From d490134c3e2b03f4dc9cbd1d79e873f6c4f1e2d2 Mon Sep 17 00:00:00 2001 From: tkuzynow Date: Tue, 31 Oct 2023 14:52:19 +0100 Subject: [PATCH] fix: separate permissions for UPDATE_CONSULTANT and CREATE_CONSULTANT to separate --- .../cob/userservice/api/config/auth/Authority.java | 11 +++++++---- .../userservice/api/config/auth/SecurityConfig.java | 4 ++-- .../web/controller/UserAdminControllerE2EIT.java | 4 ++-- .../userservice/api/config/auth/AuthorityTest.java | 5 +++-- 4 files changed, 14 insertions(+), 10 deletions(-) diff --git a/src/main/java/de/caritas/cob/userservice/api/config/auth/Authority.java b/src/main/java/de/caritas/cob/userservice/api/config/auth/Authority.java index eef07a589..468d935ca 100644 --- a/src/main/java/de/caritas/cob/userservice/api/config/auth/Authority.java +++ b/src/main/java/de/caritas/cob/userservice/api/config/auth/Authority.java @@ -4,8 +4,9 @@ import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.ASSIGN_CONSULTANT_TO_ENQUIRY; import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.ASSIGN_CONSULTANT_TO_PEER_SESSION; import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.ASSIGN_CONSULTANT_TO_SESSION; -import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.CONSULTANT_CREATE_UPDATE; +import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.CONSULTANT_CREATE; import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.CONSULTANT_DEFAULT; +import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.CONSULTANT_UPDATE; import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.CREATE_NEW_CHAT; import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.START_CHAT; import static de.caritas.cob.userservice.api.config.auth.Authority.AuthorityValue.STOP_CHAT; @@ -50,13 +51,13 @@ UserRole.NOTIFICATIONS_TECHNICAL, singletonList(AuthorityValue.NOTIFICATIONS_TEC List.of(CONSULTANT_DEFAULT, CREATE_NEW_CHAT, START_CHAT, STOP_CHAT, UPDATE_CHAT)), USER_ADMIN( UserRole.USER_ADMIN, - List.of(AuthorityValue.USER_ADMIN, AuthorityValue.CONSULTANT_CREATE_UPDATE)), + List.of(AuthorityValue.USER_ADMIN, CONSULTANT_UPDATE, CONSULTANT_CREATE)), SINGLE_TENANT_ADMIN( UserRole.SINGLE_TENANT_ADMIN, singletonList(AuthorityValue.SINGLE_TENANT_ADMIN)), TENANT_ADMIN(UserRole.TENANT_ADMIN, singletonList(AuthorityValue.TENANT_ADMIN)), RESTRICTED_CONSULTANT_ADMIN( - UserRole.RESTRICTED_CONSULTANT_ADMIN, singletonList(CONSULTANT_CREATE_UPDATE)), + UserRole.RESTRICTED_CONSULTANT_ADMIN, List.of(CONSULTANT_CREATE, CONSULTANT_UPDATE)), RESTRICTED_AGENCY_ADMIN( UserRole.RESTRICTED_AGENCY_ADMIN, singletonList(AuthorityValue.RESTRICTED_AGENCY_ADMIN)); @@ -97,7 +98,9 @@ private AuthorityValue() {} public static final String STOP_CHAT = PREFIX + "STOP_CHAT"; public static final String UPDATE_CHAT = PREFIX + "UPDATE_CHAT"; public static final String USER_ADMIN = PREFIX + "USER_ADMIN"; - public static final String CONSULTANT_CREATE_UPDATE = PREFIX + "CONSULTANT_CREATE_UPDATE"; + public static final String CONSULTANT_CREATE = PREFIX + "CONSULTANT_CREATE"; + public static final String CONSULTANT_UPDATE = PREFIX + "CONSULTANT_UPDATE"; + public static final String SINGLE_TENANT_ADMIN = PREFIX + "SINGLE_TENANT_ADMIN"; public static final String TENANT_ADMIN = PREFIX + "TENANT_ADMIN"; public static final String RESTRICTED_AGENCY_ADMIN = PREFIX + "RESTRICTED_AGENCY_ADMIN"; diff --git a/src/main/java/de/caritas/cob/userservice/api/config/auth/SecurityConfig.java b/src/main/java/de/caritas/cob/userservice/api/config/auth/SecurityConfig.java index c4c4f13fe..9e977e129 100644 --- a/src/main/java/de/caritas/cob/userservice/api/config/auth/SecurityConfig.java +++ b/src/main/java/de/caritas/cob/userservice/api/config/auth/SecurityConfig.java @@ -181,9 +181,9 @@ protected void configure(HttpSecurity http) throws Exception { .antMatchers("/useradmin/data/*") .hasAnyAuthority(SINGLE_TENANT_ADMIN, RESTRICTED_AGENCY_ADMIN) .antMatchers(HttpMethod.POST, "/useradmin/consultants/") - .hasAnyAuthority(USER_ADMIN, CONSULTANT_CREATE_UPDATE, TECHNICAL_DEFAULT) + .hasAnyAuthority(CONSULTANT_CREATE, TECHNICAL_DEFAULT) .antMatchers(HttpMethod.PUT, "/useradmin/consultants/{consultantId:" + UUID_PATTERN + "}") - .hasAnyAuthority(USER_ADMIN, CONSULTANT_CREATE_UPDATE, TECHNICAL_DEFAULT) + .hasAnyAuthority(CONSULTANT_UPDATE, TECHNICAL_DEFAULT) .antMatchers("/useradmin", "/useradmin/**") .hasAnyAuthority(USER_ADMIN, TECHNICAL_DEFAULT) .antMatchers("/users/consultants/search") diff --git a/src/test/java/de/caritas/cob/userservice/api/adapters/web/controller/UserAdminControllerE2EIT.java b/src/test/java/de/caritas/cob/userservice/api/adapters/web/controller/UserAdminControllerE2EIT.java index 6c9232484..d21ed1124 100644 --- a/src/test/java/de/caritas/cob/userservice/api/adapters/web/controller/UserAdminControllerE2EIT.java +++ b/src/test/java/de/caritas/cob/userservice/api/adapters/web/controller/UserAdminControllerE2EIT.java @@ -155,7 +155,7 @@ public void setUp() { } @Test - @WithMockUser(authorities = {AuthorityValue.USER_ADMIN}) + @WithMockUser(authorities = {AuthorityValue.CONSULTANT_CREATE}) void createNewConsultant_Should_returnOk_When_requiredConsultantIsGiven() throws Exception { givenNewConsultantIsCreated(); } @@ -179,7 +179,7 @@ void createNewConsultant_WithoutValidCredentials_Should_returnAccessDenied() thr } @Test - @WithMockUser(authorities = {AuthorityValue.CONSULTANT_CREATE_UPDATE}) + @WithMockUser(authorities = {AuthorityValue.CONSULTANT_CREATE}) void createNewConsultant_WithAuthorityConsultantCreateUpdate_Should_returnOK() throws Exception { givenNewConsultantIsCreated(); } diff --git a/src/test/java/de/caritas/cob/userservice/api/config/auth/AuthorityTest.java b/src/test/java/de/caritas/cob/userservice/api/config/auth/AuthorityTest.java index aea783363..17cb21629 100644 --- a/src/test/java/de/caritas/cob/userservice/api/config/auth/AuthorityTest.java +++ b/src/test/java/de/caritas/cob/userservice/api/config/auth/AuthorityTest.java @@ -107,8 +107,9 @@ public void getAuthoritiesByRoleName_Should_ReturnCorrectRoles_When_keycloakRole assertNotNull(result); assertTrue(result.contains(AuthorityValue.USER_ADMIN)); - assertTrue(result.contains(AuthorityValue.CONSULTANT_CREATE_UPDATE)); - assertEquals(2, result.size()); + assertTrue(result.contains(AuthorityValue.CONSULTANT_CREATE)); + assertTrue(result.contains(AuthorityValue.CONSULTANT_UPDATE)); + assertEquals(3, result.size()); } @Test