OZG-6300 OZG-6433 add role check

82dcbee6 · OZGCloud · cd7ceb7c · 82dcbee6 · 82dcbee6 · 82dcbee6
Commit 82dcbee6 authored 9 months ago by OZGCloud
--- a/alfa-service/src/main/java/de/ozgcloud/alfa/collaboration/CollaborationVorgangProcessor.java
+++ b/alfa-service/src/main/java/de/ozgcloud/alfa/collaboration/CollaborationVorgangProcessor.java
@@ -12,14 +12,20 @@ import org.springframework.stereotype.Component;
 import de.ozgcloud.alfa.common.ModelBuilder;
 import de.ozgcloud.alfa.common.command.CommandController;
+import de.ozgcloud.alfa.common.user.CurrentUserService;
+import de.ozgcloud.alfa.common.user.UserRole;
 import de.ozgcloud.alfa.vorgang.VorgangWithEingang;
+import lombok.RequiredArgsConstructor;
+@RequiredArgsConstructor
 @Component
 @ConditionalOnProperty("ozgcloud.feature.collaboration-enabled")
 class CollaborationVorgangProcessor implements RepresentationModelProcessor<EntityModel<VorgangWithEingang>> {
 	static final LinkRelation REL_CREATE_COLLABORATION_REQUEST = LinkRelation.of("createCollaborationRequest");
+	private final CurrentUserService currentUserService;
 	@Override
 	public EntityModel<VorgangWithEingang> process(EntityModel<VorgangWithEingang> model) {
 		var vorgang = model.getContent();
@@ -29,6 +35,7 @@ class CollaborationVorgangProcessor implements RepresentationModelProcessor<Enti
 		}
 		return ModelBuilder.fromModel(model)
+				.ifMatch(() -> currentUserService.hasRole(UserRole.VERWALTUNG_USER))
 				.addLink(linkTo(methodOn(CommandController.CommandByRelationController.class).createCommand(vorgang.getId(), vorgang.getId(),
 						vorgang.getVersion(), null)).withRel(REL_CREATE_COLLABORATION_REQUEST))
 				.buildModel();

--- a/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserService.java
+++ b/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserService.java
@@ -29,7 +29,6 @@ import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.jwt.Jwt;
@@ -37,7 +36,9 @@ import org.springframework.stereotype.Service;
 import de.ozgcloud.alfa.common.binaryfile.AlfaUserWithFileId;
 import de.ozgcloud.common.errorhandling.TechnicalException;
+import lombok.RequiredArgsConstructor;
+@RequiredArgsConstructor
 @Service
 public class CurrentUserService {
@@ -51,10 +52,9 @@ public class CurrentUserService {
 	static final String KEYCLOAK_USER_GIVEN_NAME = "given_name";
 	static final String KEYCLOAK_USER_FAMILY_NAME = "family_name";
-	@Autowired
+	private final UserService userService;
-	private UserService userService;
-	@Autowired
+	private final RoleHierarchy roleHierarchy;
-	private RoleHierarchy roleHierarchy;
 	public boolean hasRole(String role) {
 		return CurrentUserHelper.hasRole(role) || hasRoleReachable(role);

--- a/alfa-service/src/test/java/de/ozgcloud/alfa/collaboration/CollaborationVorgangProcessorTest.java
+++ b/alfa-service/src/test/java/de/ozgcloud/alfa/collaboration/CollaborationVorgangProcessorTest.java
@@ -2,10 +2,13 @@ package de.ozgcloud.alfa.collaboration;
 import static de.ozgcloud.alfa.common.UserProfileUrlProviderTestFactory.*;
 import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
 import org.mockito.Spy;
 import org.springframework.hateoas.EntityModel;
 import org.springframework.hateoas.Link;
@@ -13,14 +16,20 @@ import org.springframework.hateoas.UriTemplate;
 import de.ozgcloud.alfa.common.UserProfileUrlProvider;
 import de.ozgcloud.alfa.common.command.CommandController;
+import de.ozgcloud.alfa.common.user.CurrentUserService;
+import de.ozgcloud.alfa.common.user.UserRole;
 import de.ozgcloud.alfa.vorgang.VorgangHeaderTestFactory;
 import de.ozgcloud.alfa.vorgang.VorgangWithEingangTestFactory;
 class CollaborationVorgangProcessorTest {
 	@Spy
+	@InjectMocks
 	private CollaborationVorgangProcessor processor;
+	@Mock
+	private CurrentUserService currentUserService;
 	private final UserProfileUrlProvider urlProvider = new UserProfileUrlProvider();
 	@Nested
@@ -31,7 +40,8 @@ class CollaborationVorgangProcessorTest {
 			@Test
 			void shouldNotAddLinksIfVorgangIsNull() {
-				var model = processor.process(new EntityModel<>() {});
+				var model = processor.process(new EntityModel<>() {
+				});
 				assertThat(model.hasLinks()).isFalse();
 			}
@@ -45,9 +55,10 @@ class CollaborationVorgangProcessorTest {
 				initUserProfileUrlProvider(urlProvider);
 			}
 			@Test
 			void shouldAddCreateCollaborationRequestRelation() {
+				when(currentUserService.hasRole(UserRole.VERWALTUNG_USER)).thenReturn(true);
 				var model = processor.process(EntityModel.of(VorgangWithEingangTestFactory.create()));
 				assertThat(model.getLink(CollaborationVorgangProcessor.REL_CREATE_COLLABORATION_REQUEST)).isPresent().get()
@@ -55,6 +66,15 @@ class CollaborationVorgangProcessorTest {
 						.isEqualTo(UriTemplate.of(CommandController.CommandByRelationController.COMMAND_BY_RELATION_PATH)
 								.expand(VorgangHeaderTestFactory.ID, VorgangHeaderTestFactory.ID, VorgangHeaderTestFactory.VERSION).toString());
 			}
+			@Test
+			void shouldNotAddCreateCollaborationRequestRelation() {
+				when(currentUserService.hasRole(UserRole.VERWALTUNG_USER)).thenReturn(false);
+				var model = processor.process(EntityModel.of(VorgangWithEingangTestFactory.create()));
+				assertThat(model.getLink(CollaborationVorgangProcessor.REL_CREATE_COLLABORATION_REQUEST)).isEmpty();
+			}
 		}
 	}
 }