From 47a29e79139d10a280bda94ddb274a2fb7d86376 Mon Sep 17 00:00:00 2001 From: Yves Peter Date: Mon, 16 Jul 2018 17:51:54 +0200 Subject: [PATCH 1/6] permission: make reload optional --- .../security/boundary/PermissionBoundary.java | 28 ++++++++++++------- .../rest/permissions/RestrictionsRest.java | 18 ++++++------ .../rest/permissions/RestrictionTest.java | 20 ++++++------- 3 files changed, 38 insertions(+), 28 deletions(-) diff --git a/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java b/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java index 6cd2456b9..ee668a139 100644 --- a/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java +++ b/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java @@ -431,6 +431,7 @@ public void createAutoAssignedRestrictions(ResourceEntity resource) throws AMWEx createAutoAssignedRestriction(getUserName(), Permission.RESOURCE_TEST_GENERATION.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); createAutoAssignedRestriction(getUserName(), Permission.RESOURCE_TEST_GENERATION_RESULT.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); createAutoAssignedRestriction(getUserName(), Permission.DEPLOYMENT.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); + permissionRepository.forceReloadingOfLists(); } } @@ -449,10 +450,13 @@ public void createAutoAssignedRestrictions(ResourceEntity resource) throws AMWEx */ @HasPermission(oneOfPermission = { Permission.ASSIGN_REMOVE_PERMISSION, Permission.PERMISSION_DELEGATION }, action = Action.CREATE) public Integer createRestriction(String roleName, String userName, String permissionName, Integer resourceGroupId, String resourceTypeName, - ResourceTypePermission resourceTypePermission, String contextName, Action action, boolean delegated) + ResourceTypePermission resourceTypePermission, String contextName, Action action, boolean delegated, boolean reload) throws AMWException { if (!delegated || canDelegateThisPermission(permissionName, resourceGroupId, resourceTypeName, contextName, action)) { RestrictionEntity restriction = new RestrictionEntity(); + if (reload) { + permissionRepository.forceReloadingOfLists(); + } return createRestriction(roleName, userName, permissionName, resourceGroupId, resourceTypeName, resourceTypePermission, contextName, action, restriction); } @@ -475,7 +479,7 @@ public Integer createRestriction(String roleName, String userName, String permis */ @HasPermission(oneOfPermission = { Permission.ASSIGN_REMOVE_PERMISSION, Permission.PERMISSION_DELEGATION }, action = Action.CREATE) public int createMultipleRestrictions(String roleName, List userNames, List permissionNames, List resourceGroupIds, List resourceTypeNames, - ResourceTypePermission resourceTypePermission, List contextNames, List actions, boolean delegated) throws AMWException { + ResourceTypePermission resourceTypePermission, List contextNames, List actions, boolean delegated, boolean reload) throws AMWException { int count = 0; if (resourceGroupIds != null && !resourceGroupIds.isEmpty() && resourceTypeNames != null && !resourceTypeNames.isEmpty()) { throw new AMWException("Only ResourceGroupId(s) OR ResourceTypeName(s) must be set"); @@ -522,6 +526,9 @@ public int createMultipleRestrictions(String roleName, List userNames, L } } } + if (reload) { + permissionRepository.forceReloadingOfLists(); + } return count; } @@ -562,9 +569,7 @@ private Integer createRestriction(String roleName, String userName, String permi if (permissionService.identicalOrMoreGeneralRestrictionExists(restriction)) { return null; } - final Integer id = restrictionRepository.create(restriction); - permissionRepository.forceReloadingOfLists(); - return id; + return restrictionRepository.create(restriction); } private Integer createAutoAssignedRestriction(String userName, String permissionName, Integer resourceGroupId, Action action, RestrictionEntity restriction) @@ -574,7 +579,6 @@ private Integer createAutoAssignedRestriction(String userName, String permission return null; } final Integer id = restrictionRepository.create(restriction); - permissionRepository.forceReloadingOfLists(); return id; } @@ -592,7 +596,7 @@ private Integer createAutoAssignedRestriction(String userName, String permission @HasPermission(permission = Permission.ASSIGN_REMOVE_PERMISSION, action = Action.UPDATE) public boolean updateRestriction(Integer id, String roleName, String userName, String permissionName, Integer resourceId, String resourceTypeName, ResourceTypePermission resourceTypePermission, - String contextName, Action action) throws AMWException { + String contextName, Action action, boolean reload) throws AMWException { if (id == null) { throw new AMWException("Id must not be null"); } @@ -606,17 +610,21 @@ public boolean updateRestriction(Integer id, String roleName, String userName, S return false; } restrictionRepository.merge(restriction); - permissionRepository.forceReloadingOfLists(); + if (reload) { + permissionRepository.forceReloadingOfLists(); + } return true; } @HasPermission(permission = Permission.ASSIGN_REMOVE_PERMISSION, action = Action.DELETE) - public void removeRestriction(Integer id) throws AMWException { + public void removeRestriction(Integer id, boolean reload) throws AMWException { if (restrictionRepository.find(id) == null) { throw new AMWException("Restriction not found"); } restrictionRepository.deleteRestrictionById(id); - permissionRepository.forceReloadingOfLists(); + if (reload) { + permissionRepository.forceReloadingOfLists(); + } } /** diff --git a/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionsRest.java b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionsRest.java index cdbfbb6ce..ccb1eaee9 100644 --- a/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionsRest.java +++ b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionsRest.java @@ -63,7 +63,7 @@ public class RestrictionsRest { @POST @ApiOperation(value = "Add a Restriction") public Response addRestriction(@ApiParam("Add a Restriction, either a role- or a userName must be set") RestrictionDTO request, - @QueryParam("delegation") boolean delegation) { + @QueryParam("delegation") boolean delegation, @DefaultValue("true") @QueryParam("reload") boolean reload) { Integer id; if (request.getId() != null) { return Response.status(BAD_REQUEST).entity(new ExceptionDto("Id must be null")).build(); @@ -73,7 +73,7 @@ public Response addRestriction(@ApiParam("Add a Restriction, either a role- or a } try { id = permissionBoundary.createRestriction(request.getRoleName(), request.getUserName(), request.getPermission().getName(), request.getResourceGroupId(), - request.getResourceTypeName(), request.getResourceTypePermission(), request.getContextName(), request.getAction(), delegation); + request.getResourceTypeName(), request.getResourceTypePermission(), request.getContextName(), request.getAction(), delegation, reload); } catch (AMWException e) { return Response.status(BAD_REQUEST).entity(new ExceptionDto(e.getMessage())).build(); } @@ -93,14 +93,14 @@ public Response addRestriction(@ApiParam("Add a Restriction, either a role- or a @Path("/multi/") @ApiOperation(value = "Add a multiple Restrictions") public Response addRestriction(@ApiParam("Add multiple Restrictions, either a role- or one or more userNames must be set") RestrictionsCreationDTO request, - @QueryParam("delegation") boolean delegation) { + @QueryParam("delegation") boolean delegation, @DefaultValue("true") @QueryParam("reload") boolean reload) { if (request.getPermissionNames().isEmpty()) { return Response.status(BAD_REQUEST).entity(new ExceptionDto("At least one Permission is required")).build(); } int count; try { count = permissionBoundary.createMultipleRestrictions(request.getRoleName(), request.getUserNames(), request.getPermissionNames(), request.getResourceGroupIds(), - request.getResourceTypeNames(), request.getResourceTypePermission(), request.getContextNames(), request.getActions(), delegation); + request.getResourceTypeNames(), request.getResourceTypePermission(), request.getContextNames(), request.getActions(), delegation, reload); } catch (AMWException e) { return Response.status(BAD_REQUEST).entity(new ExceptionDto(e.getMessage())).build(); } @@ -146,12 +146,13 @@ public Response getAllRestriction() { // support digit only @Produces("application/json") @ApiOperation(value = "Update a Restriction") - public Response updateRestriction(@ApiParam("Restriction ID") @PathParam("id") Integer id, RestrictionDTO request) { + public Response updateRestriction(@ApiParam("Restriction ID") @PathParam("id") Integer id, RestrictionDTO request, + @DefaultValue("true") @QueryParam("reload") boolean reload) { boolean success; try { success = permissionBoundary.updateRestriction(id, request.getRoleName(), request.getUserName(), request.getPermission().getName(), request.getResourceGroupId(), request.getResourceTypeName(), request.getResourceTypePermission(), - request.getContextName(), request.getAction()); + request.getContextName(), request.getAction(), reload); } catch (AMWException e) { return Response.status(BAD_REQUEST).entity(new ExceptionDto(e.getMessage())).build(); } @@ -169,9 +170,10 @@ public Response updateRestriction(@ApiParam("Restriction ID") @PathParam("id") I @Path("/{id : \\d+}") // support digit only @ApiOperation(value = "Remove a Restriction") - public Response deleteRestriction(@ApiParam("Restriction ID") @PathParam("id") Integer id) { + public Response deleteRestriction(@ApiParam("Restriction ID") @PathParam("id") Integer id, + @DefaultValue("true") @QueryParam("reload") boolean reload) { try { - permissionBoundary.removeRestriction(id); + permissionBoundary.removeRestriction(id, reload); } catch (AMWException e) { return Response.status(NOT_FOUND).entity(new ExceptionDto(e.getMessage())).build(); } diff --git a/AMW_rest/src/test/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionTest.java b/AMW_rest/src/test/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionTest.java index 91403ca5c..306dfa281 100644 --- a/AMW_rest/src/test/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionTest.java +++ b/AMW_rest/src/test/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionTest.java @@ -141,7 +141,7 @@ public void shouldReturnStateBadRequestIfIdIsSet() { ch.mobi.itc.mobiliar.rest.dtos.RestrictionDTO restrictionDTO = new RestrictionDTO(1, null, null, RESOURCE, null, null, null, null, null); // when - Response response = rest.addRestriction(restrictionDTO, false); + Response response = rest.addRestriction(restrictionDTO, false, true); // then assertEquals(BAD_REQUEST.getStatusCode(), response.getStatus()); @@ -151,10 +151,10 @@ public void shouldReturnStateBadRequestIfIdIsSet() { public void shouldReturnStateBadRequestIfRoleNameAndUserNameAreMissing() throws AMWException { // given ch.mobi.itc.mobiliar.rest.dtos.RestrictionDTO restrictionDTO = new RestrictionDTO(null, null, null, RESOURCE, null, null, null, null, null); - when(rest.permissionBoundary.createRestriction(null, null, RESOURCE.name(), null, null, null, null, null, false)).thenThrow(new AMWException("bad")); + when(rest.permissionBoundary.createRestriction(null, null, RESOURCE.name(), null, null, null, null, null, false, true)).thenThrow(new AMWException("bad")); // when - Response response = rest.addRestriction(restrictionDTO, false); + Response response = rest.addRestriction(restrictionDTO, false, true); // then assertEquals(BAD_REQUEST.getStatusCode(), response.getStatus()); @@ -164,10 +164,10 @@ public void shouldReturnStateBadRequestIfRoleNameAndUserNameAreMissing() throws public void shouldReturnStateBadRequestIfRoleNameIsInvalid() throws AMWException { // given ch.mobi.itc.mobiliar.rest.dtos.RestrictionDTO restrictionDTO = new RestrictionDTO(null, "invalid", null, RESOURCE, null, null, null, null, null); - when(rest.permissionBoundary.createRestriction("invalid", null, RESOURCE.name(), null, null, null, null, null, false)).thenThrow(new AMWException("bad")); + when(rest.permissionBoundary.createRestriction("invalid", null, RESOURCE.name(), null, null, null, null, null, false, true)).thenThrow(new AMWException("bad")); // when - Response response = rest.addRestriction(restrictionDTO, false); + Response response = rest.addRestriction(restrictionDTO, false, true); // then assertEquals(BAD_REQUEST.getStatusCode(), response.getStatus()); @@ -179,7 +179,7 @@ public void shouldSucceedIfRoleNameIsMissingButUserNameIsProvided() throws AMWEx ch.mobi.itc.mobiliar.rest.dtos.RestrictionDTO restrictionDTO = new RestrictionDTO(null, "fritz", null, RESOURCE, null, null, null, null, null); // when - Response response = rest.addRestriction(restrictionDTO, false); + Response response = rest.addRestriction(restrictionDTO, false, true); // then assertEquals(CREATED.getStatusCode(), response.getStatus()); @@ -189,10 +189,10 @@ public void shouldSucceedIfRoleNameIsMissingButUserNameIsProvided() throws AMWEx public void shouldReturnStateBadRequestIfResourceIdIsInvalid() throws AMWException { // given ch.mobi.itc.mobiliar.rest.dtos.RestrictionDTO restrictionDTO = new RestrictionDTO(null, "valid", null, RESOURCE, 1, null, null, null, null); - when(rest.permissionBoundary.createRestriction("valid", null, RESOURCE.name(), 1, null, null, null, null, false)).thenThrow(new AMWException("bad")); + when(rest.permissionBoundary.createRestriction("valid", null, RESOURCE.name(), 1, null, null, null, null, false, true)).thenThrow(new AMWException("bad")); // when - Response response = rest.addRestriction(restrictionDTO, false); + Response response = rest.addRestriction(restrictionDTO, false, true); // then assertEquals(BAD_REQUEST.getStatusCode(), response.getStatus()); @@ -202,10 +202,10 @@ public void shouldReturnStateBadRequestIfResourceIdIsInvalid() throws AMWExcepti public void shouldReturnStateBadRequestIfResourceTypeNameIsInvalid() throws AMWException { // given ch.mobi.itc.mobiliar.rest.dtos.RestrictionDTO restrictionDTO = new RestrictionDTO(null, "valid", null, RESOURCE, null, "invalid", null, null, null); - when(rest.permissionBoundary.createRestriction("valid", null, RESOURCE.name(), null, "invalid", null, null, null, false)).thenThrow(new AMWException("bad")); + when(rest.permissionBoundary.createRestriction("valid", null, RESOURCE.name(), null, "invalid", null, null, null, false, true)).thenThrow(new AMWException("bad")); // when - Response response = rest.addRestriction(restrictionDTO, false); + Response response = rest.addRestriction(restrictionDTO, false, true); // then assertEquals(BAD_REQUEST.getStatusCode(), response.getStatus()); From 290240b540ab613d9236831b2a262bdfd2340b60 Mon Sep 17 00:00:00 2001 From: Yves Peter Date: Mon, 16 Jul 2018 18:01:05 +0200 Subject: [PATCH 2/6] rest restrictions: add method to reload, fix tests --- .../security/boundary/PermissionBoundary.java | 14 ++-- .../boundary/PermissionBoundaryTest.java | 80 +++++++++---------- .../rest/permissions/RestrictionsRest.java | 11 +++ .../rest/permissions/RestrictionTest.java | 10 +-- 4 files changed, 65 insertions(+), 50 deletions(-) diff --git a/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java b/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java index ee668a139..c99f411f1 100644 --- a/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java +++ b/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java @@ -431,7 +431,7 @@ public void createAutoAssignedRestrictions(ResourceEntity resource) throws AMWEx createAutoAssignedRestriction(getUserName(), Permission.RESOURCE_TEST_GENERATION.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); createAutoAssignedRestriction(getUserName(), Permission.RESOURCE_TEST_GENERATION_RESULT.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); createAutoAssignedRestriction(getUserName(), Permission.DEPLOYMENT.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); - permissionRepository.forceReloadingOfLists(); + reloadCache(); } } @@ -455,7 +455,7 @@ public Integer createRestriction(String roleName, String userName, String permis if (!delegated || canDelegateThisPermission(permissionName, resourceGroupId, resourceTypeName, contextName, action)) { RestrictionEntity restriction = new RestrictionEntity(); if (reload) { - permissionRepository.forceReloadingOfLists(); + reloadCache(); } return createRestriction(roleName, userName, permissionName, resourceGroupId, resourceTypeName, resourceTypePermission, contextName, action, restriction); @@ -527,7 +527,7 @@ public int createMultipleRestrictions(String roleName, List userNames, L } } if (reload) { - permissionRepository.forceReloadingOfLists(); + reloadCache(); } return count; } @@ -611,7 +611,7 @@ public boolean updateRestriction(Integer id, String roleName, String userName, S } restrictionRepository.merge(restriction); if (reload) { - permissionRepository.forceReloadingOfLists(); + reloadCache(); } return true; } @@ -623,7 +623,7 @@ public void removeRestriction(Integer id, boolean reload) throws AMWException { } restrictionRepository.deleteRestrictionById(id); if (reload) { - permissionRepository.forceReloadingOfLists(); + reloadCache(); } } @@ -845,4 +845,8 @@ protected boolean isValidName(String rawString) { return false; } + @HasPermission(permission = Permission.ASSIGN_REMOVE_PERMISSION) + public void reloadCache() { + permissionRepository.forceReloadingOfLists(); + } } diff --git a/AMW_business/src/test/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundaryTest.java b/AMW_business/src/test/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundaryTest.java index ba5879e6f..6aa1f97d1 100644 --- a/AMW_business/src/test/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundaryTest.java +++ b/AMW_business/src/test/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundaryTest.java @@ -115,7 +115,7 @@ public void setup() { @Test(expected=AMWException.class) public void shouldThrowAMWExceptionOnUpdateIfIdIsNull() throws AMWException { // given // when // then - permissionBoundary.updateRestriction(null,null, null, null, null, null, null, null, null); + permissionBoundary.updateRestriction(null,null, null, null, null, null, null, null, null, true); } @Test(expected=AMWException.class) @@ -123,7 +123,7 @@ public void shouldThrowAMWExceptionOnUpdateIfRestrictionCanNotBeFound() throws A // given when(restrictionRepository.find(1)).thenReturn(null); // when // then - permissionBoundary.updateRestriction(1, null, null, null, null, null, null, null, null); + permissionBoundary.updateRestriction(1, null, null, null, null, null, null, null, null, true); } @Test(expected=AMWException.class) @@ -131,7 +131,7 @@ public void shouldThrowAMWExceptionOnUpdateIfRolenameIsNull() throws AMWExceptio // given when(restrictionRepository.find(1)).thenReturn(new RestrictionEntity()); // when // then - permissionBoundary.updateRestriction(1, null, null, null, null, null, null, null, null); + permissionBoundary.updateRestriction(1, null, null, null, null, null, null, null, null, true); } @Test @@ -141,7 +141,7 @@ public void shouldCreateRoleOnUpdateIfRoleCanNotBeFound() throws AMWException { when(permissionRepository.getRoleByName("newRole")).thenReturn(null); when(permissionRepository.getPermissionByName("valid")).thenReturn(resourcePermission); // when - permissionBoundary.updateRestriction(1, "newRole", null, "valid", null, null, null, null, null); + permissionBoundary.updateRestriction(1, "newRole", null, "valid", null, null, null, null, null, true); // then verify(permissionRepository).createRole("newRole"); } @@ -152,7 +152,7 @@ public void shouldThrowAMWExceptionOnUpdateIfPermissionIsNull() throws AMWExcept when(restrictionRepository.find(1)).thenReturn(new RestrictionEntity()); when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); // when // then - permissionBoundary.updateRestriction(1, "existing", null, null, null, null, null, null, null); + permissionBoundary.updateRestriction(1, "existing", null, null, null, null, null, null, null, true); } @Test(expected=AMWException.class) @@ -162,7 +162,7 @@ public void shouldThrowAMWExceptionOnUpdateIfPermissionCanNotBeFound() throws AM when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("invalid")).thenReturn(null); // when // then - permissionBoundary.updateRestriction(1, "existing", null, "invalid", null, null, null, null, null); + permissionBoundary.updateRestriction(1, "existing", null, "invalid", null, null, null, null, null, true); } @Test(expected=AMWException.class) @@ -173,7 +173,7 @@ public void shouldThrowAMWExceptionOnUpdateIfContextCanNotBeFound() throws AMWEx when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); when(contextLocator.getContextByName("bad")).thenThrow(new NoResultException()); // when // then - permissionBoundary.updateRestriction(1, "existing", null, "good", null, null, null, "bad", null); + permissionBoundary.updateRestriction(1, "existing", null, "good", null, null, null, "bad", null, true); } @Test(expected=AMWException.class) @@ -184,7 +184,7 @@ public void shouldThrowAMWExceptionOnUpdateIfResourceTypeCanNotBeFound() throws when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); when(resourceTypeRepository.getByName("bad")).thenReturn(null); // when // then - permissionBoundary.updateRestriction(1, "existing", null, "good", null, "bad", null, null, null); + permissionBoundary.updateRestriction(1, "existing", null, "good", null, "bad", null, null, null, true); } @Test @@ -194,7 +194,7 @@ public void shouldUpdateIfContextAndActionAreNull() throws AMWException { when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); // when - permissionBoundary.updateRestriction(1, "existing", null, "good", null, null, null, null, null); + permissionBoundary.updateRestriction(1, "existing", null, "good", null, null, null, null, null, true); // then verify(restrictionRepository).merge(any(RestrictionEntity.class)); verify(permissionRepository).forceReloadingOfLists(); @@ -203,43 +203,43 @@ public void shouldUpdateIfContextAndActionAreNull() throws AMWException { @Test(expected=AMWException.class) public void shouldThrowAMWExceptionOnCreateIfRoleNameAndUserNameAreNull() throws AMWException { // given // when // then - permissionBoundary.createRestriction(null, null, null, null, null, null, null, null, false); + permissionBoundary.createRestriction(null, null, null, null, null, null, null, null, false, true); } @Test(expected=AMWException.class) public void shouldThrowAMWExceptionOnCreateIfUserNameIsEmpty() throws AMWException { // given // when // then - permissionBoundary.createRestriction(null, "", null, null, null, null, null, null, false); + permissionBoundary.createRestriction(null, "", null, null, null, null, null, null, false, true); } @Test(expected=AMWException.class) public void shouldThrowAMWExceptionOnCreateIfTrimmedUserNameIsEmpty() throws AMWException { // given // when // then - permissionBoundary.createRestriction(null, " ", null, null, null, null, null, null, false); + permissionBoundary.createRestriction(null, " ", null, null, null, null, null, null, false, true); } @Test(expected=AMWException.class) public void shouldThrowAMWExceptionOnCreateIfUserNameHasLeadingSpaces() throws AMWException { // given // when // then - permissionBoundary.createRestriction(null, " invalid", null, null, null, null, null, null, false); + permissionBoundary.createRestriction(null, " invalid", null, null, null, null, null, null, false, true); } @Test(expected=AMWException.class) public void shouldThrowAMWExceptionOnCreateIfRoleNameHasTrailingSpaces() throws AMWException { // given // when // then - permissionBoundary.createRestriction("invalid ", null, null, null, null, null, null, null, false); + permissionBoundary.createRestriction("invalid ", null, null, null, null, null, null, null, false, true); } @Test(expected=AMWException.class) public void shouldThrowAMWExceptionOnCreateIfRoleNameHasLeadingSpaces() throws AMWException { // given // when // then - permissionBoundary.createRestriction(" invalid", null, null, null, null, null, null, null, false); + permissionBoundary.createRestriction(" invalid", null, null, null, null, null, null, null, false, true); } @Test(expected=AMWException.class) public void shouldThrowAMWExceptionOnCreateIfUserNameHasTrailingSpaces() throws AMWException { // given // when // then - permissionBoundary.createRestriction(null, "invalid ", null, null, null, null, null, null, false); + permissionBoundary.createRestriction(null, "invalid ", null, null, null, null, null, null, false, true); } @@ -249,7 +249,7 @@ public void shouldCreateRoleAndUserRestrictionOnCreateIfRoleCanNotBeFound() thro when(permissionRepository.getRoleByName("newRole")).thenReturn(null); when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); // when - permissionBoundary.createRestriction("newRole", null, "good", null, null, null, null, null, false); + permissionBoundary.createRestriction("newRole", null, "good", null, null, null, null, null, false, true); // then verify(permissionRepository).createRole("newRole"); verify(restrictionRepository).create(any(RestrictionEntity.class)); @@ -260,7 +260,7 @@ public void shouldCreateUserRestrictionAndRestrictionIfUserNameIsNotNull() throw // given when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); // when - permissionBoundary.createRestriction(null, "hans", "good", null, null, null, null, null, false); + permissionBoundary.createRestriction(null, "hans", "good", null, null, null, null, null, false, true); // then verify(permissionRepository).getUserRestrictionByName("hans"); verify(permissionRepository).createUserRestriciton("hans"); @@ -273,7 +273,7 @@ public void shouldAssignUserRestrictionAndCreateRestrictionIfUserNameHasBeenFoun when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); when(permissionRepository.getUserRestrictionByName("fritz")).thenReturn(new UserRestrictionEntity()); // when - permissionBoundary.createRestriction(null, "fritz", "good", null, null, null, null, null, false); + permissionBoundary.createRestriction(null, "fritz", "good", null, null, null, null, null, false, true); // then verify(permissionRepository, never()).createUserRestriciton(anyString()); verify(restrictionRepository).create(any(RestrictionEntity.class)); @@ -285,7 +285,7 @@ public void shouldCreateIfContextIsNull() throws AMWException { when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); // when - permissionBoundary.createRestriction("existing", null, "good", null, null, null, null, CREATE, false); + permissionBoundary.createRestriction("existing", null, "good", null, null, null, null, CREATE, false, true); // then verify(restrictionRepository).create(any(RestrictionEntity.class)); } @@ -296,7 +296,7 @@ public void shouldCreateIfContextAndActionAreNull() throws AMWException { when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); // when - permissionBoundary.createRestriction("existing", null, "good", null, null, null, null, null, false); + permissionBoundary.createRestriction("existing", null, "good", null, null, null, null, null, false, true); // then verify(restrictionRepository).create(any(RestrictionEntity.class)); verify(permissionRepository).forceReloadingOfLists(); @@ -309,7 +309,7 @@ public void shouldCheckIfCallerHasSimilarRestrictionIfHeWantsToDelegatePermissio when(permissionRepository.getUserRestrictionByName("fed")).thenReturn(new UserRestrictionEntity()); when(permissionRepository.getPermissionByName(anyString())).thenReturn(resourcePermission); // when - permissionBoundary.createRestriction(null, "fred", "SHAKEDOWNTEST", null, null, null, null, CREATE, true); + permissionBoundary.createRestriction(null, "fred", "SHAKEDOWNTEST", null, null, null, null, CREATE, true, true); // then verify(permissionService).hasPermissionToDelegatePermission(Permission.SHAKEDOWNTEST, null, null, null, CREATE); verify(restrictionRepository).create(any(RestrictionEntity.class)); @@ -321,7 +321,7 @@ public void shouldThrowAMWExceptionIfCallerIsNotAllowedToDelegatePermission() th when(permissionService.hasPermissionToDelegatePermission(Permission.SHAKEDOWNTEST, null, null, null, CREATE)).thenReturn(false); when(permissionRepository.getUserRestrictionByName("fed")).thenReturn(new UserRestrictionEntity()); // when - permissionBoundary.createRestriction(null, "fred", "SHAKEDOWNTEST", null, null, null, null, CREATE, true); + permissionBoundary.createRestriction(null, "fred", "SHAKEDOWNTEST", null, null, null, null, CREATE, true, true); // then verify(permissionService).hasPermissionToDelegatePermission(Permission.SHAKEDOWNTEST, null, null, null, CREATE); verify(restrictionRepository, never()).create(any(RestrictionEntity.class)); @@ -334,7 +334,7 @@ public void shouldThrowAMWExceptionOnCreateIfResourceIdCanNotBeFound() throws AM when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); when(resourceGroupRepository.find(7)).thenReturn(null); // when // then - permissionBoundary.createRestriction("existing", null, "good", 7, null, null, null, null, false); + permissionBoundary.createRestriction("existing", null, "good", 7, null, null, null, null, false, true); } @Test(expected=AMWException.class) @@ -343,7 +343,7 @@ public void shouldThrowAMWExceptionOnCreateIfResourceGroupAndResourceTypeAreSet( when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); // when // then - permissionBoundary.createRestriction("existing", null, "good", 7, "bad", null, null, null, false); + permissionBoundary.createRestriction("existing", null, "good", 7, "bad", null, null, null, false, true); } @Test(expected=AMWException.class) @@ -352,7 +352,7 @@ public void shouldThrowAMWExceptionOnCreateIfResourceTypePermissionIsNotEmptyAnd when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); // when // then - permissionBoundary.createRestriction("existing", null, "good", 7, null, DEFAULT_ONLY, null, null, false); + permissionBoundary.createRestriction("existing", null, "good", 7, null, DEFAULT_ONLY, null, null, false, true); } @Test(expected=AMWException.class) @@ -361,7 +361,7 @@ public void shouldThrowAMWExceptionOnCreateIfResourceTypePermissionIsNotEmptyAnd when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); // when // then - permissionBoundary.createRestriction("existing", null, "good", null, "bad", NON_DEFAULT_ONLY, null, null, false); + permissionBoundary.createRestriction("existing", null, "good", null, "bad", NON_DEFAULT_ONLY, null, null, false, true); } @Test @@ -404,7 +404,7 @@ public void shouldResetRestrictionPropertiesIfPermissionIsOld() throws AMWExcept @Test(expected=AMWException.class) public void shouldThrowAMWExceptionIfRestrictionToBeDeletedCanNotBeFound() throws AMWException { // given // when // then - permissionBoundary.removeRestriction(21); + permissionBoundary.removeRestriction(21, true); } @Test @@ -412,7 +412,7 @@ public void shouldRemoveRestrictionToBeDeleted() throws AMWException { // given when(restrictionRepository.find(42)).thenReturn(new RestrictionEntity()); // when - permissionBoundary.removeRestriction(42); + permissionBoundary.removeRestriction(42, true); // then verify(restrictionRepository).deleteRestrictionById(42); verify(permissionRepository).forceReloadingOfLists(); @@ -869,7 +869,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfARoleIsGiven() throws Exce when(resourceGroupRepository.find(1)).thenReturn(new ResourceGroupEntity()); // when - int total = permissionBoundary.createMultipleRestrictions(roleName1, null, Arrays.asList(permissionName1, permissionName2), Arrays.asList(1), null, ResourceTypePermission.ANY, Arrays.asList(contextNameA), Arrays.asList(Action.CREATE), false); + int total = permissionBoundary.createMultipleRestrictions(roleName1, null, Arrays.asList(permissionName1, permissionName2), Arrays.asList(1), null, ResourceTypePermission.ANY, Arrays.asList(contextNameA), Arrays.asList(Action.CREATE), false, true); // then assertThat(total, is(2)); @@ -888,7 +888,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAreGiven() throws Exc when(resourceGroupRepository.find(1)).thenReturn(new ResourceGroupEntity()); // when - int total = permissionBoundary.createMultipleRestrictions(null, Arrays.asList(userName1, userName2), Arrays.asList(permissionName1, permissionName2), Arrays.asList(1), null, ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE), false); + int total = permissionBoundary.createMultipleRestrictions(null, Arrays.asList(userName1, userName2), Arrays.asList(permissionName1, permissionName2), Arrays.asList(1), null, ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE), false, true); // then assertThat(total, is(4)); @@ -909,7 +909,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAreGiven() thr when(resourceGroupRepository.find(1)).thenReturn(new ResourceGroupEntity()); // when - int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(permissionName1, permissionName2), Arrays.asList(1), null, ResourceTypePermission.ANY, Arrays.asList(contextNameA), Arrays.asList(Action.CREATE), false); + int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(permissionName1, permissionName2), Arrays.asList(1), null, ResourceTypePermission.ANY, Arrays.asList(contextNameA), Arrays.asList(Action.CREATE), false, true); // then assertThat(total, is(6)); @@ -927,7 +927,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA when(resourceGroupRepository.find(1)).thenReturn(new ResourceGroupEntity()); // when - int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), Arrays.asList(1), null, ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false); + int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), Arrays.asList(1), null, ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false, true); // then assertThat(total, is(12)); @@ -947,7 +947,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA when(resourceGroupRepository.find(1)).thenReturn(new ResourceGroupEntity()); // when - int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), Arrays.asList(1), null, ResourceTypePermission.ANY, Arrays.asList(contextNameA, contextNameB), Arrays.asList(Action.CREATE, Action.UPDATE), false); + int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), Arrays.asList(1), null, ResourceTypePermission.ANY, Arrays.asList(contextNameA, contextNameB), Arrays.asList(Action.CREATE, Action.UPDATE), false, true); // then assertThat(total, is(24)); @@ -967,7 +967,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA when(resourceGroupRepository.find(anyInt())).thenReturn(new ResourceGroupEntity()); // when - int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), Arrays.asList(1, 2), null, ResourceTypePermission.ANY, Arrays.asList(contextNameA, contextNameB), Arrays.asList(Action.CREATE, Action.UPDATE), false); + int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), Arrays.asList(1, 2), null, ResourceTypePermission.ANY, Arrays.asList(contextNameA, contextNameB), Arrays.asList(Action.CREATE, Action.UPDATE), false, true); // then assertThat(total, is(48)); @@ -989,7 +989,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA when(resourceTypeRepository.getByName(anyString())).thenReturn(new ResourceTypeEntity()); // when - int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, Arrays.asList(resourceTypeName1, resourceTypeName2), ResourceTypePermission.ANY, Arrays.asList(contextNameA, contextNameB), Arrays.asList(Action.CREATE, Action.UPDATE), false); + int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, Arrays.asList(resourceTypeName1, resourceTypeName2), ResourceTypePermission.ANY, Arrays.asList(contextNameA, contextNameB), Arrays.asList(Action.CREATE, Action.UPDATE), false, true); // then assertThat(total, is(48)); @@ -1009,7 +1009,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA when(resourceTypeRepository.getByName(anyString())).thenReturn(new ResourceTypeEntity()); // when - int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, Arrays.asList(resourceTypeName1, resourceTypeName2), ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false); + int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, Arrays.asList(resourceTypeName1, resourceTypeName2), ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false, true); // then assertThat(total, is(24)); @@ -1028,7 +1028,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA when(permissionRepository.getPermissionByName(resourceTypePermission.getValue())).thenReturn(resourceTypePermission); // when - int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, null, ResourceTypePermission.ANY, Arrays.asList(contextNameA, contextNameB), Arrays.asList(Action.CREATE, Action.UPDATE), false); + int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, null, ResourceTypePermission.ANY, Arrays.asList(contextNameA, contextNameB), Arrays.asList(Action.CREATE, Action.UPDATE), false, true); // then assertThat(total, is(24)); @@ -1045,7 +1045,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA when(permissionRepository.getPermissionByName(resourceTypePermission.getValue())).thenReturn(resourceTypePermission); // when - int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, null, ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false); + int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, null, ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false, true); // then assertThat(total, is(12)); @@ -1061,7 +1061,7 @@ public void shouldThrowAnExceptionIfBothResourceTypeAndResourceGroupAreGiven() t when(resourceTypeRepository.getByName(anyString())).thenReturn(new ResourceTypeEntity()); // when // then - permissionBoundary.createMultipleRestrictions(roleName1, null, Arrays.asList(resourcePermission.getValue()), Arrays.asList(1), Arrays.asList(resourceTypeName1), ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false); + permissionBoundary.createMultipleRestrictions(roleName1, null, Arrays.asList(resourcePermission.getValue()), Arrays.asList(1), Arrays.asList(resourceTypeName1), ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false, true); } } diff --git a/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionsRest.java b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionsRest.java index ccb1eaee9..42e274d1e 100644 --- a/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionsRest.java +++ b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionsRest.java @@ -316,4 +316,15 @@ private Response restrictionsToResponse(List restrictions) { return Response.status(OK).entity(restrictionList).build(); } + /** + * Reload the permission cache + */ + @POST + @Path("/reload") + @ApiOperation(value = "Reload the permission cache") + public Response reloadCache() { + permissionBoundary.reloadCache(); + return Response.status(OK).build(); + } + } diff --git a/AMW_rest/src/test/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionTest.java b/AMW_rest/src/test/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionTest.java index 306dfa281..2b46e14eb 100644 --- a/AMW_rest/src/test/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionTest.java +++ b/AMW_rest/src/test/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionTest.java @@ -216,10 +216,10 @@ public void shouldReturnStateBadRequestIfResourceTypeNameIsInvalid() throws AMWE public void shouldReturnStateBadRequestIfUpdateRestrictionFails() throws AMWException { // given ch.mobi.itc.mobiliar.rest.dtos.RestrictionDTO restrictionDTO = new RestrictionDTO(1, "valid", null, RESOURCE, 8, null, null, null, null); - doThrow(new AMWException("bad")).when(rest.permissionBoundary).updateRestriction(1, "valid", null, RESOURCE.name(), 8, null, null, null, null); + doThrow(new AMWException("bad")).when(rest.permissionBoundary).updateRestriction(1, "valid", null, RESOURCE.name(), 8, null, null, null, null, true); // when - Response response = rest.updateRestriction(1, restrictionDTO); + Response response = rest.updateRestriction(1, restrictionDTO, true); // then assertEquals(BAD_REQUEST.getStatusCode(), response.getStatus()); @@ -228,10 +228,10 @@ public void shouldReturnStateBadRequestIfUpdateRestrictionFails() throws AMWExce @Test public void shouldReturnStateNotFoundIfRestrictionToBeDeletedWasNotFound() throws AMWException { // given - doThrow(new AMWException("bad")).when(rest.permissionBoundary).removeRestriction(1); + doThrow(new AMWException("bad")).when(rest.permissionBoundary).removeRestriction(1, true); // when - Response response = rest.deleteRestriction(1); + Response response = rest.deleteRestriction(1, true); // then assertEquals(NOT_FOUND.getStatusCode(), response.getStatus()); @@ -240,7 +240,7 @@ public void shouldReturnStateNotFoundIfRestrictionToBeDeletedWasNotFound() throw @Test public void shouldReturnStateNoContentIfRestrictionHasBeenDeletedSuccessfully() throws AMWException { // given // when - Response response = rest.deleteRestriction(1); + Response response = rest.deleteRestriction(1, true); // then assertEquals(NO_CONTENT.getStatusCode(), response.getStatus()); From da3ee4fe5615ed82fcb89d00da83216e31256108 Mon Sep 17 00:00:00 2001 From: Yves Peter Date: Mon, 16 Jul 2018 18:25:39 +0200 Subject: [PATCH 3/6] createAutoAssignedRestrictions: only add RESOURCE_TEST_GENERATION, RESOURCE_TEST_GENERATION_RESULT, DEPLOYMENT if resource type is appServer --- .../business/security/boundary/PermissionBoundary.java | 8 +++++--- .../security/boundary/PermissionBoundaryTest.java | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java b/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java index c99f411f1..8d70b19e9 100644 --- a/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java +++ b/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java @@ -428,9 +428,11 @@ public void createAutoAssignedRestrictions(ResourceEntity resource) throws AMWEx createAutoAssignedRestriction(getUserName(), Permission.RESOURCE_PROPERTY_DECRYPT.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); createAutoAssignedRestriction(getUserName(), Permission.RESOURCE_TEMPLATE.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); createAutoAssignedRestriction(getUserName(), Permission.RESOURCE_RELEASE_COPY_FROM_RESOURCE.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); - createAutoAssignedRestriction(getUserName(), Permission.RESOURCE_TEST_GENERATION.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); - createAutoAssignedRestriction(getUserName(), Permission.RESOURCE_TEST_GENERATION_RESULT.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); - createAutoAssignedRestriction(getUserName(), Permission.DEPLOYMENT.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); + if (resource.getResourceType().isApplicationServerResourceType()) { + createAutoAssignedRestriction(getUserName(), Permission.RESOURCE_TEST_GENERATION.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); + createAutoAssignedRestriction(getUserName(), Permission.RESOURCE_TEST_GENERATION_RESULT.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); + createAutoAssignedRestriction(getUserName(), Permission.DEPLOYMENT.name(), resourceGroupId, Action.ALL, new RestrictionEntity()); + } reloadCache(); } } diff --git a/AMW_business/src/test/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundaryTest.java b/AMW_business/src/test/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundaryTest.java index 6aa1f97d1..ce361b091 100644 --- a/AMW_business/src/test/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundaryTest.java +++ b/AMW_business/src/test/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundaryTest.java @@ -854,7 +854,7 @@ public void shouldCreateAllSelfAssignedPermissionsIfCallerHasTheRequiredPermissi // then verify(permissionService).hasPermission(Permission.ADD_ADMIN_PERMISSIONS_ON_CREATED_RESOURCE); - verify(restrictionRepository, times(8)).create(any(RestrictionEntity.class)); + verify(restrictionRepository, times(5)).create(any(RestrictionEntity.class)); } @Test From 493a725d3bf5a1d3d8d30a8d07610ed47d88e87d Mon Sep 17 00:00:00 2001 From: Yves Peter Date: Tue, 17 Jul 2018 08:35:40 +0200 Subject: [PATCH 4/6] update tests, cleanup code --- .../security/boundary/PermissionBoundary.java | 13 +++++++------ .../security/boundary/PermissionBoundaryTest.java | 13 ++++++++++++- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java b/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java index 8d70b19e9..dee7c2b82 100644 --- a/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java +++ b/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java @@ -456,11 +456,12 @@ public Integer createRestriction(String roleName, String userName, String permis throws AMWException { if (!delegated || canDelegateThisPermission(permissionName, resourceGroupId, resourceTypeName, contextName, action)) { RestrictionEntity restriction = new RestrictionEntity(); + Integer id = createRestriction(roleName, userName, permissionName, resourceGroupId, resourceTypeName, + resourceTypePermission, contextName, action, restriction); if (reload) { reloadCache(); } - return createRestriction(roleName, userName, permissionName, resourceGroupId, resourceTypeName, resourceTypePermission, - contextName, action, restriction); + return id; } throw new AMWException("No permission to create this permission"); } @@ -487,16 +488,16 @@ public int createMultipleRestrictions(String roleName, List userNames, L throw new AMWException("Only ResourceGroupId(s) OR ResourceTypeName(s) must be set"); } if (userNames == null) { - userNames = new ArrayList(); + userNames = new ArrayList<>(); } if (resourceGroupIds == null) { - resourceGroupIds = new ArrayList(); + resourceGroupIds = new ArrayList<>(); } if (resourceTypeNames == null) { - resourceTypeNames = new ArrayList(); + resourceTypeNames = new ArrayList<>(); } if (contextNames == null || contextNames.isEmpty()) { - contextNames = new ArrayList(); + contextNames = new ArrayList<>(); contextNames.add(null); } diff --git a/AMW_business/src/test/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundaryTest.java b/AMW_business/src/test/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundaryTest.java index ce361b091..5de91682c 100644 --- a/AMW_business/src/test/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundaryTest.java +++ b/AMW_business/src/test/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundaryTest.java @@ -874,6 +874,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfARoleIsGiven() throws Exce // then assertThat(total, is(2)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); + verify(permissionRepository, times(1)).forceReloadingOfLists(); } @Test @@ -893,6 +894,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAreGiven() throws Exc // then assertThat(total, is(4)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); + verify(permissionRepository, times(1)).forceReloadingOfLists(); } @Test @@ -914,6 +916,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAreGiven() thr // then assertThat(total, is(6)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); + verify(permissionRepository, times(1)).forceReloadingOfLists(); } @Test @@ -932,6 +935,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA // then assertThat(total, is(12)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); + verify(permissionRepository, times(1)).forceReloadingOfLists(); } @Test @@ -952,6 +956,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA // then assertThat(total, is(24)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); + verify(permissionRepository, times(1)).forceReloadingOfLists(); } @Test @@ -972,6 +977,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA // then assertThat(total, is(48)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); + verify(permissionRepository, times(1)).forceReloadingOfLists(); } @Test @@ -994,6 +1000,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA // then assertThat(total, is(48)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); + verify(permissionRepository, times(1)).forceReloadingOfLists(); } @Test @@ -1014,6 +1021,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA // then assertThat(total, is(24)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); + verify(permissionRepository, times(1)).forceReloadingOfLists(); } @Test @@ -1033,6 +1041,7 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA // then assertThat(total, is(24)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); + verify(permissionRepository, times(1)).forceReloadingOfLists(); } @Test @@ -1045,11 +1054,12 @@ public void shouldCreateTheRightAmountOfRestrictionsIfUsersAndRoleAndTwoActionsA when(permissionRepository.getPermissionByName(resourceTypePermission.getValue())).thenReturn(resourceTypePermission); // when - int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, null, ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false, true); + int total = permissionBoundary.createMultipleRestrictions(roleName1, Arrays.asList(userName1, userName2), Arrays.asList(resourcePermission.getValue(), resourceTypePermission.getValue()), null, null, ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false, false); // then assertThat(total, is(12)); verify(restrictionRepository, times(total)).create(any(RestrictionEntity.class)); + verify(permissionRepository, times(0)).forceReloadingOfLists(); } @Test(expected=AMWException.class) @@ -1062,6 +1072,7 @@ public void shouldThrowAnExceptionIfBothResourceTypeAndResourceGroupAreGiven() t // when // then permissionBoundary.createMultipleRestrictions(roleName1, null, Arrays.asList(resourcePermission.getValue()), Arrays.asList(1), Arrays.asList(resourceTypeName1), ResourceTypePermission.ANY, null, Arrays.asList(Action.CREATE, Action.UPDATE), false, true); + verify(permissionRepository, times(0)).forceReloadingOfLists(); } } From bc2338b509524b66db92b9bc199c4d2993d544ce Mon Sep 17 00:00:00 2001 From: Yves Peter Date: Tue, 17 Jul 2018 15:30:10 +0200 Subject: [PATCH 5/6] Add uncaught rest exeption mapper, cleanup existing mappings --- .../itc/mobiliar/rest/RESTApplication.java | 1 + .../IllegalArgumentExceptionMapper.java | 4 +-- .../IllegalStateExceptionMapper.java | 1 - .../exceptions/UncaughtExceptionMapper.java | 33 +++++++++++++++++++ 4 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/exceptions/UncaughtExceptionMapper.java diff --git a/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/RESTApplication.java b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/RESTApplication.java index c62b3faa7..042df487a 100644 --- a/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/RESTApplication.java +++ b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/RESTApplication.java @@ -60,6 +60,7 @@ private void addRestResourceClasses(Set> resources) { resources.add(EnvironmentsRest.class); resources.add(AuditViewRest.class); resources.add(RestrictionsRest.class); + resources.add(UncaughtExceptionMapper.class); resources.add(ClientErrorExceptionMapper.class); resources.add(EJBExceptionMapper.class); resources.add(ExceptionDtoBodyWriter.class); diff --git a/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/exceptions/IllegalArgumentExceptionMapper.java b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/exceptions/IllegalArgumentExceptionMapper.java index a90bff037..056480494 100644 --- a/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/exceptions/IllegalArgumentExceptionMapper.java +++ b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/exceptions/IllegalArgumentExceptionMapper.java @@ -25,9 +25,9 @@ import javax.ws.rs.ext.Provider; @Provider -public class IllegalArgumentExceptionMapper implements ExceptionMapper { +public class IllegalArgumentExceptionMapper implements ExceptionMapper { @Override - public Response toResponse(IllegalStateException exception) { + public Response toResponse(IllegalArgumentException exception) { return Response.status(Response.Status.BAD_REQUEST).entity(new ExceptionDto(exception)).build(); } } diff --git a/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/exceptions/IllegalStateExceptionMapper.java b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/exceptions/IllegalStateExceptionMapper.java index 71588e0a9..d6c6e8c58 100644 --- a/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/exceptions/IllegalStateExceptionMapper.java +++ b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/exceptions/IllegalStateExceptionMapper.java @@ -20,7 +20,6 @@ package ch.mobi.itc.mobiliar.rest.exceptions; -import javax.persistence.NoResultException; import javax.ws.rs.core.Response; import javax.ws.rs.ext.ExceptionMapper; import javax.ws.rs.ext.Provider; diff --git a/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/exceptions/UncaughtExceptionMapper.java b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/exceptions/UncaughtExceptionMapper.java new file mode 100644 index 000000000..8530d82d3 --- /dev/null +++ b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/exceptions/UncaughtExceptionMapper.java @@ -0,0 +1,33 @@ +/* + * AMW - Automated Middleware allows you to manage the configurations of + * your Java EE applications on an unlimited number of different environments + * with various versions, including the automated deployment of those apps. + * Copyright (C) 2013-2016 by Puzzle ITC + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package ch.mobi.itc.mobiliar.rest.exceptions; + +import javax.ws.rs.core.Response; +import javax.ws.rs.ext.ExceptionMapper; +import javax.ws.rs.ext.Provider; + +@Provider +public class UncaughtExceptionMapper implements ExceptionMapper { + @Override + public Response toResponse(Throwable exception) { + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(new ExceptionDto(exception)).build(); + } +} From 5deb12d3dfdb10fc60c363e8e398bcef49aff349 Mon Sep 17 00:00:00 2001 From: Yves Peter Date: Tue, 17 Jul 2018 15:32:36 +0200 Subject: [PATCH 6/6] add rest method to delete a role with permissions --- .../security/boundary/PermissionBoundary.java | 13 +++++++++++++ .../security/control/PermissionRepository.java | 12 ++++++++++++ .../rest/permissions/RestrictionsRest.java | 14 +++++++++++++- 3 files changed, 38 insertions(+), 1 deletion(-) diff --git a/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java b/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java index dee7c2b82..6370446e9 100644 --- a/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java +++ b/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/boundary/PermissionBoundary.java @@ -701,6 +701,19 @@ public List getAllRoles() { return permissionRepository.getAllRoles(); } + /** + * Removes a role with all it's permissions + * + * @return List + */ + @HasPermission(permission = Permission.ASSIGN_REMOVE_PERMISSION) + public void deleteRole(String roleName, boolean reload) { + permissionRepository.deleteRole(roleName); + if (reload) { + reloadCache(); + } + } + /** * Returns a list of all PermissionEntities (used by REST) * diff --git a/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/control/PermissionRepository.java b/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/control/PermissionRepository.java index 7f2df014b..21fee62b6 100644 --- a/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/control/PermissionRepository.java +++ b/AMW_business/src/main/java/ch/puzzle/itc/mobiliar/business/security/control/PermissionRepository.java @@ -124,6 +124,18 @@ public RoleEntity createRole(String roleName) { return roleEntity; } + public void deleteRole(String roleName) { + RoleEntity role = getRoleByName(roleName); + if (role == null) { + throw new IllegalArgumentException("Role " + roleName + " doesn't exist!"); + } + if (!role.isDeletable()) { + throw new IllegalArgumentException("Role " + roleName + " is not deletable!"); + } + // leads to a cascade delete of the restrictions + entityManager.remove(role); + } + public boolean isReloadDeployableRoleList() { return reloadDeployableRoleList; } diff --git a/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionsRest.java b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionsRest.java index 42e274d1e..b46bb8830 100644 --- a/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionsRest.java +++ b/AMW_rest/src/main/java/ch/mobi/itc/mobiliar/rest/permissions/RestrictionsRest.java @@ -212,10 +212,22 @@ public Response getAllRoles() { @GET @Path("/roles/{roleName}") @ApiOperation(value = "Get all Restrictions assigned to a specific Role") - public Response getRoleRestriction(@ApiParam("UserName") @PathParam("roleName") String roleName) { + public Response getRoleRestriction(@ApiParam("RoleName") @PathParam("roleName") String roleName) { return restrictionsToResponse(permissionBoundary.getRestrictionsByRoleName(roleName)); } + /** + * Removes a role with all it's permissions + * @param id + */ + @DELETE + @Path("/roles/{roleName}") + @ApiOperation(value = "Removes a role with all it's permissions") + public Response deleteRole(@ApiParam("RoleName") @PathParam("roleName") String roleName, @DefaultValue("true") @QueryParam("reload") boolean reload) { + permissionBoundary.deleteRole(roleName, reload); + return Response.status(OK).build(); + } + /** * Get all available RoleNames *