Skip to content

Commit

Permalink
WIP for #310
Browse files Browse the repository at this point in the history
  • Loading branch information
@oharsta
oharsta committed Sep 18, 2024
1 parent 9ddf8d4 commit 3ad9587
Show file tree
Hide file tree
Showing 6 changed files with 117 additions and 22 deletions.
5 changes: 2 additions & 3 deletions client/src/api/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,9 +195,8 @@ export function consequencesRoleDeletion(roleId) {
return fetchJson(`/api/v1/user_roles//consequences/${roleId}`, {}, {}, true);
}


export function deleteUserRole(userRoleId) {
return fetchDelete(`/api/v1/user_roles/${userRoleId}`, false);
export function deleteUserRole(userRoleId, isGuest) {
return fetchDelete(`/api/v1/user_roles/${userRoleId}/${isGuest}`, false);
}
//API tokens
export function apiTokens() {
Expand Down
2 changes: 1 addition & 1 deletion client/src/tabs/UserRoles.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ export const UserRoles = ({role, guests, userRoles}) => {
} else {
const identifiers = userRoleIdentifiers();
const deleteCurrentUserRole = willUpdateCurrentUser();
Promise.all(identifiers.map(identifier => deleteUserRole(identifier)))
Promise.all(identifiers.map(identifier => deleteUserRole(identifier, guests )))
.then(() => {
setConfirmationOpen(false);
setFlash(I18n.t("userRoles.deleteFlash"));
Expand Down
26 changes: 18 additions & 8 deletions server/src/main/java/access/api/UserRoleController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,16 +152,26 @@ public ResponseEntity<Map<String, Integer>> updateUserRoleExpirationDate(@Valida
return Results.createResult();
}

@DeleteMapping("/{id}")
public ResponseEntity<Void> deleteUserRole(@PathVariable("id") Long id, @Parameter(hidden = true) User user) {
@DeleteMapping("/{id}/{isGuest}")
public ResponseEntity<Void> deleteUserRole(@PathVariable("id") Long id,
@PathVariable("isGuest") Boolean isGuest,
@Parameter(hidden = true) User user) {
LOG.debug("/deleteUserRole");
UserRole userRole = userRoleRepository.findById(id).orElseThrow(() -> new NotFoundException("UserRole not found"));
UserPermissions.assertValidInvitation(user, userRole.getAuthority(), List.of(userRole.getRole()));

provisioningService.updateGroupRequest(userRole, OperationType.Remove);
userRoleRepository.deleteUserRoleById(id);

AccessLogger.userRole(LOG, Event.Deleted, user, userRole);
UserPermissions.assertValidInvitation(user, isGuest ? Authority.GUEST : userRole.getAuthority(), List.of(userRole.getRole()));
if (userRole.isGuestRoleIncluded()) {
userRole.setGuestRoleIncluded(false);
if (!isGuest) {
userRole.setAuthority(Authority.GUEST);
}
userRoleRepository.save(userRole);
AccessLogger.userRole(LOG, Event.Updated, user, userRole);

} else {
provisioningService.updateGroupRequest(userRole, OperationType.Remove);
userRoleRepository.deleteUserRoleById(id);
AccessLogger.userRole(LOG, Event.Deleted, user, userRole);
}
return Results.deleteResult();
}

Expand Down
9 changes: 7 additions & 2 deletions server/src/test/java/access/AbstractTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ public abstract class AbstractTest {
public static final String MANAGE_SUB = "urn:collab:person:example.com:manager";
public static final String INSTITUTION_ADMIN_SUB = "urn:collab:person:example.com:institution_admin";
public static final String INVITER_SUB = "urn:collab:person:example.com:inviter";
public static final String INVITER_WIKI_SUB = "urn:collab:person:example.com:inviter_wiki_sub";
public static final String GUEST_SUB = "urn:collab:person:example.com:guest";
public static final String GRAPH_INVITATION_HASH = "graph_invitation_hash";
public static final String INSTITUTION_ADMIN_INVITATION_HASH = "institution_admin_invitation_hash";
Expand Down Expand Up @@ -557,9 +558,11 @@ public void doSeed() {
new User(false, MANAGE_SUB, MANAGE_SUB, "example.com", "Mary", "Doe", "[email protected]");
User inviter =
new User(false, INVITER_SUB, INVITER_SUB, "example.com", "Paul", "Doe", "[email protected]");
User wikiInviter =
new User(false, INVITER_WIKI_SUB, INVITER_WIKI_SUB, "example.com", "James", "Doe", "[email protected]");
User guest =
new User(false, GUEST_SUB, GUEST_SUB, "example.com", "Ann", "Doe", "[email protected]");
doSave(this.userRepository, superUser, institutionAdmin, manager, inviter, guest);
doSave(this.userRepository, superUser, institutionAdmin, manager, inviter, wikiInviter, guest);

Role wiki =
new Role("Wiki", "Wiki desc",
Expand Down Expand Up @@ -594,6 +597,8 @@ public void doSeed() {
UserRole wikiManager =
new UserRole("system", manager, wiki, Authority.MANAGER);
wikiManager.setGuestRoleIncluded(true);
UserRole wikiInviterUserRole =
new UserRole("system", wikiInviter, wiki, Authority.INVITER);
UserRole calendarInviter =
new UserRole("system", inviter, calendar, Authority.INVITER);
UserRole mailInviter =
Expand All @@ -604,7 +609,7 @@ public void doSeed() {
new UserRole("system", guest, wiki, Authority.GUEST);
UserRole researchGuest =
new UserRole("system", guest, research, Authority.GUEST);
doSave(this.userRoleRepository, wikiManager, calendarInviter, mailInviter, storageGuest, wikiGuest, researchGuest);
doSave(this.userRoleRepository, wikiManager, wikiInviterUserRole, calendarInviter, mailInviter, storageGuest, wikiGuest, researchGuest);

String message = "Please join..";
Instant roleExpiryDate = Instant.now().plus(365, ChronoUnit.DAYS);
Expand Down
6 changes: 3 additions & 3 deletions server/src/test/java/access/api/UserControllerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -309,7 +309,7 @@ void searchByApplication() throws Exception {
.get("/api/v1/users/search-by-application")
.as(new TypeRef<>() {
});
assertEquals(2, users.size());
assertEquals(3, users.size());
}

@Test
Expand All @@ -327,7 +327,7 @@ void searchAllUsersByApplication() throws Exception {
.get("/api/v1/users/search-by-application")
.as(new TypeRef<>() {
});
assertEquals(2, users.size());
assertEquals(3, users.size());
}

@Test
Expand Down Expand Up @@ -383,7 +383,7 @@ void searchOwl() throws Exception {
.get("/api/v1/users/search")
.as(new TypeRef<>() {
});
assertEquals(5, users.size());
assertEquals(6, users.size());
}

@Test
Expand Down
91 changes: 86 additions & 5 deletions server/src/test/java/access/api/UserRoleControllerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ void byRole() throws Exception {
.get("/api/v1/user_roles/roles/{roleId}")
.as(new TypeRef<>() {
});
assertEquals(2, userRoles.size());
assertEquals(3, userRoles.size());
assertNotNull(userRoles.get(0).getUserInfo().get("name"));
}

Expand Down Expand Up @@ -146,7 +146,8 @@ void deleteUserRole() throws Exception {
.accept(ContentType.JSON)
.contentType(ContentType.JSON)
.pathParams("userRoleId", guestUserRole.getId())
.delete("/api/v1/user_roles/{userRoleId}")
.pathParams("isGuest", true)
.delete("/api/v1/user_roles/{userRoleId}/{isGuest}")
.then()
.statusCode(204);

Expand All @@ -164,7 +165,8 @@ void deleteUserRoleNotFound() throws Exception {
.accept(ContentType.JSON)
.contentType(ContentType.JSON)
.pathParams("userRoleId", Integer.MAX_VALUE)
.delete("/api/v1/user_roles/{userRoleId}")
.pathParams("isGuest", false)
.delete("/api/v1/user_roles/{userRoleId}/{isGuest}")
.then()
.statusCode(404);
}
Expand All @@ -181,7 +183,8 @@ void deleteUserRoleNotAllowed() throws Exception {
.accept(ContentType.JSON)
.contentType(ContentType.JSON)
.pathParams("userRoleId", guestUserRole.getId())
.delete("/api/v1/user_roles/{userRoleId}")
.pathParams("isGuest", false)
.delete("/api/v1/user_roles/{userRoleId}/{isGuest}")
.then()
.statusCode(403);
}
Expand Down Expand Up @@ -280,7 +283,7 @@ void consequencesForDeletion() throws Exception {
.get("/api/v1/user_roles/consequences/{roleId}")
.as(new TypeRef<>() {
});
assertEquals(2, userRoles.size());
assertEquals(3, userRoles.size());
}

@Test
Expand Down Expand Up @@ -351,4 +354,82 @@ private void doUserRoleProvisioning(UserRoleProvisioning userRoleProvisioning, S
assertEquals(expectedUserRoleCount, user.getUserRoles().size());
}

@Test
void deleteUserRoleWithGuestRoleIncluded() throws Exception {
//Inviter in the same wiki role as the Manager with guestRoleIncluded. As Inviter is allowed the guest part
AccessCookieFilter accessCookieFilter = openIDConnectFlow("/api/v1/users/login", INVITER_WIKI_SUB);

List<UserRole> userRoles = userRoleRepository.findByRoleName("Wiki");
// Manager role which is also guest included
UserRole managerUserRole = userRoles.stream()
.filter(userRole -> userRole.isGuestRoleIncluded() && userRole.getAuthority().equals(Authority.MANAGER))
.findFirst().get();

given()
.when()
.filter(accessCookieFilter.cookieFilter())
.header(accessCookieFilter.csrfToken().getHeaderName(), accessCookieFilter.csrfToken().getToken())
.accept(ContentType.JSON)
.contentType(ContentType.JSON)
.pathParams("userRoleId", managerUserRole.getId())
.pathParams("isGuest", true)
.delete("/api/v1/user_roles/{userRoleId}/{isGuest}")
.then()
.statusCode(204);

UserRole updatedUserRole = userRoleRepository.findById(managerUserRole.getId()).get();
assertFalse(updatedUserRole.isGuestRoleIncluded());
assertEquals(Authority.MANAGER, updatedUserRole.getAuthority());
}

@Test
void deleteUserRoleWithGuestRoleIncludedNotAllowed() throws Exception {
AccessCookieFilter accessCookieFilter = openIDConnectFlow("/api/v1/users/login", INVITER_SUB);

List<UserRole> userRoles = userRoleRepository.findByRoleName("Wiki");
// Manager role which is also guest included
UserRole managerUserRole = userRoles.stream()
.filter(userRole -> userRole.isGuestRoleIncluded() && userRole.getAuthority().equals(Authority.MANAGER))
.findFirst().get();

given()
.when()
.filter(accessCookieFilter.cookieFilter())
.header(accessCookieFilter.csrfToken().getHeaderName(), accessCookieFilter.csrfToken().getToken())
.accept(ContentType.JSON)
.contentType(ContentType.JSON)
.pathParams("userRoleId", managerUserRole.getId())
.pathParams("isGuest", false)
.delete("/api/v1/user_roles/{userRoleId}/{isGuest}")
.then()
.statusCode(403);
}

@Test
void demoteUserRoleWithGuestRoleIncluded() throws Exception {
AccessCookieFilter accessCookieFilter = openIDConnectFlow("/api/v1/users/login", SUPER_SUB);

List<UserRole> userRoles = userRoleRepository.findByRoleName("Wiki");
// Manager role which is also guest included
UserRole managerUserRole = userRoles.stream()
.filter(userRole -> userRole.isGuestRoleIncluded() && userRole.getAuthority().equals(Authority.MANAGER))
.findFirst().get();

given()
.when()
.filter(accessCookieFilter.cookieFilter())
.header(accessCookieFilter.csrfToken().getHeaderName(), accessCookieFilter.csrfToken().getToken())
.accept(ContentType.JSON)
.contentType(ContentType.JSON)
.pathParams("userRoleId", managerUserRole.getId())
.pathParams("isGuest", false)
.delete("/api/v1/user_roles/{userRoleId}/{isGuest}")
.then()
.statusCode(204);

UserRole updatedUserRole = userRoleRepository.findById(managerUserRole.getId()).get();
assertFalse(updatedUserRole.isGuestRoleIncluded());
assertEquals(Authority.GUEST, updatedUserRole.getAuthority());
}

}

0 comments on commit 3ad9587

Please sign in to comment.