TSK-1308: Fixed: return groups from LDAP, accessId is member of.

2020-06-26 14:19:11 +02:00 · 2020-06-26 14:19:11 +02:00 · 553c1d9f83
parent b321c495ba
commit 553c1d9f83
5 changed files with 54 additions and 11 deletions
--- a/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/AccessIdController.java
+++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/AccessIdController.java
@ -63,11 +63,10 @@ public class AccessIdController {
    if (!validateAccessId(accessId)) {
      throw new InvalidArgumentException("The accessId is invalid");
    }
-    List<AccessIdRepresentationModel> accessIdUsers;
+    List<AccessIdRepresentationModel> accessIds;
    ResponseEntity<List<AccessIdRepresentationModel>> response;
-    accessIdUsers = ldapClient.searchUsersAndGroups(accessId);
-    accessIdUsers.addAll(ldapClient.searchGroupsofUsersIsMember(accessId));
-    response = ResponseEntity.ok(accessIdUsers);
+    accessIds = ldapClient.searchGroupsAccessIdIsMemberOf(accessId);
+    response = ResponseEntity.ok(accessIds);
    if (LOGGER.isDebugEnabled()) {
      LOGGER.debug("Exit from getGroupsByAccessId(), returning {}", response);
    }
--- a/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java
+++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java
@ -17,6 +17,7 @@ import org.springframework.ldap.core.LdapTemplate;
 import org.springframework.ldap.core.support.AbstractContextMapper;
 import org.springframework.ldap.filter.AndFilter;
 import org.springframework.ldap.filter.EqualsFilter;
+import org.springframework.ldap.filter.LikeFilter;
 import org.springframework.ldap.filter.OrFilter;
 import org.springframework.ldap.filter.WhitespaceWildcardsFilter;
 import org.springframework.stereotype.Component;
@ -182,15 +183,15 @@ public class LdapClient {
    return accessId;
  }

-  public List<AccessIdRepresentationModel> searchGroupsofUsersIsMember(final String name)
+  public List<AccessIdRepresentationModel> searchGroupsAccessIdIsMemberOf(final String name)
      throws InvalidArgumentException {
-    LOGGER.debug("entry to searchGroupsofUsersIsMember(name = {}).", name);
+    LOGGER.debug("entry to searchGroupsAccessIdIsMemberOf(name = {}).", name);
    isInitOrFail();
    testMinSearchForLength(name);

    final AndFilter andFilter = new AndFilter();
-    andFilter.and(new WhitespaceWildcardsFilter(getGroupNameAttribute(), ""));
-    andFilter.and(new EqualsFilter(getGroupsOfUser(), name));
+    andFilter.and(new EqualsFilter(getGroupSearchFilterName(), getGroupSearchFilterValue()));
+    andFilter.and(new LikeFilter(getGroupsOfUser(), "*" + name + "*"));

    String[] userAttributesToReturn = {getUserIdAttribute(), getGroupNameAttribute()};

@ -202,7 +203,8 @@ public class LdapClient {
            userAttributesToReturn,
            new GroupContextMapper());
    LOGGER.debug(
-        "exit from searchGroupsofUsersIsMember. Retrieved the following users: {}.", accessIds);
+        "exit from searchGroupsAccessIdIsMemberOf. Retrieved the following accessIds: {}.",
+        accessIds);
    return accessIds;
  }

--- a/rest/taskana-rest-spring/src/test/java/pro/taskana/common/rest/AccessIdControllerIntTest.java
+++ b/rest/taskana-rest-spring/src/test/java/pro/taskana/common/rest/AccessIdControllerIntTest.java
@ -107,6 +107,46 @@ class AccessIdControllerIntTest {
        .isEqualTo(HttpStatus.BAD_REQUEST);
  }

+  @Test
+  void should_returnAccessIdsOfGroupsTheAccessIdIsMemberOf_ifAccessIdOfUserIsGiven() {
+    ResponseEntity<List<AccessIdRepresentationModel>> response =
+        template.exchange(
+            restHelper.toUrl(Mapping.URL_ACCESSID_GROUPS) + "?access-id=teamlead-2",
+            HttpMethod.GET,
+            restHelper.defaultRequest(),
+            ParameterizedTypeReference.forType(AccessIdListResource.class));
+
+    List<AccessIdRepresentationModel> body = response.getBody();
+    assertThat(body).isNotNull();
+    assertThat(body)
+        .extracting(AccessIdRepresentationModel::getAccessId)
+        .usingElementComparator(String.CASE_INSENSITIVE_ORDER)
+        .containsExactlyInAnyOrder(
+            "cn=ksc-teamleads,cn=groups,OU=Test,O=TASKANA",
+            "cn=business-admins,cn=groups,OU=Test,O=TASKANA",
+            "cn=monitor-users,cn=groups,OU=Test,O=TASKANA",
+            "cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA");
+  }
+
+  @Test
+  void should_returnAccessIdsOfGroupsTheAccessIdIsMemberOf_ifAccessIdOfGroupIsGiven() {
+    ResponseEntity<List<AccessIdRepresentationModel>> response =
+        template.exchange(
+            restHelper.toUrl(Mapping.URL_ACCESSID_GROUPS)
+                + "?access-id=cn=Organisationseinheit KSC 1,"
+                + "cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA",
+            HttpMethod.GET,
+            restHelper.defaultRequest(),
+            ParameterizedTypeReference.forType(AccessIdListResource.class));
+
+    List<AccessIdRepresentationModel> body = response.getBody();
+    assertThat(body).isNotNull();
+    assertThat(body)
+        .extracting(AccessIdRepresentationModel::getAccessId)
+        .usingElementComparator(String.CASE_INSENSITIVE_ORDER)
+        .containsExactlyInAnyOrder("cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA");
+  }
+
  static class AccessIdListResource extends ArrayList<AccessIdRepresentationModel> {
    private static final long serialVersionUID = 1L;
  }
--- a/rest/taskana-rest-spring/src/test/resources/application.properties
+++ b/rest/taskana-rest-spring/src/test/resources/application.properties
@ -25,13 +25,13 @@ taskana.ldap.userSearchFilterValue=person
 taskana.ldap.userFirstnameAttribute=givenName
 taskana.ldap.userLastnameAttribute=sn
 taskana.ldap.userIdAttribute=uid
-taskana.ldap.groupSearchBase=cn=groups
+taskana.ldap.groupSearchBase=
 taskana.ldap.groupSearchFilterName=objectclass
 taskana.ldap.groupSearchFilterValue=groupOfUniqueNames
 taskana.ldap.groupNameAttribute=cn
 taskana.ldap.minSearchForLength=3
 taskana.ldap.maxNumberOfReturnedAccessIds=50
-taskana.ldap.groupsOfUser=memberUid
+taskana.ldap.groupsOfUser=uniquemember
 # Embedded Spring LDAP server
 spring.ldap.embedded.base-dn= OU=Test,O=TASKANA
 spring.ldap.embedded.credential.username= uid=admin
--- a/rest/taskana-rest-spring/src/test/resources/taskana-test.ldif
+++ b/rest/taskana-rest-spring/src/test/resources/taskana-test.ldif
@ -230,6 +230,8 @@ objectclass: top
 ######################
 dn: cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
 cn: Organisationseinheit KSC
+uniquemember: cn=Organisationseinheit KSC 1,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
+uniquemember: cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
 objectclass: groupofuniquenames
 objectclass: top