From 0692ac830938fdbd3bcbdebe11031a5379c26833 Mon Sep 17 00:00:00 2001 From: Maverick Studer Date: Tue, 11 Jun 2024 10:47:23 +0200 Subject: [PATCH] RED-8491: Hide all KNECON_* roles for any possible access in all endpoints --- .../fforesight/tenantusermanagement/service/UserService.java | 2 +- .../fforesight/tenantusermanagement/tests/UserTest.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserService.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserService.java index d02c977..50bcc6f 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserService.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserService.java @@ -577,7 +577,7 @@ public class UserService { var currentRoles = getRoles(currentUserResource.toRepresentation().getId()); var userRoles = getRoles(targetUserId); - if (currentRoles.stream() + if (userRoles.stream() .anyMatch(ApplicationRoles::isKneconRole)) { return ValidationStatus.INVALID; } diff --git a/src/test/java/com/knecon/fforesight/tenantusermanagement/tests/UserTest.java b/src/test/java/com/knecon/fforesight/tenantusermanagement/tests/UserTest.java index 8c3113e..7030575 100644 --- a/src/test/java/com/knecon/fforesight/tenantusermanagement/tests/UserTest.java +++ b/src/test/java/com/knecon/fforesight/tenantusermanagement/tests/UserTest.java @@ -462,9 +462,9 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest { e = assertThrows(FeignException.class, () -> userClient.updateProfile(user.getUserId(), new UpdateProfileRequest())); assertEquals(404, e.status()); - // or reset password as it is forbidden (higher rights) + // or reset password e = assertThrows(FeignException.class, () -> userClient.resetPassword(user.getUserId(), new ResetPasswordRequest())); - assertEquals(403, e.status()); + assertEquals(404, e.status()); // now as a knecon admin again tokenService.setUser("admin@knecon.com", "secret");