OZG-6988 fix secure logic / test

src/main/java/de/ozgcloud/admin/OzgCloudRestLinksConfiguration.java

@@ -65,7 +65,6 @@ class OzgCloudRestLinksConfiguration {
 class OzgCloudDelegatingRepositoryResourceMappings extends RepositoryResourceMappings {
 
 	private final Repositories repositories;
-	private final SecuredAuthorizationManager authManager = new SecuredAuthorizationManager();
 
 	public OzgCloudDelegatingRepositoryResourceMappings(Repositories repositories, PersistentEntities entities,
 			RepositoryRestConfiguration configuration) {
@@ -80,9 +79,11 @@ class OzgCloudDelegatingRepositoryResourceMappings extends RepositoryResourceMap
 	}
 
 	@RequiredArgsConstructor
-	class OzgCloudDelegatingResourceMetadata implements ResourceMetadata {
+	static class OzgCloudDelegatingResourceMetadata implements ResourceMetadata {
+
 		private final ResourceMetadata metadata;
 		private final Repositories repositories;
+		private final SecuredAuthorizationManager authManager = new SecuredAuthorizationManager();
 
 		@Override
 		public LinkRelation getItemResourceRel() {
@@ -108,7 +109,7 @@ class OzgCloudDelegatingRepositoryResourceMappings extends RepositoryResourceMap
 			var repository = repositories.getRepositoryFor(type);
 			return repository.map(repo -> authManager.check(() -> SecurityContextHolder.getContext().getAuthentication(), getFindAllInvocation(repo)))
 					.map(AuthorizationDecision::isGranted)
-					.orElse(false);
+					.orElse(true);
 		}
 
 		MethodInvocation getFindAllInvocation(Object repository) {

src/test/java/de/ozgcloud/admin/OzgCloudDelegatingResourceMetadataTest.java

+package de.ozgcloud.admin;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.*;
+
+import java.util.Optional;
+
+import org.aopalliance.intercept.MethodInvocation;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.Spy;
+import org.springframework.data.repository.support.Repositories;
+import org.springframework.data.rest.core.mapping.ResourceMetadata;
+import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.method.SecuredAuthorizationManager;
+
+import de.ozgcloud.admin.OzgCloudDelegatingRepositoryResourceMappings.OzgCloudDelegatingResourceMetadata;
+import de.ozgcloud.common.test.ReflectionTestUtils;
+
+class OzgCloudDelegatingResourceMetadataTest {
+
+	@Spy
+	@InjectMocks
+	private OzgCloudDelegatingResourceMetadata delegatingResourceMetadata;
+
+	@Mock
+	private ResourceMetadata metadata;
+	@Mock
+	private Repositories repositories;
+	@Mock
+	private SecuredAuthorizationManager authManager;
+
+	@Nested
+	class TestIsExported {
+
+		void initDefaults() {
+			doReturn(true).when(delegatingResourceMetadata).isAccessPermitted(any());
+		}
+
+		@Test
+		void shouldReturnTrue() {
+			when(metadata.isExported()).thenReturn(true);
+			doReturn(true).when(delegatingResourceMetadata).isAccessPermitted(any());
+
+			var result = delegatingResourceMetadata.isExported();
+
+			assertThat(result).isTrue();
+		}
+
+		@Test
+		void shouldReturnFalseIfNotPermitted() {
+			doReturn(false).when(delegatingResourceMetadata).isAccessPermitted(any());
+
+			var result = delegatingResourceMetadata.isExported();
+
+			assertThat(result).isFalse();
+		}
+
+		@Test
+		void shouldReturnFalseIfNotExported() {
+			doReturn(true).when(delegatingResourceMetadata).isAccessPermitted(any());
+			when(metadata.isExported()).thenReturn(false);
+
+			var result = delegatingResourceMetadata.isExported();
+
+			assertThat(result).isFalse();
+		}
+	}
+
+	@Nested
+	class TestIsAccessPermitted {
+		@Mock
+		private Object repository;
+		@Mock
+		private AuthorizationDecision decision;
+
+		@BeforeEach
+		void initMock() {
+			when(repositories.getRepositoryFor(any())).thenReturn(Optional.of(repository));
+
+			doReturn(Mockito.mock(MethodInvocation.class)).when(delegatingResourceMetadata).getFindAllInvocation(any());
+		}
+
+		@BeforeEach
+		void mockAuthManager() {
+			when(authManager.check(any(), any())).thenReturn(decision);
+
+			ReflectionTestUtils.setField(delegatingResourceMetadata, "authManager", authManager);
+		}
+
+		@Test
+		void shouldReturnTrueIfGranted() {
+			when(decision.isGranted()).thenReturn(true);
+
+			var result = delegatingResourceMetadata.isAccessPermitted(any());
+
+			assertThat(result).isTrue();
+		}
+
+		@Test
+		void shouldReturnFalseIfNotGranted() {
+			when(decision.isGranted()).thenReturn(false);
+
+			var result = delegatingResourceMetadata.isAccessPermitted(any());
+
+			assertThat(result).isFalse();
+		}
+
+		@Test
+		void shouldReturnTrueIfNotSecured() {
+			when(authManager.check(any(), any())).thenReturn(null);
+
+			var result = delegatingResourceMetadata.isAccessPermitted(any());
+
+			assertThat(result).isTrue();
+		}
+	}
+
+	@Nested
+	class TestGetFindAllInvocation {
+		@Test
+		void shouldReturnMethod() {
+
+		}
+	}
+
+}

src/test/java/de/ozgcloud/admin/reporting/ReportingSettingRepositoryITCase.java

@@ -29,7 +29,9 @@ import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.mongodb.core.MongoOperations;
+import org.springframework.security.test.context.support.WithMockUser;
 
+import de.ozgcloud.admin.common.user.UserRole;
 import de.ozgcloud.admin.setting.SettingTestFactory;
 import de.ozgcloud.common.test.DataITCase;
 
@@ -48,6 +50,7 @@ class ReportingSettingRepositoryITCase {
 	}
 
 	@Test
+	@WithMockUser(roles = UserRole.DATENBEAUFTRAGUNG)
 	void shouldLoadOnlyFieldMapping() {
 		operations.save(AggregationMappingTestFactory.create());
 		operations.save(SettingTestFactory.create());

src/test/resources/application-itcase.yaml

 logging:
   level:
     '[org.springframework.data.mongodb]': WARN
+    '[org.springframework.security]': WARN
   config: classpath:log4j2-local.xml
 
 spring: