Skip to content
Snippets Groups Projects
Commit 7e64d1d6 authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Permission controller: allowed retrieval of own permissions for non-admin users

parent f2598703
No related branches found
No related tags found
No related merge requests found
Pipeline #7552 passed
Stage: test
Stage: deploy
Stage: publish
Hide whitespace changes
Inline Side-by-side
gms/pom.xml
+ 3
0
View file @ 7e64d1d6
......@@ -155,6 +155,9 @@
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.22.2</version>
<configuration>
<trimStackTrace>false</trimStackTrace>
</configuration>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
......
gms/src/main/java/it/inaf/ia2/gms/controller/PermissionsController.java
+ 19
4
View file @ 7e64d1d6
......@@ -27,6 +27,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
......@@ -128,10 +129,24 @@ public class PermissionsController {
GroupEntity groupEntity = groupNameService.getGroupFromNames(groupNames);
if (userId.isPresent()) {
try ( PrintWriter pw = new PrintWriter(response.getOutputStream())) {
for (UserPermission userPermission : searchService.getUserPermission(groupEntity, userId.get(), permissionsManager.getCurrentUserPermissions(groupEntity))) {
String group = groupNameService.getCompleteName(userPermission.getGroupCompleteName());
pw.println(group + " " + userPermission.getPermission());
if (userId.get().equals(request.getUserPrincipal().getName())) {
// asking my permissions
try ( PrintWriter pw = new PrintWriter(response.getOutputStream())) {
List<PermissionEntity> userPermissions = permissionsManager.getCurrentUserPermissions();
Map<String, List<String>> namesMap = groupNameService.getNamesFromIds(userPermissions.stream()
.map(pe -> pe.getGroupId()).collect(Collectors.toSet()));
for (PermissionEntity pe : userPermissions) {
pw.println(groupNameService.getCompleteName(namesMap.get(pe.getGroupId())) + " " + pe.getPermission());
}
}
} else {
try ( PrintWriter pw = new PrintWriter(response.getOutputStream())) {
for (UserPermission userPermission : searchService.getUserPermission(groupEntity, userId.get(), permissionsManager.getCurrentUserPermissions(groupEntity))) {
String group = groupNameService.getCompleteName(userPermission.getGroupCompleteName());
pw.println(group + " " + userPermission.getPermission());
}
}
}
} else {
......
gms/src/test/java/it/inaf/ia2/gms/controller/PermissionsControllerTest.java
+ 19
0
View file @ 7e64d1d6
......@@ -21,7 +21,9 @@ import it.inaf.ia2.gms.service.SearchService;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import static org.hamcrest.CoreMatchers.is;
import org.junit.Before;
import org.junit.Test;
......@@ -148,6 +150,23 @@ public class PermissionsControllerTest {
.andExpect(content().string("rap_user ADMIN\n"));
}
@Test
public void testGetMyPermissions() throws Exception {
when(groupsDAO.findGroupById("ROOT")).thenReturn(Optional.of(new GroupEntity()));
when(groupsDAO.getGroupCompleteNamesFromId(Set.of("group_id"))).thenReturn(Map.of("group_id", "TNG"));
PermissionEntity pe = new PermissionEntity();
pe.setGroupId("group_id");
pe.setPermission(Permission.VIEW_MEMBERS);
when(permissionsManager.getCurrentUserPermissions()).thenReturn(List.of(pe));
mockMvc.perform(get("/permission?user_id=TEST_PRINCIPAL").principal(getPrincipal())
.accept(MediaType.TEXT_PLAIN))
.andExpect(status().isOk())
.andExpect(content().string("TNG VIEW_MEMBERS\n"));
}
@Test
public void testGetUserPermissions() throws Exception {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment