Merge branch 'RED-8491-fix' into 'main'

RED-8491: Hide all KNECON_* roles for any possible access in all endpoints

See merge request fforesight/tenant-user-management-service!109
This commit is contained in:
Maverick Studer 2024-06-11 10:47:23 +02:00
commit 7b135dc48b
2 changed files with 3 additions and 3 deletions

View File

@ -577,7 +577,7 @@ public class UserService {
var currentRoles = getRoles(currentUserResource.toRepresentation().getId());
var userRoles = getRoles(targetUserId);
if (currentRoles.stream()
if (userRoles.stream()
.anyMatch(ApplicationRoles::isKneconRole)) {
return ValidationStatus.INVALID;
}

View File

@ -462,9 +462,9 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
e = assertThrows(FeignException.class, () -> userClient.updateProfile(user.getUserId(), new UpdateProfileRequest()));
assertEquals(404, e.status());
// or reset password as it is forbidden (higher rights)
// or reset password
e = assertThrows(FeignException.class, () -> userClient.resetPassword(user.getUserId(), new ResetPasswordRequest()));
assertEquals(403, e.status());
assertEquals(404, e.status());
// now as a knecon admin again
tokenService.setUser("admin@knecon.com", "secret");