fix: merge conflict with master

CHANGELOG.md

@@ -8,13 +8,18 @@ have notable changes.
 
 Changes since v2.12
 
+### Breaking changes
+- Multiple organization support for users #2035
+- Organizations are maintained in the database and not config #2039
+
 ### Changes
 - Returned applications can now be resubmitted even if some catalogue items have been disabled. (#2145)
 - Automated browser testing has been improved in implementation and also in the coverage of the administration side
 - Form API create & edit requests are validated (#2098). This was meant to be added in 2.7 but the validation wasn't active by mistake.
 
 ### Additions
 - The form administration pages now flag forms that have missing localizations. REMS also logs a warning on startup for these forms. (#2098)
+- There is now an API for querying and creating organizations #2039
 
 ## v2.12 "Merituulentie" 2020-05-04
 

docs/glossary.md

@@ -49,7 +49,7 @@
   responds to requests from handlers
 - user-owner: a role that can create & update user details
 - owner: a role that can create and edit resources, workflows, catalogue items, etc.
-- organization-owner: like owner, but can only create and edit items belonging to the user's organization
+- organization-owner: like owner, but can only create and edit items belonging to their owned organizations
 
 ## Commands & events
 

docs/installing-upgrading.md

@@ -26,6 +26,7 @@ Some pointers for common tasks:
 
   Typically you need to grant at least the `owner` role manually to someone to do administrative tasks through the UI.
 - More info about roles can be found in [glossary.md](glossary.md)
+- If you wish to use multiple organizations, you should create them with the owner user with the API or UI. See [organizations.md](organizations.md)
 
 # Upgrading REMS
 

docs/organizations.md

@@ -8,17 +8,18 @@ progress, but here is a summary of the current status.
 
 ## Available organizations
 
-Available organizations are configured using the `:organizations`
-config key. If it is not present, the default is one organization,
-named "default".
+Available organizations are stored in the database table `organization`.
+While taking a new REMS instance into use, you should create them either 
+using the API or the UI. See [installing-upgrading.md](installing-upgrading.md).
 
 ## Organizations of users
 
-Users' organizations are based on the `:organization` attribute from
-the identity provider
+Users' organizations are based on the `:organizations` attribute from
+the identity provider. There can be one or more organizations at the same time.
 
 ## The organization owner role
 
 The `organization-owner` role can only create and edit things that
 belong to his own organization. The `owner` role can create things
-that belong to any (available) organization.
+that belong to any (available) organization. The ownership for organizations
+is managed through the `organization` table and `:organization/owners` key.

resources/config-defaults.edn

@@ -139,10 +139,6 @@
  ;; :disable-commands [:application.command/assign-external-id :application.command/change-resources]
  :disable-commands []
 
- ;; List of allowed values for the organization field. Should contain at least one element.
- ;; See also docs/organizations.md
- :organizations ["default"]
-
  ;; Experimental features
 
  ;; enable /api/applications/:id/experimental/pdf

resources/migrations/20200325115459-add-organizations.down.sql

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS organization;

resources/migrations/20200325115459-add-organizations.up.sql

@@ -0,0 +1,6 @@
+CREATE TABLE organization (
+  id VARCHAR(255) NOT NULL PRIMARY KEY,
+  modifierUserId varchar(255) NOT NULL,
+  modified timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  data jsonb NOT NULL
+);

resources/migrations/20200519062723-multiple-organizations.edn

@@ -0,0 +1,3 @@
+{:ns rems.migrations.multiple-organizations
+ :up-fn migrate-up
+ :down-fn nil}

resources/sql/queries.sql

@@ -591,3 +591,12 @@ WHERE 1=1
   AND path LIKE :path
 /*~ ) ~*/
 ORDER BY time ASC;
+
+-- :name get-organizations :*
+SELECT id, modifierUserId, modified, data::text as data FROM organization;
+
+-- :name get-organization-by-id :? :1
+SELECT id, modifierUserId, modified, data::text as data FROM organization WHERE id = :id;
+
+-- :name add-organization! :!
+INSERT INTO organization(id, modifierUserId, modified, data) VALUES (:id, :user, :time, :data::jsonb);

src/clj/rems/api.clj

@@ -16,6 +16,7 @@
             [rems.api.forms :refer [forms-api]]
             [rems.api.health :refer [health-api]]
             [rems.api.licenses :refer [licenses-api]]
+            [rems.api.organizations :refer [organizations-api]]
             [rems.api.permissions :refer [permissions-api]]
             [rems.api.public :as public]
             [rems.api.resources :refer [resources-api]]
@@ -168,6 +169,7 @@
       forms-api
       health-api
       licenses-api
+      organizations-api
       permissions-api
       resources-api
       user-settings-api

src/clj/rems/api/catalogue.clj

@@ -5,6 +5,7 @@
             [rems.db.catalogue :as catalogue]
             [rems.roles :as roles]
             [rems.auth.util :refer [throw-forbidden]]
+            [rems.api.services.catalogue :as catalogue]
             [ring.util.http-response :refer :all]
             [schema.core :as s]
             [rems.config :refer [env]]

src/clj/rems/api/catalogue_items.clj

@@ -32,8 +32,7 @@
   {:form s/Int
    :resid s/Int
    :wfid s/Int
-   ;; TODO make unoptional for consistency with other endpoints?
-   (s/optional-key :organization) s/Str
+   :organization OrganizationId
    :localizations WriteCatalogueItemLocalizations
    (s/optional-key :enabled) s/Bool
    (s/optional-key :archived) s/Bool})

src/clj/rems/api/forms.clj

@@ -2,7 +2,7 @@
   (:require [compojure.api.sweet :refer :all]
             [rems.api.services.form :as form]
             [rems.api.services.util :as services-util]
-            [rems.api.schema :refer [ArchivedCommand EnabledCommand FormTemplate FormTemplateOverview NewFieldTemplate SuccessResponse]]
+            [rems.api.schema :refer [ArchivedCommand EnabledCommand FormTemplate FormTemplateOverview NewFieldTemplate OrganizationId SuccessResponse]]
             [rems.api.util :refer [not-found-json-response]] ; required for route :roles
             [rems.util :refer [getx-user-id]]
             [ring.util.http-response :refer :all]
@@ -14,7 +14,7 @@
      (select-keys form [:form/id :form/organization :form/title :form/errors :enabled :archived]))))
 
 (s/defschema CreateFormCommand
-  {:form/organization s/Str
+  {:form/organization OrganizationId
    :form/title s/Str
    :form/fields [NewFieldTemplate]})
 

src/clj/rems/api/licenses.clj

@@ -26,8 +26,7 @@
 
 (s/defschema CreateLicenseCommand
   {:licensetype (s/enum "link" "text" "attachment")
-   ;; TODO make unoptional for consistency with other endpoints?
-   (s/optional-key :organization) s/Str
+   :organization OrganizationId
    :localizations LicenseLocalizations})
 
 (s/defschema AttachmentMetadata

src/clj/rems/api/organizations.clj

@@ -0,0 +1,34 @@
+(ns rems.api.organizations
+  (:require [compojure.api.sweet :refer :all]
+            [rems.api.schema :refer :all]
+            [rems.api.util] ; required for route :roles
+            [rems.api.services.organizations :as organizations]
+            [rems.util :refer [getx-user-id]]
+            [ring.util.http-response :refer :all]
+            [schema.core :as s]))
+
+(s/defschema CreateOrganizationCommand
+  OrganizationFull)
+
+(s/defschema CreateOrganizationResponse
+  {:success s/Bool
+   (s/optional-key :organization/id) s/Str
+   (s/optional-key :errors) [s/Any]})
+
+(def organizations-api
+  (context "/organizations" []
+    :tags ["organizations"]
+
+    (GET "/" []
+      :summary "Get organizations. Returns more information for owners and handlers."
+      :roles #{:logged-in}
+      :query-params [{owner :- (describe s/Str "return only organizations that are owned by owner") nil}]
+      :return [OrganizationFull]
+      (ok (organizations/get-organizations (getx-user-id) owner)))
+
+    (POST "/create" []
+      :summary "Create organization"
+      :roles #{:owner}
+      :body [command CreateOrganizationCommand]
+      :return CreateOrganizationResponse
+      (ok (organizations/add-organization! (getx-user-id) command)))))

src/clj/rems/api/public.clj

@@ -25,8 +25,7 @@
    :extra-pages [ExtraPage]
    :languages [s/Keyword]
    :default-language s/Keyword
-   :dev s/Bool
-   :organizations [s/Str]})
+   :dev s/Bool})
 
 (def translations-api
   (context "/translations" []

src/clj/rems/api/resources.clj

@@ -13,7 +13,7 @@
   {:id s/Int
    :owneruserid s/Str
    :modifieruserid s/Str
-   :organization s/Str
+   :organization OrganizationOverview
    :resid s/Str
    :enabled s/Bool
    :archived s/Bool
@@ -24,7 +24,7 @@
 
 (s/defschema CreateResourceCommand
   {:resid s/Str
-   :organization s/Str
+   :organization OrganizationId
    :licenses [s/Int]})
 
 (s/defschema CreateResourceResponse

src/clj/rems/api/schema.clj

@@ -7,16 +7,28 @@
   (:import (org.joda.time DateTime)))
 
 (def UserId s/Str)
-
 (s/defschema User {:userid UserId})
+(s/defschema OrganizationId {:organization/id s/Str})
 
 (s/defschema UserWithAttributes
   {:userid UserId
    :name (s/maybe s/Str)
    :email (s/maybe s/Str)
-   (s/optional-key :organization) (s/maybe s/Str)
+   (s/optional-key :organizations) [OrganizationId]
    (s/optional-key :notification-email) (s/maybe s/Str)})
 
+(s/defschema OrganizationOverview
+  (merge OrganizationId
+         {:organization/name s/Str}))
+
+(s/defschema OrganizationFull
+  (merge OrganizationOverview
+         {(s/optional-key :organization/modifier) User
+          (s/optional-key :organization/last-modified) DateTime
+          (s/optional-key :organization/owners) [User]
+          (s/optional-key :organization/review-emails) [{:name s/Str
+                                                         :email s/Str}]}))
+
 (s/defschema CatalogueItemLocalizations
   {s/Keyword {;; TODO :id (it's the catalogue item id) and :langcode
               ;; fields are redundant. If we remove them we can reuse
@@ -35,7 +47,7 @@
    (s/optional-key :form-name) s/Str
    :resid s/Str
    :resource-id s/Int
-   :organization s/Str
+   :organization OrganizationOverview
    (s/optional-key :resource-name) s/Str
    :start DateTime
    :end (s/maybe DateTime)
@@ -47,7 +59,7 @@
 (s/defschema License
   {:id s/Int
    :licensetype (s/enum "text" "link" "attachment")
-   :organization s/Str
+   :organization OrganizationOverview
    :enabled s/Bool
    :archived s/Bool
    :localizations {s/Keyword {:title s/Str
@@ -138,7 +150,7 @@
 
 (s/defschema Workflow
   {:id s/Int
-   :organization s/Str
+   :organization OrganizationOverview
    :owneruserid UserId
    :modifieruserid UserId
    :title s/Str
@@ -184,7 +196,7 @@
 
 (s/defschema FormTemplate
   {:form/id s/Int
-   :form/organization s/Str
+   :form/organization OrganizationOverview
    :form/title s/Str
    :form/fields [FieldTemplate]
    (s/optional-key :form/errors) (s/maybe {(s/optional-key :form/organization) s/Any

src/clj/rems/api/services/catalogue.clj

@@ -1,11 +1,11 @@
 (ns rems.api.services.catalogue
   (:require [rems.api.services.util :as util]
-            [rems.common.util :refer [index-by]]
             [rems.db.applications :as applications]
             [rems.db.core :as db]
             [rems.db.catalogue :as catalogue]
             [rems.db.form :as form]
             [rems.db.licenses :as licenses]
+            [rems.db.organizations :as organizations]
             [rems.db.resource :as resource]
             [rems.db.workflow :as workflow]))
 
@@ -19,9 +19,8 @@
 
 (defn create-catalogue-item! [{:keys [localizations organization] :as command}]
   (util/check-allowed-organization! organization)
-  ;; TODO make :organization unoptional?
-  (let [id (:id (db/create-catalogue-item! (merge {:organization ""}
-                                                  (select-keys command [:form :resid :wfid :enabled :archived :organization]))))
+  (let [id (:id (db/create-catalogue-item! (merge {:organization (:organization/id organization "default")}
+                                                  (select-keys command [:form :resid :wfid :enabled :archived]))))
         loc-ids
         (doall
          (for [[langcode localization] localizations]
@@ -34,8 +33,21 @@
     {:success (not (some nil? (cons id loc-ids)))
      :id id}))
 
-(def get-localized-catalogue-items catalogue/get-localized-catalogue-items)
-(def get-localized-catalogue-item catalogue/get-localized-catalogue-item)
+(defn- join-dependencies [item]
+  (when item
+    (->> item
+         organizations/join-organization
+         ;; not used at the moment
+         #_licenses/join-catalogue-item-licenses
+         #_(transform [:licenses ALL] organizations/join-organization))))
+
+(defn get-localized-catalogue-items [& [query-params]]
+  (->> (catalogue/get-localized-catalogue-items (or query-params {}))
+       (mapv join-dependencies)))
+
+(defn get-localized-catalogue-item [id]
+  (->> (catalogue/get-localized-catalogue-item id)
+       join-dependencies))
 
 (defn- check-allowed-to-edit! [id]
   (-> id
@@ -96,7 +108,7 @@
     (let [new-item (db/create-catalogue-item! {:enabled true
                                                :archived false
                                                :form form-id
-                                               :organization (:organization item)
+                                               :organization (get-in item [:organization :organization/id])
                                                :resid (:resource-id item)
                                                :wfid (:wfid item)})]