Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(irs-api): Removed IRS-Admin role #229

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [3.5.4] - 2023-10-25
### Changed
- removed role "admin_irs"

## [3.5.3] - 2023-10-09
### Fixed
- Fixed default policy creation.
Expand Down Expand Up @@ -385,7 +389,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Unresolved
- **Select Aspects you need** You are able to select the needed aspects for which you want to collect the correct endpoint information.

[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.3...HEAD
[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.4...HEAD
[3.5.4]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.3...3.5.4
[3.5.3]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.2...3.5.3
[3.5.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.1...3.5.2
[3.5.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.0...3.5.1
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ public class BatchController {
})
@PostMapping("/orders")
@ResponseStatus(HttpStatus.CREATED)
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBatchOrder request) {
final UUID batchOrderId = creationBatchService.create(request);
return BatchOrderCreated.builder().id(batchOrderId).build();
Expand Down Expand Up @@ -159,7 +159,7 @@ public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBa
}),
})
@GetMapping("/orders/{orderId}")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
public BatchOrderResponse getBatchOrder(
@Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId",
example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,
Expand Down Expand Up @@ -205,7 +205,7 @@ public BatchOrderResponse getBatchOrder(
}),
})
@GetMapping("/orders/{orderId}/batches/{batchId}")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
public BatchResponse getBatch(
@Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId",
example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,
Expand Down Expand Up @@ -254,7 +254,7 @@ public BatchResponse getBatch(
}),
})
@PutMapping("/orders/{orderId}")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
public BatchOrderResponse cancelBatchOrder(
@Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId",
example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ public class IrsController {
@IrsTimer("registerjob")
@PostMapping("/jobs")
@ResponseStatus(HttpStatus.CREATED)
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
public JobHandle registerJobForGlobalAssetId(final @Valid @RequestBody RegisterJob request) {
return itemJobService.registerItemJob(request);
}
Expand Down Expand Up @@ -178,7 +178,7 @@ public JobHandle registerJobForGlobalAssetId(final @Valid @RequestBody RegisterJ
})
@IrsTimer("getjob")
@GetMapping("/jobs/{id}")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
public Jobs getJobById(
@Parameter(description = "Id of the job.", schema = @Schema(implementation = UUID.class), name = "id",
example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,
Expand Down Expand Up @@ -227,7 +227,7 @@ public Jobs getJobById(
})
@IrsTimer("canceljob")
@PutMapping("/jobs/{id}")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
public Job cancelJobByJobId(
@Parameter(description = "Id of the job.", schema = @Schema(implementation = UUID.class), name = "id",
example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,
Expand Down Expand Up @@ -269,7 +269,7 @@ public Job cancelJobByJobId(
@IrsTimer("getjobbystate")
@GetMapping("/jobs")
@PageableAsQueryParam
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
public PageResult getJobsByState(
@Valid @ParameterObject @Parameter(description = "Requested job states.", in = QUERY,
explode = Explode.FALSE, array = @ArraySchema(schema = @Schema(implementation = JobState.class), maxItems = Integer.MAX_VALUE))
Expand Down Expand Up @@ -305,7 +305,7 @@ public PageResult getJobsByState(
}),
})
@GetMapping("/aspectmodels")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
public AspectModels getAllAvailableAspectModels() throws SchemaNotFoundException {
return semanticHubService.getAllAspectModels();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ class EssController {
})
@PostMapping("/bpn/investigations")
@ResponseStatus(HttpStatus.CREATED)
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnInvestigationJob request) {
return essService.startIrsJob(request);
}
Expand Down Expand Up @@ -151,7 +151,7 @@ public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnI
}),
})
@GetMapping("/bpn/investigations/{id}")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
public Jobs getBPNInvestigation(
@Parameter(description = "Id of the job.", schema = @Schema(implementation = UUID.class), name = "id",
example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Valid @PathVariable final UUID id) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -302,7 +302,7 @@ private int getRelationshipsSize(final UUID jobId) {
private static void setSecurityContext() {
JwtAuthenticationToken jwtAuthenticationToken = mock(JwtAuthenticationToken.class);
Jwt token = mock(Jwt.class);
when(jwtAuthenticationToken.getAuthorities()).thenReturn(List.of(new SimpleGrantedAuthority("admin_irs")));
when(jwtAuthenticationToken.getAuthorities()).thenReturn(List.of(new SimpleGrantedAuthority("view_irs")));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use constants

when(jwtAuthenticationToken.getToken()).thenReturn(token);
when(token.getClaim("clientId")).thenReturn("test-client-id");
SecurityContext securityContext = mock(SecurityContext.class);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ class IrsItemGraphQueryServiceTest {
@Test
void registerItemJobWithoutDepthShouldBuildFullTree() throws Exception {
// given
setupSecurityContextWithRole(IrsRoles.ADMIN_IRS);
setupSecurityContextWithRole(IrsRoles.VIEW_IRS);
final var jobId = UUID.randomUUID();
final AASTransferProcess transfer1 = generate.aasTransferProcess();
givenTransferResultIsStored(transfer1);
Expand Down Expand Up @@ -135,7 +135,7 @@ private byte[] toBlob(final Object transfer) {

@Test
void cancelJobById() {
setupSecurityContextWithRole(IrsRoles.ADMIN_IRS);
setupSecurityContextWithRole(IrsRoles.VIEW_IRS);

final Job job = generate.fakeJob(JobState.CANCELED);

Expand All @@ -150,7 +150,7 @@ void cancelJobById() {

@Test
void shouldThrowForbiddenExceptionWhenCancelingAnotherOwnerJob() {
setupSecurityContextWithRole(IrsRoles.VIEW_IRS);
setupSecurityContextWithRole(IrsRoles.ADMIN_IRS);

final Job job = generate.fakeJob(JobState.CANCELED);

Expand All @@ -170,7 +170,7 @@ void cancelJobById_throwEntityNotFoundException() {

@Test
void shouldReturnFoundJobs() {
setupSecurityContextWithRole(IrsRoles.ADMIN_IRS);
setupSecurityContextWithRole(IrsRoles.VIEW_IRS);
final List<JobState> states = List.of(JobState.COMPLETED);
final MultiTransferJob multiTransferJob = MultiTransferJob.builder()
.job(generate.fakeJob(JobState.COMPLETED))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ public String getBpnClaim() {
}

public boolean isAdmin() {
return getIrsRoles().contains(IrsRoles.ADMIN_IRS);
return getIrsRoles().contains(IrsRoles.VIEW_IRS);
}

public String getClientIdForViewIrs() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
class SecurityHelperServiceTest {

private final String CLIENT_ID = "sa-cl6-cx-2";
private final String BPN = "BPNL00000003CRHK";
private final String BPN = "BPNL00000001CRHK";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Think to not roll that back :-)


final SecurityHelperService securityHelperService = new SecurityHelperService();

Expand Down Expand Up @@ -98,7 +98,7 @@ void shouldReturnClientIdWhenJwtAuthenticationAndViewIrsRole() {
@Test
void shouldReturnTrueWhenAdminRolePresentInToken() {
// given
thereIsJwtAuthentication(IrsRoles.ADMIN_IRS);
thereIsJwtAuthentication(IrsRoles.VIEW_IRS);

// when
final Boolean isAdmin = securityHelperService.isAdmin();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ public class PolicyStoreController {
})
@PostMapping("/policies")
@ResponseStatus(HttpStatus.CREATED)
@PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.ADMIN_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')")
public void registerAllowedPolicy(final @Valid @RequestBody CreatePolicyRequest request) {
service.registerPolicy(request);
}
Expand Down Expand Up @@ -128,7 +128,7 @@ public void registerAllowedPolicy(final @Valid @RequestBody CreatePolicyRequest
})
@GetMapping("/policies")
@ResponseStatus(HttpStatus.OK)
@PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.ADMIN_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')")
public List<Policy> getPolicies() {
return service.getStoredPolicies();
}
Expand Down Expand Up @@ -160,7 +160,7 @@ public List<Policy> getPolicies() {
})
@DeleteMapping("/policies/{policyId}")
@ResponseStatus(HttpStatus.OK)
@PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.ADMIN_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')")
public void deleteAllowedPolicy(@PathVariable("policyId") final String policyId) {
service.deletePolicy(policyId);
}
Expand Down Expand Up @@ -192,7 +192,7 @@ public void deleteAllowedPolicy(@PathVariable("policyId") final String policyId)
})
@PutMapping("/policies/{policyId}")
@ResponseStatus(HttpStatus.OK)
@PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.ADMIN_IRS + "')")
@PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')")
public void updateAllowedPolicy(@PathVariable("policyId") final String policyId, final @Valid @RequestBody UpdatePolicyRequest request) {
service.updatePolicy(policyId, request);
}
Expand Down
Loading