Skip to content

Commit

Permalink
Spsh 732: Person erstellen mit Rollenzuweisung zu einem Request bünde…
Browse files Browse the repository at this point in the history
…ln (#542)

* SPSH-658: Umbau des Personenkontextes nach DDD Richtlinien

* Create personenkontext factory and validity checks

* SPSH-658: Erste Iteration für die Filterung be der Rollenabfrage des eingeloggten Admins.

* Fix dependencies

* SPSH-658: Undone the first implementation for filtering roles, implemented the first draft for checking roles assignment.

* More permission checks

* SPSH-658: Extra Prüfung für die Systemrechte bei der Anlage eines Personenkontextes.

* SPSH-658: Tests wegen Dependencies & setups fixen.

* SPSH-658: Fixed Lint Warnungen

* SPSH-658: Fixed more tests

* SPSH-658: Fixed more tests

* SPSH-658: Fixed integration tests für den Personenkontext-Controller

* Move logic to permissions

* Fix tests

* Fix more tests

* Fix remaining non-api-tests

* Allow logged in user to see all personenkontexte of another user if authorized

* Fix more tests

* Fix all tests

* Merge remote-tracking branch 'origin/main' into spsh-606

* More code coverage

* SPSH-658: Unittests für den Personenkontext Aggregate, neue Error Klassen & OrganisationRepository, & Integrationtests für dbiam-personenkontext.repo

* Fix tests

* SPSH-658: Fixed unittests wegen merge conflicts

* Add Repo to person module

* fix imports

* Mock keycloak in integration test

* Cover createAuthorized in tests

* Fix personenkontext.uc tests

* SPSH-658: Specification for landes-admin implemented and extra check for the creation of personenkontext.

* Fix personenkontext tests

* Fix tests

* SPSH-658: Changed the logic for the extra check for the permission of the current admin by the creation of the personenkontext. Refactored the OrganisationMatchesRollenart from the personenkontext-anlage in an helper class.

* SPSH-658: Fixed lint issues

* SPSH-658: Refactored the Personenkontext aggregate and changed the exception type for the check for the OrganisationMatchesRollenart

* Fix repo tests

* SPSH-658: Fixed tests for Personenkontext

* Add error to mapper

* Cover dbiam-personenkontext.repo

* Cover organisation-repository

* Fix dbiam-personenkontext-controller coverage

* Remove unused code

* SPSH-658: Corrected the unit tests for personenkontext

* Fix tests

* SPSH-658: Implemented unit-tests for the organisation-matches-rollenart

* Revert test timeout

* Fix OutOfMemory

* SPSH-606: Added a partial Personenkontext for the tests in order to fix the memory issue.

* SPSH-731: Implemented the restriction of roles that can be viewed for the creation of personenkontext, and made the parameter rollenName for the endpoint /GET/api/personenkontext/rollen optional

* SPSH-658: PR Review

* Rename createAuthorized

* SPSH-606: Fixed tests due to the error resulting from the sequence of setup data

* SPSH-731: Implemented integration tests for the DbiamPersonenkontextFilterController

* SPSH-731: Implemented unit tests for the PersonenkontextAnlage

* SPSH-732: Implemented a new endpoint that checks the validity of personenkontext before saving the person and the personenkontext.

* SPSH-732: Undid the extra method for checkReferences in Personenkontext

* SPSH-732: Refactored error codes for FE.

* SPSH-732: Updated the payload for the request POST api/dbiam/personen

* SPSH-732: Implemented unit tests

* SPSH-732: Fixed lint

* SPSH-732: Fixed dependency issue for the dbiam person controller

* SPSH-732: Implemented the integration tests

* SPSH-732: Fixed tests for Keycloak

* SPSH-732: Added more unit tests and removed unused specifications

* SPSH-732: Fixed KC issues for the integration tests

* SPSH-732: Fixed the KC issue for the integration tests

* SPSH-732: PR review

* Fix Compliation Errors

* Fix Migration

---------

Co-authored-by: Marvin Rode <[email protected]>
Co-authored-by: Marvin Rode (Cap) <[email protected]>
Co-authored-by: Youssef Bouchara <[email protected]>
Co-authored-by: Caspar Neumann <[email protected]>
  • Loading branch information
5 people authored Jun 20, 2024
1 parent c4150b8 commit 478c5bf
Show file tree
Hide file tree
Showing 13 changed files with 3,230 additions and 305 deletions.
2,671 changes: 2,382 additions & 289 deletions migrations/.snapshot-dbildungs-iam-server.json

Large diffs are not rendered by default.

146 changes: 146 additions & 0 deletions migrations/Migration20240620082431.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,146 @@
/* eslint-disable @typescript-eslint/require-await */
/* eslint-disable @typescript-eslint/explicit-member-accessibility */
import { Migration } from '@mikro-orm/migrations';

export class Migration20240620082431 extends Migration {

async up(): Promise<void> {
this.addSql('create type "db_seed_status_enum" as enum (\'STARTED\', \'DONE\', \'FAILED\');');
this.addSql('create type "referenced_entity_type_enum" as enum (\'PERSON\', \'ORGANISATION\', \'ROLLE\', \'SERVICE_PROVIDER\');');
this.addSql('create type "organisations_typ_enum" as enum (\'ROOT\', \'LAND\', \'TRAEGER\', \'SCHULE\', \'KLASSE\', \'ANBIETER\', \'SONSTIGE ORGANISATION / EINRICHTUNG\', \'UNBESTAETIGT\');');
this.addSql('create type "traegerschaft_enum" as enum (\'01\', \'02\', \'03\', \'04\', \'05\', \'06\');');
this.addSql('create type "geschlecht_enum" as enum (\'m\', \'w\', \'d\', \'x\');');
this.addSql('create type "vertrauensstufe_enum" as enum (\'KEIN\', \'UNBE\', \'TEIL\', \'VOLL\');');
this.addSql('create type "rollen_art_enum" as enum (\'LERN\', \'LEHR\', \'EXTERN\', \'ORGADMIN\', \'LEIT\', \'SYSADMIN\');');
this.addSql('create type "personenstatus_enum" as enum (\'AKTIV\');');
this.addSql('create type "jahrgangsstufe_enum" as enum (\'01\', \'02\', \'03\', \'04\', \'05\', \'06\', \'07\', \'08\', \'09\', \'10\');');
this.addSql('create type "rollen_merkmal_enum" as enum (\'BEFRISTUNG_PFLICHT\', \'KOPERS_PFLICHT\');');
this.addSql('create type "rollen_system_recht_enum" as enum (\'ROLLEN_VERWALTEN\', \'PERSONEN_SOFORT_LOESCHEN\', \'PERSONEN_VERWALTEN\', \'SCHULEN_VERWALTEN\', \'KLASSEN_VERWALTEN\', \'SCHULTRAEGER_VERWALTEN\', \'MIGRATION_DURCHFUEHREN\');');
this.addSql('create type "service_provider_target_enum" as enum (\'URL\', \'SCHULPORTAL_ADMINISTRATION\');');
this.addSql('create type "service_provider_kategorie_enum" as enum (\'EMAIL\', \'UNTERRICHT\', \'VERWALTUNG\', \'HINWEISE\', \'ANGEBOTE\');');
this.addSql('drop table if exists "fake" cascade;');

this.addSql('alter table "seeding" drop constraint if exists "seeding_status_check";');

this.addSql('alter table "seeding_reference" drop constraint if exists "seeding_reference_referenced_entity_type_check";');

this.addSql('alter table "organisation" drop constraint if exists "organisation_typ_check";');
this.addSql('alter table "organisation" drop constraint if exists "organisation_traegerschaft_check";');

this.addSql('alter table "person" drop constraint if exists "person_geschlecht_check";');
this.addSql('alter table "person" drop constraint if exists "person_vertrauensstufe_check";');

this.addSql('alter table "rolle" drop constraint if exists "rolle_rollenart_check";');

this.addSql('alter table "personenkontext" drop constraint if exists "personenkontext_personenstatus_check";');
this.addSql('alter table "personenkontext" drop constraint if exists "personenkontext_jahrgangsstufe_check";');

this.addSql('alter table "personenkontext" drop constraint "personenkontext_person_id_id_foreign";');

this.addSql('alter table "rolle_merkmal" drop constraint if exists "rolle_merkmal_merkmal_check";');

this.addSql('alter table "rolle_systemrecht" drop constraint if exists "rolle_systemrecht_systemrecht_check";');

this.addSql('alter table "service_provider" drop constraint if exists "service_provider_target_check";');
this.addSql('alter table "service_provider" drop constraint if exists "service_provider_kategorie_check";');

this.addSql('alter table "seeding" alter column "status" type "db_seed_status_enum" using ("status"::"db_seed_status_enum");');

this.addSql('alter table "seeding_reference" alter column "referenced_entity_type" type "referenced_entity_type_enum" using ("referenced_entity_type"::"referenced_entity_type_enum");');

this.addSql('alter table "organisation" alter column "typ" type "organisations_typ_enum" using ("typ"::"organisations_typ_enum");');
this.addSql('alter table "organisation" alter column "traegerschaft" type "traegerschaft_enum" using ("traegerschaft"::"traegerschaft_enum");');

this.addSql('alter table "person" alter column "geschlecht" type "geschlecht_enum" using ("geschlecht"::"geschlecht_enum");');
this.addSql('alter table "person" alter column "vertrauensstufe" type "vertrauensstufe_enum" using ("vertrauensstufe"::"vertrauensstufe_enum");');

this.addSql('alter table "rolle" alter column "rollenart" type "rollen_art_enum" using ("rollenart"::"rollen_art_enum");');

this.addSql('alter table "personenkontext" drop constraint "personenkontext_person_id_id_organisation_id_rolle_id_unique";');

this.addSql('alter table "personenkontext" alter column "rolle_id" drop default;');
this.addSql('alter table "personenkontext" alter column "rolle_id" type uuid using ("rolle_id"::text::uuid);');
this.addSql('alter table "personenkontext" alter column "rolle_id" set not null;');
this.addSql('alter table "personenkontext" alter column "personenstatus" type "personenstatus_enum" using ("personenstatus"::"personenstatus_enum");');
this.addSql('alter table "personenkontext" alter column "jahrgangsstufe" type "jahrgangsstufe_enum" using ("jahrgangsstufe"::"jahrgangsstufe_enum");');
this.addSql('alter table "personenkontext" rename column "person_id_id" to "person_id";');
this.addSql('alter table "personenkontext" add constraint "personenkontext_person_id_foreign" foreign key ("person_id") references "person" ("id") on delete cascade;');
this.addSql('alter table "personenkontext" add constraint "personenkontext_rolle_id_foreign" foreign key ("rolle_id") references "rolle" ("id") on update cascade;');
this.addSql('alter table "personenkontext" add constraint "personenkontext_person_id_organisation_id_rolle_id_unique" unique ("person_id", "organisation_id", "rolle_id");');

this.addSql('alter table "rolle_merkmal" alter column "merkmal" type "rollen_merkmal_enum" using ("merkmal"::"rollen_merkmal_enum");');

this.addSql('alter table "rolle_systemrecht" alter column "systemrecht" type "rollen_system_recht_enum" using ("systemrecht"::"rollen_system_recht_enum");');

this.addSql('alter table "service_provider" add column "keycloak_group" varchar(255) null, add column "keycloak_role" varchar(255) null;');
this.addSql('alter table "service_provider" alter column "target" type "service_provider_target_enum" using ("target"::"service_provider_target_enum");');
this.addSql('alter table "service_provider" alter column "kategorie" type "service_provider_kategorie_enum" using ("kategorie"::"service_provider_kategorie_enum");');
}

override async down(): Promise<void> {
this.addSql('create table "fake" ("id" uuid not null, "created_at" timestamptz not null, "updated_at" timestamptz not null, "source" uuid not null, "target" uuid not null, constraint "fake_pkey" primary key ("id"));');

this.addSql('alter table "personenkontext" drop constraint "personenkontext_person_id_foreign";');
this.addSql('alter table "personenkontext" drop constraint "personenkontext_rolle_id_foreign";');

this.addSql('alter table "seeding" alter column "status" type text using ("status"::text);');
this.addSql('alter table "seeding" add constraint "seeding_status_check" check("status" in (\'STARTED\', \'DONE\', \'FAILED\'));');

this.addSql('alter table "seeding_reference" alter column "referenced_entity_type" type text using ("referenced_entity_type"::text);');
this.addSql('alter table "seeding_reference" add constraint "seeding_reference_referenced_entity_type_check" check("referenced_entity_type" in (\'PERSON\', \'ORGANISATION\', \'ROLLE\', \'SERVICE_PROVIDER\'));');

this.addSql('alter table "organisation" alter column "typ" type text using ("typ"::text);');
this.addSql('alter table "organisation" alter column "traegerschaft" type text using ("traegerschaft"::text);');
this.addSql('alter table "organisation" add constraint "organisation_typ_check" check("typ" in (\'ROOT\', \'LAND\', \'TRAEGER\', \'SCHULE\', \'KLASSE\', \'ANBIETER\', \'SONSTIGE ORGANISATION / EINRICHTUNG\', \'UNBESTAETIGT\'));');
this.addSql('alter table "organisation" add constraint "organisation_traegerschaft_check" check("traegerschaft" in (\'01\', \'02\', \'03\', \'04\', \'05\', \'06\'));');

this.addSql('alter table "person" alter column "geschlecht" type text using ("geschlecht"::text);');
this.addSql('alter table "person" alter column "vertrauensstufe" type text using ("vertrauensstufe"::text);');
this.addSql('alter table "person" add constraint "person_geschlecht_check" check("geschlecht" in (\'m\', \'w\', \'d\', \'x\'));');
this.addSql('alter table "person" add constraint "person_vertrauensstufe_check" check("vertrauensstufe" in (\'KEIN\', \'UNBE\', \'TEIL\', \'VOLL\'));');

this.addSql('alter table "personenkontext" drop constraint "personenkontext_person_id_organisation_id_rolle_id_unique";');

this.addSql('alter table "personenkontext" alter column "rolle_id" drop default;');
this.addSql('alter table "personenkontext" alter column "rolle_id" type uuid using ("rolle_id"::text::uuid);');
this.addSql('alter table "personenkontext" alter column "rolle_id" drop not null;');
this.addSql('alter table "personenkontext" alter column "personenstatus" type text using ("personenstatus"::text);');
this.addSql('alter table "personenkontext" alter column "jahrgangsstufe" type text using ("jahrgangsstufe"::text);');
this.addSql('alter table "personenkontext" add constraint "personenkontext_personenstatus_check" check("personenstatus" in (\'AKTIV\'));');
this.addSql('alter table "personenkontext" add constraint "personenkontext_jahrgangsstufe_check" check("jahrgangsstufe" in (\'01\', \'02\', \'03\', \'04\', \'05\', \'06\', \'07\', \'08\', \'09\', \'10\'));');
this.addSql('alter table "personenkontext" rename column "person_id" to "person_id_id";');
this.addSql('alter table "personenkontext" add constraint "personenkontext_person_id_id_foreign" foreign key ("person_id_id") references "person" ("id");');
this.addSql('alter table "personenkontext" add constraint "personenkontext_person_id_id_organisation_id_rolle_id_unique" unique ("person_id_id", "organisation_id", "rolle_id");');

this.addSql('alter table "rolle" alter column "rollenart" type text using ("rollenart"::text);');
this.addSql('alter table "rolle" add constraint "rolle_rollenart_check" check("rollenart" in (\'LERN\', \'LEHR\', \'EXTERN\', \'ORGADMIN\', \'LEIT\', \'SYSADMIN\'));');

this.addSql('alter table "rolle_merkmal" alter column "merkmal" type text using ("merkmal"::text);');
this.addSql('alter table "rolle_merkmal" add constraint "rolle_merkmal_merkmal_check" check("merkmal" in (\'BEFRISTUNG_PFLICHT\', \'KOPERS_PFLICHT\'));');

this.addSql('alter table "rolle_systemrecht" alter column "systemrecht" type text using ("systemrecht"::text);');
this.addSql('alter table "rolle_systemrecht" add constraint "rolle_systemrecht_systemrecht_check" check("systemrecht" in (\'ROLLEN_VERWALTEN\', \'PERSONEN_VERWALTEN\', \'SCHULEN_VERWALTEN\', \'KLASSEN_VERWALTEN\', \'SCHULTRAEGER_VERWALTEN\'));');

this.addSql('alter table "service_provider" drop column "keycloak_group", drop column "keycloak_role";');

this.addSql('alter table "service_provider" alter column "target" type text using ("target"::text);');
this.addSql('alter table "service_provider" alter column "kategorie" type text using ("kategorie"::text);');
this.addSql('alter table "service_provider" add constraint "service_provider_target_check" check("target" in (\'URL\', \'SCHULPORTAL_ADMINISTRATION\'));');
this.addSql('alter table "service_provider" add constraint "service_provider_kategorie_check" check("kategorie" in (\'EMAIL\', \'UNTERRICHT\', \'VERWALTUNG\', \'HINWEISE\', \'ANGEBOTE\'));');

this.addSql('drop type "db_seed_status_enum";');
this.addSql('drop type "referenced_entity_type_enum";');
this.addSql('drop type "organisations_typ_enum";');
this.addSql('drop type "traegerschaft_enum";');
this.addSql('drop type "geschlecht_enum";');
this.addSql('drop type "vertrauensstufe_enum";');
this.addSql('drop type "rollen_art_enum";');
this.addSql('drop type "personenstatus_enum";');
this.addSql('drop type "jahrgangsstufe_enum";');
this.addSql('drop type "rollen_merkmal_enum";');
this.addSql('drop type "rollen_system_recht_enum";');
this.addSql('drop type "service_provider_target_enum";');
this.addSql('drop type "service_provider_kategorie_enum";');
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,10 @@ import { KeycloakAdministrationModule } from './keycloak-administration.module.j
import { UserMapperProfile } from './domain/keycloak-client/user.mapper.profile.js';
import { KeycloakAdminClient } from '@s3pweb/keycloak-admin-client-cjs';
import { KeycloakAdministrationService } from './domain/keycloak-admin-client.service.js';
import { PersonService } from '../person/domain/person.service.js';
import { PersonRepo } from '../person/persistence/person.repo.js';
import { PersonenkontextFactory } from '../personenkontext/domain/personenkontext.factory.js';
import { RolleModule } from '../rolle/rolle.module.js';
import { PersonModule } from '../person/person.module.js';
import { OrganisationRepository } from '../organisation/persistence/organisation.repository.js';

describe('KeycloakAdministrationModule', () => {
let module: TestingModule;
Expand All @@ -24,8 +26,10 @@ describe('KeycloakAdministrationModule', () => {
KeycloakAdministrationModule,
DatabaseTestModule.forRoot(),
KeycloakConfigTestModule.forRoot(),
RolleModule,
PersonModule,
],
providers: [PersonService, PersonRepo],
providers: [PersonenkontextFactory, OrganisationRepository],
}).compile();
});

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
import { ApiProperty } from '@nestjs/swagger';
import { IsNotEmpty, IsString, MinLength } from 'class-validator';
import { OrganisationID, RolleID } from '../../../shared/types/aggregate-ids.types.js';
import { IsDIN91379A } from '../../../shared/util/din-91379-validation.js';

export class DbiamCreatePersonWithContextBodyParams {
@IsDIN91379A()
@IsNotEmpty()
@MinLength(2)
@ApiProperty({ required: true })
public readonly familienname!: string;

@IsDIN91379A()
@IsNotEmpty()
@MinLength(2)
@ApiProperty({ required: true })
public readonly vorname!: string;

@IsString()
@IsNotEmpty()
@ApiProperty({ type: String })
public readonly organisationId!: OrganisationID;

@IsString()
@IsNotEmpty()
@ApiProperty({ type: String })
public readonly rolleId!: RolleID;
}
Loading

0 comments on commit 478c5bf

Please sign in to comment.