Add dataset security inheritance logic to Runner creation

- Introduced dataset security inheritance in `RunnerService` to align access control between runners and parameter datasets.
- Refactored integration tests to validate inherited dataset security behavior.
- Updated test utilities to retrieve and validate dataset parts for additional test scenarios.

Author: jreynard-code

api/src/integrationTest/kotlin/com/cosmotech/api/home/ControllerTestUtils.kt

@@ -31,6 +31,7 @@ import org.springframework.http.MediaType
 import org.springframework.mock.web.MockMultipartFile
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
 import org.springframework.test.web.servlet.MockMvc
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.multipart
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post
 
@@ -375,6 +376,28 @@ class ControllerTestUtils {
           .getString("id")
     }
 
+    @JvmStatic
+    fun getDatasetPartsId(
+        mvc: MockMvc,
+        organizationId: String,
+        workspaceId: String,
+        datasetId: String,
+    ): Array<String> {
+      val parts =
+          JSONObject(
+                  mvc.perform(
+                          get(
+                                  "/organizations/$organizationId/workspaces/$workspaceId/datasets/$datasetId")
+                              .accept(MediaType.APPLICATION_JSON)
+                              .with(csrf()))
+                      .andReturn()
+                      .response
+                      .contentAsString)
+              .getJSONArray("parts")
+
+      return Array(parts.length()) { i -> parts.getJSONObject(i).getString("id") }
+    }
+
     @JvmStatic
     fun createDatasetPartAndReturnId(
         mvc: MockMvc,
@@ -417,6 +440,7 @@ class ControllerTestUtils {
 
     fun constructDatasetCreateRequest(
         name: String = DATASET_NAME,
+        datasetPartName: String = DATASET_PART_NAME,
         security: DatasetSecurity? = null
     ): DatasetCreateRequest {
       return DatasetCreateRequest(
@@ -427,7 +451,7 @@ class ControllerTestUtils {
           parts =
               mutableListOf(
                   DatasetPartCreateRequest(
-                      name = DATASET_PART_NAME,
+                      name = datasetPartName,
                       description = DATASET_PART_DESCRIPTION,
                       tags = mutableListOf("tag_part1", "tag_part2"),
                       type = DatasetPartTypeEnum.File,

api/src/integrationTest/kotlin/com/cosmotech/api/home/runner/RunnerControllerTests.kt

@@ -9,6 +9,7 @@ import com.cosmotech.api.home.Constants.PLATFORM_ADMIN_EMAIL
 import com.cosmotech.api.home.ControllerTestBase
 import com.cosmotech.api.home.ControllerTestUtils.DatasetUtils.constructDatasetCreateRequest
 import com.cosmotech.api.home.ControllerTestUtils.DatasetUtils.createDatasetAndReturnId
+import com.cosmotech.api.home.ControllerTestUtils.DatasetUtils.getDatasetPartsId
 import com.cosmotech.api.home.ControllerTestUtils.OrganizationUtils.constructOrganizationCreateRequest
 import com.cosmotech.api.home.ControllerTestUtils.OrganizationUtils.createOrganizationAndReturnId
 import com.cosmotech.api.home.ControllerTestUtils.RunnerUtils.constructRunnerObject
@@ -19,6 +20,7 @@ import com.cosmotech.api.home.ControllerTestUtils.SolutionUtils.createSolutionAn
 import com.cosmotech.api.home.ControllerTestUtils.WorkspaceUtils.constructWorkspaceCreateRequest
 import com.cosmotech.api.home.ControllerTestUtils.WorkspaceUtils.createWorkspaceAndReturnId
 import com.cosmotech.api.home.annotations.WithMockOauth2User
+import com.cosmotech.api.home.dataset.DatasetConstants.TEST_FILE_NAME
 import com.cosmotech.api.home.organization.OrganizationConstants
 import com.cosmotech.api.home.runner.RunnerConstants.NEW_USER_ID
 import com.cosmotech.api.home.runner.RunnerConstants.NEW_USER_ROLE
@@ -36,17 +38,17 @@ import com.cosmotech.solution.domain.RunTemplateCreateRequest
 import com.cosmotech.solution.domain.RunTemplateParameterCreateRequest
 import com.cosmotech.solution.domain.RunTemplateParameterGroupCreateRequest
 import com.cosmotech.solution.domain.RunTemplateResourceSizing
+import com.cosmotech.workspace.domain.WorkspaceSolution
+import com.cosmotech.workspace.domain.WorkspaceUpdateRequest
 import com.ninjasquad.springmockk.SpykBean
 import io.mockk.every
-import org.apache.commons.io.IOUtils
 import org.json.JSONObject
 import org.junit.jupiter.api.BeforeEach
 import org.junit.jupiter.api.Test
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.context.SpringBootTest
 import org.springframework.http.MediaType
-import org.springframework.mock.web.MockMultipartFile
 import org.springframework.restdocs.mockmvc.MockMvcRestDocumentation.document
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
 import org.springframework.test.context.ActiveProfiles
@@ -71,7 +73,7 @@ class RunnerControllerTests : ControllerTestBase() {
   private val solutionParameterDefaultValue1 = "this_is_a_default_value"
   private val solutionParameterVarType1 = "string"
   private val solutionParameterId2 = "param2"
-  private val solutionParameterDefaultValue2 = "my_folder_test/test.txt"
+  private val solutionParameterDefaultValue2 = "ignored_value_with_this_varType"
 
   @BeforeEach
   fun beforeEach() {
@@ -130,24 +132,29 @@ class RunnerControllerTests : ControllerTestBase() {
     workspaceId =
         createWorkspaceAndReturnId(
             mvc, organizationId, constructWorkspaceCreateRequest(solutionId = solutionId))
-    datasetId =
-        createDatasetAndReturnId(mvc, organizationId, workspaceId, constructDatasetCreateRequest())
 
-    val fileName = "test.txt"
-    val fileToUpload =
-        this::class.java.getResourceAsStream("/solution/$fileName")
-            ?: throw IllegalStateException(
-                "$fileName file used for organizations/{organization_id}/solutions/{solution_id}/files/POST endpoint documentation cannot be null")
+    datasetId =
+        createDatasetAndReturnId(
+            mvc,
+            organizationId,
+            workspaceId,
+            constructDatasetCreateRequest(datasetPartName = solutionParameterId2))
 
-    val mockFile =
-        MockMultipartFile(
-            "file", fileName, MediaType.TEXT_PLAIN_VALUE, IOUtils.toByteArray(fileToUpload))
+    val datasetParts = getDatasetPartsId(mvc, organizationId, workspaceId, datasetId)
 
     mvc.perform(
-            multipart("/organizations/$organizationId/solutions/$solutionId/files")
-                .file(mockFile)
-                .param("overwrite", "true")
-                .param("destination", "my_folder_test/test.txt")
+            patch("/organizations/$organizationId/workspaces/$workspaceId")
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(
+                    JSONObject(
+                            WorkspaceUpdateRequest(
+                                solution =
+                                    WorkspaceSolution(
+                                        solutionId = solutionId,
+                                        datasetId = datasetId,
+                                        defaultParameterValues =
+                                            mutableMapOf(solutionParameterId2 to datasetParts[0]))))
+                        .toString())
                 .accept(MediaType.APPLICATION_JSON)
                 .with(csrf()))
         .andExpect(status().is2xxSuccessful)
@@ -320,9 +327,7 @@ class RunnerControllerTests : ControllerTestBase() {
         .andExpect(jsonPath("$.datasets.bases").value(datasetList))
         .andExpect(jsonPath("$.datasets.parameters[0].name").value(solutionParameterId2))
         .andExpect(jsonPath("$.datasets.parameters[0].type").value(DatasetPartTypeEnum.File.name))
-        .andExpect(
-            jsonPath("$.datasets.parameters[0].sourceName")
-                .value(solutionParameterDefaultValue2.substringAfterLast("/")))
+        .andExpect(jsonPath("$.datasets.parameters[0].sourceName").value(TEST_FILE_NAME))
         .andExpect(jsonPath("$.security.default").value(ROLE_NONE))
         .andExpect(jsonPath("$.runSizing.requests.cpu").value("cpu_requests"))
         .andExpect(jsonPath("$.runSizing.requests.memory").value("memory_requests"))

api/src/integrationTest/kotlin/com/cosmotech/api/home/solution/SolutionControllerTests.kt

@@ -25,14 +25,12 @@ import com.cosmotech.solution.api.SolutionApiService
 import com.cosmotech.solution.domain.*
 import io.mockk.every
 import io.mockk.mockk
-import org.apache.commons.io.IOUtils
 import org.json.JSONObject
 import org.junit.jupiter.api.BeforeEach
 import org.junit.jupiter.api.Test
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.context.SpringBootTest
 import org.springframework.http.MediaType
-import org.springframework.mock.web.MockMultipartFile
 import org.springframework.restdocs.mockmvc.MockMvcRestDocumentation.document
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
 import org.springframework.test.context.ActiveProfiles
@@ -1413,135 +1411,4 @@ class SolutionControllerTests : ControllerTestBase() {
         .andDo(
             document("organizations/{organization_id}/solutions/{solution_id}/security/users/GET"))
   }
-
-  @Test
-  @WithMockOauth2User
-  fun get_solution_files() {
-
-    val solutionId =
-        createSolutionAndReturnId(mvc, organizationId, constructSolutionCreateRequest())
-
-    mvc.perform(
-            get("/organizations/$organizationId/solutions/$solutionId/files")
-                .contentType(MediaType.APPLICATION_JSON))
-        .andExpect(status().is2xxSuccessful)
-        .andDo(MockMvcResultHandlers.print())
-        .andDo(document("organizations/{organization_id}/solutions/{solution_id}/files/GET"))
-  }
-
-  @Test
-  @WithMockOauth2User
-  fun create_solution_files() {
-    val solutionId =
-        createSolutionAndReturnId(mvc, organizationId, constructSolutionCreateRequest())
-    val fileName = "test.txt"
-    val fileToUpload =
-        this::class.java.getResourceAsStream("/solution/$fileName")
-            ?: throw IllegalStateException(
-                "$fileName file used for organizations/{organization_id}/solutions/{solution_id}/files/POST endpoint documentation cannot be null")
-
-    val mockFile =
-        MockMultipartFile(
-            "file", fileName, MediaType.TEXT_PLAIN_VALUE, IOUtils.toByteArray(fileToUpload))
-
-    mvc.perform(
-            multipart("/organizations/$organizationId/solutions/$solutionId/files")
-                .file(mockFile)
-                .param("overwrite", "true")
-                .param("destination", "path/to/a/directory/")
-                .accept(MediaType.APPLICATION_JSON)
-                .with(csrf()))
-        .andExpect(status().is2xxSuccessful)
-        .andExpect(jsonPath("$.fileName").value("path/to/a/directory/$fileName"))
-        .andDo(MockMvcResultHandlers.print())
-        .andDo(document("organizations/{organization_id}/solutions/{solution_id}/files/POST"))
-  }
-
-  @Test
-  @WithMockOauth2User
-  fun delete_solution_files() {
-
-    val solutionId =
-        createSolutionAndReturnId(mvc, organizationId, constructSolutionCreateRequest())
-
-    mvc.perform(
-            delete("/organizations/$organizationId/solutions/$solutionId/files")
-                .accept(MediaType.APPLICATION_JSON)
-                .with(csrf()))
-        .andExpect(status().is2xxSuccessful)
-        .andDo(MockMvcResultHandlers.print())
-        .andDo(document("organizations/{organization_id}/solutions/{solution_id}/files/DELETE"))
-  }
-
-  @Test
-  @WithMockOauth2User
-  fun delete_solution_file() {
-    val solutionId =
-        createSolutionAndReturnId(mvc, organizationId, constructSolutionCreateRequest())
-
-    val fileName = "test.txt"
-    val fileToUpload =
-        this::class.java.getResourceAsStream("/solution/$fileName")
-            ?: throw IllegalStateException(
-                "$fileName file used for organizations/{organization_id}/solutions/{solution_id}/files/POST endpoint documentation cannot be null")
-
-    val mockFile =
-        MockMultipartFile(
-            "file", fileName, MediaType.TEXT_PLAIN_VALUE, IOUtils.toByteArray(fileToUpload))
-
-    val destination = "path/to/a/directory/"
-    mvc.perform(
-        multipart("/organizations/$organizationId/solutions/$solutionId/files")
-            .file(mockFile)
-            .param("overwrite", "true")
-            .param("destination", destination)
-            .accept(MediaType.APPLICATION_JSON)
-            .with(csrf()))
-
-    mvc.perform(
-            delete("/organizations/$organizationId/solutions/$solutionId/files/delete")
-                .param("file_name", destination + fileName)
-                .accept(MediaType.APPLICATION_JSON)
-                .with(csrf()))
-        .andExpect(status().is2xxSuccessful)
-        .andDo(MockMvcResultHandlers.print())
-        .andDo(
-            document("organizations/{organization_id}/solutions/{solution_id}/files/delete/DELETE"))
-  }
-
-  @Test
-  @WithMockOauth2User
-  fun download_solution_file() {
-
-    val solutionId =
-        createSolutionAndReturnId(mvc, organizationId, constructSolutionCreateRequest())
-
-    val fileName = "test.txt"
-    val fileToUpload =
-        this::class.java.getResourceAsStream("/solution/$fileName")
-            ?: throw IllegalStateException(
-                "$fileName file used for organizations/{organization_id}/solutions/{solution_id}/files/POST endpoint documentation cannot be null")
-
-    val mockFile =
-        MockMultipartFile(
-            "file", fileName, MediaType.TEXT_PLAIN_VALUE, IOUtils.toByteArray(fileToUpload))
-
-    val destination = "path/to/a/directory/"
-    mvc.perform(
-        multipart("/organizations/$organizationId/solutions/$solutionId/files")
-            .file(mockFile)
-            .param("overwrite", "true")
-            .param("destination", destination)
-            .accept(MediaType.APPLICATION_JSON)
-            .with(csrf()))
-
-    mvc.perform(
-            get("/organizations/$organizationId/solutions/$solutionId/files/download")
-                .param("file_name", destination + fileName)
-                .accept(MediaType.APPLICATION_OCTET_STREAM))
-        .andExpect(status().is2xxSuccessful)
-        .andDo(MockMvcResultHandlers.print())
-        .andDo(
-            document("organizations/{organization_id}/solutions/{solution_id}/files/download/GET"))
-  }
 }

api/src/integrationTest/resources/solution/test.txt

@@ -58,7 +58,7 @@ version = scmVersion.version
 
 // Dependencies version
 val kotlinJvmTarget = 21
-val cosmotechApiCommonVersion = "2.1.2-JREY-split_datasetList_on_runner-SNAPSHOT"
+val cosmotechApiCommonVersion = "2.1.1-SNAPSHOT"
 val redisOmSpringVersion = "0.9.7"
 val kotlinCoroutinesVersion = "1.10.2"
 val oktaSpringBootVersion = "3.0.7"
@@ -128,7 +128,6 @@ allprojects {
   configurations { all { resolutionStrategy { force("com.redis.om:redis-om-spring:0.9.10") } } }
 
   repositories {
-    mavenLocal()
     maven {
       name = "GitHubPackages"
       url = uri("https://maven.pkg.github.com/Cosmo-Tech/cosmotech-api-common")

build.gradle.kts

@@ -296,7 +296,7 @@ class DatasetServiceIntegrationTest() : CsmTestBase() {
         }
 
     assertEquals(
-        "Invalid filename: '$WRONG_ORIGINAL_FILE_NAME'. '..' and '/' are not allowed",
+        "Invalid filename: '$WRONG_ORIGINAL_FILE_NAME'. File name should neither contains '..' nor starts by '/'.",
         exception.message)
   }
 
@@ -1083,7 +1083,7 @@ class DatasetServiceIntegrationTest() : CsmTestBase() {
                   type = DatasetPartTypeEnum.File))
         }
     assertEquals(
-        "Invalid filename: '$WRONG_ORIGINAL_FILE_NAME'. '..' and '/' are not allowed",
+        "Invalid filename: '$WRONG_ORIGINAL_FILE_NAME'. File name should neither contains '..' nor starts by '/'.",
         exception.message)
   }
 
@@ -1858,7 +1858,7 @@ class DatasetServiceIntegrationTest() : CsmTestBase() {
               arrayOf(wrongTypeMockMultipartFile))
         }
     assertEquals(
-        "Invalid filename: '$WRONG_ORIGINAL_FILE_NAME'. '..' and '/' are not allowed",
+        "Invalid filename: '$WRONG_ORIGINAL_FILE_NAME'. File name should neither contains '..' nor starts by '/'.",
         exception.message)
   }
 
@@ -2126,7 +2126,7 @@ class DatasetServiceIntegrationTest() : CsmTestBase() {
               datasetPartUpdateRequest)
         }
     assertEquals(
-        "Invalid filename: '$WRONG_ORIGINAL_FILE_NAME'. '..' and '/' are not allowed",
+        "Invalid filename: '$WRONG_ORIGINAL_FILE_NAME'. File name should neither contains '..' nor starts by '/'.",
         exception.message)
   }