Skip to content

Commit 9c0f2a8

Browse files
author
Dennis Labordus
authored
Merge pull request #60 from com-pas/advanced_api_security
Added advanced role authorisation to project.
2 parents e84c5ee + a6ab738 commit 9c0f2a8

File tree

7 files changed

+495
-44
lines changed

7 files changed

+495
-44
lines changed

app/src/main/java/org/lfenergy/compas/scl/data/rest/Constants.java

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,8 @@ private Constants() {
1111
public static final String ID_PATH_PARAM = "id";
1212
public static final String VERSION_PATH_PARAM = "version";
1313

14-
public static final String READ_ROLE = "Read";
15-
public static final String CREATE_ROLE = "Create";
16-
public static final String UPDATE_ROLE = "Update";
17-
public static final String DELETE_ROLE = "Delete";
14+
public static final String READ_ROLE = "READ";
15+
public static final String CREATE_ROLE = "CREATE";
16+
public static final String UPDATE_ROLE = "UPDATE";
17+
public static final String DELETE_ROLE = "DELETE";
1818
}

app/src/main/java/org/lfenergy/compas/scl/data/rest/v1/CompasCommonResource.java

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,31 +3,45 @@
33
// SPDX-License-Identifier: Apache-2.0
44
package org.lfenergy.compas.scl.data.rest.v1;
55

6+
import io.quarkus.security.Authenticated;
7+
import io.quarkus.security.identity.SecurityIdentity;
68
import org.lfenergy.compas.scl.data.model.SclType;
79
import org.lfenergy.compas.scl.data.rest.v1.model.Type;
810
import org.lfenergy.compas.scl.data.rest.v1.model.TypeListResponse;
911

10-
import javax.annotation.security.RolesAllowed;
12+
import javax.enterprise.context.RequestScoped;
13+
import javax.inject.Inject;
1114
import javax.ws.rs.GET;
1215
import javax.ws.rs.Path;
1316
import javax.ws.rs.Produces;
1417
import javax.ws.rs.core.MediaType;
1518
import java.util.Arrays;
19+
import java.util.Comparator;
1620
import java.util.stream.Collectors;
1721

1822
import static org.lfenergy.compas.scl.data.rest.Constants.READ_ROLE;
1923

24+
@Authenticated
25+
@RequestScoped
2026
@Path("/common/v1/")
2127
public class CompasCommonResource {
28+
@Inject
29+
SecurityIdentity securityIdentity;
30+
2231
@GET
2332
@Path("/type/list")
24-
@RolesAllowed(READ_ROLE)
2533
@Produces(MediaType.APPLICATION_XML)
2634
public TypeListResponse list() {
35+
// Retrieve the roles the loggedin user has.
36+
var roles = securityIdentity.getRoles();
37+
2738
var response = new TypeListResponse();
2839
response.setTypes(
2940
Arrays.stream(SclType.values())
41+
// Filter on the type the user has read rights.
42+
.filter(sclType -> roles.contains(sclType.name() + "_" + READ_ROLE))
3043
.map(sclType -> new Type(sclType.name(), sclType.getDescription()))
44+
.sorted(Comparator.comparing(Type::getDescription))
3145
.collect(Collectors.toList()));
3246
return response;
3347
}

app/src/main/java/org/lfenergy/compas/scl/data/rest/v1/CompasSclDataResource.java

Lines changed: 9 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -3,13 +3,14 @@
33
// SPDX-License-Identifier: Apache-2.0
44
package org.lfenergy.compas.scl.data.rest.v1;
55

6+
import io.quarkus.security.Authenticated;
67
import org.lfenergy.compas.core.commons.ElementConverter;
78
import org.lfenergy.compas.scl.data.model.SclType;
89
import org.lfenergy.compas.scl.data.model.Version;
910
import org.lfenergy.compas.scl.data.rest.v1.model.*;
1011
import org.lfenergy.compas.scl.data.service.CompasSclDataService;
1112

12-
import javax.annotation.security.RolesAllowed;
13+
import javax.enterprise.context.RequestScoped;
1314
import javax.inject.Inject;
1415
import javax.validation.Valid;
1516
import javax.ws.rs.*;
@@ -18,19 +19,21 @@
1819

1920
import static org.lfenergy.compas.scl.data.rest.Constants.*;
2021

22+
@Authenticated
23+
@RequestScoped
2124
@Path("/scl/v1/{" + TYPE_PATH_PARAM + "}")
2225
public class CompasSclDataResource {
23-
private CompasSclDataService compasSclDataService;
24-
25-
private ElementConverter converter = new ElementConverter();
26+
private final CompasSclDataService compasSclDataService;
27+
private final ElementConverter converter;
2628

2729
@Inject
28-
public CompasSclDataResource(CompasSclDataService compasSclDataService) {
30+
public CompasSclDataResource(CompasSclDataService compasSclDataService,
31+
ElementConverter converter) {
2932
this.compasSclDataService = compasSclDataService;
33+
this.converter = converter;
3034
}
3135

3236
@POST
33-
@RolesAllowed(CREATE_ROLE)
3437
@Consumes(MediaType.APPLICATION_XML)
3538
@Produces(MediaType.APPLICATION_XML)
3639
public CreateResponse create(@PathParam(TYPE_PATH_PARAM) SclType type,
@@ -42,7 +45,6 @@ public CreateResponse create(@PathParam(TYPE_PATH_PARAM) SclType type,
4245

4346
@GET
4447
@Path("/list")
45-
@RolesAllowed(READ_ROLE)
4648
@Produces(MediaType.APPLICATION_XML)
4749
public ListResponse list(@PathParam(TYPE_PATH_PARAM) SclType type) {
4850
var response = new ListResponse();
@@ -52,7 +54,6 @@ public ListResponse list(@PathParam(TYPE_PATH_PARAM) SclType type) {
5254

5355
@GET
5456
@Path("/{" + ID_PATH_PARAM + "}/versions")
55-
@RolesAllowed(READ_ROLE)
5657
@Produces(MediaType.APPLICATION_XML)
5758
public VersionsResponse listVersionsByUUID(@PathParam(TYPE_PATH_PARAM) SclType type,
5859
@PathParam(ID_PATH_PARAM) UUID id) {
@@ -63,7 +64,6 @@ public VersionsResponse listVersionsByUUID(@PathParam(TYPE_PATH_PARAM) SclType t
6364

6465
@GET
6566
@Path("/{" + ID_PATH_PARAM + "}")
66-
@RolesAllowed(READ_ROLE)
6767
@Produces(MediaType.APPLICATION_XML)
6868
public GetResponse findByUUID(@PathParam(TYPE_PATH_PARAM) SclType type,
6969
@PathParam(ID_PATH_PARAM) UUID id) {
@@ -74,7 +74,6 @@ public GetResponse findByUUID(@PathParam(TYPE_PATH_PARAM) SclType type,
7474

7575
@GET
7676
@Path("/{" + ID_PATH_PARAM + "}/{" + VERSION_PATH_PARAM + "}")
77-
@RolesAllowed(READ_ROLE)
7877
@Produces(MediaType.APPLICATION_XML)
7978
public GetResponse findByUUIDAndVersion(@PathParam(TYPE_PATH_PARAM) SclType type,
8079
@PathParam(ID_PATH_PARAM) UUID id,
@@ -86,7 +85,6 @@ public GetResponse findByUUIDAndVersion(@PathParam(TYPE_PATH_PARAM) SclType type
8685

8786
@GET
8887
@Path("/{" + ID_PATH_PARAM + "}/scl")
89-
@RolesAllowed(READ_ROLE)
9088
@Produces(MediaType.APPLICATION_XML)
9189
public String findRawSCLByUUID(@PathParam(TYPE_PATH_PARAM) SclType type,
9290
@PathParam(ID_PATH_PARAM) UUID id) {
@@ -96,7 +94,6 @@ public String findRawSCLByUUID(@PathParam(TYPE_PATH_PARAM) SclType type,
9694

9795
@GET
9896
@Path("/{" + ID_PATH_PARAM + "}/{" + VERSION_PATH_PARAM + "}/scl")
99-
@RolesAllowed(READ_ROLE)
10097
@Produces(MediaType.APPLICATION_XML)
10198
public String findRawSCLByUUIDAndVersion(@PathParam(TYPE_PATH_PARAM) SclType type,
10299
@PathParam(ID_PATH_PARAM) UUID id,
@@ -107,7 +104,6 @@ public String findRawSCLByUUIDAndVersion(@PathParam(TYPE_PATH_PARAM) SclType typ
107104

108105
@PUT
109106
@Path("/{" + ID_PATH_PARAM + "}")
110-
@RolesAllowed(UPDATE_ROLE)
111107
@Consumes(MediaType.APPLICATION_XML)
112108
@Produces(MediaType.APPLICATION_XML)
113109
public void update(@PathParam(TYPE_PATH_PARAM) SclType type,
@@ -118,7 +114,6 @@ public void update(@PathParam(TYPE_PATH_PARAM) SclType type,
118114

119115
@DELETE
120116
@Path("/{" + ID_PATH_PARAM + "}")
121-
@RolesAllowed(DELETE_ROLE)
122117
@Produces(MediaType.APPLICATION_XML)
123118
public void deleteAll(@PathParam(TYPE_PATH_PARAM) SclType type,
124119
@PathParam(ID_PATH_PARAM) UUID id) {
@@ -127,7 +122,6 @@ public void deleteAll(@PathParam(TYPE_PATH_PARAM) SclType type,
127122

128123
@DELETE
129124
@Path("/{" + ID_PATH_PARAM + "}/{" + VERSION_PATH_PARAM + "}")
130-
@RolesAllowed(DELETE_ROLE)
131125
@Produces(MediaType.APPLICATION_XML)
132126
public void deleteVersion(@PathParam(TYPE_PATH_PARAM) SclType type,
133127
@PathParam(ID_PATH_PARAM) UUID id,

app/src/main/resources/application.properties

Lines changed: 137 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -10,18 +10,147 @@ quarkus.log.level = INFO
1010
quarkus.log.category."org.lfenergy.compas.scl.data".level = INFO
1111

1212
# BaseX configuration
13-
basex.host = ${BASEX_HOST:localhost}
14-
basex.port = ${BASEX_PORT:1984}
15-
basex.username = ${BASEX_USERNAME:admin}
16-
basex.password = ${BASEX_PASSWORD:admin}
13+
basex.host = ${BASEX_HOST:localhost}
14+
basex.port = ${BASEX_PORT:1984}
15+
basex.username = ${BASEX_USERNAME:admin}
16+
basex.password = ${BASEX_PASSWORD:admin}
1717

1818
# Dev Profile overrides.
19-
%dev.quarkus.http.port = 9090
20-
%dev.quarkus.http.cors = true
19+
%dev.quarkus.http.port = 9090
20+
%dev.quarkus.http.cors = true
2121

2222
%dev.quarkus.log.level = DEBUG
2323
%dev.quarkus.log.category."org.lfenergy.compas.scl.data".level = DEBUG
2424

2525
# Open ID Connect
26-
quarkus.oidc.auth-server-url = http://${KEYCLOAK_HOST:localhost}:${KEYCLOAK_PORT:8080}/auth/realms/${KEYCLOAK_REALM:compas}
27-
quarkus.oidc.client-id = scl-data-service
26+
quarkus.oidc.auth-server-url = ${AUTH_SERVER_URL:http://localhost:8080/auth/realms/compas}
27+
quarkus.oidc.client-id = ${AUTH_CLIENT_ID:scl-data-service}
28+
quarkus.oidc.application-type = service
29+
30+
quarkus.http.auth.permission.deny-default.paths=/*
31+
quarkus.http.auth.permission.deny-default.policy=deny
32+
33+
quarkus.http.auth.permission.allow-quarkus-services.paths=/compas-scl-data-service/q/health/live,/compas-scl-data-service/q/health/ready,/compas-scl-data-service/q/openapi
34+
quarkus.http.auth.permission.allow-quarkus-services.policy=permit
35+
36+
quarkus.http.auth.permission.common.paths=/compas-scl-data-service/common/v1/*
37+
quarkus.http.auth.permission.common.policy=authenticated
38+
39+
quarkus.http.auth.policy.SSD_READ.roles-allowed=SSD_READ
40+
quarkus.http.auth.permission.SSD_READ_GET.paths=/compas-scl-data-service/scl/v1/SSD/*
41+
quarkus.http.auth.permission.SSD_READ_GET.policy=SSD_READ
42+
quarkus.http.auth.permission.SSD_READ_GET.methods=GET
43+
quarkus.http.auth.policy.SSD_CREATE.roles-allowed=SSD_CREATE
44+
quarkus.http.auth.permission.SSD_CREATE_POST.paths=/compas-scl-data-service/scl/v1/SSD
45+
quarkus.http.auth.permission.SSD_CREATE_POST.policy=SSD_CREATE
46+
quarkus.http.auth.permission.SSD_CREATE_POST.methods=POST
47+
quarkus.http.auth.policy.SSD_UPDATE.roles-allowed=SSD_UPDATE
48+
quarkus.http.auth.permission.SSD_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/SSD/*
49+
quarkus.http.auth.permission.SSD_UPDATE_PUT.policy=SSD_UPDATE
50+
quarkus.http.auth.permission.SSD_UPDATE_PUT.methods=PUT
51+
quarkus.http.auth.policy.SSD_DELETE.roles-allowed=SSD_DELETE
52+
quarkus.http.auth.permission.SSD_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/SSD/*
53+
quarkus.http.auth.permission.SSD_DELETE_DELETE.policy=SSD_DELETE
54+
quarkus.http.auth.permission.SSD_DELETE_DELETE.methods=DELETE
55+
56+
quarkus.http.auth.policy.IID_READ.roles-allowed=IID_READ
57+
quarkus.http.auth.permission.IID_READ_GET.paths=/compas-scl-data-service/scl/v1/IID/*
58+
quarkus.http.auth.permission.IID_READ_GET.policy=IID_READ
59+
quarkus.http.auth.permission.IID_READ_GET.methods=GET
60+
quarkus.http.auth.policy.IID_CREATE.roles-allowed=IID_CREATE
61+
quarkus.http.auth.permission.IID_CREATE_POST.paths=/compas-scl-data-service/scl/v1/IID
62+
quarkus.http.auth.permission.IID_CREATE_POST.policy=IID_CREATE
63+
quarkus.http.auth.permission.IID_CREATE_POST.methods=POST
64+
quarkus.http.auth.policy.IID_UPDATE.roles-allowed=IID_UPDATE
65+
quarkus.http.auth.permission.IID_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/IID/*
66+
quarkus.http.auth.permission.IID_UPDATE_PUT.policy=IID_UPDATE
67+
quarkus.http.auth.permission.IID_UPDATE_PUT.methods=PUT
68+
quarkus.http.auth.policy.IID_DELETE.roles-allowed=IID_DELETE
69+
quarkus.http.auth.permission.IID_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/IID/*
70+
quarkus.http.auth.permission.IID_DELETE_DELETE.policy=IID_DELETE
71+
quarkus.http.auth.permission.IID_DELETE_DELETE.methods=DELETE
72+
73+
quarkus.http.auth.policy.ICD_READ.roles-allowed=ICD_READ
74+
quarkus.http.auth.permission.ICD_READ_GET.paths=/compas-scl-data-service/scl/v1/ICD/*
75+
quarkus.http.auth.permission.ICD_READ_GET.policy=ICD_READ
76+
quarkus.http.auth.permission.ICD_READ_GET.methods=GET
77+
quarkus.http.auth.policy.ICD_CREATE.roles-allowed=ICD_CREATE
78+
quarkus.http.auth.permission.ICD_CREATE_POST.paths=/compas-scl-data-service/scl/v1/ICD
79+
quarkus.http.auth.permission.ICD_CREATE_POST.policy=ICD_CREATE
80+
quarkus.http.auth.permission.ICD_CREATE_POST.methods=POST
81+
quarkus.http.auth.policy.ICD_UPDATE.roles-allowed=ICD_UPDATE
82+
quarkus.http.auth.permission.ICD_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/ICD/*
83+
quarkus.http.auth.permission.ICD_UPDATE_PUT.policy=ICD_UPDATE
84+
quarkus.http.auth.permission.ICD_UPDATE_PUT.methods=PUT
85+
quarkus.http.auth.policy.ICD_DELETE.roles-allowed=ICD_DELETE
86+
quarkus.http.auth.permission.ICD_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/ICD/*
87+
quarkus.http.auth.permission.ICD_DELETE_DELETE.policy=ICD_DELETE
88+
quarkus.http.auth.permission.ICD_DELETE_DELETE.methods=DELETE
89+
90+
quarkus.http.auth.policy.SCD_READ.roles-allowed=SCD_READ
91+
quarkus.http.auth.permission.SCD_READ_GET.paths=/compas-scl-data-service/scl/v1/SCD/*
92+
quarkus.http.auth.permission.SCD_READ_GET.policy=SCD_READ
93+
quarkus.http.auth.permission.SCD_READ_GET.methods=GET
94+
quarkus.http.auth.policy.SCD_CREATE.roles-allowed=SCD_CREATE
95+
quarkus.http.auth.permission.SCD_CREATE_POST.paths=/compas-scl-data-service/scl/v1/SCD
96+
quarkus.http.auth.permission.SCD_CREATE_POST.policy=SCD_CREATE
97+
quarkus.http.auth.permission.SCD_CREATE_POST.methods=POST
98+
quarkus.http.auth.policy.SCD_UPDATE.roles-allowed=SCD_UPDATE
99+
quarkus.http.auth.permission.SCD_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/SCD/*
100+
quarkus.http.auth.permission.SCD_UPDATE_PUT.policy=SCD_UPDATE
101+
quarkus.http.auth.permission.SCD_UPDATE_PUT.methods=PUT
102+
quarkus.http.auth.policy.SCD_DELETE.roles-allowed=SCD_DELETE
103+
quarkus.http.auth.permission.SCD_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/SCD/*
104+
quarkus.http.auth.permission.SCD_DELETE_DELETE.policy=SCD_DELETE
105+
quarkus.http.auth.permission.SCD_DELETE_DELETE.methods=DELETE
106+
107+
quarkus.http.auth.policy.CID_READ.roles-allowed=CID_READ
108+
quarkus.http.auth.permission.CID_READ_GET.paths=/compas-scl-data-service/scl/v1/CID/*
109+
quarkus.http.auth.permission.CID_READ_GET.policy=CID_READ
110+
quarkus.http.auth.permission.CID_READ_GET.methods=GET
111+
quarkus.http.auth.policy.CID_CREATE.roles-allowed=CID_CREATE
112+
quarkus.http.auth.permission.CID_CREATE_POST.paths=/compas-scl-data-service/scl/v1/CID
113+
quarkus.http.auth.permission.CID_CREATE_POST.policy=CID_CREATE
114+
quarkus.http.auth.permission.CID_CREATE_POST.methods=POST
115+
quarkus.http.auth.policy.CID_UPDATE.roles-allowed=CID_UPDATE
116+
quarkus.http.auth.permission.CID_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/CID/*
117+
quarkus.http.auth.permission.CID_UPDATE_PUT.policy=CID_UPDATE
118+
quarkus.http.auth.permission.CID_UPDATE_PUT.methods=PUT
119+
quarkus.http.auth.policy.CID_DELETE.roles-allowed=CID_DELETE
120+
quarkus.http.auth.permission.CID_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/CID/*
121+
quarkus.http.auth.permission.CID_DELETE_DELETE.policy=CID_DELETE
122+
quarkus.http.auth.permission.CID_DELETE_DELETE.methods=DELETE
123+
124+
quarkus.http.auth.policy.SED_READ.roles-allowed=SED_READ
125+
quarkus.http.auth.permission.SED_READ_GET.paths=/compas-scl-data-service/scl/v1/SED/*
126+
quarkus.http.auth.permission.SED_READ_GET.policy=SED_READ
127+
quarkus.http.auth.permission.SED_READ_GET.methods=GET
128+
quarkus.http.auth.policy.SED_CREATE.roles-allowed=SED_CREATE
129+
quarkus.http.auth.permission.SED_CREATE_POST.paths=/compas-scl-data-service/scl/v1/SED
130+
quarkus.http.auth.permission.SED_CREATE_POST.policy=SED_CREATE
131+
quarkus.http.auth.permission.SED_CREATE_POST.methods=POST
132+
quarkus.http.auth.policy.SED_UPDATE.roles-allowed=SED_UPDATE
133+
quarkus.http.auth.permission.SED_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/SED/*
134+
quarkus.http.auth.permission.SED_UPDATE_PUT.policy=SED_UPDATE
135+
quarkus.http.auth.permission.SED_UPDATE_PUT.methods=PUT
136+
quarkus.http.auth.policy.SED_DELETE.roles-allowed=SED_DELETE
137+
quarkus.http.auth.permission.SED_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/SED/*
138+
quarkus.http.auth.permission.SED_DELETE_DELETE.policy=SED_DELETE
139+
quarkus.http.auth.permission.SED_DELETE_DELETE.methods=DELETE
140+
141+
quarkus.http.auth.policy.ISD_READ.roles-allowed=ISD_READ
142+
quarkus.http.auth.permission.ISD_READ_GET.paths=/compas-scl-data-service/scl/v1/ISD/*
143+
quarkus.http.auth.permission.ISD_READ_GET.policy=ISD_READ
144+
quarkus.http.auth.permission.ISD_READ_GET.methods=GET
145+
quarkus.http.auth.policy.ISD_CREATE.roles-allowed=ISD_CREATE
146+
quarkus.http.auth.permission.ISD_CREATE_POST.paths=/compas-scl-data-service/scl/v1/ISD
147+
quarkus.http.auth.permission.ISD_CREATE_POST.policy=ISD_CREATE
148+
quarkus.http.auth.permission.ISD_CREATE_POST.methods=POST
149+
quarkus.http.auth.policy.ISD_UPDATE.roles-allowed=ISD_UPDATE
150+
quarkus.http.auth.permission.ISD_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/ISD/*
151+
quarkus.http.auth.permission.ISD_UPDATE_PUT.policy=ISD_UPDATE
152+
quarkus.http.auth.permission.ISD_UPDATE_PUT.methods=PUT
153+
quarkus.http.auth.policy.ISD_DELETE.roles-allowed=ISD_DELETE
154+
quarkus.http.auth.permission.ISD_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/ISD/*
155+
quarkus.http.auth.permission.ISD_DELETE_DELETE.policy=ISD_DELETE
156+
quarkus.http.auth.permission.ISD_DELETE_DELETE.methods=DELETE

app/src/test/java/org/lfenergy/compas/scl/data/rest/v1/CompasCommonResourceTest.java

Lines changed: 40 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,6 @@
77
import io.quarkus.test.junit.QuarkusTest;
88
import io.quarkus.test.security.TestSecurity;
99
import org.junit.jupiter.api.Test;
10-
import org.lfenergy.compas.scl.data.model.SclType;
1110

1211
import static io.restassured.RestAssured.given;
1312
import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -17,8 +16,8 @@
1716
@TestHTTPEndpoint(CompasCommonResource.class)
1817
class CompasCommonResourceTest {
1918
@Test
20-
@TestSecurity(user = "test-user", roles = {READ_ROLE})
21-
void list_WhenCalled_ThenItemResponseRetrieved() {
19+
@TestSecurity(user = "test-user", roles = {"IID_" + READ_ROLE, "SCD_" + READ_ROLE})
20+
void list_WhenCalledWithMultipleReadRights_ThenMultipleItemResponseRetrieved() {
2221
var response = given()
2322
.when().get("/type/list")
2423
.then()
@@ -27,6 +26,43 @@ void list_WhenCalled_ThenItemResponseRetrieved() {
2726
.response();
2827

2928
var xmlPath = response.xmlPath();
30-
assertEquals(SclType.values().length, xmlPath.getList("TypeListResponse.Type").size());
29+
// User has read rights for 2 types, so these types are returned.
30+
var sclTypes = xmlPath.getList("TypeListResponse.Type.Code");
31+
assertEquals(2, sclTypes.size());
32+
assertEquals("IID", sclTypes.get(0));
33+
assertEquals("SCD", sclTypes.get(1));
34+
}
35+
36+
@Test
37+
@TestSecurity(user = "test-user", roles = {"SCD_" + READ_ROLE})
38+
void list_WhenCalledWithOneReadRights_ThenOneItemResponseRetrieved() {
39+
var response = given()
40+
.when().get("/type/list")
41+
.then()
42+
.statusCode(200)
43+
.extract()
44+
.response();
45+
46+
var xmlPath = response.xmlPath();
47+
// User has read rights for 2 types, so these types are returned.
48+
var sclTypes = xmlPath.getList("TypeListResponse.Type.Code");
49+
assertEquals(1, sclTypes.size());
50+
assertEquals("SCD", sclTypes.get(0));
51+
}
52+
53+
@Test
54+
@TestSecurity(user = "test-user")
55+
void list_WhenCalledWithNoReadRights_ThenNoItemResponseRetrieved() {
56+
var response = given()
57+
.when().get("/type/list")
58+
.then()
59+
.statusCode(200)
60+
.extract()
61+
.response();
62+
63+
var xmlPath = response.xmlPath();
64+
// User has read rights for 2 types, so these types are returned.
65+
var sclTypes = xmlPath.getList("TypeListResponse.Type.Code");
66+
assertEquals(0, sclTypes.size());
3167
}
3268
}

0 commit comments

Comments
 (0)