fix: Verify property is present and allow ApiV2Complex iris for creat…

…ing a DOAP (#3416)
dasch-swiss · Nov 8, 2024 · 87efadd · 87efadd
1 parent 7b3cf4f
commit 87efadd
Show file tree

Hide file tree

Showing 16 changed files with 449 additions and 460 deletions.
diff --git a/...nora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADMSpec.scala b/...nora/webapi/messages/admin/responder/permissionsmessages/PermissionsMessagesADMSpec.scala
@@ -162,7 +162,7 @@ class PermissionsMessagesADMSpec extends CoreSpec {
           SharedTestDataADM.imagesUser01,
         ),
       )
-      assertFailsWithA[BadRequestException](exit, s"Invalid group IRI $groupIri")
+      assertFailsWithA[BadRequestException](exit, s"Group IRI is invalid: $groupIri")
     }
 
     "return 'BadRequest' if the supplied custom permission IRI for DefaultObjectAccessPermissionCreateRequestADM is not valid" in {
@@ -180,7 +180,7 @@ class PermissionsMessagesADMSpec extends CoreSpec {
           SharedTestDataADM.imagesUser01,
         ),
       )
-      assertFailsWithA[BadRequestException](exit, s"Invalid permission IRI: $permissionIri.")
+      assertFailsWithA[BadRequestException](exit, s"Couldn't parse IRI: $permissionIri")
     }
 
     "return 'BadRequest' if the no permissions supplied for DefaultObjectAccessPermissionCreateRequestADM" in {
@@ -317,7 +317,11 @@ class PermissionsMessagesADMSpec extends CoreSpec {
           SharedTestDataADM.rootUser,
         ),
       )
-      assertFailsWithA[BadRequestException](exit, "Not allowed to supply groupIri and resourceClassIri together.")
+      assertFailsWithA[BadRequestException](
+        exit,
+        "DOAP restrictions must be either for a group, a resource class, a property, " +
+          "or a combination of a resource class and a property. ",
+      )
     }
 
     "return 'BadRequest' if the both group and property are supplied for DefaultObjectAccessPermissionCreateRequestADM" in {
@@ -334,7 +338,11 @@ class PermissionsMessagesADMSpec extends CoreSpec {
           SharedTestDataADM.rootUser,
         ),
       )
-      assertFailsWithA[BadRequestException](exit, "Not allowed to supply groupIri and propertyIri together.")
+      assertFailsWithA[BadRequestException](
+        exit,
+        "DOAP restrictions must be either for a group, a resource class, a property, " +
+          "or a combination of a resource class and a property. ",
+      )
     }
 
     "return 'BadRequest' if propertyIri supplied for DefaultObjectAccessPermissionCreateRequestADM is not valid" in {
@@ -350,25 +358,9 @@ class PermissionsMessagesADMSpec extends CoreSpec {
           SharedTestDataADM.rootUser,
         ),
       )
-      assertFailsWithA[BadRequestException](exit, s"Invalid property IRI: ${SharedTestDataADM.customValueIRI}")
-    }
-
-    "return 'BadRequest' if resourceClassIri supplied for DefaultObjectAccessPermissionCreateRequestADM is not valid" in {
-      val exit = UnsafeZioRun.run(
-        PermissionRestService.createDefaultObjectAccessPermission(
-          CreateDefaultObjectAccessPermissionAPIRequestADM(
-            forProject = anythingProjectIri,
-            forResourceClass = Some(ANYTHING_THING_RESOURCE_CLASS_LocalHost),
-            hasPermissions = Set(
-              PermissionADM.from(Permission.ObjectAccess.ChangeRights, KnoraGroupRepo.builtIn.ProjectMember.id.value),
-            ),
-          ),
-          SharedTestDataADM.rootUser,
-        ),
-      )
       assertFailsWithA[BadRequestException](
         exit,
-        s"Invalid resource class IRI: $ANYTHING_THING_RESOURCE_CLASS_LocalHost",
+        "<http://rdfh.ch/0001/5zCt1EMJKezFUOW_RCB0Gw/values/tdWAtnWK2qUC6tr4uQLAHA> is not a Knora property IRI",
       )
     }
 
@@ -386,7 +378,8 @@ class PermissionsMessagesADMSpec extends CoreSpec {
       )
       assertFailsWithA[BadRequestException](
         exit,
-        "Either a group, a resource class, a property, or a combination of resource class and property must be given.",
+        "DOAP restrictions must be either for a group, a resource class, a property, " +
+          "or a combination of a resource class and a property. ",
       )
     }
   }

diff --git a/integration/src/test/scala/org/knora/webapi/responders/admin/PermissionsResponderSpec.scala b/integration/src/test/scala/org/knora/webapi/responders/admin/PermissionsResponderSpec.scala
@@ -195,7 +195,6 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
                   PermissionADM.from(Permission.ObjectAccess.RestrictedView, SharedTestDataADM.thingSearcherGroup.id),
                 ),
               ),
-              rootUser,
               UUID.randomUUID(),
             ),
           ),
@@ -224,7 +223,6 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
                     .from(Permission.ObjectAccess.RestrictedView, KnoraGroupRepo.builtIn.UnknownUser.id.value),
                 ),
               ),
-              rootUser,
               UUID.randomUUID(),
             ),
           ),
@@ -250,7 +248,6 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
                 hasPermissions =
                   Set(PermissionADM.from(Permission.ObjectAccess.Modify, KnoraGroupRepo.builtIn.KnownUser.id.value)),
               ),
-              rootUser,
               UUID.randomUUID(),
             ),
           ),
@@ -277,7 +274,6 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
                   PermissionADM.from(Permission.ObjectAccess.ChangeRights, KnoraGroupRepo.builtIn.Creator.id.value),
                 ),
               ),
-              rootUser,
               UUID.randomUUID(),
             ),
           ),
@@ -305,7 +301,6 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
                     .from(Permission.ObjectAccess.ChangeRights, KnoraGroupRepo.builtIn.ProjectMember.id.value),
                 ),
               ),
-              rootUser,
               UUID.randomUUID(),
             ),
           ),
@@ -332,7 +327,6 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
                   PermissionADM.from(Permission.ObjectAccess.Modify, KnoraGroupRepo.builtIn.ProjectMember.id.value),
                 ),
               ),
-              rootUser,
               UUID.randomUUID(),
             ),
           ),
@@ -358,7 +352,6 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
                   PermissionADM.from(Permission.ObjectAccess.Modify, KnoraGroupRepo.builtIn.KnownUser.id.value),
                 ),
               ),
-              rootUser,
               UUID.randomUUID(),
             ),
           ),
@@ -386,7 +379,6 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
                   PermissionADM.from(Permission.ObjectAccess.Modify, KnoraGroupRepo.builtIn.ProjectMember.id.value),
                 ),
               ),
-              rootUser,
               UUID.randomUUID(),
             ),
           ),
@@ -418,7 +410,6 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
                 forGroup = Some(KnoraGroupRepo.builtIn.UnknownUser.id.value),
                 hasPermissions = hasPermissions,
               ),
-              rootUser,
               UUID.randomUUID(),
             ),
           ),
@@ -455,7 +446,6 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
                 forGroup = Some(KnoraGroupRepo.builtIn.ProjectAdmin.id.value),
                 hasPermissions = hasPermissions,
               ),
-              rootUser,
               UUID.randomUUID(),
             ),
           ),

diff --git a/integration/src/test/scala/org/knora/webapi/util/ZioScalaTestUtil.scala b/integration/src/test/scala/org/knora/webapi/util/ZioScalaTestUtil.scala
@@ -23,6 +23,16 @@ object ZioScalaTestUtil {
       err.squash shouldBe a[T]
       err.squash.getMessage shouldEqual expectedError
     }
-    case _ => Assertions.fail(s"Expected Exit. Failure with specific T.")
+    case _ => Assertions.fail(s"Expected Exit.Failure with specific T.")
   }
+
+  def assertFailsWithA[T <: Throwable: ClassTag](actual: Exit[Throwable, ?], errorPredicate: Throwable => Boolean) =
+    actual match {
+      case Exit.Failure(err) => {
+        val errSquashed = err.squash
+        errSquashed shouldBe a[T]
+        errorPredicate(errSquashed) shouldBe true
+      }
+      case _ => Assertions.fail(s"Expected Exit.Failure with specific T.")
+    }
 }
diff --git a/webapi/src/main/scala/org/knora/webapi/core/LayersLive.scala b/webapi/src/main/scala/org/knora/webapi/core/LayersLive.scala
@@ -93,6 +93,7 @@ object LayersLive {
     AuthenticationApiModule.Provided &
     CardinalityHandler &
     ConstructResponseUtilV2 &
+    DefaultObjectAccessPermissionService &
     GroupRestService &
     HttpServer &
     IIIFRequestMessageHandler &