Add functionality for all pmg features
This commit is contained in:
@ -1,14 +1,10 @@
|
||||
package de.mummeit.pmg.api;
|
||||
|
||||
import de.mummeit.pmg.api.model.access.request.CheckAccessRequest;
|
||||
import de.mummeit.pmg.api.model.access.request.Permit;
|
||||
import de.mummeit.pmg.api.model.access.request.PermitRequest;
|
||||
import de.mummeit.pmg.api.model.access.request.RevokeScopeAccessRequest;
|
||||
import de.mummeit.pmg.api.model.access.request.RevokeUserAccessRequest;
|
||||
import de.mummeit.pmg.api.model.access.request.SearchPermitRequest;
|
||||
import de.mummeit.pmg.api.model.access.request.*;
|
||||
import de.mummeit.pmg.api.model.access.response.PermittedResponse;
|
||||
import de.mummeit.pmg.api.model.integration.DomainIntegration;
|
||||
import de.mummeit.pmg.api.model.access.response.ListPermittedScopesResponse;
|
||||
import de.mummeit.pmg.api.model.integration.Integration;
|
||||
import de.mummeit.pmg.api.model.integration.DomainIntegration;
|
||||
import de.mummeit.pmg.api.model.integration.PermissionIntegration;
|
||||
import de.mummeit.pmg.api.model.integration.RoleIntegration;
|
||||
import de.mummeit.pmg.api.model.integration.RolePermissionRelationIntegration;
|
||||
@ -16,6 +12,7 @@ import de.mummeit.pmg.api.model.structure.Domain;
|
||||
import de.mummeit.pmg.api.model.structure.Permission;
|
||||
import de.mummeit.pmg.api.model.structure.Role;
|
||||
import de.mummeit.utility.BaseIntegrationTest;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@ -35,6 +32,15 @@ class PermissionManagerClientIntegrationTest extends BaseIntegrationTest {
|
||||
private static final String TEST_USER = "test-user";
|
||||
private static final String TEST_SCOPE = "test-scope";
|
||||
|
||||
@AfterEach
|
||||
void cleanup() {
|
||||
try {
|
||||
permissionManagerClient.deleteDomain(TEST_DOMAIN);
|
||||
} catch (Exception e) {
|
||||
// Ignore errors during cleanup
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("should return health status")
|
||||
void getHealthStatus() {
|
||||
@ -251,4 +257,62 @@ class PermissionManagerClientIntegrationTest extends BaseIntegrationTest {
|
||||
// Clean up
|
||||
permissionManagerClient.deleteDomain(TEST_DOMAIN);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("should list permitted scopes successfully")
|
||||
void listPermittedScopes() {
|
||||
// Setup: Create domain, permission, and role
|
||||
Domain domain = new Domain();
|
||||
domain.setName(TEST_DOMAIN);
|
||||
permissionManagerClient.createDomain(domain);
|
||||
|
||||
Permission permission = new Permission();
|
||||
permission.setName(TEST_PERMISSION);
|
||||
permissionManagerClient.createPermission(TEST_DOMAIN, permission);
|
||||
|
||||
Role role = new Role();
|
||||
role.setName(TEST_ROLE);
|
||||
role.setPermissions(List.of());
|
||||
permissionManagerClient.createRole(TEST_DOMAIN, role);
|
||||
|
||||
// Grant access in multiple scopes
|
||||
PermitRequest permitRequest1 = new PermitRequest();
|
||||
Permit permit1 = new Permit();
|
||||
permit1.setDomain(TEST_DOMAIN);
|
||||
permit1.setRoles(List.of(TEST_ROLE));
|
||||
permit1.setPermissions(List.of(TEST_PERMISSION));
|
||||
permitRequest1.setPermits(List.of(permit1));
|
||||
permitRequest1.setUserId(TEST_USER);
|
||||
permitRequest1.setScope(TEST_SCOPE);
|
||||
permissionManagerClient.permitAccess(permitRequest1);
|
||||
|
||||
String secondScope = TEST_SCOPE + "-2";
|
||||
PermitRequest permitRequest2 = new PermitRequest();
|
||||
Permit permit2 = new Permit();
|
||||
permit2.setDomain(TEST_DOMAIN);
|
||||
permit2.setRoles(List.of(TEST_ROLE));
|
||||
permit2.setPermissions(List.of(TEST_PERMISSION));
|
||||
permitRequest2.setPermits(List.of(permit2));
|
||||
permitRequest2.setUserId(TEST_USER);
|
||||
permitRequest2.setScope(secondScope);
|
||||
permissionManagerClient.permitAccess(permitRequest2);
|
||||
|
||||
// Test listing permitted scopes
|
||||
ListPermittedScopesRequest request = new ListPermittedScopesRequest();
|
||||
request.setUserId(TEST_USER);
|
||||
request.setDomain(TEST_DOMAIN);
|
||||
request.setPermission(TEST_PERMISSION);
|
||||
|
||||
ListPermittedScopesResponse response = permissionManagerClient.listPermittedScopes(request);
|
||||
assertNotNull(response);
|
||||
assertNotNull(response.getScopes());
|
||||
assertEquals(2, response.getScopes().size());
|
||||
assertTrue(response.getScopes().contains(TEST_SCOPE));
|
||||
assertTrue(response.getScopes().contains(secondScope));
|
||||
|
||||
// Clean up
|
||||
permissionManagerClient.deleteRole(TEST_DOMAIN, TEST_ROLE);
|
||||
permissionManagerClient.deletePermission(TEST_DOMAIN, TEST_PERMISSION);
|
||||
permissionManagerClient.deleteDomain(TEST_DOMAIN);
|
||||
}
|
||||
}
|
||||
@ -6,7 +6,7 @@ import de.mummeit.pmg.api.config.TestSecurityConfig;
|
||||
import de.mummeit.pmg.api.model.access.request.CheckAccessRequest;
|
||||
import de.mummeit.pmg.api.model.access.response.PermittedResponse;
|
||||
import de.mummeit.pmg.api.service.SecurityService;
|
||||
import de.mummeit.pmg.service.exception.AccessDeniedException;
|
||||
import de.mummeit.pmg.exception.AccessDeniedException;
|
||||
import de.mummeit.utility.BaseIntegrationTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package de.mummeit.pmg.api.controller;
|
||||
|
||||
import de.mummeit.pmg.service.exception.AccessDeniedException;
|
||||
import de.mummeit.pmg.exception.AccessDeniedException;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.web.bind.annotation.ControllerAdvice;
|
||||
import org.springframework.web.bind.annotation.ExceptionHandler;
|
||||
|
||||
@ -3,11 +3,12 @@ package de.mummeit.pmg.service;
|
||||
import de.mummeit.pmg.api.PermissionManagerClient;
|
||||
import de.mummeit.pmg.api.model.access.request.*;
|
||||
import de.mummeit.pmg.api.model.access.response.PermittedResponse;
|
||||
import de.mummeit.pmg.api.model.access.response.ListPermittedScopesResponse;
|
||||
import de.mummeit.pmg.api.model.integration.Integration;
|
||||
import de.mummeit.pmg.api.model.structure.Permission;
|
||||
import de.mummeit.pmg.service.exception.AccessDeniedException;
|
||||
import de.mummeit.pmg.service.exception.IntegrationFailedException;
|
||||
import de.mummeit.pmg.service.exception.InvalidPermissionRequestException;
|
||||
import de.mummeit.pmg.exception.AccessDeniedException;
|
||||
import de.mummeit.pmg.exception.IntegrationFailedException;
|
||||
import de.mummeit.pmg.exception.InvalidPermissionRequestException;
|
||||
import feign.FeignException;
|
||||
import feign.Request;
|
||||
import feign.RequestTemplate;
|
||||
@ -25,6 +26,7 @@ import java.util.List;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.*;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.argThat;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
@ -60,12 +62,25 @@ class PermissionManagerTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("hasAccess should throw AccessDeniedException when client throws FeignException")
|
||||
void hasAccessShouldThrowAccessDeniedExceptionWhenClientThrowsFeignException() {
|
||||
@DisplayName("hasAccess should return false when access is denied")
|
||||
void hasAccessShouldReturnFalseWhenAccessIsDenied() {
|
||||
PermittedResponse response = new PermittedResponse();
|
||||
response.setPermitted(false);
|
||||
when(client.checkAccess(any(CheckAccessRequest.class))).thenReturn(response);
|
||||
|
||||
boolean hasAccess = permissionManager.hasAccess(TEST_USER, TEST_DOMAIN, TEST_PERMISSION, TEST_SCOPE);
|
||||
assertFalse(hasAccess);
|
||||
|
||||
verify(client).checkAccess(any(CheckAccessRequest.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("hasAccess should throw InvalidPermissionRequestException when client throws FeignException")
|
||||
void hasAccessShouldThrowInvalidPermissionRequestExceptionWhenClientThrowsFeignException() {
|
||||
FeignException feignException = new FeignException.NotFound("Not Found", createRequest(), null, null);
|
||||
when(client.checkAccess(any(CheckAccessRequest.class))).thenThrow(feignException);
|
||||
|
||||
assertThrows(AccessDeniedException.class, () ->
|
||||
assertThrows(InvalidPermissionRequestException.class, () ->
|
||||
permissionManager.hasAccess(TEST_USER, TEST_DOMAIN, TEST_PERMISSION, TEST_SCOPE)
|
||||
);
|
||||
}
|
||||
@ -254,6 +269,62 @@ class PermissionManagerTest {
|
||||
));
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("listPermittedScopes should return scopes from client")
|
||||
void listPermittedScopesShouldReturnScopesFromClient() {
|
||||
ListPermittedScopesResponse response = new ListPermittedScopesResponse();
|
||||
response.setScopes(Arrays.asList("scope1", "scope2"));
|
||||
when(client.listPermittedScopes(any(ListPermittedScopesRequest.class))).thenReturn(response);
|
||||
|
||||
List<String> scopes = permissionManager.listPermittedScopes(TEST_USER, TEST_DOMAIN, TEST_PERMISSION);
|
||||
|
||||
assertEquals(Arrays.asList("scope1", "scope2"), scopes);
|
||||
verify(client).listPermittedScopes(argThat(request ->
|
||||
TEST_USER.equals(request.getUserId()) &&
|
||||
TEST_DOMAIN.equals(request.getDomain()) &&
|
||||
TEST_PERMISSION.equals(request.getPermission())
|
||||
));
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("listPermittedScopes should throw InvalidPermissionRequestException when client throws FeignException")
|
||||
void listPermittedScopesShouldThrowInvalidPermissionRequestExceptionWhenClientThrowsFeignException() {
|
||||
FeignException feignException = new FeignException.InternalServerError("Internal Server Error", createRequest(), null, null);
|
||||
when(client.listPermittedScopes(any(ListPermittedScopesRequest.class))).thenThrow(feignException);
|
||||
|
||||
assertThrows(InvalidPermissionRequestException.class, () ->
|
||||
permissionManager.listPermittedScopes(TEST_USER, TEST_DOMAIN, TEST_PERMISSION)
|
||||
);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("listPermittedScopes should throw InvalidPermissionRequestException when parameters are invalid")
|
||||
void listPermittedScopesShouldThrowInvalidPermissionRequestExceptionWhenParametersAreInvalid() {
|
||||
assertThrows(InvalidPermissionRequestException.class, () ->
|
||||
permissionManager.listPermittedScopes(null, TEST_DOMAIN, TEST_PERMISSION)
|
||||
);
|
||||
|
||||
assertThrows(InvalidPermissionRequestException.class, () ->
|
||||
permissionManager.listPermittedScopes("", TEST_DOMAIN, TEST_PERMISSION)
|
||||
);
|
||||
|
||||
assertThrows(InvalidPermissionRequestException.class, () ->
|
||||
permissionManager.listPermittedScopes(TEST_USER, null, TEST_PERMISSION)
|
||||
);
|
||||
|
||||
assertThrows(InvalidPermissionRequestException.class, () ->
|
||||
permissionManager.listPermittedScopes(TEST_USER, "", TEST_PERMISSION)
|
||||
);
|
||||
|
||||
assertThrows(InvalidPermissionRequestException.class, () ->
|
||||
permissionManager.listPermittedScopes(TEST_USER, TEST_DOMAIN, null)
|
||||
);
|
||||
|
||||
assertThrows(InvalidPermissionRequestException.class, () ->
|
||||
permissionManager.listPermittedScopes(TEST_USER, TEST_DOMAIN, "")
|
||||
);
|
||||
}
|
||||
|
||||
private Request createRequest() {
|
||||
return Request.create(Request.HttpMethod.GET, "url", new HashMap<>(), null, new RequestTemplate());
|
||||
}
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
package de.mummeit.pmg.service.builder;
|
||||
|
||||
import de.mummeit.pmg.api.model.integration.*;
|
||||
import de.mummeit.pmg.builder.IntegrationBuilder;
|
||||
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
|
||||
@ -4,6 +4,7 @@ import com.fasterxml.jackson.core.type.TypeReference;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import de.mummeit.pmg.api.model.integration.DomainIntegration;
|
||||
import de.mummeit.pmg.api.model.integration.Integration;
|
||||
import de.mummeit.pmg.config.AbstractPermissionManagerConfiguration;
|
||||
import de.mummeit.pmg.service.PermissionManager;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
|
||||
@ -1,18 +1,19 @@
|
||||
package de.mummeit.utility;
|
||||
|
||||
import org.testcontainers.containers.GenericContainer;
|
||||
import org.springframework.test.context.DynamicPropertyRegistry;
|
||||
import org.springframework.test.context.DynamicPropertySource;
|
||||
import org.testcontainers.containers.Network;
|
||||
import org.testcontainers.containers.PostgreSQLContainer;
|
||||
|
||||
import org.testcontainers.containers.GenericContainer;
|
||||
|
||||
public abstract class TestContainer {
|
||||
private static final String DB_DATABASE = "test";
|
||||
private static final String DB_USER = "postgres";
|
||||
private static final String DB_PASSWORD = "super";
|
||||
private static final String TEST_API_KEY = "test-api-key-123";
|
||||
|
||||
public static Network network = Network.newNetwork();
|
||||
|
||||
|
||||
public static GenericContainer<?> postgresContainer = new PostgreSQLContainer("postgres:latest")
|
||||
.withDatabaseName(DB_DATABASE)
|
||||
.withUsername(DB_USER)
|
||||
@ -27,15 +28,21 @@ public abstract class TestContainer {
|
||||
.withEnv("DB_PASSWORD", DB_PASSWORD)
|
||||
.withEnv("DB_HOST", "testcontainer-db")
|
||||
.withEnv("DB_PORT", "5432")
|
||||
.withEnv("AUTH_ENABLED", "true")
|
||||
.withEnv("AUTH_APIKEY", TEST_API_KEY)
|
||||
.withNetwork(network)
|
||||
.withNetworkAliases("permission-manager");
|
||||
|
||||
|
||||
static {
|
||||
|
||||
postgresContainer.start();
|
||||
|
||||
permissionManagerContainer.start();
|
||||
System.setProperty("permission-manager.url", "http://localhost:" + permissionManagerContainer.getFirstMappedPort());
|
||||
}
|
||||
|
||||
@DynamicPropertySource
|
||||
static void registerProperties(DynamicPropertyRegistry registry) {
|
||||
registry.add("permission-manager.url",
|
||||
() -> String.format("http://localhost:%d", permissionManagerContainer.getFirstMappedPort()));
|
||||
registry.add("permission-manager.auth.enabled", () -> "true");
|
||||
registry.add("permission-manager.auth.api-key", () -> TEST_API_KEY);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user