OZG-5176 RootModelAssembler only adds link to base path of authorized

7e9146b6 · Lukas Malte Monnerjahn · cb6eeaf7 · 7e9146b6 · 7e9146b6 · 7e9146b6
Commit 7e9146b6 authored Mar 19, 2024 by Lukas Malte Monnerjahn
--- a/src/main/java/de/ozgcloud/admin/RootModelAssembler.java
+++ b/src/main/java/de/ozgcloud/admin/RootModelAssembler.java
@@ -21,6 +21,8 @@
 */
 package de.ozgcloud.admin;

+import de.ozgcloud.admin.common.user.CurrentUserHelper;
+import de.ozgcloud.admin.common.user.UserRole;
 import org.springframework.boot.autoconfigure.data.rest.RepositoryRestProperties;
 import org.springframework.hateoas.EntityModel;
 import org.springframework.hateoas.Link;
@@ -30,6 +32,9 @@ import org.springframework.stereotype.Component;

 import lombok.RequiredArgsConstructor;

+import java.util.ArrayList;
+import java.util.List;
+
 @Component
 @RequiredArgsConstructor
 public class RootModelAssembler implements RepresentationModelAssembler<Root, EntityModel<Root>> {
@@ -40,10 +45,19 @@ public class RootModelAssembler implements RepresentationModelAssembler<Root, En
 	@Override
 	public EntityModel<Root> toModel(Root root) {
 		var rootLink = WebMvcLinkBuilder.linkTo(RootController.class);
-		var configLink = rootLink.toUriComponentsBuilder().replacePath(restProperties.getBasePath());
+		var configLink = Link.of(
+				rootLink.toUriComponentsBuilder().replacePath(restProperties.getBasePath()).toUriString(),
+				REL_CONFIGURATION
+		);
+
+		List<Link> links = new ArrayList<>();
+		links.add(rootLink.withSelfRel());
+		if (CurrentUserHelper.hasRole(UserRole.ADMIN_USER)) {
+			links.add(configLink);
+		}
+
 		return EntityModel.of(
 				root,
-				Link.of(configLink.toUriString(), REL_CONFIGURATION),
-				rootLink.withSelfRel());
+				links);
 	}
 }
--- a/src/test/java/de/ozgcloud/admin/RootModelAssemblerTest.java
+++ b/src/test/java/de/ozgcloud/admin/RootModelAssemblerTest.java
@@ -27,14 +27,14 @@ import static org.mockito.Mockito.*;

 import java.util.Optional;

+import de.ozgcloud.admin.common.user.CurrentUserHelper;
+import de.ozgcloud.admin.common.user.UserRole;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.mockito.InjectMocks;
-import org.mockito.Mock;
-import org.mockito.Spy;
+import org.mockito.*;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.boot.autoconfigure.data.rest.RepositoryRestProperties;
 import org.springframework.hateoas.EntityModel;
@@ -62,18 +62,37 @@ class RootModelAssemblerTest {
 	class TestEntityModel {

 		@Test
-		void shouldHaveHrefToBasePath() {
+		void shouldHaveHrefToBasePathIfAuthorized() {
+			try (MockedStatic<CurrentUserHelper> mockUserHelper = Mockito.mockStatic(CurrentUserHelper.class)) {
+				mockUserHelper.when(() -> CurrentUserHelper.hasRole(UserRole.ADMIN_USER)).thenReturn(true);
+
 				var configurationLink = toModel().getLink(REL_CONFIGURATION);

 				assertEquals(Optional.of(Link.of(BASE_PATH, REL_CONFIGURATION)), configurationLink);
 			}
+		}
+
+		@Test
+		void shouldNotHaveHrefToBasePathIfUnauthorized() {
+			try (MockedStatic<CurrentUserHelper> mockUserHelper = Mockito.mockStatic(CurrentUserHelper.class)) {
+				mockUserHelper.when(() -> CurrentUserHelper.hasRole(UserRole.ADMIN_USER)).thenReturn(false);
+
+				var configurationLink = toModel().getLink(REL_CONFIGURATION);
+
+				assertEquals(Optional.empty(), configurationLink);
+			}
+		}

 		@Test
 		void shouldHaveHrefToSelf() {
+			try (MockedStatic<CurrentUserHelper> mockUserHelper = Mockito.mockStatic(CurrentUserHelper.class)) {
+				mockUserHelper.when(() -> CurrentUserHelper.hasRole(UserRole.ADMIN_USER)).thenReturn(false);
+
 				var selfLink = toModel().getLink(IanaLinkRelations.SELF);

 				assertEquals(Optional.of(Link.of(RootController.PATH)), selfLink);
 			}
+		}

 		private EntityModel<Root> toModel() {
 			return modelAssembler.toModel(RootTestFactory.create());

--- a/src/test/java/de/ozgcloud/admin/common/user/CurrentUserHelperTest.java
+++ b/src/test/java/de/ozgcloud/admin/common/user/CurrentUserHelperTest.java
@@ -23,9 +23,11 @@

 package de.ozgcloud.admin.common.user;

+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
+import org.mockito.Mock;
 import org.mockito.MockedStatic;
 import org.mockito.Mockito;
 import org.springframework.security.core.Authentication;
@@ -74,13 +76,20 @@ public class CurrentUserHelperTest {
 	@DisplayName("Has role")
 	@Nested
 	class TestContainsRole {
+		@Mock
+		Authentication mockAuthentication = Mockito.mock(Authentication.class);
+		@Mock
+		SecurityContext mockSecurityContext = Mockito.mock(SecurityContext.class);
+
+		@BeforeEach
+		void beforeEach() {
+			Mockito.when(mockSecurityContext.getAuthentication()).thenReturn(mockAuthentication);
+		}
+
 		@Test
 		void shouldNotHaveRoleIfNull() {
-			Authentication mockAuthentication = Mockito.mock(Authentication.class);
 			Mockito.when(mockAuthentication.getAuthorities()).thenReturn(null);
 			Mockito.when(mockAuthentication.getPrincipal()).thenReturn(null);
-			SecurityContext mockSecurityContext = Mockito.mock(SecurityContext.class);
-			Mockito.when(mockSecurityContext.getAuthentication()).thenReturn(mockAuthentication);

 			try (MockedStatic<SecurityContextHolder> contextHolder = Mockito.mockStatic(SecurityContextHolder.class)) {
 				contextHolder.when(SecurityContextHolder::getContext).thenReturn(mockSecurityContext);
@@ -95,11 +104,8 @@ public class CurrentUserHelperTest {
 		void shouldNotHaveRole() {
 			List<GrantedAuthority> authorities = List.of(new SimpleGrantedAuthority(CurrentUserHelper.ROLE_PREFIX + "OTHER"));
 			User principal = new User("user", "password", authorities);
-			Authentication mockAuthentication = Mockito.mock(Authentication.class);
 			Mockito.<Collection<? extends GrantedAuthority>>when(mockAuthentication.getAuthorities()).thenReturn(authorities);
 			Mockito.when(mockAuthentication.getPrincipal()).thenReturn(principal);
-			SecurityContext mockSecurityContext = Mockito.mock(SecurityContext.class);
-			Mockito.when(mockSecurityContext.getAuthentication()).thenReturn(mockAuthentication);

 			try (MockedStatic<SecurityContextHolder> contextHolder = Mockito.mockStatic(SecurityContextHolder.class)) {
 				contextHolder.when(SecurityContextHolder::getContext).thenReturn(mockSecurityContext);
@@ -114,11 +120,8 @@ public class CurrentUserHelperTest {
 		void shouldHaveRole() {
 			Collection<? extends GrantedAuthority> authorities = List.of(new SimpleGrantedAuthority(CurrentUserHelper.ROLE_PREFIX + UserRole.ADMIN_USER));
 			User principal = new User("user", "password", authorities);
-			Authentication mockAuthentication = Mockito.mock(Authentication.class);
 			Mockito.<Collection<? extends GrantedAuthority>>when(mockAuthentication.getAuthorities()).thenReturn(authorities);
 			Mockito.when(mockAuthentication.getPrincipal()).thenReturn(principal);
-			SecurityContext mockSecurityContext = Mockito.mock(SecurityContext.class);
-			Mockito.when(mockSecurityContext.getAuthentication()).thenReturn(mockAuthentication);

 			try (MockedStatic<SecurityContextHolder> contextHolder = Mockito.mockStatic(SecurityContextHolder.class)) {
 				contextHolder.when(SecurityContextHolder::getContext).thenReturn(mockSecurityContext);