mirror of
https://github.com/pcvolkmer/etl-processor.git
synced 2025-04-20 17:56:50 +00:00
feat: allow access to MTBFile endpoint for non-token users
This commit is contained in:
parent
8fc0609aa4
commit
fb5a3c062c
@ -22,9 +22,11 @@ package dev.dnpm.etl.processor.input
|
|||||||
import com.fasterxml.jackson.databind.ObjectMapper
|
import com.fasterxml.jackson.databind.ObjectMapper
|
||||||
import de.ukw.ccc.bwhc.dto.*
|
import de.ukw.ccc.bwhc.dto.*
|
||||||
import dev.dnpm.etl.processor.config.AppSecurityConfiguration
|
import dev.dnpm.etl.processor.config.AppSecurityConfiguration
|
||||||
import dev.dnpm.etl.processor.services.RequestProcessor
|
|
||||||
import dev.dnpm.etl.processor.security.TokenRepository
|
import dev.dnpm.etl.processor.security.TokenRepository
|
||||||
|
import dev.dnpm.etl.processor.security.UserRoleRepository
|
||||||
|
import dev.dnpm.etl.processor.services.RequestProcessor
|
||||||
import org.junit.jupiter.api.BeforeEach
|
import org.junit.jupiter.api.BeforeEach
|
||||||
|
import org.junit.jupiter.api.Nested
|
||||||
import org.junit.jupiter.api.Test
|
import org.junit.jupiter.api.Test
|
||||||
import org.junit.jupiter.api.extension.ExtendWith
|
import org.junit.jupiter.api.extension.ExtendWith
|
||||||
import org.mockito.ArgumentMatchers.anyString
|
import org.mockito.ArgumentMatchers.anyString
|
||||||
@ -37,6 +39,7 @@ import org.springframework.beans.factory.annotation.Autowired
|
|||||||
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest
|
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest
|
||||||
import org.springframework.boot.test.mock.mockito.MockBean
|
import org.springframework.boot.test.mock.mockito.MockBean
|
||||||
import org.springframework.http.MediaType
|
import org.springframework.http.MediaType
|
||||||
|
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
|
||||||
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.anonymous
|
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.anonymous
|
||||||
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user
|
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user
|
||||||
import org.springframework.test.context.ContextConfiguration
|
import org.springframework.test.context.ContextConfiguration
|
||||||
@ -91,6 +94,19 @@ class MtbFileRestControllerTest {
|
|||||||
verify(requestProcessor, times(1)).processMtbFile(any())
|
verify(requestProcessor, times(1)).processMtbFile(any())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
fun testShouldGrantPermissionToSendMtbFileToAdminUser() {
|
||||||
|
mockMvc.post("/mtbfile") {
|
||||||
|
with(user("onkostarserver").roles("ADMIN"))
|
||||||
|
contentType = MediaType.APPLICATION_JSON
|
||||||
|
content = ObjectMapper().writeValueAsString(mtbFile)
|
||||||
|
}.andExpect {
|
||||||
|
status { isAccepted() }
|
||||||
|
}
|
||||||
|
|
||||||
|
verify(requestProcessor, times(1)).processMtbFile(any())
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
fun testShouldDenyPermissionToSendMtbFile() {
|
fun testShouldDenyPermissionToSendMtbFile() {
|
||||||
mockMvc.post("/mtbfile") {
|
mockMvc.post("/mtbfile") {
|
||||||
@ -104,6 +120,19 @@ class MtbFileRestControllerTest {
|
|||||||
verify(requestProcessor, never()).processMtbFile(any())
|
verify(requestProcessor, never()).processMtbFile(any())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
fun testShouldDenyPermissionToSendMtbFileForUser() {
|
||||||
|
mockMvc.post("/mtbfile") {
|
||||||
|
with(user("fakeuser").roles("USER"))
|
||||||
|
contentType = MediaType.APPLICATION_JSON
|
||||||
|
content = ObjectMapper().writeValueAsString(mtbFile)
|
||||||
|
}.andExpect {
|
||||||
|
status { isForbidden() }
|
||||||
|
}
|
||||||
|
|
||||||
|
verify(requestProcessor, never()).processMtbFile(any())
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
fun testShouldGrantPermissionToDeletePatientData() {
|
fun testShouldGrantPermissionToDeletePatientData() {
|
||||||
mockMvc.delete("/mtbfile/12345678") {
|
mockMvc.delete("/mtbfile/12345678") {
|
||||||
@ -126,6 +155,45 @@ class MtbFileRestControllerTest {
|
|||||||
verify(requestProcessor, never()).processDeletion(anyString())
|
verify(requestProcessor, never()).processDeletion(anyString())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Nested
|
||||||
|
@MockBean(UserRoleRepository::class, ClientRegistrationRepository::class)
|
||||||
|
@TestPropertySource(
|
||||||
|
properties = [
|
||||||
|
"app.pseudonymize.generator=BUILDIN",
|
||||||
|
"app.security.admin-user=admin",
|
||||||
|
"app.security.admin-password={noop}very-secret",
|
||||||
|
"app.security.enable-tokens=true",
|
||||||
|
"app.security.enable-oidc=true"
|
||||||
|
]
|
||||||
|
)
|
||||||
|
inner class WithOidcEnabled {
|
||||||
|
@Test
|
||||||
|
fun testShouldGrantPermissionToSendMtbFileToAdminUser() {
|
||||||
|
mockMvc.post("/mtbfile") {
|
||||||
|
with(user("onkostarserver").roles("ADMIN"))
|
||||||
|
contentType = MediaType.APPLICATION_JSON
|
||||||
|
content = ObjectMapper().writeValueAsString(mtbFile)
|
||||||
|
}.andExpect {
|
||||||
|
status { isAccepted() }
|
||||||
|
}
|
||||||
|
|
||||||
|
verify(requestProcessor, times(1)).processMtbFile(any())
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
fun testShouldGrantPermissionToSendMtbFileToUser() {
|
||||||
|
mockMvc.post("/mtbfile") {
|
||||||
|
with(user("onkostarserver").roles("USER"))
|
||||||
|
contentType = MediaType.APPLICATION_JSON
|
||||||
|
content = ObjectMapper().writeValueAsString(mtbFile)
|
||||||
|
}.andExpect {
|
||||||
|
status { isAccepted() }
|
||||||
|
}
|
||||||
|
|
||||||
|
verify(requestProcessor, times(1)).processMtbFile(any())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
companion object {
|
companion object {
|
||||||
|
|
||||||
val mtbFile: MtbFile = MtbFile.builder()
|
val mtbFile: MtbFile = MtbFile.builder()
|
||||||
|
|||||||
@ -89,7 +89,7 @@ class AppSecurityConfiguration(
|
|||||||
http {
|
http {
|
||||||
authorizeRequests {
|
authorizeRequests {
|
||||||
authorize("/configs/**", hasRole("ADMIN"))
|
authorize("/configs/**", hasRole("ADMIN"))
|
||||||
authorize("/mtbfile/**", hasAnyRole("MTBFILE"))
|
authorize("/mtbfile/**", hasAnyRole("MTBFILE", "ADMIN", "USER"))
|
||||||
authorize("/report/**", hasAnyRole("ADMIN", "USER"))
|
authorize("/report/**", hasAnyRole("ADMIN", "USER"))
|
||||||
authorize("*.css", permitAll)
|
authorize("*.css", permitAll)
|
||||||
authorize("*.ico", permitAll)
|
authorize("*.ico", permitAll)
|
||||||
@ -147,7 +147,7 @@ class AppSecurityConfiguration(
|
|||||||
http {
|
http {
|
||||||
authorizeRequests {
|
authorizeRequests {
|
||||||
authorize("/configs/**", hasRole("ADMIN"))
|
authorize("/configs/**", hasRole("ADMIN"))
|
||||||
authorize("/mtbfile/**", hasAnyRole("MTBFILE"))
|
authorize("/mtbfile/**", hasAnyRole("MTBFILE", "ADMIN"))
|
||||||
authorize("/report/**", hasRole("ADMIN"))
|
authorize("/report/**", hasRole("ADMIN"))
|
||||||
authorize(anyRequest, permitAll)
|
authorize(anyRequest, permitAll)
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user