feat: removing runner from scenario won't remove him from linked main datasets

Author: Leopold-Cramer

runner/src/integrationTest/kotlin/com/cosmotech/runner/service/RunnerServiceIntegrationTest.kt

@@ -581,6 +581,39 @@ class RunnerServiceIntegrationTest : CsmRedisTestBase() {
 
   @Test
   fun `test AccessControls management on Runner as ressource Admin`() {
+    dataset = makeDataset(organizationSaved.id!!, "Dataset", connectorSaved, false)
+    datasetSaved = datasetApiService.createDataset(organizationSaved.id!!, dataset)
+    materializeTwingraph()
+
+    solution = makeSolution(organizationSaved.id!!)
+    solutionSaved = solutionApiService.createSolution(organizationSaved.id!!, solution)
+
+    workspace = makeWorkspace(organizationSaved.id!!, solutionSaved.id!!, "Workspace")
+    workspaceSaved = workspaceApiService.createWorkspace(organizationSaved.id!!, workspace)
+
+    parentRunner =
+        makeRunner(
+            organizationSaved.id!!,
+            workspaceSaved.id!!,
+            solutionSaved.id!!,
+            "RunnerParent",
+            mutableListOf(datasetSaved.id!!),
+            parametersValues = mutableListOf(runTemplateParameterValue1))
+
+    parentRunnerSaved =
+        runnerApiService.createRunner(organizationSaved.id!!, workspaceSaved.id!!, parentRunner)
+
+    runner =
+        makeRunner(
+            organizationSaved.id!!,
+            workspaceSaved.id!!,
+            solutionSaved.id!!,
+            name = "Runner",
+            parentId = parentRunnerSaved.id!!,
+            datasetList = mutableListOf(datasetSaved.id!!),
+            parametersValues = mutableListOf(runTemplateParameterValue2))
+
+    runnerSaved = runnerApiService.createRunner(organizationSaved.id!!, workspaceSaved.id!!, runner)
     logger.info("should add an Access Control and assert it has been added")
     val runnerAccessControl = RunnerAccessControl(TEST_USER_MAIL, ROLE_VIEWER)
     var runnerAccessControlRegistered =
@@ -647,6 +680,41 @@ class RunnerServiceIntegrationTest : CsmRedisTestBase() {
 
   @Test
   fun `test AccessControls management on Runner as Unauthorized User`() {
+
+    dataset = makeDataset(organizationSaved.id!!, "Dataset", connectorSaved, isMain = false)
+    datasetSaved = datasetApiService.createDataset(organizationSaved.id!!, dataset)
+    materializeTwingraph()
+
+    solution = makeSolution(organizationSaved.id!!)
+    solutionSaved = solutionApiService.createSolution(organizationSaved.id!!, solution)
+
+    workspace = makeWorkspace(organizationSaved.id!!, solutionSaved.id!!, "Workspace")
+    workspaceSaved = workspaceApiService.createWorkspace(organizationSaved.id!!, workspace)
+
+    parentRunner =
+        makeRunner(
+            organizationSaved.id!!,
+            workspaceSaved.id!!,
+            solutionSaved.id!!,
+            "RunnerParent",
+            mutableListOf(datasetSaved.id!!),
+            parametersValues = mutableListOf(runTemplateParameterValue1))
+
+    parentRunnerSaved =
+        runnerApiService.createRunner(organizationSaved.id!!, workspaceSaved.id!!, parentRunner)
+
+    runner =
+        makeRunner(
+            organizationSaved.id!!,
+            workspaceSaved.id!!,
+            solutionSaved.id!!,
+            name = "Runner",
+            parentId = parentRunnerSaved.id!!,
+            datasetList = mutableListOf(datasetSaved.id!!),
+            parametersValues = mutableListOf(runTemplateParameterValue2))
+
+    runnerSaved = runnerApiService.createRunner(organizationSaved.id!!, workspaceSaved.id!!, runner)
+
     every { getCurrentAccountIdentifier(any()) } returns CONNECTED_READER_USER
 
     logger.info("should throw CsmAccessForbiddenException when trying to add RunnerAccessControl")

runner/src/integrationTest/kotlin/com/cosmotech/runner/service/RunnerServiceRBACTest.kt

@@ -3563,7 +3563,7 @@ class RunnerServiceRBACTest : CsmRedisTestBase() {
               val organization = makeOrganizationWithRole(id = TEST_USER_MAIL, role = ROLE_ADMIN)
               val organizationSaved = organizationApiService.registerOrganization(organization)
               val dataset =
-                  makeDataset(organizationSaved.id!!, connectorSaved, TEST_USER_MAIL, role)
+                  makeDataset(organizationSaved.id!!, connectorSaved, TEST_USER_MAIL, role, false)
               var datasetSaved = datasetApiService.createDataset(organizationSaved.id!!, dataset)
               datasetSaved =
                   datasetRepository.save(
@@ -4576,7 +4576,13 @@ class RunnerServiceRBACTest : CsmRedisTestBase() {
         ioTypes = listOf(IoTypesEnum.read))
   }
 
-  fun makeDataset(organizationId: String, connector: Connector, id: String, role: String): Dataset {
+  fun makeDataset(
+      organizationId: String,
+      connector: Connector,
+      id: String,
+      role: String,
+      isMain: Boolean = true
+  ): Dataset {
     return Dataset(
         name = "Dataset",
         organizationId = organizationId,
@@ -4588,6 +4594,7 @@ class RunnerServiceRBACTest : CsmRedisTestBase() {
                 name = connector.name,
                 version = connector.version,
             ),
+        main = isMain,
         security =
             DatasetSecurity(
                 default = ROLE_NONE,

runner/src/main/kotlin/com/cosmotech/runner/service/RunnerService.kt

@@ -491,9 +491,10 @@ class RunnerService(
     private fun removeAccessControlToDatasets(userId: String) {
       val organizationId = this.runner.organizationId!!
       this.runner.datasetList!!.forEach { datasetId ->
-        val datasetACL =
-            datasetApiService.findDatasetById(organizationId, datasetId).getRbac().accessControlList
+        val dataset = datasetApiService.findDatasetById(organizationId, datasetId)
+        if (dataset.main!!) return@forEach
 
+        val datasetACL = dataset.getRbac().accessControlList
         if (datasetACL.any { it.id == userId })
             datasetApiService.removeDatasetAccessControl(organizationId, datasetId, userId)
       }