feat: added mandatory flags

onecx · May 13, 2024 · facdb93 · facdb93
1 parent 4134914
commit facdb93
Show file tree

Hide file tree

Showing 19 changed files with 151 additions and 18 deletions.
diff --git a/src/main/java/org/tkit/onecx/permission/domain/daos/AssignmentDAO.java b/src/main/java/org/tkit/onecx/permission/domain/daos/AssignmentDAO.java
@@ -146,7 +146,8 @@ public void deleteByCriteria(String roleId, List<String> productNames, String pe
                 predicates.add(cb.equal(root.get(Assignment_.PERMISSION).get(Permission_.APP_ID), appId));
             }
 
-            dq.where(cb.and(predicates.toArray(new Predicate[0])));
+            dq.where(cb.and(cb.and(predicates.toArray(new Predicate[0])),
+                    cb.notEqual(root.get(Assignment_.MANDATORY), Boolean.TRUE)));
 
             this.getEntityManager().createQuery(dq).executeUpdate();
         } catch (Exception ex) {

diff --git a/src/main/java/org/tkit/onecx/permission/domain/di/mappers/TemplateMapper.java b/src/main/java/org/tkit/onecx/permission/domain/di/mappers/TemplateMapper.java
@@ -20,6 +20,7 @@ public interface TemplateMapper {
     @Mapping(target = "persisted", ignore = true)
     Application createApplication(String productName, String appId, String name, String description);
 
+    @Mapping(target = "mandatory", ignore = true)
     @Mapping(target = "id", ignore = true)
     @Mapping(target = "creationDate", ignore = true)
     @Mapping(target = "creationUser", ignore = true)
@@ -30,6 +31,7 @@ public interface TemplateMapper {
     @Mapping(target = "persisted", ignore = true)
     Permission createPermission(String productName, String appId, String resource, String action, String description);
 
+    @Mapping(target = "mandatory", ignore = true)
     @Mapping(target = "id", ignore = true)
     @Mapping(target = "creationDate", ignore = true)
     @Mapping(target = "creationUser", ignore = true)
@@ -41,6 +43,7 @@ public interface TemplateMapper {
     @Mapping(target = "tenantId", ignore = true)
     Role createRole(String name, String description);
 
+    @Mapping(target = "mandatory", ignore = true)
     @Mapping(target = "id", ignore = true)
     @Mapping(target = "creationDate", ignore = true)
     @Mapping(target = "creationUser", ignore = true)

diff --git a/src/main/java/org/tkit/onecx/permission/domain/models/Assignment.java b/src/main/java/org/tkit/onecx/permission/domain/models/Assignment.java
@@ -35,6 +35,12 @@ public class Assignment extends TraceableEntity {
     @JoinColumn(name = "PERMISSION_ID")
     private Permission permission;
 
+    /**
+     * Flag to protect mandatory data
+     */
+    @Column(name = "MANDATORY")
+    private Boolean mandatory;
+
     @PostPersist
     void postPersist() {
         roleId = role.getId();

diff --git a/src/main/java/org/tkit/onecx/permission/domain/models/Permission.java b/src/main/java/org/tkit/onecx/permission/domain/models/Permission.java
@@ -40,4 +40,10 @@ public class Permission extends TraceableEntity {
     @Column(name = "DESCRIPTION")
     private String description;
 
+    /**
+     * Flag to protect mandatory data
+     */
+    @Column(name = "MANDATORY")
+    private Boolean mandatory;
+
 }
diff --git a/src/main/java/org/tkit/onecx/permission/domain/models/Role.java b/src/main/java/org/tkit/onecx/permission/domain/models/Role.java
@@ -33,4 +33,10 @@ public class Role extends TraceableEntity {
     @Column(name = "DESCRIPTION")
     private String description;
 
+    /**
+     * Flag to protect mandatory data
+     */
+    @Column(name = "MANDATORY")
+    private Boolean mandatory;
+
 }
diff --git a/src/main/java/org/tkit/onecx/permission/domain/services/PermissionService.java b/src/main/java/org/tkit/onecx/permission/domain/services/PermissionService.java
@@ -18,6 +18,10 @@ public class PermissionService {
 
     @Transactional
     public void deletePermission(String id) {
+        var permission = dao.findById(id);
+        if (permission != null && Boolean.TRUE.equals(permission.getMandatory())) {
+            return;
+        }
         assignmentDAO.deleteByPermissionId(id);
         dao.deleteQueryById(id);
     }

diff --git a/src/main/java/org/tkit/onecx/permission/domain/services/RoleService.java b/src/main/java/org/tkit/onecx/permission/domain/services/RoleService.java
@@ -18,6 +18,10 @@ public class RoleService {
 
     @Transactional
     public void deleteRole(String id) {
+        var role = dao.findById(id);
+        if (role != null && Boolean.TRUE.equals(role.getMandatory())) {
+            return;
+        }
         assignmentDAO.deleteByRoleId(id);
         dao.deleteQueryById(id);
     }

diff --git a/...main/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestController.java b/...main/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestController.java
@@ -142,7 +142,10 @@ public Response grantRoleProductsAssignments(String roleId,
 
     @Override
     public Response deleteAssignment(String id) {
-        dao.deleteQueryById(id);
+        var assignment = dao.findById(id);
+        if (assignment != null && !Boolean.TRUE.equals(assignment.getMandatory())) {
+            dao.deleteQueryById(id);
+        }
         return Response.noContent().build();
     }
 

diff --git a/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/AssignmentMapper.java b/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/AssignmentMapper.java
@@ -34,6 +34,7 @@ public interface AssignmentMapper {
     @Mapping(target = "tenantId", ignore = true)
     @Mapping(target = "roleId", ignore = true)
     @Mapping(target = "permissionId", ignore = true)
+    @Mapping(target = "mandatory", ignore = true)
     Assignment create(Role role, Permission permission);
 
     @Mapping(target = "appId", source = "permission.appId")

diff --git a/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/PermissionMapper.java b/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/PermissionMapper.java
@@ -20,6 +20,7 @@ public interface PermissionMapper {
 
     PermissionDTO map(Permission data);
 
+    @Mapping(target = "mandatory", ignore = true)
     @Mapping(target = "id", ignore = true)
     @Mapping(target = "creationDate", ignore = true)
     @Mapping(target = "creationUser", ignore = true)
@@ -30,6 +31,7 @@ public interface PermissionMapper {
     @Mapping(target = "persisted", ignore = true)
     Permission create(CreatePermissionRequestDTO dto);
 
+    @Mapping(target = "mandatory", ignore = true)
     @Mapping(target = "id", ignore = true)
     @Mapping(target = "creationDate", ignore = true)
     @Mapping(target = "creationUser", ignore = true)

diff --git a/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/RoleMapper.java b/src/main/java/org/tkit/onecx/permission/rs/internal/mappers/RoleMapper.java
@@ -18,6 +18,7 @@ public interface RoleMapper {
 
     RoleSearchCriteria map(RoleSearchCriteriaDTO dto);
 
+    @Mapping(target = "mandatory", ignore = true)
     @Mapping(target = "id", ignore = true)
     @Mapping(target = "creationDate", ignore = true)
     @Mapping(target = "creationUser", ignore = true)
@@ -31,6 +32,7 @@ public interface RoleMapper {
 
     RoleDTO map(Role data);
 
+    @Mapping(target = "mandatory", ignore = true)
     @Mapping(target = "id", ignore = true)
     @Mapping(target = "creationDate", ignore = true)
     @Mapping(target = "creationUser", ignore = true)

diff --git a/src/main/java/org/tkit/onecx/permission/rs/operator/v1/mappers/OperatorPermissionMapper.java b/src/main/java/org/tkit/onecx/permission/rs/operator/v1/mappers/OperatorPermissionMapper.java
@@ -52,6 +52,7 @@ default List<Permission> map(List<PermissionDTOV1> list, String appId, String pr
         return data;
     }
 
+    @Mapping(target = "mandatory", ignore = true)
     @Mapping(target = "id", ignore = true)
     @Mapping(target = "creationDate", ignore = true)
     @Mapping(target = "creationUser", ignore = true)

diff --git a/src/main/openapi/onecx-permission-internal-openapi.yaml b/src/main/openapi/onecx-permission-internal-openapi.yaml
@@ -582,6 +582,9 @@ components:
           type: string
         id:
           type: string
+        mandatory:
+          type: boolean
+          default: false
     UpdateRoleRequest:
       type: object
       required:
@@ -621,6 +624,9 @@ components:
           type: string
         description:
           type: string
+        mandatory:
+          type: boolean
+          default: false
     RolePageResult:
       type: object
       properties:
@@ -787,6 +793,9 @@ components:
           type: string
         description:
           type: string
+        mandatory:
+          type: boolean
+          default: false
     CreatePermissionRequest:
       type: object
       properties:

diff --git a/src/main/resources/db/changeLog.xml b/src/main/resources/db/changeLog.xml
@@ -6,5 +6,6 @@
     <include relativeToChangelogFile="true" file="v1/2024-01-04-create-tables.xml"/>
     <include relativeToChangelogFile="true" file="v1/2024-01-10-data-import-log.xml" />
     <include relativeToChangelogFile="true" file="v1/2024-04-09-constraint-and-index-fix.xml" />
+    <include relativeToChangelogFile="true" file="v1/2024-05-13-mandatory-flags.xml" />
 
 </databaseChangeLog>
diff --git a/src/main/resources/db/v1/2024-05-13-mandatory-flags.xml b/src/main/resources/db/v1/2024-05-13-mandatory-flags.xml
@@ -0,0 +1,19 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd"
+        objectQuotingStrategy="QUOTE_ONLY_RESERVED_WORDS">
+
+    <changeSet author="dev (generated)" id="1715590921454-1">
+        <addColumn tableName="assignment">
+            <column name="mandatory" type="bool"/>
+        </addColumn>
+        <addColumn tableName="permission">
+            <column name="mandatory" type="bool"/>
+        </addColumn>
+        <addColumn tableName="role">
+            <column name="mandatory" type="bool"/>
+        </addColumn>
+    </changeSet>
+</databaseChangeLog>
diff --git a/.../java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerTest.java b/.../java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerTest.java
@@ -130,6 +130,13 @@ void revokeAssignmentsByOnlyRoleIdTest() {
                 .then()
                 .statusCode(NOT_FOUND.getStatusCode());
 
+        //check if assignment with mandatory flag is still there
+        given()
+                .when()
+                .get("a13")
+                .then()
+                .statusCode(OK.getStatusCode());
+
         //not-exiting role id
         requestDTO.setRoleId("not-existing");
         given()
@@ -186,6 +193,23 @@ void revokeAssignmentsByRoleIdAndAppIdsTest() {
     @Test
     void revokeAssignmentsByAppIdTest() {
         var requestDTO = new RevokeAssignmentRequestDTO();
+        requestDTO.roleId("r13");
+        requestDTO.appId("app1");
+        given()
+                .when()
+                .contentType(APPLICATION_JSON)
+                .body(requestDTO)
+                .post("/revoke")
+                .then()
+                .statusCode(NO_CONTENT.getStatusCode());
+
+        //check if assignment is gone
+        given()
+                .when()
+                .get("a11")
+                .then()
+                .statusCode(NOT_FOUND.getStatusCode());
+
         requestDTO.roleId("r14");
         requestDTO.appId("app2");
         given()
@@ -196,12 +220,12 @@ void revokeAssignmentsByAppIdTest() {
                 .then()
                 .statusCode(NO_CONTENT.getStatusCode());
 
-        //check if assignment is gone
+        //check if assignment with mandatory flag is still there
         given()
                 .when()
                 .get("a13")
                 .then()
-                .statusCode(NOT_FOUND.getStatusCode());
+                .statusCode(OK.getStatusCode());
     }
 
     @Test
@@ -316,6 +340,19 @@ void deleteAssignmentTest() {
                 .then()
                 .statusCode(NOT_FOUND.getStatusCode());
 
+        // try to delete mandatory assignment
+        given()
+                .contentType(APPLICATION_JSON)
+                .delete("a13")
+                .then()
+                .statusCode(NO_CONTENT.getStatusCode());
+
+        // check Assignment
+        given()
+                .contentType(APPLICATION_JSON)
+                .get("a13")
+                .then()
+                .statusCode(OK.getStatusCode());
     }
 
     @Test

diff --git a/.../java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerTest.java b/.../java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerTest.java
@@ -154,6 +154,20 @@ void deletePermissionTest() {
                 .then()
                 .statusCode(NO_CONTENT.getStatusCode());
 
+        //try to delete mandatory permission
+        given()
+                .contentType(APPLICATION_JSON)
+                .delete("p13")
+                .then()
+                .statusCode(NO_CONTENT.getStatusCode());
+
+        // should still exist
+        given()
+                .contentType(APPLICATION_JSON)
+                .get("p13")
+                .then()
+                .statusCode(OK.getStatusCode());
+
     }
 
     @Test

diff --git a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestControllerTest.java b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestControllerTest.java
@@ -114,6 +114,19 @@ void deleteRoleTest() {
                 .then()
                 .statusCode(NO_CONTENT.getStatusCode());
 
+        // delete mandatory Role
+        given()
+                .contentType(APPLICATION_JSON)
+                .delete("r13")
+                .then()
+                .statusCode(NO_CONTENT.getStatusCode());
+
+        //check if role still exists
+        given()
+                .contentType(APPLICATION_JSON)
+                .get("r13")
+                .then().statusCode(OK.getStatusCode());
+
     }
 
     @Test

diff --git a/src/test/resources/data/test-internal.xml b/src/test/resources/data/test-internal.xml
@@ -5,29 +5,30 @@
     <APPLICATION guid="a2" optlock="0" app_id="app2" name="app2" description="app2" product_name="test1"/>
 
     <!-- PERMISSION -->
-    <PERMISSION guid="p11" optlock="0" app_id="app1" resource="o1" action="a1" product_name="test1"/>
-    <PERMISSION guid="p12" optlock="0" app_id="app1" resource="o1" action="a2" product_name="test1"/>
-    <PERMISSION guid="p13" optlock="0" app_id="app1" resource="o1" action="a3" product_name="test1"/>
+    <PERMISSION guid="p11" optlock="0" app_id="app1" resource="o1" action="a1" product_name="test1" mandatory=""/>
+    <PERMISSION guid="p12" optlock="0" app_id="app1" resource="o1" action="a2" product_name="test1" mandatory="false"/>
+    <PERMISSION guid="p13" optlock="0" app_id="app1" resource="o1" action="a3" product_name="test1" mandatory="true"/>
 
-    <PERMISSION guid="p14" optlock="0" app_id="app1" resource="o2" action="a2" product_name="test1"/>
-    <PERMISSION guid="p15" optlock="0" app_id="app1" resource="o2" action="a3" product_name="test1"/>
+    <PERMISSION guid="p14" optlock="0" app_id="app1" resource="o2" action="a2" product_name="test1" mandatory=""/>
+    <PERMISSION guid="p15" optlock="0" app_id="app1" resource="o2" action="a3" product_name="test1" mandatory="false"/>
 
-    <PERMISSION guid="p21" optlock="0" app_id="app2" resource="o1" action="a1" product_name="test1"/>
-    <PERMISSION guid="p22" optlock="0" app_id="app2" resource="o1" action="a2" product_name="test1"/>
+    <PERMISSION guid="p21" optlock="0" app_id="app2" resource="o1" action="a1" product_name="test1" mandatory="false"/>
+    <PERMISSION guid="p22" optlock="0" app_id="app2" resource="o1" action="a2" product_name="test1" mandatory="false"/>
 
-    <ROLE guid="r11" optlock="0" name="n1" description="d1" tenant_id="default"/>
-    <ROLE guid="r12" optlock="0" name="n2" description="d1" tenant_id="default"/>
-    <ROLE guid="r13" optlock="0" name="n3" description="d1" tenant_id="default"/>
-    <ROLE guid="r14" optlock="0" name="n4" description="d1" tenant_id="default"/>
+    <ROLE guid="r11" optlock="0" name="n1" description="d1" tenant_id="default" mandatory="false"/>
+    <ROLE guid="r12" optlock="0" name="n2" description="d1" tenant_id="default" mandatory=""/>
+    <ROLE guid="r13" optlock="0" name="n3" description="d1" tenant_id="default" mandatory="true"/>
+    <ROLE guid="r14" optlock="0" name="n4" description="d1" tenant_id="default" mandatory="false"/>
 
     <ROLE guid="r21" optlock="0" name="n1" description="d1" tenant_id="100"/>
     <ROLE guid="r22" optlock="0" name="n2" description="d1" tenant_id="100"/>
     <ROLE guid="r23" optlock="0" name="n3" description="d1" tenant_id="100"/>
     <ROLE guid="r24" optlock="0" name="n4" description="d1" tenant_id="100"/>
 
-    <ASSIGNMENT guid="a11" optlock="0" permission_id="p13" role_id="r13" tenant_id="default"/>
-    <ASSIGNMENT guid="a12" optlock="0" permission_id="p13" role_id="r14" tenant_id="default"/>
+    <ASSIGNMENT guid="a11" optlock="0" permission_id="p13" role_id="r13" tenant_id="default" mandatory="false"/>
+    <ASSIGNMENT guid="a12" optlock="0" permission_id="p13" role_id="r14" tenant_id="default" mandatory="false"/>
+
+    <ASSIGNMENT guid="a13" optlock="0" permission_id="p21" role_id="r14" tenant_id="default" mandatory="true"/>
 
-    <ASSIGNMENT guid="a13" optlock="0" permission_id="p21" role_id="r14" tenant_id="default"/>
 
 </dataset>