From 15df08fa6ece771026df66980834d71ec5d989d4 Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Thu, 30 Nov 2023 10:59:28 +0100 Subject: [PATCH] Test for update Role and Provisionings --- .../main/java/access/api/RoleController.java | 6 ++-- .../access/provision/ProvisioningService.java | 3 +- .../provision/ProvisioningServiceDefault.java | 7 +++-- .../java/access/api/RoleControllerTest.java | 31 +++++++++++++++++-- 4 files changed, 38 insertions(+), 9 deletions(-) diff --git a/server/src/main/java/access/api/RoleController.java b/server/src/main/java/access/api/RoleController.java index bdc685de..5fa7242b 100644 --- a/server/src/main/java/access/api/RoleController.java +++ b/server/src/main/java/access/api/RoleController.java @@ -158,18 +158,18 @@ private ResponseEntity saveOrUpdate(Role role, User user) { UserPermissions.assertManagerRole(role.getApplicationMaps(), user); boolean isNew = role.getId() == null; - AtomicReference roleAtomicReference = new AtomicReference<>(); + AtomicReference> previousManageIdentifiersReference = new AtomicReference<>(); if (!isNew) { Role previousRole = roleRepository.findById(role.getId()).orElseThrow(NotFoundException::new); //We don't allow shortName changes after creation role.setShortName(previousRole.getShortName()); - roleAtomicReference.set(previousRole); + previousManageIdentifiersReference.set(previousRole.applicationIdentifiers()); } Role saved = roleRepository.save(role); if (isNew) { provisioningService.newGroupRequest(saved); } else { - provisioningService.updateGroupRequest(roleAtomicReference.get(), saved); + provisioningService.updateGroupRequest(previousManageIdentifiersReference.get(), saved); } AccessLogger.role(LOG, isNew ? Event.Created : Event.Updated, user, role); diff --git a/server/src/main/java/access/provision/ProvisioningService.java b/server/src/main/java/access/provision/ProvisioningService.java index 8fb70791..548b870a 100644 --- a/server/src/main/java/access/provision/ProvisioningService.java +++ b/server/src/main/java/access/provision/ProvisioningService.java @@ -4,6 +4,7 @@ import access.provision.graph.GraphResponse; import access.provision.scim.OperationType; +import java.util.List; import java.util.Optional; public interface ProvisioningService { @@ -16,7 +17,7 @@ public interface ProvisioningService { void updateGroupRequest(UserRole userRole, OperationType operationType); - void updateGroupRequest(Role previousRole, Role newRole); + void updateGroupRequest(List previousManageIdentifiers, Role newRole); void deleteGroupRequest(Role role); } diff --git a/server/src/main/java/access/provision/ProvisioningServiceDefault.java b/server/src/main/java/access/provision/ProvisioningServiceDefault.java index 8d9a5caa..ef042868 100644 --- a/server/src/main/java/access/provision/ProvisioningServiceDefault.java +++ b/server/src/main/java/access/provision/ProvisioningServiceDefault.java @@ -224,13 +224,14 @@ private void sendGroupPutRequest(Provisioning provisioning, } @Override - public void updateGroupRequest(Role previousRole, Role newRole) { - List previousManageIdentifiers = this.getManageIdentifiers(previousRole); + public void updateGroupRequest(List previousManageIdentifiers, Role newRole) { + //Immutable List can not be sorted + List previousManageIdentifiersSorted = previousManageIdentifiers.stream().sorted().toList(); List newManageIdentifiers = this.getManageIdentifiers(newRole); if (previousManageIdentifiers.equals(newManageIdentifiers)) { return; } - List addedManageIdentifiers = newManageIdentifiers.stream().filter(id -> !previousManageIdentifiers.contains(id)).toList(); + List addedManageIdentifiers = newManageIdentifiers.stream().filter(id -> !previousManageIdentifiersSorted.contains(id)).toList(); List deletedManageIdentifiers = previousManageIdentifiers.stream().filter(id -> !newManageIdentifiers.contains(id)).toList(); manage.provisioning(addedManageIdentifiers).stream().map(Provisioning::new) diff --git a/server/src/test/java/access/api/RoleControllerTest.java b/server/src/test/java/access/api/RoleControllerTest.java index 8786075b..3f459d4b 100644 --- a/server/src/test/java/access/api/RoleControllerTest.java +++ b/server/src/test/java/access/api/RoleControllerTest.java @@ -14,6 +14,7 @@ import java.util.List; import java.util.Map; +import java.util.Set; import java.util.UUID; import static access.Seed.*; @@ -114,8 +115,34 @@ void update() throws Exception { .body(roleDB) .put("/api/v1/roles") .as(Role.class); - assertEquals(updated.getDescription(), "changed"); - assertEquals(updated.getShortName(), "wiki"); + assertEquals("changed", updated.getDescription()); + assertEquals("wiki", updated.getShortName()); + } + + @Test + void updateApplications() throws Exception { + AccessCookieFilter accessCookieFilter = openIDConnectFlow("/api/v1/users/login", MANAGE_SUB); + + super.stubForManagerProvidersByIdIn(EntityType.SAML20_SP, List.of("1", "2", "4")); + super.stubForManageProvisioning(List.of("1", "2", "4")); + super.stubForCreateScimRole(); + super.stubForDeleteScimRole(); + + Role roleDB = roleRepository.search("Network", 1).get(0); + roleDB.setApplications(Set.of( + new Application("1",EntityType.SAML20_SP), + new Application("4",EntityType.SAML20_SP))); + + Role updated = given() + .when() + .filter(accessCookieFilter.cookieFilter()) + .accept(ContentType.JSON) + .header(accessCookieFilter.csrfToken().getHeaderName(), accessCookieFilter.csrfToken().getToken()) + .contentType(ContentType.JSON) + .body(roleDB) + .put("/api/v1/roles") + .as(Role.class); + assertEquals(2, updated.getApplications().size()); } @Test