UserDevfile API permissions

assembly/assembly-wsmaster-war/pom.xml

@@ -291,10 +291,6 @@
             <groupId>org.eclipse.che.multiuser</groupId>
             <artifactId>che-multiuser-machine-authentication</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.eclipse.che.multiuser</groupId>
-            <artifactId>che-multiuser-permission-devfile</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.eclipse.che.multiuser</groupId>
             <artifactId>che-multiuser-permission-logger</artifactId>
@@ -311,6 +307,10 @@
             <groupId>org.eclipse.che.multiuser</groupId>
             <artifactId>che-multiuser-permission-user</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.eclipse.che.multiuser</groupId>
+            <artifactId>che-multiuser-permission-userdevfile</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.eclipse.che.multiuser</groupId>
             <artifactId>che-multiuser-permission-workspace</artifactId>

assembly/assembly-wsmaster-war/src/main/java/org/eclipse/che/api/deploy/WsMasterModule.java

@@ -77,7 +77,6 @@
 import org.eclipse.che.multiuser.api.permission.server.AdminPermissionInitializer;
 import org.eclipse.che.multiuser.api.permission.server.PermissionChecker;
 import org.eclipse.che.multiuser.api.permission.server.PermissionCheckerImpl;
-import org.eclipse.che.multiuser.api.workspace.activity.MultiUserWorkspaceActivityModule;
 import org.eclipse.che.multiuser.keycloak.server.deploy.KeycloakModule;
 import org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule;
 import org.eclipse.che.multiuser.organization.api.OrganizationApiModule;
@@ -345,8 +344,13 @@ private void configureMultiUserMode(
     install(
         new org.eclipse.che.multiuser.permission.workspace.server.jpa
             .MultiuserWorkspaceJpaModule());
-    install(new org.eclipse.che.api.devfile.server.jpa.UserDevfileJpaModule());
-    install(new MultiUserWorkspaceActivityModule());
+    install(
+        new org.eclipse.che.multiuser.permission.devfile.server.jpa
+            .MultiuserUserDevfileJpaModule());
+    install(
+        new org.eclipse.che.multiuser.permission.devfile.server.UserDevfileApiPermissionsModule());
+    install(
+        new org.eclipse.che.multiuser.api.workspace.activity.MultiUserWorkspaceActivityModule());
 
     // Permission filters
     bind(org.eclipse.che.multiuser.permission.system.SystemServicePermissionsFilter.class);
@@ -361,7 +365,6 @@ private void configureMultiUserMode(
     bind(org.eclipse.che.multiuser.permission.user.UserServicePermissionsFilter.class);
     bind(org.eclipse.che.multiuser.permission.logger.LoggerServicePermissionsFilter.class);
 
-    bind(org.eclipse.che.multiuser.permission.devfile.DevfilePermissionsFilter.class);
     bind(org.eclipse.che.multiuser.permission.workspace.activity.ActivityPermissionsFilter.class);
     bind(AdminPermissionInitializer.class).asEagerSingleton();
     bind(

assembly/assembly-wsmaster-war/src/main/resources/META-INF/persistence.xml

@@ -58,12 +58,14 @@
         <class>org.eclipse.che.api.workspace.server.model.impl.devfile.CommandImpl</class>
         <class>org.eclipse.che.api.workspace.server.model.impl.devfile.EndpointImpl</class>
         <class>org.eclipse.che.api.workspace.server.devfile.SerializableConverter</class>
+        <class>org.eclipse.che.api.devfile.server.model.impl.UserDevfileImpl</class>
 
         <class>org.eclipse.che.api.ssh.server.model.impl.SshPairImpl</class>
 
         <class>org.eclipse.che.multiuser.api.permission.server.model.impl.SystemPermissionsImpl</class>
         <class>org.eclipse.che.multiuser.api.permission.server.model.impl.AbstractPermissions</class>
         <class>org.eclipse.che.multiuser.permission.workspace.server.model.impl.WorkerImpl</class>
+        <class>org.eclipse.che.multiuser.permission.devfile.server.model.impl.UserDevfilePermissionImpl</class>
 
         <class>org.eclipse.che.multiuser.resource.spi.impl.FreeResourcesLimitImpl</class>
         <class>org.eclipse.che.multiuser.resource.spi.impl.ResourceImpl</class>

multiuser/integration-tests/che-multiuser-cascade-removal/pom.xml

@@ -83,6 +83,11 @@
             <artifactId>che-core-api-core</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.eclipse.che.core</groupId>
+            <artifactId>che-core-api-devfile</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.eclipse.che.core</groupId>
             <artifactId>che-core-api-factory</artifactId>
@@ -178,6 +183,11 @@
             <artifactId>che-multiuser-machine-authentication</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.eclipse.che.multiuser</groupId>
+            <artifactId>che-multiuser-permission-userdevfile</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.eclipse.che.multiuser</groupId>
             <artifactId>che-multiuser-permission-workspace</artifactId>

multiuser/integration-tests/che-multiuser-cascade-removal/src/test/java/org/eclipse/che/multiuser/integration/jpa/cascaderemoval/JpaEntitiesCascadeRemovalTest.java

@@ -24,6 +24,9 @@
 import static org.eclipse.che.multiuser.integration.jpa.cascaderemoval.TestObjectsFactory.createUser;
 import static org.eclipse.che.multiuser.integration.jpa.cascaderemoval.TestObjectsFactory.createWorker;
 import static org.eclipse.che.multiuser.integration.jpa.cascaderemoval.TestObjectsFactory.createWorkspace;
+import static org.eclipse.che.multiuser.permission.devfile.server.UserDevfileDomain.DELETE;
+import static org.eclipse.che.multiuser.permission.devfile.server.UserDevfileDomain.READ;
+import static org.eclipse.che.multiuser.permission.devfile.server.UserDevfileDomain.UPDATE;
 import static org.eclipse.che.multiuser.resource.spi.jpa.JpaFreeResourcesLimitDao.RemoveFreeResourcesLimitSubscriber;
 import static org.mockito.Mockito.mock;
 import static org.testng.Assert.assertEquals;
@@ -33,6 +36,7 @@
 import static org.testng.Assert.assertTrue;
 import static org.testng.Assert.fail;
 
+import com.google.common.collect.ImmutableList;
 import com.google.inject.AbstractModule;
 import com.google.inject.Guice;
 import com.google.inject.Injector;
@@ -54,6 +58,8 @@
 import org.eclipse.che.api.core.NotFoundException;
 import org.eclipse.che.api.core.ServerException;
 import org.eclipse.che.api.core.notification.EventService;
+import org.eclipse.che.api.devfile.server.model.impl.UserDevfileImpl;
+import org.eclipse.che.api.devfile.server.spi.UserDevfileDao;
 import org.eclipse.che.api.factory.server.jpa.FactoryJpaModule;
 import org.eclipse.che.api.factory.server.model.impl.FactoryImpl;
 import org.eclipse.che.api.factory.server.spi.FactoryDao;
@@ -106,6 +112,10 @@
 import org.eclipse.che.multiuser.organization.spi.MemberDao;
 import org.eclipse.che.multiuser.organization.spi.impl.MemberImpl;
 import org.eclipse.che.multiuser.organization.spi.impl.OrganizationImpl;
+import org.eclipse.che.multiuser.permission.devfile.server.jpa.MultiuserUserDevfileJpaModule;
+import org.eclipse.che.multiuser.permission.devfile.server.listener.RemoveUserDevfileOnLastUserRemovedEventSubscriber;
+import org.eclipse.che.multiuser.permission.devfile.server.model.impl.UserDevfilePermissionImpl;
+import org.eclipse.che.multiuser.permission.devfile.server.spi.UserDevfilePermissionDao;
 import org.eclipse.che.multiuser.permission.workspace.server.jpa.MultiuserWorkspaceJpaModule;
 import org.eclipse.che.multiuser.permission.workspace.server.spi.WorkerDao;
 import org.eclipse.che.multiuser.resource.api.AvailableResourcesProvider;
@@ -143,6 +153,8 @@ public class JpaEntitiesCascadeRemovalTest {
   private SshDao sshDao;
   private FactoryDao factoryDao;
   private WorkerDao workerDao;
+  private UserDevfilePermissionDao userDevfilePermissionDao;
+  private UserDevfileDao userDevfileDao;
   private SignatureKeyDao signatureKeyDao;
   private FreeResourcesLimitDao freeResourcesLimitDao;
   private OrganizationManager organizationManager;
@@ -195,6 +207,9 @@ public class JpaEntitiesCascadeRemovalTest {
 
   private FreeResourcesLimitImpl freeResourcesLimit2;
 
+  private UserDevfileImpl devfile;
+  private UserDevfilePermissionImpl devfilePermission;
+
   private H2JpaCleaner h2JpaCleaner;
 
   @BeforeMethod
@@ -221,6 +236,8 @@ protected void configure() {
                 install(new MultiuserWorkspaceJpaModule());
                 install(new MachineAuthModule());
                 install(new DevfileModule());
+                install(new MultiuserUserDevfileJpaModule());
+
                 bind(ExecutorServiceWrapper.class).to(NoopExecutorServiceWrapper.class);
 
                 bind(FreeResourcesLimitDao.class).to(JpaFreeResourcesLimitDao.class);
@@ -305,6 +322,8 @@ protected void configure() {
     workspaceDao = injector.getInstance(WorkspaceDao.class);
     factoryDao = injector.getInstance(FactoryDao.class);
     workerDao = injector.getInstance(WorkerDao.class);
+    userDevfileDao = injector.getInstance(UserDevfileDao.class);
+    userDevfilePermissionDao = injector.getInstance(UserDevfilePermissionDao.class);
     signatureKeyDao = injector.getInstance(SignatureKeyDao.class);
     freeResourcesLimitDao = injector.getInstance(FreeResourcesLimitDao.class);
     organizationManager = injector.getInstance(OrganizationManager.class);
@@ -338,6 +357,12 @@ public void shouldDeleteAllTheEntitiesWhenUserIsDeleted() throws Exception {
     // Check workers and parent entity is removed
     assertTrue(workspaceDao.getByNamespace(user2.getId(), 30, 0).isEmpty());
     assertEquals(workerDao.getWorkers(workspace3.getId(), 1, 0).getTotalItemsCount(), 0);
+    assertNull(
+        notFoundToNull(
+            () ->
+                userDevfilePermissionDao.getUserDevfilePermission(devfile.getId(), user2.getId())));
+    assertFalse(userDevfileDao.getById(devfile.getId()).isPresent());
+
     // Permissions are removed
     // Non-removed user permissions and stack are present
     // Check existence of organizations
@@ -391,6 +416,11 @@ public void shouldRollbackTransactionWhenFailedToRemoveAnyOfEntries(
     assertNotNull(notFoundToNull(() -> organizationManager.getById(childOrganization.getId())));
     assertNotNull(notFoundToNull(() -> organizationManager.getById(organization2.getId())));
     assertNotNull(notFoundToNull(() -> signatureKeyDao.get(workspace2.getId())));
+    assertTrue(userDevfileDao.getById(devfile.getId()).isPresent());
+    assertNotNull(
+        notFoundToNull(
+            () ->
+                userDevfilePermissionDao.getUserDevfilePermission(devfile.getId(), user2.getId())));
     assertFalse(
         organizationResourcesDistributor.getResourcesCaps(childOrganization.getId()).isEmpty());
     wipeTestData();
@@ -399,7 +429,8 @@ public void shouldRollbackTransactionWhenFailedToRemoveAnyOfEntries(
   @DataProvider(name = "beforeRemoveRollbackActions")
   public Object[][] beforeRemoveActions() {
     return new Class[][] {
-      {RemoveOrganizationOnLastUserRemovedEventSubscriber.class, BeforeUserRemovedEvent.class}
+      {RemoveOrganizationOnLastUserRemovedEventSubscriber.class, BeforeUserRemovedEvent.class},
+      {RemoveUserDevfileOnLastUserRemovedEventSubscriber.class, BeforeUserRemovedEvent.class}
     };
   }
 
@@ -453,6 +484,12 @@ private void createTestData()
     organizationResourcesDistributor.capResources(
         childOrganization.getId(),
         singletonList(new ResourceImpl(RamResourceType.ID, 1024, RamResourceType.UNIT)));
+
+    userDevfileDao.create(devfile = TestObjectsFactory.createUserDevfile("id-dev1", "devfile1"));
+    userDevfilePermissionDao.store(
+        devfilePermission =
+            new UserDevfilePermissionImpl(
+                devfile.getId(), user2.getId(), ImmutableList.of(READ, DELETE, UPDATE)));
   }
 
   private void prepareCreator(String userId) {
@@ -477,6 +514,9 @@ private void wipeTestData() throws ConflictException, ServerException, NotFoundE
 
     workerDao.removeWorker(workspace3.getId(), user2.getId());
 
+    userDevfilePermissionDao.removeUserDevfilePermission(devfile.getId(), user2.getId());
+    userDevfileDao.remove(devfile.getId());
+
     factoryDao.remove(factory1.getId());
     factoryDao.remove(factory2.getId());
 

multiuser/integration-tests/che-multiuser-cascade-removal/src/test/java/org/eclipse/che/multiuser/integration/jpa/cascaderemoval/TestObjectsFactory.java

@@ -12,6 +12,8 @@
 package org.eclipse.che.multiuser.integration.jpa.cascaderemoval;
 
 import static java.util.Arrays.asList;
+import static java.util.Collections.singletonList;
+import static java.util.Collections.singletonMap;
 
 import com.google.common.collect.ImmutableMap;
 import java.security.KeyPair;
@@ -22,13 +24,24 @@
 import java.util.Map;
 import org.eclipse.che.account.shared.model.Account;
 import org.eclipse.che.account.spi.AccountImpl;
+import org.eclipse.che.api.devfile.server.model.impl.UserDevfileImpl;
 import org.eclipse.che.api.factory.server.model.impl.AuthorImpl;
 import org.eclipse.che.api.factory.server.model.impl.FactoryImpl;
 import org.eclipse.che.api.ssh.server.model.impl.SshPairImpl;
 import org.eclipse.che.api.user.server.model.impl.ProfileImpl;
 import org.eclipse.che.api.user.server.model.impl.UserImpl;
 import org.eclipse.che.api.workspace.server.model.impl.WorkspaceConfigImpl;
 import org.eclipse.che.api.workspace.server.model.impl.WorkspaceImpl;
+import org.eclipse.che.api.workspace.server.model.impl.devfile.ActionImpl;
+import org.eclipse.che.api.workspace.server.model.impl.devfile.CommandImpl;
+import org.eclipse.che.api.workspace.server.model.impl.devfile.ComponentImpl;
+import org.eclipse.che.api.workspace.server.model.impl.devfile.DevfileImpl;
+import org.eclipse.che.api.workspace.server.model.impl.devfile.EndpointImpl;
+import org.eclipse.che.api.workspace.server.model.impl.devfile.EntrypointImpl;
+import org.eclipse.che.api.workspace.server.model.impl.devfile.EnvImpl;
+import org.eclipse.che.api.workspace.server.model.impl.devfile.MetadataImpl;
+import org.eclipse.che.api.workspace.server.model.impl.devfile.ProjectImpl;
+import org.eclipse.che.api.workspace.server.model.impl.devfile.SourceImpl;
 import org.eclipse.che.multiuser.machine.authentication.server.signature.model.impl.SignatureKeyPairImpl;
 import org.eclipse.che.multiuser.permission.workspace.server.model.impl.WorkerImpl;
 import org.eclipse.che.multiuser.resource.spi.impl.FreeResourcesLimitImpl;
@@ -112,5 +125,139 @@ public static SignatureKeyPairImpl createSignatureKeyPair(String workspaceId)
     return new SignatureKeyPairImpl(workspaceId, pair.getPublic(), pair.getPrivate());
   }
 
+  public static UserDevfileImpl createUserDevfile(String id, String name) {
+    return new UserDevfileImpl(id, createDevfile(name));
+  }
+
+  public static DevfileImpl createDevfile(String name) {
+
+    SourceImpl source1 =
+        new SourceImpl(
+            "type1",
+            "http://location",
+            "branch1",
+            "point1",
+            "tag1",
+            "commit1",
+            "sparseCheckoutDir1");
+    ProjectImpl project1 = new ProjectImpl("project1", source1, "path1");
+
+    SourceImpl source2 =
+        new SourceImpl(
+            "type2",
+            "http://location",
+            "branch2",
+            "point2",
+            "tag2",
+            "commit2",
+            "sparseCheckoutDir2");
+    ProjectImpl project2 = new ProjectImpl("project2", source2, "path2");
+
+    ActionImpl action1 =
+        new ActionImpl("exec1", "component1", "run.sh", "/home/user/1", null, null);
+    ActionImpl action2 =
+        new ActionImpl("exec2", "component2", "run.sh", "/home/user/2", null, null);
+
+    CommandImpl command1 =
+        new CommandImpl(name + "-1", singletonList(action1), singletonMap("attr1", "value1"), null);
+    CommandImpl command2 =
+        new CommandImpl(name + "-2", singletonList(action2), singletonMap("attr2", "value2"), null);
+
+    EntrypointImpl entrypoint1 =
+        new EntrypointImpl(
+            "parentName1",
+            singletonMap("parent1", "selector1"),
+            "containerName1",
+            asList("command1", "command2"),
+            asList("arg1", "arg2"));
+
+    EntrypointImpl entrypoint2 =
+        new EntrypointImpl(
+            "parentName2",
+            singletonMap("parent2", "selector2"),
+            "containerName2",
+            asList("command3", "command4"),
+            asList("arg3", "arg4"));
+
+    org.eclipse.che.api.workspace.server.model.impl.devfile.VolumeImpl volume1 =
+        new org.eclipse.che.api.workspace.server.model.impl.devfile.VolumeImpl("name1", "path1");
+
+    org.eclipse.che.api.workspace.server.model.impl.devfile.VolumeImpl volume2 =
+        new org.eclipse.che.api.workspace.server.model.impl.devfile.VolumeImpl("name2", "path2");
+
+    EnvImpl env1 = new EnvImpl("name1", "value1");
+    EnvImpl env2 = new EnvImpl("name2", "value2");
+
+    EndpointImpl endpoint1 = new EndpointImpl("name1", 1111, singletonMap("key1", "value1"));
+    EndpointImpl endpoint2 = new EndpointImpl("name2", 2222, singletonMap("key2", "value2"));
+
+    ComponentImpl component1 =
+        new ComponentImpl(
+            "kubernetes",
+            "component1",
+            "eclipse/che-theia/0.0.1",
+            ImmutableMap.of("java.home", "/home/user/jdk11"),
+            "https://mysite.com/registry/somepath1",
+            "/dev.yaml",
+            "refcontent1",
+            ImmutableMap.of("app.kubernetes.io/component", "db"),
+            asList(entrypoint1, entrypoint2),
+            "image",
+            "256G",
+            "128M",
+            "2",
+            "130m",
+            false,
+            false,
+            singletonList("command"),
+            singletonList("arg"),
+            asList(volume1, volume2),
+            asList(env1, env2),
+            asList(endpoint1, endpoint2));
+    component1.setSelector(singletonMap("key1", "value1"));
+
+    ComponentImpl component2 =
+        new ComponentImpl(
+            "kubernetes",
+            "component2",
+            "eclipse/che-theia/0.0.1",
+            ImmutableMap.of(
+                "java.home",
+                "/home/user/jdk11aertwertert",
+                "java.boolean",
+                true,
+                "java.long",
+                123444L),
+            "https://mysite.com/registry/somepath2",
+            "/dev.yaml",
+            "refcontent2",
+            ImmutableMap.of("app.kubernetes.io/component", "webapp"),
+            asList(entrypoint1, entrypoint2),
+            "image",
+            "256G",
+            "256M",
+            "3",
+            "180m",
+            false,
+            false,
+            singletonList("command"),
+            singletonList("arg"),
+            asList(volume1, volume2),
+            asList(env1, env2),
+            asList(endpoint1, endpoint2));
+    component2.setSelector(singletonMap("key2", "value2"));
+
+    DevfileImpl devfile =
+        new DevfileImpl(
+            "0.0.1",
+            asList(project1, project2),
+            asList(component1, component2),
+            asList(command1, command2),
+            singletonMap("attribute1", "value1"),
+            new MetadataImpl(name));
+
+    return devfile;
+  }
+
   private TestObjectsFactory() {}
 }