diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/api/apiuser/UserMutationResolver.java b/backend/src/main/java/gov/cdc/usds/simplereport/api/apiuser/UserMutationResolver.java index 3ce0b0fcba..83b33cb666 100644 --- a/backend/src/main/java/gov/cdc/usds/simplereport/api/apiuser/UserMutationResolver.java +++ b/backend/src/main/java/gov/cdc/usds/simplereport/api/apiuser/UserMutationResolver.java @@ -1,12 +1,9 @@ package gov.cdc.usds.simplereport.api.apiuser; -import static gov.cdc.usds.simplereport.service.ApiUserService.MOVE_USER_ARGUMENT_ERROR; - import gov.cdc.usds.simplereport.api.Translators; import gov.cdc.usds.simplereport.api.model.Role; import gov.cdc.usds.simplereport.api.model.User; import gov.cdc.usds.simplereport.api.model.UserInput; -import gov.cdc.usds.simplereport.api.model.errors.IllegalGraphqlArgumentException; import gov.cdc.usds.simplereport.config.AuthorizationConfiguration; import gov.cdc.usds.simplereport.db.model.ApiUser; import gov.cdc.usds.simplereport.db.model.auxiliary.PersonName; @@ -172,19 +169,13 @@ public User updateUserPrivilegesAndGroupAccess( @Argument boolean accessAllFacilities, @Argument List facilities, @Argument Role role) { - try { - List facilityIdsToAssign = facilities == null ? List.of() : facilities; - _us.updateUserPrivilegesAndGroupAccess( - username, - orgExternalId, - accessAllFacilities, - facilityIdsToAssign, - role.toOrganizationRole()); - return new User(_us.getUserByLoginEmail(username)); - - } catch (IllegalArgumentException e) { - throw new IllegalGraphqlArgumentException( - "Error updating user privileges and / or group access: " + MOVE_USER_ARGUMENT_ERROR); - } + List facilityIdsToAssign = facilities == null ? List.of() : facilities; + _us.updateUserPrivilegesAndGroupAccess( + username, + orgExternalId, + accessAllFacilities, + facilityIdsToAssign, + role.toOrganizationRole()); + return new User(_us.getUserByLoginEmail(username)); } } diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/api/model/errors/PrivilegeUpdateFacilityAccessException.java b/backend/src/main/java/gov/cdc/usds/simplereport/api/model/errors/PrivilegeUpdateFacilityAccessException.java new file mode 100644 index 0000000000..7c3a79851c --- /dev/null +++ b/backend/src/main/java/gov/cdc/usds/simplereport/api/model/errors/PrivilegeUpdateFacilityAccessException.java @@ -0,0 +1,32 @@ +package gov.cdc.usds.simplereport.api.model.errors; + +import graphql.ErrorClassification; +import graphql.ErrorType; +import graphql.GraphQLError; +import graphql.language.SourceLocation; +import java.util.Collections; +import java.util.List; + +/** Exception to throw when a facility ID can't be found in an organization query */ +public class PrivilegeUpdateFacilityAccessException extends RuntimeException + implements GraphQLError { + + private static final long serialVersionUID = 1L; + + public static final String PRIVILEGE_UPDATE_FACILITY_ACCESS_ERROR = + "Operation must specify a list of facilities for the user to access or allow them access to all facilities"; + + public PrivilegeUpdateFacilityAccessException() { + super(PRIVILEGE_UPDATE_FACILITY_ACCESS_ERROR); + } + + @Override // should-be-defaulted unused interface method + public List getLocations() { + return Collections.emptyList(); + } + + @Override + public ErrorClassification getErrorType() { + return ErrorType.ExecutionAborted; + } +} diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/config/GraphQlConfig.java b/backend/src/main/java/gov/cdc/usds/simplereport/config/GraphQlConfig.java index 69ccbf1a3d..dcd20f5e35 100644 --- a/backend/src/main/java/gov/cdc/usds/simplereport/config/GraphQlConfig.java +++ b/backend/src/main/java/gov/cdc/usds/simplereport/config/GraphQlConfig.java @@ -10,6 +10,7 @@ import gov.cdc.usds.simplereport.api.model.errors.IllegalGraphqlFieldAccessException; import gov.cdc.usds.simplereport.api.model.errors.NonexistentUserException; import gov.cdc.usds.simplereport.api.model.errors.OktaAccountUserException; +import gov.cdc.usds.simplereport.api.model.errors.PrivilegeUpdateFacilityAccessException; import gov.cdc.usds.simplereport.api.model.errors.RestrictedAccessUserException; import gov.cdc.usds.simplereport.api.model.errors.TestEventSerializationFailureException; import gov.cdc.usds.simplereport.api.model.errors.UnidentifiedFacilityException; @@ -105,6 +106,13 @@ public DataFetcherExceptionResolver dataFetcherExceptionResolver() { return Mono.just(singletonList(new GenericGraphqlException(errorMessage, errorPath))); } + if (exception instanceof PrivilegeUpdateFacilityAccessException) { + String errorMessage = + "header: Error updating user privileges and / or group access; body: " + + exception.getMessage(); + return Mono.just(singletonList(new GenericGraphqlException(errorMessage, errorPath))); + } + return Mono.just(singletonList(new GenericGraphqlException((errorPath)))); }; } diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java b/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java index 508e3b6c36..38d7c7ccf7 100644 --- a/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java +++ b/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java @@ -10,6 +10,7 @@ import gov.cdc.usds.simplereport.api.model.errors.MisconfiguredUserException; import gov.cdc.usds.simplereport.api.model.errors.NonexistentUserException; import gov.cdc.usds.simplereport.api.model.errors.OktaAccountUserException; +import gov.cdc.usds.simplereport.api.model.errors.PrivilegeUpdateFacilityAccessException; import gov.cdc.usds.simplereport.api.model.errors.RestrictedAccessUserException; import gov.cdc.usds.simplereport.api.model.errors.UnidentifiedFacilityException; import gov.cdc.usds.simplereport.api.model.errors.UnidentifiedUserException; @@ -72,9 +73,6 @@ public class ApiUserService { @Autowired private ApiUserContextHolder _apiUserContextHolder; - public static final String MOVE_USER_ARGUMENT_ERROR = - "Operation must specify a list of facilities for the user to access or allow them access to all facilities"; - private void createUserUpdatedAuditLog(Object authorId, Object updatedUserId) { log.info("User with id={} updated by user with id={}", authorId, updatedUserId); } @@ -724,7 +722,7 @@ public void updateUserPrivilegesAndGroupAccess( throws IllegalGraphqlArgumentException { if (!allFacilitiesAccess && facilities.isEmpty()) { - throw new IllegalArgumentException(MOVE_USER_ARGUMENT_ERROR); + throw new PrivilegeUpdateFacilityAccessException(); } Organization newOrg = _orgService.getOrganization(orgExternalId); diff --git a/backend/src/test/java/gov/cdc/usds/simplereport/service/ApiUserServiceTest.java b/backend/src/test/java/gov/cdc/usds/simplereport/service/ApiUserServiceTest.java index ac6aa409cd..8f3a2de265 100644 --- a/backend/src/test/java/gov/cdc/usds/simplereport/service/ApiUserServiceTest.java +++ b/backend/src/test/java/gov/cdc/usds/simplereport/service/ApiUserServiceTest.java @@ -1,6 +1,6 @@ package gov.cdc.usds.simplereport.service; -import static gov.cdc.usds.simplereport.service.ApiUserService.MOVE_USER_ARGUMENT_ERROR; +import static gov.cdc.usds.simplereport.api.model.errors.PrivilegeUpdateFacilityAccessException.PRIVILEGE_UPDATE_FACILITY_ACCESS_ERROR; import static org.assertj.core.api.Assertions.assertThat; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; @@ -17,6 +17,7 @@ import gov.cdc.usds.simplereport.api.model.errors.IllegalGraphqlArgumentException; import gov.cdc.usds.simplereport.api.model.errors.NonexistentUserException; import gov.cdc.usds.simplereport.api.model.errors.OktaAccountUserException; +import gov.cdc.usds.simplereport.api.model.errors.PrivilegeUpdateFacilityAccessException; import gov.cdc.usds.simplereport.api.model.errors.RestrictedAccessUserException; import gov.cdc.usds.simplereport.api.model.errors.UnidentifiedFacilityException; import gov.cdc.usds.simplereport.config.authorization.OrganizationRole; @@ -508,27 +509,27 @@ void updateUserPrivilegesAndGroupAccess_assignToAllFacilities_success() { @Test @WithSimpleReportSiteAdminUser void - updateUserPrivilegesAndGroupAccess_assignToAllFalseWithoutFacilities_throwsIllegalArgException() { + updateUserPrivilegesAndGroupAccess_assignToAllFalseWithoutFacilities_throwsPrivilegeUpdateFacilityAccessException() { initSampleData(); final String email = "allfacilities@example.com"; Organization orgToTestMovementTo = _dataFactory.saveValidOrganization(); String moveOrgExternalId = orgToTestMovementTo.getExternalId(); List emptyList = List.of(); - IllegalArgumentException caught = + PrivilegeUpdateFacilityAccessException caught = assertThrows( - IllegalArgumentException.class, + PrivilegeUpdateFacilityAccessException.class, () -> _service.updateUserPrivilegesAndGroupAccess( email, moveOrgExternalId, false, emptyList, OrganizationRole.USER)); - assertEquals(MOVE_USER_ARGUMENT_ERROR, caught.getMessage()); + assertEquals(PRIVILEGE_UPDATE_FACILITY_ACCESS_ERROR, caught.getMessage()); - IllegalArgumentException caught2 = + PrivilegeUpdateFacilityAccessException caught2 = assertThrows( - IllegalArgumentException.class, + PrivilegeUpdateFacilityAccessException.class, () -> _service.updateUserPrivilegesAndGroupAccess( email, moveOrgExternalId, false, OrganizationRole.USER)); - assertEquals(MOVE_USER_ARGUMENT_ERROR, caught2.getMessage()); + assertEquals(PRIVILEGE_UPDATE_FACILITY_ACCESS_ERROR, caught2.getMessage()); } @Test