From 82dcbee65fd6b8faf92bc3b86df21438c79ad243 Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Thu, 8 Aug 2024 18:05:17 +0200
Subject: [PATCH] OZG-6300 OZG-6433 add role check

---
 .../CollaborationVorgangProcessor.java        |  7 ++++++
 .../alfa/common/user/CurrentUserService.java  | 10 ++++----
 .../CollaborationVorgangProcessorTest.java    | 24 +++++++++++++++++--
 3 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/alfa-service/src/main/java/de/ozgcloud/alfa/collaboration/CollaborationVorgangProcessor.java b/alfa-service/src/main/java/de/ozgcloud/alfa/collaboration/CollaborationVorgangProcessor.java
index eff3647129..d8c0a04560 100644
--- a/alfa-service/src/main/java/de/ozgcloud/alfa/collaboration/CollaborationVorgangProcessor.java
+++ b/alfa-service/src/main/java/de/ozgcloud/alfa/collaboration/CollaborationVorgangProcessor.java
@@ -12,14 +12,20 @@ import org.springframework.stereotype.Component;
 
 import de.ozgcloud.alfa.common.ModelBuilder;
 import de.ozgcloud.alfa.common.command.CommandController;
+import de.ozgcloud.alfa.common.user.CurrentUserService;
+import de.ozgcloud.alfa.common.user.UserRole;
 import de.ozgcloud.alfa.vorgang.VorgangWithEingang;
+import lombok.RequiredArgsConstructor;
 
+@RequiredArgsConstructor
 @Component
 @ConditionalOnProperty("ozgcloud.feature.collaboration-enabled")
 class CollaborationVorgangProcessor implements RepresentationModelProcessor<EntityModel<VorgangWithEingang>> {
 
 	static final LinkRelation REL_CREATE_COLLABORATION_REQUEST = LinkRelation.of("createCollaborationRequest");
 
+	private final CurrentUserService currentUserService;
+
 	@Override
 	public EntityModel<VorgangWithEingang> process(EntityModel<VorgangWithEingang> model) {
 		var vorgang = model.getContent();
@@ -29,6 +35,7 @@ class CollaborationVorgangProcessor implements RepresentationModelProcessor<Enti
 		}
 
 		return ModelBuilder.fromModel(model)
+				.ifMatch(() -> currentUserService.hasRole(UserRole.VERWALTUNG_USER))
 				.addLink(linkTo(methodOn(CommandController.CommandByRelationController.class).createCommand(vorgang.getId(), vorgang.getId(),
 						vorgang.getVersion(), null)).withRel(REL_CREATE_COLLABORATION_REQUEST))
 				.buildModel();
diff --git a/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserService.java b/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserService.java
index f4a517c405..a62746f45d 100644
--- a/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserService.java
+++ b/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserService.java
@@ -29,7 +29,6 @@ import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
 
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.jwt.Jwt;
@@ -37,7 +36,9 @@ import org.springframework.stereotype.Service;
 
 import de.ozgcloud.alfa.common.binaryfile.AlfaUserWithFileId;
 import de.ozgcloud.common.errorhandling.TechnicalException;
+import lombok.RequiredArgsConstructor;
 
+@RequiredArgsConstructor
 @Service
 public class CurrentUserService {
 
@@ -51,10 +52,9 @@ public class CurrentUserService {
 	static final String KEYCLOAK_USER_GIVEN_NAME = "given_name";
 	static final String KEYCLOAK_USER_FAMILY_NAME = "family_name";
 
-	@Autowired
-	private UserService userService;
-	@Autowired
-	private RoleHierarchy roleHierarchy;
+	private final UserService userService;
+
+	private final RoleHierarchy roleHierarchy;
 
 	public boolean hasRole(String role) {
 		return CurrentUserHelper.hasRole(role) || hasRoleReachable(role);
diff --git a/alfa-service/src/test/java/de/ozgcloud/alfa/collaboration/CollaborationVorgangProcessorTest.java b/alfa-service/src/test/java/de/ozgcloud/alfa/collaboration/CollaborationVorgangProcessorTest.java
index 86b1fad98a..5a51e828cc 100644
--- a/alfa-service/src/test/java/de/ozgcloud/alfa/collaboration/CollaborationVorgangProcessorTest.java
+++ b/alfa-service/src/test/java/de/ozgcloud/alfa/collaboration/CollaborationVorgangProcessorTest.java
@@ -2,10 +2,13 @@ package de.ozgcloud.alfa.collaboration;
 
 import static de.ozgcloud.alfa.common.UserProfileUrlProviderTestFactory.*;
 import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
 import org.mockito.Spy;
 import org.springframework.hateoas.EntityModel;
 import org.springframework.hateoas.Link;
@@ -13,14 +16,20 @@ import org.springframework.hateoas.UriTemplate;
 
 import de.ozgcloud.alfa.common.UserProfileUrlProvider;
 import de.ozgcloud.alfa.common.command.CommandController;
+import de.ozgcloud.alfa.common.user.CurrentUserService;
+import de.ozgcloud.alfa.common.user.UserRole;
 import de.ozgcloud.alfa.vorgang.VorgangHeaderTestFactory;
 import de.ozgcloud.alfa.vorgang.VorgangWithEingangTestFactory;
 
 class CollaborationVorgangProcessorTest {
 
 	@Spy
+	@InjectMocks
 	private CollaborationVorgangProcessor processor;
 
+	@Mock
+	private CurrentUserService currentUserService;
+
 	private final UserProfileUrlProvider urlProvider = new UserProfileUrlProvider();
 
 	@Nested
@@ -31,7 +40,8 @@ class CollaborationVorgangProcessorTest {
 
 			@Test
 			void shouldNotAddLinksIfVorgangIsNull() {
-				var model = processor.process(new EntityModel<>() {});
+				var model = processor.process(new EntityModel<>() {
+				});
 
 				assertThat(model.hasLinks()).isFalse();
 			}
@@ -45,9 +55,10 @@ class CollaborationVorgangProcessorTest {
 				initUserProfileUrlProvider(urlProvider);
 			}
 
-
 			@Test
 			void shouldAddCreateCollaborationRequestRelation() {
+				when(currentUserService.hasRole(UserRole.VERWALTUNG_USER)).thenReturn(true);
+
 				var model = processor.process(EntityModel.of(VorgangWithEingangTestFactory.create()));
 
 				assertThat(model.getLink(CollaborationVorgangProcessor.REL_CREATE_COLLABORATION_REQUEST)).isPresent().get()
@@ -55,6 +66,15 @@ class CollaborationVorgangProcessorTest {
 						.isEqualTo(UriTemplate.of(CommandController.CommandByRelationController.COMMAND_BY_RELATION_PATH)
 								.expand(VorgangHeaderTestFactory.ID, VorgangHeaderTestFactory.ID, VorgangHeaderTestFactory.VERSION).toString());
 			}
+
+			@Test
+			void shouldNotAddCreateCollaborationRequestRelation() {
+				when(currentUserService.hasRole(UserRole.VERWALTUNG_USER)).thenReturn(false);
+
+				var model = processor.process(EntityModel.of(VorgangWithEingangTestFactory.create()));
+
+				assertThat(model.getLink(CollaborationVorgangProcessor.REL_CREATE_COLLABORATION_REQUEST)).isEmpty();
+			}
 		}
 	}
 }
-- 
GitLab