mirror of
https://github.com/valitydev/org-manager.git
synced 2024-11-06 08:25:21 +00:00
add checking invitation method with id
This commit is contained in:
parent
b97e0ea5f5
commit
d0dea25aad
@ -88,13 +88,13 @@ public class OrgsController implements OrgsApi {
|
||||
return invitationService.create(orgId, invitationRequest, xIdempotencyKey);
|
||||
}
|
||||
|
||||
// TODO что брать в контекст? (invitationId?)
|
||||
@Override
|
||||
public ResponseEntity<Invitation> getInvitation(
|
||||
String xRequestID,
|
||||
String orgId,
|
||||
String invitationId) {
|
||||
log.info("Get invitation: requestId={}, orgId={}, invitationId={}", xRequestID, orgId, invitationId);
|
||||
resourceAccessService.checkInvitationRights(orgId, invitationId);
|
||||
return invitationService.get(invitationId);
|
||||
}
|
||||
|
||||
@ -105,11 +105,11 @@ public class OrgsController implements OrgsApi {
|
||||
return invitationService.list(orgId, status);
|
||||
}
|
||||
|
||||
// TODO что брать в контекст? (invitationId?)
|
||||
@Override
|
||||
public ResponseEntity<Void> revokeInvitation(String xRequestID, String orgId, String invitationId, InlineObject1 inlineObject1) {
|
||||
log.info("Revoke invitation: requestId={}, orgId={}, invitationId={}, payload={}",
|
||||
xRequestID, orgId, invitationId, inlineObject1);
|
||||
resourceAccessService.checkInvitationRights(orgId, invitationId);
|
||||
return invitationService.revoke(orgId, invitationId, inlineObject1);
|
||||
}
|
||||
|
||||
|
@ -20,4 +20,6 @@ public interface ResourceAccessService {
|
||||
|
||||
void checkInvitationRights(String orgId, InvitationRequest invitationRequest);
|
||||
|
||||
void checkInvitationRights(String orgId, String invitationId);
|
||||
|
||||
}
|
||||
|
@ -159,4 +159,27 @@ public class ResourceAccessServiceImpl implements ResourceAccessService {
|
||||
invitation.getEmail()));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkInvitationRights(String orgId, String invitationId) {
|
||||
if (isCheckAccessDisabled()) {
|
||||
return;
|
||||
}
|
||||
String callerMethodName = StackUtils.getCallerMethodName();
|
||||
InvitationDto invitation = InvitationDto.builder()
|
||||
.invitationId(invitationId)
|
||||
.build();
|
||||
BouncerContextDto bouncerContext = BouncerContextDto.builder()
|
||||
.operationName(callerMethodName)
|
||||
.organizationId(orgId)
|
||||
.invitation(invitation)
|
||||
.build();
|
||||
log.info("Check the user's rights to perform the operation {} in organization {} with invitation {}",
|
||||
callerMethodName, orgId, invitationId);
|
||||
if (!bouncerService.havePrivileges(bouncerContext)) {
|
||||
throw new AccessDeniedException(
|
||||
String.format("No rights to perform %s in %s with invitation %s", callerMethodName, orgId,
|
||||
invitationId));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -168,6 +168,22 @@ public class OrgsControllerTest extends AbstractControllerTest {
|
||||
.anyMatch(memberRoleEntity -> memberRoleEntity.getId().equals(MEMBER_ID)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void createInvitationWithoutAccess() throws Exception {
|
||||
InvitationRequest invitation = TestData.buildInvitationRequest();
|
||||
String body = objectMapper.writeValueAsString(invitation);
|
||||
|
||||
doThrow(new AccessDeniedException("Access denied")).when(resourceAccessService)
|
||||
.checkInvitationRights(ORGANIZATION_ID, invitation);
|
||||
|
||||
mockMvc.perform(post(String.format("/orgs/%s/invitations", ORGANIZATION_ID))
|
||||
.contentType("application/json")
|
||||
.content(body)
|
||||
.header("Authorization", "Bearer " + generateRBKadminJwt())
|
||||
.header("X-Request-ID", "testRequestId"))
|
||||
.andExpect(status().isForbidden());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void createInvitationTest() throws Exception {
|
||||
InvitationRequest invitation = TestData.buildInvitationRequest();
|
||||
|
@ -234,4 +234,38 @@ class ResourceAccessServiceImplTest {
|
||||
assertDoesNotThrow(() -> resourceAccessService.checkInvitationRights(orgId, invitationRequest));
|
||||
}
|
||||
|
||||
@Test
|
||||
void checkInvitationWithIdNotEnabled() {
|
||||
accessProperties.setEnabled(false);
|
||||
var orgId = TestObjectFactory.randomString();
|
||||
var invitationId = TestObjectFactory.randomString();
|
||||
|
||||
assertDoesNotThrow(() -> resourceAccessService.checkInvitationRights(orgId, invitationId));
|
||||
|
||||
verify(bouncerService, times(0)).havePrivileges(any(BouncerContextDto.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
void checkInvitationWithIdWithoutAccess() {
|
||||
var orgId = TestObjectFactory.randomString();
|
||||
var invitationId = TestObjectFactory.randomString();
|
||||
when(bouncerService.havePrivileges(any(BouncerContextDto.class))).thenReturn(false);
|
||||
|
||||
var exception = assertThrows(AccessDeniedException.class,
|
||||
() -> resourceAccessService.checkInvitationRights(orgId, invitationId));
|
||||
|
||||
assertThat(exception.getMessage(),
|
||||
stringContainsInOrder("No rights to perform", orgId,
|
||||
invitationId));
|
||||
}
|
||||
|
||||
@Test
|
||||
void checkInvitationWithIdSuccess() {
|
||||
var orgId = TestObjectFactory.randomString();
|
||||
var invitationId = TestObjectFactory.randomString();
|
||||
when(bouncerService.havePrivileges(any(BouncerContextDto.class))).thenReturn(true);
|
||||
|
||||
assertDoesNotThrow(() -> resourceAccessService.checkInvitationRights(orgId, invitationId));
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user