Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SELC-4811] Feat: Added @PreAuthorize in suspendUserGroup API #441

Merged
merged 4 commits into from
May 14, 2024
Merged

[SELC-4811] Feat: Added @PreAuthorize in suspendUserGroup API #441

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4ba22e0
[SELC-4810] Added @PreAuthorize in activateUserGroup API, added retre…
flaminiaScarciofolo May 14, 2024
d8dcc9e
[SELC-4811] Added @PreAuthorize in suspendUserGroup API
flaminiaScarciofolo May 14, 2024
b869488
[SELC-4810] Added @PreAuthorize in activateUserGroup API, added retre…
flaminiaScarciofolo May 14, 2024
56d753d
Merge branch 'feature/SELC-4810' into feature/SELC-4811
flaminiaScarciofolo May 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion web/src/main/java/it/pagopa/selfcare/dashboard/web/config/MethodSecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import it.pagopa.selfcare.dashboard.connector.api.MsCoreConnector;
import it.pagopa.selfcare.dashboard.connector.api.UserApiConnector;
import it.pagopa.selfcare.dashboard.connector.api.UserGroupConnector;
import it.pagopa.selfcare.dashboard.web.security.SelfCarePermissionEvaluator;
import it.pagopa.selfcare.dashboard.web.security.SelfCarePermissionEvaluatorV2;
import org.springframework.beans.factory.annotation.Value;
Expand All @@ -17,13 +18,18 @@ public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {

private final MsCoreConnector msCoreConnector;
private final UserApiConnector userApiConnector;

private final UserGroupConnector userGroupConnector;

private final String securityConnectorType;

public MethodSecurityConfig(MsCoreConnector msCoreConnector,
UserApiConnector userApiConnector,
UserGroupConnector userGroupConnector,
@Value("${dashboard.security.connector}") String securityConnectorType) {
this.msCoreConnector = msCoreConnector;
this.userApiConnector = userApiConnector;
this.userGroupConnector = userGroupConnector;
this.securityConnectorType = securityConnectorType;
}

Expand All @@ -33,7 +39,7 @@ protected MethodSecurityExpressionHandler createExpressionHandler() {
if(securityConnectorType.equalsIgnoreCase("v1")) {
expressionHandler.setPermissionEvaluator(new SelfCarePermissionEvaluator(msCoreConnector));
}else {
expressionHandler.setPermissionEvaluator(new SelfCarePermissionEvaluatorV2(userApiConnector));
expressionHandler.setPermissionEvaluator(new SelfCarePermissionEvaluatorV2(userApiConnector, userGroupConnector));
}
return expressionHandler;
}
Expand Down
3 changes: 3 additions & 0 deletions web/src/main/java/it/pagopa/selfcare/dashboard/web/controller/UserGroupV2Controller.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import org.springframework.data.domain.Pageable;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletResponse;
Expand Down Expand Up @@ -60,6 +61,7 @@ public void deleteUserGroup(@ApiParam("${swagger.dashboard.user-group.model.id}"
@PostMapping(value = "/{id}/activate", produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseStatus(HttpStatus.NO_CONTENT)
@ApiOperation(value = "", notes = "${swagger.dashboard.user-group.api.activateUserGroup}")
@PreAuthorize("hasPermission(#id, 'UserGroupResource', 'ADMIN')")
public void activateUserGroup(@ApiParam("${swagger.dashboard.user-group.model.id}")
@PathVariable("id") String id) {
log.trace("activateGroup start");
Expand All @@ -71,6 +73,7 @@ public void activateUserGroup(@ApiParam("${swagger.dashboard.user-group.model.id
@PostMapping(value = "/{id}/suspend", produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseStatus(HttpStatus.NO_CONTENT)
@ApiOperation(value = "", notes = "${swagger.dashboard.user-group.api.suspendUserGroup}")
@PreAuthorize("hasPermission(#id, 'UserGroupResource', 'ADMIN')")
public void suspendUserGroup(@ApiParam("${swagger.dashboard.user-group.model.id}")
@PathVariable("id") String id) {
log.trace("suspendGroup start");
Expand Down
14 changes: 13 additions & 1 deletion ...rc/main/java/it/pagopa/selfcare/dashboard/web/security/SelfCarePermissionEvaluatorV2.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,10 @@

import it.pagopa.selfcare.commons.base.logging.LogUtils;
import it.pagopa.selfcare.dashboard.connector.api.UserApiConnector;
import it.pagopa.selfcare.dashboard.connector.api.UserGroupConnector;
import it.pagopa.selfcare.dashboard.connector.model.groups.UserGroupInfo;
import it.pagopa.selfcare.dashboard.web.model.InstitutionResource;
import it.pagopa.selfcare.dashboard.web.model.user_groups.UserGroupResource;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
Expand All @@ -14,8 +17,11 @@
public class SelfCarePermissionEvaluatorV2 implements PermissionEvaluator {
private final UserApiConnector userApiConnector;

public SelfCarePermissionEvaluatorV2(UserApiConnector userApiConnector) {
private final UserGroupConnector userGroupConnector;

public SelfCarePermissionEvaluatorV2(UserApiConnector userApiConnector, UserGroupConnector userGroupConnector) {
this.userApiConnector = userApiConnector;
this.userGroupConnector = userGroupConnector;
}


Expand Down Expand Up @@ -53,6 +59,12 @@ public boolean hasPermission(Authentication authentication, Serializable targetI
result = userApiConnector.hasPermission(targetId.toString(), permission.toString(), null);
}

if (targetId != null && UserGroupResource.class.getSimpleName().equals(targetType)) {
Assert.notNull(targetId.toString(), "UserGroupId is required");
UserGroupInfo userGroupInfo = userGroupConnector.getUserGroupById(targetId.toString());
result = userApiConnector.hasPermission(userGroupInfo.getInstitutionId(), permission.toString(), userGroupInfo.getProductId());
}

log.debug("check Permission result = {}", result);
log.trace("check Permission end");
return result;
Expand Down
42 changes: 42 additions & 0 deletions ...est/java/it/pagopa/selfcare/dashboard/web/security/SelfCarePermissionEvaluatorV2Test.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,10 @@
import it.pagopa.selfcare.commons.base.security.ProductGrantedAuthority;
import it.pagopa.selfcare.commons.base.security.SelfCareGrantedAuthority;
import it.pagopa.selfcare.dashboard.connector.api.UserApiConnector;
import it.pagopa.selfcare.dashboard.connector.api.UserGroupConnector;
import it.pagopa.selfcare.dashboard.connector.model.groups.UserGroupInfo;
import it.pagopa.selfcare.dashboard.web.model.InstitutionResource;
import it.pagopa.selfcare.dashboard.web.model.user_groups.UserGroupResource;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.api.function.Executable;
Expand All @@ -30,6 +33,9 @@ class SelfCarePermissionEvaluatorV2Test {
@MockBean
UserApiConnector userApiConnector;

@MockBean
UserGroupConnector userGroupConnector;

@Autowired
SelfCarePermissionEvaluatorV2 permissionEvaluator;

Expand Down Expand Up @@ -174,4 +180,40 @@ void hasPermission_withTargetId_targetTypeInstitutionResource_permitted() {
assertTrue(hasPermission);
}

@Test
void hasPermission_withTargetId_targetTypeUserGroupResource_permitted() {
// given
Serializable targetId = "groupId";
String targetType = UserGroupResource.class.getSimpleName();
String permission = ADMIN.toString();
UserGroupInfo userGroupResource = new UserGroupInfo();
userGroupResource.setId(targetId.toString());
userGroupResource.setInstitutionId("institutionId");
userGroupResource.setProductId("productId");
when(userGroupConnector.getUserGroupById(targetId.toString())).thenReturn(userGroupResource);
when(userApiConnector.hasPermission(userGroupResource.getInstitutionId(), permission, userGroupResource.getProductId())).thenReturn(true);
TestingAuthenticationToken authentication = new TestingAuthenticationToken("username", "password", permission);
boolean hasPermission = permissionEvaluator.hasPermission(authentication, targetId, targetType, permission);
// then
assertTrue(hasPermission);
}

@Test
void hasPermission_withTargetId_targetTypeUserGroupResource_not_permitted() {
// given
Serializable targetId = "groupId";
String targetType = UserGroupResource.class.getSimpleName();
String permission = ADMIN.toString();
UserGroupInfo userGroupResource = new UserGroupInfo();
userGroupResource.setId(targetId.toString());
userGroupResource.setInstitutionId("institutionId");
userGroupResource.setProductId("productId");
when(userGroupConnector.getUserGroupById(targetId.toString())).thenReturn(userGroupResource);
when(userApiConnector.hasPermission(userGroupResource.getInstitutionId(), permission, userGroupResource.getProductId())).thenReturn(false);
TestingAuthenticationToken authentication = new TestingAuthenticationToken("username", "password", permission);
boolean hasPermission = permissionEvaluator.hasPermission(authentication, targetId, targetType, permission);
// then
assertFalse(hasPermission);
}

}
Loading