Feature/1092 1098 basic user management #1115
Conversation
|
NOTE: these are a stop gap until further work is done on authentication and so I'm not super worried about getting all the timing information in and such. I did on one, but only a handful of people are going to be using this, and even then not super often. |
MikeNeilson
added
the
approved-W912HQ25F0116
| crud("/users/{user-name}", new UsersController(metrics), adminRoles); | ||
| get("/roles", new GetRolesController(metrics), adminRoles); | ||
| get("/user/profile", new UserProfileController(metrics), userRoles); | ||
| post("/user/{user-name}/roles/{office-id}", new AddRoleController(metrics), adminRoles); |
There was a problem hiding this comment.
Does this suggest that a user could have a space in multiple offices?
As opposed to
/user/{office-id}/roles/{user-name}?
I would just think that office would be the base and a user would be requested from that office
This probably doesn't really matter since either way the values get passed in. It's just, to me an office seems like it would come first.
There was a problem hiding this comment.
For most of the other data you would be correct, but in this case I don't think so.
The user is a the root of the infrastructure, and permissions to an office data are secondary.
E.g. the user "belongs" to the system as a whole.
Versus say a Time Series which "belongs" to a specific office.
| security = { | ||
| @OpenApiSecurity(name = "gets overridden allows lock icon.") | ||
| }, | ||
| description = "View users's own information", |
There was a problem hiding this comment.
Unless you meant multiple users then disregard!
There was a problem hiding this comment.
actually it should be users', but technically users's is valid. in that sentence it's both plural and "owned."
I think. I'm certainly not going to claim I got excellent marks in English classes, but I often remember that esoteric stuff fairly well.
| @OpenApiParam(allowEmptyValue = true, name = OFFICE, type = String.class, | ||
| description = "Show only users with active privileges in a given office" ), | ||
| @OpenApiParam(name = PAGE, | ||
| description = "This end point can return a lot of data, this " |
There was a problem hiding this comment.
This end point can return a lot of data
I don't know if this needs to be said, but I get the spirit of it
"Lots of data, don't forget about the page option"
|
|
||
| @OpenApi( | ||
| pathParams = { | ||
| @OpenApiParam(name = "user-name", required = true, |
There was a problem hiding this comment.
username or user-name - to hyphen or not to hyphen
There was a problem hiding this comment.
That is the question.
| @OpenApi( | ||
| pathParams = { | ||
| @OpenApiParam(name = "office-id", required = true, | ||
| description = "Office for these roles"), |
There was a problem hiding this comment.
I still think this should just be generic
I.e. in one place create a definition with a link to the offices endpoint
String OFFICE_DESCRIPTION = "Office Identifier 3/4 letter as returned by the office endpoint: " + OFFICE_ENDPOINTThrowing this idea out there again
There was a problem hiding this comment.
Fair point, and it might already exist and I should use it.
|
|
||
| private static final String GET_USER = | ||
| "select ut.userid as username,ut.email, ut.principle_name,groups.db_office_id as office,groups.user_group_id as role " + | ||
| " from cwms_20.at_sec_cwms_users ut " + |
There was a problem hiding this comment.
I know we are not making more plsql packages/etc (raw SQL)
But how much longer will cwms_20 really be around (usage of cwms_20)
Gotta do something to move forward I suppose
There was a problem hiding this comment.
"CWMS_20" forever, or at least until we've moved to Postgres (but to be fair maybe even then).
But as for the creation of PLSQL package, only when it improves/simplifies usage or is required for specific permissions issues.
In this case there's no benefit to doing so.
| return dsl.connectionResult(c -> { | ||
| AuthDao.setSessionForAuthCheck(c); | ||
| final ArrayList<String> roles = new ArrayList<>(); | ||
| try (PreparedStatement getUser = c.prepareStatement("select distinct user_group_id from cwms_20.at_sec_user_groups order by user_group_id asc"); |
There was a problem hiding this comment.
Is there not a jooq equivalent for this?
i.e.
Result<Record1<String>> result = DSL.using(configuration)
.selectDistinct(AT_SEC_USER_GROUPS.USER_GROUP_ID)
.from(AT_SEC_USER_GROUPS)
.orderBy(AT_SEC_USER_GROUPS.USER_GROUP_ID.asc())
.fetch();Or does it fall short because you need a PreparedStatement?
There was a problem hiding this comment.
There's no code gen for these tables, and it's too much work to make that happen just for this change.
krowvin
left a comment
krowvin
left a comment
There was a problem hiding this comment.
Just tossing my thoughts out there!
rma-rripken
left a comment
rma-rripken
left a comment
There was a problem hiding this comment.
Are there unit tests for User and Users? JSON test resources make it really obvious what the input/outputs look like.
cwms-data-api/src/main/java/cwms/cda/api/auth/users/UsersController.java
Outdated
Show resolved
Hide resolved
I'll add them, may help with sorting out the pagination cursor anyways. |
|
@rma-rripken FYI, I have hit a snag with some insanity in the database tables. I'm going to take a break before I throw the database itself off a cliff.... I don't know how I would do it, I just know I would try to make it happen. |
|
@rma-rripken there's likely some slop you'll have to point out to be, but it all actually behaves now. Had some definite issues in the paging design itself. |
rma-rripken
left a comment
rma-rripken
left a comment
There was a problem hiding this comment.
Looks good to me. I'd still like to see unit test for User and Users serialization with json test resource. I find those helpful to see what the actual json looks like.
I'll at least try to muster myself to do that in a follow up. I had enough issues that I see the value better, even for something this simple, but at the moment I want to get this out for at least use within the CWBI setup. |
I think there's still a bit more to do, but ready for discussion. Plus the tests just started failing on my laptop after adding one more (like fail to even start correctly) so checking on github.
closes #1092
closes #1098