Merge branch 'RED-9351' into 'master'
RED-9351 - Redaction skipped after changing only type + paragraph Closes RED-9351 See merge request redactmanager/persistence-service!546
This commit is contained in:
Corina Olariu
commit
08c8d65f3c
@ -22,6 +22,7 @@ import com.iqser.red.service.persistence.service.v2.api.external.model.Component
|
||||
import com.iqser.red.service.persistence.service.v2.api.external.model.FileComponents;
|
||||
import com.iqser.red.service.persistence.service.v2.api.external.model.FileComponentsList;
|
||||
import com.iqser.red.service.persistence.service.v2.api.external.resource.ComponentResource;
|
||||
import com.knecon.fforesight.keycloakcommons.security.KeycloakSecurity;
|
||||
|
||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||
import lombok.AccessLevel;
|
||||
@ -48,6 +49,7 @@ public class ComponentControllerV2 implements ComponentResource {
|
||||
@RequestParam(name = INCLUDE_DETAILS_PARAM, defaultValue = "false", required = false) boolean includeDetails) {
|
||||
|
||||
dossierTemplatePersistenceService.checkDossierTemplateExistsOrElseThrow404(dossierTemplateId);
|
||||
componentLogService.validateUserRoles(KeycloakSecurity.getUserId());
|
||||
var componentLog = componentLogService.getComponentLog(dossierId, fileId, true);
|
||||
|
||||
return componentMapper.toFileComponents(componentLog, dossierTemplateId, dossierId, fileId, fileStatusService.getFileName(fileId), includeDetails);
|
||||
|
||||
@ -112,15 +112,11 @@ public final class ApplicationRoles {
|
||||
public static final String RED_ADMIN_ROLE = "RED_ADMIN";
|
||||
public static final String RED_USER_ADMIN_ROLE = "RED_USER_ADMIN";
|
||||
|
||||
public static final Set<String> VALID_MEMBER_ROLES = Set.of(ApplicationRoles.RED_USER_ROLE, ApplicationRoles.RED_MANAGER_ROLE);
|
||||
|
||||
public static final Set<String> UNMAPPED_ACTION_ROLES = Sets.newHashSet(UNARCHIVE_DOSSIER, UPDATE_LICENSE, GET_RSS, USE_SUPPORT_CONTROLLER);
|
||||
|
||||
public static final Set<String> KNECON_ADMIN_ACTION_ROLES = Sets.newHashSet(READ_LICENSE,
|
||||
UPDATE_LICENSE,
|
||||
GET_TENANTS,
|
||||
CREATE_TENANT,
|
||||
READ_USERS,
|
||||
READ_ALL_USERS,
|
||||
WRITE_USERS,
|
||||
public static final Set<String> KNECON_ADMIN_ACTION_ROLES = Sets.newHashSet(READ_LICENSE, UPDATE_LICENSE, GET_TENANTS, CREATE_TENANT, READ_USERS, READ_ALL_USERS, WRITE_USERS,
|
||||
READ_SMTP_CONFIGURATION,
|
||||
WRITE_SMTP_CONFIGURATION,
|
||||
UNARCHIVE_DOSSIER,
|
||||
|
||||
@ -4,14 +4,19 @@ import java.util.ArrayList;
|
||||
import java.util.Comparator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import com.iqser.red.service.persistence.management.v1.processor.entity.dossier.ComponentDefinitionEntity;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.exception.NotAllowedException;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.roles.ApplicationRoles;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.AuditPersistenceService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.persistence.ComponentDefinitionPersistenceService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.users.UserService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.service.users.model.User;
|
||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.AuditCategory;
|
||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.analysislog.componentlog.ComponentLog;
|
||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.analysislog.componentlog.ComponentLogEntry;
|
||||
@ -32,6 +37,7 @@ public class ComponentLogService {
|
||||
private final ComponentLogMongoService componentLogMongoService;
|
||||
private final AuditPersistenceService auditPersistenceService;
|
||||
private final ComponentDefinitionPersistenceService componentDefinitionPersistenceService;
|
||||
private final UserService userService;
|
||||
|
||||
|
||||
public ComponentLog getComponentLog(String dossierId, String fileId, boolean includeOverrides) {
|
||||
@ -58,6 +64,19 @@ public class ComponentLogService {
|
||||
}
|
||||
|
||||
|
||||
public void validateUserRoles(String userId) {
|
||||
|
||||
Optional<User> userOptional = userService.getUserById(userId);
|
||||
if (userOptional.isPresent()) {
|
||||
if (userOptional.get().getRoles()
|
||||
.stream()
|
||||
.noneMatch(ApplicationRoles.VALID_MEMBER_ROLES::contains)) {
|
||||
throw new NotAllowedException("User doesn't have appropriate roles");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private ComponentLog sortComponentLogEntries(ComponentLog componentLog, List<String> orderedNames) {
|
||||
|
||||
List<ComponentLogEntry> componentLogEntries = componentLog.getComponentLogEntries();
|
||||
|
||||
@ -0,0 +1,57 @@
|
||||
package com.iqser.red.service.peristence.v1.server.integration.tests;
|
||||
|
||||
import org.junit.jupiter.api.Assertions;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.iqser.red.service.peristence.v1.server.integration.client.ComponentClient;
|
||||
import com.iqser.red.service.peristence.v1.server.integration.client.ComponentLogClient;
|
||||
import com.iqser.red.service.peristence.v1.server.integration.client.DossierTemplateClient;
|
||||
import com.iqser.red.service.peristence.v1.server.integration.service.DossierTesterAndProvider;
|
||||
import com.iqser.red.service.peristence.v1.server.integration.service.FileTesterAndProvider;
|
||||
import com.iqser.red.service.peristence.v1.server.integration.utils.AbstractPersistenceServerServiceTest;
|
||||
import com.iqser.red.service.peristence.v1.server.integration.utils.TokenService;
|
||||
|
||||
import feign.FeignException;
|
||||
|
||||
public class ComponentTest extends AbstractPersistenceServerServiceTest {
|
||||
|
||||
@Autowired
|
||||
private ObjectMapper objectMapper;
|
||||
|
||||
@Autowired
|
||||
private DossierTesterAndProvider dossierTesterAndProvider;
|
||||
|
||||
@Autowired
|
||||
private FileTesterAndProvider fileTesterAndProvider;
|
||||
|
||||
@Autowired
|
||||
private ComponentClient componentClient;
|
||||
|
||||
@Autowired
|
||||
private ComponentLogClient componentLogClient;
|
||||
|
||||
@Autowired
|
||||
private DossierTemplateClient dossierTemplateClient;
|
||||
|
||||
@Autowired
|
||||
protected TokenService tokenService;
|
||||
|
||||
|
||||
@Test
|
||||
public void testGetComponentLogWithoutAppropriateRoles() {
|
||||
|
||||
var dossier = dossierTesterAndProvider.provideTestDossier();
|
||||
var dossierTemplate = dossierTemplateClient.getDossierTemplate(dossier.getDossierTemplateId());
|
||||
var file = fileTesterAndProvider.testAndProvideFile(dossier, "filename");
|
||||
|
||||
Assertions.assertThrows(FeignException.NotFound.class, () -> componentClient.getComponents(dossierTemplate.getId(), dossier.getId(), file.getFileId(), true));
|
||||
|
||||
tokenService.setUser("manageradmin4@test.com", "secret");
|
||||
|
||||
Assertions.assertThrows(FeignException.Forbidden.class, () -> componentClient.getComponents(dossierTemplate.getId(), dossier.getId(), file.getFileId(), true));
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@ -6,6 +6,7 @@ import static com.iqser.red.service.peristence.v1.server.integration.utils.Mongo
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
@ -330,6 +331,16 @@ public abstract class AbstractPersistenceServerServiceTest {
|
||||
.isActive(true)
|
||||
.roles(Set.of(getAllRoles()))
|
||||
.build());
|
||||
Set<String> allRolesWithoutValid = Arrays.stream(getAllRoles())
|
||||
.collect(Collectors.toSet());
|
||||
allRolesWithoutValid.remove("RED_USER");
|
||||
allRolesWithoutValid.remove("RED_MANAGER");
|
||||
allUsers.add(com.iqser.red.service.persistence.management.v1.processor.service.users.model.User.builder()
|
||||
.userId("manageradmin4@test.com")
|
||||
.email("manageradmin4@test.com")
|
||||
.isActive(true)
|
||||
.roles(allRolesWithoutValid)
|
||||
.build());
|
||||
when(usersClient.getAllUsers(false)).thenReturn(allUsers);
|
||||
when(usersClient.getAllUsers(true)).thenReturn(allUsers);
|
||||
// doNothing().when(pdfTronRedactionClient).testDigitalCurrentSignature(Mockito.any());
|
||||
@ -618,8 +629,17 @@ public abstract class AbstractPersistenceServerServiceTest {
|
||||
@Bean
|
||||
public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
|
||||
|
||||
UserDetails user = User.withUsername("manageradmin1@test.com").password(passwordEncoder.encode("secret")).roles(getAllRoles()).authorities(getAllRoles()).build();
|
||||
return new InMemoryUserDetailsManager(user);
|
||||
var allRoles = getAllRoles();
|
||||
UserDetails user = User.withUsername("manageradmin1@test.com").password(passwordEncoder.encode("secret")).roles(allRoles).authorities(getAllRoles()).build();
|
||||
var allRolesWithoutRedUserOrRedManager = Arrays.stream(allRoles)
|
||||
.filter(s -> !(s.equalsIgnoreCase(ApplicationRoles.RED_USER_ROLE) || s.equalsIgnoreCase(ApplicationRoles.RED_MANAGER_ROLE)))
|
||||
.collect(Collectors.toList());
|
||||
UserDetails userWithoutRedUserOrRedManager = User.withUsername("manageradmin4@test.com")
|
||||
.password(passwordEncoder.encode("secret"))
|
||||
.roles(allRolesWithoutRedUserOrRedManager.toArray(new String[0]))
|
||||
.authorities(getAllRoles())
|
||||
.build();
|
||||
return new InMemoryUserDetailsManager(user, userWithoutRedUserOrRedManager);
|
||||
}
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user