feat: fixed grant and revoke and added me endpoints (#62)

onecx · Jun 3, 2024 · 5aa4689 · 5aa4689
1 parent f38399d
commit 5aa4689
Show file tree

Hide file tree

Showing 12 changed files with 198 additions and 11 deletions.
diff --git a/src/main/java/org/tkit/onecx/permission/domain/daos/AssignmentDAO.java b/src/main/java/org/tkit/onecx/permission/domain/daos/AssignmentDAO.java
@@ -73,7 +73,7 @@ public void deleteByRoleId(String roleId) {
             var dq = this.deleteQuery();
             var root = dq.from(Assignment.class);
             dq.where(cb.and(cb.equal(root.get(Assignment_.ROLE_ID), roleId),
-                    cb.notEqual(root.get(Assignment_.MANDATORY), true)));
+                    cb.or(cb.equal(root.get(Assignment_.MANDATORY), false), root.get(Assignment_.MANDATORY).isNull())));
             this.getEntityManager().createQuery(dq).executeUpdate();
         } catch (Exception ex) {
             throw new DAOException(ErrorKeys.ERROR_DELETE_BY_ROLE_ID, ex);
@@ -100,7 +100,7 @@ public void deleteByPermissionId(String permissionId) {
             var dq = this.deleteQuery();
             var root = dq.from(Assignment.class);
             dq.where(cb.and(cb.equal(root.get(Assignment_.PERMISSION).get(TraceableEntity_.ID), permissionId),
-                    cb.notEqual(root.get(Assignment_.MANDATORY), true)));
+                    cb.or(cb.equal(root.get(Assignment_.MANDATORY), false), root.get(Assignment_.MANDATORY).isNull())));
             this.getEntityManager().createQuery(dq).executeUpdate();
         } catch (Exception ex) {
             throw new DAOException(ErrorKeys.ERROR_DELETE_BY_PERMISSION_ID, ex);

diff --git a/src/main/java/org/tkit/onecx/permission/domain/daos/PermissionDAO.java b/src/main/java/org/tkit/onecx/permission/domain/daos/PermissionDAO.java
@@ -124,6 +124,25 @@ public List<Permission> findPermissionForUser(String productName, String appId,
         }
     }
 
+    public PageResult<Permission> findUsersPermissions(List<String> roles, int pageNumber, int pageSize) {
+        try {
+            var cb = this.getEntityManager().getCriteriaBuilder();
+            var cq = cb.createQuery(Permission.class);
+            var root = cq.from(Permission.class);
+
+            Subquery<String> sq = cq.subquery(String.class);
+            var subRoot = sq.from(Assignment.class);
+            sq.select(subRoot.get(Assignment_.PERMISSION_ID));
+            sq.where(
+                    subRoot.get(Assignment_.role).get(Role_.name).in(roles));
+            cq.where(root.get(TraceableEntity_.id).in(sq));
+
+            return createPageQuery(cq, Page.of(pageNumber, pageSize)).getPageResult();
+        } catch (Exception ex) {
+            throw new DAOException(ErrorKeys.ERROR_FIND_PERMISSION_FOR_USER, ex);
+        }
+    }
+
     public enum ErrorKeys {
 
         ERROR_FIND_BY_PRODUCT_NAMES_NOT_PERMISSIONS,

diff --git a/src/main/java/org/tkit/onecx/permission/domain/daos/RoleDAO.java b/src/main/java/org/tkit/onecx/permission/domain/daos/RoleDAO.java
@@ -63,6 +63,19 @@ public PageResult<Role> findByCriteria(RoleSearchCriteria criteria) {
         }
     }
 
+    public PageResult<Role> findUsersRoles(List<String> tokenRoles, int pageNumber, int pageSize) {
+        try {
+            var cb = this.getEntityManager().getCriteriaBuilder();
+            var cq = cb.createQuery(Role.class);
+            var root = cq.from(Role.class);
+            cq.where(root.get(Role_.name).in(tokenRoles));
+
+            return createPageQuery(cq, Page.of(pageNumber, pageSize)).getPageResult();
+        } catch (Exception ex) {
+            throw new DAOException(ErrorKeys.ERROR_FIND_USER_ROLES, ex);
+        }
+    }
+
     public List<Role> findByNames(Set<String> names) {
         try {
             var cb = this.getEntityManager().getCriteriaBuilder();
@@ -78,6 +91,7 @@ public List<Role> findByNames(Set<String> names) {
     public enum ErrorKeys {
 
         FIND_ENTITY_BY_ID_FAILED,
-        ERROR_FIND_ROLE_BY_CRITERIA;
+        ERROR_FIND_ROLE_BY_CRITERIA,
+        ERROR_FIND_USER_ROLES
     }
 }
diff --git a/...main/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestController.java b/...main/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestController.java
@@ -9,18 +9,17 @@
 
 import org.jboss.resteasy.reactive.RestResponse;
 import org.jboss.resteasy.reactive.server.ServerExceptionMapper;
+import org.tkit.onecx.permission.common.services.TokenService;
 import org.tkit.onecx.permission.domain.daos.PermissionDAO;
 import org.tkit.onecx.permission.domain.services.PermissionService;
 import org.tkit.onecx.permission.rs.internal.mappers.ExceptionMapper;
 import org.tkit.onecx.permission.rs.internal.mappers.PermissionMapper;
 import org.tkit.quarkus.jpa.exceptions.ConstraintException;
+import org.tkit.quarkus.log.cdi.LogExclude;
 import org.tkit.quarkus.log.cdi.LogService;
 
 import gen.org.tkit.onecx.permission.rs.internal.PermissionInternalApi;
-import gen.org.tkit.onecx.permission.rs.internal.model.CreatePermissionRequestDTO;
-import gen.org.tkit.onecx.permission.rs.internal.model.PermissionSearchCriteriaDTO;
-import gen.org.tkit.onecx.permission.rs.internal.model.ProblemDetailResponseDTO;
-import gen.org.tkit.onecx.permission.rs.internal.model.UpdatePermissionRequestDTO;
+import gen.org.tkit.onecx.permission.rs.internal.model.*;
 
 @LogService
 @ApplicationScoped
@@ -41,6 +40,12 @@ public class PermissionRestController implements PermissionInternalApi {
     @Inject
     PermissionService service;
 
+    @Inject
+    TokenService tokenService;
+
+    @Inject
+    PermissionDAO permissionDAO;
+
     @Override
     public Response createPermission(CreatePermissionRequestDTO createPermissionRequestDTO) {
         var permission = mapper.create(createPermissionRequestDTO);
@@ -83,6 +88,15 @@ public Response updatePermission(String id, UpdatePermissionRequestDTO updatePer
         return Response.ok(mapper.map(permission)).build();
     }
 
+    @Override
+    public Response getUsersPermissions(
+            @LogExclude PermissionRequestDTO permissionRequestDTO) {
+        var roles = tokenService.getTokenRoles(permissionRequestDTO.getToken());
+        var permissions = permissionDAO.findUsersPermissions(roles, permissionRequestDTO.getPageNumber(),
+                permissionRequestDTO.getPageSize());
+        return Response.ok(mapper.map(permissions)).build();
+    }
+
     @ServerExceptionMapper
     public RestResponse<ProblemDetailResponseDTO> constraint(ConstraintViolationException ex) {
         return exceptionMapper.constraint(ex);

diff --git a/src/main/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestController.java b/src/main/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestController.java
@@ -10,18 +10,17 @@
 
 import org.jboss.resteasy.reactive.RestResponse;
 import org.jboss.resteasy.reactive.server.ServerExceptionMapper;
+import org.tkit.onecx.permission.common.services.TokenService;
 import org.tkit.onecx.permission.domain.daos.RoleDAO;
 import org.tkit.onecx.permission.domain.services.RoleService;
 import org.tkit.onecx.permission.rs.internal.mappers.ExceptionMapper;
 import org.tkit.onecx.permission.rs.internal.mappers.RoleMapper;
 import org.tkit.quarkus.jpa.exceptions.ConstraintException;
+import org.tkit.quarkus.log.cdi.LogExclude;
 import org.tkit.quarkus.log.cdi.LogService;
 
 import gen.org.tkit.onecx.permission.rs.internal.RoleInternalApi;
-import gen.org.tkit.onecx.permission.rs.internal.model.CreateRoleRequestDTO;
-import gen.org.tkit.onecx.permission.rs.internal.model.ProblemDetailResponseDTO;
-import gen.org.tkit.onecx.permission.rs.internal.model.RoleSearchCriteriaDTO;
-import gen.org.tkit.onecx.permission.rs.internal.model.UpdateRoleRequestDTO;
+import gen.org.tkit.onecx.permission.rs.internal.model.*;
 
 @LogService
 @ApplicationScoped
@@ -42,6 +41,9 @@ public class RoleRestController implements RoleInternalApi {
     @Inject
     RoleService service;
 
+    @Inject
+    TokenService tokenService;
+
     @Override
     public Response createRole(CreateRoleRequestDTO createRoleRequestDTO) {
         var role = mapper.create(createRoleRequestDTO);
@@ -85,6 +87,14 @@ public Response updateRole(String id, UpdateRoleRequestDTO updateRoleRequestDTO)
         return Response.ok(mapper.map(role)).build();
     }
 
+    @Override
+    public Response getUserRoles(
+            @LogExclude RoleRequestDTO roleRequestDTO) {
+        var roles = tokenService.getTokenRoles(roleRequestDTO.getToken());
+        var userRoles = dao.findUsersRoles(roles, roleRequestDTO.getPageNumber(), roleRequestDTO.getPageSize());
+        return Response.ok(mapper.mapPage(userRoles)).build();
+    }
+
     @ServerExceptionMapper
     public RestResponse<ProblemDetailResponseDTO> constraint(ConstraintViolationException ex) {
         return exceptionMapper.constraint(ex);

diff --git a/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/PermissionMapper.java b/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/PermissionMapper.java
@@ -42,4 +42,5 @@ public interface PermissionMapper {
     @Mapping(target = "controlTraceabilityManual", ignore = true)
     @Mapping(target = "persisted", ignore = true)
     void update(UpdatePermissionRequestDTO dto, @MappingTarget Permission permission);
+
 }
diff --git a/src/main/openapi/onecx-permission-internal-openapi.yaml b/src/main/openapi/onecx-permission-internal-openapi.yaml
@@ -379,6 +379,30 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/ProblemDetailResponse'
+  /internal/roles/me:
+    post:
+      tags:
+        - roleInternal
+      operationId: getUserRoles
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RoleRequest'
+      responses:
+        200:
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RolePageResult'
+        400:
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ProblemDetailResponse'
   /internal/permissions:
     post:
       tags:
@@ -502,6 +526,30 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/ProblemDetailResponse'
+  /internal/permissions/me:
+    post:
+      tags:
+        - permissionInternal
+      operationId: getUsersPermissions
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/PermissionRequest'
+      responses:
+        200:
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PermissionPageResult'
+        400:
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ProblemDetailResponse'
   /internal/applications/search:
     post:
       tags:
@@ -529,6 +577,40 @@ paths:
                 $ref: '#/components/schemas/ProblemDetailResponse'
 components:
   schemas:
+    PermissionRequest:
+      type: object
+      required:
+        - token
+      properties:
+        token:
+          type: string
+        pageNumber:
+          format: int32
+          description: The number of page.
+          default: 0
+          type: integer
+        pageSize:
+          format: int32
+          description: The size of page
+          default: 100
+          type: integer
+    RoleRequest:
+      type: object
+      required:
+        - token
+      properties:
+        token:
+          type: string
+        pageNumber:
+          format: int32
+          description: The number of page.
+          default: 0
+          type: integer
+        pageSize:
+          format: int32
+          description: The size of page
+          default: 100
+          type: integer
     AssignmentSearchCriteria:
       type: object
       properties:

diff --git a/src/test/java/org/tkit/onecx/permission/domain/daos/PermissionDAOTest.java b/src/test/java/org/tkit/onecx/permission/domain/daos/PermissionDAOTest.java
@@ -27,6 +27,8 @@ void methodExceptionTests() {
                 PermissionDAO.ErrorKeys.ERROR_FIND_PERMISSION_BY_CRITERIA);
         methodExceptionTests(() -> dao.findAllExcludingGivenIds(null),
                 PermissionDAO.ErrorKeys.ERROR_FIND_NOT_BY_IDS);
+        methodExceptionTests(() -> dao.findUsersPermissions(null, 0, 0),
+                PermissionDAO.ErrorKeys.ERROR_FIND_PERMISSION_FOR_USER);
 
     }
 

diff --git a/src/test/java/org/tkit/onecx/permission/domain/daos/RoleDAOTest.java b/src/test/java/org/tkit/onecx/permission/domain/daos/RoleDAOTest.java
@@ -21,6 +21,8 @@ void methodExceptionTests() {
                 RoleDAO.ErrorKeys.FIND_ENTITY_BY_ID_FAILED);
         methodExceptionTests(() -> dao.findByCriteria(null),
                 RoleDAO.ErrorKeys.ERROR_FIND_ROLE_BY_CRITERIA);
+        methodExceptionTests(() -> dao.findUsersRoles(null, 0, 0),
+                RoleDAO.ErrorKeys.ERROR_FIND_USER_ROLES);
     }
 
 }
diff --git a/.../java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerTest.java b/.../java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerTest.java
@@ -255,6 +255,13 @@ void grantAssignmentByRole() {
                 .then()
                 .statusCode(CREATED.getStatusCode());
 
+        given()
+                .when()
+                .contentType(APPLICATION_JSON)
+                .post("/grant/r14")
+                .then()
+                .statusCode(CREATED.getStatusCode());
+
         var idToken = createToken("org1", List.of("n3-100"));
         given()
                 .when()

diff --git a/.../java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerTest.java b/.../java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerTest.java
@@ -241,4 +241,22 @@ void getPermissionTest() {
                 .then()
                 .statusCode(NOT_FOUND.getStatusCode());
     }
+
+    @Test
+    void getUsersPermissionsTest() {
+
+        // bearer prefix
+        var accessToken = createAccessTokenBearer(USER_ALICE);
+
+        var dto = given()
+                .contentType(APPLICATION_JSON)
+                .body(new PermissionRequestDTO().token(accessToken).pageNumber(0).pageSize(10))
+                .post("/me")
+                .then()
+                .statusCode(OK.getStatusCode())
+                .extract()
+                .body().as(PermissionPageResultDTO.class);
+
+        assertThat(dto).isNotNull();
+    }
 }
diff --git a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestControllerTest.java b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestControllerTest.java
@@ -347,4 +347,22 @@ void updateRoleWithoutBodyTest() {
         Assertions.assertNotNull(exception.getInvalidParams());
         Assertions.assertEquals(1, exception.getInvalidParams().size());
     }
+
+    @Test
+    void getUserRolesTest() {
+
+        // bearer prefix
+        var accessToken = createAccessTokenBearer(USER_ALICE);
+
+        var dto = given()
+                .contentType(APPLICATION_JSON)
+                .body(new RoleRequestDTO().token(accessToken).pageNumber(0).pageSize(10))
+                .post("/me")
+                .then()
+                .statusCode(OK.getStatusCode())
+                .extract()
+                .body().as(RolePageResultDTO.class);
+
+        assertThat(dto).isNotNull();
+    }
 }