Test for update Role and Provisionings

OpenConext · Nov 30, 2023 · 15df08f · 15df08f
1 parent bdf48d3
commit 15df08f
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 9 deletions.
diff --git a/server/src/main/java/access/api/RoleController.java b/server/src/main/java/access/api/RoleController.java
@@ -158,18 +158,18 @@ private ResponseEntity<Role> saveOrUpdate(Role role, User user) {
         UserPermissions.assertManagerRole(role.getApplicationMaps(), user);
 
         boolean isNew = role.getId() == null;
-        AtomicReference<Role> roleAtomicReference = new AtomicReference<>();
+        AtomicReference<List<String>> previousManageIdentifiersReference = new AtomicReference<>();
         if (!isNew) {
             Role previousRole = roleRepository.findById(role.getId()).orElseThrow(NotFoundException::new);
             //We don't allow shortName changes after creation
             role.setShortName(previousRole.getShortName());
-            roleAtomicReference.set(previousRole);
+            previousManageIdentifiersReference.set(previousRole.applicationIdentifiers());
         }
         Role saved = roleRepository.save(role);
         if (isNew) {
             provisioningService.newGroupRequest(saved);
         } else {
-            provisioningService.updateGroupRequest(roleAtomicReference.get(), saved);
+            provisioningService.updateGroupRequest(previousManageIdentifiersReference.get(), saved);
         }
         AccessLogger.role(LOG, isNew ? Event.Created : Event.Updated, user, role);
 

diff --git a/server/src/main/java/access/provision/ProvisioningService.java b/server/src/main/java/access/provision/ProvisioningService.java
@@ -4,6 +4,7 @@
 import access.provision.graph.GraphResponse;
 import access.provision.scim.OperationType;
 
+import java.util.List;
 import java.util.Optional;
 
 public interface ProvisioningService {
@@ -16,7 +17,7 @@ public interface ProvisioningService {
 
     void updateGroupRequest(UserRole userRole, OperationType operationType);
 
-    void updateGroupRequest(Role previousRole, Role newRole);
+    void updateGroupRequest(List<String> previousManageIdentifiers, Role newRole);
     void deleteGroupRequest(Role role);
 
 }
diff --git a/server/src/main/java/access/provision/ProvisioningServiceDefault.java b/server/src/main/java/access/provision/ProvisioningServiceDefault.java
@@ -224,13 +224,14 @@ private void sendGroupPutRequest(Provisioning provisioning,
     }
 
     @Override
-    public void updateGroupRequest(Role previousRole, Role newRole) {
-        List<String> previousManageIdentifiers = this.getManageIdentifiers(previousRole);
+    public void updateGroupRequest(List<String> previousManageIdentifiers, Role newRole) {
+        //Immutable List can not be sorted
+        List<String> previousManageIdentifiersSorted = previousManageIdentifiers.stream().sorted().toList();
         List<String> newManageIdentifiers = this.getManageIdentifiers(newRole);
         if (previousManageIdentifiers.equals(newManageIdentifiers)) {
             return;
         }
-        List<String> addedManageIdentifiers = newManageIdentifiers.stream().filter(id -> !previousManageIdentifiers.contains(id)).toList();
+        List<String> addedManageIdentifiers = newManageIdentifiers.stream().filter(id -> !previousManageIdentifiersSorted.contains(id)).toList();
         List<String> deletedManageIdentifiers = previousManageIdentifiers.stream().filter(id -> !newManageIdentifiers.contains(id)).toList();
 
         manage.provisioning(addedManageIdentifiers).stream().map(Provisioning::new)

diff --git a/server/src/test/java/access/api/RoleControllerTest.java b/server/src/test/java/access/api/RoleControllerTest.java
@@ -14,6 +14,7 @@
 
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.UUID;
 
 import static access.Seed.*;
@@ -114,8 +115,34 @@ void update() throws Exception {
                 .body(roleDB)
                 .put("/api/v1/roles")
                 .as(Role.class);
-        assertEquals(updated.getDescription(), "changed");
-        assertEquals(updated.getShortName(), "wiki");
+        assertEquals("changed", updated.getDescription());
+        assertEquals("wiki", updated.getShortName());
+    }
+
+    @Test
+    void updateApplications() throws Exception {
+        AccessCookieFilter accessCookieFilter = openIDConnectFlow("/api/v1/users/login", MANAGE_SUB);
+
+        super.stubForManagerProvidersByIdIn(EntityType.SAML20_SP, List.of("1", "2", "4"));
+        super.stubForManageProvisioning(List.of("1", "2", "4"));
+        super.stubForCreateScimRole();
+        super.stubForDeleteScimRole();
+
+        Role roleDB = roleRepository.search("Network", 1).get(0);
+        roleDB.setApplications(Set.of(
+                new Application("1",EntityType.SAML20_SP),
+                new Application("4",EntityType.SAML20_SP)));
+
+        Role updated = given()
+                .when()
+                .filter(accessCookieFilter.cookieFilter())
+                .accept(ContentType.JSON)
+                .header(accessCookieFilter.csrfToken().getHeaderName(), accessCookieFilter.csrfToken().getToken())
+                .contentType(ContentType.JSON)
+                .body(roleDB)
+                .put("/api/v1/roles")
+                .as(Role.class);
+        assertEquals(2, updated.getApplications().size());
     }
 
     @Test