diff --git a/src/main/java/org/tkit/onecx/permission/domain/daos/AssignmentDAO.java b/src/main/java/org/tkit/onecx/permission/domain/daos/AssignmentDAO.java index aea43f6..3ca8c29 100644 --- a/src/main/java/org/tkit/onecx/permission/domain/daos/AssignmentDAO.java +++ b/src/main/java/org/tkit/onecx/permission/domain/daos/AssignmentDAO.java @@ -73,7 +73,7 @@ public void deleteByRoleId(String roleId) { var dq = this.deleteQuery(); var root = dq.from(Assignment.class); dq.where(cb.and(cb.equal(root.get(Assignment_.ROLE_ID), roleId), - cb.notEqual(root.get(Assignment_.MANDATORY), true))); + cb.or(cb.equal(root.get(Assignment_.MANDATORY), false), root.get(Assignment_.MANDATORY).isNull()))); this.getEntityManager().createQuery(dq).executeUpdate(); } catch (Exception ex) { throw new DAOException(ErrorKeys.ERROR_DELETE_BY_ROLE_ID, ex); @@ -100,7 +100,7 @@ public void deleteByPermissionId(String permissionId) { var dq = this.deleteQuery(); var root = dq.from(Assignment.class); dq.where(cb.and(cb.equal(root.get(Assignment_.PERMISSION).get(TraceableEntity_.ID), permissionId), - cb.notEqual(root.get(Assignment_.MANDATORY), true))); + cb.or(cb.equal(root.get(Assignment_.MANDATORY), false), root.get(Assignment_.MANDATORY).isNull()))); this.getEntityManager().createQuery(dq).executeUpdate(); } catch (Exception ex) { throw new DAOException(ErrorKeys.ERROR_DELETE_BY_PERMISSION_ID, ex); diff --git a/src/main/java/org/tkit/onecx/permission/domain/daos/PermissionDAO.java b/src/main/java/org/tkit/onecx/permission/domain/daos/PermissionDAO.java index 4944915..7771f78 100644 --- a/src/main/java/org/tkit/onecx/permission/domain/daos/PermissionDAO.java +++ b/src/main/java/org/tkit/onecx/permission/domain/daos/PermissionDAO.java @@ -124,6 +124,25 @@ public List findPermissionForUser(String productName, String appId, } } + public PageResult findUsersPermissions(List roles, int pageNumber, int pageSize) { + try { + var cb = this.getEntityManager().getCriteriaBuilder(); + var cq = cb.createQuery(Permission.class); + var root = cq.from(Permission.class); + + Subquery sq = cq.subquery(String.class); + var subRoot = sq.from(Assignment.class); + sq.select(subRoot.get(Assignment_.PERMISSION_ID)); + sq.where( + subRoot.get(Assignment_.role).get(Role_.name).in(roles)); + cq.where(root.get(TraceableEntity_.id).in(sq)); + + return createPageQuery(cq, Page.of(pageNumber, pageSize)).getPageResult(); + } catch (Exception ex) { + throw new DAOException(ErrorKeys.ERROR_FIND_PERMISSION_FOR_USER, ex); + } + } + public enum ErrorKeys { ERROR_FIND_BY_PRODUCT_NAMES_NOT_PERMISSIONS, diff --git a/src/main/java/org/tkit/onecx/permission/domain/daos/RoleDAO.java b/src/main/java/org/tkit/onecx/permission/domain/daos/RoleDAO.java index 235562c..2e0a4d8 100644 --- a/src/main/java/org/tkit/onecx/permission/domain/daos/RoleDAO.java +++ b/src/main/java/org/tkit/onecx/permission/domain/daos/RoleDAO.java @@ -63,6 +63,19 @@ public PageResult findByCriteria(RoleSearchCriteria criteria) { } } + public PageResult findUsersRoles(List tokenRoles, int pageNumber, int pageSize) { + try { + var cb = this.getEntityManager().getCriteriaBuilder(); + var cq = cb.createQuery(Role.class); + var root = cq.from(Role.class); + cq.where(root.get(Role_.name).in(tokenRoles)); + + return createPageQuery(cq, Page.of(pageNumber, pageSize)).getPageResult(); + } catch (Exception ex) { + throw new DAOException(ErrorKeys.ERROR_FIND_USER_ROLES, ex); + } + } + public List findByNames(Set names) { try { var cb = this.getEntityManager().getCriteriaBuilder(); @@ -78,6 +91,7 @@ public List findByNames(Set names) { public enum ErrorKeys { FIND_ENTITY_BY_ID_FAILED, - ERROR_FIND_ROLE_BY_CRITERIA; + ERROR_FIND_ROLE_BY_CRITERIA, + ERROR_FIND_USER_ROLES } } diff --git a/src/main/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestController.java b/src/main/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestController.java index 48c84aa..7f448a0 100644 --- a/src/main/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestController.java +++ b/src/main/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestController.java @@ -9,18 +9,17 @@ import org.jboss.resteasy.reactive.RestResponse; import org.jboss.resteasy.reactive.server.ServerExceptionMapper; +import org.tkit.onecx.permission.common.services.TokenService; import org.tkit.onecx.permission.domain.daos.PermissionDAO; import org.tkit.onecx.permission.domain.services.PermissionService; import org.tkit.onecx.permission.rs.internal.mappers.ExceptionMapper; import org.tkit.onecx.permission.rs.internal.mappers.PermissionMapper; import org.tkit.quarkus.jpa.exceptions.ConstraintException; +import org.tkit.quarkus.log.cdi.LogExclude; import org.tkit.quarkus.log.cdi.LogService; import gen.org.tkit.onecx.permission.rs.internal.PermissionInternalApi; -import gen.org.tkit.onecx.permission.rs.internal.model.CreatePermissionRequestDTO; -import gen.org.tkit.onecx.permission.rs.internal.model.PermissionSearchCriteriaDTO; -import gen.org.tkit.onecx.permission.rs.internal.model.ProblemDetailResponseDTO; -import gen.org.tkit.onecx.permission.rs.internal.model.UpdatePermissionRequestDTO; +import gen.org.tkit.onecx.permission.rs.internal.model.*; @LogService @ApplicationScoped @@ -41,6 +40,12 @@ public class PermissionRestController implements PermissionInternalApi { @Inject PermissionService service; + @Inject + TokenService tokenService; + + @Inject + PermissionDAO permissionDAO; + @Override public Response createPermission(CreatePermissionRequestDTO createPermissionRequestDTO) { var permission = mapper.create(createPermissionRequestDTO); @@ -83,6 +88,15 @@ public Response updatePermission(String id, UpdatePermissionRequestDTO updatePer return Response.ok(mapper.map(permission)).build(); } + @Override + public Response getUsersPermissions( + @LogExclude PermissionRequestDTO permissionRequestDTO) { + var roles = tokenService.getTokenRoles(permissionRequestDTO.getToken()); + var permissions = permissionDAO.findUsersPermissions(roles, permissionRequestDTO.getPageNumber(), + permissionRequestDTO.getPageSize()); + return Response.ok(mapper.map(permissions)).build(); + } + @ServerExceptionMapper public RestResponse constraint(ConstraintViolationException ex) { return exceptionMapper.constraint(ex); diff --git a/src/main/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestController.java b/src/main/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestController.java index 05edc60..8f08381 100644 --- a/src/main/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestController.java +++ b/src/main/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestController.java @@ -10,18 +10,17 @@ import org.jboss.resteasy.reactive.RestResponse; import org.jboss.resteasy.reactive.server.ServerExceptionMapper; +import org.tkit.onecx.permission.common.services.TokenService; import org.tkit.onecx.permission.domain.daos.RoleDAO; import org.tkit.onecx.permission.domain.services.RoleService; import org.tkit.onecx.permission.rs.internal.mappers.ExceptionMapper; import org.tkit.onecx.permission.rs.internal.mappers.RoleMapper; import org.tkit.quarkus.jpa.exceptions.ConstraintException; +import org.tkit.quarkus.log.cdi.LogExclude; import org.tkit.quarkus.log.cdi.LogService; import gen.org.tkit.onecx.permission.rs.internal.RoleInternalApi; -import gen.org.tkit.onecx.permission.rs.internal.model.CreateRoleRequestDTO; -import gen.org.tkit.onecx.permission.rs.internal.model.ProblemDetailResponseDTO; -import gen.org.tkit.onecx.permission.rs.internal.model.RoleSearchCriteriaDTO; -import gen.org.tkit.onecx.permission.rs.internal.model.UpdateRoleRequestDTO; +import gen.org.tkit.onecx.permission.rs.internal.model.*; @LogService @ApplicationScoped @@ -42,6 +41,9 @@ public class RoleRestController implements RoleInternalApi { @Inject RoleService service; + @Inject + TokenService tokenService; + @Override public Response createRole(CreateRoleRequestDTO createRoleRequestDTO) { var role = mapper.create(createRoleRequestDTO); @@ -85,6 +87,14 @@ public Response updateRole(String id, UpdateRoleRequestDTO updateRoleRequestDTO) return Response.ok(mapper.map(role)).build(); } + @Override + public Response getUserRoles( + @LogExclude RoleRequestDTO roleRequestDTO) { + var roles = tokenService.getTokenRoles(roleRequestDTO.getToken()); + var userRoles = dao.findUsersRoles(roles, roleRequestDTO.getPageNumber(), roleRequestDTO.getPageSize()); + return Response.ok(mapper.mapPage(userRoles)).build(); + } + @ServerExceptionMapper public RestResponse constraint(ConstraintViolationException ex) { return exceptionMapper.constraint(ex); diff --git a/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/PermissionMapper.java b/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/PermissionMapper.java index 7327c24..5443553 100644 --- a/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/PermissionMapper.java +++ b/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/PermissionMapper.java @@ -42,4 +42,5 @@ public interface PermissionMapper { @Mapping(target = "controlTraceabilityManual", ignore = true) @Mapping(target = "persisted", ignore = true) void update(UpdatePermissionRequestDTO dto, @MappingTarget Permission permission); + } diff --git a/src/main/openapi/onecx-permission-internal-openapi.yaml b/src/main/openapi/onecx-permission-internal-openapi.yaml index b213ada..d1592d1 100644 --- a/src/main/openapi/onecx-permission-internal-openapi.yaml +++ b/src/main/openapi/onecx-permission-internal-openapi.yaml @@ -379,6 +379,30 @@ paths: application/json: schema: $ref: '#/components/schemas/ProblemDetailResponse' + /internal/roles/me: + post: + tags: + - roleInternal + operationId: getUserRoles + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/RoleRequest' + responses: + 200: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/RolePageResult' + 400: + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/ProblemDetailResponse' /internal/permissions: post: tags: @@ -502,6 +526,30 @@ paths: application/json: schema: $ref: '#/components/schemas/ProblemDetailResponse' + /internal/permissions/me: + post: + tags: + - permissionInternal + operationId: getUsersPermissions + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/PermissionRequest' + responses: + 200: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/PermissionPageResult' + 400: + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/ProblemDetailResponse' /internal/applications/search: post: tags: @@ -529,6 +577,40 @@ paths: $ref: '#/components/schemas/ProblemDetailResponse' components: schemas: + PermissionRequest: + type: object + required: + - token + properties: + token: + type: string + pageNumber: + format: int32 + description: The number of page. + default: 0 + type: integer + pageSize: + format: int32 + description: The size of page + default: 100 + type: integer + RoleRequest: + type: object + required: + - token + properties: + token: + type: string + pageNumber: + format: int32 + description: The number of page. + default: 0 + type: integer + pageSize: + format: int32 + description: The size of page + default: 100 + type: integer AssignmentSearchCriteria: type: object properties: diff --git a/src/test/java/org/tkit/onecx/permission/domain/daos/PermissionDAOTest.java b/src/test/java/org/tkit/onecx/permission/domain/daos/PermissionDAOTest.java index a0ece67..746d261 100644 --- a/src/test/java/org/tkit/onecx/permission/domain/daos/PermissionDAOTest.java +++ b/src/test/java/org/tkit/onecx/permission/domain/daos/PermissionDAOTest.java @@ -27,6 +27,8 @@ void methodExceptionTests() { PermissionDAO.ErrorKeys.ERROR_FIND_PERMISSION_BY_CRITERIA); methodExceptionTests(() -> dao.findAllExcludingGivenIds(null), PermissionDAO.ErrorKeys.ERROR_FIND_NOT_BY_IDS); + methodExceptionTests(() -> dao.findUsersPermissions(null, 0, 0), + PermissionDAO.ErrorKeys.ERROR_FIND_PERMISSION_FOR_USER); } diff --git a/src/test/java/org/tkit/onecx/permission/domain/daos/RoleDAOTest.java b/src/test/java/org/tkit/onecx/permission/domain/daos/RoleDAOTest.java index b66e801..a8bf9e7 100644 --- a/src/test/java/org/tkit/onecx/permission/domain/daos/RoleDAOTest.java +++ b/src/test/java/org/tkit/onecx/permission/domain/daos/RoleDAOTest.java @@ -21,6 +21,8 @@ void methodExceptionTests() { RoleDAO.ErrorKeys.FIND_ENTITY_BY_ID_FAILED); methodExceptionTests(() -> dao.findByCriteria(null), RoleDAO.ErrorKeys.ERROR_FIND_ROLE_BY_CRITERIA); + methodExceptionTests(() -> dao.findUsersRoles(null, 0, 0), + RoleDAO.ErrorKeys.ERROR_FIND_USER_ROLES); } } diff --git a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerTest.java b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerTest.java index 44b98ac..d24fbb4 100644 --- a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerTest.java +++ b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerTest.java @@ -255,6 +255,13 @@ void grantAssignmentByRole() { .then() .statusCode(CREATED.getStatusCode()); + given() + .when() + .contentType(APPLICATION_JSON) + .post("/grant/r14") + .then() + .statusCode(CREATED.getStatusCode()); + var idToken = createToken("org1", List.of("n3-100")); given() .when() diff --git a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerTest.java b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerTest.java index 7776c04..b698d46 100644 --- a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerTest.java +++ b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerTest.java @@ -241,4 +241,22 @@ void getPermissionTest() { .then() .statusCode(NOT_FOUND.getStatusCode()); } + + @Test + void getUsersPermissionsTest() { + + // bearer prefix + var accessToken = createAccessTokenBearer(USER_ALICE); + + var dto = given() + .contentType(APPLICATION_JSON) + .body(new PermissionRequestDTO().token(accessToken).pageNumber(0).pageSize(10)) + .post("/me") + .then() + .statusCode(OK.getStatusCode()) + .extract() + .body().as(PermissionPageResultDTO.class); + + assertThat(dto).isNotNull(); + } } diff --git a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestControllerTest.java b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestControllerTest.java index 419d406..bcbbf06 100644 --- a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestControllerTest.java +++ b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestControllerTest.java @@ -347,4 +347,22 @@ void updateRoleWithoutBodyTest() { Assertions.assertNotNull(exception.getInvalidParams()); Assertions.assertEquals(1, exception.getInvalidParams().size()); } + + @Test + void getUserRolesTest() { + + // bearer prefix + var accessToken = createAccessTokenBearer(USER_ALICE); + + var dto = given() + .contentType(APPLICATION_JSON) + .body(new RoleRequestDTO().token(accessToken).pageNumber(0).pageSize(10)) + .post("/me") + .then() + .statusCode(OK.getStatusCode()) + .extract() + .body().as(RolePageResultDTO.class); + + assertThat(dto).isNotNull(); + } } \ No newline at end of file