Marmelator/persistence-service
1
0
Fork 0
Code Issues Pull Requests 17 Actions Packages Projects Releases 1.1k Wiki Activity

Pull request #686: Bugfix/RED-6034 status code

Browse Source 
Merge in RED/persistence-service from bugfix/RED-6034_status_code to master

* commit '113947d2165821ab778eacfe537918f52fd9c082':
  RED-6034 - Possible to assign a file to unauthorized users - update junit test
  RED-6034 - Possible to assign a file to unauthorized users - change status from 403 to 400
This commit is contained in:
Corina Olariu 2023-05-05 08:49:45 +02:00
commit c5bac015d5
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/AccessControlService.java
View File

@ -6,6 +6,7 @@ import org.springframework.stereotype.Service;
import com.iqser.red.keycloak.commons.KeycloakSecurity; import com.iqser.red.keycloak.commons.KeycloakSecurity;
import com.iqser.red.service.persistence.management.v1.processor.acl.custom.dossier.DossierACLService; import com.iqser.red.service.persistence.management.v1.processor.acl.custom.dossier.DossierACLService;
import com.iqser.red.service.persistence.management.v1.processor.exception.BadRequestException;
import com.iqser.red.service.persistence.management.v1.processor.exception.NotAllowedException; import com.iqser.red.service.persistence.management.v1.processor.exception.NotAllowedException;
import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException; import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException;
import com.iqser.red.service.persistence.service.v1.api.shared.model.dossiertemplate.dossier.file.WorkflowStatus; import com.iqser.red.service.persistence.service.v1.api.shared.model.dossiertemplate.dossier.file.WorkflowStatus;
@ -69,7 +70,7 @@ public class AccessControlService {
var isMember = dossier.getMemberIds().contains(userId); var isMember = dossier.getMemberIds().contains(userId);
var isApprover = dossier.getApproverIds().contains(userId); var isApprover = dossier.getApproverIds().contains(userId);
if (!isMember && !isApprover) { if (!isMember && !isApprover) {
throw new NotAllowedException("User must be dossier member or approver."); throw new BadRequestException("User must be dossier member or approver.");
} }
} }

2
persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/FileTest.java
View File

@ -548,7 +548,7 @@ public class FileTest extends AbstractPersistenceServerServiceTest {
assertThat(actualMessage).contains(expectedMessage); assertThat(actualMessage).contains(expectedMessage);
exception = Assertions.assertThrows(FeignException.Forbidden.class, () -> { exception = Assertions.assertThrows(FeignException.BadRequest.class, () -> {
fileClient.setStatusUnderReview(dossier.getId(), file.getId(), user2); fileClient.setStatusUnderReview(dossier.getId(), file.getId(), user2);
}); });