Update delete member tests. Fix adding member roles. (#763)

Change-Id: Ib6be5d7096578eeade913e0b4c37bc84e8767021

src/main/java/de/ids_mannheim/korap/service/UserGroupService.java

@@ -70,8 +70,6 @@ public class UserGroupService {
     @Autowired
     private RandomCodeGenerator random;
 
-    private static Set<Role> memberRoles;
-
     /**
      * Only users with {@link PredefinedRole#USER_GROUP_ADMIN}
      * are allowed to see the members of the group.
@@ -170,20 +168,18 @@ public List<UserGroupMember> retrieveQueryAccessAdmins (UserGroup userGroup)
         return groupAdmins;
     }
 
-    private void setMemberRoles (UserGroup userGroup) {
-        if (memberRoles == null) {
-
+    private Set<Role> prepareMemberRoles (UserGroup userGroup) {
             Role r1 = new Role(PredefinedRole.USER_GROUP_MEMBER_DELETE,
                     PrivilegeType.DELETE, userGroup);
             Role r2 = new Role(PredefinedRole.QUERY_MEMBER_READ,
                     PrivilegeType.DELETE, userGroup);
             roleDao.addRole(r1);
             roleDao.addRole(r2);
 
-            memberRoles = new HashSet<Role>(2);
+            Set<Role>memberRoles = new HashSet<Role>(2);
             memberRoles.add(r1);
             memberRoles.add(r2);
-        }
+            return memberRoles;
     }
 
     /**
@@ -478,7 +474,7 @@ else if (member.getStatus().equals(GroupMemberStatus.ACTIVE)) {
 
             if (expiration.isAfter(now)) {
                 member.setStatus(GroupMemberStatus.ACTIVE);
-                setMemberRoles(userGroup);
+                Set<Role> memberRoles = prepareMemberRoles(userGroup);
                 member.setRoles(memberRoles);
                 groupMemberDao.updateMember(member);
             }
@@ -570,6 +566,7 @@ public UserGroupDto searchByName (String groupName)
         return groupDto;
     }
 
+    @Deprecated
     public void editMemberRoles (String username, String groupName,
             String memberUsername, List<PredefinedRole> roleList)
             throws KustvaktException {
@@ -638,7 +635,12 @@ else if (isUserGroupAdmin(username, userGroup)
 
             Set<Role> roles = member.getRoles();
             for (PredefinedRole role : roleNames) {
-                roles.add(roleDao.retrieveRoleByName(role));
+                String[] roleArray = role.name().split("_");
+                String privilege = roleArray[roleArray.length-1];
+                Role r = new Role(role,
+                        Enum.valueOf(PrivilegeType.class, privilege), userGroup);
+                roleDao.addRole(r);
+                roles.add(r);
             }
             member.setRoles(roles);
             groupMemberDao.updateMember(member);

src/test/java/de/ids_mannheim/korap/web/controller/usergroup/UserGroupControllerTest.java

@@ -2,10 +2,7 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
-import java.util.Set;
-
 import org.junit.jupiter.api.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
@@ -14,9 +11,6 @@
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.constant.GroupMemberStatus;
 import de.ids_mannheim.korap.constant.PredefinedRole;
-import de.ids_mannheim.korap.dao.UserGroupMemberDao;
-import de.ids_mannheim.korap.entity.Role;
-import de.ids_mannheim.korap.entity.UserGroupMember;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.utils.JsonUtils;
@@ -118,9 +112,12 @@ public void testUserGroup () throws ProcessingException, KustvaktException {
 
         testUpdateUserGroup(groupName);
         testInviteMember(groupName, username, "darla");
-        testDeleteMemberUnauthorized(groupName);
-        testDeleteMember(groupName);
-        testDeleteGroup(groupName);
+
+        testDeleteMemberUnauthorizedByNonMember(groupName,"darla");
+        testDeleteMemberUnauthorizedByMember(groupName, "darla");
+
+        testDeleteMember(groupName, username);
+        testDeleteGroup(groupName,username);
 //        testSubscribeToDeletedGroup(groupName);
 //        testUnsubscribeToDeletedGroup(groupName);
     }
@@ -135,35 +132,36 @@ private void testUpdateUserGroup (String groupName)
         assertEquals(description, node.get(0).get("description").asText());
     }
 
-    private void testDeleteMember (String groupName)
+    private void testDeleteMember (String groupName, String username)
             throws ProcessingException, KustvaktException {
         // delete darla from group
-        Response response = target().path(API_VERSION).path("group")
-                .path("@" + groupName).path("~darla").request()
-                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
-                        .createBasicAuthorizationHeaderValue(username, "pass"))
-                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").delete();
+        deleteMember(groupName, "darla", username);
         // check group member
-        response = target().path(API_VERSION).path("group").request()
-                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
-                        .createBasicAuthorizationHeaderValue(username, "pass"))
-                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").get();
-        String entity = response.readEntity(String.class);
-        JsonNode node = JsonUtils.readTree(entity);
+        JsonNode node = listUserGroups(username);
         node = node.get(0);
         assertEquals(1, node.get("members").size());
     }
 
-    private void testDeleteMemberUnauthorized (String groupName)
-            throws ProcessingException, KustvaktException {
+    private void testDeleteMemberUnauthorizedByNonMember (String groupName,
+            String memberName) throws ProcessingException, KustvaktException {
+
+        Response response = deleteMember(groupName, memberName, "nemo");
+        String entity = response.readEntity(String.class);
+        JsonNode node = JsonUtils.readTree(entity);
+        assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
+        assertEquals(StatusCodes.AUTHORIZATION_FAILED,
+                node.at("/errors/0/0").asInt());
+        assertEquals(node.at("/errors/0/1").asText(),
+                "Unauthorized operation for user: nemo");
+    }
+
+    private void testDeleteMemberUnauthorizedByMember (String groupName,
+            String memberName) throws ProcessingException, KustvaktException {
+        inviteMember(groupName, "dory", "nemo");
+        subscribe(groupName, "nemo");
         // nemo is a group member
-        Response response = target().path(API_VERSION).path("group")
-                .path("@" + groupName).path("~darla").request()
-                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
-                        .createBasicAuthorizationHeaderValue("nemo", "pass"))
-                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").delete();
+        Response response = deleteMember(groupName, memberName, "nemo");
         String entity = response.readEntity(String.class);
-        // System.out.println(entity);
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
         assertEquals(StatusCodes.AUTHORIZATION_FAILED,
@@ -172,56 +170,52 @@ private void testDeleteMemberUnauthorized (String groupName)
                 "Unauthorized operation for user: nemo");
     }
 
-    // EM: same as cancel invitation
-    private void testDeletePendingMember ()
+    @Test
+    public void testDeletePendingMember ()
             throws ProcessingException, KustvaktException {
+        createDoryGroup();
+        inviteMember(doryGroupName, "dory", "pearl");
         // dory delete pearl
-        Response response = target().path(API_VERSION).path("group")
-                .path("@dory-group").path("~pearl").request()
-                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
-                        .createBasicAuthorizationHeaderValue("dory", "pass"))
-                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").delete();
+        Response response = deleteMember(doryGroupName, "pearl", "dory");
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
         // check member
         JsonNode node = listUserGroups("pearl");
         assertEquals(0, node.size());
+
+        deleteGroupByName(doryGroupName, "dory");
     }
 
     @Test
     public void testDeleteDeletedMember ()
             throws ProcessingException, KustvaktException {
-        Response response = target().path(API_VERSION).path("group")
-                .path("@dory-group").path("~pearl").request()
-                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
-                        .createBasicAuthorizationHeaderValue("dory", "pass"))
-                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").delete();
+        createDoryGroup();
+        inviteMember(doryGroupName, "dory", "pearl");
+        subscribe(doryGroupName, "pearl");
+        deleteMember(doryGroupName, "pearl", "pearl");
+
+        Response response = deleteMember(doryGroupName, "pearl", "pearl");
         String entity = response.readEntity(String.class);
-        // System.out.println(entity);
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
         assertEquals(StatusCodes.GROUP_MEMBER_DELETED,
                 node.at("/errors/0/0").asInt());
         assertEquals(node.at("/errors/0/1").asText(),
                 "pearl has already been deleted from the group dory-group");
         assertEquals(node.at("/errors/0/2").asText(), "[pearl, dory-group]");
+
+        deleteGroupByName(doryGroupName, "dory");
     }
 
-    private void testDeleteGroup (String groupName)
+    private void testDeleteGroup (String groupName, String username)
             throws ProcessingException, KustvaktException {
-        // delete group
-        Response response = target().path(API_VERSION).path("group")
-                .path("@" + groupName).request()
-                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
-                        .createBasicAuthorizationHeaderValue(username, "pass"))
-                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").delete();
-        assertEquals(Status.OK.getStatusCode(), response.getStatus());
+        deleteGroupByName(groupName, username);
         Form f = new Form();
         f.param("username", username);
         f.param("status", "DELETED");
         // EM: this is so complicated because the group retrieval are not allowed
         // for delete groups
         // check group
-        response = target().path(API_VERSION).path("admin").path("group")
+        Response response = target().path(API_VERSION).path("admin").path("group")
                 .path("list").request()
                 .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue(admin, "pass"))
@@ -244,6 +238,16 @@ private void testDeleteGroup (String groupName)
     @Test
     public void testDeleteGroupUnauthorized ()
             throws ProcessingException, KustvaktException {
+        createMarlinGroup();
+        inviteMember(marlinGroupName, "marlin", "dory");
+        subscribe(marlinGroupName, "dory");
+
+        Form form = new Form();
+        form.param("memberUsername", "dory");
+        form.param("role", PredefinedRole.USER_GROUP_ADMIN_READ.name());
+        form.param("role", PredefinedRole.USER_GROUP_ADMIN_WRITE.name());
+        addMemberRole(marlinGroupName, "marlin", form);
+
         // dory is a group admin in marlin-group
         Response response = target().path(API_VERSION).path("group")
                 .path("@marlin-group").request()
@@ -258,23 +262,17 @@ public void testDeleteGroupUnauthorized ()
                 node.at("/errors/0/0").asInt());
         assertEquals(node.at("/errors/0/1").asText(),
                 "Unauthorized operation for user: dory");
+
+        deleteGroupByName(marlinGroupName, "marlin");
     }
 
     @Test
     public void testDeleteDeletedGroup ()
             throws ProcessingException, KustvaktException {
-        Response response = target().path(API_VERSION).path("group")
-                .path("@deleted-group").request()
-                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
-                        .createBasicAuthorizationHeaderValue("dory", "pass"))
-                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").delete();
-        assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-        String entity = response.readEntity(String.class);
-        JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(StatusCodes.GROUP_DELETED, node.at("/errors/0/0").asInt());
-        assertEquals(node.at("/errors/0/1").asText(),
-                "Group deleted-group has been deleted.");
-        assertEquals(node.at("/errors/0/2").asText(), "deleted-group");
+        createMarlinGroup();
+        deleteGroupByName(marlinGroupName, "marlin");
+        Response response = deleteGroupByName(marlinGroupName, "marlin");
+        assertEquals(Status.NOT_FOUND.getStatusCode(), response.getStatus());
     }
 
     @Test

src/test/java/de/ids_mannheim/korap/web/controller/usergroup/UserGroupListTest.java

@@ -2,14 +2,22 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
+import java.util.Set;
+
 import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
 
+import de.ids_mannheim.korap.constant.PredefinedRole;
+import de.ids_mannheim.korap.dao.UserGroupMemberDao;
+import de.ids_mannheim.korap.entity.Role;
+import de.ids_mannheim.korap.entity.UserGroupMember;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.utils.JsonUtils;
+import jakarta.ws.rs.core.Form;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.Response.Status;
 
@@ -65,5 +73,4 @@ public void testListGroupGuest () throws KustvaktException {
         assertEquals(node.at("/errors/0/1").asText(),
                 "Unauthorized operation for user: guest");
     }
-
 }

src/test/java/de/ids_mannheim/korap/web/controller/usergroup/UserGroupMemberTest.java

@@ -4,6 +4,7 @@
 
 import java.util.Set;
 
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 
@@ -98,6 +99,29 @@ private void testInviteMemberToDeletedGroup () throws KustvaktException {
 //        assertEquals(node.at("/errors/0/2").asText(), "deleted-group");
     }
 
+    @Test
+    public void testAddMutipleRoles () throws KustvaktException {
+        createDoryGroup();
+        inviteMember(doryGroupName, "dory", "marlin");
+        subscribe(doryGroupName, "marlin");
+        JsonNode marlinGroup = listUserGroups("marlin");
+        int groupId = marlinGroup.at("/0/id").asInt();
+
+        Form form = new Form();
+        form.param("memberUsername", "marlin");
+        form.param("role", PredefinedRole.USER_GROUP_ADMIN_READ.name());
+        form.param("role", PredefinedRole.USER_GROUP_ADMIN_WRITE.name());
+        form.param("role", PredefinedRole.USER_GROUP_ADMIN_DELETE.name());
+        addMemberRole(doryGroupName, "dory", form);
+
+        UserGroupMember member = memberDao.retrieveMemberById("marlin",
+                groupId);
+        Set<Role> roles = member.getRoles();
+        assertEquals(5, roles.size());
+
+        deleteGroupByName(doryGroupName, "dory");
+    }
+
     @Test
     public void testAddMemberRole () throws KustvaktException {
         createMarlinGroup();
@@ -109,7 +133,6 @@ public void testAddMemberRole () throws KustvaktException {
         Form form = new Form();
         form.param("memberUsername", "dory");
         form.param("role", PredefinedRole.USER_GROUP_ADMIN_READ.name());
-
         addMemberRole(marlinGroupName, "marlin", form);
 
         UserGroupMember member = memberDao.retrieveMemberById("dory", groupId);
@@ -124,6 +147,7 @@ public void testAddMemberRole () throws KustvaktException {
         deleteGroupByName(marlinGroupName, "marlin");
     }
 
+    // EM: not work as expected since role is new.
     private void testAddSameMemberRole (int groupId)
             throws ProcessingException, KustvaktException {
         Form form = new Form();
@@ -134,7 +158,7 @@ private void testAddSameMemberRole (int groupId)
 
         UserGroupMember member = memberDao.retrieveMemberById("dory", groupId);
         Set<Role> roles = member.getRoles();
-        assertEquals(3, roles.size());
+        assertEquals(4, roles.size());
     }
 
     private void testDeleteMemberRole (int groupId)
@@ -150,7 +174,7 @@ private void testDeleteMemberRole (int groupId)
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
         UserGroupMember member = memberDao.retrieveMemberById("dory", groupId);
         Set<Role> roles = member.getRoles();
-        assertEquals(2, roles.size());
+        assertEquals(3, roles.size());
     }
 
     @Deprecated