Skip to content

Commit

Permalink
[BUG] 🐛 Fix application manager can read all realms
Browse files Browse the repository at this point in the history 
Signed-off-by: CChemin <[email protected]>
  • Loading branch information
@CChemin @Ragatzino
CChemin authored and Ragatzino committed Oct 6, 2023
1 parent 3fd7ce6 commit eb445ed
Show file tree
Hide file tree
Showing 6 changed files with 3 additions and 26 deletions.
2 changes: 0 additions & 2 deletions sugoi-api-core/src/main/java/fr/insee/sugoi/core/service/PermissionService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,6 @@ public interface PermissionService {

public boolean isApplicationManager(SugoiUser sugoiUser, String realm, String application);

public boolean isAtLeastOneApplicationManager(SugoiUser sugoiUser, String realm);

public boolean isPasswordValidator(SugoiUser sugoiUser, String realm, String userStorage);

public boolean isMemberOfSelfManagedGroup(
Expand Down
6 changes: 0 additions & 6 deletions sugoi-api-core/src/main/java/fr/insee/sugoi/core/service/impl/PermissionServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@ public boolean isReader(SugoiUser sugoiUser, String realm, String userStorage) {
List<String> searchRoleList =
getSearchRoleList(realm, userStorage, null, null, regexpReaderList);
return this.checkIfUserGetRoles(sugoiUser, searchRoleList)
|| this.isAtLeastOneApplicationManager(sugoiUser, realm)
|| isWriter(sugoiUser, realm, userStorage);
}

Expand All @@ -98,11 +97,6 @@ public boolean isApplicationManager(SugoiUser sugoiUser, String realm, String ap
return checkIfUserGetRoles(sugoiUser, searchRoleList);
}

@Override
public boolean isAtLeastOneApplicationManager(SugoiUser sugoiUser, String realm) {
return this.isApplicationManager(sugoiUser, realm, "*");
}

public boolean isMemberOfSelfManagedGroup(
SugoiUser sugoiUser, String realm, String application, String groupName) {
try {
Expand Down
15 changes: 0 additions & 15 deletions sugoi-api-core/src/test/java/fr/insee/sugoi/core/service/PermissionServiceTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,19 +185,6 @@ public void testAppManager() {
"user is app manager for appli1 in realm1",
permissions.isApplicationManager(sugoiUser, "realm1", "appli1"),
is(true));
assertThat(
"user is reader in realm1", permissions.isReader(sugoiUser, "realm1", null), is(true));
}

@Test
public void testAnyAppManager() {
SugoiUser sugoiUser =
new SugoiUser(
"appmanager_realm1", List.of("role_Asi_realm1_appli1", "role_reader_realm1_sugoi"));
assertThat(
"user is app manager for at least one application",
permissions.isAtLeastOneApplicationManager(sugoiUser, "realm1"),
is(true));
}

@Test
Expand All @@ -207,8 +194,6 @@ public void testAppManagerWithoutRealmInRoleName() {
"user is app manager for appli1 in realm1",
permissions.isApplicationManager(sugoiUser, "realm1", "appli1"),
is(true));
assertThat(
"user is reader in realm1", permissions.isReader(sugoiUser, "realm1", null), is(true));
assertThat(
"user is app manager for appli1 in realm2",
permissions.isApplicationManager(sugoiUser, "realm2", "appli1"),
Expand Down
2 changes: 1 addition & 1 deletion ...n/sugoi-api-distribution-full-env/src/main/resources/tomcat-properties/tomcat2.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ fr.insee.sugoi.api.regexp.role.reader=ROLE_SUGOI_$(realm)_READER,ROLE_SUGOI_$(re
fr.insee.sugoi.api.regexp.role.writer=ROLE_SUGOI_$(realm)_WRITER,ROLE_SUGOI_$(realm)_$(userStorage)_WRITER
fr.insee.sugoi.api.regexp.role.admin.realm=ROLE_SUGOI_$(realm)_ADMIN,ROLE_SUGOI_$(realm)_$(userStorage)_ADMIN
fr.insee.sugoi.api.regexp.role.admin=ROLE_SUGOI_ADMIN
fr.insee.sugoi.api.regexp.role.application.manager=ROLE_ASI_$(realm)_$(application)
fr.insee.sugoi.api.regexp.role.application.manager=ROLE_ASI_$(application)
fr.insee.sugoi.api.enable.preauthorize=true

management.endpoints.web.exposure.include=*
Expand Down
2 changes: 1 addition & 1 deletion sugoi-api-test/src/main/resources/tomcat-properties/tomcat1.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ fr.insee.sugoi.api.old.enable.preauthorize=true
fr.insee.sugoi.api.regexp.role.reader=ROLE_SUGOI_$(realm)_READER,ROLE_SUGOI_$(realm)_$(userStorage)_READER
fr.insee.sugoi.api.regexp.role.writer=ROLE_SUGOI_$(realm)_WRITER,ROLE_SUGOI_$(realm)_$(userStorage)_WRITER
fr.insee.sugoi.api.regexp.role.admin=ROLE_SUGOI_ADMIN
fr.insee.sugoi.api.regexp.role.application.manager=ROLE_ASI_$(realm)_$(application)
fr.insee.sugoi.api.regexp.role.application.manager=ROLE_ASI_$(application)
fr.insee.sugoi.api.enable.preauthorize=true

fr.insee.sugoi.config.ldap.profils.pattern=cn=Profil_{realm}_WebServiceLdap
Expand Down
2 changes: 1 addition & 1 deletion sugoi-api-test/src/main/resources/tomcat-properties/tomcat2.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ fr.insee.sugoi.api.old.enable.preauthorize=true
fr.insee.sugoi.api.regexp.role.reader=ROLE_SUGOI_$(realm)_READER,ROLE_SUGOI_$(realm)_$(userStorage)_READER
fr.insee.sugoi.api.regexp.role.writer=ROLE_SUGOI_$(realm)_WRITER,ROLE_SUGOI_$(realm)_$(userStorage)_WRITER
fr.insee.sugoi.api.regexp.role.admin=ROLE_SUGOI_ADMIN
fr.insee.sugoi.api.regexp.role.application.manager=ROLE_ASI_$(realm)_$(application)
fr.insee.sugoi.api.regexp.role.application.manager=ROLE_ASI_$(application)
fr.insee.sugoi.api.enable.preauthorize=true

## MAIL AND ID UNICITY
Expand Down

0 comments on commit eb445ed

Please sign in to comment.