feat: apply PR review comments

Author: Leopold-Cramer

dataset/src/main/kotlin/com/cosmotech/dataset/DatasetApiServiceInterface.kt

@@ -43,4 +43,12 @@ interface DatasetApiServiceInterface : DatasetApiService {
       identity: String,
       role: String
   ): DatasetAccessControl
+
+  /**
+   * Update the default security of the dataset passed in parameter
+   * @param organizationId an organization id
+   * @param dataset a dataset to update
+   * @param role new dataset role
+   */
+  fun updateDefaultSecurity(organizationId: String, dataset: Dataset, role: String)
 }

dataset/src/main/kotlin/com/cosmotech/dataset/service/DatasetServiceImpl.kt

@@ -1064,6 +1064,12 @@ class DatasetServiceImpl(
     return dataset.security as DatasetSecurity
   }
 
+  override fun updateDefaultSecurity(organizationId: String, dataset: Dataset, role: String) {
+    val rbacSecurity = csmRbac.setDefault(dataset.getRbac(), role)
+    dataset.setRbac(rbacSecurity)
+    datasetRepository.save(dataset)
+  }
+
   override fun addDatasetAccessControl(
       organizationId: String,
       datasetId: String,

runner/src/integrationTest/kotlin/com/cosmotech/runner/service/RunnerServiceIntegrationTest.kt

@@ -20,7 +20,7 @@ import com.cosmotech.api.utils.getCurrentAuthenticatedUserName
 import com.cosmotech.connector.api.ConnectorApiService
 import com.cosmotech.connector.domain.Connector
 import com.cosmotech.connector.domain.IoTypesEnum
-import com.cosmotech.dataset.api.DatasetApiService
+import com.cosmotech.dataset.DatasetApiServiceInterface
 import com.cosmotech.dataset.domain.*
 import com.cosmotech.dataset.repository.DatasetRepository
 import com.cosmotech.organization.api.OrganizationApiService
@@ -39,6 +39,7 @@ import com.cosmotech.workspace.domain.WorkspaceSolution
 import com.ninjasquad.springmockk.SpykBean
 import com.redis.om.spring.RediSearchIndexer
 import com.redis.testcontainers.RedisStackContainer
+import io.mockk.clearAllMocks
 import io.mockk.every
 import io.mockk.junit5.MockKExtension
 import io.mockk.mockkStatic
@@ -80,7 +81,7 @@ class RunnerServiceIntegrationTest : CsmRedisTestBase() {
   @Autowired lateinit var rediSearchIndexer: RediSearchIndexer
   @Autowired lateinit var connectorApiService: ConnectorApiService
   @Autowired lateinit var organizationApiService: OrganizationApiService
-  @SpykBean @Autowired lateinit var datasetApiService: DatasetApiService
+  @SpykBean @Autowired lateinit var datasetApiService: DatasetApiServiceInterface
   @Autowired lateinit var datasetRepository: DatasetRepository
   @Autowired lateinit var solutionApiService: SolutionApiService
   @Autowired lateinit var workspaceApiService: WorkspaceApiService
@@ -128,6 +129,7 @@ class RunnerServiceIntegrationTest : CsmRedisTestBase() {
 
   @BeforeEach
   fun setUp() {
+    clearAllMocks()
     mockkStatic("com.cosmotech.api.utils.SecurityUtilsKt")
     every { getCurrentAccountIdentifier(any()) } returns CONNECTED_ADMIN_USER
     every { getCurrentAuthenticatedUserName(csmPlatformProperties) } returns "test.user"
@@ -1099,51 +1101,55 @@ class RunnerServiceIntegrationTest : CsmRedisTestBase() {
   @Test
   fun `when sharing a runner, the linked dataset default security should be set to at least viewer if the dataset isn't main`() {
     runnerSaved.datasetList!!.removeLast()
+    val linkedDatasets = mutableListOf<Dataset>()
     listOf(ROLE_NONE, ROLE_VIEWER, ROLE_USER, ROLE_EDITOR, ROLE_ADMIN).forEach { role ->
-      var linkedDataset =
+      linkedDatasets.add(
           datasetApiService.createDataset(
-              organizationSaved.id!!, makeDataset(isMain = false, default = role))
-      runnerSaved.datasetList!!.add(linkedDataset.id!!)
-      linkedDataset =
+              organizationSaved.id!!, makeDataset(isMain = false, default = role)))
+      linkedDatasets.add(
           datasetApiService.createDataset(
-              organizationSaved.id!!, makeDataset(isMain = true, default = role))
-      runnerSaved.datasetList!!.add(linkedDataset.id!!)
+              organizationSaved.id!!, makeDataset(isMain = true, default = role)))
     }
+    linkedDatasets.forEach { runnerSaved.datasetList!!.add(it.id!!) }
     runnerSaved =
         runnerApiService.updateRunner(
             organizationSaved.id!!, workspaceSaved.id!!, runnerSaved.id!!, runnerSaved)
+    every { datasetApiService.updateDefaultSecurity(any(), any(), any()) } returns Unit
+    every { datasetApiService.findByOrganizationIdAndDatasetId(any(), any()) } returnsMany
+        linkedDatasets
 
     runnerApiService.setRunnerDefaultSecurity(
         organizationSaved.id!!, workspaceSaved.id!!, runnerSaved.id!!, RunnerRole(ROLE_EDITOR))
 
-    verify(exactly = 1) {
-      datasetApiService.setDatasetDefaultSecurity(any(), any(), DatasetRole(ROLE_VIEWER))
-    }
+    // Only one result correspond, the dataset with default security none and main=false
+    verify(exactly = 1) { datasetApiService.updateDefaultSecurity(any(), any(), ROLE_VIEWER) }
   }
 
   @Test
   fun `when stopping sharing a scenario, the dataset default security should be set to none it's not higher than viewer and the dataset isn't main`() {
     runnerSaved.datasetList!!.removeLast()
+    val linkedDatasets = mutableListOf<Dataset>()
     listOf(ROLE_NONE, ROLE_VIEWER, ROLE_USER, ROLE_EDITOR, ROLE_ADMIN).forEach { role ->
-      var linkedDataset =
+      linkedDatasets.add(
           datasetApiService.createDataset(
-              organizationSaved.id!!, makeDataset(isMain = false, default = role))
-      runnerSaved.datasetList!!.add(linkedDataset.id!!)
-      linkedDataset =
+              organizationSaved.id!!, makeDataset(isMain = false, default = role)))
+      linkedDatasets.add(
           datasetApiService.createDataset(
-              organizationSaved.id!!, makeDataset(isMain = true, default = role))
-      runnerSaved.datasetList!!.add(linkedDataset.id!!)
+              organizationSaved.id!!, makeDataset(isMain = true, default = role)))
     }
+    linkedDatasets.forEach { runnerSaved.datasetList!!.add(it.id!!) }
     runnerSaved =
         runnerApiService.updateRunner(
             organizationSaved.id!!, workspaceSaved.id!!, runnerSaved.id!!, runnerSaved)
+    every { datasetApiService.updateDefaultSecurity(any(), any(), any()) } returns Unit
+    every { datasetApiService.findByOrganizationIdAndDatasetId(any(), any()) } returnsMany
+        linkedDatasets
 
     runnerApiService.setRunnerDefaultSecurity(
         organizationSaved.id!!, workspaceSaved.id!!, runnerSaved.id!!, RunnerRole(ROLE_NONE))
 
-    verify(exactly = 1) {
-      datasetApiService.setDatasetDefaultSecurity(any(), any(), DatasetRole(ROLE_NONE))
-    }
+    // Only one result correspond, the dataset with default security viewer and main=false
+    verify(exactly = 1) { datasetApiService.updateDefaultSecurity(any(), any(), ROLE_NONE) }
   }
 
   private fun makeConnector(name: String = "name"): Connector {

runner/src/integrationTest/kotlin/com/cosmotech/runner/service/RunnerServiceRBACTest.kt

@@ -25,7 +25,7 @@ import com.cosmotech.api.utils.getCurrentAuthenticatedUserName
 import com.cosmotech.connector.api.ConnectorApiService
 import com.cosmotech.connector.domain.Connector
 import com.cosmotech.connector.domain.IoTypesEnum
-import com.cosmotech.dataset.api.DatasetApiService
+import com.cosmotech.dataset.DatasetApiServiceInterface
 import com.cosmotech.dataset.domain.Dataset
 import com.cosmotech.dataset.domain.DatasetAccessControl
 import com.cosmotech.dataset.domain.DatasetConnector
@@ -56,6 +56,7 @@ import com.cosmotech.workspace.domain.WorkspaceSolution
 import com.ninjasquad.springmockk.SpykBean
 import com.redis.om.spring.RediSearchIndexer
 import com.redis.testcontainers.RedisStackContainer
+import io.mockk.clearAllMocks
 import io.mockk.every
 import io.mockk.junit5.MockKExtension
 import io.mockk.mockk
@@ -96,7 +97,7 @@ class RunnerServiceRBACTest : CsmRedisTestBase() {
   @Autowired lateinit var rediSearchIndexer: RediSearchIndexer
   @Autowired lateinit var connectorApiService: ConnectorApiService
   @Autowired lateinit var organizationApiService: OrganizationApiService
-  @SpykBean @Autowired lateinit var datasetApiService: DatasetApiService
+  @SpykBean @Autowired lateinit var datasetApiService: DatasetApiServiceInterface
   @Autowired lateinit var solutionApiService: SolutionApiService
   @Autowired lateinit var workspaceApiService: WorkspaceApiService
   @Autowired lateinit var runnerApiService: RunnerApiService
@@ -106,6 +107,7 @@ class RunnerServiceRBACTest : CsmRedisTestBase() {
 
   @BeforeEach
   fun setUp() {
+    clearAllMocks()
     mockkStatic("com.cosmotech.api.utils.SecurityUtilsKt")
     every { getCurrentAccountIdentifier(any()) } returns CONNECTED_ADMIN_USER
     every { getCurrentAuthenticatedUserName(csmPlatformProperties) } returns "test.user"
@@ -2369,6 +2371,9 @@ class RunnerServiceRBACTest : CsmRedisTestBase() {
                   datasetRepository.save(
                       datasetSaved.apply { ingestionStatus = IngestionStatusEnum.SUCCESS })
               materializeTwingraph(datasetSaved)
+              every { datasetApiService.updateDefaultSecurity(any(), any(), any()) } returns Unit
+              every { datasetApiService.findByOrganizationIdAndDatasetId(any(), any()) } returns
+                  datasetSaved
               val solution = makeSolution(organizationSaved.id!!, TEST_USER_MAIL, ROLE_ADMIN)
               val solutionSaved =
                   solutionApiService.createSolution(organizationSaved.id!!, solution)
@@ -2440,6 +2445,9 @@ class RunnerServiceRBACTest : CsmRedisTestBase() {
                   datasetRepository.save(
                       datasetSaved.apply { ingestionStatus = IngestionStatusEnum.SUCCESS })
               materializeTwingraph(datasetSaved)
+              every { datasetApiService.updateDefaultSecurity(any(), any(), any()) } returns Unit
+              every { datasetApiService.findByOrganizationIdAndDatasetId(any(), any()) } returns
+                  datasetSaved
               val solution = makeSolution(organizationSaved.id!!, TEST_USER_MAIL, ROLE_ADMIN)
               val solutionSaved =
                   solutionApiService.createSolution(organizationSaved.id!!, solution)
@@ -2511,6 +2519,9 @@ class RunnerServiceRBACTest : CsmRedisTestBase() {
                   datasetRepository.save(
                       datasetSaved.apply { ingestionStatus = IngestionStatusEnum.SUCCESS })
               materializeTwingraph(datasetSaved)
+              every { datasetApiService.updateDefaultSecurity(any(), any(), any()) } returns Unit
+              every { datasetApiService.findByOrganizationIdAndDatasetId(any(), any()) } returns
+                  datasetSaved
               val solution = makeSolution(organizationSaved.id!!, TEST_USER_MAIL, role)
               val solutionSaved =
                   solutionApiService.createSolution(organizationSaved.id!!, solution)
@@ -2581,6 +2592,9 @@ class RunnerServiceRBACTest : CsmRedisTestBase() {
               datasetSaved =
                   datasetRepository.save(
                       datasetSaved.apply { ingestionStatus = IngestionStatusEnum.SUCCESS })
+              every { datasetApiService.updateDefaultSecurity(any(), any(), any()) } returns Unit
+              every { datasetApiService.findByOrganizationIdAndDatasetId(any(), any()) } returns
+                  datasetSaved
               val solution = makeSolution(organizationSaved.id!!, TEST_USER_MAIL, ROLE_ADMIN)
               val solutionSaved =
                   solutionApiService.createSolution(organizationSaved.id!!, solution)
@@ -2647,6 +2661,9 @@ class RunnerServiceRBACTest : CsmRedisTestBase() {
               datasetSaved =
                   datasetRepository.save(
                       datasetSaved.apply { ingestionStatus = IngestionStatusEnum.SUCCESS })
+              every { datasetApiService.updateDefaultSecurity(any(), any(), any()) } returns Unit
+              every { datasetApiService.findByOrganizationIdAndDatasetId(any(), any()) } returns
+                  datasetSaved
               val solution = makeSolution(organizationSaved.id!!, TEST_USER_MAIL, ROLE_ADMIN)
               val solutionSaved =
                   solutionApiService.createSolution(organizationSaved.id!!, solution)

runner/src/main/kotlin/com/cosmotech/runner/service/RunnerService.kt

@@ -27,7 +27,6 @@ import com.cosmotech.api.utils.getCurrentAuthenticatedRoles
 import com.cosmotech.api.utils.getCurrentAuthenticatedUserName
 import com.cosmotech.dataset.DatasetApiServiceInterface
 import com.cosmotech.dataset.domain.Dataset
-import com.cosmotech.dataset.domain.DatasetRole
 import com.cosmotech.dataset.service.getRbac
 import com.cosmotech.organization.OrganizationApiServiceInterface
 import com.cosmotech.organization.domain.Organization
@@ -508,33 +507,29 @@ class RunnerService(
       // create a rbacSecurity object from runner Rbac by changing default value
       val rbacSecurity = csmRbac.setDefault(this.getRbacSecurity(), role, this.roleDefinition)
       this.setRbacSecurity(rbacSecurity)
-      //      this.runner.datasetList!!
-      //          .mapNotNull {
-      //            datasetApiService.findByOrganizationIdAndDatasetId(this.runner.organizationId!!,
-      // it)
-      //          }
-      //          .forEach { dataset ->
       updateLinkedDatasetDefaultSecurity(role)
-      //          }
     }
 
     private fun updateLinkedDatasetDefaultSecurity(role: String) {
-      var datasetRole = ROLE_NONE
-      if (role != ROLE_NONE) datasetRole = ROLE_VIEWER
+      var datasetRole = ROLE_VIEWER
+      if (role == ROLE_NONE) datasetRole = ROLE_NONE
       this.runner.datasetList!!.forEach { datasetId ->
         val linkedDataset =
-            datasetApiService.findDatasetById(this.runner.organizationId!!, datasetId)
-        // We do not want to lower the default security if it's higher than viewer
-        if (linkedDataset.security!!.default != ROLE_NONE && datasetRole == ROLE_VIEWER)
-            return@forEach Unit
-        if (linkedDataset.security!!.default != ROLE_NONE && datasetRole == ROLE_NONE)
-            return@forEach Unit
+            datasetApiService.findByOrganizationIdAndDatasetId(
+                this.runner.organizationId!!, datasetId)
+        if (linkedDataset!!.main == true) return@forEach
+        // If the dataset default security is different from none,
+        // Then it's already viewer or higher and doesn't need to change
+        if (datasetRole == ROLE_VIEWER && linkedDataset.security!!.default != ROLE_NONE)
+            return@forEach
+        // If the dataset default security is different from viewer,
+        // Then it's either already none or higher than viewer and doesn't need to change
+        if (datasetRole == ROLE_NONE && linkedDataset.security!!.default != ROLE_VIEWER)
+            return@forEach
         // Filter on dataset copy (because we do not want to update main dataset as it can be shared
-        // between scenarios)
-        if (linkedDataset.main != true) {
-          datasetApiService.setDatasetDefaultSecurity(
-              this.runner.organizationId!!, datasetId, DatasetRole(datasetRole))
-        }
+        // between runners)
+        datasetApiService.updateDefaultSecurity(
+            this.runner.organizationId!!, linkedDataset, datasetRole)
       }
     }
   }

scenario/src/integrationTest/kotlin/com/cosmotech/scenario/service/ScenarioServiceIntegrationTest.kt

@@ -50,6 +50,7 @@ import com.ninjasquad.springmockk.MockkBean
 import com.ninjasquad.springmockk.SpykBean
 import com.redis.om.spring.RediSearchIndexer
 import com.redis.testcontainers.RedisStackContainer
+import io.mockk.clearAllMocks
 import io.mockk.every
 import io.mockk.impl.annotations.MockK
 import io.mockk.junit5.MockKExtension
@@ -143,6 +144,7 @@ class ScenarioServiceIntegrationTest : CsmRedisTestBase() {
 
   @BeforeEach
   fun setUp() {
+    clearAllMocks()
     mockkStatic("com.cosmotech.api.utils.SecurityUtilsKt")
     every { getCurrentAccountIdentifier(any()) } returns CONNECTED_ADMIN_USER
     every { getCurrentAuthenticatedUserName(csmPlatformProperties) } returns "test.user"
@@ -1261,51 +1263,55 @@ class ScenarioServiceIntegrationTest : CsmRedisTestBase() {
   @Test
   fun `when sharing a scenario, the linked dataset default security should be set to at least viewer if the dataset isn't main`() {
     scenarioSaved.datasetList!!.removeLast()
+    val linkedDatasets = mutableListOf<Dataset>()
     listOf(ROLE_NONE, ROLE_VIEWER, ROLE_USER, ROLE_EDITOR, ROLE_ADMIN).forEach { role ->
-      var linkedDataset =
+      linkedDatasets.add(
           datasetApiService.createDataset(
-              organizationSaved.id!!, makeDataset(isMain = false, default = role))
-      scenarioSaved.datasetList!!.add(linkedDataset.id!!)
-      linkedDataset =
+              organizationSaved.id!!, makeDataset(isMain = false, default = role)))
+      linkedDatasets.add(
           datasetApiService.createDataset(
-              organizationSaved.id!!, makeDataset(isMain = true, default = role))
-      scenarioSaved.datasetList!!.add(linkedDataset.id!!)
+              organizationSaved.id!!, makeDataset(isMain = true, default = role)))
     }
+    linkedDatasets.forEach { scenarioSaved.datasetList!!.add(it.id!!) }
     scenarioSaved =
         scenarioApiService.updateScenario(
             organizationSaved.id!!, workspaceSaved.id!!, scenarioSaved.id!!, scenarioSaved)
+    every { datasetApiService.updateDefaultSecurity(any(), any(), any()) } returns Unit
+    every { datasetApiService.findByOrganizationIdAndDatasetId(any(), any()) } returnsMany
+        linkedDatasets
 
     scenarioApiService.setScenarioDefaultSecurity(
         organizationSaved.id!!, workspaceSaved.id!!, scenarioSaved.id!!, ScenarioRole(ROLE_EDITOR))
 
-    verify(exactly = 1) {
-      datasetApiService.setDatasetDefaultSecurity(any(), any(), DatasetRole(ROLE_VIEWER))
-    }
+    // Only one result correspond, the dataset with default security none and main=false
+    verify(exactly = 1) { datasetApiService.updateDefaultSecurity(any(), any(), ROLE_VIEWER) }
   }
 
   @Test
   fun `when stopping sharing a scenario, the dataset default security should be set to none it's not higher than viewer and the dataset isn't main`() {
     scenarioSaved.datasetList!!.removeLast()
+    val linkedDatasets = mutableListOf<Dataset>()
     listOf(ROLE_NONE, ROLE_VIEWER, ROLE_USER, ROLE_EDITOR, ROLE_ADMIN).forEach { role ->
-      var linkedDataset =
+      linkedDatasets.add(
           datasetApiService.createDataset(
-              organizationSaved.id!!, makeDataset(isMain = false, default = role))
-      scenarioSaved.datasetList!!.add(linkedDataset.id!!)
-      linkedDataset =
+              organizationSaved.id!!, makeDataset(isMain = false, default = role)))
+      linkedDatasets.add(
           datasetApiService.createDataset(
-              organizationSaved.id!!, makeDataset(isMain = true, default = role))
-      scenarioSaved.datasetList!!.add(linkedDataset.id!!)
+              organizationSaved.id!!, makeDataset(isMain = true, default = role)))
     }
+    linkedDatasets.forEach { scenarioSaved.datasetList!!.add(it.id!!) }
     scenarioSaved =
         scenarioApiService.updateScenario(
             organizationSaved.id!!, workspaceSaved.id!!, scenarioSaved.id!!, scenarioSaved)
+    every { datasetApiService.updateDefaultSecurity(any(), any(), any()) } returns Unit
+    every { datasetApiService.findByOrganizationIdAndDatasetId(any(), any()) } returnsMany
+        linkedDatasets
 
     scenarioApiService.setScenarioDefaultSecurity(
         organizationSaved.id!!, workspaceSaved.id!!, scenarioSaved.id!!, ScenarioRole(ROLE_NONE))
 
-    verify(exactly = 1) {
-      datasetApiService.setDatasetDefaultSecurity(any(), any(), DatasetRole(ROLE_NONE))
-    }
+    // Only one result correspond, the dataset with default security viewer and main=false
+    verify(exactly = 1) { datasetApiService.updateDefaultSecurity(any(), any(), ROLE_NONE) }
   }
 
   private fun makeWorkspaceEventHubInfo(eventHubAvailable: Boolean): WorkspaceEventHubInfo {