From f52c822331cd32bc8b8919a9f8240ae1f60039a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Kleinb=C3=B6lting?=
 <christian.kleinboelting@dasch.swiss>
Date: Wed, 10 Apr 2024 09:17:33 +0200
Subject: [PATCH] ignore projects which are not found

---
 .../slice/infrastructure/JwtService.scala     | 73 +++++++++----------
 1 file changed, 36 insertions(+), 37 deletions(-)

diff --git a/webapi/src/main/scala/org/knora/webapi/slice/infrastructure/JwtService.scala b/webapi/src/main/scala/org/knora/webapi/slice/infrastructure/JwtService.scala
index cd27bac98d..ecba2949e2 100644
--- a/webapi/src/main/scala/org/knora/webapi/slice/infrastructure/JwtService.scala
+++ b/webapi/src/main/scala/org/knora/webapi/slice/infrastructure/JwtService.scala
@@ -6,6 +6,21 @@
 package org.knora.webapi.routing
 
 import com.typesafe.scalalogging.Logger
+import dsp.valueobjects.Iri
+import dsp.valueobjects.UuidUtil
+import org.knora.webapi.IRI
+import org.knora.webapi.config.DspIngestConfig
+import org.knora.webapi.config.JwtConfig
+import org.knora.webapi.messages.admin.responder.permissionsmessages.PermissionADM
+import org.knora.webapi.routing.Authenticator.AUTHENTICATION_INVALIDATION_CACHE_NAME
+import org.knora.webapi.slice.admin.domain.model.KnoraProject.ProjectIri
+import org.knora.webapi.slice.admin.domain.model.KnoraProject.Shortcode
+import org.knora.webapi.slice.admin.domain.model.Permission.Administrative
+import org.knora.webapi.slice.admin.domain.model.User
+import org.knora.webapi.slice.admin.domain.service.KnoraProjectService
+import org.knora.webapi.slice.infrastructure.Scope
+import org.knora.webapi.slice.infrastructure.ScopeValue
+import org.knora.webapi.util.cache.CacheUtil
 import org.slf4j.LoggerFactory
 import pdi.jwt.JwtAlgorithm
 import pdi.jwt.JwtClaim
@@ -25,21 +40,6 @@ import zio.durationInt
 import scala.util.Failure
 import scala.util.Success
 
-import dsp.valueobjects.Iri
-import dsp.valueobjects.UuidUtil
-import org.knora.webapi.IRI
-import org.knora.webapi.config.DspIngestConfig
-import org.knora.webapi.config.JwtConfig
-import org.knora.webapi.routing.Authenticator.AUTHENTICATION_INVALIDATION_CACHE_NAME
-import org.knora.webapi.slice.admin.domain.model.KnoraProject
-import org.knora.webapi.slice.admin.domain.model.KnoraProject.ProjectIri
-import org.knora.webapi.slice.admin.domain.model.Permission.Administrative
-import org.knora.webapi.slice.admin.domain.model.User
-import org.knora.webapi.slice.admin.domain.service.KnoraProjectService
-import org.knora.webapi.slice.infrastructure.Scope
-import org.knora.webapi.slice.infrastructure.ScopeValue
-import org.knora.webapi.util.cache.CacheUtil
-
 case class Jwt(jwtString: String, expiration: Long)
 
 /**
@@ -99,31 +99,30 @@ final case class JwtServiceLive(
     if (user.isSystemAdmin || user.isSystemUser) {
       ZIO.succeed(Scope.admin)
     } else {
-      val foo: ZIO[Any, Nothing, Map[KnoraProject.Shortcode, Set[Option[ScopeValue.Write]]]] = ZIO
-        .foreach(user.permissions.administrativePermissionsPerProject) { case (iriStr, permission) =>
-          for {
-            project  <- knoraProjectService.findById(ProjectIri.unsafeFrom(iriStr)).orDie
-            shortcode = project.get.shortcode
-            scopeValues =
-              permission
-                .map(_.name)
-                .flatMap(Administrative.fromToken)
-                .map {
-                  case Administrative.ProjectResourceCreateAll        => Some(ScopeValue.Write(shortcode))
-                  case Administrative.ProjectResourceCreateRestricted => Some(ScopeValue.Write(shortcode))
-                  case Administrative.ProjectAdminAll                 => Some(ScopeValue.Write(shortcode))
-                  case Administrative.ProjectAdminGroupAll            => None
-                  case Administrative.ProjectAdminGroupRestricted     => None
-                  case Administrative.ProjectAdminRightsAll           => None
-                }
-          } yield (shortcode, scopeValues)
+      ZIO
+        .foreach(user.permissions.administrativePermissionsPerProject.toSeq) { case (iriStr, permission) =>
+          knoraProjectService
+            .findById(ProjectIri.unsafeFrom(iriStr))
+            .orDie
+            .map(_.map(prj => mapPermissionToScope(permission, prj.shortcode)).getOrElse(Seq.empty))
         }
-      for {
-        scopeValues <- foo.map(_.values.flatten.flatten)
-        scope        = scopeValues.foldLeft(Scope.empty)(_ + _)
-      } yield scope
+        .map(_.flatten)
+        .map(_.foldLeft(Scope.empty)(_ + _))
     }
 
+  private def mapPermissionToScope(permission: Set[PermissionADM], shortcode: Shortcode): Seq[ScopeValue.Write] =
+    permission.toSeq
+      .map(_.name)
+      .flatMap(Administrative.fromToken)
+      .flatMap {
+        case Administrative.ProjectResourceCreateAll        => Some(ScopeValue.Write(shortcode))
+        case Administrative.ProjectResourceCreateRestricted => Some(ScopeValue.Write(shortcode))
+        case Administrative.ProjectAdminAll                 => Some(ScopeValue.Write(shortcode))
+        case Administrative.ProjectAdminGroupAll            => None
+        case Administrative.ProjectAdminGroupRestricted     => None
+        case Administrative.ProjectAdminRightsAll           => None
+      }
+
   override def createJwtForDspIngest(): UIO[Jwt] =
     createJwtToken(
       jwtConfig.issuerAsString(),