diff --git a/src/main/java/de/caritas/cob/userservice/api/admin/service/admin/create/CreateAdminService.java b/src/main/java/de/caritas/cob/userservice/api/admin/service/admin/create/CreateAdminService.java index fd3e51fc0..4ebf27643 100644 --- a/src/main/java/de/caritas/cob/userservice/api/admin/service/admin/create/CreateAdminService.java +++ b/src/main/java/de/caritas/cob/userservice/api/admin/service/admin/create/CreateAdminService.java @@ -1,6 +1,7 @@ package de.caritas.cob.userservice.api.admin.service.admin.create; import static de.caritas.cob.userservice.api.helper.CustomLocalDateTime.nowInUtc; +import static org.apache.commons.lang3.Validate.notNull; import com.google.common.collect.Lists; import de.caritas.cob.userservice.api.adapters.keycloak.dto.KeycloakCreateUserResponseDTO; @@ -8,6 +9,7 @@ import de.caritas.cob.userservice.api.adapters.web.dto.UserDTO; import de.caritas.cob.userservice.api.admin.service.consultant.validation.UserAccountInputValidator; import de.caritas.cob.userservice.api.config.auth.UserRole; +import de.caritas.cob.userservice.api.helper.AuthenticatedUser; import de.caritas.cob.userservice.api.helper.UserHelper; import de.caritas.cob.userservice.api.helper.UsernameTranscoder; import de.caritas.cob.userservice.api.model.Admin; @@ -35,10 +37,10 @@ public class CreateAdminService { private final @NonNull UserAccountInputValidator userAccountInputValidator; private final @NonNull UserHelper userHelper; private final @NonNull AdminRepository adminRepository; + private final @NonNull AuthenticatedUser authenticatedUser; public Admin createNewAgencyAdmin(CreateAdminDTO createAdminDTO) { - createAdminDTO.setTenantId(null); - assignCurrentTenantContext(createAdminDTO); + setTenantId(createAdminDTO); return createNewAdmin(createAdminDTO, Admin.AdminType.AGENCY); } @@ -56,6 +58,18 @@ List getDefaultRoles(Admin.AdminType adminType) { return Lists.newArrayList(); } + private void setTenantId(CreateAdminDTO createAdminDTO) { + if (multiTenancyEnabled) { + if (authenticatedUser.isTenantSuperAdmin()) { + notNull(createAdminDTO.getTenantId()); + } else { + createAdminDTO.setTenantId(TenantContext.getCurrentTenant().intValue()); + } + } else { + createAdminDTO.setTenantId(null); + } + } + private ArrayList getUserRolesForTenantAdmin() { if (multitenancyWithSingleDomain) { return Lists.newArrayList( @@ -118,14 +132,4 @@ private Admin buildAdmin( .updateDate(nowInUtc()) .build(); } - - private void assignCurrentTenantContext(CreateAdminDTO createAgencyAdminDTO) { - if (multiTenancyEnabled && !isTechnicalTenant(TenantContext.getCurrentTenant())) { - createAgencyAdminDTO.setTenantId(TenantContext.getCurrentTenant().intValue()); - } - } - - private boolean isTechnicalTenant(Long tenantId) { - return tenantId != null && tenantId.equals(0L); - } } diff --git a/src/test/java/de/caritas/cob/userservice/api/admin/service/admin/create/CreateAdminServiceIT.java b/src/test/java/de/caritas/cob/userservice/api/admin/service/admin/create/CreateAdminServiceIT.java index a115750f2..967b78279 100644 --- a/src/test/java/de/caritas/cob/userservice/api/admin/service/admin/create/CreateAdminServiceIT.java +++ b/src/test/java/de/caritas/cob/userservice/api/admin/service/admin/create/CreateAdminServiceIT.java @@ -21,6 +21,7 @@ import de.caritas.cob.userservice.api.adapters.web.dto.UserDTO; import de.caritas.cob.userservice.api.config.auth.UserRole; import de.caritas.cob.userservice.api.exception.httpresponses.CustomValidationHttpStatusException; +import de.caritas.cob.userservice.api.helper.AuthenticatedUser; import de.caritas.cob.userservice.api.model.Admin; import de.caritas.cob.userservice.api.model.Admin.AdminType; import de.caritas.cob.userservice.api.port.out.IdentityClient; @@ -53,6 +54,7 @@ public class CreateAdminServiceIT { @Autowired private CreateAdminService createAdminService; @MockBean private IdentityClient identityClient; + @MockBean private AuthenticatedUser authenticatedUser; @Captor private ArgumentCaptor userDTOArgumentCaptor; private final EasyRandom easyRandom = new EasyRandom(); @@ -85,6 +87,7 @@ public void afterTests() { verify(identityClient).updateRole(anyString(), eq(USER_ADMIN)); assertThat(admin).isNotNull(); + assertThat(admin.getTenantId()).isNull(); assertThat(admin.getId()).isNotNull(); assertThat(admin.getType()).isEqualTo(AdminType.AGENCY); assertThat(admin.getUsername()).isNotNull(); @@ -93,7 +96,6 @@ public void afterTests() { assertThat(admin.getEmail()).isNotNull(); assertThat(admin.getCreateDate()).isNotNull(); assertThat(admin.getUpdateDate()).isNotNull(); - assertThat(admin.getTenantId()).isNotNull(); } @Test @@ -122,6 +124,7 @@ public void afterTests() { verify(identityClient).updateRole(anyString(), eq(USER_ADMIN)); assertThat(admin).isNotNull(); + assertThat(admin.getTenantId()).isEqualTo(1L); assertThat(admin.getId()).isNotNull(); assertThat(admin.getType()).isEqualTo(AdminType.AGENCY); assertThat(admin.getUsername()).isNotNull(); @@ -130,7 +133,40 @@ public void afterTests() { assertThat(admin.getEmail()).isNotNull(); assertThat(admin.getCreateDate()).isNotNull(); assertThat(admin.getUpdateDate()).isNotNull(); - assertThat(admin.getTenantId()).isNotNull(); + } + + @Test + public void + createNewAdminAgency_Should_returnExpectedCreatedAdmin_When_userIsSuperAdminAndInputDataIsCorrectAndMultitenancyEnabled() { + // given + ReflectionTestUtils.setField(createAdminService, "multiTenancyEnabled", true); + TenantContext.setCurrentTenant(0L); + when(authenticatedUser.isTenantSuperAdmin()).thenReturn(true); + when(identityClient.createKeycloakUser(any(), anyString(), any())) + .thenReturn(easyRandom.nextObject(KeycloakCreateUserResponseDTO.class)); + when(identityClient.createKeycloakUser(any(), anyString(), any())) + .thenReturn(easyRandom.nextObject(KeycloakCreateUserResponseDTO.class)); + CreateAdminDTO createAdminDTO = this.easyRandom.nextObject(CreateAdminDTO.class); + createAdminDTO.setTenantId(1); + createAdminDTO.setUsername(VALID_USERNAME); + createAdminDTO.setEmail(VALID_EMAIL_ADDRESS); + + // when + Admin admin = this.createAdminService.createNewAgencyAdmin(createAdminDTO); + + // then + verify(identityClient) + .createKeycloakUser(userDTOArgumentCaptor.capture(), anyString(), anyString()); + assertNotNull(userDTOArgumentCaptor.getValue().getTenantId()); + assertEquals(1L, (long) userDTOArgumentCaptor.getValue().getTenantId()); + + verify(identityClient).updatePassword(anyString(), anyString()); + verify(identityClient).updateRole(anyString(), eq(RESTRICTED_AGENCY_ADMIN)); + verify(identityClient).updateRole(anyString(), eq(USER_ADMIN)); + + assertThat(admin).isNotNull(); + assertThat(admin.getTenantId()).isEqualTo(1L); + assertThat(admin.getId()).isNotNull(); } @Test