NIHVIVO-2716 Make rootUser a property on UserAccount. When editing the root user, don't show roles.

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/CommonIdentifierBundleFactory.java

@@ -24,7 +24,6 @@ import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
-import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
 import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
 
 /**
@@ -73,7 +72,7 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory {
 	private Collection<? extends Identifier> createRootUserIdentifiers(
 			HttpServletRequest req) {
 		UserAccount user = LoginStatusBean.getCurrentUser(req);
-		if (isRootUser(user)) {
+		if ((user != null) && user.isRootUser()) {
 			return Collections.singleton(new IsRootUser());
 		} else {
 			return Collections.emptySet();
@@ -143,25 +142,6 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory {
 		return individuals;
 	}
 
-	/**
-	 * Is this user a root user?
-	 */
-	private boolean isRootUser(UserAccount user) {
-		if (user == null) {
-			return false;
-		}
-
-		WebappDaoFactory wdf = (WebappDaoFactory) context
-				.getAttribute("webappDaoFactory");
-		if (wdf == null) {
-			log.error("Could not get a WebappDaoFactory from the ServletContext");
-			return false;
-		}
-
-		UserAccountsDao uaDao = wdf.getUserAccountsDao();
-		return uaDao.isRootUser(user);
-	}
-
 	@Override
 	public String toString() {
 		return this.getClass().getSimpleName() + " - " + hashCode();

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java

@@ -9,11 +9,6 @@ import javax.servlet.ServletContextListener;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import com.hp.hpl.jena.ontology.OntModel;
-import com.hp.hpl.jena.rdf.model.Resource;
-import com.hp.hpl.jena.shared.Lock;
-import com.hp.hpl.jena.vocabulary.RDF;
-
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsRootUser;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
@@ -25,9 +20,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.UserAccount.Status;
 import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
 import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
 import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
-import edu.cornell.mannlib.vitro.webapp.dao.jena.ModelContext;
 import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup;
 
 /**
@@ -73,12 +66,11 @@ public class RootUserPolicy implements PolicyIface {
 
 			try {
 				UserAccountsDao uaDao = getUserAccountsDao(ctx);
-				OntModel userAccountsModel = getUserAccountsModel(ctx);
 
 				checkForWrongRootUser(ctx, uaDao);
 
 				if (!rootUserExists(uaDao)) {
-					createRootUser(ctx, uaDao, userAccountsModel);
+					createRootUser(ctx, uaDao);
 				}
 
 				ServletPolicyList.addPolicy(ctx, new RootUserPolicy());
@@ -100,11 +92,6 @@ public class RootUserPolicy implements PolicyIface {
 			return wadf.getUserAccountsDao();
 		}
 
-		private OntModel getUserAccountsModel(ServletContext ctx) {
-			return ModelContext.getBaseOntModelSelector(ctx)
-					.getUserAccountsModel();
-		}
-
 		private void checkForWrongRootUser(ServletContext ctx,
 				UserAccountsDao uaDao) {
 			UserAccount root = getRootUser(uaDao);
@@ -128,7 +115,7 @@ public class RootUserPolicy implements PolicyIface {
 
 		private UserAccount getRootUser(UserAccountsDao uaDao) {
 			for (UserAccount ua : uaDao.getAllUserAccounts()) {
-				if (uaDao.isRootUser(ua)) {
+				if (ua.isRootUser()) {
 					return ua;
 				}
 			}
@@ -139,8 +126,7 @@ public class RootUserPolicy implements PolicyIface {
 		 * TODO The first and last name should be left blank, so the user will
 		 * be forced to edit them. However, that's not in place yet.
 		 */
-		private void createRootUser(ServletContext ctx, UserAccountsDao uaDao,
+		private void createRootUser(ServletContext ctx, UserAccountsDao uaDao) {
-				OntModel userAccountsModel) {
 			String emailAddress = ConfigurationProperties.getBean(ctx)
 					.getProperty(PROPERTY_ROOT_USER_EMAIL);
 			if (emailAddress == null) {
@@ -170,19 +156,10 @@ public class RootUserPolicy implements PolicyIface {
 					.applyMd5Encoding(ROOT_USER_INITIAL_PASSWORD));
 			ua.setPasswordChangeRequired(true);
 			ua.setStatus(Status.ACTIVE);
+			ua.setRootUser(true);
 
 			uaDao.insertUserAccount(ua);
 
-			userAccountsModel.enterCriticalSection(Lock.WRITE);
-			try {
-				Resource r = userAccountsModel.getResource(ua.getUri());
-				Resource t = userAccountsModel
-						.getResource(VitroVocabulary.USERACCOUNT_ROOT_USER);
-				userAccountsModel.add(r, RDF.type, t);
-			} finally {
-				userAccountsModel.leaveCriticalSection();
-			}
-
 			log.info("Created root user as '" + emailAddress + "'");
 		}
 

webapp/src/edu/cornell/mannlib/vitro/webapp/beans/UserAccount.java

@@ -60,6 +60,8 @@ public class UserAccount {
 	/** This may be empty, but should never be null. */
 	private Set<String> permissionSetUris = Collections.emptySet();
 
+	private boolean rootUser = false;
+
 	public String getUri() {
 		return uri;
 	}
@@ -172,6 +174,14 @@ public class UserAccount {
 		this.permissionSetUris = new HashSet<String>(permissionSetUris);
 	}
 
+	public boolean isRootUser() {
+		return rootUser;
+	}
+
+	public void setRootUser(boolean rootUser) {
+		this.rootUser = rootUser;
+	}
+
 	private <T> T nonNull(T value, T defaultValue) {
 		return (value == null) ? defaultValue : value;
 	}

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsEditPage.java

@@ -85,7 +85,7 @@ public class UserAccountsEditPage extends UserAccountsPage {
 		externalAuthId = getStringParameter(PARAMETER_EXTERNAL_AUTH_ID, "");
 		firstName = getStringParameter(PARAMETER_FIRST_NAME, "");
 		lastName = getStringParameter(PARAMETER_LAST_NAME, "");
-		selectedRoleUri = isRootUser() ? "" :getStringParameter(PARAMETER_ROLE, "");
+		selectedRoleUri = getStringParameter(PARAMETER_ROLE, "");
 		associateWithProfile = isParameterAsExpected(
 				PARAMETER_ASSOCIATE_WITH_PROFILE, "yes");
 
@@ -158,7 +158,7 @@ public class UserAccountsEditPage extends UserAccountsPage {
 	}
 
 	private boolean isRootUser() {
-		return userAccountsDao.isRootUser(userAccount);
+		return ((userAccount != null) && userAccount.isRootUser());
 	}
 
 	public boolean isValid() {
@@ -182,11 +182,10 @@ public class UserAccountsEditPage extends UserAccountsPage {
 			body.put("selectedRole", getExistingRoleUri());
 		}
 
-		if (isRootUser()) {
+		if (!isRootUser()) {
-			body.put("selectedRole", "");
+			body.put("roles", buildRolesList());
 		}
 
-		body.put("roles", buildRolesList());
 		if (associateWithProfile) {
 			body.put("associate", Boolean.TRUE);
 		}

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java

@@ -159,7 +159,7 @@ public class BasicAuthenticator extends Authenticator {
 		if (role == RoleLevel.EDITOR || role == RoleLevel.CURATOR
 				|| role == RoleLevel.DB_ADMIN) {
 			session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
-		} else if (getUserAccountsDao().isRootUser(userAccount)) {
+		} else if (userAccount.isRootUser()) {
 			session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
 		} else {
 			session.setMaxInactiveInterval(LOGGED_IN_TIMEOUT_INTERVAL);

webapp/src/edu/cornell/mannlib/vitro/webapp/dao/UserAccountsDao.java

@@ -40,11 +40,6 @@ public interface UserAccountsDao {
 	 */
 	UserAccount getUserAccountByExternalAuthId(String externalAuthId);
 
-	/**
-	 * Is this UserAccount a root user?
-	 */
-	boolean isRootUser(UserAccount userAccount);
-	
 	/**
 	 * Create a new UserAccount in the model.
 	 * 

webapp/src/edu/cornell/mannlib/vitro/webapp/dao/filtering/UserAccountsDaoFiltering.java

@@ -47,11 +47,6 @@ public class UserAccountsDaoFiltering extends BaseFiltering implements
 		return innerDao.getUserAccountByExternalAuthId(externalAuthId);
 	}
 	
-	@Override
-	public boolean isRootUser(UserAccount userAccount) {
-		return innerDao.isRootUser(userAccount);
-	}
-
 	@Override
 	public String insertUserAccount(UserAccount userAccount) {
 		return innerDao.insertUserAccount(userAccount);

webapp/src/edu/cornell/mannlib/vitro/webapp/dao/jena/UserAccountsDaoJena.java

@@ -103,6 +103,7 @@ public class UserAccountsDaoJena extends JenaBaseDao implements UserAccountsDao
 					USERACCOUNT_EXTERNAL_AUTH_ID));
 			u.setPermissionSetUris(getPropertyResourceURIValues(r,
 					USERACCOUNT_HAS_PERMISSION_SET));
+			u.setRootUser(isResourceOfType(r, USERACCOUNT_ROOT_USER));
 			return u;
 		} finally {
 			getOntModel().leaveCriticalSection();
@@ -157,21 +158,6 @@ public class UserAccountsDaoJena extends JenaBaseDao implements UserAccountsDao
 		return getUserAccountByUri(userUri);
 	}
 
-	@Override
-	public boolean isRootUser(UserAccount userAccount) {
-		if (userAccount == null) {
-			return false;
-		}
-
-		getOntModel().enterCriticalSection(Lock.READ);
-		try {
-			OntResource r = getOntModel().getOntResource(userAccount.getUri());
-			return isResourceOfType(r, USERACCOUNT_ROOT_USER);
-		} finally {
-			getOntModel().leaveCriticalSection();
-		}
-	}
-
 	@Override
 	public String insertUserAccount(UserAccount userAccount) {
 		if (userAccount == null) {
@@ -214,6 +200,10 @@ public class UserAccountsDaoJena extends JenaBaseDao implements UserAccountsDao
 					USERACCOUNT_HAS_PERMISSION_SET,
 					userAccount.getPermissionSetUris(), model);
 
+			if (userAccount.isRootUser()) {
+				model.add(res, RDF.type, USERACCOUNT_ROOT_USER);
+			}
+
 			userAccount.setUri(userUri);
 			return userUri;
 		} catch (InsertException e) {
@@ -268,6 +258,13 @@ public class UserAccountsDaoJena extends JenaBaseDao implements UserAccountsDao
 			updatePropertyResourceURIValues(res,
 					USERACCOUNT_HAS_PERMISSION_SET,
 					userAccount.getPermissionSetUris(), model);
+
+			if (userAccount.isRootUser()) {
+				model.add(res, RDF.type, USERACCOUNT_ROOT_USER);
+			} else {
+				model.remove(res, RDF.type, USERACCOUNT_ROOT_USER);
+			}
+
 		} finally {
 			model.leaveCriticalSection();
 		}

webapp/test/stubs/edu/cornell/mannlib/vitro/webapp/dao/UserAccountsDaoStub.java

@@ -38,12 +38,6 @@ public class UserAccountsDaoStub implements UserAccountsDao {
 		return userAccountsByUri.get(uri);
 	}
 
-	@Override
-	public boolean isRootUser(UserAccount userAccount) {
-		// TODO for now, no user is Root
-		return false;
-	}
-
 	// ----------------------------------------------------------------------
 	// Un-implemented methods
 	// ----------------------------------------------------------------------

webapp/web/templates/freemarker/body/accounts/userAccounts-edit.ftl

@@ -68,12 +68,14 @@
             <label for="external-auth-id">External authorization ID (optional)</label> 
             <input type="text" name="externalAuthId" value="${externalAuthId}" id="external-auth-id" role="input "/>
 
-            <p>Roles<span class="requiredHint"> *</span> </p>
+            <#if roles?has_content>
-            <#list roles as role>
+                <p>Roles<span class="requiredHint"> *</span> </p>
-                <input type="radio" name="role" value="${role.uri}" role="radio" <#if selectedRole = role.uri>checked</#if> />
+                <#list roles as role>
-                <label class="inline" for="${role.label}"> ${role.label}</label>
+                    <input type="radio" name="role" value="${role.uri}" role="radio" <#if selectedRole = role.uri>checked</#if> />
-                <br />
+                    <label class="inline" for="${role.label}"> ${role.label}</label>
-            </#list>
+                    <br />
+                </#list>
+            </#if>
 
             <#if !emailIsEnabled??>
                 <label for="new-password">New password<span class="requiredHint"> *</span></label>