[JN-1169] add BASE permission

api-admin/src/main/java/bio/terra/pearl/api/admin/controller/forms/ConfiguredSurveyController.java

@@ -2,6 +2,8 @@
 
 import bio.terra.pearl.api.admin.api.ConfiguredSurveyApi;
 import bio.terra.pearl.api.admin.service.auth.AuthUtilService;
+import bio.terra.pearl.api.admin.service.auth.context.PortalStudyAuthContext;
+import bio.terra.pearl.api.admin.service.auth.context.PortalStudyEnvAuthContext;
 import bio.terra.pearl.api.admin.service.forms.SurveyExtService;
 import bio.terra.pearl.core.model.EnvironmentName;
 import bio.terra.pearl.core.model.admin.AdminUser;
@@ -48,7 +50,10 @@ public ResponseEntity<Object> findWithNoContent(
     Boolean activeVal = active != null ? Boolean.valueOf(active) : null;
     List<StudyEnvironmentSurvey> studyEnvSurveys =
         surveyExtService.findWithSurveyNoContent(
-            portalShortcode, studyShortcode, environmentName, stableId, activeVal, operator);
+            PortalStudyAuthContext.of(operator, portalShortcode, studyShortcode),
+            stableId,
+            environmentName,
+            activeVal);
     return ResponseEntity.ok(studyEnvSurveys);
   }
 
@@ -59,14 +64,16 @@ public ResponseEntity<Object> patch(
       String envName,
       UUID configuredSurveyId,
       Object body) {
-    AdminUser adminUser = authUtilService.requireAdminUser(request);
+    AdminUser operator = authUtilService.requireAdminUser(request);
     EnvironmentName environmentName = EnvironmentName.valueOfCaseInsensitive(envName);
     StudyEnvironmentSurvey configuredSurvey =
         objectMapper.convertValue(body, StudyEnvironmentSurvey.class);
 
     StudyEnvironmentSurvey savedSes =
         surveyExtService.updateConfiguredSurvey(
-            portalShortcode, environmentName, studyShortcode, configuredSurvey, adminUser);
+            PortalStudyEnvAuthContext.of(
+                operator, portalShortcode, studyShortcode, environmentName),
+            configuredSurvey);
     return ResponseEntity.ok(savedSes);
   }
 
@@ -83,37 +90,38 @@ public ResponseEntity<Object> replace(
         objectMapper.convertValue(body, StudyEnvironmentSurvey.class);
     newStudyEnvSurvey =
         surveyExtService.replace(
-            portalShortcode,
-            studyShortcode,
-            environmentName,
+            PortalStudyEnvAuthContext.of(
+                operator, portalShortcode, studyShortcode, environmentName),
             studyEnvSurveyId,
-            newStudyEnvSurvey,
-            operator);
+            newStudyEnvSurvey);
     return ResponseEntity.ok(newStudyEnvSurvey);
   }
 
   @Override
   public ResponseEntity<Object> create(
       String portalShortcode, String studyShortcode, String envName, Object body) {
-    AdminUser adminUser = authUtilService.requireAdminUser(request);
+    AdminUser operator = authUtilService.requireAdminUser(request);
     EnvironmentName environmentName = EnvironmentName.valueOfCaseInsensitive(envName);
     StudyEnvironmentSurvey configuredSurvey =
         objectMapper.convertValue(body, StudyEnvironmentSurvey.class);
 
     StudyEnvironmentSurvey savedSes =
         surveyExtService.createConfiguredSurvey(
-            portalShortcode, studyShortcode, environmentName, configuredSurvey, adminUser);
+            PortalStudyEnvAuthContext.of(
+                operator, portalShortcode, studyShortcode, environmentName),
+            configuredSurvey);
     return ResponseEntity.ok(savedSes);
   }
 
   @Override
   public ResponseEntity<Void> remove(
       String portalShortcode, String studyShortcode, String envName, UUID configuredSurveyId) {
-    AdminUser adminUser = authUtilService.requireAdminUser(request);
+    AdminUser operator = authUtilService.requireAdminUser(request);
     EnvironmentName environmentName = EnvironmentName.valueOfCaseInsensitive(envName);
 
     surveyExtService.removeConfiguredSurvey(
-        portalShortcode, studyShortcode, environmentName, configuredSurveyId, adminUser);
+        PortalStudyEnvAuthContext.of(operator, portalShortcode, studyShortcode, environmentName),
+        configuredSurveyId);
     return ResponseEntity.noContent().build();
   }
 }

api-admin/src/main/java/bio/terra/pearl/api/admin/controller/forms/SurveyController.java

@@ -2,6 +2,7 @@
 
 import bio.terra.pearl.api.admin.api.SurveyApi;
 import bio.terra.pearl.api.admin.service.auth.AuthUtilService;
+import bio.terra.pearl.api.admin.service.auth.context.PortalAuthContext;
 import bio.terra.pearl.api.admin.service.forms.SurveyExtService;
 import bio.terra.pearl.core.model.admin.AdminUser;
 import bio.terra.pearl.core.model.survey.Survey;
@@ -30,41 +31,45 @@ public SurveyController(
 
   @Override
   public ResponseEntity<Object> get(String portalShortcode, String stableId, Integer version) {
-    AdminUser adminUser = authUtilService.requireAdminUser(request);
-    Survey survey = surveyExtService.get(portalShortcode, stableId, version, adminUser);
+    AdminUser operator = authUtilService.requireAdminUser(request);
+    Survey survey =
+        surveyExtService.get(PortalAuthContext.of(operator, portalShortcode), stableId, version);
     return ResponseEntity.ok(survey);
   }
 
   @Override
   public ResponseEntity<Object> getAllVersions(String portalShortcode, String stableId) {
-    AdminUser adminUser = authUtilService.requireAdminUser(request);
-    return ResponseEntity.ok(surveyExtService.listVersions(portalShortcode, stableId, adminUser));
+    AdminUser operator = authUtilService.requireAdminUser(request);
+    return ResponseEntity.ok(
+        surveyExtService.listVersions(PortalAuthContext.of(operator, portalShortcode), stableId));
   }
 
   @Override
   public ResponseEntity<Object> create(String portalShortcode, Object body) {
-    AdminUser adminUser = authUtilService.requireAdminUser(request);
+    AdminUser operator = authUtilService.requireAdminUser(request);
 
     Survey survey = objectMapper.convertValue(body, Survey.class);
-    Survey savedSurvey = surveyExtService.create(portalShortcode, survey, adminUser);
+    Survey savedSurvey =
+        surveyExtService.create(PortalAuthContext.of(operator, portalShortcode), survey);
     return ResponseEntity.ok(savedSurvey);
   }
 
   @Override
   public ResponseEntity<Object> newVersion(String portalShortcode, String stableId, Object body) {
-    AdminUser adminUser = authUtilService.requireAdminUser(request);
+    AdminUser operator = authUtilService.requireAdminUser(request);
     Survey survey = objectMapper.convertValue(body, Survey.class);
     if (!stableId.equals(survey.getStableId())) {
       throw new IllegalArgumentException("survey parameters don't match");
     }
-    Survey savedSurvey = surveyExtService.createNewVersion(portalShortcode, survey, adminUser);
+    Survey savedSurvey =
+        surveyExtService.createNewVersion(PortalAuthContext.of(operator, portalShortcode), survey);
     return ResponseEntity.ok(savedSurvey);
   }
 
   @Override
   public ResponseEntity<Void> delete(String portalShortcode, String stableId) {
-    AdminUser adminUser = authUtilService.requireAdminUser(request);
-    surveyExtService.delete(portalShortcode, stableId, adminUser);
+    AdminUser operator = authUtilService.requireAdminUser(request);
+    surveyExtService.delete(PortalAuthContext.of(operator, portalShortcode), stableId);
     return ResponseEntity.noContent().build();
   }
 }

api-admin/src/main/java/bio/terra/pearl/api/admin/service/auth/AuthUtilService.java

@@ -25,6 +25,13 @@
 /** Utility service for common auth-related methods */
 @Service
 public class AuthUtilService {
+  /**
+   * 'BASE_PERMISSON' indicates the operation is permitted for any PortalAdminUser as they are
+   * authorized to access the given portal. It might include public-ish operations like viewing
+   * surveys, etc.
+   */
+  public static final String BASE_PERMISSON = "BASE";
+
   private final AdminUserService adminUserService;
   private final BearerTokenFactory bearerTokenFactory;
   private final PortalService portalService;
@@ -77,7 +84,7 @@ public Portal authUserToPortal(AdminUser user, String portalShortcode) {
   public Portal authUserToPortalWithPermission(
       AdminUser user, String portalShortcode, String permission) {
     Portal portal = authUserToPortal(user, portalShortcode);
-    if (user.isSuperuser()) {
+    if (user.isSuperuser() || BASE_PERMISSON.equals(permission)) {
       return portal;
     }
     adminUserService

api-admin/src/main/java/bio/terra/pearl/api/admin/service/auth/BaseEnforcePortalPermissionAspect.java → api-admin/src/main/java/bio/terra/pearl/api/admin/service/auth/EnforcePortalPermissionAspect.java

@@ -16,12 +16,11 @@
  * Aspect to enforce portal permissions on methods annotated with EnforcePortalPermission. Inspired
  * by https://stackoverflow.com/questions/50882444/can-spring-annotation-access-method-parameters
  */
-public class BaseEnforcePortalPermissionAspect
+public class EnforcePortalPermissionAspect
     extends BaseEnforcePermissionAspect<PortalAuthContext, EnforcePortalPermission> {
-
   private final AuthUtilService authUtilService;
 
-  public BaseEnforcePortalPermissionAspect(AuthUtilService authUtilService) {
+  public EnforcePortalPermissionAspect(AuthUtilService authUtilService) {
     this.authUtilService = authUtilService;
   }
 

api-admin/src/main/java/bio/terra/pearl/api/admin/service/auth/BaseEnforcePortalStudyEnvPermissionAspect.java → api-admin/src/main/java/bio/terra/pearl/api/admin/service/auth/EnforcePortalStudyEnvPermissionAspect.java

@@ -18,13 +18,13 @@
 @Component
 @Aspect
 @Slf4j
-public class BaseEnforcePortalStudyEnvPermissionAspect
+public class EnforcePortalStudyEnvPermissionAspect
     extends BaseEnforcePermissionAspect<
         PortalStudyEnvAuthContext, EnforcePortalStudyEnvPermission> {
   private final AuthUtilService authUtilService;
   private final StudyEnvironmentService studyEnvironmentService;
 
-  public BaseEnforcePortalStudyEnvPermissionAspect(
+  public EnforcePortalStudyEnvPermissionAspect(
       AuthUtilService authUtilService, StudyEnvironmentService studyEnvironmentService) {
     this.authUtilService = authUtilService;
     this.studyEnvironmentService = studyEnvironmentService;

api-admin/src/main/java/bio/terra/pearl/api/admin/service/auth/BaseEnforcePortalStudyPermissionAspect.java → api-admin/src/main/java/bio/terra/pearl/api/admin/service/auth/EnforcePortalStudyPermissionAspect.java

@@ -14,11 +14,11 @@
 @Component
 @Aspect
 @Slf4j
-public class BaseEnforcePortalStudyPermissionAspect
+public class EnforcePortalStudyPermissionAspect
     extends BaseEnforcePermissionAspect<PortalStudyAuthContext, EnforcePortalStudyPermission> {
   private final AuthUtilService authUtilService;
 
-  public BaseEnforcePortalStudyPermissionAspect(AuthUtilService authUtilService) {
+  public EnforcePortalStudyPermissionAspect(AuthUtilService authUtilService) {
     this.authUtilService = authUtilService;
   }