From 90970c33e735460b661c12ad9652649fb343b61e Mon Sep 17 00:00:00 2001 From: Joris Mancini Date: Mon, 19 Jan 2026 13:41:22 +0100 Subject: [PATCH] feat(error-handling): harmonize directory access exceptions Signed-off-by: Joris Mancini --- .../explore/server/ExploreController.java | 12 +-- .../server/dto/PermissionResponse.java | 12 --- .../error/ExploreBusinessErrorCode.java | 1 - .../server/error/ExploreExceptionHandler.java | 2 +- .../server/services/AuthorizationService.java | 34 ++------ .../server/services/DirectoryService.java | 28 ++----- .../server/ExploreExceptionHandlerTest.java | 4 +- .../gridsuite/explore/server/ExploreTest.java | 77 +++++++++---------- .../explore/server/SingleLineDiagramTest.java | 10 --- .../SpreadsheetConfigCollectionTest.java | 10 +-- .../explore/server/SpreadsheetConfigTest.java | 2 +- 11 files changed, 63 insertions(+), 129 deletions(-) delete mode 100644 src/main/java/org/gridsuite/explore/server/dto/PermissionResponse.java diff --git a/src/main/java/org/gridsuite/explore/server/ExploreController.java b/src/main/java/org/gridsuite/explore/server/ExploreController.java index 1a3d04c2..32b118e9 100644 --- a/src/main/java/org/gridsuite/explore/server/ExploreController.java +++ b/src/main/java/org/gridsuite/explore/server/ExploreController.java @@ -603,21 +603,17 @@ public ResponseEntity searchElements( .body(directoryService.searchElements(userInput, directoryUuid, userId)); } - @RequestMapping(method = RequestMethod.HEAD, value = "/explore/elements/{elementUuid}") + @GetMapping(value = "/explore/elements/{elementUuid}") @Operation(summary = "Check if user has a given right on a directory, or a single element by checking its parent") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "The user has the right on the element"), @ApiResponse(responseCode = "204", description = "The user has not the right on the element"), }) - public ResponseEntity hasRight(@PathVariable("elementUuid") UUID elementUuid, + public ResponseEntity hasRight(@PathVariable("elementUuid") UUID elementUuid, @RequestParam(name = "permission") PermissionType permission, @RequestHeader(QUERY_PARAM_USER_ID) String userId) { - PermissionResponse permissionResponse = directoryService.checkPermission(List.of(elementUuid), null, userId, permission); - if (permissionResponse.hasPermission()) { - return ResponseEntity.ok().build(); - } else { - return ResponseEntity.status(HttpStatus.FORBIDDEN).body(permissionResponse.permissionCheckResult()); - } + directoryService.checkPermission(List.of(elementUuid), null, userId, permission); + return ResponseEntity.ok().build(); } @GetMapping(value = "/explore/directories/{directoryUuid}/permissions", produces = MediaType.APPLICATION_JSON_VALUE) diff --git a/src/main/java/org/gridsuite/explore/server/dto/PermissionResponse.java b/src/main/java/org/gridsuite/explore/server/dto/PermissionResponse.java deleted file mode 100644 index 2b17db2d..00000000 --- a/src/main/java/org/gridsuite/explore/server/dto/PermissionResponse.java +++ /dev/null @@ -1,12 +0,0 @@ -/** - * Copyright (c) 2025, RTE (http://www.rte-france.com) - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - */ -package org.gridsuite.explore.server.dto; - -/** - * @author Hugo Marcellin - */ -public record PermissionResponse(boolean hasPermission, String permissionCheckResult) { } diff --git a/src/main/java/org/gridsuite/explore/server/error/ExploreBusinessErrorCode.java b/src/main/java/org/gridsuite/explore/server/error/ExploreBusinessErrorCode.java index 2a3dded4..602bd491 100644 --- a/src/main/java/org/gridsuite/explore/server/error/ExploreBusinessErrorCode.java +++ b/src/main/java/org/gridsuite/explore/server/error/ExploreBusinessErrorCode.java @@ -14,7 +14,6 @@ * Business error codes emitted by the explore service. */ public enum ExploreBusinessErrorCode implements BusinessErrorCode { - EXPLORE_PERMISSION_DENIED("explore.permissionDenied"), EXPLORE_MAX_ELEMENTS_EXCEEDED("explore.maxElementsExceeded"), EXPLORE_INCORRECT_CASE_FILE("explore.incorrectCaseFile"); diff --git a/src/main/java/org/gridsuite/explore/server/error/ExploreExceptionHandler.java b/src/main/java/org/gridsuite/explore/server/error/ExploreExceptionHandler.java index 1d92b2a8..8e655e2d 100644 --- a/src/main/java/org/gridsuite/explore/server/error/ExploreExceptionHandler.java +++ b/src/main/java/org/gridsuite/explore/server/error/ExploreExceptionHandler.java @@ -38,7 +38,7 @@ protected ExploreBusinessErrorCode getBusinessCode(ExploreException ex) { @Override protected HttpStatus mapStatus(ExploreBusinessErrorCode errorCode) { return switch (errorCode) { - case EXPLORE_PERMISSION_DENIED, EXPLORE_MAX_ELEMENTS_EXCEEDED -> HttpStatus.FORBIDDEN; + case EXPLORE_MAX_ELEMENTS_EXCEEDED -> HttpStatus.FORBIDDEN; case EXPLORE_INCORRECT_CASE_FILE -> HttpStatus.UNPROCESSABLE_ENTITY; }; } diff --git a/src/main/java/org/gridsuite/explore/server/services/AuthorizationService.java b/src/main/java/org/gridsuite/explore/server/services/AuthorizationService.java index b850a9b8..f82ec0c6 100644 --- a/src/main/java/org/gridsuite/explore/server/services/AuthorizationService.java +++ b/src/main/java/org/gridsuite/explore/server/services/AuthorizationService.java @@ -6,20 +6,15 @@ */ package org.gridsuite.explore.server.services; -import org.gridsuite.explore.server.error.ExploreException; -import org.gridsuite.explore.server.dto.PermissionResponse; import org.gridsuite.explore.server.dto.PermissionType; import org.springframework.stereotype.Service; import java.util.List; import java.util.UUID; -import static org.gridsuite.explore.server.error.ExploreBusinessErrorCode.EXPLORE_PERMISSION_DENIED; - /** * @author Abdelsalem Hedhili */ - @Service public class AuthorizationService { @@ -30,32 +25,17 @@ public AuthorizationService(DirectoryService directoryService) { } //This method should only be called inside of @PreAuthorize to centralize permission checks - public boolean isAuthorized(String userId, List elementUuids, UUID targetDirectoryUuid, PermissionType permissionType) { - PermissionResponse permissionResponse = directoryService.checkPermission(elementUuids, targetDirectoryUuid, userId, permissionType); - if (!permissionResponse.hasPermission()) { - throw ExploreException.of(EXPLORE_PERMISSION_DENIED, permissionResponse.permissionCheckResult()); - } - return true; + public void isAuthorized(String userId, List elementUuids, UUID targetDirectoryUuid, PermissionType permissionType) { + directoryService.checkPermission(elementUuids, targetDirectoryUuid, userId, permissionType); } //This method should only be called inside of @PreAuthorize to centralize permission checks - public boolean isAuthorizedForDuplication(String userId, UUID elementToDuplicate, UUID targetDirectoryUuid) { - PermissionResponse readCheck = directoryService.checkPermission(List.of(elementToDuplicate), null, userId, PermissionType.READ); - if (!readCheck.hasPermission()) { - throw ExploreException.of(EXPLORE_PERMISSION_DENIED, readCheck.permissionCheckResult()); - } - PermissionResponse writeCheck = directoryService.checkPermission(List.of(targetDirectoryUuid != null ? targetDirectoryUuid : elementToDuplicate), null, userId, PermissionType.WRITE); - if (!writeCheck.hasPermission()) { - throw ExploreException.of(EXPLORE_PERMISSION_DENIED, writeCheck.permissionCheckResult()); - } - return true; + public void isAuthorizedForDuplication(String userId, UUID elementToDuplicate, UUID targetDirectoryUuid) { + directoryService.checkPermission(List.of(elementToDuplicate), null, userId, PermissionType.READ); + directoryService.checkPermission(List.of(targetDirectoryUuid != null ? targetDirectoryUuid : elementToDuplicate), null, userId, PermissionType.WRITE); } - public boolean isRecursivelyAuthorized(String userId, List elementUuids, UUID targetDirectoryUuid) { - PermissionResponse permissionResponse = directoryService.checkPermission(elementUuids, targetDirectoryUuid, userId, PermissionType.WRITE, true); - if (!permissionResponse.hasPermission()) { - throw ExploreException.of(EXPLORE_PERMISSION_DENIED, permissionResponse.permissionCheckResult()); - } - return true; + public void isRecursivelyAuthorized(String userId, List elementUuids, UUID targetDirectoryUuid) { + directoryService.checkPermission(elementUuids, targetDirectoryUuid, userId, PermissionType.WRITE, true); } } diff --git a/src/main/java/org/gridsuite/explore/server/services/DirectoryService.java b/src/main/java/org/gridsuite/explore/server/services/DirectoryService.java index 25a24aff..ad2d7362 100644 --- a/src/main/java/org/gridsuite/explore/server/services/DirectoryService.java +++ b/src/main/java/org/gridsuite/explore/server/services/DirectoryService.java @@ -8,14 +8,12 @@ import org.gridsuite.explore.server.dto.ElementAttributes; import org.gridsuite.explore.server.dto.PermissionDTO; -import org.gridsuite.explore.server.dto.PermissionResponse; import org.gridsuite.explore.server.dto.PermissionType; import org.gridsuite.explore.server.utils.ParametersType; import org.springframework.core.ParameterizedTypeReference; import org.springframework.http.*; import org.springframework.stereotype.Service; import org.springframework.util.CollectionUtils; -import org.springframework.web.client.HttpStatusCodeException; import org.springframework.web.client.RestTemplate; import org.springframework.web.util.UriComponentsBuilder; @@ -57,8 +55,6 @@ public class DirectoryService implements IDirectoryElementsService { private static final String PARAM_DIRECTORY_UUID = "directoryUuid"; private static final String PARAM_USER_INPUT = "userInput"; - private static final String HEADER_PERMISION_ERROR = "X-Permission-Error"; - private final Map genericServices; private final RestTemplate restTemplate; private String directoryServerBaseUri; @@ -397,17 +393,17 @@ public void moveElementsDirectory(List elementsUuids, UUID targetDirectory restTemplate.exchange(directoryServerBaseUri + path, HttpMethod.PUT, httpEntity, Void.class); } - public PermissionResponse checkPermission(List elementUuids, UUID targetDirectoryUuid, String userId, PermissionType permissionType) { - return checkPermission(elementUuids, targetDirectoryUuid, userId, permissionType, false); + public void checkPermission(List elementUuids, UUID targetDirectoryUuid, String userId, PermissionType permissionType) { + checkPermission(elementUuids, targetDirectoryUuid, userId, permissionType, false); } //This method should only be called inside of AuthorizationService to centralize permission checks - public PermissionResponse checkPermission(List elementUuids, UUID targetDirectoryUuid, String userId, PermissionType permissionType, boolean recursiveCheck) { + public void checkPermission(List elementUuids, UUID targetDirectoryUuid, String userId, PermissionType permissionType, boolean recursiveCheck) { String ids = elementUuids.stream().map(UUID::toString).collect(Collectors.joining(",")); HttpHeaders headers = new HttpHeaders(); headers.add(HEADER_USER_ID, userId); - String path = UriComponentsBuilder.fromPath(ELEMENTS_SERVER_ROOT_PATH) + String path = UriComponentsBuilder.fromPath(ELEMENTS_SERVER_ROOT_PATH + "/authorized") .queryParam(PARAM_ACCESS_TYPE, permissionType) .queryParam(PARAM_IDS, ids) .queryParam(PARAM_TARGET_DIRECTORY_UUID, targetDirectoryUuid) @@ -415,21 +411,7 @@ public PermissionResponse checkPermission(List elementUuids, UUID targetDi .buildAndExpand() .toUriString(); - try { - restTemplate.exchange(directoryServerBaseUri + path, HttpMethod.HEAD, new HttpEntity<>(headers), Void.class); - } catch (HttpStatusCodeException e) { - if (HttpStatus.FORBIDDEN.equals(e.getStatusCode())) { - String permissionCheckResult = null; - HttpHeaders responseHeader = e.getResponseHeaders(); - if (responseHeader != null && responseHeader.getFirst(HEADER_PERMISION_ERROR) != null) { - permissionCheckResult = responseHeader.getFirst(HEADER_PERMISION_ERROR); - } - return new PermissionResponse(false, permissionCheckResult); - } else { - throw e; - } - } - return new PermissionResponse(true, null); + restTemplate.exchange(directoryServerBaseUri + path, HttpMethod.GET, new HttpEntity<>(headers), Void.class); } public List getDirectoryPermissions(UUID directoryUuid, String userId) { diff --git a/src/test/java/org/gridsuite/explore/server/ExploreExceptionHandlerTest.java b/src/test/java/org/gridsuite/explore/server/ExploreExceptionHandlerTest.java index 4fa66020..99ed2b8c 100644 --- a/src/test/java/org/gridsuite/explore/server/ExploreExceptionHandlerTest.java +++ b/src/test/java/org/gridsuite/explore/server/ExploreExceptionHandlerTest.java @@ -34,14 +34,14 @@ void setUp() { @Test void mapsElementNotFoundToNotFoundStatus() { MockHttpServletRequest request = new MockHttpServletRequest("GET", "/explore"); - ExploreException exception = new ExploreException(ExploreBusinessErrorCode.EXPLORE_PERMISSION_DENIED, + ExploreException exception = new ExploreException(ExploreBusinessErrorCode.EXPLORE_MAX_ELEMENTS_EXCEEDED, "denied"); ResponseEntity response = handler.invokeHandleDomainException(exception, request); assertThat(response.getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); assertThat(response.getBody()).isNotNull(); - assertEquals("explore.permissionDenied", response.getBody().getBusinessErrorCode()); + assertEquals("explore.maxElementsExceeded", response.getBody().getBusinessErrorCode()); } private static final class TestExploreExceptionHandler extends ExploreExceptionHandler { diff --git a/src/test/java/org/gridsuite/explore/server/ExploreTest.java b/src/test/java/org/gridsuite/explore/server/ExploreTest.java index 207549d5..0c7d419e 100644 --- a/src/test/java/org/gridsuite/explore/server/ExploreTest.java +++ b/src/test/java/org/gridsuite/explore/server/ExploreTest.java @@ -386,6 +386,30 @@ public MockResponse dispatch(RecordedRequest request) { } else if (path.matches("/v1/directories/" + PARENT_DIRECTORY_UUID_FORBIDDEN + "/permissions") && USER_NOT_ALLOWED.equals(request.getHeaders().get("userId"))) { return new MockResponse(403); + } else if (path.matches("/v1/elements/authorized\\?accessType=.*&ids=" + PARENT_DIRECTORY_UUID + "&targetDirectoryUuid&recursiveCheck=.*")) { + return new MockResponse(200); + } else if (path.matches("/v1/elements/authorized\\?accessType=.*&ids=" + NO_CONTENT_DIRECTORY_UUID + "&targetDirectoryUuid&recursiveCheck=.*")) { + return new MockResponse(403); + } else if (path.matches("/v1/elements/authorized\\?accessType=.*&ids=" + FORBIDDEN_STUDY_UUID + "&targetDirectoryUuid&recursiveCheck=.*")) { + return new MockResponse(403); + } else if (path.matches("/v1/elements/authorized\\?accessType=.*&ids=" + PARENT_DIRECTORY_UUID_FORBIDDEN + "&targetDirectoryUuid&recursiveCheck=.*")) { + return new MockResponse(403); + } else if (path.matches("/v1/elements/authorized\\?forUpdate=true&ids=" + FORBIDDEN_ELEMENT_UUID) && USER_NOT_ALLOWED.equals(request.getHeaders().get("userId"))) { + return new MockResponse(403); + } else if (path.matches("/v1/elements/authorized\\?accessType=WRITE&ids=" + DIRECTORY_NOT_OWNED_SUBELEMENT_UUID + "&targetDirectoryUuid.*&recursiveCheck=true")) { + return new MockResponse(409); + } else if (path.matches("/v1/elements/authorized\\?forDeletion=true&ids=.*") || path.matches("/v1/elements\\?forUpdate=true&ids=.*")) { + return new MockResponse(200); + } else if (path.matches("/v1/elements/authorized\\?accessType=READ&ids=" + TEST_ACCESS_DIRECTORY_UUID_ALLOWED + "&targetDirectoryUuid&recursiveCheck=.*")) { + return new MockResponse(200); + } else if (path.matches("/v1/elements/authorized\\?accessType=READ&ids=" + TEST_ACCESS_DIRECTORY_UUID_FORBIDDEN + "&targetDirectoryUuid&recursiveCheck=.*")) { + return new MockResponse(403); + } else if (path.matches("/v1/elements/authorized\\?accessType=WRITE&ids=" + TEST_ACCESS_DIRECTORY_UUID_ALLOWED + "&targetDirectoryUuid&recursiveCheck=.*")) { + return new MockResponse(200); + } else if (path.matches("/v1/elements/authorized\\?accessType=WRITE&ids=" + TEST_ACCESS_DIRECTORY_UUID_FORBIDDEN + "&targetDirectoryUuid&recursiveCheck=.*")) { + return new MockResponse(403); + } else if (path.matches("/v1/elements/authorized\\?accessType=.*&ids=.*&targetDirectoryUuid.*&recursiveCheck=.*")) { + return new MockResponse(200); } } else if ("PUT".equals(request.getMethod())) { if (path.matches("/v1/directories/" + PARENT_DIRECTORY_UUID + "/permissions")) { @@ -425,35 +449,10 @@ public MockResponse dispatch(RecordedRequest request) { return new MockResponse(200); } return new MockResponse(404); - } else if ("HEAD".equals(request.getMethod())) { - if (path.matches("/v1/elements\\?accessType=.*&ids=" + PARENT_DIRECTORY_UUID + "&targetDirectoryUuid&recursiveCheck=.*")) { - return new MockResponse(200); - } else if (path.matches("/v1/elements\\?accessType=.*&ids=" + NO_CONTENT_DIRECTORY_UUID + "&targetDirectoryUuid&recursiveCheck=.*")) { - return new MockResponse(403); - } else if (path.matches("/v1/elements\\?accessType=.*&ids=" + FORBIDDEN_STUDY_UUID + "&targetDirectoryUuid&recursiveCheck=.*")) { - return new MockResponse(403); - } else if (path.matches("/v1/elements\\?accessType=.*&ids=" + PARENT_DIRECTORY_UUID_FORBIDDEN + "&targetDirectoryUuid&recursiveCheck=.*")) { - return new MockResponse(403); - } else if (path.matches("/v1/elements\\?forUpdate=true&ids=" + FORBIDDEN_ELEMENT_UUID) && USER_NOT_ALLOWED.equals(request.getHeaders().get("userId"))) { - return new MockResponse(403); - } else if (path.matches("/v1/elements\\?accessType=WRITE&ids=" + DIRECTORY_NOT_OWNED_SUBELEMENT_UUID + "&targetDirectoryUuid.*&recursiveCheck=true")) { - return new MockResponse(409); - } else if (path.matches("/v1/elements\\?forDeletion=true&ids=.*") || path.matches("/v1/elements\\?forUpdate=true&ids=.*")) { - return new MockResponse(200); - } else if (path.matches("/v1/directories/" + PARENT_DIRECTORY_UUID2 + "/elements/elementName/types/type")) { - return new MockResponse(200); - } else if (path.matches("/v1/elements\\?accessType=READ&ids=" + TEST_ACCESS_DIRECTORY_UUID_ALLOWED + "&targetDirectoryUuid&recursiveCheck=.*")) { - return new MockResponse(200); - } else if (path.matches("/v1/elements\\?accessType=READ&ids=" + TEST_ACCESS_DIRECTORY_UUID_FORBIDDEN + "&targetDirectoryUuid&recursiveCheck=.*")) { - return new MockResponse(403); - } else if (path.matches("/v1/elements\\?accessType=WRITE&ids=" + TEST_ACCESS_DIRECTORY_UUID_ALLOWED + "&targetDirectoryUuid&recursiveCheck=.*")) { - return new MockResponse(200); - } else if (path.matches("/v1/elements\\?accessType=WRITE&ids=" + TEST_ACCESS_DIRECTORY_UUID_FORBIDDEN + "&targetDirectoryUuid&recursiveCheck=.*")) { - return new MockResponse(403); - } else if (path.matches("/v1/elements\\?accessType=.*&ids=.*&targetDirectoryUuid.*&recursiveCheck=.*")) { + } else if ("HEAD".equals(request.getMethod()) && path.matches("/v1/directories/" + PARENT_DIRECTORY_UUID2 + "/elements/elementName/types/type")) { return new MockResponse(200); } - } + return new MockResponse(418); } }; @@ -611,8 +610,8 @@ void testDeleteElement() throws Exception { deleteElement(CASE_UUID); deleteElement(PARAMETERS_UUID); deleteElement(MODIFICATION_UUID); - deleteElementsNotAllowed(List.of(FORBIDDEN_STUDY_UUID), PARENT_DIRECTORY_UUID_FORBIDDEN, 500); - deleteElementNotAllowed(FORBIDDEN_STUDY_UUID, 500); + deleteElementsNotAllowed(List.of(FORBIDDEN_STUDY_UUID), PARENT_DIRECTORY_UUID_FORBIDDEN, 403); + deleteElementNotAllowed(FORBIDDEN_STUDY_UUID, 403); deleteElementNotAllowed(DIRECTORY_NOT_OWNED_SUBELEMENT_UUID, 409); } @@ -783,7 +782,7 @@ void testDuplicateStudyInSameDirectoryNotAllowed() throws Exception { mockMvc.perform(post("/v1/explore/studies?duplicateFrom={studyUuid}", NO_CONTENT_DIRECTORY_UUID) .header("userId", USER1) - ).andExpect(status().isInternalServerError()); + ).andExpect(status().isForbidden()); } @Test @@ -946,7 +945,7 @@ void testGetDirectoryPermissions() throws Exception { // Execute the test with a forbidden directory ID mockMvc.perform(get("/v1/explore/directories/{directoryUuid}/permissions", PARENT_DIRECTORY_UUID_FORBIDDEN) .header("userId", USER_NOT_ALLOWED)) - .andExpect(status().isInternalServerError()); + .andExpect(status().isForbidden()); } @Test @@ -969,7 +968,7 @@ void testSetDirectoryPermissions() throws Exception { .header("userId", USER_NOT_ALLOWED) .contentType(MediaType.APPLICATION_JSON) .content(permissionsJson)) - .andExpect(status().isInternalServerError()); + .andExpect(status().isForbidden()); } @Test @@ -1335,7 +1334,7 @@ void testHasRights(final MockWebServer server) throws Exception { ).andExpect(status().isOk()); var requests = TestUtils.getRequestsWithBodyDone(1, server); - assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("v1/elements?accessType=READ&ids=" + TEST_ACCESS_DIRECTORY_UUID_ALLOWED + "&targetDirectoryUuid"))); + assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("v1/elements/authorized?accessType=READ&ids=" + TEST_ACCESS_DIRECTORY_UUID_ALLOWED + "&targetDirectoryUuid"))); // test read access forbidden mockMvc.perform(head("/v1/explore/elements/" + TEST_ACCESS_DIRECTORY_UUID_FORBIDDEN + "?permission=READ") @@ -1343,7 +1342,7 @@ void testHasRights(final MockWebServer server) throws Exception { ).andExpect(status().isForbidden()); requests = TestUtils.getRequestsWithBodyDone(1, server); - assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("v1/elements?accessType=READ&ids=" + TEST_ACCESS_DIRECTORY_UUID_FORBIDDEN + "&targetDirectoryUuid"))); + assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("v1/elements/authorized?accessType=READ&ids=" + TEST_ACCESS_DIRECTORY_UUID_FORBIDDEN + "&targetDirectoryUuid"))); // test write access forbidden mockMvc.perform(head("/v1/explore/elements/" + TEST_ACCESS_DIRECTORY_UUID_FORBIDDEN + "?permission=WRITE") @@ -1351,22 +1350,22 @@ void testHasRights(final MockWebServer server) throws Exception { ).andExpect(status().isForbidden()); requests = TestUtils.getRequestsWithBodyDone(1, server); - assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("v1/elements?accessType=WRITE&ids=" + TEST_ACCESS_DIRECTORY_UUID_FORBIDDEN + "&targetDirectoryUuid"))); + assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("v1/elements/authorized?accessType=WRITE&ids=" + TEST_ACCESS_DIRECTORY_UUID_FORBIDDEN + "&targetDirectoryUuid"))); // test write access allowed (admin) - mockMvc.perform(head("/v1/explore/elements/" + TEST_ACCESS_DIRECTORY_UUID_ALLOWED + "?permission=WRITE") + mockMvc.perform(get("/v1/explore/elements/" + TEST_ACCESS_DIRECTORY_UUID_ALLOWED + "?permission=WRITE") .header("userId", USER1) ).andExpect(status().isOk()); requests = TestUtils.getRequestsWithBodyDone(1, server); - assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("v1/elements?accessType=WRITE&ids=" + TEST_ACCESS_DIRECTORY_UUID_ALLOWED + "&targetDirectoryUuid"))); + assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("v1/elements/authorized?accessType=WRITE&ids=" + TEST_ACCESS_DIRECTORY_UUID_ALLOWED + "&targetDirectoryUuid"))); } private void checkAuthorizationRequestDoneForDuplication(final MockWebServer server, UUID readElementUuid, UUID writeElementUuid) { // check that we called 2 times the directory server to checks authorization and 1 time the server to duplicate // check read authorization on the duplicated element and write authorization on the target directory var requests = TestUtils.getRequestsWithBodyDone(3, server); - assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("/v1/elements?accessType=READ&ids=" + readElementUuid + "&targetDirectoryUuid"))); - assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("/v1/elements?accessType=WRITE&ids=" + writeElementUuid + "&targetDirectoryUuid"))); + assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("/v1/elements/authorized?accessType=READ&ids=" + readElementUuid + "&targetDirectoryUuid"))); + assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("/v1/elements/authorized?accessType=WRITE&ids=" + writeElementUuid + "&targetDirectoryUuid"))); } } diff --git a/src/test/java/org/gridsuite/explore/server/SingleLineDiagramTest.java b/src/test/java/org/gridsuite/explore/server/SingleLineDiagramTest.java index 4fc9029a..60b5cb84 100644 --- a/src/test/java/org/gridsuite/explore/server/SingleLineDiagramTest.java +++ b/src/test/java/org/gridsuite/explore/server/SingleLineDiagramTest.java @@ -4,7 +4,6 @@ import com.github.tomakehurst.wiremock.WireMockServer; import com.github.tomakehurst.wiremock.client.WireMock; import org.gridsuite.explore.server.dto.ElementAttributes; -import org.gridsuite.explore.server.dto.PermissionResponse; import org.gridsuite.explore.server.dto.PermissionType; import org.gridsuite.explore.server.services.DirectoryService; import org.gridsuite.explore.server.services.SingleLineDiagramService; @@ -63,8 +62,6 @@ class SingleLineDiagramTest { private static final UUID DUPLICATE_NAD_CONFIG_UUID = UUID.randomUUID(); private static final UUID PARENT_DIRECTORY_UUID = UUID.randomUUID(); - private static final PermissionResponse ALLOWED_PERMISSION = new PermissionResponse(true, null); - @BeforeEach void setUp() { wireMockServer = new WireMockServer(wireMockConfig().dynamicPort()); @@ -81,8 +78,6 @@ void testCreateDiagramConfig() throws Exception { .withBody(mapper.writeValueAsString(NAD_CONFIG_UUID.toString())) )).getId(); - when(directoryService.checkPermission(List.of(PARENT_DIRECTORY_UUID), null, USER1, PermissionType.WRITE)).thenReturn(ALLOWED_PERMISSION); - mockMvc.perform(post(BASE_URL) .param("name", "diagram config name") .param("type", "DIAGRAM_CONFIG") @@ -108,8 +103,6 @@ void testUpdateDiagramConfig() throws Exception { .withBody(mapper.writeValueAsString(NAD_CONFIG_UUID.toString())) )).getId(); - when(directoryService.checkPermission(List.of(NAD_CONFIG_UUID), null, USER1, PermissionType.WRITE)).thenReturn(ALLOWED_PERMISSION); - mockMvc.perform(put(BASE_URL + "/" + NAD_CONFIG_UUID) .param("name", "diagram config name") .param("type", "DIAGRAM_CONFIG") @@ -133,9 +126,6 @@ void testDuplicateDiagramConfig() throws Exception { .withBody(mapper.writeValueAsString(DUPLICATE_NAD_CONFIG_UUID.toString())) )).getId(); - when(directoryService.checkPermission(List.of(PARENT_DIRECTORY_UUID), null, USER1, PermissionType.WRITE)).thenReturn(ALLOWED_PERMISSION); - when(directoryService.checkPermission(List.of(NAD_CONFIG_UUID), null, USER1, PermissionType.READ)).thenReturn(ALLOWED_PERMISSION); - mockMvc.perform(post(BASE_URL) .param("duplicateFrom", NAD_CONFIG_UUID.toString()) .param("parentDirectoryUuid", PARENT_DIRECTORY_UUID.toString()) diff --git a/src/test/java/org/gridsuite/explore/server/SpreadsheetConfigCollectionTest.java b/src/test/java/org/gridsuite/explore/server/SpreadsheetConfigCollectionTest.java index d89c4523..86474678 100644 --- a/src/test/java/org/gridsuite/explore/server/SpreadsheetConfigCollectionTest.java +++ b/src/test/java/org/gridsuite/explore/server/SpreadsheetConfigCollectionTest.java @@ -106,7 +106,7 @@ public MockResponse dispatch(RecordedRequest request) { return new MockResponse(200); } else if (path.matches("/v1/users/" + USER_ID + "/isAdmin") && "HEAD".equals(request.getMethod())) { return new MockResponse(200); - } else if (path.matches("/v1/elements\\?accessType=.*&ids=.*&targetDirectoryUuid.*")) { + } else if (path.matches("/v1/elements/authorized\\?accessType=.*&ids=.*&targetDirectoryUuid.*")) { return new MockResponse(200); } return new MockResponse(404); @@ -173,8 +173,8 @@ void testDuplicateSpreadsheetConfigCollection(final MockWebServer mockWebServer) // check that we called 2 times the directory server to checks authorization and 1 time spreadsheet-config to duplicate // check read authorization on the duplicated element and write authorization on the target directory var requests = TestUtils.getRequestsWithBodyDone(3, mockWebServer); - assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("/v1/elements?accessType=READ&ids=" + COLLECTION_UUID + "&targetDirectoryUuid"))); - assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("/v1/elements?accessType=WRITE&ids=" + PARENT_DIRECTORY_UUID + "&targetDirectoryUuid"))); + assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("/v1/elements/authorized?accessType=READ&ids=" + COLLECTION_UUID + "&targetDirectoryUuid"))); + assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("/v1/elements/authorized?accessType=WRITE&ids=" + PARENT_DIRECTORY_UUID + "&targetDirectoryUuid"))); } @Test @@ -187,8 +187,8 @@ void testDuplicateSpreadsheetConfigCollectionInSameDirectory(final MockWebServer // check that we called 2 times the directory server to checks authorization and 1 time spreadsheet-config to duplicate // check read authorization on the duplicated element and write authorization on the target directory var requests = TestUtils.getRequestsWithBodyDone(3, mockWebServer); - assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("/v1/elements?accessType=READ&ids=" + COLLECTION_UUID + "&targetDirectoryUuid"))); - assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("/v1/elements?accessType=WRITE&ids=" + COLLECTION_UUID + "&targetDirectoryUuid"))); + assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("/v1/elements/authorized?accessType=READ&ids=" + COLLECTION_UUID + "&targetDirectoryUuid"))); + assertTrue(requests.stream().anyMatch(r -> r.getPath().contains("/v1/elements/authorized?accessType=WRITE&ids=" + COLLECTION_UUID + "&targetDirectoryUuid"))); } @Test diff --git a/src/test/java/org/gridsuite/explore/server/SpreadsheetConfigTest.java b/src/test/java/org/gridsuite/explore/server/SpreadsheetConfigTest.java index e004f574..7c507446 100644 --- a/src/test/java/org/gridsuite/explore/server/SpreadsheetConfigTest.java +++ b/src/test/java/org/gridsuite/explore/server/SpreadsheetConfigTest.java @@ -117,7 +117,7 @@ public MockResponse dispatch(RecordedRequest request) { } else if (path.matches("/v1/elements\\?duplicateFrom=.*&newElementUuid=.*")) { ElementAttributes duplicatedElement = new ElementAttributes(UUID.randomUUID(), CONFIG_NAME + " (copy)", "SPREADSHEET_CONFIG", USER_ID, 0L, null); return new MockResponse(200, Headers.of("Content-Type", "application/json"), objectMapper.writeValueAsString(duplicatedElement)); - } else if (path.matches("/v1/elements\\?accessType=.*&ids=.*&targetDirectoryUuid.*")) { + } else if (path.matches("/v1/elements/authorized\\?accessType=.*&ids=.*&targetDirectoryUuid.*")) { return new MockResponse(200); } return new MockResponse(404);