From 63745fbe31c9b9182cce5a284dada7adc458f23f Mon Sep 17 00:00:00 2001 From: Juho Haapakoski Date: Thu, 17 Oct 2024 14:49:01 +0300 Subject: [PATCH 1/2] AE-2282: Run the destruction in the background --- .../src/main/clj/solita/etp/api/energiatodistus.clj | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/etp-core/etp-backend/src/main/clj/solita/etp/api/energiatodistus.clj b/etp-core/etp-backend/src/main/clj/solita/etp/api/energiatodistus.clj index 30f65e897..4157d0cd8 100644 --- a/etp-core/etp-backend/src/main/clj/solita/etp/api/energiatodistus.clj +++ b/etp-core/etp-backend/src/main/clj/solita/etp/api/energiatodistus.clj @@ -18,6 +18,7 @@ [solita.etp.schema.valvonta-oikeellisuus :as valvonta-schema] [solita.etp.schema.viesti :as viesti-schema] [solita.etp.security :as security] + [solita.etp.service.concurrent :as concurrent] [solita.etp.service.energiatodistus :as energiatodistus-service] [solita.etp.service.energiatodistus-destruction :as energiatodistus-destruction-service] [solita.etp.service.energiatodistus-csv :as energiatodistus-csv-service] @@ -269,5 +270,9 @@ [security/wrap-whoami-for-internal-expiration-api]] :responses {200 {:body nil}} :handler (fn [{:keys [db aws-s3-client]}] - (r/response (energiatodistus-destruction-service/destroy-expired-energiatodistukset! - db aws-s3-client)))}}]]]) + (r/response + (concurrent/run-background + (energiatodistus-destruction-service/destroy-expired-energiatodistukset! + db + aws-s3-client) + "Expired energiatodistukset destruction failed")))}}]]]) From 7935b760da8ad98719fc81e6f27b194a473f9305 Mon Sep 17 00:00:00 2001 From: Juho Haapakoski Date: Thu, 17 Oct 2024 20:26:08 +0300 Subject: [PATCH 2/2] AE-2282: Add whoami check in the execution of energiatodistus destruction --- .../clj/solita/etp/api/energiatodistus.clj | 9 +++++---- .../service/energiatodistus_destruction.clj | 8 +++++++- .../energiatodistus_destruction_test.clj | 19 +++++++++++-------- 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/etp-core/etp-backend/src/main/clj/solita/etp/api/energiatodistus.clj b/etp-core/etp-backend/src/main/clj/solita/etp/api/energiatodistus.clj index 4157d0cd8..1649f1ccb 100644 --- a/etp-core/etp-backend/src/main/clj/solita/etp/api/energiatodistus.clj +++ b/etp-core/etp-backend/src/main/clj/solita/etp/api/energiatodistus.clj @@ -264,15 +264,16 @@ (def internal-routes [["/energiatodistukset" ["/anonymize-and-delete-expired" - {:post {:summary "Anonymisoi vanhentuneet energiatodistukset ja poistaa niihin linkittyvät dokumentit." + {:post {:summary "Anonymisoi vanhentuneet energiatodistukset ja poistaa niihin linkittyvät tiedot ja dokumentit." :middleware [[security/wrap-db-application-name (kayttaja-service/system-kayttaja :expiration)] [security/wrap-whoami-for-internal-expiration-api]] :responses {200 {:body nil}} - :handler (fn [{:keys [db aws-s3-client]}] + :handler (fn [{:keys [db aws-s3-client whoami]}] (r/response (concurrent/run-background - (energiatodistus-destruction-service/destroy-expired-energiatodistukset! + #(energiatodistus-destruction-service/destroy-expired-energiatodistukset! db - aws-s3-client) + aws-s3-client + whoami) "Expired energiatodistukset destruction failed")))}}]]]) diff --git a/etp-core/etp-backend/src/main/clj/solita/etp/service/energiatodistus_destruction.clj b/etp-core/etp-backend/src/main/clj/solita/etp/service/energiatodistus_destruction.clj index e372f8ffd..e90754402 100644 --- a/etp-core/etp-backend/src/main/clj/solita/etp/service/energiatodistus_destruction.clj +++ b/etp-core/etp-backend/src/main/clj/solita/etp/service/energiatodistus_destruction.clj @@ -4,8 +4,11 @@ (:require [clojure.java.jdbc :as jdbc] [clojure.tools.logging :as log] [solita.etp.db :as db] + [solita.etp.exception :as exception] [solita.etp.service.complete-energiatodistus :as complete-energiatodistus-service] [solita.etp.service.energiatodistus :as energiatodistus-service] + [solita.etp.service.kayttaja :as kayttaja-service] + [solita.etp.service.rooli :as rooli-service] [solita.etp.service.liite :as liite-service] [solita.etp.service.file :as file] [solita.etp.service.viesti :as viesti-service])) @@ -117,7 +120,10 @@ (->> (energiatodistus-destruction-db/select-expired-energiatodistus-ids db) (map :energiatodistus-id))) -(defn destroy-expired-energiatodistukset! [db aws-s3-client] +(defn destroy-expired-energiatodistukset! [db aws-s3-client whoami] + (when-not (and (rooli-service/system? whoami) + (= (:id whoami) (kayttaja-service/system-kayttaja :expiration))) + (exception/throw-forbidden! (str "Can not run destruction of expired todistukset as whoami (id: " (:id whoami) ") (rooli: " (:rooli whoami) ")"))) (log/info (str "Destruction of expired energiatodistukset initiated.")) (let [expired-todistukset-ids (get-currently-expired-todistus-ids db)] (run! #(destroy-expired-energiatodistus! db aws-s3-client %) expired-todistukset-ids))) diff --git a/etp-core/etp-backend/src/test/clj/solita/etp/service/energiatodistus_destruction_test.clj b/etp-core/etp-backend/src/test/clj/solita/etp/service/energiatodistus_destruction_test.clj index 01b4ed91b..504bca0e3 100644 --- a/etp-core/etp-backend/src/test/clj/solita/etp/service/energiatodistus_destruction_test.clj +++ b/etp-core/etp-backend/src/test/clj/solita/etp/service/energiatodistus_destruction_test.clj @@ -6,6 +6,7 @@ [solita.etp.service.valvonta-oikeellisuus :as valvonta-oikeellisuus-service] [solita.etp.service.energiatodistus-destruction :as service] [solita.etp.service.viesti-test :as viesti-test] + [solita.etp.service.kayttaja :as kayttaja-service] [solita.etp.service.file :as file-service] [solita.etp.service.liite :as liite-service] [solita.etp.service.viesti :as viesti-service] @@ -19,6 +20,8 @@ (t/use-fixtures :each ts/fixture) +(def system-expiration-user {:id (kayttaja-service/system-kayttaja :expiration) :rooli -1}) + (defn file-exists? [file-key] (file-service/file-exists? ts/*aws-s3-client* file-key)) (defn update-energiatodistus! [energiatodistus-id energiatodistus laatija-id] @@ -188,7 +191,7 @@ (t/is (false? (file-service/file-exists? ts/*aws-s3-client* lang-mu-pdf-sv-key)))) (expire-energiatodistus! energiatodistus-id-fi) - (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client*) + (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client* system-expiration-user) (t/testing "Finnish version PDF should not exist after deleting it." (t/is (true? (file-service/file-exists? ts/*aws-s3-client* control-pdf-fi-key))) @@ -214,7 +217,7 @@ (t/is (false? (file-service/file-exists? ts/*aws-s3-client* lang-mu-pdf-sv-key)))) (expire-energiatodistus! energiatodistus-id-sv) - (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client*) + (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client* system-expiration-user) (t/testing "Swedish version PDF should not exist after deleting it." (t/is (true? (file-service/file-exists? ts/*aws-s3-client* control-pdf-fi-key))) @@ -240,7 +243,7 @@ (t/is (true? (file-service/file-exists? ts/*aws-s3-client* lang-mu-pdf-sv-key)))) (expire-energiatodistus! energiatodistus-id-mu) - (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client*) + (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client* system-expiration-user) (t/testing "Multilingual version PDFs should not exist after deleting it." (t/is (true? (file-service/file-exists? ts/*aws-s3-client* control-pdf-fi-key))) @@ -283,7 +286,7 @@ [id-1] ids get-et-1 #(first (select-energiatodistus id-1))] (expire-energiatodistus! id-1) - (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client*) + (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client* system-expiration-user) (t/testing "The values are anonymized." (t/is (empty? (->> (get-et-1) (collect-invalid-keys-for-destroyed-energiatodistus) @@ -302,7 +305,7 @@ get-et-2-audit-information #(select-audit-information id-2)] (t/testing "There was some audit information before deletion." (t/is (not (empty? (get-et-1-audit-information))))) - (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client*) + (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client* system-expiration-user) (t/testing "The audit data for et-1 still exists as it is not expired." (t/is (not (empty? (get-et-1-audit-information))))) (t/testing "The audit data for et-2 is destroyed as it is expired." @@ -371,7 +374,7 @@ (t/is (not (empty? (select-notes-audit energiatodistus-id-1))))) (expire-energiatodistus! energiatodistus-id-1) - (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client*) + (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client* system-expiration-user) (t/testing "There are no more toimenpiteet after deletion." (t/is (empty? (get-vo-toimenpiteet energiatodistus-id-1)))) @@ -450,7 +453,7 @@ ;; Destroy et-1 liiteet (expire-energiatodistus! energiatodistus-id-1) - (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client*) + (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client* system-expiration-user) (t/testing "The liitteet for energiatodistus-1 are deleted but exist for energiatodistus-2" (let [liitteet-1-in-db (select-liitteet energiatodistus-id-1) @@ -556,7 +559,7 @@ (t/is (not (empty? (select-viesti-liite-audit viestiketju-2-id))))) (expire-energiatodistus! energiatodistus-id-1) - (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client*) + (service/destroy-expired-energiatodistukset! ts/*db* ts/*aws-s3-client* system-expiration-user) (t/testing "Only viestiketju 2 exists after deletion" (t/is (empty? (select-viestiketju viestiketju-1-id)))