Merge pull request #9 from virtualidentityag/DIAKONIE-224-create-agen…

…cy-admin DIAKONIE-224-create-agency-admin
virtualidentityag · Mar 22, 2024 · ed921c7 · ed921c7
2 parents 0f17398 + 4271480
commit ed921c7
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 14 deletions.
diff --git a/...in/java/de/caritas/cob/userservice/api/admin/service/admin/create/CreateAdminService.java b/...in/java/de/caritas/cob/userservice/api/admin/service/admin/create/CreateAdminService.java
@@ -1,13 +1,15 @@
 package de.caritas.cob.userservice.api.admin.service.admin.create;
 
 import static de.caritas.cob.userservice.api.helper.CustomLocalDateTime.nowInUtc;
+import static org.apache.commons.lang3.Validate.notNull;
 
 import com.google.common.collect.Lists;
 import de.caritas.cob.userservice.api.adapters.keycloak.dto.KeycloakCreateUserResponseDTO;
 import de.caritas.cob.userservice.api.adapters.web.dto.CreateAdminDTO;
 import de.caritas.cob.userservice.api.adapters.web.dto.UserDTO;
 import de.caritas.cob.userservice.api.admin.service.consultant.validation.UserAccountInputValidator;
 import de.caritas.cob.userservice.api.config.auth.UserRole;
+import de.caritas.cob.userservice.api.helper.AuthenticatedUser;
 import de.caritas.cob.userservice.api.helper.UserHelper;
 import de.caritas.cob.userservice.api.helper.UsernameTranscoder;
 import de.caritas.cob.userservice.api.model.Admin;
@@ -35,10 +37,10 @@ public class CreateAdminService {
   private final @NonNull UserAccountInputValidator userAccountInputValidator;
   private final @NonNull UserHelper userHelper;
   private final @NonNull AdminRepository adminRepository;
+  private final @NonNull AuthenticatedUser authenticatedUser;
 
   public Admin createNewAgencyAdmin(CreateAdminDTO createAdminDTO) {
-    createAdminDTO.setTenantId(null);
-    assignCurrentTenantContext(createAdminDTO);
+    setTenantId(createAdminDTO);
     return createNewAdmin(createAdminDTO, Admin.AdminType.AGENCY);
   }
 
@@ -56,6 +58,18 @@ List<UserRole> getDefaultRoles(Admin.AdminType adminType) {
     return Lists.newArrayList();
   }
 
+  private void setTenantId(CreateAdminDTO createAdminDTO) {
+    if (multiTenancyEnabled) {
+      if (authenticatedUser.isTenantSuperAdmin()) {
+        notNull(createAdminDTO.getTenantId());
+      } else {
+        createAdminDTO.setTenantId(TenantContext.getCurrentTenant().intValue());
+      }
+    } else {
+      createAdminDTO.setTenantId(null);
+    }
+  }
+
   private ArrayList<UserRole> getUserRolesForTenantAdmin() {
     if (multitenancyWithSingleDomain) {
       return Lists.newArrayList(
@@ -118,14 +132,4 @@ private Admin buildAdmin(
         .updateDate(nowInUtc())
         .build();
   }
-
-  private void assignCurrentTenantContext(CreateAdminDTO createAgencyAdminDTO) {
-    if (multiTenancyEnabled && !isTechnicalTenant(TenantContext.getCurrentTenant())) {
-      createAgencyAdminDTO.setTenantId(TenantContext.getCurrentTenant().intValue());
-    }
-  }
-
-  private boolean isTechnicalTenant(Long tenantId) {
-    return tenantId != null && tenantId.equals(0L);
-  }
 }
diff --git a/.../java/de/caritas/cob/userservice/api/admin/service/admin/create/CreateAdminServiceIT.java b/.../java/de/caritas/cob/userservice/api/admin/service/admin/create/CreateAdminServiceIT.java
@@ -21,6 +21,7 @@
 import de.caritas.cob.userservice.api.adapters.web.dto.UserDTO;
 import de.caritas.cob.userservice.api.config.auth.UserRole;
 import de.caritas.cob.userservice.api.exception.httpresponses.CustomValidationHttpStatusException;
+import de.caritas.cob.userservice.api.helper.AuthenticatedUser;
 import de.caritas.cob.userservice.api.model.Admin;
 import de.caritas.cob.userservice.api.model.Admin.AdminType;
 import de.caritas.cob.userservice.api.port.out.IdentityClient;
@@ -53,6 +54,7 @@ public class CreateAdminServiceIT {
 
   @Autowired private CreateAdminService createAdminService;
   @MockBean private IdentityClient identityClient;
+  @MockBean private AuthenticatedUser authenticatedUser;
   @Captor private ArgumentCaptor<UserDTO> userDTOArgumentCaptor;
   private final EasyRandom easyRandom = new EasyRandom();
 
@@ -85,6 +87,7 @@ public void afterTests() {
     verify(identityClient).updateRole(anyString(), eq(USER_ADMIN));
 
     assertThat(admin).isNotNull();
+    assertThat(admin.getTenantId()).isNull();
     assertThat(admin.getId()).isNotNull();
     assertThat(admin.getType()).isEqualTo(AdminType.AGENCY);
     assertThat(admin.getUsername()).isNotNull();
@@ -93,7 +96,6 @@ public void afterTests() {
     assertThat(admin.getEmail()).isNotNull();
     assertThat(admin.getCreateDate()).isNotNull();
     assertThat(admin.getUpdateDate()).isNotNull();
-    assertThat(admin.getTenantId()).isNotNull();
   }
 
   @Test
@@ -122,6 +124,7 @@ public void afterTests() {
     verify(identityClient).updateRole(anyString(), eq(USER_ADMIN));
 
     assertThat(admin).isNotNull();
+    assertThat(admin.getTenantId()).isEqualTo(1L);
     assertThat(admin.getId()).isNotNull();
     assertThat(admin.getType()).isEqualTo(AdminType.AGENCY);
     assertThat(admin.getUsername()).isNotNull();
@@ -130,7 +133,40 @@ public void afterTests() {
     assertThat(admin.getEmail()).isNotNull();
     assertThat(admin.getCreateDate()).isNotNull();
     assertThat(admin.getUpdateDate()).isNotNull();
-    assertThat(admin.getTenantId()).isNotNull();
+  }
+
+  @Test
+  public void
+      createNewAdminAgency_Should_returnExpectedCreatedAdmin_When_userIsSuperAdminAndInputDataIsCorrectAndMultitenancyEnabled() {
+    // given
+    ReflectionTestUtils.setField(createAdminService, "multiTenancyEnabled", true);
+    TenantContext.setCurrentTenant(0L);
+    when(authenticatedUser.isTenantSuperAdmin()).thenReturn(true);
+    when(identityClient.createKeycloakUser(any(), anyString(), any()))
+        .thenReturn(easyRandom.nextObject(KeycloakCreateUserResponseDTO.class));
+    when(identityClient.createKeycloakUser(any(), anyString(), any()))
+        .thenReturn(easyRandom.nextObject(KeycloakCreateUserResponseDTO.class));
+    CreateAdminDTO createAdminDTO = this.easyRandom.nextObject(CreateAdminDTO.class);
+    createAdminDTO.setTenantId(1);
+    createAdminDTO.setUsername(VALID_USERNAME);
+    createAdminDTO.setEmail(VALID_EMAIL_ADDRESS);
+
+    // when
+    Admin admin = this.createAdminService.createNewAgencyAdmin(createAdminDTO);
+
+    // then
+    verify(identityClient)
+        .createKeycloakUser(userDTOArgumentCaptor.capture(), anyString(), anyString());
+    assertNotNull(userDTOArgumentCaptor.getValue().getTenantId());
+    assertEquals(1L, (long) userDTOArgumentCaptor.getValue().getTenantId());
+
+    verify(identityClient).updatePassword(anyString(), anyString());
+    verify(identityClient).updateRole(anyString(), eq(RESTRICTED_AGENCY_ADMIN));
+    verify(identityClient).updateRole(anyString(), eq(USER_ADMIN));
+
+    assertThat(admin).isNotNull();
+    assertThat(admin.getTenantId()).isEqualTo(1L);
+    assertThat(admin.getId()).isNotNull();
   }
 
   @Test