Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

N21-1298 tool context restrictions #4579

Merged
merged 38 commits into from
Dec 1, 2023
Merged
Show file tree
Hide file tree
Changes from 18 commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
bc0c5cd
get tools/context-types
IgorCapCoder Nov 22, 2023
2eabe71
get tools/context-types unit tests
IgorCapCoder Nov 22, 2023
8e52e0c
extend external tool data model by restrictToContexts
IgorCapCoder Nov 22, 2023
9b1b4e9
fix dependency cycle WIP
IgorCapCoder Nov 22, 2023
59c9e22
fix dependency cycle
IgorCapCoder Nov 22, 2023
481ebbb
fix swagger and nuxt types
IgorCapCoder Nov 23, 2023
69ed45e
add attribute to repo mapper
MBergCap Nov 23, 2023
435f9b2
available tools filter for contexts
IgorCapCoder Nov 24, 2023
54d703c
Merge remote-tracking branch 'origin/N21-1298-tool-context-restrictio…
IgorCapCoder Nov 24, 2023
134390f
create context external tool validation for restricted contexts
IgorCapCoder Nov 24, 2023
3087a57
Merge branch 'main' into N21-1298-tool-context-restrictions
IgorCapCoder Nov 24, 2023
6db51dc
fix imports
IgorCapCoder Nov 24, 2023
0f87ba5
Merge branch 'main' into N21-1298-tool-context-restrictions
IgorCapCoder Nov 27, 2023
12d782d
Merge branch 'main' into N21-1298-tool-context-restrictions
IgorCapCoder Nov 27, 2023
ac819af
Merge remote-tracking branch 'origin/N21-1298-tool-context-restrictio…
IgorCapCoder Nov 27, 2023
25745b1
fix dependency cycle
IgorCapCoder Nov 27, 2023
7df6b85
fix dependency unit tests
IgorCapCoder Nov 27, 2023
fbcd329
coverage up
IgorCapCoder Nov 27, 2023
f746e86
requested changes WIP
IgorCapCoder Nov 28, 2023
9b3a441
Merge branch 'main' into N21-1298-tool-context-restrictions
IgorCapCoder Nov 29, 2023
3db5438
requested changes WIP 2
IgorCapCoder Nov 29, 2023
7c2e9cc
Merge branch 'main' into N21-1298-tool-context-restrictions
IgorCapCoder Nov 29, 2023
9550665
requested changes
IgorCapCoder Nov 29, 2023
04fa2c7
fix tests and imports
IgorCapCoder Nov 30, 2023
af6dfc2
Merge branch 'main' into N21-1298-tool-context-restrictions
IgorCapCoder Nov 30, 2023
cbec08c
Merge branch 'main' into N21-1298-tool-context-restrictions
IgorCapCoder Nov 30, 2023
8282351
add seed data
MBergCap Nov 30, 2023
4b3b9e1
Merge remote-tracking branch 'origin/N21-1298-tool-context-restrictio…
MBergCap Nov 30, 2023
8a9aa35
remove logo
MBergCap Nov 30, 2023
2f2601b
change seed data
MBergCap Dec 1, 2023
3847fbb
Merge branch 'main' into N21-1298-tool-context-restrictions
IgorCapCoder Dec 1, 2023
3ad8e7e
requested changes
IgorCapCoder Dec 1, 2023
18d3f8a
delete loggable constructor tests
IgorCapCoder Dec 1, 2023
c7885a6
change seed data
MBergCap Dec 1, 2023
c30906e
Merge remote-tracking branch 'origin/N21-1298-tool-context-restrictio…
MBergCap Dec 1, 2023
78c0af5
add unauthorized test
IgorCapCoder Dec 1, 2023
9b1af1d
Merge branch 'main' into N21-1298-tool-context-restrictions
IgorCapCoder Dec 1, 2023
b2cff53
Merge branch 'main' into N21-1298-tool-context-restrictions
IgorCapCoder Dec 1, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import { BoardDoAuthorizableService, ContentElementService } from '@modules/boar
import { CourseService } from '@modules/learnroom';
import { LegacySchoolService } from '@modules/legacy-school';
import { forwardRef, Inject, Injectable } from '@nestjs/common';
import { BoardDoAuthorizable, Course, EntityId, LegacySchoolDo, User } from '@shared/domain';
import { BoardDoAuthorizable, Course, EntityId, LegacySchoolDo, Permission, User } from '@shared/domain';
import { ContextExternalTool } from '../../context-external-tool/domain';
import { SchoolExternalTool } from '../../school-external-tool/domain';
import { ToolContextType } from '../enum';
Expand Down Expand Up @@ -61,4 +61,9 @@ export class ToolPermissionHelper {

this.authorizationService.checkPermission(user, school, context);
}

public async ensurePermission(userId: EntityId, permission: Permission) {
IgorCapCoder marked this conversation as resolved.
Show resolved Hide resolved
const user: User = await this.authorizationService.getUserWithPermissions(userId);
this.authorizationService.checkAllPermissions(user, [permission]);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -247,4 +247,24 @@ describe('ToolPermissionHelper', () => {
});
});
});

describe('ensurePermission', () => {
describe('when it is called', () => {
const setup = () => {
const user = userFactory.buildWithId();

authorizationService.getUserWithPermissions.mockResolvedValueOnce(user);

return {
user,
};
};

it('should check permissions', async () => {
const { user } = setup();

await helper.ensurePermission(user.id, Permission.TOOL_ADMIN);
});
});
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ describe('ToolContextController (API)', () => {
isOptional: true,
}),
],
restrictToContexts: [ToolContextType.COURSE],
version: 1,
});
const schoolExternalToolEntity: SchoolExternalToolEntity = schoolExternalToolEntityFactory.buildWithId({
Expand Down Expand Up @@ -173,6 +174,115 @@ describe('ToolContextController (API)', () => {
// expected body is missed
});
});

describe('when external tool has no restrictions ', () => {
const setup = async () => {
const school: SchoolEntity = schoolFactory.buildWithId();
const { teacherAccount, teacherUser } = UserAndAccountTestFactory.buildTeacher({ school }, [
Permission.CONTEXT_TOOL_ADMIN,
]);

const course: Course = courseFactory.buildWithId({ teachers: [teacherUser], school });

const externalToolEntity: ExternalToolEntity = externalToolEntityFactory.buildWithId({
parameters: [],
restrictToContexts: [],
version: 1,
});
const schoolExternalToolEntity: SchoolExternalToolEntity = schoolExternalToolEntityFactory.buildWithId({
tool: externalToolEntity,
school,
schoolParameters: [],
toolVersion: 1,
});

const postParams: ContextExternalToolPostParams = {
schoolToolId: schoolExternalToolEntity.id,
contextId: course.id,
displayName: course.name,
contextType: ToolContextType.COURSE,
parameters: [],
toolVersion: 1,
};

await em.persistAndFlush([teacherUser, teacherAccount, course, school, schoolExternalToolEntity]);
em.clear();

const loggedInClient: TestApiClient = await testApiClient.login(teacherAccount);

return {
loggedInClient,
postParams,
};
};

it('should create tool', async () => {
const { postParams, loggedInClient } = await setup();

const response = await loggedInClient.post().send(postParams);

expect(response.statusCode).toEqual(HttpStatus.CREATED);
expect(response.body).toEqual<ContextExternalToolResponse>({
id: expect.any(String),
schoolToolId: postParams.schoolToolId,
contextId: postParams.contextId,
displayName: postParams.displayName,
contextType: postParams.contextType,
parameters: [],
toolVersion: postParams.toolVersion,
});
});
});

describe('when external tool restricts to wrong context ', () => {
const setup = async () => {
const school: SchoolEntity = schoolFactory.buildWithId();
const { teacherAccount, teacherUser } = UserAndAccountTestFactory.buildTeacher({ school }, [
Permission.CONTEXT_TOOL_ADMIN,
]);

const course: Course = courseFactory.buildWithId({ teachers: [teacherUser], school });

const externalToolEntity: ExternalToolEntity = externalToolEntityFactory.buildWithId({
parameters: [],
restrictToContexts: [ToolContextType.BOARD_ELEMENT],
version: 1,
});
const schoolExternalToolEntity: SchoolExternalToolEntity = schoolExternalToolEntityFactory.buildWithId({
tool: externalToolEntity,
school,
schoolParameters: [],
toolVersion: 1,
});

const postParams: ContextExternalToolPostParams = {
schoolToolId: schoolExternalToolEntity.id,
contextId: course.id,
displayName: course.name,
contextType: ToolContextType.COURSE,
parameters: [],
toolVersion: 1,
};

await em.persistAndFlush([teacherUser, teacherAccount, course, school, schoolExternalToolEntity]);
em.clear();

const loggedInClient: TestApiClient = await testApiClient.login(teacherAccount);

return {
loggedInClient,
postParams,
};
};

it('should return forbidden', async () => {
IgorCapCoder marked this conversation as resolved.
Show resolved Hide resolved
const { postParams, loggedInClient } = await setup();

const response = await loggedInClient.post().send(postParams);

expect(response.statusCode).toEqual(HttpStatus.FORBIDDEN);
});
});
});

describe('[DELETE] tools/context-external-tools/:contextExternalToolId', () => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@ import {
} from '@shared/testing';
import { ServerTestModule } from '@modules/server';
import { Response } from 'supertest';
import { ToolContextType } from '../../../common/enum';
import {
CustomParameterLocation,
CustomParameterScope,
CustomParameterType,
ToolContextType,
} from '../../../common/enum';
import { ExternalToolEntity } from '../../../external-tool/entity';
import { SchoolExternalToolEntity } from '../../../school-external-tool/entity';
import { ContextExternalToolEntity, ContextExternalToolType } from '../../entity';
Expand Down Expand Up @@ -114,6 +119,24 @@ describe('ToolReferenceController (API)', () => {
const course: Course = courseFactory.buildWithId({ school, teachers: [adminUser] });
const externalToolEntity: ExternalToolEntity = externalToolEntityFactory.buildWithId({
logoBase64: 'logoBase64',
parameters: [
IgorCapCoder marked this conversation as resolved.
Show resolved Hide resolved
{
name: 'schoolMockParameter',
displayName: 'MockParameter',
scope: CustomParameterScope.SCHOOL,
type: CustomParameterType.STRING,
location: CustomParameterLocation.PATH,
isOptional: false,
},
{
name: 'contextMockParameter',
displayName: 'MockParameter',
scope: CustomParameterScope.CONTEXT,
type: CustomParameterType.STRING,
location: CustomParameterLocation.PATH,
isOptional: false,
},
],
});
const schoolExternalToolEntity: SchoolExternalToolEntity = schoolExternalToolEntityFactory.buildWithId({
school,
Expand Down Expand Up @@ -233,6 +256,24 @@ describe('ToolReferenceController (API)', () => {
const course: Course = courseFactory.buildWithId({ school, teachers: [adminUser] });
const externalToolEntity: ExternalToolEntity = externalToolEntityFactory.buildWithId({
logoBase64: 'logoBase64',
parameters: [
{
name: 'schoolMockParameter',
displayName: 'MockParameter',
scope: CustomParameterScope.SCHOOL,
type: CustomParameterType.STRING,
location: CustomParameterLocation.PATH,
isOptional: false,
},
{
name: 'contextMockParameter',
displayName: 'MockParameter',
scope: CustomParameterScope.CONTEXT,
type: CustomParameterType.STRING,
location: CustomParameterLocation.PATH,
isOptional: false,
},
],
});
const schoolExternalToolEntity: SchoolExternalToolEntity = schoolExternalToolEntityFactory.buildWithId({
school,
Expand Down
Loading
Loading