From 5ee3370ed5ca04f6f226eb4166a988e3c49e5bdb Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Wed, 25 Oct 2023 13:40:43 +0200 Subject: [PATCH] fix(irs-api): Removed IRS-Admin role --- CHANGELOG.md | 7 ++++++- .../tractusx/irs/controllers/BatchController.java | 8 ++++---- .../tractusx/irs/controllers/IrsController.java | 10 +++++----- .../tractusx/irs/ess/controller/EssController.java | 4 ++-- .../IrsItemGraphQueryServiceSpringBootTest.java | 2 +- .../irs/services/IrsItemGraphQueryServiceTest.java | 8 ++++---- .../irs/common/auth/SecurityHelperService.java | 2 +- .../irs/common/auth/SecurityHelperServiceTest.java | 4 ++-- .../policystore/controllers/PolicyStoreController.java | 8 ++++---- 9 files changed, 29 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c98a85fac0..2b10049984 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [3.5.4] - 2023-10-25 +### Changed +- removed role "admin_irs" + ## [3.5.3] - 2023-10-09 ### Fixed - Fixed default policy creation. @@ -385,7 +389,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Unresolved - **Select Aspects you need** You are able to select the needed aspects for which you want to collect the correct endpoint information. -[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.3...HEAD +[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.4...HEAD +[3.5.4]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.3...3.5.4 [3.5.3]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.2...3.5.3 [3.5.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.1...3.5.2 [3.5.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.0...3.5.1 diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java index 92bf01f496..ffc11d8039 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java @@ -115,7 +115,7 @@ public class BatchController { }) @PostMapping("/orders") @ResponseStatus(HttpStatus.CREATED) - @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')") public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBatchOrder request) { final UUID batchOrderId = creationBatchService.create(request); return BatchOrderCreated.builder().id(batchOrderId).build(); @@ -159,7 +159,7 @@ public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBa }), }) @GetMapping("/orders/{orderId}") - @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')") public BatchOrderResponse getBatchOrder( @Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId", example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE, @@ -205,7 +205,7 @@ public BatchOrderResponse getBatchOrder( }), }) @GetMapping("/orders/{orderId}/batches/{batchId}") - @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')") public BatchResponse getBatch( @Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId", example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE, @@ -254,7 +254,7 @@ public BatchResponse getBatch( }), }) @PutMapping("/orders/{orderId}") - @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')") public BatchOrderResponse cancelBatchOrder( @Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId", example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE, diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java index 2cda391451..54620a2dc7 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java @@ -127,7 +127,7 @@ public class IrsController { @IrsTimer("registerjob") @PostMapping("/jobs") @ResponseStatus(HttpStatus.CREATED) - @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')") public JobHandle registerJobForGlobalAssetId(final @Valid @RequestBody RegisterJob request) { return itemJobService.registerItemJob(request); } @@ -178,7 +178,7 @@ public JobHandle registerJobForGlobalAssetId(final @Valid @RequestBody RegisterJ }) @IrsTimer("getjob") @GetMapping("/jobs/{id}") - @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')") public Jobs getJobById( @Parameter(description = "Id of the job.", schema = @Schema(implementation = UUID.class), name = "id", example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE, @@ -227,7 +227,7 @@ public Jobs getJobById( }) @IrsTimer("canceljob") @PutMapping("/jobs/{id}") - @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')") public Job cancelJobByJobId( @Parameter(description = "Id of the job.", schema = @Schema(implementation = UUID.class), name = "id", example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE, @@ -269,7 +269,7 @@ public Job cancelJobByJobId( @IrsTimer("getjobbystate") @GetMapping("/jobs") @PageableAsQueryParam - @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')") public PageResult getJobsByState( @Valid @ParameterObject @Parameter(description = "Requested job states.", in = QUERY, explode = Explode.FALSE, array = @ArraySchema(schema = @Schema(implementation = JobState.class), maxItems = Integer.MAX_VALUE)) @@ -305,7 +305,7 @@ public PageResult getJobsByState( }), }) @GetMapping("/aspectmodels") - @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')") public AspectModels getAllAvailableAspectModels() throws SchemaNotFoundException { return semanticHubService.getAllAspectModels(); } diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java index d2983bcc7d..0a5b0aa0d2 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java @@ -108,7 +108,7 @@ class EssController { }) @PostMapping("/bpn/investigations") @ResponseStatus(HttpStatus.CREATED) - @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')") public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnInvestigationJob request) { return essService.startIrsJob(request); } @@ -151,7 +151,7 @@ public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnI }), }) @GetMapping("/bpn/investigations/{id}") - @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')") public Jobs getBPNInvestigation( @Parameter(description = "Id of the job.", schema = @Schema(implementation = UUID.class), name = "id", example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Valid @PathVariable final UUID id) { diff --git a/irs-api/src/test/java/org/eclipse/tractusx/irs/services/IrsItemGraphQueryServiceSpringBootTest.java b/irs-api/src/test/java/org/eclipse/tractusx/irs/services/IrsItemGraphQueryServiceSpringBootTest.java index bd68addf3c..8a3054f0e3 100644 --- a/irs-api/src/test/java/org/eclipse/tractusx/irs/services/IrsItemGraphQueryServiceSpringBootTest.java +++ b/irs-api/src/test/java/org/eclipse/tractusx/irs/services/IrsItemGraphQueryServiceSpringBootTest.java @@ -302,7 +302,7 @@ private int getRelationshipsSize(final UUID jobId) { private static void setSecurityContext() { JwtAuthenticationToken jwtAuthenticationToken = mock(JwtAuthenticationToken.class); Jwt token = mock(Jwt.class); - when(jwtAuthenticationToken.getAuthorities()).thenReturn(List.of(new SimpleGrantedAuthority("admin_irs"))); + when(jwtAuthenticationToken.getAuthorities()).thenReturn(List.of(new SimpleGrantedAuthority("view_irs"))); when(jwtAuthenticationToken.getToken()).thenReturn(token); when(token.getClaim("clientId")).thenReturn("test-client-id"); SecurityContext securityContext = mock(SecurityContext.class); diff --git a/irs-api/src/test/java/org/eclipse/tractusx/irs/services/IrsItemGraphQueryServiceTest.java b/irs-api/src/test/java/org/eclipse/tractusx/irs/services/IrsItemGraphQueryServiceTest.java index 7e74d01a1c..3e02745c39 100644 --- a/irs-api/src/test/java/org/eclipse/tractusx/irs/services/IrsItemGraphQueryServiceTest.java +++ b/irs-api/src/test/java/org/eclipse/tractusx/irs/services/IrsItemGraphQueryServiceTest.java @@ -98,7 +98,7 @@ class IrsItemGraphQueryServiceTest { @Test void registerItemJobWithoutDepthShouldBuildFullTree() throws Exception { // given - setupSecurityContextWithRole(IrsRoles.ADMIN_IRS); + setupSecurityContextWithRole(IrsRoles.VIEW_IRS); final var jobId = UUID.randomUUID(); final AASTransferProcess transfer1 = generate.aasTransferProcess(); givenTransferResultIsStored(transfer1); @@ -135,7 +135,7 @@ private byte[] toBlob(final Object transfer) { @Test void cancelJobById() { - setupSecurityContextWithRole(IrsRoles.ADMIN_IRS); + setupSecurityContextWithRole(IrsRoles.VIEW_IRS); final Job job = generate.fakeJob(JobState.CANCELED); @@ -150,7 +150,7 @@ void cancelJobById() { @Test void shouldThrowForbiddenExceptionWhenCancelingAnotherOwnerJob() { - setupSecurityContextWithRole(IrsRoles.VIEW_IRS); + setupSecurityContextWithRole(IrsRoles.ADMIN_IRS); final Job job = generate.fakeJob(JobState.CANCELED); @@ -170,7 +170,7 @@ void cancelJobById_throwEntityNotFoundException() { @Test void shouldReturnFoundJobs() { - setupSecurityContextWithRole(IrsRoles.ADMIN_IRS); + setupSecurityContextWithRole(IrsRoles.VIEW_IRS); final List states = List.of(JobState.COMPLETED); final MultiTransferJob multiTransferJob = MultiTransferJob.builder() .job(generate.fakeJob(JobState.COMPLETED)) diff --git a/irs-common/src/main/java/org/eclipse/tractusx/irs/common/auth/SecurityHelperService.java b/irs-common/src/main/java/org/eclipse/tractusx/irs/common/auth/SecurityHelperService.java index 8ea1071d00..4cfc348f7e 100644 --- a/irs-common/src/main/java/org/eclipse/tractusx/irs/common/auth/SecurityHelperService.java +++ b/irs-common/src/main/java/org/eclipse/tractusx/irs/common/auth/SecurityHelperService.java @@ -53,7 +53,7 @@ public String getBpnClaim() { } public boolean isAdmin() { - return getIrsRoles().contains(IrsRoles.ADMIN_IRS); + return getIrsRoles().contains(IrsRoles.VIEW_IRS); } public String getClientIdForViewIrs() { diff --git a/irs-common/src/test/java/org/eclipse/tractusx/irs/common/auth/SecurityHelperServiceTest.java b/irs-common/src/test/java/org/eclipse/tractusx/irs/common/auth/SecurityHelperServiceTest.java index 33a7e9b9d0..e946a7d39c 100644 --- a/irs-common/src/test/java/org/eclipse/tractusx/irs/common/auth/SecurityHelperServiceTest.java +++ b/irs-common/src/test/java/org/eclipse/tractusx/irs/common/auth/SecurityHelperServiceTest.java @@ -43,7 +43,7 @@ class SecurityHelperServiceTest { private final String CLIENT_ID = "sa-cl6-cx-2"; - private final String BPN = "BPNL00000003CRHK"; + private final String BPN = "BPNL00000001CRHK"; final SecurityHelperService securityHelperService = new SecurityHelperService(); @@ -98,7 +98,7 @@ void shouldReturnClientIdWhenJwtAuthenticationAndViewIrsRole() { @Test void shouldReturnTrueWhenAdminRolePresentInToken() { // given - thereIsJwtAuthentication(IrsRoles.ADMIN_IRS); + thereIsJwtAuthentication(IrsRoles.VIEW_IRS); // when final Boolean isAdmin = securityHelperService.isAdmin(); diff --git a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java index 7f2c10245f..368c69a486 100644 --- a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java +++ b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java @@ -99,7 +99,7 @@ public class PolicyStoreController { }) @PostMapping("/policies") @ResponseStatus(HttpStatus.CREATED) - @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.ADMIN_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')") public void registerAllowedPolicy(final @Valid @RequestBody CreatePolicyRequest request) { service.registerPolicy(request); } @@ -128,7 +128,7 @@ public void registerAllowedPolicy(final @Valid @RequestBody CreatePolicyRequest }) @GetMapping("/policies") @ResponseStatus(HttpStatus.OK) - @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.ADMIN_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')") public List getPolicies() { return service.getStoredPolicies(); } @@ -160,7 +160,7 @@ public List getPolicies() { }) @DeleteMapping("/policies/{policyId}") @ResponseStatus(HttpStatus.OK) - @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.ADMIN_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')") public void deleteAllowedPolicy(@PathVariable("policyId") final String policyId) { service.deletePolicy(policyId); } @@ -192,7 +192,7 @@ public void deleteAllowedPolicy(@PathVariable("policyId") final String policyId) }) @PutMapping("/policies/{policyId}") @ResponseStatus(HttpStatus.OK) - @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.ADMIN_IRS + "')") + @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')") public void updateAllowedPolicy(@PathVariable("policyId") final String policyId, final @Valid @RequestBody UpdatePolicyRequest request) { service.updatePolicy(policyId, request); }