TSK-1196: improved accessId check before deleting all user access items
This commit is contained in:
holgerhagen
parent
6f225ebc28
commit
8760bdceb3
|
|
@ -75,7 +75,7 @@ public class LdapClient {
|
||||||
accessIds.add(groupByDn);
|
accessIds.add(groupByDn);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
accessIds.addAll(searchUsersByName(name));
|
accessIds.addAll(searchUsersByNameOrAccessId(name));
|
||||||
accessIds.addAll(searchGroupsByName(name));
|
accessIds.addAll(searchGroupsByName(name));
|
||||||
}
|
}
|
||||||
sortListOfAccessIdResources(accessIds);
|
sortListOfAccessIdResources(accessIds);
|
||||||
|
|
@ -90,9 +90,9 @@ public class LdapClient {
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<AccessIdRepresentationModel> searchUsersByName(final String name)
|
public List<AccessIdRepresentationModel> searchUsersByNameOrAccessId(final String name)
|
||||||
throws InvalidArgumentException {
|
throws InvalidArgumentException {
|
||||||
LOGGER.debug("entry to searchUsersByName(name = {}).", name);
|
LOGGER.debug("entry to searchUsersByNameOrAccessId(name = {}).", name);
|
||||||
isInitOrFail();
|
isInitOrFail();
|
||||||
testMinSearchForLength(name);
|
testMinSearchForLength(name);
|
||||||
|
|
||||||
|
|
@ -116,7 +116,31 @@ public class LdapClient {
|
||||||
SearchControls.SUBTREE_SCOPE,
|
SearchControls.SUBTREE_SCOPE,
|
||||||
userAttributesToReturn,
|
userAttributesToReturn,
|
||||||
new UserContextMapper());
|
new UserContextMapper());
|
||||||
LOGGER.debug("exit from searchUsersByName. Retrieved the following users: {}.", accessIds);
|
LOGGER.debug(
|
||||||
|
"exit from searchUsersByNameOrAccessId. Retrieved the following users: {}.", accessIds);
|
||||||
|
return accessIds;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<AccessIdRepresentationModel> getUsersByAccessId(final String accessId) {
|
||||||
|
LOGGER.debug("entry to searchUsersByAccessId(name = {}).", accessId);
|
||||||
|
isInitOrFail();
|
||||||
|
|
||||||
|
final AndFilter andFilter = new AndFilter();
|
||||||
|
andFilter.and(new EqualsFilter(getUserSearchFilterName(), getUserSearchFilterValue()));
|
||||||
|
andFilter.and(new EqualsFilter(getUserIdAttribute(), accessId));
|
||||||
|
|
||||||
|
String[] userAttributesToReturn = {
|
||||||
|
getUserFirstnameAttribute(), getUserLastnameAttribute(), getUserIdAttribute()
|
||||||
|
};
|
||||||
|
|
||||||
|
final List<AccessIdRepresentationModel> accessIds =
|
||||||
|
ldapTemplate.search(
|
||||||
|
getUserSearchBase(),
|
||||||
|
andFilter.encode(),
|
||||||
|
SearchControls.SUBTREE_SCOPE,
|
||||||
|
userAttributesToReturn,
|
||||||
|
new UserContextMapper());
|
||||||
|
LOGGER.debug("exit from searchUsersByAccessId. Retrieved the following users: {}.", accessIds);
|
||||||
return accessIds;
|
return accessIds;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -260,8 +284,8 @@ public class LdapClient {
|
||||||
return LdapSettings.TASKANA_LDAP_GROUPS_OF_USER.getValueFromEnv(env);
|
return LdapSettings.TASKANA_LDAP_GROUPS_OF_USER.getValueFromEnv(env);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isGroup(String accessId) {
|
public boolean isUser(String accessId) {
|
||||||
return accessId.contains(getGroupSearchBase());
|
return !getUsersByAccessId(accessId).isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
boolean nameIsDn(String name) {
|
boolean nameIsDn(String name) {
|
||||||
|
|
@ -293,9 +317,8 @@ public class LdapClient {
|
||||||
String[] getLookUpGoupAttributesToReturn() {
|
String[] getLookUpGoupAttributesToReturn() {
|
||||||
if (CN.equals(getGroupNameAttribute())) {
|
if (CN.equals(getGroupNameAttribute())) {
|
||||||
return new String[] {CN};
|
return new String[] {CN};
|
||||||
} else {
|
|
||||||
return new String[] {getGroupNameAttribute(), CN};
|
|
||||||
}
|
}
|
||||||
|
return new String[] {getGroupNameAttribute(), CN};
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostConstruct
|
@PostConstruct
|
||||||
|
|
|
||||||
|
|
@ -115,7 +115,7 @@ public class WorkbasketAccessItemController extends AbstractPagingController {
|
||||||
@RequestParam("access-id") String accessId)
|
@RequestParam("access-id") String accessId)
|
||||||
throws NotAuthorizedException, InvalidArgumentException {
|
throws NotAuthorizedException, InvalidArgumentException {
|
||||||
LOGGER.debug("Entry to removeWorkbasketAccessItems(access-id= {})", accessId);
|
LOGGER.debug("Entry to removeWorkbasketAccessItems(access-id= {})", accessId);
|
||||||
if (!ldapClient.isGroup(accessId)) {
|
if (ldapClient.isUser(accessId)) {
|
||||||
List<WorkbasketAccessItem> workbasketAccessItemList =
|
List<WorkbasketAccessItem> workbasketAccessItemList =
|
||||||
workbasketService.createWorkbasketAccessItemQuery().accessIdIn(accessId).list();
|
workbasketService.createWorkbasketAccessItemQuery().accessIdIn(accessId).list();
|
||||||
|
|
||||||
|
|
@ -125,8 +125,7 @@ public class WorkbasketAccessItemController extends AbstractPagingController {
|
||||||
} else {
|
} else {
|
||||||
throw new InvalidArgumentException(
|
throw new InvalidArgumentException(
|
||||||
String.format(
|
String.format(
|
||||||
"%s corresponding to a group, not a user. "
|
"AccessId '%s' is not a user. " + "You can remove all access items for users only.",
|
||||||
+ "You just can remove access items for a user",
|
|
||||||
accessId));
|
accessId));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -120,9 +120,9 @@ class WorkbasketAccessItemControllerIntTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testRemoveWorkbasketAccessItemsOfUser() {
|
void should_deleteAllAccessItemForUser_ifValidAccessIdOfUserIsSupplied() {
|
||||||
|
|
||||||
String parameters = "?access-id=user-1-1";
|
String parameters = "?access-id=teamlead-2";
|
||||||
ResponseEntity<Void> response =
|
ResponseEntity<Void> response =
|
||||||
template.exchange(
|
template.exchange(
|
||||||
restHelper.toUrl(Mapping.URL_WORKBASKET_ACCESS_ITEMS) + parameters,
|
restHelper.toUrl(Mapping.URL_WORKBASKET_ACCESS_ITEMS) + parameters,
|
||||||
|
|
@ -134,8 +134,40 @@ class WorkbasketAccessItemControllerIntTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testGetBadRequestIfTryingToDeleteAccessItemsForGroup() {
|
void should_returnBadRequest_ifAccessIdIsSubStringOfUser() {
|
||||||
String parameters = "?access-id=cn=monitor-users,cn=groups,OU=Test,O=TASKANA";
|
String parameters = "?access-id=user-1";
|
||||||
|
ThrowingCallable httpCall =
|
||||||
|
() ->
|
||||||
|
template.exchange(
|
||||||
|
restHelper.toUrl(Mapping.URL_WORKBASKET_ACCESS_ITEMS) + parameters,
|
||||||
|
HttpMethod.DELETE,
|
||||||
|
restHelper.defaultRequest(),
|
||||||
|
ParameterizedTypeReference.forType(Void.class));
|
||||||
|
assertThatThrownBy(httpCall)
|
||||||
|
.isInstanceOf(HttpClientErrorException.class)
|
||||||
|
.extracting(ex -> ((HttpClientErrorException) ex).getStatusCode())
|
||||||
|
.isEqualTo(HttpStatus.BAD_REQUEST);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void should_returnBadRequest_ifAccessIdIsGroup() {
|
||||||
|
String parameters = "?access-id=cn=monitor-users,cn=groups,ou=test,o=taskana";
|
||||||
|
ThrowingCallable httpCall =
|
||||||
|
() ->
|
||||||
|
template.exchange(
|
||||||
|
restHelper.toUrl(Mapping.URL_WORKBASKET_ACCESS_ITEMS) + parameters,
|
||||||
|
HttpMethod.DELETE,
|
||||||
|
restHelper.defaultRequest(),
|
||||||
|
ParameterizedTypeReference.forType(Void.class));
|
||||||
|
assertThatThrownBy(httpCall)
|
||||||
|
.isInstanceOf(HttpClientErrorException.class)
|
||||||
|
.extracting(ex -> ((HttpClientErrorException) ex).getStatusCode())
|
||||||
|
.isEqualTo(HttpStatus.BAD_REQUEST);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void should_returnBadRequest_ifAccessIdIsOrganizationalGroup() {
|
||||||
|
String parameters = "?access-id=cn=organisationseinheit ksc,cn=organisation,ou=test,o=taskana";
|
||||||
ThrowingCallable httpCall =
|
ThrowingCallable httpCall =
|
||||||
() ->
|
() ->
|
||||||
template.exchange(
|
template.exchange(
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue