diff --git a/src/main/java/de/caritas/cob/agencyservice/api/authorization/Authority.java b/src/main/java/de/caritas/cob/agencyservice/api/authorization/Authority.java index 4eb6b9bf..fb11c718 100644 --- a/src/main/java/de/caritas/cob/agencyservice/api/authorization/Authority.java +++ b/src/main/java/de/caritas/cob/agencyservice/api/authorization/Authority.java @@ -1,24 +1,35 @@ package de.caritas.cob.agencyservice.api.authorization; +import com.google.common.collect.Lists; +import java.util.List; import java.util.stream.Stream; +import lombok.Getter; /** * * Definition of all authorities and of the role-authority-mapping. * */ +@Getter public enum Authority { - AGENCY_ADMIN("agency-admin", "AUTHORIZATION_AGENCY_ADMIN"), - TENANT_ADMIN("tenant-admin", "AUTHORIZATION_TENANT_ADMIN"), - RESTRICTED_AGENCY_ADMIN("restricted-agency-admin", "AUTHORIZATION_RESTRICTED_AGENCY_ADMIN"); + AGENCY_ADMIN("agency-admin", AuthorityValue.AGENCY_ADMIN, AuthorityValue.SEARCH_AGENCIES), + TENANT_ADMIN("tenant-admin", AuthorityValue.TENANT_ADMIN), + RESTRICTED_AGENCY_ADMIN("restricted-agency-admin", AuthorityValue.RESTRICTED_AGENCY_ADMIN, AuthorityValue.SEARCH_AGENCIES), + + RESTRICTED_CONSULTANT_ADMIN("restricted-consultant-admin", AuthorityValue.SEARCH_AGENCIES); private final String roleName; - private final String authorityName; + private final List authorities; Authority(final String roleName, final String authorityName) { this.roleName = roleName; - this.authorityName = authorityName; + this.authorities = Lists.newArrayList(authorityName); + } + + Authority(final String roleName, final String... authorities) { + this.roleName = roleName; + this.authorities = Lists.newArrayList(authorities); } /** @@ -34,12 +45,18 @@ public static Authority fromRoleName(String roleName) { .orElse(null); } - public String getAuthority() { - return this.authorityName; - } - public String getRoleName() { - return this.roleName; + public static class AuthorityValue { + + private AuthorityValue() {} + + public static final String PREFIX = "AUTHORIZATION_"; + public static final String AGENCY_ADMIN = PREFIX + "AGENCY_ADMIN"; + public static final String SEARCH_AGENCIES = PREFIX + "SEARCH_AGENCIES"; + public static final String TENANT_ADMIN = PREFIX + "TENANT_ADMIN"; + public static final String RESTRICTED_AGENCY_ADMIN = PREFIX + "RESTRICTED_AGENCY_ADMIN"; + } + } diff --git a/src/main/java/de/caritas/cob/agencyservice/api/authorization/RoleAuthorizationAuthorityMapper.java b/src/main/java/de/caritas/cob/agencyservice/api/authorization/RoleAuthorizationAuthorityMapper.java index fc99d604..5df9c9b4 100644 --- a/src/main/java/de/caritas/cob/agencyservice/api/authorization/RoleAuthorizationAuthorityMapper.java +++ b/src/main/java/de/caritas/cob/agencyservice/api/authorization/RoleAuthorizationAuthorityMapper.java @@ -30,7 +30,8 @@ public Set mapAuthorities(Set roleNames) { return roleNames.stream() .map(Authority::fromRoleName) .filter(Objects::nonNull) - .map(Authority::getAuthority) + .map(Authority::getAuthorities) + .flatMap(Collection::parallelStream) .map(SimpleGrantedAuthority::new) .collect(Collectors.toSet()); } diff --git a/src/main/java/de/caritas/cob/agencyservice/config/SecurityConfig.java b/src/main/java/de/caritas/cob/agencyservice/config/SecurityConfig.java index c5feba44..c5b0e17e 100644 --- a/src/main/java/de/caritas/cob/agencyservice/config/SecurityConfig.java +++ b/src/main/java/de/caritas/cob/agencyservice/config/SecurityConfig.java @@ -1,9 +1,6 @@ package de.caritas.cob.agencyservice.config; -import static de.caritas.cob.agencyservice.api.authorization.Authority.AGENCY_ADMIN; -import static de.caritas.cob.agencyservice.api.authorization.Authority.RESTRICTED_AGENCY_ADMIN; -import static de.caritas.cob.agencyservice.api.authorization.Authority.TENANT_ADMIN; - +import de.caritas.cob.agencyservice.api.authorization.Authority.AuthorityValue; import de.caritas.cob.agencyservice.config.security.AuthorisationService; import de.caritas.cob.agencyservice.config.security.JwtAuthConverter; import de.caritas.cob.agencyservice.config.security.JwtAuthConverterProperties; @@ -16,6 +13,7 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.core.env.Environment; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -84,11 +82,13 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .requestMatchers("/agencies/**").permitAll() .requestMatchers(WHITE_LIST).permitAll() .requestMatchers("/agencies").permitAll() + .requestMatchers(HttpMethod.GET, "/agencyadmin/agencies") + .hasAuthority(AuthorityValue.SEARCH_AGENCIES) .requestMatchers("/agencyadmin/agencies/tenant/*") - .access("hasAuthority('" + AGENCY_ADMIN.getAuthority() - + "') and hasAuthority('" + TENANT_ADMIN.getAuthority() + "')") + .access("hasAuthority('" + AuthorityValue.AGENCY_ADMIN + + "') and hasAuthority('" + AuthorityValue.TENANT_ADMIN + "')") .requestMatchers("/agencyadmin", "/agencyadmin/", "/agencyadmin/**") - .hasAnyAuthority(AGENCY_ADMIN.getAuthority(), RESTRICTED_AGENCY_ADMIN.getAuthority()) + .hasAnyAuthority(AuthorityValue.AGENCY_ADMIN, AuthorityValue.RESTRICTED_AGENCY_ADMIN) .anyRequest().denyAll(); diff --git a/src/test/java/de/caritas/cob/agencyservice/api/authorization/AuthorityTest.java b/src/test/java/de/caritas/cob/agencyservice/api/authorization/AuthorityTest.java index 0a31a827..46fa0154 100644 --- a/src/test/java/de/caritas/cob/agencyservice/api/authorization/AuthorityTest.java +++ b/src/test/java/de/caritas/cob/agencyservice/api/authorization/AuthorityTest.java @@ -2,40 +2,40 @@ import static de.caritas.cob.agencyservice.api.authorization.Authority.AGENCY_ADMIN; import static de.caritas.cob.agencyservice.api.authorization.Authority.fromRoleName; -import static org.hamcrest.MatcherAssert.assertThat; -import static org.hamcrest.Matchers.is; -import static org.hamcrest.Matchers.nullValue; +import static org.assertj.core.api.Assertions.assertThat; +import de.caritas.cob.agencyservice.api.authorization.Authority.AuthorityValue; +import java.util.List; import org.junit.Test; public class AuthorityTest { @Test public void getAuthority_Should_returnExpectedAuthority_When_authorityIsAgencyAdmin() { - String authority = AGENCY_ADMIN.getAuthority(); + List authorities = AGENCY_ADMIN.getAuthorities(); - assertThat(authority, is("AUTHORIZATION_AGENCY_ADMIN")); + assertThat(authorities).containsOnly(AuthorityValue.AGENCY_ADMIN, AuthorityValue.SEARCH_AGENCIES); } @Test public void fromRoleName_Should_returnNull_When_roleNameIsNull() { Authority authority = fromRoleName(null); - assertThat(authority, nullValue()); + assertThat(authority).isNull(); } @Test public void fromRoleName_Should_returnNull_When_roleNameDoesNotExist() { Authority authority = fromRoleName("not existing"); - assertThat(authority, nullValue()); + assertThat(authority).isNull(); } @Test public void fromRoleName_Should_returnAgencyAdmin_When_roleNameIsAgencyAdmin() { Authority authority = fromRoleName("agency-admin"); - assertThat(authority, is(AGENCY_ADMIN)); + assertThat(authority.getAuthorities()).containsOnly(AuthorityValue.AGENCY_ADMIN, AuthorityValue.SEARCH_AGENCIES); } } diff --git a/src/test/java/de/caritas/cob/agencyservice/api/authorization/RoleAuthorizationAuthorityMapperTest.java b/src/test/java/de/caritas/cob/agencyservice/api/authorization/RoleAuthorizationAuthorityMapperTest.java index 1afd2238..e7af266b 100644 --- a/src/test/java/de/caritas/cob/agencyservice/api/authorization/RoleAuthorizationAuthorityMapperTest.java +++ b/src/test/java/de/caritas/cob/agencyservice/api/authorization/RoleAuthorizationAuthorityMapperTest.java @@ -2,10 +2,8 @@ import static de.caritas.cob.agencyservice.api.authorization.Authority.AGENCY_ADMIN; import static java.util.Collections.emptyList; -import static org.hamcrest.MatcherAssert.assertThat; -import static org.hamcrest.Matchers.hasSize; -import static org.hamcrest.Matchers.is; - +import static org.assertj.core.api.Assertions.assertThat; +import de.caritas.cob.agencyservice.api.authorization.Authority.AuthorityValue; import java.util.Collection; import java.util.List; import java.util.stream.Collectors; @@ -28,8 +26,10 @@ public void mapAuthorities_Should_returnGrantedAgencyAdminAuthority_When_authori Collection mappedAuthorities = this.roleAuthorizationAuthorityMapper .mapAuthorities(grantedAuthorities); - assertThat(mappedAuthorities, hasSize(1)); - assertThat(mappedAuthorities.iterator().next().getAuthority(), is(AGENCY_ADMIN.getAuthority())); + assertThat(mappedAuthorities).hasSize(2); + List authorities = mappedAuthorities.stream() + .map(grantedAuthority -> grantedAuthority.getAuthority()).toList(); + assertThat(authorities).containsAll(AGENCY_ADMIN.getAuthorities()); } @Test @@ -41,8 +41,24 @@ public void mapAuthorities_Should_returnGrantedAgencyAdminAuthority_When_authori Collection mappedAuthorities = this.roleAuthorizationAuthorityMapper .mapAuthorities(grantedAuthorities); - assertThat(mappedAuthorities, hasSize(1)); - assertThat(mappedAuthorities.iterator().next().getAuthority(), is(AGENCY_ADMIN.getAuthority())); + assertThat(mappedAuthorities).hasSize(2); + List authorities = mappedAuthorities.stream() + .map(grantedAuthority -> grantedAuthority.getAuthority()).toList(); + assertThat(authorities).containsAll(AGENCY_ADMIN.getAuthorities()); + + } + + @Test + public void mapAuthorities_Should_returnGrantedAgencySearchAuthority_When_authoritiesRestrictedConsultantAdmin() { + List grantedAuthorities = Stream.of("a", "v", "restricted-consultant-admin", "c") + .map(SimpleGrantedAuthority::new) + .collect(Collectors.toList()); + + Collection mappedAuthorities = this.roleAuthorizationAuthorityMapper + .mapAuthorities(grantedAuthorities); + + assertThat(mappedAuthorities).hasSize(1); + assertThat(mappedAuthorities.iterator().next().getAuthority()).isEqualTo(AuthorityValue.SEARCH_AGENCIES); } @Test @@ -50,7 +66,7 @@ public void mapAuthorities_Should_returnEmptyCollection_When_authorityIsEmpty() Collection mappedAuthorities = this.roleAuthorizationAuthorityMapper .mapAuthorities(emptyList()); - assertThat(mappedAuthorities, hasSize(0)); + assertThat(mappedAuthorities).isEmpty(); } @Test @@ -62,7 +78,7 @@ public void mapAuthorities_Should_returnEmptyCollection_When_authoritiesAreNotPr Collection mappedAuthorities = this.roleAuthorizationAuthorityMapper .mapAuthorities(grantedAuthorities); - assertThat(mappedAuthorities, hasSize(0)); + assertThat(mappedAuthorities).isEmpty(); } } diff --git a/src/test/java/de/caritas/cob/agencyservice/api/service/CentralDataProtectionTemplateServiceTest.java b/src/test/java/de/caritas/cob/agencyservice/api/service/CentralDataProtectionTemplateServiceTest.java index bbb2fe21..fc4c5511 100644 --- a/src/test/java/de/caritas/cob/agencyservice/api/service/CentralDataProtectionTemplateServiceTest.java +++ b/src/test/java/de/caritas/cob/agencyservice/api/service/CentralDataProtectionTemplateServiceTest.java @@ -70,6 +70,39 @@ void renderDataProtectionPrivacy_shouldProperlyRenderPrivacy_When_PlaceholdersAr "Privacy template with placeholders: Data protection officer contact name: Max Mustermann, Data protection responsible contact name: Max Mustermann,"); } + @Test + void renderDataProtectionPrivacy_shouldReturnPrivacyAsItIs_When_PlaceholdersAreNotIncludedInPrivacy() { + + // given + when(tenantService.getRestrictedTenantDataByTenantId(anyLong())).thenReturn( + new RestrictedTenantDTO() + .content( + new Content().dataProtectionContactTemplate(getDataProtectionContactTemplate()) + .privacy( + "Privacy template without placeholders"))); + DataProtectionContactDTO dataProtectionContactDTO = new DataProtectionContactDTO() + .nameAndLegalForm("Max Mustermann"); + + Agency agency = Agency.builder() + .id(1000L) + .tenantId(1L) + .consultingTypeId(1) + .name("agencyName") + .dataProtectionResponsibleEntity(DataProtectionResponsibleEntity.DATA_PROTECTION_OFFICER) + .dataProtectionOfficerContactData(JsonConverter.convertToJson(dataProtectionContactDTO)) + .dataProtectionAgencyResponsibleContactData(JsonConverter.convertToJson(dataProtectionContactDTO)) + .build(); + + // when + var renderedPrivacy = centralDataProtectionTemplateService.renderPrivacyTemplateWithRenderedPlaceholderValues( + agency); + + // then + assertThat( + renderedPrivacy).isEqualTo( + "Privacy template without placeholders"); + } + @Test void renderDataProtectionTemplatePlaceholders_shouldProperlyRenderPlaceholders_If_SomeVariableDataIsMissing() {