WIP

f8c62f10 · Martin Weise · b6a905dc · f8c62f10 · f8c62f10 · f8c62f10
Unverified Commit f8c62f10 authored Apr 25, 2023 by Martin Weise
--- a/dbrepo-table-service/rest-service/src/main/java/at/tuwien/endpoints/TableEndpoint.java
+++ b/dbrepo-table-service/rest-service/src/main/java/at/tuwien/endpoints/TableEndpoint.java
@@ -2,6 +2,7 @@ package at.tuwien.endpoints;

 import at.tuwien.api.database.table.*;
 import at.tuwien.api.error.ApiErrorDto;
+import at.tuwien.entities.database.Database;
 import at.tuwien.entities.database.table.Table;
 import at.tuwien.entities.user.User;
 import at.tuwien.exception.*;
@@ -139,7 +140,7 @@ public class TableEndpoint {
            NotAllowedException {
        log.debug("endpoint create table, containerId={}, databaseId={}, createDto={}, principal={}", containerId,
                databaseId, createDto, principal);
-        endpointValidator.validateOnlyAccess(databaseId, principal, true);
+        endpointValidator.validateOnlyAccess(containerId, databaseId, principal, true);
        final Table table = tableService.createTable(containerId, databaseId, createDto, principal);
        amqpService.create(table);
        final TableBriefDto dto = tableMapper.tableToTableBriefDto(table);
@@ -183,10 +184,7 @@ public class TableEndpoint {
        log.debug("endpoint find table, containerId={}, databaseId={}, tableId={}, principal={}", containerId,
                databaseId, tableId, principal);
        endpointValidator.validateOnlyPrivateAccess(containerId, databaseId, principal);
-        if (principal != null && User.hasRole(principal, "find-table")) {
-            log.error("Failed to find table: role is missing");
-            throw new NotAllowedException("Failed to find table: role is missing");
-        }
+        endpointValidator.validateOnlyPrivateHasRole(containerId, databaseId, principal, "find-table");
        final Table table = tableService.findById(containerId, databaseId, tableId);
        final TableDto dto = tableMapper.tableToTableDto(table);
        log.trace("find table resulted in table {}", dto);
@@ -240,10 +238,9 @@ public class TableEndpoint {
                                       @NotNull @PathVariable("tableId") Long tableId,
                                       @NotNull Principal principal)
            throws TableNotFoundException, DatabaseNotFoundException, ImageNotSupportedException,
-            DataProcessingException, ContainerNotFoundException, TableMalformedException, QueryMalformedException, NotAllowedException {
+            DataProcessingException, ContainerNotFoundException, TableMalformedException, QueryMalformedException {
        log.debug("endpoint delete table, containerId={}, databaseId={}, tableId={}, principal={}", containerId,
                databaseId, tableId, principal);
-        endpointValidator.validateOnlyOwner(containerId, databaseId, principal);
        tableService.deleteTable(containerId, databaseId, tableId);
        return ResponseEntity.accepted()
                .build();

--- a/dbrepo-table-service/rest-service/src/main/java/at/tuwien/validation/EndpointValidator.java
+++ b/dbrepo-table-service/rest-service/src/main/java/at/tuwien/validation/EndpointValidator.java
@@ -27,8 +27,8 @@ public class EndpointValidator {
        this.databaseService = databaseService;
    }

-    public void validateOnlyAccess(Long databaseId, Principal principal) throws NotAllowedException {
-        validateOnlyAccess(databaseId, principal, false);
+    public void validateOnlyAccess(Long containerId, Long databaseId, Principal principal) throws NotAllowedException, DatabaseNotFoundException {
+        validateOnlyAccess(containerId, databaseId, principal, false);
    }

    public void validateOnlyPrivateAccess(Long containerId, Long databaseId, Principal principal, boolean writeAccessOnly) throws NotAllowedException, DatabaseNotFoundException {
@@ -37,15 +37,15 @@ public class EndpointValidator {
            log.trace("database with id {} is public: no access needed", databaseId);
            return;
        }
-        validateOnlyAccess(databaseId, principal, writeAccessOnly);
+        validateOnlyAccess(containerId, databaseId, principal, writeAccessOnly);
    }

    public void validateOnlyPrivateAccess(Long containerId, Long databaseId, Principal principal) throws NotAllowedException, DatabaseNotFoundException {
        validateOnlyPrivateAccess(containerId, databaseId, principal, false);
    }

-    public void validateOnlyAccess(Long databaseId, Principal principal, boolean writeAccessOnly) throws NotAllowedException {
-        log.trace("database with id {} is private", databaseId);
+    public void validateOnlyAccess(Long containerId, Long databaseId, Principal principal, boolean writeAccessOnly) throws NotAllowedException, DatabaseNotFoundException {
+        final Database database = databaseService.find(containerId, databaseId);
        if (principal == null) {
            log.error("Access not allowed: database with id {} is not public and no authorization provided", databaseId);
            throw new NotAllowedException("Access not allowed: database with id " + databaseId + " is not public and no authorization provided");

--- a/dbrepo-table-service/rest-service/src/test/java/at/tuwien/endpoint/TableEndpointUnitTest.java
+++ b/dbrepo-table-service/rest-service/src/test/java/at/tuwien/endpoint/TableEndpointUnitTest.java
@@ -9,12 +9,14 @@ import at.tuwien.config.ReadyConfig;
 import at.tuwien.endpoints.TableEndpoint;
 import at.tuwien.entities.database.Database;
 import at.tuwien.entities.database.DatabaseAccess;
+import at.tuwien.entities.database.table.Table;
 import at.tuwien.exception.*;
 import at.tuwien.repository.elastic.TableColumnIdxRepository;
 import at.tuwien.repository.elastic.TableIdxRepository;
 import at.tuwien.repository.jpa.*;
 import at.tuwien.service.AccessService;
 import at.tuwien.service.DatabaseService;
+import at.tuwien.service.TableService;
 import com.rabbitmq.client.Channel;
 import lombok.extern.log4j.Log4j2;
 import org.junit.jupiter.api.BeforeEach;
@@ -27,6 +29,7 @@ import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
@@ -36,8 +39,7 @@ import java.util.List;

 import static org.junit.jupiter.api.Assertions.*;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.doThrow;
-import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.*;

 @Log4j2
 @EnableAutoConfiguration(exclude = RabbitAutoConfiguration.class)
@@ -64,10 +66,10 @@ public class TableEndpointUnitTest extends BaseUnitTest {
    private DatabaseService databaseService;

    @MockBean
-    private TableRepository tableRepository;
+    private AccessService accessService;

    @MockBean
-    private AccessService accessService;
+    private TableService tableService;

    @Autowired
    private TableEndpoint tableEndpoint;
@@ -166,6 +168,102 @@ public class TableEndpointUnitTest extends BaseUnitTest {
        });
    }

+    @Test
+    @WithAnonymousUser
+    public void findById_publicAnonymous_succeeds() throws UserNotFoundException, TableNotFoundException, NotAllowedException, TableMalformedException, QueryMalformedException, DatabaseNotFoundException, ImageNotSupportedException, AmqpException, TableNameExistsException, ContainerNotFoundException {
+
+        /* test */
+        generic_findById(CONTAINER_3_ID, DATABASE_3_ID, TABLE_8_ID, DATABASE_3, TABLE_8, null, null, null);
+    }
+
+    @Test
+    @WithMockUser(username = USER_1_USERNAME, authorities = "find-table")
+    public void findById_publicHasRoleTableNotFound_fails() {
+
+        /* test */
+        assertThrows(TableNotFoundException.class, () -> {
+            generic_findById(CONTAINER_3_ID, DATABASE_3_ID, TABLE_8_ID, DATABASE_3, null, USER_1_USERNAME, USER_1_PRINCIPAL, DATABASE_1_RESEARCHER_READ_ACCESS);
+        });
+    }
+
+    @Test
+    @WithMockUser(username = USER_1_USERNAME, authorities = "find-table")
+    public void findById_publicHasRoleDatabaseNotFound_fails() {
+
+        /* test */
+        assertThrows(DatabaseNotFoundException.class, () -> {
+            generic_findById(CONTAINER_3_ID, DATABASE_3_ID, TABLE_8_ID, null, TABLE_8, USER_1_USERNAME, USER_1_PRINCIPAL, DATABASE_1_RESEARCHER_READ_ACCESS);
+        });
+    }
+
+    @Test
+    @WithMockUser(username = USER_1_USERNAME, authorities = "find-table")
+    public void findById_publicHasRole_succeeds() throws DatabaseNotFoundException, NotAllowedException, UserNotFoundException, TableNotFoundException, TableMalformedException, QueryMalformedException, ImageNotSupportedException, AmqpException, TableNameExistsException, ContainerNotFoundException {
+
+        /* test */
+        final ResponseEntity<TableDto> response = generic_findById(CONTAINER_3_ID, DATABASE_3_ID, TABLE_8_ID, DATABASE_3, TABLE_8, USER_1_USERNAME, USER_1_PRINCIPAL, DATABASE_1_RESEARCHER_READ_ACCESS);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        final TableDto body = response.getBody();
+        assertNotNull(body);
+    }
+
+    @Test
+    @WithMockUser(username = USER_4_USERNAME)
+    public void findById_publicNoRole_succeeds() throws UserNotFoundException, TableNotFoundException, NotAllowedException, TableMalformedException, QueryMalformedException, DatabaseNotFoundException, ImageNotSupportedException, AmqpException, TableNameExistsException, ContainerNotFoundException {
+
+        /* test */
+        generic_findById(CONTAINER_3_ID, DATABASE_3_ID, TABLE_8_ID, DATABASE_3, TABLE_8, USER_1_USERNAME, USER_1_PRINCIPAL, null);
+    }
+
+    @Test
+    @WithAnonymousUser
+    public void delete_publicAnonymous_fails() {
+
+        /* test */
+        assertThrows(AccessDeniedException.class, () -> {
+            generic_delete(CONTAINER_3_ID, DATABASE_3_ID, TABLE_8_ID, DATABASE_3, TABLE_3, null);
+        });
+    }
+
+    @Test
+    @WithMockUser(username = USER_1_USERNAME, authorities = "delete-table")
+    public void delete_publicHasRoleTableNotFound_fails() {
+
+        /* test */
+        assertThrows(TableNotFoundException.class, () -> {
+            generic_delete(CONTAINER_3_ID, DATABASE_3_ID, TABLE_8_ID, DATABASE_3, null, USER_1_PRINCIPAL);
+        });
+    }
+
+    @Test
+    @WithMockUser(username = USER_1_USERNAME, authorities = "delete-table")
+    public void delete_publiceHasRoleDatabaseNotFound_fails() {
+
+        /* test */
+        assertThrows(DatabaseNotFoundException.class, () -> {
+            generic_delete(CONTAINER_3_ID, DATABASE_3_ID, TABLE_8_ID, null, TABLE_8, USER_1_PRINCIPAL);
+        });
+    }
+
+    @Test
+    @WithMockUser(username = USER_1_USERNAME, authorities = "delete-table")
+    public void delete_publicHasRole_succeeds() throws DatabaseNotFoundException, NotAllowedException, TableNotFoundException, TableMalformedException, QueryMalformedException, ImageNotSupportedException, ContainerNotFoundException, DataProcessingException {
+
+        /* test */
+        final ResponseEntity<?> response = generic_delete(CONTAINER_3_ID, DATABASE_3_ID, TABLE_8_ID, DATABASE_3, TABLE_8, USER_1_PRINCIPAL);
+        assertEquals(HttpStatus.ACCEPTED, response.getStatusCode());
+    }
+
+    @Test
+    @WithMockUser(username = USER_4_USERNAME)
+    public void delete_publicNoRole_fails() {
+
+        /* test */
+        assertThrows(NotAllowedException.class, () -> {
+            generic_findById(CONTAINER_3_ID, DATABASE_3_ID, TABLE_8_ID, DATABASE_3, TABLE_8, USER_4_USERNAME, USER_4_PRINCIPAL, null);
+        });
+    }
+
    /* ################################################################################################### */
    /* ## PRIVATE DATABASES                                                                             ## */
    /* ################################################################################################### */
@@ -262,6 +360,106 @@ public class TableEndpointUnitTest extends BaseUnitTest {
        });
    }

+    @Test
+    @WithAnonymousUser
+    public void findById_privateAnonymous_fails() {
+
+        /* test */
+        assertThrows(NotAllowedException.class, () -> {
+            generic_findById(CONTAINER_1_ID, DATABASE_1_ID, TABLE_1_ID, DATABASE_1, TABLE_1, null, null, null);
+        });
+    }
+
+    @Test
+    @WithMockUser(username = USER_1_USERNAME, authorities = "find-table")
+    public void findById_privateHasRoleTableNotFound_fails() {
+
+        /* test */
+        assertThrows(TableNotFoundException.class, () -> {
+            generic_findById(CONTAINER_1_ID, DATABASE_1_ID, TABLE_1_ID, DATABASE_1, null, USER_1_USERNAME, USER_1_PRINCIPAL, DATABASE_1_RESEARCHER_READ_ACCESS);
+        });
+    }
+
+    @Test
+    @WithMockUser(username = USER_1_USERNAME, authorities = "find-table")
+    public void findById_privateHasRoleDatabaseNotFound_fails() {
+
+        /* test */
+        assertThrows(DatabaseNotFoundException.class, () -> {
+            generic_findById(CONTAINER_1_ID, DATABASE_1_ID, TABLE_1_ID, null, TABLE_1, USER_1_USERNAME, USER_1_PRINCIPAL, DATABASE_1_RESEARCHER_READ_ACCESS);
+        });
+    }
+
+    @Test
+    @WithMockUser(username = USER_1_USERNAME, authorities = "find-table")
+    public void findById_privateHasRole_succeeds() throws DatabaseNotFoundException, NotAllowedException, UserNotFoundException, TableNotFoundException, TableMalformedException, QueryMalformedException, ImageNotSupportedException, AmqpException, TableNameExistsException, ContainerNotFoundException {
+
+        /* test */
+        final ResponseEntity<TableDto> response = generic_findById(CONTAINER_1_ID, DATABASE_1_ID, TABLE_1_ID, DATABASE_1, TABLE_1, USER_1_USERNAME, USER_1_PRINCIPAL, DATABASE_1_RESEARCHER_READ_ACCESS);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        final TableDto body = response.getBody();
+        assertNotNull(body);
+    }
+
+    @Test
+    @WithMockUser(username = USER_4_USERNAME)
+    public void findById_privateNoRole_fails() {
+
+        /* test */
+        assertThrows(NotAllowedException.class, () -> {
+            generic_findById(CONTAINER_1_ID, DATABASE_1_ID, TABLE_1_ID, DATABASE_1, TABLE_1, USER_4_USERNAME, USER_4_PRINCIPAL, null);
+        });
+    }
+
+    @Test
+    @WithAnonymousUser
+    public void delete_privateAnonymous_fails() {
+
+        /* test */
+        assertThrows(AccessDeniedException.class, () -> {
+            generic_delete(CONTAINER_1_ID, DATABASE_1_ID, TABLE_1_ID, DATABASE_1, TABLE_1, null);
+        });
+    }
+
+    @Test
+    @WithMockUser(username = USER_1_USERNAME, authorities = "delete-table")
+    public void delete_privateHasRoleTableNotFound_fails() {
+
+        /* test */
+        assertThrows(TableNotFoundException.class, () -> {
+            generic_delete(CONTAINER_1_ID, DATABASE_1_ID, TABLE_1_ID, DATABASE_1, null, USER_1_PRINCIPAL);
+        });
+    }
+
+    @Test
+    @WithMockUser(username = USER_1_USERNAME, authorities = "delete-table")
+    public void delete_privateHasRoleDatabaseNotFound_fails() {
+
+        /* test */
+        assertThrows(DatabaseNotFoundException.class, () -> {
+            generic_delete(CONTAINER_1_ID, DATABASE_1_ID, TABLE_1_ID, null, TABLE_1, USER_1_PRINCIPAL);
+        });
+    }
+
+    @Test
+    @WithMockUser(username = USER_1_USERNAME, authorities = "delete-table")
+    public void delete_privateHasRole_succeeds() throws DatabaseNotFoundException, NotAllowedException, TableNotFoundException, TableMalformedException, QueryMalformedException, ImageNotSupportedException, ContainerNotFoundException, DataProcessingException {
+
+        /* test */
+        final ResponseEntity<?> response = generic_delete(CONTAINER_1_ID, DATABASE_1_ID, TABLE_1_ID, DATABASE_1, TABLE_1, USER_1_PRINCIPAL);
+        assertEquals(HttpStatus.ACCEPTED, response.getStatusCode());
+    }
+
+    @Test
+    @WithMockUser(username = USER_4_USERNAME)
+    public void delete_privateNoRole_fails() {
+
+        /* test */
+        assertThrows(NotAllowedException.class, () -> {
+            generic_findById(CONTAINER_1_ID, DATABASE_1_ID, TABLE_1_ID, DATABASE_1, TABLE_1, USER_4_USERNAME, USER_4_PRINCIPAL, null);
+        });
+    }
+
    /* ################################################################################################### */
    /* ## GENERIC TEST CASES                                                                            ## */
    /* ################################################################################################### */
@@ -272,15 +470,16 @@ public class TableEndpointUnitTest extends BaseUnitTest {
        if (database != null) {
            when(databaseService.find(containerId, databaseId))
                    .thenReturn(database);
-            log.trace("mock {} tables", database.getTables().size());
-            when(tableRepository.findByDatabaseOrderByCreatedDesc(any(Database.class)))
+            when(tableService.findAll(containerId, databaseId))
                    .thenReturn(database.getTables());
+            log.trace("mock {} table(s)", database.getTables().size());
        } else {
            doThrow(DatabaseNotFoundException.class)
                    .when(databaseService)
                    .find(containerId, databaseId);
-            when(tableRepository.findByDatabaseOrderByCreatedDesc(any(Database.class)))
+            when(tableService.findAll(containerId, databaseId))
                    .thenReturn(List.of());
+            log.trace("mock 0 tables");
        }
        if (access != null) {
            when(accessService.find(databaseId, username))
@@ -302,13 +501,13 @@ public class TableEndpointUnitTest extends BaseUnitTest {
            when(databaseService.find(containerId, databaseId))
                    .thenReturn(database);
            log.trace("mock {} tables", database.getTables().size());
-            when(tableRepository.findByDatabaseOrderByCreatedDesc(any(Database.class)))
+            when(tableService.findAll(containerId, databaseId))
                    .thenReturn(database.getTables());
        } else {
            doThrow(DatabaseNotFoundException.class)
                    .when(databaseService)
                    .find(containerId, databaseId);
-            when(tableRepository.findByDatabaseOrderByCreatedDesc(any(Database.class)))
+            when(tableService.findAll(containerId, databaseId))
                    .thenReturn(List.of());
        }
        if (access != null) {
@@ -323,4 +522,62 @@ public class TableEndpointUnitTest extends BaseUnitTest {
        /* test */
        return tableEndpoint.create(containerId, databaseId, data, principal);
    }
+
+    protected ResponseEntity<TableDto> generic_findById(Long containerId, Long databaseId, Long tableId, Database database, Table table, String username, Principal principal, DatabaseAccess access) throws DatabaseNotFoundException, NotAllowedException, UserNotFoundException, TableMalformedException, QueryMalformedException, ImageNotSupportedException, AmqpException, TableNameExistsException, ContainerNotFoundException, TableNotFoundException {
+
+        /* when */
+        if (table != null) {
+            when(tableService.findById(containerId, databaseId, tableId))
+                    .thenReturn(table);
+            when(databaseService.find(containerId, databaseId))
+                    .thenReturn(database);
+        } else {
+            doThrow(TableNotFoundException.class)
+                    .when(tableService)
+                    .findById(containerId, databaseId, tableId);
+            when(tableService.findAll(containerId, databaseId))
+                    .thenReturn(List.of());
+        }
+        if (database != null) {
+            when(databaseService.find(containerId, databaseId))
+                    .thenReturn(database);
+        } else {
+            doThrow(DatabaseNotFoundException.class)
+                    .when(databaseService)
+                    .find(containerId, databaseId);
+        }
+        if (access != null) {
+            when(accessService.find(databaseId, username))
+                    .thenReturn(access);
+        } else {
+            doThrow(NotAllowedException.class)
+                    .when(accessService)
+                    .find(databaseId, username);
+        }
+
+        /* test */
+        return tableEndpoint.findById(containerId, databaseId, tableId, principal);
+    }
+
+    protected ResponseEntity<?> generic_delete(Long containerId, Long databaseId, Long tableId, Database database, Table table, Principal principal) throws DatabaseNotFoundException, NotAllowedException, ContainerNotFoundException, TableNotFoundException, TableMalformedException, QueryMalformedException, ImageNotSupportedException, DataProcessingException {
+
+        /* when */
+        if (table != null) {
+            doNothing()
+                    .when(tableService)
+                    .deleteTable(containerId, databaseId, tableId);
+        } else {
+            doThrow(TableNotFoundException.class)
+                    .when(tableService)
+                    .deleteTable(containerId, databaseId, tableId);
+        }
+        if (database == null) {
+            doThrow(DatabaseNotFoundException.class)
+                    .when(tableService)
+                    .deleteTable(containerId, databaseId, tableId);
+        }
+
+        /* test */
+        return tableEndpoint.delete(containerId, databaseId, tableId, principal);
+    }
 }
--- a/dbrepo-table-service/services/src/main/java/at/tuwien/service/impl/TableServiceImpl.java
+++ b/dbrepo-table-service/services/src/main/java/at/tuwien/service/impl/TableServiceImpl.java
@@ -73,7 +73,9 @@ public class TableServiceImpl extends HibernateConnector implements TableService
    @Transactional(readOnly = true)
    public List<Table> findAll(Long containerId, Long databaseId) throws DatabaseNotFoundException {
        final Database database = databaseService.find(containerId, databaseId);
-        return tableRepository.findByDatabaseOrderByCreatedDesc(database);
+        final List<Table> tables = tableRepository.findByDatabaseOrderByCreatedDesc(database);
+        log.trace("found {} table(s) in database with id {}", tables.size(), databaseId);
+        return tables;
    }

    @Override