@@ -66,32 +66,113 @@ protected ObjectNode buildRestPropertiesJson(AppConfig config) {
66
66
protected void generateSecurityFiles (File configDir , AppConfig config ) {
67
67
File rolesDir = new File (configDir , "security/roles" );
68
68
rolesDir .mkdirs ();
69
- writeFile (buildAppRole (config ), new File (rolesDir , config .getName () + "-role.json" ));
69
+ writeFile (buildNobodyRole (config ), new File (rolesDir , "1-" + config .getName () + "-nobody-role.json" ));
70
+ writeFile (buildReaderRole (config ), new File (rolesDir , "2-" + config .getName () + "-reader-role.json" ));
71
+ writeFile (buildWriterRole (config ), new File (rolesDir , "3-" + config .getName () + "-writer-role.json" ));
72
+ writeFile (buildInternalRole (config ), new File (rolesDir , "4-" + config .getName () + "-internal-role.json" ));
73
+ writeFile (buildAdminRole (config ), new File (rolesDir , "5-" + config .getName () + "-admin-role.json" ));
70
74
71
75
File usersDir = new File (configDir , "security/users" );
72
76
usersDir .mkdirs ();
73
- writeFile (buildAppUser (config ), new File (usersDir , config .getName () + "-user.json" ));
77
+ writeFile (buildReaderUser (config ), new File (usersDir , config .getName () + "-reader-user.json" ));
78
+ writeFile (buildWriterUser (config ), new File (usersDir , config .getName () + "-writer-user.json" ));
79
+ writeFile (buildAdminUser (config ), new File (usersDir , config .getName () + "-admin-user.json" ));
74
80
}
75
81
76
- protected ObjectNode buildAppRole (AppConfig config ) {
82
+ protected ObjectNode buildNobodyRole (AppConfig config ) {
83
+ ObjectNode node = objectMapper .createObjectNode ();
84
+ node .put ("role-name" , config .getName () + "-nobody" );
85
+ node .put ("description" , "Unauthenticated user" );
86
+ node .putArray ("role" );
87
+ return node ;
88
+ }
89
+
90
+ protected ObjectNode buildReaderRole (AppConfig config ) {
91
+ ObjectNode node = objectMapper .createObjectNode ();
92
+ node .put ("role-name" , config .getName () + "-reader" );
93
+ node .put ("description" , "Can view documents, but not edit" );
94
+ ArrayNode array = node .putArray ("role" );
95
+ array .add ("rest-reader" );
96
+ array .add (config .getName () + "-nobody" );
97
+ return node ;
98
+ }
99
+
100
+ protected ObjectNode buildWriterRole (AppConfig config ) {
101
+ ObjectNode node = objectMapper .createObjectNode ();
102
+ node .put ("role-name" , config .getName () + "-writer" );
103
+ node .put ("description" , "Can read and write documents" );
104
+ ArrayNode array = node .putArray ("role" );
105
+ array .add ("rest-writer" );
106
+ array .add (config .getName () + "-reader" );
107
+ array = node .putArray ("privilege" );
108
+ array .add (buildPrivilege ("any-uri" , "http://marklogic.com/xdmp/privileges/any-uri" , "execute" ));
109
+ array .add (buildPrivilege ("unprotected-collections" , "http://marklogic.com/xdmp/privileges/unprotected-collections" , "execute" ));
110
+ return node ;
111
+ }
112
+
113
+ protected ObjectNode buildInternalRole (AppConfig config ) {
114
+ ObjectNode node = objectMapper .createObjectNode ();
115
+ node .put ("role-name" , config .getName () + "-internal" );
116
+ node .put ("description" , "Internal role used for amping" );
117
+ ArrayNode array = node .putArray ("role" );
118
+ array .add (config .getName () + "-writer" );
119
+ return node ;
120
+ }
121
+
122
+ protected ObjectNode buildAdminRole (AppConfig config ) {
123
+ ObjectNode node = objectMapper .createObjectNode ();
124
+ node .put ("role-name" , config .getName () + "-admin" );
125
+ node .put ("description" , "Non-admin administrator" );
126
+ ArrayNode array = node .putArray ("role" );
127
+ array .add ("rest-admin" );
128
+ array .add ("manage-admin" );
129
+ array .add (config .getName () + "-writer" );
130
+ array = node .putArray ("privilege" );
131
+ array .add (buildPrivilege ("any-uri" , "http://marklogic.com/xdmp/privileges/any-uri" , "execute" ));
132
+ array .add (buildPrivilege ("xdbc:insert-in" , "http://marklogic.com/xdmp/privileges/xdbc-insert-in" , "execute" ));
133
+ array .add (buildPrivilege ("xdmp:eval-in" , "http://marklogic.com/xdmp/privileges/xdmp-eval-in" , "execute" ));
134
+ return node ;
135
+ }
136
+
137
+ protected ObjectNode buildPrivilege (String name , String action , String kind ) {
138
+ ObjectNode node = objectMapper .createObjectNode ();
139
+ node .put ("privilege-name" , name );
140
+ node .put ("action" , action );
141
+ node .put ("kind" , kind );
142
+ return node ;
143
+ }
144
+
145
+ protected ObjectNode buildReaderUser (AppConfig config ) {
77
146
ObjectNode node = objectMapper .createObjectNode ();
78
- node .put ("role-name" , config .getName () + "-role" );
79
- ArrayNode array = node .putArray ("role" );
80
- array .add ("rest-writer" );
81
- return node ;
82
- }
83
-
84
- protected ObjectNode buildAppUser (AppConfig config ) {
85
- ObjectNode node = objectMapper .createObjectNode ();
86
- String name = config .getName () + "-user" ;
147
+ String name = config .getName () + "-reader" ;
87
148
node .put ("user-name" , name );
88
149
node .put ("password" , name );
89
150
ArrayNode roles = node .putArray ("role" );
90
- roles .add (config .getName () + "-role " );
151
+ roles .add (config .getName () + "-reader " );
91
152
return node ;
92
153
}
93
154
94
- protected void generateRestApiFile (File configDir , AppConfig config ) {
155
+ protected ObjectNode buildWriterUser (AppConfig config ) {
156
+ ObjectNode node = objectMapper .createObjectNode ();
157
+ String name = config .getName () + "-writer" ;
158
+ node .put ("user-name" , name );
159
+ node .put ("password" , name );
160
+ ArrayNode roles = node .putArray ("role" );
161
+ roles .add (config .getName () + "-writer" );
162
+ return node ;
163
+ }
164
+
165
+ protected ObjectNode buildAdminUser (AppConfig config ) {
166
+ ObjectNode node = objectMapper .createObjectNode ();
167
+ String name = config .getName () + "-admin" ;
168
+ node .put ("user-name" , name );
169
+ node .put ("password" , name );
170
+ ArrayNode roles = node .putArray ("role" );
171
+ roles .add (config .getName () + "-admin" );
172
+ return node ;
173
+ }
174
+
175
+ protected void generateRestApiFile (File configDir , AppConfig config ) {
95
176
writeFile (buildRestApiJson (config ).getBytes (), new File (configDir , "rest-api.json" ));
96
177
}
97
178
0 commit comments