Skip to content
Snippets Groups Projects
Commit 7e9146b6 authored by Lukas Malte Monnerjahn's avatar Lukas Malte Monnerjahn
Browse files

OZG-5176 RootModelAssembler only adds link to base path of authorized

parent cb6eeaf7
No related branches found
No related tags found
No related merge requests found
......@@ -21,6 +21,8 @@
*/
package de.ozgcloud.admin;
import de.ozgcloud.admin.common.user.CurrentUserHelper;
import de.ozgcloud.admin.common.user.UserRole;
import org.springframework.boot.autoconfigure.data.rest.RepositoryRestProperties;
import org.springframework.hateoas.EntityModel;
import org.springframework.hateoas.Link;
......@@ -30,6 +32,9 @@ import org.springframework.stereotype.Component;
import lombok.RequiredArgsConstructor;
import java.util.ArrayList;
import java.util.List;
@Component
@RequiredArgsConstructor
public class RootModelAssembler implements RepresentationModelAssembler<Root, EntityModel<Root>> {
......@@ -40,10 +45,19 @@ public class RootModelAssembler implements RepresentationModelAssembler<Root, En
@Override
public EntityModel<Root> toModel(Root root) {
var rootLink = WebMvcLinkBuilder.linkTo(RootController.class);
var configLink = rootLink.toUriComponentsBuilder().replacePath(restProperties.getBasePath());
var configLink = Link.of(
rootLink.toUriComponentsBuilder().replacePath(restProperties.getBasePath()).toUriString(),
REL_CONFIGURATION
);
List<Link> links = new ArrayList<>();
links.add(rootLink.withSelfRel());
if (CurrentUserHelper.hasRole(UserRole.ADMIN_USER)) {
links.add(configLink);
}
return EntityModel.of(
root,
Link.of(configLink.toUriString(), REL_CONFIGURATION),
rootLink.withSelfRel());
links);
}
}
......@@ -27,14 +27,14 @@ import static org.mockito.Mockito.*;
import java.util.Optional;
import de.ozgcloud.admin.common.user.CurrentUserHelper;
import de.ozgcloud.admin.common.user.UserRole;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Spy;
import org.mockito.*;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.boot.autoconfigure.data.rest.RepositoryRestProperties;
import org.springframework.hateoas.EntityModel;
......@@ -62,18 +62,37 @@ class RootModelAssemblerTest {
class TestEntityModel {
@Test
void shouldHaveHrefToBasePath() {
void shouldHaveHrefToBasePathIfAuthorized() {
try (MockedStatic<CurrentUserHelper> mockUserHelper = Mockito.mockStatic(CurrentUserHelper.class)) {
mockUserHelper.when(() -> CurrentUserHelper.hasRole(UserRole.ADMIN_USER)).thenReturn(true);
var configurationLink = toModel().getLink(REL_CONFIGURATION);
assertEquals(Optional.of(Link.of(BASE_PATH, REL_CONFIGURATION)), configurationLink);
}
}
@Test
void shouldNotHaveHrefToBasePathIfUnauthorized() {
try (MockedStatic<CurrentUserHelper> mockUserHelper = Mockito.mockStatic(CurrentUserHelper.class)) {
mockUserHelper.when(() -> CurrentUserHelper.hasRole(UserRole.ADMIN_USER)).thenReturn(false);
var configurationLink = toModel().getLink(REL_CONFIGURATION);
assertEquals(Optional.empty(), configurationLink);
}
}
@Test
void shouldHaveHrefToSelf() {
try (MockedStatic<CurrentUserHelper> mockUserHelper = Mockito.mockStatic(CurrentUserHelper.class)) {
mockUserHelper.when(() -> CurrentUserHelper.hasRole(UserRole.ADMIN_USER)).thenReturn(false);
var selfLink = toModel().getLink(IanaLinkRelations.SELF);
assertEquals(Optional.of(Link.of(RootController.PATH)), selfLink);
}
}
private EntityModel<Root> toModel() {
return modelAssembler.toModel(RootTestFactory.create());
......
......@@ -23,9 +23,11 @@
package de.ozgcloud.admin.common.user;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;
import org.mockito.MockedStatic;
import org.mockito.Mockito;
import org.springframework.security.core.Authentication;
......@@ -74,13 +76,20 @@ public class CurrentUserHelperTest {
@DisplayName("Has role")
@Nested
class TestContainsRole {
@Mock
Authentication mockAuthentication = Mockito.mock(Authentication.class);
@Mock
SecurityContext mockSecurityContext = Mockito.mock(SecurityContext.class);
@BeforeEach
void beforeEach() {
Mockito.when(mockSecurityContext.getAuthentication()).thenReturn(mockAuthentication);
}
@Test
void shouldNotHaveRoleIfNull() {
Authentication mockAuthentication = Mockito.mock(Authentication.class);
Mockito.when(mockAuthentication.getAuthorities()).thenReturn(null);
Mockito.when(mockAuthentication.getPrincipal()).thenReturn(null);
SecurityContext mockSecurityContext = Mockito.mock(SecurityContext.class);
Mockito.when(mockSecurityContext.getAuthentication()).thenReturn(mockAuthentication);
try (MockedStatic<SecurityContextHolder> contextHolder = Mockito.mockStatic(SecurityContextHolder.class)) {
contextHolder.when(SecurityContextHolder::getContext).thenReturn(mockSecurityContext);
......@@ -95,11 +104,8 @@ public class CurrentUserHelperTest {
void shouldNotHaveRole() {
List<GrantedAuthority> authorities = List.of(new SimpleGrantedAuthority(CurrentUserHelper.ROLE_PREFIX + "OTHER"));
User principal = new User("user", "password", authorities);
Authentication mockAuthentication = Mockito.mock(Authentication.class);
Mockito.<Collection<? extends GrantedAuthority>>when(mockAuthentication.getAuthorities()).thenReturn(authorities);
Mockito.when(mockAuthentication.getPrincipal()).thenReturn(principal);
SecurityContext mockSecurityContext = Mockito.mock(SecurityContext.class);
Mockito.when(mockSecurityContext.getAuthentication()).thenReturn(mockAuthentication);
try (MockedStatic<SecurityContextHolder> contextHolder = Mockito.mockStatic(SecurityContextHolder.class)) {
contextHolder.when(SecurityContextHolder::getContext).thenReturn(mockSecurityContext);
......@@ -114,11 +120,8 @@ public class CurrentUserHelperTest {
void shouldHaveRole() {
Collection<? extends GrantedAuthority> authorities = List.of(new SimpleGrantedAuthority(CurrentUserHelper.ROLE_PREFIX + UserRole.ADMIN_USER));
User principal = new User("user", "password", authorities);
Authentication mockAuthentication = Mockito.mock(Authentication.class);
Mockito.<Collection<? extends GrantedAuthority>>when(mockAuthentication.getAuthorities()).thenReturn(authorities);
Mockito.when(mockAuthentication.getPrincipal()).thenReturn(principal);
SecurityContext mockSecurityContext = Mockito.mock(SecurityContext.class);
Mockito.when(mockSecurityContext.getAuthentication()).thenReturn(mockAuthentication);
try (MockedStatic<SecurityContextHolder> contextHolder = Mockito.mockStatic(SecurityContextHolder.class)) {
contextHolder.when(SecurityContextHolder::getContext).thenReturn(mockSecurityContext);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment