Merge pull request #1196 from oncokb/feat/add-service-account

Revert "Revert "update models to allow creating service user""

Author: bprize15

.jhipster/Token.json

@@ -36,6 +36,10 @@
       "fieldName": "renewable",
       "fieldType": "Boolean",
       "fieldValidateRules": ["required"]
+    },
+    {
+      "fieldName": "name",
+      "fieldType": "String"
     }
   ],
   "changelogDate": "20190823204705",

screenshot-test/App.screenshot.js

@@ -221,6 +221,14 @@ function getMockResponse(url) {
         body: companyDetails,
       };
       break;
+    case `${SERVER_URL}api/companies/service-account/token`:
+    case `${SERVER_URL}api/companies/1/service-account/token`:
+      res = {
+        status: 200,
+        contentType: 'application/json',
+        body: companyUserToken,
+      };
+      break;
     case `${SERVER_URL}api/users/non-company-emails`:
       res = {
         status: 200,

screenshot-test/__baseline_snapshots__/Account Settings Page without ROLE_API and not requested-snap.png

@@ -20,5 +20,5 @@
     "createdDate" : null,
     "lastModifiedBy" : "admin",
     "lastModifiedDate" : "2019-11-14T11:30:46Z",
-    "authorities" : [ "ROLE_USER", "ROLE_PREMIUM_USER", "ROLE_ADMIN", "ROLE_API" ]
+    "authorities" : [ "ROLE_USER", "ROLE_PREMIUM_USER", "ROLE_ADMIN", "ROLE_API", "ROLE_COMPANY_ADMIN" ]
   }

screenshot-test/__baseline_snapshots__/Account Settings Page without ROLE_API and requested-snap.png

@@ -7,6 +7,7 @@
     "usageLimit": null,
     "currentUsage": 0,
     "renewable": true,
+    "name": "Token",
     "user": {
       "id": 4,
       "login": "user",

screenshot-test/__baseline_snapshots__/Account Settings Page-snap.png

@@ -45,6 +45,8 @@ public final class Constants {
 
     public static final String ONCOKB_S3_BUCKET = "oncokb-v2";
 
+    public static final int MAX_SERVICE_ACCOUNT_TOKENS = 10;
+
     private Constants() {
     }
 

screenshot-test/__baseline_snapshots__/Company Details Page-snap.png

@@ -96,7 +96,7 @@ public void configure(HttpSecurity http) throws Exception {
             .antMatchers("/api/v1/v2/api-docs").permitAll()
             .antMatchers("/api/private/utils/data/**").hasAnyAuthority(AuthoritiesConstants.DATA_DOWNLOAD)
 
-            .antMatchers("/api/v1/annotate/**").hasAnyAuthority(AuthoritiesConstants.API)
+            .antMatchers("/api/v1/annotate/**").hasAnyAuthority(AuthoritiesConstants.API, AuthoritiesConstants.ROLE_SERVICE_ACCOUNT)
 
             .antMatchers("/api/v1/genes/lookup").hasAnyAuthority(AuthoritiesConstants.PUBLIC_WEBSITE, AuthoritiesConstants.USER, AuthoritiesConstants.ADMIN)
             .antMatchers("/api/v1/variants/lookup").hasAnyAuthority(AuthoritiesConstants.PUBLIC_WEBSITE, AuthoritiesConstants.USER, AuthoritiesConstants.ADMIN)
@@ -135,6 +135,7 @@ public void configure(HttpSecurity http) throws Exception {
             .antMatchers("/api/tokens/**").hasAnyAuthority(AuthoritiesConstants.ADMIN)
             .antMatchers("/api/token-stats/**").hasAnyAuthority(AuthoritiesConstants.ADMIN)
 
+            .antMatchers("/api/companies/service-account/token").hasAnyAuthority(AuthoritiesConstants.ROLE_COMPANY_ADMIN)
             .antMatchers("/api/companies/**").hasAnyAuthority(AuthoritiesConstants.ADMIN)
             .antMatchers("/api/company-domains/**").hasAnyAuthority(AuthoritiesConstants.ADMIN)
 

screenshot-test/__baseline_snapshots__/Company User Details Page-snap.png

@@ -44,6 +44,9 @@ public class Token implements Serializable {
     @Column(name = "renewable", nullable = false)
     private Boolean renewable = true;
 
+    @Column(name = "name")
+    private String name;
+
     @ManyToOne
     @JsonIgnoreProperties(value = "tokens", allowSetters = true)
     private User user;
@@ -135,6 +138,19 @@ public void setRenewable(Boolean renewable) {
         this.renewable = renewable;
     }
 
+    public String getName() {
+        return name;
+    }
+
+    public Token name(String name) {
+        this.name = name;
+        return this;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
     public User getUser() {
         return user;
     }
@@ -176,6 +192,7 @@ public String toString() {
             ", usageLimit=" + getUsageLimit() +
             ", currentUsage=" + getCurrentUsage() +
             ", renewable='" + isRenewable() + "'" +
+            ", name='" + getName() + "'" +
             "}";
     }
 }

screenshot-test/__baseline_snapshots__/User Details Page-snap.png

@@ -8,6 +8,7 @@
 import org.springframework.data.jpa.repository.EntityGraph;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
 import org.springframework.stereotype.Repository;
 
 import java.util.List;
@@ -42,7 +43,8 @@ public interface UserRepository extends JpaRepository<User, Long> {
     @Cacheable(cacheResolver = "userCacheResolver")
     Optional<User> findOneWithAuthoritiesByEmailIgnoreCase(String email);
 
-    Page<User> findAllByLoginNot(Pageable pageable, String login);
+    @Query("select user from User user where :authorityName not in (select authority.name FROM user.authorities authority) and user.login != :login")
+    List<User> findAllUsersWithoutAuthorityAndLoginNot(@Param("authorityName") String authorityName, @Param("login") String login);
 
     @Query("select user, userDetails from User as user left join UserDetails as userDetails on user.id = userDetails.user WHERE user in ?1")
     List<Object[]> findAllUsersWithUserDetailsByUsersIn(List<User> users);

screenshot-test/data/api-account.json

@@ -21,6 +21,10 @@ public final class AuthoritiesConstants {
 
     public static final String API = "ROLE_API";
 
+    public static final String ROLE_COMPANY_ADMIN = "ROLE_COMPANY_ADMIN";
+
+    public static final String ROLE_SERVICE_ACCOUNT = "ROLE_SERVICE_ACCOUNT";
+
     private AuthoritiesConstants() {
     }
 }

screenshot-test/data/api-company-user-tokens.json

@@ -80,20 +80,23 @@ private Token getNewToken(Set<Authority> authorities, Optional<Instant> definedE
     public Token createTokenForCurrentUserLogin(Optional<Instant> definedExpirationTime, Optional<Boolean> isRenewable) {
         Optional<User> userOptional = userRepository.findOneWithAuthoritiesByLogin(SecurityUtils.getCurrentUserLogin().get());
         if(userOptional.isPresent()) {
-            return createToken(userOptional.get(), definedExpirationTime, isRenewable);
+            return createToken(userOptional.get(), definedExpirationTime, isRenewable, Optional.empty());
         }
         return null;
     }
 
-    public Token createToken(User user, Optional<Instant> definedExpirationTime, Optional<Boolean> isRenewable) {
+    public Token createToken(User user, Optional<Instant> definedExpirationTime, Optional<Boolean> isRenewable, Optional<String> name) {
         Token token = getNewToken(user.getAuthorities(), definedExpirationTime, isRenewable);
         token.setUser(user);
+        if (name.isPresent()) {
+            token.setName(name.get());
+        }
         tokenService.save(token);
         return token;
     }
 
-    public void createToken(Token token){
-        Token newToken = createToken(token.getUser(), Optional.of(token.getExpiration()), Optional.of(token.isRenewable()));
+    public void createToken(Token token, Optional<String> name){
+        Token newToken = createToken(token.getUser(), Optional.of(token.getExpiration()), Optional.of(token.isRenewable()), name);
         newToken.setCreation(token.getCreation());
         newToken.setCurrentUsage(token.getCurrentUsage());
         newToken.setUsageLimit(token.getUsageLimit());

src/main/java/org/mskcc/cbio/oncokb/config/Constants.java

@@ -1,7 +1,11 @@
 package org.mskcc.cbio.oncokb.service;
 
+import org.mskcc.cbio.oncokb.domain.Token;
+import org.mskcc.cbio.oncokb.domain.User;
 import org.mskcc.cbio.oncokb.domain.enumeration.LicenseStatus;
 import org.mskcc.cbio.oncokb.service.dto.CompanyDTO;
+import org.mskcc.cbio.oncokb.service.dto.UserDTO;
+import org.mskcc.cbio.oncokb.web.rest.errors.TooManyTokensException;
 import org.mskcc.cbio.oncokb.web.rest.vm.CompanyVM;
 
 import java.util.List;
@@ -58,4 +62,14 @@ public interface CompanyService {
      * @param id the id of the entity.
      */
     void delete(Long id);
+
+    Optional<User> createServiceAccount(Long id);
+
+    void deleteServiceAccount(CompanyDTO companyDTO);
+
+    Optional<Token> createServiceAccountToken(Long id, String name) throws TooManyTokensException;
+
+    Optional<List<Token>> getServiceAccountTokensForCompany(Long id);
+
+    Optional<UserDTO> getServiceUserForCompany(Long companyId);
 }

src/main/java/org/mskcc/cbio/oncokb/config/SecurityConfiguration.java

@@ -58,11 +58,13 @@ public interface TokenService {
 
     void expireToken(Token token);
 
+    void delete(Long id);
+
     /**
      * Delete the token and associates its token stats with a new token.
      * @param id id of token
      */
-    void delete(Long id);
+    void deleteAndAssociateStats(Long id);
 
     /**
      * Delete all tokens related to the user

src/main/java/org/mskcc/cbio/oncokb/domain/Token.java

@@ -313,7 +313,7 @@ public User registerUser(UserDTO userDTO, String password) {
         return newUser;
     }
 
-    public User createUser(UserDTO userDTO, Optional<Integer> tokenValidDays, Optional<Boolean> tokenIsRenewable) {
+    public User createUser(UserDTO userDTO, boolean isServiceUser, Optional<Integer> tokenValidDays, Optional<Boolean> tokenIsRenewable) {
         User user = new User();
         user.setLogin(userDTO.getLogin().toLowerCase());
         user.setFirstName(userDTO.getFirstName());
@@ -355,6 +355,10 @@ public User createUser(UserDTO userDTO, Optional<Integer> tokenValidDays, Option
         userDetails.setCompany(companyMapper.toEntity(userDTO.getCompany()));
         userDetailsRepository.save(userDetails);
 
+        if (isServiceUser) {
+            log.debug("Created Information for Service User: {}", user);
+            return user;
+        }
 
         // Check if the user is a part of licensed company and then continue with approval procedure
         if(userDetails.getCompany() != null){
@@ -534,7 +538,7 @@ public List<UserDTO> findAllUsersWithUserDetailsByUsersIn(List<User> users) {
     @Transactional(readOnly = true)
     @Cacheable(cacheResolver = "userCacheResolver", key = "#root.methodName")
     public Page<UserDTO> getAllManagedUsers(Pageable pageable) {
-        List<User> users = userRepository.findAllByLoginNot(pageable, Constants.ANONYMOUS_USER).getContent();
+        List<User> users = userRepository.findAllUsersWithoutAuthorityAndLoginNot(AuthoritiesConstants.ROLE_SERVICE_ACCOUNT, Constants.ANONYMOUS_USER);
         List<UserDTO> userDTOs = findAllUsersWithUserDetailsByUsersIn(users);
         return new PageImpl<>(userDTOs, pageable, users.size());
     }
@@ -642,7 +646,8 @@ private List<Token> generateTokenForUserIfNotExist(UserDTO userDTO, Optional<Int
             Token token = tokenProvider.createToken(
                 userMapper.userDTOToUser(userDTO),
                 tokenValidDays.isPresent() ? Optional.of(Instant.now().plusSeconds(DAY_IN_SECONDS * (long) tokenValidDays.get())) : Optional.empty(),
-                tokenIsRenewable
+                tokenIsRenewable,
+                Optional.empty()
             );
             tokens.add(token);
         }