diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/AccessEndpointUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/AccessEndpointUnitTest.java
index 69d817afb763fa47b878b71fb315bb8dbb02f750..f091d79ad5b6f036006f4ba04d1b597151640da2 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/AccessEndpointUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/AccessEndpointUnitTest.java
@@ -1,6 +1,7 @@
package at.tuwien.endpoints;
import at.tuwien.mapper.MetadataMapper;
+import at.tuwien.service.UserService;
import at.tuwien.test.AbstractUnitTest;
import at.tuwien.api.database.AccessTypeDto;
import at.tuwien.api.database.DatabaseAccessDto;
@@ -43,7 +44,7 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
private DatabaseRepository databaseRepository;
@MockBean
- private UserRepository userRepository;
+ private UserService userService;
@Autowired
private AccessEndpoint accessEndpoint;
@@ -57,17 +58,27 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
/* test */
assertThrows(org.springframework.security.access.AccessDeniedException.class, () -> {
- generic_create(null, USER_2_ID, null, null);
+ generic_create(null, null, null);
});
}
@Test
- @WithMockUser(username = USER_4_USERNAME)
+ @WithMockUser(username = USER_2_USERNAME)
public void create_noRoleNoAccess_fails() {
/* test */
assertThrows(org.springframework.security.access.AccessDeniedException.class, () -> {
- generic_create(USER_2_PRINCIPAL, USER_4_ID, USER_4_USERNAME, USER_4);
+ generic_create(USER_2_PRINCIPAL, USER_2, USER_4);
+ });
+ }
+
+ @Test
+ @WithMockUser(username = USER_2_USERNAME, authorities = {"create-database-access"})
+ public void create_notOwner_fails() {
+
+ /* test */
+ assertThrows(NotAllowedException.class, () -> {
+ generic_create(USER_2_PRINCIPAL, USER_2, USER_4);
});
}
@@ -77,12 +88,8 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
DatabaseNotFoundException, UserNotFoundException, AccessNotFoundException, SearchServiceException,
SearchServiceConnectionException {
- /* mock */
- when(accessService.create(eq(DATABASE_1), eq(USER_2), any(AccessTypeDto.class)))
- .thenReturn(DATABASE_1_USER_1_READ_ACCESS);
-
/* test */
- generic_create(USER_2_PRINCIPAL, USER_2_ID, USER_2_USERNAME, USER_2);
+ generic_create(USER_1_PRINCIPAL, USER_1, USER_2);
}
@Test
@@ -129,17 +136,17 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
/* test */
assertThrows(org.springframework.security.access.AccessDeniedException.class, () -> {
- generic_update(null, USER_4_USERNAME, USER_4, null, null);
+ generic_update(null, null, null, USER_2);
});
}
@Test
- @WithMockUser(username = USER_1_USERNAME, authorities = {"update-database-access"})
- public void update_hasRoleNoAccess_fails() {
+ @WithMockUser(username = USER_2_USERNAME, authorities = {"update-database-access"})
+ public void update_notOwner_fails() {
/* test */
assertThrows(NotAllowedException.class, () -> {
- generic_update(null, USER_4_USERNAME, USER_4, USER_1_PRINCIPAL, USER_1);
+ generic_update(null, USER_2_PRINCIPAL, USER_2, USER_4);
});
}
@@ -149,7 +156,7 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
/* test */
assertThrows(org.springframework.security.access.AccessDeniedException.class, () -> {
- generic_update(null, USER_4_USERNAME, USER_4, USER_4_PRINCIPAL, USER_4);
+ generic_update(null, USER_4_PRINCIPAL, USER_4, USER_2);
});
}
@@ -165,7 +172,7 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
.update(eq(DATABASE_1), eq(USER_2), any(AccessTypeDto.class));
/* test */
- generic_update(DATABASE_1_USER_2_WRITE_OWN_ACCESS, USER_2_USERNAME, USER_2, USER_2_PRINCIPAL, USER_2);
+ generic_update(DATABASE_1_USER_2_WRITE_OWN_ACCESS, USER_1_PRINCIPAL, USER_1, USER_2);
}
@Test
@@ -174,7 +181,7 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
/* test */
assertThrows(org.springframework.security.access.AccessDeniedException.class, () -> {
- generic_revoke(USER_1_PRINCIPAL, USER_1);
+ generic_revoke(USER_1_PRINCIPAL, null, USER_1);
});
}
@@ -184,7 +191,17 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
/* test */
assertThrows(org.springframework.security.access.AccessDeniedException.class, () -> {
- generic_revoke(USER_4_PRINCIPAL, USER_4);
+ generic_revoke(USER_4_PRINCIPAL, USER_4, USER_2);
+ });
+ }
+
+ @Test
+ @WithMockUser(username = USER_2_USERNAME, authorities = {"delete-database-access"})
+ public void revoke_notOwner_fails() {
+
+ /* test */
+ assertThrows(NotAllowedException.class, () -> {
+ generic_revoke(USER_2_PRINCIPAL, USER_2, USER_4);
});
}
@@ -200,14 +217,14 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
.delete(DATABASE_1, USER_2);
/* test */
- generic_revoke(USER_1_PRINCIPAL, USER_1);
+ generic_revoke(USER_1_PRINCIPAL, USER_1, USER_2);
}
/* ################################################################################################### */
/* ## GENERIC TEST CASES ## */
/* ################################################################################################### */
- protected void generic_create(Principal principal, UUID userId, String username, User user)
+ protected void generic_create(Principal principal, User caller, User user)
throws NotAllowedException, DataServiceException, DataServiceConnectionException, UserNotFoundException,
DatabaseNotFoundException, AccessNotFoundException, SearchServiceException,
SearchServiceConnectionException {
@@ -218,16 +235,25 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
doThrow(AccessNotFoundException.class)
.when(accessService)
.find(DATABASE_1, user);
+ if (principal != null) {
+ when(userService.findByUsername(principal.getName()))
+ .thenReturn(caller);
+ } else {
+ doThrow(UserNotFoundException.class)
+ .when(userService)
+ .findByUsername(anyString());
+ }
if (user != null) {
- when(userRepository.findByUsername(username))
- .thenReturn(Optional.of(user));
+ when(userService.findById(user.getId()))
+ .thenReturn(user);
} else {
- when(userRepository.findByUsername(anyString()))
- .thenReturn(Optional.empty());
+ doThrow(UserNotFoundException.class)
+ .when(userService)
+ .findByUsername(anyString());
}
/* test */
- final ResponseEntity<?> response = accessEndpoint.create(DATABASE_1_ID, userId, UPDATE_DATABASE_ACCESS_READ_DTO, principal);
+ final ResponseEntity<?> response = accessEndpoint.create(DATABASE_1_ID, user == null ? null : user.getId(), UPDATE_DATABASE_ACCESS_READ_DTO, principal);
assertEquals(HttpStatus.ACCEPTED, response.getStatusCode());
assertNull(response.getBody());
}
@@ -239,8 +265,8 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
/* mock */
when(databaseRepository.findById(databaseId))
.thenReturn(Optional.of(database));
- when(userRepository.findById(userId))
- .thenReturn(Optional.of(user));
+ when(userService.findById(userId))
+ .thenReturn(user);
if (access != null) {
log.trace("mock access {} for user with id {} for database with id {}", access.getType(), userId, databaseId);
when(accessService.find(database, user))
@@ -252,8 +278,8 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
.find(database, user);
}
if (principal != null) {
- when(userRepository.findByUsername(principal.getName()))
- .thenReturn(Optional.of(user));
+ when(userService.findByUsername(principal.getName()))
+ .thenReturn(user);
}
/* test */
@@ -268,8 +294,8 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
}
}
- protected void generic_update(DatabaseAccess access, String otherUsername, User otherUser, Principal principal,
- User user) throws NotAllowedException, DataServiceException, DataServiceConnectionException,
+ protected void generic_update(DatabaseAccess access, Principal principal, User caller, User user)
+ throws NotAllowedException, DataServiceException, DataServiceConnectionException,
AccessNotFoundException, UserNotFoundException, DatabaseNotFoundException, SearchServiceException,
SearchServiceConnectionException {
@@ -286,19 +312,20 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
.when(accessService)
.find(DATABASE_1, USER_1);
}
- if (otherUsername != null) {
- when(userRepository.findByUsername(otherUsername))
- .thenReturn(Optional.of(otherUser));
+ if (user != null) {
+ when(userService.findByUsername(user.getUsername()))
+ .thenReturn(user);
} else {
- when(userRepository.findByUsername(anyString()))
- .thenReturn(Optional.empty());
+ doThrow(UserNotFoundException.class)
+ .when(userService.findByUsername(anyString()));
}
if (principal != null) {
- when(userRepository.findByUsername(principal.getName()))
- .thenReturn(Optional.of(user));
+ when(userService.findByUsername(principal.getName()))
+ .thenReturn(caller);
} else {
- when(userRepository.findByUsername(anyString()))
- .thenReturn(Optional.empty());
+ doThrow(UserNotFoundException.class)
+ .when(userService)
+ .findByUsername(anyString());
}
/* test */
@@ -307,7 +334,7 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
assertNull(response.getBody());
}
- protected void generic_revoke(Principal principal, User user) throws DataServiceConnectionException,
+ protected void generic_revoke(Principal principal, User caller, User user) throws DataServiceConnectionException,
NotAllowedException, DataServiceException, UserNotFoundException, DatabaseNotFoundException,
AccessNotFoundException, SearchServiceException, SearchServiceConnectionException {
@@ -316,9 +343,13 @@ public class AccessEndpointUnitTest extends AbstractUnitTest {
.thenReturn(DATABASE_1_USER_1_READ_ACCESS);
when(databaseRepository.findById(DATABASE_1_ID))
.thenReturn(Optional.of(DATABASE_1));
+ if (user != null) {
+ when(userService.findById(user.getId()))
+ .thenReturn(user);
+ }
if (principal != null) {
- when(userRepository.findByUsername(principal.getName()))
- .thenReturn(Optional.of(user));
+ when(userService.findByUsername(principal.getName()))
+ .thenReturn(caller);
}
/* test */
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AccessServiceUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AccessServiceUnitTest.java
index fa939b0cb1795b08257b743ddb239bd075871cf0..0e1822cabd1accbb7a4420fa5ed6fceac8ae142c 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AccessServiceUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AccessServiceUnitTest.java
@@ -66,10 +66,12 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
public void find_succeeds() throws AccessNotFoundException {
/* mock */
+ when(databaseRepository.save(any(Database.class)))
+ .thenReturn(DATABASE_1);
/* test */
final DatabaseAccess response = accessService.find(DATABASE_1, USER_1);
- assertEquals(AccessType.READ, response.getType());
+ assertEquals(AccessType.WRITE_ALL, response.getType());
}
@Test
@@ -80,7 +82,7 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
when(databaseRepository.save(any(Database.class)))
.thenReturn(DATABASE_1);
when(dataServiceRestTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class)))
- .thenReturn(ResponseEntity.status(HttpStatus.CREATED)
+ .thenReturn(ResponseEntity.status(HttpStatus.ACCEPTED)
.build());
when(searchServiceRestTemplate.exchange(anyString(), eq(HttpMethod.PUT), any(HttpEntity.class), eq(DatabaseDto.class)))
.thenReturn(ResponseEntity.status(HttpStatus.ACCEPTED)
@@ -94,6 +96,8 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
public void create_dataService400_fails() {
/* mock */
+ when(databaseRepository.save(any(Database.class)))
+ .thenReturn(DATABASE_1);
doThrow(HttpClientErrorException.BadRequest.class)
.when(dataServiceRestTemplate)
.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class));
@@ -108,6 +112,8 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
public void create_dataService403_fails() {
/* mock */
+ when(databaseRepository.save(any(Database.class)))
+ .thenReturn(DATABASE_1);
doThrow(HttpClientErrorException.Unauthorized.class)
.when(dataServiceRestTemplate)
.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class));
@@ -122,6 +128,8 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
public void create_dataService404_fails() {
/* mock */
+ when(databaseRepository.save(any(Database.class)))
+ .thenReturn(DATABASE_1);
doThrow(HttpClientErrorException.NotFound.class)
.when(dataServiceRestTemplate)
.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class));
@@ -136,6 +144,8 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
public void create_dataService500_fails() {
/* mock */
+ when(databaseRepository.save(any(Database.class)))
+ .thenReturn(DATABASE_1);
doThrow(HttpServerErrorException.InternalServerError.class)
.when(dataServiceRestTemplate)
.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class));
@@ -153,7 +163,7 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
when(databaseRepository.save(any(Database.class)))
.thenReturn(DATABASE_1);
when(dataServiceRestTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class)))
- .thenReturn(ResponseEntity.status(HttpStatus.CREATED)
+ .thenReturn(ResponseEntity.status(HttpStatus.ACCEPTED)
.build());
doThrow(HttpClientErrorException.BadRequest.class)
.when(searchServiceRestTemplate)
@@ -172,7 +182,7 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
when(databaseRepository.save(any(Database.class)))
.thenReturn(DATABASE_1);
when(dataServiceRestTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class)))
- .thenReturn(ResponseEntity.status(HttpStatus.CREATED)
+ .thenReturn(ResponseEntity.status(HttpStatus.ACCEPTED)
.build());
doThrow(HttpClientErrorException.Unauthorized.class)
.when(searchServiceRestTemplate)
@@ -191,7 +201,7 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
when(databaseRepository.save(any(Database.class)))
.thenReturn(DATABASE_1);
when(dataServiceRestTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class)))
- .thenReturn(ResponseEntity.status(HttpStatus.CREATED)
+ .thenReturn(ResponseEntity.status(HttpStatus.ACCEPTED)
.build());
doThrow(HttpClientErrorException.NotFound.class)
.when(searchServiceRestTemplate)
@@ -210,7 +220,7 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
when(databaseRepository.save(any(Database.class)))
.thenReturn(DATABASE_1);
when(dataServiceRestTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class)))
- .thenReturn(ResponseEntity.status(HttpStatus.CREATED)
+ .thenReturn(ResponseEntity.status(HttpStatus.ACCEPTED)
.build());
doThrow(HttpServerErrorException.InternalServerError.class)
.when(searchServiceRestTemplate)
@@ -244,6 +254,8 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
public void update_dataService400_fails() {
/* mock */
+ when(databaseRepository.save(any(Database.class)))
+ .thenReturn(DATABASE_1);
doThrow(HttpClientErrorException.BadRequest.class)
.when(dataServiceRestTemplate)
.exchange(anyString(), eq(HttpMethod.PUT), any(HttpEntity.class), eq(Void.class));
@@ -258,6 +270,8 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
public void update_dataService403_fails() {
/* mock */
+ when(databaseRepository.save(any(Database.class)))
+ .thenReturn(DATABASE_1);
doThrow(HttpClientErrorException.Unauthorized.class)
.when(dataServiceRestTemplate)
.exchange(anyString(), eq(HttpMethod.PUT), any(HttpEntity.class), eq(Void.class));
@@ -272,6 +286,8 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
public void update_dataService404_fails() {
/* mock */
+ when(databaseRepository.save(any(Database.class)))
+ .thenReturn(DATABASE_1);
doThrow(HttpClientErrorException.NotFound.class)
.when(dataServiceRestTemplate)
.exchange(anyString(), eq(HttpMethod.PUT), any(HttpEntity.class), eq(Void.class));
@@ -286,6 +302,8 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
public void update_dataService500_fails() {
/* mock */
+ when(databaseRepository.save(any(Database.class)))
+ .thenReturn(DATABASE_1);
doThrow(HttpServerErrorException.InternalServerError.class)
.when(dataServiceRestTemplate)
.exchange(anyString(), eq(HttpMethod.PUT), any(HttpEntity.class), eq(Void.class));
@@ -396,6 +414,8 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
public void delete_dataService403_fails() {
/* mock */
+ when(databaseRepository.save(any(Database.class)))
+ .thenReturn(DATABASE_1);
doThrow(HttpClientErrorException.Unauthorized.class)
.when(dataServiceRestTemplate)
.exchange(anyString(), eq(HttpMethod.DELETE), any(HttpEntity.class), eq(Void.class));
@@ -410,6 +430,8 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
public void delete_dataService404_fails() {
/* mock */
+ when(databaseRepository.save(any(Database.class)))
+ .thenReturn(DATABASE_1);
doThrow(HttpClientErrorException.NotFound.class)
.when(dataServiceRestTemplate)
.exchange(anyString(), eq(HttpMethod.DELETE), any(HttpEntity.class), eq(Void.class));
@@ -424,6 +446,8 @@ public class AccessServiceUnitTest extends AbstractUnitTest {
public void delete_dataService500_fails() {
/* mock */
+ when(databaseRepository.save(any(Database.class)))
+ .thenReturn(DATABASE_1);
doThrow(HttpServerErrorException.InternalServerError.class)
.when(dataServiceRestTemplate)
.exchange(anyString(), eq(HttpMethod.DELETE), any(HttpEntity.class), eq(Void.class));
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/DataServiceGatewayImpl.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/DataServiceGatewayImpl.java
index e483c6346a77eeb697a0224166140fee8ff0cdcf..886911d9f4a770fe8c620d7cc882cd7b4da05c55 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/DataServiceGatewayImpl.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/DataServiceGatewayImpl.java
@@ -55,7 +55,7 @@ public class DataServiceGatewayImpl implements DataServiceGateway {
log.error("Failed to create access: {}", e.getMessage());
throw new DataServiceException("Failed to create access: " + e.getMessage(), e);
}
- if (!response.getStatusCode().equals(HttpStatus.ACCEPTED)) {
+ if (!response.getStatusCode().equals(HttpStatus.CREATED)) {
log.error("Failed to create access: wrong http code: {}", response.getStatusCode());
throw new DataServiceException("Failed to create access: wrong http code: " + response.getStatusCode());
}