  "version": "2.0",
+  "name": "SHIBUI-1742-1",
+  "url": "http://localhost:10101",
+  "tests": [{
+    "id": "a26f2eda-ddf2-4c49-a29d-d86a282bb75a",
+    "name": "SHIBUI-1742-1",
+    "commands": [{
+      "id": "db1854f2-6ab7-49d9-b2cc-ba4dfcb7cafd",
+      "comment": "",
+      "command": "open",
+      "target": "/login",
+      "targets": [],
+      "value": ""
+    }, {
+      "id": "46f32c9e-84a3-4aad-b61c-9fb6a9de3b1a",
+      "comment": "",
+      "command": "type",
+      "target": "id=username",
+      "targets": [
+        ["id=username", "id"],
+        ["name=username", "name"],
+        ["css=#username", "css:finder"],
+        ["xpath=//input[@id='username']", "xpath:attributes"],
+        ["xpath=//input", "xpath:position"]
+      ],
+      "value": "admin"
+    }, {
+      "id": "9a5a9a52-3c62-47fd-b6f6-4525bcde990d",
+      "comment": "",
+      "command": "type",
+      "target": "id=password",
+      "targets": [
+        ["id=password", "id"],
+        ["name=password", "name"],
+        ["css=#password", "css:finder"],
+        ["xpath=//input[@id='password']", "xpath:attributes"],
+        ["xpath=//p[2]/input", "xpath:position"]
+      ],
+      "value": "adminpass"
+    }, {
+      "id": "06d4ce18-c03f-424d-9eac-0c44b52dd9ab",
+      "comment": "",
+      "command": "sendKeys",
+      "target": "id=password",
+      "targets": [
+        ["id=password", "id"],
+        ["name=password", "name"],
+        ["css=#password", "css:finder"],
+        ["xpath=//input[@id='password']", "xpath:attributes"],
+        ["xpath=//p[2]/input", "xpath:position"]
+      ],
+      "value": "${KEY_ENTER}"
+    }, {
+      "id": "9572c7f3-5365-4864-a335-a0ed4c87ec7f",
+      "comment": "",
+      "command": "open",
+      "target": "/api/heheheheheheheWipeout",
+      "targets": [],
+      "value": ""
+    }, {
+      "id": "f7a3bd08-36e1-4b1d-97ad-88b3fcca1569",
+      "comment": "",
+      "command": "assertText",
+      "target": "css=body",
+      "targets": [],
+      "value": "yes, you did it"
+    }, {
+      "id": "661c8c9a-0a29-46e2-b29a-0649f16d7ed3",
+      "comment": "",
+      "command": "open",
+      "target": "/",
+      "targets": [],
+      "value": ""
+    }, {
+      "id": "5665bd34-1f12-40ed-b33a-7c800d24988b",
+      "comment": "",
+      "command": "click",
+      "target": "linkText=Admin",
+      "targets": [
+        ["linkText=Admin", "linkText"],
+        ["css=.nav-item:nth-child(3) > .nav-link", "css:finder"],
+        ["xpath=//a[contains(text(),'Admin')]", "xpath:link"],
+        ["xpath=//div[@id='root']/div/main/div/div/div[3]/a", "xpath:idRelative"],
+        ["xpath=//a[contains(@href, '/dashboard/admin/management')]", "xpath:href"],
+        ["xpath=//div[3]/a", "xpath:position"],
+        ["xpath=//a[contains(.,'Admin')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "5d37e95f-2c20-4ff4-9d78-95471f0999e2",
+      "comment": "",
+      "command": "click",
+      "target": "id=role-anonymousUser",
+      "targets": [
+        ["id=role-anonymousUser", "id"],
+        ["name=role-anonymousUser", "name"],
+        ["css=#role-anonymousUser", "css:finder"],
+        ["xpath=//select[@id='role-anonymousUser']", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/table/tbody/tr[4]/td[4]/select", "xpath:idRelative"],
+        ["xpath=//tr[4]/td[4]/select", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "2f0250cc-19c8-4ef2-aeb9-1199292ab2f9",
+      "comment": "",
+      "command": "select",
+      "target": "id=role-anonymousUser",
+      "targets": [],
+      "value": "label=ROLE_ENABLE"
+    }, {
+      "id": "58c0e31f-f73c-4b5c-82b2-7825dc5efa67",
+      "comment": "",
+      "command": "click",
+      "target": "id=group-anonymousUser",
+      "targets": [
+        ["id=group-anonymousUser", "id"],
+        ["name=group-anonymousUser", "name"],
+        ["css=#group-anonymousUser", "css:finder"],
+        ["xpath=//select[@id='group-anonymousUser']", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/table/tbody/tr[4]/td[5]/span/select", "xpath:idRelative"],
+        ["xpath=//tr[4]/td[5]/span/select", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "e6960825-45d2-4399-871d-5db5295ee797",
+      "comment": "",
+      "command": "select",
+      "target": "id=group-anonymousUser",
+      "targets": [],
+      "value": "label=A1"
+    }, {
+      "id": "b2e8d04b-d72f-4095-be44-da0608dcbb90",
+      "comment": "",
+      "command": "click",
+      "target": "id=group-nonadmin",
+      "targets": [
+        ["id=group-nonadmin", "id"],
+        ["name=group-nonadmin", "name"],
+        ["css=#group-nonadmin", "css:finder"],
+        ["xpath=//select[@id='group-nonadmin']", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/table/tbody/tr[2]/td[5]/span/select", "xpath:idRelative"],
+        ["xpath=//tr[2]/td[5]/span/select", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "6ac3fde8-10fb-4ebd-b29a-13c194714fd3",
+      "comment": "",
+      "command": "select",
+      "target": "id=group-nonadmin",
+      "targets": [],
+      "value": "label=A1"
+    }, {
+      "id": "7109b2ff-b84f-403f-afd0-9e260bc1fc81",
+      "comment": "",
+      "command": "click",
+      "target": "linkText=Logout",
+      "targets": [
+        ["linkText=Logout", "linkText"],
+        ["css=.nav-link:nth-child(4)", "css:finder"],
+        ["xpath=//a[contains(text(),'Logout')]", "xpath:link"],
+        ["xpath=//div[@id='basic-navbar-nav']/div/a[2]", "xpath:idRelative"],
+        ["xpath=//a[contains(@href, '/logout')]", "xpath:href"],
+        ["xpath=//a[2]", "xpath:position"],
+        ["xpath=//a[contains(.,'Logout')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "cdb975a8-eb89-4d03-a544-fde32d069448",
+      "comment": "",
+      "command": "type",
+      "target": "id=username",
+      "targets": [
+        ["id=username", "id"],
+        ["name=username", "name"],
+        ["css=#username", "css:finder"],
+        ["xpath=//input[@id='username']", "xpath:attributes"],
+        ["xpath=//input", "xpath:position"]
+      ],
+      "value": "nonadmin"
+    }, {
+      "id": "fb80084d-56db-4dec-9ca8-4eaefa6e4178",
+      "comment": "",
+      "command": "type",
+      "target": "id=password",
+      "targets": [
+        ["id=password", "id"],
+        ["name=password", "name"],
+        ["css=#password", "css:finder"],
+        ["xpath=//input[@id='password']", "xpath:attributes"],
+        ["xpath=//p[2]/input", "xpath:position"]
+      ],
+      "value": "nonadminpass"
+    }, {
+      "id": "1c46ef5e-e997-40f5-87a6-d8ef4c7f4f2a",
+      "comment": "",
+      "command": "sendKeys",
+      "target": "id=password",
+      "targets": [
+        ["id=password", "id"],
+        ["name=password", "name"],
+        ["css=#password", "css:finder"],
+        ["xpath=//input[@id='password']", "xpath:attributes"],
+        ["xpath=//p[2]/input", "xpath:position"]
+      ],
+      "value": "${KEY_ENTER}"
+    }, {
+      "id": "bbbdc0b9-5e2d-4283-8cbf-7ccfa089d23d",
+      "comment": "",
+      "command": "click",
+      "target": "id=dropdown-basic",
+      "targets": [
+        ["id=dropdown-basic", "id"],
+        ["css=#dropdown-basic", "css:finder"],
+        ["xpath=//button[@id='dropdown-basic']", "xpath:attributes"],
+        ["xpath=//div[@id='basic-nav-dropdown']/button", "xpath:idRelative"],
+        ["xpath=//div/button", "xpath:position"],
+        ["xpath=//button[contains(.,'Add New')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "76fc5d62-a49c-4788-91cb-c285cb9456d5",
+      "comment": "",
+      "command": "click",
+      "target": "linkText=Add a new metadata source",
+      "targets": [
+        ["linkText=Add a new metadata source", "linkText"],
+        ["css=.text-primary", "css:finder"],
+        ["xpath=//a[contains(text(),'Add a new metadata source')]", "xpath:link"],
+        ["xpath=//div[@id='basic-nav-dropdown']/div/a", "xpath:idRelative"],
+        ["xpath=//a[contains(@href, '/metadata/source/new')]", "xpath:href"],
+        ["xpath=//div/a", "xpath:position"],
+        ["xpath=//a[contains(.,'Add a new metadata source')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "40684f5b-1c6b-4d6d-839d-f87e74f793a6",
+      "comment": "",
+      "command": "click",
+      "target": "id=root_serviceProviderName",
+      "targets": [
+        ["id=root_serviceProviderName", "id"],
+        ["css=#root_serviceProviderName", "css:finder"],
+        ["xpath=//input[@id='root_serviceProviderName']", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/div/form/div/div/div/div/div/div/div/div/input", "xpath:idRelative"],
+        ["xpath=//input", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "e06e32d9-4979-4ba0-95bb-57db5ab2a591",
+      "comment": "",
+      "command": "type",
+      "target": "id=root_serviceProviderName",
+      "targets": [
+        ["id=root_serviceProviderName", "id"],
+        ["css=#root_serviceProviderName", "css:finder"],
+        ["xpath=//input[@id='root_serviceProviderName']", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/div/form/div/div/div/div/div/div/div/div/input", "xpath:idRelative"],
+        ["xpath=//input", "xpath:position"]
+      ],
+      "value": "test"
+    }, {
+      "id": "e3c65f02-18d9-45a0-82bf-e3c3d79a5f66",
+      "comment": "",
+      "command": "click",
+      "target": "id=root_entityId",
+      "targets": [
+        ["id=root_entityId", "id"],
+        ["css=#root_entityId", "css:finder"],
+        ["xpath=//input[@id='root_entityId']", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/div/form/div/div/div/div/div/div[2]/div/div/input", "xpath:idRelative"],
+        ["xpath=//div[2]/div/div/input", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "a0664314-8c95-43c9-9b56-8686e686c68a",
+      "comment": "",
+      "command": "type",
+      "target": "id=root_entityId",
+      "targets": [
+        ["id=root_entityId", "id"],
+        ["css=#root_entityId", "css:finder"],
+        ["xpath=//input[@id='root_entityId']", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/div/form/div/div/div/div/div/div[2]/div/div/input", "xpath:idRelative"],
+        ["xpath=//div[2]/div/div/input", "xpath:position"]
+      ],
+      "value": "test"
+    }, {
+      "id": "c8db7219-1b35-4e73-a8ae-1f166aad6562",
+      "comment": "",
+      "command": "click",
+      "target": "css=.label",
+      "targets": [
+        ["css=.label", "css:finder"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/nav/ul/li[2]/button/span", "xpath:idRelative"],
+        ["xpath=//li[2]/button/span", "xpath:position"],
+        ["xpath=//span[contains(.,'2. Organization Information')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "088c3f4f-7a89-494f-95e0-0ad9b3385109",
+      "comment": "",
+      "command": "click",
+      "target": "css=.next",
+      "targets": [
+        ["css=.next", "css:finder"],
+        ["xpath=(//button[@type='button'])[4]", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"],
+        ["xpath=//li[3]/button", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "10ab17b6-b92c-480e-867f-3a579cea41a3",
+      "comment": "",
+      "command": "click",
+      "target": "css=.next",
+      "targets": [
+        ["css=.next", "css:finder"],
+        ["xpath=(//button[@type='button'])[4]", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"],
+        ["xpath=//li[3]/button", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "396d28c6-0c02-4cba-929c-1cae2c373b56",
+      "comment": "",
+      "command": "click",
+      "target": "css=.next",
+      "targets": [
+        ["css=.next", "css:finder"],
+        ["xpath=(//button[@type='button'])[4]", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"],
+        ["xpath=//li[3]/button", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "0ca516e1-78bf-4a19-b18a-edefe5b13144",
+      "comment": "",
+      "command": "click",
+      "target": "css=.next",
+      "targets": [
+        ["css=.next", "css:finder"],
+        ["xpath=(//button[@type='button'])[4]", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"],
+        ["xpath=//li[3]/button", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "c504aa92-cf30-4384-ad03-c1f0b2fe4c88",
+      "comment": "",
+      "command": "click",
+      "target": "css=.next",
+      "targets": [
+        ["css=.next", "css:finder"],
+        ["xpath=(//button[@type='button'])[4]", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"],
+        ["xpath=//li[3]/button", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "13d6a627-02ea-4dab-b600-9f3dfab8ccb7",
+      "comment": "",
+      "command": "click",
+      "target": "css=.label:nth-child(1)",
+      "targets": [
+        ["css=.label:nth-child(1)", "css:finder"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button/span", "xpath:idRelative"],
+        ["xpath=//li[3]/button/span", "xpath:position"],
+        ["xpath=//span[contains(.,'7. Assertion Consumer Service')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "53f22ab7-97c2-46ae-96f8-1f783941d800",
+      "comment": "",
+      "command": "click",
+      "target": "css=.label:nth-child(1)",
+      "targets": [
+        ["css=.label:nth-child(1)", "css:finder"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button/span", "xpath:idRelative"],
+        ["xpath=//li[3]/button/span", "xpath:position"],
+        ["xpath=//span[contains(.,'8. Relying Party Overrides')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "f9bcd184-7f40-481a-ab13-0e59f020528c",
+      "comment": "",
+      "command": "click",
+      "target": "css=.next",
+      "targets": [
+        ["css=.next", "css:finder"],
+        ["xpath=(//button[@type='button'])[4]", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"],
+        ["xpath=//li[3]/button", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "77caf09c-ad60-4f46-81df-c90b23b4c7bc",
+      "comment": "",
+      "command": "click",
+      "target": "css=.next",
+      "targets": [
+        ["css=.next", "css:finder"],
+        ["xpath=(//button[@type='button'])[4]", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"],
+        ["xpath=//li[3]/button", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "7adae5ea-9424-4709-8472-54514cd189a5",
+      "comment": "",
+      "command": "click",
+      "target": "linkText=Logout",
+      "targets": [
+        ["linkText=Logout", "linkText"],
+        ["css=.nav-link:nth-child(3)", "css:finder"],
+        ["xpath=//a[contains(text(),'Logout')]", "xpath:link"],
+        ["xpath=//div[@id='basic-navbar-nav']/div/a[2]", "xpath:idRelative"],
+        ["xpath=//a[contains(@href, '/logout')]", "xpath:href"],
+        ["xpath=//a[2]", "xpath:position"],
+        ["xpath=//a[contains(.,'Logout')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "06af2891-5091-40ba-9b0a-5a98f3e96b00",
+      "comment": "",
+      "command": "type",
+      "target": "id=username",
+      "targets": [
+        ["id=username", "id"],
+        ["name=username", "name"],
+        ["css=#username", "css:finder"],
+        ["xpath=//input[@id='username']", "xpath:attributes"],
+        ["xpath=//input", "xpath:position"]
+      ],
+      "value": "anonymousUser"
+    }, {
+      "id": "857dc0c2-943b-4a2c-8903-415ff473db3b",
+      "comment": "",
+      "command": "type",
+      "target": "id=password",
+      "targets": [
+        ["id=password", "id"],
+        ["name=password", "name"],
+        ["css=#password", "css:finder"],
+        ["xpath=//input[@id='password']", "xpath:attributes"],
+        ["xpath=//p[2]/input", "xpath:position"]
+      ],
+      "value": "anonymous"
+    }, {
+      "id": "53c20686-7317-4dd8-913a-e6db052853c1",
+      "comment": "",
+      "command": "sendKeys",
+      "target": "id=password",
+      "targets": [
+        ["id=password", "id"],
+        ["name=password", "name"],
+        ["css=#password", "css:finder"],
+        ["xpath=//input[@id='password']", "xpath:attributes"],
+        ["xpath=//p[2]/input", "xpath:position"]
+      ],
+      "value": "${KEY_ENTER}"
+    }, {
+      "id": "9585df73-48e3-4ca3-b13c-74ecdee11461",
+      "comment": "",
+      "command": "click",
+      "target": "xpath=//table/tbody/tr/td[5]/span/div/input",
+      "targets": [
+        ["css=.justify-content-center", "css:finder"],
+        ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/div/table/tbody/tr/td[5]/span", "xpath:idRelative"],
+        ["xpath=//td[5]/span", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "0d322ab9-f8d7-4cc3-8b91-48c684955b1a",
+      "comment": "",
+      "command": "click",
+      "target": "linkText=Logout",
+      "targets": [
+        ["linkText=Logout", "linkText"],
+        ["css=.nav-link:nth-child(3)", "css:finder"],
+        ["xpath=//a[contains(text(),'Logout')]", "xpath:link"],
+        ["xpath=//div[@id='basic-navbar-nav']/div/a[2]", "xpath:idRelative"],
+        ["xpath=//a[contains(@href, '/logout')]", "xpath:href"],
+        ["xpath=//a[2]", "xpath:position"],
+        ["xpath=//a[contains(.,'Logout')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "fbf1ba38-145e-42fb-899b-a7d8bd86d8a2",
+      "comment": "",
+      "command": "type",
+      "target": "id=username",
+      "targets": [
+        ["id=username", "id"],
+        ["name=username", "name"],
+        ["css=#username", "css:finder"],
+        ["xpath=//input[@id='username']", "xpath:attributes"],
+        ["xpath=//input", "xpath:position"]
+      ],
+      "value": "admin"
+    }, {
+      "id": "d1af6437-5307-4102-aadb-7d87bbaa08cb",
+      "comment": "",
+      "command": "type",
+      "target": "id=password",
+      "targets": [
+        ["id=password", "id"],
+        ["name=password", "name"],
+        ["css=#password", "css:finder"],
+        ["xpath=//input[@id='password']", "xpath:attributes"],
+        ["xpath=//p[2]/input", "xpath:position"]
+      ],
+      "value": "adminpass"
+    }, {
+      "id": "7dbd5a0c-31ea-4cf6-83fd-de40f4e239fc",
+      "comment": "",
+      "command": "sendKeys",
+      "target": "id=password",
+      "targets": [
+        ["id=password", "id"],
+        ["name=password", "name"],
+        ["css=#password", "css:finder"],
+        ["xpath=//input[@id='password']", "xpath:attributes"],
+        ["xpath=//p[2]/input", "xpath:position"]
+      ],
+      "value": "${KEY_ENTER}"
+    }, {
+      "id": "79423a30-b82b-443f-b0ea-80370a6d397b",
+      "comment": "",
+      "command": "assertChecked",
+      "target": "xpath=//table/tbody/tr/td[5]/span/div/input",
+      "targets": [
+        ["css=.custom-control-label", "css:finder"],
+        ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/div/table/tbody/tr/td[5]/span/div/label", "xpath:idRelative"],
+        ["xpath=//span/div/label", "xpath:position"]
+      ],
+      "value": ""
+    }]
+  }],
+  "suites": [{
+    "id": "8a97286b-5660-452c-9f23-4c5f5bf8de3b",
+    "name": "Default Suite",
+    "persistSession": false,
+    "parallel": false,
+    "timeout": 300,
+    "tests": ["a26f2eda-ddf2-4c49-a29d-d86a282bb75a"]
+  }],
+  "urls": ["http://localhost:10101/"],
+  "plugins": []
+}
\ No newline at end of file
diff --git a/backend/src/integration/resources/SHIBUI-1742-2.side b/backend/src/integration/resources/SHIBUI-1742-2.side
new file mode 100644
index 000000000..a0684ca69
--- /dev/null
+++ b/backend/src/integration/resources/SHIBUI-1742-2.side
@@ -0,0 +1,462 @@
+{
+  "id": "913c2183-c59c-4c54-8434-5866b49a982b",
+  "version": "2.0",
+  "name": "SHIBUI-1742-2",
+  "url": "http://localhost:10101",
+  "tests": [{
+    "id": "629ba6a4-486d-4dbe-9ea1-4727a1e35567",
+    "name": "SHIBUI-1742-2",
+    "commands": [{
+      "id": "252698e5-62bc-4087-b465-6cce517e4f42",
+      "comment": "",
+      "command": "open",
+      "target": "/login",
+      "targets": [],
+      "value": ""
+    }, {
+      "id": "68e6f41c-273d-47d5-a3bc-3886f3bb0361",
+      "comment": "",
+      "command": "type",
+      "target": "id=username",
+      "targets": [
+        ["id=username", "id"],
+        ["name=username", "name"],
+        ["css=#username", "css:finder"],
+        ["xpath=//input[@id='username']", "xpath:attributes"],
+        ["xpath=//input", "xpath:position"]
+      ],
+      "value": "admin"
+    }, {
+      "id": "890b33ad-e28f-430d-a8f1-99d028c16c1e",
+      "comment": "",
+      "command": "type",
+      "target": "id=password",
+      "targets": [
+        ["id=password", "id"],
+        ["name=password", "name"],
+        ["css=#password", "css:finder"],
+        ["xpath=//input[@id='password']", "xpath:attributes"],
+        ["xpath=//p[2]/input", "xpath:position"]
+      ],
+      "value": "adminpass"
+    }, {
+      "id": "52216d6c-70de-47ee-a385-8b015e244b42",
+      "comment": "",
+      "command": "sendKeys",
+      "target": "id=password",
+      "targets": [
+        ["id=password", "id"],
+        ["name=password", "name"],
+        ["css=#password", "css:finder"],
+        ["xpath=//input[@id='password']", "xpath:attributes"],
+        ["xpath=//p[2]/input", "xpath:position"]
+      ],
+      "value": "${KEY_ENTER}"
+    }, {
+      "id": "53ffb74f-8635-453b-8b3e-22c0a11e0902",
+      "comment": "",
+      "command": "pause",
+      "target": "5000",
+      "targets": [],
+      "value": ""
+    }, {
+      "id": "c820e378-569c-44ba-834a-c7d6203d3e12",
+      "comment": "",
+      "command": "click",
+      "target": "xpath=//button[text()='Advanced']",
+      "targets": [],
+      "value": "30000"
+    }, {
+      "id": "8f1af018-7f7f-441c-bb59-9591469cc0da",
+      "comment": "",
+      "command": "click",
+      "target": "linkText=Roles",
+      "targets": [
+        ["linkText=Roles", "linkText"],
+        ["css=.text-primary:nth-child(3)", "css:finder"],
+        ["xpath=//a[contains(text(),'Roles')]", "xpath:link"],
+        ["xpath=//div[@id='basic-nav-dropdown']/div/a[3]", "xpath:idRelative"],
+        ["xpath=//a[contains(@href, '/roles')]", "xpath:href"],
+        ["xpath=//a[3]", "xpath:position"],
+        ["xpath=//a[contains(.,'Roles')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "be331a79-e161-460b-87e5-0458bd6d87bc",
+      "comment": "",
+      "command": "click",
+      "target": "linkText=Add new role",
+      "targets": [
+        ["linkText=Add new role", "linkText"],
+        ["css=.btn-success", "css:finder"],
+        ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/a", "xpath:idRelative"],
+        ["xpath=//a[contains(@href, '/roles/new')]", "xpath:href"],
+        ["xpath=//div[2]/div/a", "xpath:position"],
+        ["xpath=//a[contains(.,'  Add new role')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "b9f67743-c715-4db6-9380-77c39f23bc89",
+      "comment": "",
+      "command": "type",
+      "target": "id=root_name",
+      "targets": [
+        ["id=root_name", "id"],
+        ["css=#root_name", "css:finder"],
+        ["xpath=//input[@id='root_name']", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div/form/div/div/div/div/div/div/div/div/input", "xpath:idRelative"],
+        ["xpath=//input", "xpath:position"]
+      ],
+      "value": "test"
+    }, {
+      "id": "548d864c-87ba-4889-823e-3e9729d596db",
+      "comment": "",
+      "command": "click",
+      "target": "css=.fa-save",
+      "targets": [
+        ["css=.fa-save", "css:finder"]
+      ],
+      "value": ""
+    }, {
+      "id": "5a6af58f-5509-4d8c-ab15-11bb8ea124fc",
+      "comment": "",
+      "command": "waitForElementVisible",
+      "target": "xpath=//div[@role=\"alert\" and contains(., \"Added role successfully.\")]",
+      "targets": [],
+      "value": "30000"
+    }, {
+      "id": "7721b7e5-53d3-4000-b9b3-7553f517a3e2",
+      "comment": "",
+      "command": "click",
+      "target": "css=tr:nth-child(5) .text-primary > .svg-inline--fa",
+      "targets": [
+        ["css=tr:nth-child(5) .text-primary > .svg-inline--fa", "css:finder"]
+      ],
+      "value": ""
+    }, {
+      "id": "49fd8a6e-9483-483a-9a51-cc41a58b8f8e",
+      "comment": "",
+      "command": "type",
+      "target": "id=root_name",
+      "targets": [
+        ["id=root_name", "id"],
+        ["css=#root_name", "css:finder"],
+        ["xpath=//input[@id='root_name']", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div/form/div/div/div/div/div/div/div/div/input", "xpath:idRelative"],
+        ["xpath=//input", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "905bf81b-a0c1-4ec4-a874-621b2deea715",
+      "comment": "",
+      "command": "type",
+      "target": "id=root_name",
+      "targets": [
+        ["id=root_name", "id"],
+        ["css=#root_name", "css:finder"],
+        ["xpath=//input[@id='root_name']", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div/form/div/div/div/div/div/div/div/div/input", "xpath:idRelative"],
+        ["xpath=//input", "xpath:position"]
+      ],
+      "value": "test role"
+    }, {
+      "id": "a2365448-e076-49ed-8fe6-daf35dc6e800",
+      "comment": "",
+      "command": "click",
+      "target": "css=.btn-info",
+      "targets": [
+        ["css=.btn-info", "css:finder"],
+        ["xpath=(//button[@type='button'])[4]", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/button", "xpath:idRelative"],
+        ["xpath=//div[2]/div/div/button", "xpath:position"],
+        ["xpath=//button[contains(.,' Save')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "159a7bf1-39e9-460f-890f-47c42d3e22ce",
+      "comment": "",
+      "command": "assertElementPresent",
+      "target": "xpath=//div[@role=\"alert\" and contains(., \"Updated role successfully.\")]",
+      "targets": [],
+      "value": ""
+    }, {
+      "id": "2317a47a-e308-4c1f-bd08-50360950c082",
+      "comment": "",
+      "command": "click",
+      "target": "xpath=(//button[@id='dropdown-basic'])[2]",
+      "targets": [
+        ["xpath=(//button[@id='dropdown-basic'])[2]", "xpath:attributes"],
+        ["xpath=(//div[@id='basic-nav-dropdown']/button)[2]", "xpath:idRelative"],
+        ["xpath=//div[2]/button", "xpath:position"],
+        ["xpath=//button[contains(.,'Add New')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "cfe9cc6f-d96a-48ad-a273-d03eba7cefce",
+      "comment": "",
+      "command": "click",
+      "target": "id=dropdown-basic",
+      "targets": [
+        ["id=dropdown-basic", "id"],
+        ["xpath=//button[@id='dropdown-basic']", "xpath:attributes"],
+        ["xpath=//div[@id='basic-nav-dropdown']/button", "xpath:idRelative"],
+        ["xpath=//div/button", "xpath:position"],
+        ["xpath=//button[contains(.,'Advanced')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "231fa40a-bb22-4d83-99e2-9a5a9d3ff823",
+      "comment": "",
+      "command": "click",
+      "target": "css=.p-3 > .d-flex",
+      "targets": [
+        ["css=.p-3 > .d-flex", "css:finder"],
+        ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div", "xpath:idRelative"],
+        ["xpath=//section/div/div[2]/div", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "e20c0727-c04f-465d-a7dc-7c7a9210c47b",
+      "comment": "",
+      "command": "click",
+      "target": "linkText=Dashboard",
+      "targets": [
+        ["linkText=Dashboard", "linkText"],
+        ["css=.nav-link:nth-child(3)", "css:finder"],
+        ["xpath=//a[contains(text(),'Dashboard')]", "xpath:link"],
+        ["xpath=//div[@id='basic-navbar-nav']/div/a", "xpath:idRelative"],
+        ["xpath=//a[contains(@href, '/dashboard')]", "xpath:href"],
+        ["xpath=//nav/div/div/a", "xpath:position"],
+        ["xpath=//a[contains(.,'Dashboard')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "733d176c-c0a3-4427-a7dd-1bc5ed42d96e",
+      "comment": "",
+      "command": "click",
+      "target": "linkText=Admin",
+      "targets": [
+        ["linkText=Admin", "linkText"],
+        ["css=.nav-item:nth-child(3) > .nav-link", "css:finder"],
+        ["xpath=//a[contains(text(),'Admin')]", "xpath:link"],
+        ["xpath=//div[@id='root']/div/main/div/div/div[3]/a", "xpath:idRelative"],
+        ["xpath=//a[contains(@href, '/dashboard/admin/management')]", "xpath:href"],
+        ["xpath=//div[3]/a", "xpath:position"],
+        ["xpath=//a[contains(.,'Admin')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "a5c105ee-9b6c-4226-bda6-fc17a77f2b35",
+      "comment": "",
+      "command": "click",
+      "target": "id=role-nonadmin",
+      "targets": [
+        ["id=role-nonadmin", "id"],
+        ["name=role-nonadmin", "name"],
+        ["css=#role-nonadmin", "css:finder"],
+        ["xpath=//select[@id='role-nonadmin']", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/table/tbody/tr[2]/td[4]/select", "xpath:idRelative"],
+        ["xpath=//tr[2]/td[4]/select", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "eb737ab9-42bf-45c4-82c0-04c14fa26e63",
+      "comment": "",
+      "command": "select",
+      "target": "id=role-nonadmin",
+      "targets": [],
+      "value": "label=test role"
+    }, {
+      "id": "aada4cb0-0f3f-436c-b342-f83ea1e35ba4",
+      "comment": "",
+      "command": "waitForElementVisible",
+      "target": "//div[@role=\"alert\" and contains(., \"User update successful for nonadmin\")]",
+      "targets": [],
+      "value": "30000"
+    }, {
+      "id": "e8bedd18-aafa-4bff-85a4-ba36d7685225",
+      "comment": "",
+      "command": "click",
+      "target": "id=dropdown-basic",
+      "targets": [
+        ["id=dropdown-basic", "id"],
+        ["xpath=//button[@id='dropdown-basic']", "xpath:attributes"],
+        ["xpath=//div[@id='basic-nav-dropdown']/button", "xpath:idRelative"],
+        ["xpath=//div/button", "xpath:position"],
+        ["xpath=//button[contains(.,'Advanced')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "e091ca7a-286d-4982-80e3-b180cf03a233",
+      "comment": "",
+      "command": "click",
+      "target": "linkText=Roles",
+      "targets": [
+        ["linkText=Roles", "linkText"],
+        ["css=.text-primary:nth-child(3)", "css:finder"],
+        ["xpath=//a[contains(text(),'Roles')]", "xpath:link"],
+        ["xpath=//div[@id='basic-nav-dropdown']/div/a[3]", "xpath:idRelative"],
+        ["xpath=//a[contains(@href, '/roles')]", "xpath:href"],
+        ["xpath=//a[3]", "xpath:position"],
+        ["xpath=//a[contains(.,'Roles')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "a378e628-4227-451b-9fb6-ef9edb7fc4fa",
+      "comment": "",
+      "command": "click",
+      "target": "css=tr:nth-child(5) .text-danger path",
+      "targets": [
+        ["css=tr:nth-child(5) .text-danger path", "css:finder"]
+      ],
+      "value": ""
+    }, {
+      "id": "0c411e9d-b9de-40e4-a39d-99a3b734f6a1",
+      "comment": "",
+      "command": "click",
+      "target": "css=.btn-danger",
+      "targets": [
+        ["css=.btn-danger", "css:finder"],
+        ["xpath=(//button[@type='button'])[9]", "xpath:attributes"],
+        ["xpath=//div[3]/button", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "22bbdc62-995b-43e4-abe1-24d7035b1d49",
+      "comment": "",
+      "command": "assertElementPresent",
+      "target": "xpath=//div[@role=\"alert\" and contains(., \"remove role from all users first\")]",
+      "targets": [],
+      "value": ""
+    }, {
+      "id": "e704f343-5942-4053-aed7-1fa94e13320c",
+      "comment": "",
+      "command": "click",
+      "target": "id=dropdown-basic",
+      "targets": [
+        ["id=dropdown-basic", "id"],
+        ["xpath=//button[@id='dropdown-basic']", "xpath:attributes"],
+        ["xpath=//div[@id='basic-nav-dropdown']/button", "xpath:idRelative"],
+        ["xpath=//div/button", "xpath:position"],
+        ["xpath=//button[contains(.,'Advanced')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "78b2edf1-a85d-4a0e-9880-33a2bdef7b68",
+      "comment": "",
+      "command": "click",
+      "target": "linkText=Dashboard",
+      "targets": [
+        ["linkText=Dashboard", "linkText"],
+        ["css=.nav-link:nth-child(3)", "css:finder"],
+        ["xpath=//a[contains(text(),'Dashboard')]", "xpath:link"],
+        ["xpath=//div[@id='basic-navbar-nav']/div/a", "xpath:idRelative"],
+        ["xpath=//a[contains(@href, '/dashboard')]", "xpath:href"],
+        ["xpath=//nav/div/div/a", "xpath:position"],
+        ["xpath=//a[contains(.,'Dashboard')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "28b88c8a-a4f1-49ad-9f7c-0d81a75c25e9",
+      "comment": "",
+      "command": "click",
+      "target": "linkText=Admin",
+      "targets": [
+        ["linkText=Admin", "linkText"],
+        ["css=.nav-item:nth-child(3) > .nav-link", "css:finder"],
+        ["xpath=//a[contains(text(),'Admin')]", "xpath:link"],
+        ["xpath=//div[@id='root']/div/main/div/div/div[3]/a", "xpath:idRelative"],
+        ["xpath=//a[contains(@href, '/dashboard/admin/management')]", "xpath:href"],
+        ["xpath=//div[3]/a", "xpath:position"],
+        ["xpath=//a[contains(.,'Admin')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "246af097-6ab4-4173-a7cb-c4054e572fc5",
+      "comment": "",
+      "command": "click",
+      "target": "id=role-nonadmin",
+      "targets": [
+        ["id=role-nonadmin", "id"],
+        ["name=role-nonadmin", "name"],
+        ["css=#role-nonadmin", "css:finder"],
+        ["xpath=//select[@id='role-nonadmin']", "xpath:attributes"],
+        ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/table/tbody/tr[2]/td[4]/select", "xpath:idRelative"],
+        ["xpath=//tr[2]/td[4]/select", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "dd177cf2-605d-4e49-934d-6d88b3efa7b6",
+      "comment": "",
+      "command": "select",
+      "target": "id=role-nonadmin",
+      "targets": [],
+      "value": "label=ROLE_USER"
+    }, {
+      "id": "2f499bda-2230-45d2-85c5-efee606c5121",
+      "comment": "",
+      "command": "click",
+      "target": "id=dropdown-basic",
+      "targets": [
+        ["id=dropdown-basic", "id"],
+        ["xpath=//button[@id='dropdown-basic']", "xpath:attributes"],
+        ["xpath=//div[@id='basic-nav-dropdown']/button", "xpath:idRelative"],
+        ["xpath=//div/button", "xpath:position"],
+        ["xpath=//button[contains(.,'Advanced')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "e59ac7eb-4100-4c7f-8666-5aeb7980362b",
+      "comment": "",
+      "command": "click",
+      "target": "linkText=Roles",
+      "targets": [
+        ["linkText=Roles", "linkText"],
+        ["css=.text-primary:nth-child(3)", "css:finder"],
+        ["xpath=//a[contains(text(),'Roles')]", "xpath:link"],
+        ["xpath=//div[@id='basic-nav-dropdown']/div/a[3]", "xpath:idRelative"],
+        ["xpath=//a[contains(@href, '/roles')]", "xpath:href"],
+        ["xpath=//a[3]", "xpath:position"],
+        ["xpath=//a[contains(.,'Roles')]", "xpath:innerText"]
+      ],
+      "value": ""
+    }, {
+      "id": "f4201d01-e582-4071-921b-ede543ce181a",
+      "comment": "",
+      "command": "click",
+      "target": "css=tr:nth-child(5) .text-danger path",
+      "targets": [
+        ["css=tr:nth-child(5) .text-danger path", "css:finder"]
+      ],
+      "value": ""
+    }, {
+      "id": "7ff656ef-a5c1-4d32-abc6-bac132c45349",
+      "comment": "",
+      "command": "click",
+      "target": "css=.btn-danger",
+      "targets": [
+        ["css=.btn-danger", "css:finder"],
+        ["xpath=(//button[@type='button'])[9]", "xpath:attributes"],
+        ["xpath=//div[3]/button", "xpath:position"]
+      ],
+      "value": ""
+    }, {
+      "id": "7092ea4b-e3ea-4ef4-9172-dbf84910ec3c",
+      "comment": "",
+      "command": "assertElementPresent",
+      "target": "xpath=//div[@role=\"alert\" and contains(., \"Deleted role successfully.\")]",
+      "targets": [],
+      "value": ""
+    }]
+  }],
+  "suites": [{
+    "id": "2feb47ff-b645-47f5-9128-6b3a51eca540",
+    "name": "Default Suite",
+    "persistSession": false,
+    "parallel": false,
+    "timeout": 300,
+    "tests": ["629ba6a4-486d-4dbe-9ea1-4727a1e35567"]
+  }],
+  "urls": ["http://localhost:10101/"],
+  "plugins": []
+}
\ No newline at end of file