From 06a15a2d40c32bcb6d28452a3155889a0906e6e4 Mon Sep 17 00:00:00 2001
From: pieterlukasse <pieterlukasse@gmail.com>
Date: Mon, 18 Sep 2023 16:58:23 +0200
Subject: [PATCH] wip: use custom configuration option

---
 pom.xml                                                     | 3 ++-
 .../ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java | 6 +++++-
 src/main/resources/application.properties                   | 3 +++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 845032b8ae..9b0e64a0c3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -82,6 +82,7 @@
     <spring.batch.repository.isolationLevelForCreate>ISOLATION_READ_COMMITTED</spring.batch.repository.isolationLevelForCreate>
     <spring.profiles.active>default</spring.profiles.active>
 
+    <security.ohdsi.custom.authorization.mode>teamproject</security.ohdsi.custom.authorization.mode>
     <security.provider>DisabledSecurity</security.provider>
     <security.token.expiration>43200</security.token.expiration>
     <security.origin>http://localhost</security.origin>
@@ -226,7 +227,7 @@
     <spring.jpa.properties.hibernate.generate_statistics>false</spring.jpa.properties.hibernate.generate_statistics>
     <spring.jpa.properties.hibernate.jdbc.batch_size>200</spring.jpa.properties.hibernate.jdbc.batch_size>
     <spring.jpa.properties.hibernate.order_inserts>true</spring.jpa.properties.hibernate.order_inserts>
-    <logging.level.root>debug</logging.level.root>
+    <logging.level.root>info</logging.level.root>
     <logging.level.org.ohdsi>debug</logging.level.org.ohdsi>
     <logging.level.org.springframework.orm>info</logging.level.org.springframework.orm>
     <logging.level.org.springframework.jdbc>info</logging.level.org.springframework.jdbc>
diff --git a/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java b/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java
index bc2c239d5a..89558c04cc 100644
--- a/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java
+++ b/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java
@@ -36,6 +36,7 @@
 import org.pac4j.core.profile.CommonProfile;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
 
 /**
  *
@@ -49,6 +50,9 @@ public class UpdateAccessTokenFilter extends AdviceFilter {
   private final Set<String> defaultRoles;
   private final String onFailRedirectUrl;
 
+  @Value("${security.ohdsi.custom.authorization.mode}")
+  private String authorizationMode = "";
+
   public UpdateAccessTokenFilter(
           PermissionManager authorizer,
           Set<String> defaultRoles,
@@ -133,7 +137,7 @@ protected boolean preHandle(ServletRequest request, ServletResponse response) th
       }
       try {
         // TODO - remove all teamProject roles at start of login (find this place...OR add a new "remove teamproject" filter)...
-
+        logger.debug("AUTHORIZATION_MODE === '{}'", authorizationMode); // IF THIS works: then resetRoles is true just based on this and we're done...as this part of the code always executes...
         boolean resetRoles = false;
         // check if teamProject is part of the request:
         String teamProjectRole = extractTeamProjectFromRequestParameters(request);
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 8143a3b9f9..cc696ba8bc 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -199,6 +199,9 @@ security.auth.ldap.enabled=${security.auth.ldap.enabled}
 security.auth.ad.enabled=${security.auth.ad.enabled}
 security.auth.cas.enabled=${security.auth.cas.enabled}
 
+#Authorization config
+security.ohdsi.custom.authorization.mode=${security.ohdsi.custom.authorization.mode}
+
 #Execution engine
 executionengine.updateStatusCallback=${executionengine.updateStatusCallback}
 executionengine.resultCallback=${executionengine.resultCallback}