feat(impl):[TRI-670] fix review comments

catenax-ng · Aug 25, 2023 · b04a31a · b04a31a
1 parent 0e6be0d
commit b04a31a
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 10 deletions.
diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java
@@ -114,7 +114,7 @@ public class BatchController {
     })
     @PostMapping("/orders")
     @ResponseStatus(HttpStatus.CREATED)
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
     public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBatchOrder request) {
         final UUID batchOrderId = creationBatchService.create(request);
         return BatchOrderCreated.builder().id(batchOrderId).build();
@@ -158,7 +158,7 @@ public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBa
                                          }),
     })
     @GetMapping("/orders/{orderId}")
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
     public BatchOrderResponse getBatchOrder(
             @Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId",
                        example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,
@@ -204,7 +204,7 @@ public BatchOrderResponse getBatchOrder(
                                          }),
     })
     @GetMapping("/orders/{orderId}/batches/{batchId}")
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
     public BatchResponse getBatch(
             @Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId",
                        example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,
@@ -253,7 +253,7 @@ public BatchResponse getBatch(
                                          }),
     })
     @PutMapping("/orders/{orderId}")
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
     public BatchOrderResponse cancelBatchOrder(
             @Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId",
                        example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,

diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/services/IrsItemGraphQueryService.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/services/IrsItemGraphQueryService.java
@@ -256,14 +256,14 @@ public Job cancelJobById(final @NonNull UUID jobId) {
         final Optional<MultiTransferJob> canceled = this.jobStore.cancelJob(idAsString);
         canceled.ifPresent(cancelledJob -> {
             if (!securityHelperService.isAdmin() && !cancelledJob.getJob().getOwner().equals(securityHelperService.getClientIdForViewIrs())) {
-                throw new ResponseStatusException(HttpStatus.FORBIDDEN, "Cannot access and cancel job with id [" + jobId + "] due to missing privileges.");
+                throw new ResponseStatusException(HttpStatus.FORBIDDEN, "Cannot access and cancel job with id " + jobId + " due to missing privileges.");
             }
         });
         canceled.ifPresent(cancelledJob -> applicationEventPublisher.publishEvent(
                 new JobProcessingFinishedEvent(cancelledJob.getJobIdString(), cancelledJob.getJob().getState().name(),
                         cancelledJob.getJobParameter().getCallbackUrl(), cancelledJob.getBatchId())));
         return canceled.orElseThrow(
-                () -> new ResponseStatusException(HttpStatus.NOT_FOUND, "No job exists with id [" + jobId + "] ")).getJob();
+                () -> new ResponseStatusException(HttpStatus.NOT_FOUND, "No job exists with id " + jobId)).getJob();
     }
 
     @Override
@@ -276,7 +276,7 @@ public Jobs getJobForJobId(final UUID jobId, final boolean includePartialResults
             final MultiTransferJob multiJob = multiTransferJob.get();
 
             if (!securityHelperService.isAdmin() && !multiJob.getJob().getOwner().equals(securityHelperService.getClientIdForViewIrs())) {
-                throw new ResponseStatusException(HttpStatus.FORBIDDEN, "Cannot access to job [" + jobId + "] due to missing privileges.");
+                throw new ResponseStatusException(HttpStatus.FORBIDDEN, "Cannot access job with id " + jobId + " due to missing privileges.");
             }
 
             final var relationships = new ArrayList<Relationship>();
@@ -318,7 +318,7 @@ public Jobs getJobForJobId(final UUID jobId, final boolean includePartialResults
                        .bpns(bpns)
                        .build();
         } else {
-            throw new ResponseStatusException(HttpStatus.NOT_FOUND, "No job exists with id [ " + jobId + "] ");
+            throw new ResponseStatusException(HttpStatus.NOT_FOUND, "No job exists with id " + jobId);
         }
     }
 

diff --git a/irs-ess/src/main/java/org/eclipse/tractusx/ess/controller/EssController.java b/irs-ess/src/main/java/org/eclipse/tractusx/ess/controller/EssController.java
@@ -105,7 +105,7 @@ class EssController {
     })
     @PostMapping("/bpn/investigations")
     @ResponseStatus(HttpStatus.CREATED)
-    @PreAuthorize("hasAuthority('" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
     public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnInvestigationJob request) {
         return essService.startIrsJob(request);
     }
@@ -148,7 +148,7 @@ public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnI
                                          }),
     })
     @GetMapping("/bpn/investigations/{id}")
-    @PreAuthorize("hasAuthority('" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
     public Jobs getBPNInvestigation(
             @Parameter(description = "Id of the job.", schema = @Schema(implementation = UUID.class), name = "id",
                        example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Valid @PathVariable final UUID id) {