Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
import java.util.Collection;

/**
* A step down from site admins, app admins have broad access but don't get to control native resources on the server.
* A step-down from site admins, app admins have broad access but don't get to control native resources on the server.
*/
public class ApplicationAdminRole extends AbstractRootContainerRole implements AdminRoleListener
{
Expand Down
31 changes: 13 additions & 18 deletions api/src/org/labkey/api/security/roles/AuthorRole.java
Original file line number Diff line number Diff line change
Expand Up @@ -18,32 +18,27 @@
import org.labkey.api.pipeline.PipeRoot;
import org.labkey.api.reports.permissions.ShareReportPermission;
import org.labkey.api.security.SecurableResource;
import org.labkey.api.security.permissions.AssayReadPermission;
import org.labkey.api.security.permissions.DataClassReadPermission;
import org.labkey.api.security.permissions.InsertPermission;
import org.labkey.api.security.permissions.MediaReadPermission;
import org.labkey.api.security.permissions.NotebookReadPermission;
import org.labkey.api.security.permissions.ReadPermission;
import org.labkey.api.security.permissions.ReadSomePermission;
import org.labkey.api.security.permissions.Permission;
import org.labkey.api.study.Dataset;

/*
* User: Dave
* Date: Apr 27, 2009
*/
import java.util.Collection;
import java.util.stream.Stream;

public class AuthorRole extends AbstractRole
{
static final Collection<Class<? extends Permission>> PERMISSIONS = Stream.concat(
ReaderRole.PERMISSIONS.stream(),
Stream.of(
InsertPermission.class,
ShareReportPermission.class
)
).toList();

public AuthorRole()
{
super("Author", "Authors may read and add some information. They can also update and delete some information they added.",
ReadPermission.class,
ReadSomePermission.class,
AssayReadPermission.class,
DataClassReadPermission.class,
MediaReadPermission.class,
NotebookReadPermission.class,
InsertPermission.class,
ShareReportPermission.class
PERMISSIONS
);
}

Expand Down
65 changes: 10 additions & 55 deletions api/src/org/labkey/api/security/roles/EditorRole.java
Original file line number Diff line number Diff line change
Expand Up @@ -15,70 +15,25 @@
*/
package org.labkey.api.security.roles;

import org.labkey.api.lists.permissions.ManagePicklistsPermission;
import org.labkey.api.pipeline.PipeRoot;
import org.labkey.api.reports.permissions.EditSharedReportPermission;
import org.labkey.api.reports.permissions.ShareReportPermission;
import org.labkey.api.security.SecurableResource;
import org.labkey.api.security.permissions.AssayReadPermission;
import org.labkey.api.security.permissions.DataClassReadPermission;
import org.labkey.api.security.permissions.DeletePermission;
import org.labkey.api.security.permissions.EditSharedViewPermission;
import org.labkey.api.security.permissions.InsertPermission;
import org.labkey.api.security.permissions.MediaReadPermission;
import org.labkey.api.security.permissions.MoveEntitiesPermission;
import org.labkey.api.security.permissions.NotebookReadPermission;
import org.labkey.api.security.permissions.Permission;
import org.labkey.api.security.permissions.ReadPermission;
import org.labkey.api.security.permissions.ReadSomePermission;
import org.labkey.api.security.permissions.SampleWorkflowDeletePermission;
import org.labkey.api.security.permissions.SampleWorkflowJobPermission;
import org.labkey.api.security.permissions.UpdatePermission;
import org.labkey.api.study.Dataset;
import org.labkey.api.study.Study;
import org.labkey.api.study.permissions.SharedParticipantGroupPermission;

import java.util.Arrays;
import java.util.Collection;
import java.util.stream.Stream;

/*
* User: Dave
* Date: Apr 27, 2009
* Time: 1:22:17 PM
*/
public class EditorRole extends AbstractRole
public class EditorRole extends EditorWithoutDeleteRole
{
protected static Collection<Class<? extends Permission>> BASE_EDITOR_PERMISSIONS = Arrays.asList(
ReadPermission.class,
ReadSomePermission.class,
AssayReadPermission.class,
DataClassReadPermission.class,
MediaReadPermission.class,
NotebookReadPermission.class,
InsertPermission.class,
MoveEntitiesPermission.class,
UpdatePermission.class,
EditSharedViewPermission.class,
ShareReportPermission.class,
EditSharedReportPermission.class,
SharedParticipantGroupPermission.class,
ManagePicklistsPermission.class,
SampleWorkflowJobPermission.class
);
protected static Collection<Class<? extends Permission>> PERMISSIONS = Stream.concat(
EditorWithoutDeleteRole.PERMISSIONS.stream(),
Stream.of(
DeletePermission.class,
SampleWorkflowDeletePermission.class
)
).toList();

public EditorRole()
{
this("Editor", "Editors may read, add, update and delete information.", BASE_EDITOR_PERMISSIONS, Arrays.asList(DeletePermission.class, SampleWorkflowDeletePermission.class));
}

public EditorRole(String name, String description, Collection<Class<? extends Permission>>... permCollections)
{
super(name, description, permCollections);
}

@Override
public boolean isApplicable(SecurableResource resource)
{
return super.isApplicable(resource) || resource instanceof PipeRoot || resource instanceof Study || resource instanceof Dataset;
super("Editor", "Editors may read, add, update and delete information.", PERMISSIONS);
}
}
44 changes: 42 additions & 2 deletions api/src/org/labkey/api/security/roles/EditorWithoutDeleteRole.java
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,50 @@
*/
package org.labkey.api.security.roles;

public class EditorWithoutDeleteRole extends EditorRole
import org.labkey.api.lists.permissions.ManagePicklistsPermission;
import org.labkey.api.pipeline.PipeRoot;
import org.labkey.api.reports.permissions.EditSharedReportPermission;
import org.labkey.api.security.SecurableResource;
import org.labkey.api.security.permissions.EditSharedViewPermission;
import org.labkey.api.security.permissions.MoveEntitiesPermission;
import org.labkey.api.security.permissions.Permission;
import org.labkey.api.security.permissions.SampleWorkflowJobPermission;
import org.labkey.api.security.permissions.UpdatePermission;
import org.labkey.api.study.Dataset;
import org.labkey.api.study.Study;
import org.labkey.api.study.permissions.SharedParticipantGroupPermission;

import java.util.Collection;
import java.util.stream.Stream;

public class EditorWithoutDeleteRole extends AbstractRole
{
protected static Collection<Class<? extends Permission>> PERMISSIONS = Stream.concat(
AuthorRole.PERMISSIONS.stream(),
Stream.of(
EditSharedReportPermission.class,
EditSharedViewPermission.class,
ManagePicklistsPermission.class,
MoveEntitiesPermission.class,
SampleWorkflowJobPermission.class,
SharedParticipantGroupPermission.class,
UpdatePermission.class
)
).toList();

public EditorWithoutDeleteRole()
{
super("Editor without Delete", "Editors in this role may read, add, and update information but not delete.", BASE_EDITOR_PERMISSIONS);
super("Editor without Delete", "Editors in this role may read, add, and update information but not delete.", PERMISSIONS);
}

protected EditorWithoutDeleteRole(String name, String description, Iterable<Class<? extends Permission>>... permCollections)
{
super(name, description, permCollections);
}

@Override
public boolean isApplicable(SecurableResource resource)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moving this method is a small functional change but presumably intentional.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I inverted the hierarchy so EditorRole now inherits from EditorWithoutDeleteRole. So a couple methods had to move to the latter.

Claude isn't thrilled with this change (instanceof semantics will change), but it makes more sense to me.

{
return super.isApplicable(resource) || resource instanceof PipeRoot || resource instanceof Study || resource instanceof Dataset;
}
}
30 changes: 13 additions & 17 deletions api/src/org/labkey/api/security/roles/ReaderRole.java
Original file line number Diff line number Diff line change
Expand Up @@ -23,34 +23,30 @@
import org.labkey.api.security.permissions.NotebookReadPermission;
import org.labkey.api.security.permissions.Permission;
import org.labkey.api.security.permissions.ReadPermission;
import org.labkey.api.security.permissions.ReadSomePermission;

import java.util.Collection;
import java.util.stream.Stream;

/*
* User: Dave
* Date: Apr 27, 2009
* Time: 1:22:04 PM
*/
public class ReaderRole extends AbstractRole
{
static final Collection<Class<? extends Permission>> PERMISSIONS = Stream.concat(
RestrictedReaderRole.PERMISSIONS.stream(),
Stream.of(
AssayReadPermission.class,
DataClassReadPermission.class,
MediaReadPermission.class,
NotebookReadPermission.class,
ReadPermission.class
)
).toList();

public ReaderRole()
{
super("Reader", "Readers may read information but may not change anything.",
ReadPermission.class,
ReadSomePermission.class,
AssayReadPermission.class,
DataClassReadPermission.class,
NotebookReadPermission.class,
MediaReadPermission.class
PERMISSIONS
);
}

public ReaderRole(String name, String description, Collection<Class<? extends Permission>>... permCollections)
{
super(name, description, permCollections);
}

@Override
public boolean isApplicable(SecurableResource resource)
{
Expand Down
10 changes: 9 additions & 1 deletion api/src/org/labkey/api/security/roles/RestrictedReaderRole.java
Original file line number Diff line number Diff line change
Expand Up @@ -16,19 +16,27 @@
package org.labkey.api.security.roles;

import org.labkey.api.security.SecurableResource;
import org.labkey.api.security.permissions.Permission;
import org.labkey.api.security.permissions.ReadSomePermission;
import org.labkey.api.study.Study;

import java.util.Collection;
import java.util.List;

/**
* Used exclusively in dataset security, as a marker in the study policy to indicate a group has per-dataset permissions.
* As a result, we don't directly surface this role anywhere in the product. See #42682.
*/
public class RestrictedReaderRole extends AbstractRole
{
static final Collection<Class<? extends Permission>> PERMISSIONS = List.of(
ReadSomePermission.class
);

public RestrictedReaderRole()
{
super("Restricted Reader", "Restricted Readers may read some information, but not all.",
ReadSomePermission.class);
PERMISSIONS);
}

@Override
Expand Down