fix: separate permissions for UPDATE_CONSULTANT and CREATE_CONSULTANT…

… to separate

src/main/java/de/caritas/cob/userservice/api/config/auth/Authority.java

@@ -4,8 +4,9 @@
 import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.ASSIGN_CONSULTANT_TO_ENQUIRY;
 import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.ASSIGN_CONSULTANT_TO_PEER_SESSION;
 import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.ASSIGN_CONSULTANT_TO_SESSION;
-import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.CONSULTANT_CREATE_UPDATE;
+import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.CONSULTANT_CREATE;
 import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.CONSULTANT_DEFAULT;
+import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.CONSULTANT_UPDATE;
 import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.CREATE_NEW_CHAT;
 import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.START_CHAT;
 import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.STOP_CHAT;
@@ -50,13 +51,13 @@ UserRole.NOTIFICATIONS_TECHNICAL, singletonList(AuthorityValue.NOTIFICATIONS_TEC
       List.of(CONSULTANT_DEFAULT, CREATE_NEW_CHAT, START_CHAT, STOP_CHAT, UPDATE_CHAT)),
   USER_ADMIN(
       UserRole.USER_ADMIN,
-      List.of(AuthorityValue.USER_ADMIN, AuthorityValue.CONSULTANT_CREATE_UPDATE)),
+      List.of(AuthorityValue.USER_ADMIN, CONSULTANT_UPDATE, CONSULTANT_CREATE)),
   SINGLE_TENANT_ADMIN(
       UserRole.SINGLE_TENANT_ADMIN, singletonList(AuthorityValue.SINGLE_TENANT_ADMIN)),
   TENANT_ADMIN(UserRole.TENANT_ADMIN, singletonList(AuthorityValue.TENANT_ADMIN)),
 
   RESTRICTED_CONSULTANT_ADMIN(
-      UserRole.RESTRICTED_CONSULTANT_ADMIN, singletonList(CONSULTANT_CREATE_UPDATE)),
+      UserRole.RESTRICTED_CONSULTANT_ADMIN, List.of(CONSULTANT_CREATE, CONSULTANT_UPDATE)),
   RESTRICTED_AGENCY_ADMIN(
       UserRole.RESTRICTED_AGENCY_ADMIN, singletonList(AuthorityValue.RESTRICTED_AGENCY_ADMIN));
 
@@ -97,7 +98,9 @@ private AuthorityValue() {}
     public static final String STOP_CHAT = PREFIX + "STOP_CHAT";
     public static final String UPDATE_CHAT = PREFIX + "UPDATE_CHAT";
     public static final String USER_ADMIN = PREFIX + "USER_ADMIN";
-    public static final String CONSULTANT_CREATE_UPDATE = PREFIX + "CONSULTANT_CREATE_UPDATE";
+    public static final String CONSULTANT_CREATE = PREFIX + "CONSULTANT_CREATE";
+    public static final String CONSULTANT_UPDATE = PREFIX + "CONSULTANT_UPDATE";
+
     public static final String SINGLE_TENANT_ADMIN = PREFIX + "SINGLE_TENANT_ADMIN";
     public static final String TENANT_ADMIN = PREFIX + "TENANT_ADMIN";
     public static final String RESTRICTED_AGENCY_ADMIN = PREFIX + "RESTRICTED_AGENCY_ADMIN";

src/main/java/de/caritas/cob/userservice/api/config/auth/SecurityConfig.java

@@ -181,9 +181,9 @@ protected void configure(HttpSecurity http) throws Exception {
         .antMatchers("/useradmin/data/*")
         .hasAnyAuthority(SINGLE_TENANT_ADMIN, RESTRICTED_AGENCY_ADMIN)
         .antMatchers(HttpMethod.POST, "/useradmin/consultants/")
-        .hasAnyAuthority(USER_ADMIN, CONSULTANT_CREATE_UPDATE, TECHNICAL_DEFAULT)
+        .hasAnyAuthority(CONSULTANT_CREATE, TECHNICAL_DEFAULT)
         .antMatchers(HttpMethod.PUT, "/useradmin/consultants/{consultantId:" + UUID_PATTERN + "}")
-        .hasAnyAuthority(USER_ADMIN, CONSULTANT_CREATE_UPDATE, TECHNICAL_DEFAULT)
+        .hasAnyAuthority(CONSULTANT_UPDATE, TECHNICAL_DEFAULT)
         .antMatchers("/useradmin", "/useradmin/**")
         .hasAnyAuthority(USER_ADMIN, TECHNICAL_DEFAULT)
         .antMatchers("/users/consultants/search")

src/test/java/de/caritas/cob/userservice/api/adapters/web/controller/UserAdminControllerE2EIT.java

@@ -155,7 +155,7 @@ public void setUp() {
   }
 
   @Test
-  @WithMockUser(authorities = {AuthorityValue.USER_ADMIN})
+  @WithMockUser(authorities = {AuthorityValue.CONSULTANT_CREATE})
   void createNewConsultant_Should_returnOk_When_requiredConsultantIsGiven() throws Exception {
     givenNewConsultantIsCreated();
   }
@@ -179,7 +179,7 @@ void createNewConsultant_WithoutValidCredentials_Should_returnAccessDenied() thr
   }
 
   @Test
-  @WithMockUser(authorities = {AuthorityValue.CONSULTANT_CREATE_UPDATE})
+  @WithMockUser(authorities = {AuthorityValue.CONSULTANT_CREATE})
   void createNewConsultant_WithAuthorityConsultantCreateUpdate_Should_returnOK() throws Exception {
     givenNewConsultantIsCreated();
   }

src/test/java/de/caritas/cob/userservice/api/config/auth/AuthorityTest.java

@@ -107,8 +107,9 @@ public void getAuthoritiesByRoleName_Should_ReturnCorrectRoles_When_keycloakRole
 
     assertNotNull(result);
     assertTrue(result.contains(AuthorityValue.USER_ADMIN));
-    assertTrue(result.contains(AuthorityValue.CONSULTANT_CREATE_UPDATE));
-    assertEquals(2, result.size());
+    assertTrue(result.contains(AuthorityValue.CONSULTANT_CREATE));
+    assertTrue(result.contains(AuthorityValue.CONSULTANT_UPDATE));
+    assertEquals(3, result.size());
   }
 
   @Test