[RMZ-413] Fixes after cherry pick (from 3.1)

Author: jreynard-code

dataset/src/main/kotlin/com/cosmotech/dataset/service/DatasetServiceImpl.kt

@@ -579,7 +579,7 @@ class DatasetServiceImpl(
     val dataset = getVerifiedDataset(organizationId, datasetId, PERMISSION_DELETE)
 
     if (useGraphModule && unifiedJedis.exists(dataset.twingraphId!!)) {
-        unifiedJedis.del(dataset.twingraphId!!)
+      unifiedJedis.del(dataset.twingraphId!!)
     }
 
     dataset.linkedWorkspaceIdList?.forEach { unlinkWorkspace(organizationId, datasetId, it) }

dataset/src/test/kotlin/com/cosmotech/dataset/service/DatasetServiceImplTests.kt

@@ -413,12 +413,16 @@ class DatasetServiceImplTests {
 
   @Test
   fun `deleteDataset do not throw error - rbac is disabled`() {
-    val dataset = baseDataset().apply { twingraphId = "mytwingraphId" }
+    val twingraphIdValue = "mytwingraphId"
+    val dataset = baseDataset().apply { twingraphId = twingraphIdValue }
     every { organizationService.getVerifiedOrganization(ORGANIZATION_ID) } returns Organization()
     every { datasetRepository.findBy(ORGANIZATION_ID, DATASET_ID) } returns Optional.of(dataset)
+    every { datasetRepository.delete(dataset) } returns Unit
+    every { unifiedJedis.exists(twingraphIdValue) } returns true
+    every { unifiedJedis.del(twingraphIdValue) } returns 1L
     every { getCurrentAuthenticatedUserName(csmPlatformProperties) } returns "my.account-tester"
     datasetService.deleteDataset(ORGANIZATION_ID, DATASET_ID)
-    verify(exactly = 1) { datasetRepository.delete(any()) }
+    verify(exactly = 1) { datasetRepository.delete(dataset) }
   }
 
   @Test
@@ -465,20 +469,6 @@ class DatasetServiceImplTests {
     verify { unifiedJedis.graphQuery("graphId", graphQuery, 0) }
   }
 
-  @Test
-  fun `test processCSV - should create cypher requests by line`() {
-    val fileName = this::class.java.getResource("/Users.csv")?.file
-    val file = File(fileName!!)
-    val query =
-        DatasetTwinGraphQuery(
-            "CREATE (:Person {id: toInteger(\$id), name: \$name, rank: toInteger(\$rank), object: \$object})")
-    val result = TwinGraphBatchResult(0, 0, mutableListOf())
-    datasetService.processCSVBatch(file.inputStream(), query, result) { result.processedLines++ }
-    assertEquals(9, result.totalLines)
-    assertEquals(9, result.processedLines)
-    assertEquals(0, result.errors.size)
-  }
-
   @Test
   fun `test bulkQueryGraphs as Admin - should call query and set data to Redis`() {
     every { getCurrentAuthenticatedRoles(any()) } returns listOf("Platform.Admin")

runner/src/integrationTest/kotlin/com/cosmotech/runner/service/RunnerServiceIntegrationTest.kt

@@ -565,8 +565,7 @@ class RunnerServiceIntegrationTest : CsmRedisTestBase() {
             RunnerRole(ROLE_EDITOR))
     assertEquals(ROLE_EDITOR, runnerAccessControlRegistered.role)
 
-    logger.info(
-        "should let the Access Control as-is cause dataset ACL already contains info for this user")
+    logger.info("Should not change the datasets access control because ACL already exist on it")
     runnerSaved.datasetList!!.forEach {
       assertEquals(
           ROLE_VIEWER,

runner/src/integrationTest/kotlin/com/cosmotech/runner/service/RunnerServiceRBACTest.kt

@@ -62,6 +62,7 @@ import io.mockk.mockkStatic
 import java.util.*
 import kotlin.test.Test
 import kotlin.test.assertEquals
+import kotlin.test.assertTrue
 import org.junit.jupiter.api.BeforeEach
 import org.junit.jupiter.api.DynamicTest.dynamicTest
 import org.junit.jupiter.api.TestFactory
@@ -2770,83 +2771,92 @@ class RunnerServiceRBACTest : CsmRedisTestBase() {
           }
 
   @TestFactory
-  fun `test Dataset RBAC addRunnerAccessControl`() =
+  fun `test Dataset RBAC modification when addRunnerAccessControl is called on a runner`() =
       listOf(
               ROLE_VIEWER,
               ROLE_EDITOR,
               ROLE_VALIDATOR,
-              ROLE_USER,
-              ROLE_NONE,
               ROLE_ADMIN,
           )
           .map { role ->
-            dynamicTest("Test Dataset RBAC addRunnerAccessControl : $role") {
-              every { getCurrentAccountIdentifier(any()) } returns CONNECTED_ADMIN_USER
-              val connector = makeConnector()
-              val connectorSaved = connectorApiService.registerConnector(connector)
-              val organization = makeOrganizationWithRole(id = TEST_USER_MAIL, role = ROLE_ADMIN)
-              val organizationSaved = organizationApiService.registerOrganization(organization)
-              val dataset =
-                  makeDataset(organizationSaved.id!!, connectorSaved, TEST_USER_MAIL, role)
-              var datasetSaved = datasetApiService.createDataset(organizationSaved.id!!, dataset)
-              datasetSaved =
-                  datasetRepository.save(
-                      datasetSaved.apply { ingestionStatus = IngestionStatusEnum.SUCCESS })
-              every { datasetApiService.createSubDataset(any(), any(), any()) } returns datasetSaved
-              val solution = makeSolution(organizationSaved.id!!, TEST_USER_MAIL, ROLE_ADMIN)
-              val solutionSaved =
-                  solutionApiService.createSolution(organizationSaved.id!!, solution)
-              val workspace =
-                  makeWorkspaceWithRole(
-                      organizationSaved.id!!,
-                      solutionSaved.id!!,
-                      id = TEST_USER_MAIL,
-                      role = ROLE_ADMIN)
-              val workspaceSaved =
-                  workspaceApiService.createWorkspace(organizationSaved.id!!, workspace)
-              val runner =
-                  makeRunnerWithRole(
-                      organizationSaved.id!!,
-                      workspaceSaved.id!!,
-                      solutionSaved.id!!,
-                      mutableListOf(datasetSaved.id!!),
-                      id = TEST_USER_MAIL,
-                      role = ROLE_ADMIN)
-              val runnerSaved =
-                  runnerApiService.createRunner(organizationSaved.id!!, workspaceSaved.id!!, runner)
+            dynamicTest(
+                "Check Dataset RBAC modification " +
+                    "when addRunnerAccessControl is called on a runner with role : $role") {
+                  every { getCurrentAccountIdentifier(any()) } returns CONNECTED_ADMIN_USER
+                  val connector = makeConnector()
+                  val connectorSaved = connectorApiService.registerConnector(connector)
+                  val organization =
+                      makeOrganizationWithRole(id = TEST_USER_MAIL, role = ROLE_ADMIN)
+                  val organizationSaved = organizationApiService.registerOrganization(organization)
+                  val dataset =
+                      makeDataset(organizationSaved.id!!, connectorSaved, TEST_USER_MAIL, role)
+                  var datasetSaved =
+                      datasetApiService.createDataset(organizationSaved.id!!, dataset)
+                  datasetSaved =
+                      datasetRepository.save(
+                          datasetSaved.apply { ingestionStatus = IngestionStatusEnum.SUCCESS })
+                  every { datasetApiService.createSubDataset(any(), any(), any()) } returns
+                      datasetSaved
+                  val solution = makeSolution(organizationSaved.id!!, TEST_USER_MAIL, ROLE_ADMIN)
+                  val solutionSaved =
+                      solutionApiService.createSolution(organizationSaved.id!!, solution)
+                  val workspace =
+                      makeWorkspaceWithRole(
+                          organizationSaved.id!!,
+                          solutionSaved.id!!,
+                          id = TEST_USER_MAIL,
+                          role = ROLE_ADMIN)
+                  val workspaceSaved =
+                      workspaceApiService.createWorkspace(organizationSaved.id!!, workspace)
+                  val runner =
+                      makeRunnerWithRole(
+                          organizationSaved.id!!,
+                          workspaceSaved.id!!,
+                          solutionSaved.id!!,
+                          mutableListOf(datasetSaved.id!!),
+                          id = TEST_USER_MAIL,
+                          role = ROLE_ADMIN)
+                  val runnerSaved =
+                      runnerApiService.createRunner(
+                          organizationSaved.id!!, workspaceSaved.id!!, runner)
 
-              assertDoesNotThrow {
-                assertEquals(
-                    true,
-                    datasetSaved.security
-                        ?.accessControlList
-                        ?.filter { datasetAccessControl ->
-                          datasetAccessControl.id == TEST_USER_MAIL
-                        }
-                        ?.any { datasetAccessControl -> datasetAccessControl.role == role })
-
-                runnerApiService.addRunnerAccessControl(
-                    organizationSaved.id!!,
-                    workspaceSaved.id!!,
-                    runnerSaved.id!!,
-                    RunnerAccessControl(TEST_USER_MAIL, ROLE_ADMIN))
-
-                val datasetWithUpgradedACL =
-                    datasetApiService.findDatasetById(organizationSaved.id!!, datasetSaved.id!!)
-                assertEquals(
-                    true,
-                    datasetWithUpgradedACL.security
-                        ?.accessControlList
-                        ?.filter { datasetAccessControl ->
-                          datasetAccessControl.id == TEST_USER_MAIL
-                        }
-                        ?.any { datasetAccessControl -> datasetAccessControl.role == role })
-              }
-            }
+                  assertDoesNotThrow {
+                    assertTrue(
+                        datasetSaved.security
+                            ?.accessControlList
+                            ?.filter { datasetAccessControl ->
+                              datasetAccessControl.id == "[email protected]"
+                            }
+                            .isNullOrEmpty())
+
+                    runnerApiService.addRunnerAccessControl(
+                        organizationSaved.id!!,
+                        workspaceSaved.id!!,
+                        runnerSaved.id!!,
+                        RunnerAccessControl("[email protected]", role))
+
+                    val datasetWithUpgradedACL =
+                        datasetApiService.findDatasetById(organizationSaved.id!!, datasetSaved.id!!)
+                    var datasetRole = role
+                    if (role == ROLE_VALIDATOR) {
+                      datasetRole = ROLE_USER
+                    }
+                    assertEquals(
+                        true,
+                        datasetWithUpgradedACL.security
+                            ?.accessControlList
+                            ?.filter { datasetAccessControl ->
+                              datasetAccessControl.id == "[email protected]"
+                            }
+                            ?.any { datasetAccessControl ->
+                              datasetAccessControl.role == datasetRole
+                            })
+                  }
+                }
           }
 
   @Test
-  fun `test Dataset RBAC addRunnerAccessControl with new ACL entry`() {
+  fun `test addRunnerAccessControl when called on a runner with an user that do not exist in Dataset RBAC`() {
     every { getCurrentAccountIdentifier(any()) } returns CONNECTED_ADMIN_USER
     val connector = makeConnector()
     val connectorSaved = connectorApiService.registerConnector(connector)
@@ -2857,8 +2867,7 @@ class RunnerServiceRBACTest : CsmRedisTestBase() {
             organizationSaved.id!!, connectorSaved, id = "[email protected]", role = ROLE_NONE)
     var datasetSaved = datasetApiService.createDataset(organizationSaved.id!!, dataset)
     datasetSaved =
-        datasetRepository.save(
-            datasetSaved.apply { ingestionStatus = Dataset.IngestionStatus.SUCCESS })
+        datasetRepository.save(datasetSaved.apply { ingestionStatus = IngestionStatusEnum.SUCCESS })
     every { datasetApiService.createSubDataset(any(), any(), any()) } returns datasetSaved
 
     assertEquals(

runner/src/main/kotlin/com/cosmotech/runner/service/RunnerService.kt

@@ -24,8 +24,7 @@ import com.cosmotech.api.utils.getCurrentAccountIdentifier
 import com.cosmotech.api.utils.getCurrentAuthenticatedRoles
 import com.cosmotech.api.utils.getCurrentAuthenticatedUserName
 import com.cosmotech.dataset.DatasetApiServiceInterface
-import com.cosmotech.dataset.domain.DatasetAccessControl
-import com.cosmotech.dataset.domain.DatasetRole
+import com.cosmotech.dataset.domain.Dataset
 import com.cosmotech.dataset.service.getRbac
 import com.cosmotech.organization.OrganizationApiServiceInterface
 import com.cosmotech.organization.domain.Organization
@@ -249,13 +248,9 @@ class RunnerService(
           ?.mapNotNull {
             datasetApiService.findByOrganizationIdAndDatasetId(organization!!.id!!, it)
           }
-          ?.forEach { newDataset ->
+          ?.forEach { dataset ->
             this.runner.security?.accessControlList?.forEach { roleDefinition ->
-              val newDatasetAcl = newDataset.getRbac().accessControlList
-              if (newDatasetAcl.none { it.id == roleDefinition.id }) {
-                datasetApiService.addOrUpdateAccessControl(
-                    organization!!.id!!, newDataset, roleDefinition.id, roleDefinition.role)
-              }
+              addUserAccessControlOnDataset(dataset, roleDefinition)
             }
           }
     }
@@ -371,11 +366,7 @@ class RunnerService(
       this.runner.datasetList!!
           .mapNotNull { datasetApiService.findByOrganizationIdAndDatasetId(organizationId, it) }
           .forEach { dataset ->
-            val datasetAcl = dataset.getRbac().accessControlList
-            if (datasetAcl.none { it.id == userId }) {
-              datasetApiService.addOrUpdateAccessControl(
-                  organizationId, dataset, userId, datasetRole)
-            }
+            addUserAccessControlOnDataset(dataset, RunnerAccessControl(userId, datasetRole))
           }
     }
 
@@ -473,26 +464,6 @@ class RunnerService(
       return parametersValuesList
     }
 
-    private fun propagateAccessControlToDatasets(userId: String, role: String) {
-      this.runner.datasetList?.forEach { datasetId ->
-        propagateAccessControlToDataset(datasetId, userId, role)
-      }
-    }
-
-    private fun propagateAccessControlToDataset(datasetId: String, userId: String, role: String) {
-      val datasetRole = role.takeUnless { it == ROLE_VALIDATOR } ?: ROLE_USER
-      val organizationId = this.runner.organizationId!!
-
-      val datasetUsers = datasetApiService.getDatasetSecurityUsers(organizationId, datasetId)
-      if (datasetUsers.contains(userId)) {
-        datasetApiService.updateDatasetAccessControl(
-            organizationId, datasetId, userId, DatasetRole(datasetRole))
-      } else {
-        datasetApiService.addDatasetAccessControl(
-            organizationId, datasetId, DatasetAccessControl(userId, datasetRole))
-      }
-    }
-
     private fun removeAccessControlToDatasets(userId: String) {
       val organizationId = this.runner.organizationId!!
       this.runner.datasetList?.forEach { datasetId ->
@@ -514,4 +485,12 @@ class RunnerService(
       this.setRbacSecurity(rbacSecurity)
     }
   }
+
+  private fun addUserAccessControlOnDataset(dataset: Dataset, roleDefinition: RunnerAccessControl) {
+    val newDatasetAcl = dataset.getRbac().accessControlList
+    if (newDatasetAcl.none { it.id == roleDefinition.id }) {
+      datasetApiService.addOrUpdateAccessControl(
+          organization!!.id!!, dataset, roleDefinition.id, roleDefinition.role)
+    }
+  }
 }