Merge pull request #61 from com-pas/develop

Merge Develop to Main (for release)

Author: Dennis Labordus

app/pom.xml

@@ -81,6 +81,10 @@ SPDX-License-Identifier: Apache-2.0
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-hibernate-validator</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-oidc</artifactId>
+        </dependency>
 
         <!-- Test Dependencies -->
         <dependency>
@@ -98,6 +102,11 @@ SPDX-License-Identifier: Apache-2.0
             <artifactId>rest-assured</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-test-security-oidc</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-jacoco</artifactId>

app/src/main/java/org/lfenergy/compas/scl/data/rest/Constants.java

@@ -10,4 +10,9 @@ private Constants() {
     public static final String TYPE_PATH_PARAM = "type";
     public static final String ID_PATH_PARAM = "id";
     public static final String VERSION_PATH_PARAM = "version";
+
+    public static final String READ_ROLE = "READ";
+    public static final String CREATE_ROLE = "CREATE";
+    public static final String UPDATE_ROLE = "UPDATE";
+    public static final String DELETE_ROLE = "DELETE";
 }

app/src/main/java/org/lfenergy/compas/scl/data/rest/v1/CompasCommonResource.java

@@ -3,27 +3,45 @@
 // SPDX-License-Identifier: Apache-2.0
 package org.lfenergy.compas.scl.data.rest.v1;
 
+import io.quarkus.security.Authenticated;
+import io.quarkus.security.identity.SecurityIdentity;
 import org.lfenergy.compas.scl.data.model.SclType;
 import org.lfenergy.compas.scl.data.rest.v1.model.Type;
 import org.lfenergy.compas.scl.data.rest.v1.model.TypeListResponse;
 
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import java.util.Arrays;
+import java.util.Comparator;
 import java.util.stream.Collectors;
 
+import static org.lfenergy.compas.scl.data.rest.Constants.READ_ROLE;
+
+@Authenticated
+@RequestScoped
 @Path("/common/v1/")
 public class CompasCommonResource {
+    @Inject
+    SecurityIdentity securityIdentity;
+
     @GET
     @Path("/type/list")
     @Produces(MediaType.APPLICATION_XML)
     public TypeListResponse list() {
+        // Retrieve the roles the loggedin user has.
+        var roles = securityIdentity.getRoles();
+
         var response = new TypeListResponse();
         response.setTypes(
                 Arrays.stream(SclType.values())
+                        // Filter on the type the user has read rights.
+                        .filter(sclType -> roles.contains(sclType.name() + "_" + READ_ROLE))
                         .map(sclType -> new Type(sclType.name(), sclType.getDescription()))
+                        .sorted(Comparator.comparing(Type::getDescription))
                         .collect(Collectors.toList()));
         return response;
     }

app/src/main/java/org/lfenergy/compas/scl/data/rest/v1/CompasSclDataResource.java

@@ -3,12 +3,14 @@
 // SPDX-License-Identifier: Apache-2.0
 package org.lfenergy.compas.scl.data.rest.v1;
 
+import io.quarkus.security.Authenticated;
 import org.lfenergy.compas.core.commons.ElementConverter;
 import org.lfenergy.compas.scl.data.model.SclType;
 import org.lfenergy.compas.scl.data.model.Version;
 import org.lfenergy.compas.scl.data.rest.v1.model.*;
 import org.lfenergy.compas.scl.data.service.CompasSclDataService;
 
+import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.validation.Valid;
 import javax.ws.rs.*;
@@ -17,15 +19,18 @@
 
 import static org.lfenergy.compas.scl.data.rest.Constants.*;
 
+@Authenticated
+@RequestScoped
 @Path("/scl/v1/{" + TYPE_PATH_PARAM + "}")
 public class CompasSclDataResource {
-    private CompasSclDataService compasSclDataService;
-
-    private ElementConverter converter = new ElementConverter();
+    private final CompasSclDataService compasSclDataService;
+    private final ElementConverter converter;
 
     @Inject
-    public CompasSclDataResource(CompasSclDataService compasSclDataService) {
+    public CompasSclDataResource(CompasSclDataService compasSclDataService,
+                                 ElementConverter converter) {
         this.compasSclDataService = compasSclDataService;
+        this.converter = converter;
     }
 
     @POST

app/src/main/resources/application.properties

@@ -10,14 +10,147 @@ quarkus.log.level = INFO
 quarkus.log.category."org.lfenergy.compas.scl.data".level = INFO
 
 # BaseX configuration
-basex.host              = ${BASEX_HOST:localhost}
-basex.port              = ${BASEX_PORT:1984}
-basex.username          = ${BASEX_USERNAME:admin}
-basex.password          = ${BASEX_PASSWORD:admin}
+basex.host      = ${BASEX_HOST:localhost}
+basex.port      = ${BASEX_PORT:1984}
+basex.username  = ${BASEX_USERNAME:admin}
+basex.password  = ${BASEX_PASSWORD:admin}
 
 # Dev Profile overrides.
-%dev.quarkus.http.port      = 9090
-%dev.quarkus.http.cors      = true
+%dev.quarkus.http.port = 9090
+%dev.quarkus.http.cors = true
 
 %dev.quarkus.log.level = DEBUG
 %dev.quarkus.log.category."org.lfenergy.compas.scl.data".level = DEBUG
+
+# Open ID Connect
+quarkus.oidc.auth-server-url  = ${AUTH_SERVER_URL:http://localhost:8080/auth/realms/compas}
+quarkus.oidc.client-id        = ${AUTH_CLIENT_ID:scl-data-service}
+quarkus.oidc.application-type = service
+
+quarkus.http.auth.permission.deny-default.paths=/*
+quarkus.http.auth.permission.deny-default.policy=deny
+
+quarkus.http.auth.permission.allow-quarkus-services.paths=/compas-scl-data-service/q/health/live,/compas-scl-data-service/q/health/ready,/compas-scl-data-service/q/openapi
+quarkus.http.auth.permission.allow-quarkus-services.policy=permit
+
+quarkus.http.auth.permission.common.paths=/compas-scl-data-service/common/v1/*
+quarkus.http.auth.permission.common.policy=authenticated
+
+quarkus.http.auth.policy.SSD_READ.roles-allowed=SSD_READ
+quarkus.http.auth.permission.SSD_READ_GET.paths=/compas-scl-data-service/scl/v1/SSD/*
+quarkus.http.auth.permission.SSD_READ_GET.policy=SSD_READ
+quarkus.http.auth.permission.SSD_READ_GET.methods=GET
+quarkus.http.auth.policy.SSD_CREATE.roles-allowed=SSD_CREATE
+quarkus.http.auth.permission.SSD_CREATE_POST.paths=/compas-scl-data-service/scl/v1/SSD
+quarkus.http.auth.permission.SSD_CREATE_POST.policy=SSD_CREATE
+quarkus.http.auth.permission.SSD_CREATE_POST.methods=POST
+quarkus.http.auth.policy.SSD_UPDATE.roles-allowed=SSD_UPDATE
+quarkus.http.auth.permission.SSD_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/SSD/*
+quarkus.http.auth.permission.SSD_UPDATE_PUT.policy=SSD_UPDATE
+quarkus.http.auth.permission.SSD_UPDATE_PUT.methods=PUT
+quarkus.http.auth.policy.SSD_DELETE.roles-allowed=SSD_DELETE
+quarkus.http.auth.permission.SSD_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/SSD/*
+quarkus.http.auth.permission.SSD_DELETE_DELETE.policy=SSD_DELETE
+quarkus.http.auth.permission.SSD_DELETE_DELETE.methods=DELETE
+
+quarkus.http.auth.policy.IID_READ.roles-allowed=IID_READ
+quarkus.http.auth.permission.IID_READ_GET.paths=/compas-scl-data-service/scl/v1/IID/*
+quarkus.http.auth.permission.IID_READ_GET.policy=IID_READ
+quarkus.http.auth.permission.IID_READ_GET.methods=GET
+quarkus.http.auth.policy.IID_CREATE.roles-allowed=IID_CREATE
+quarkus.http.auth.permission.IID_CREATE_POST.paths=/compas-scl-data-service/scl/v1/IID
+quarkus.http.auth.permission.IID_CREATE_POST.policy=IID_CREATE
+quarkus.http.auth.permission.IID_CREATE_POST.methods=POST
+quarkus.http.auth.policy.IID_UPDATE.roles-allowed=IID_UPDATE
+quarkus.http.auth.permission.IID_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/IID/*
+quarkus.http.auth.permission.IID_UPDATE_PUT.policy=IID_UPDATE
+quarkus.http.auth.permission.IID_UPDATE_PUT.methods=PUT
+quarkus.http.auth.policy.IID_DELETE.roles-allowed=IID_DELETE
+quarkus.http.auth.permission.IID_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/IID/*
+quarkus.http.auth.permission.IID_DELETE_DELETE.policy=IID_DELETE
+quarkus.http.auth.permission.IID_DELETE_DELETE.methods=DELETE
+
+quarkus.http.auth.policy.ICD_READ.roles-allowed=ICD_READ
+quarkus.http.auth.permission.ICD_READ_GET.paths=/compas-scl-data-service/scl/v1/ICD/*
+quarkus.http.auth.permission.ICD_READ_GET.policy=ICD_READ
+quarkus.http.auth.permission.ICD_READ_GET.methods=GET
+quarkus.http.auth.policy.ICD_CREATE.roles-allowed=ICD_CREATE
+quarkus.http.auth.permission.ICD_CREATE_POST.paths=/compas-scl-data-service/scl/v1/ICD
+quarkus.http.auth.permission.ICD_CREATE_POST.policy=ICD_CREATE
+quarkus.http.auth.permission.ICD_CREATE_POST.methods=POST
+quarkus.http.auth.policy.ICD_UPDATE.roles-allowed=ICD_UPDATE
+quarkus.http.auth.permission.ICD_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/ICD/*
+quarkus.http.auth.permission.ICD_UPDATE_PUT.policy=ICD_UPDATE
+quarkus.http.auth.permission.ICD_UPDATE_PUT.methods=PUT
+quarkus.http.auth.policy.ICD_DELETE.roles-allowed=ICD_DELETE
+quarkus.http.auth.permission.ICD_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/ICD/*
+quarkus.http.auth.permission.ICD_DELETE_DELETE.policy=ICD_DELETE
+quarkus.http.auth.permission.ICD_DELETE_DELETE.methods=DELETE
+
+quarkus.http.auth.policy.SCD_READ.roles-allowed=SCD_READ
+quarkus.http.auth.permission.SCD_READ_GET.paths=/compas-scl-data-service/scl/v1/SCD/*
+quarkus.http.auth.permission.SCD_READ_GET.policy=SCD_READ
+quarkus.http.auth.permission.SCD_READ_GET.methods=GET
+quarkus.http.auth.policy.SCD_CREATE.roles-allowed=SCD_CREATE
+quarkus.http.auth.permission.SCD_CREATE_POST.paths=/compas-scl-data-service/scl/v1/SCD
+quarkus.http.auth.permission.SCD_CREATE_POST.policy=SCD_CREATE
+quarkus.http.auth.permission.SCD_CREATE_POST.methods=POST
+quarkus.http.auth.policy.SCD_UPDATE.roles-allowed=SCD_UPDATE
+quarkus.http.auth.permission.SCD_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/SCD/*
+quarkus.http.auth.permission.SCD_UPDATE_PUT.policy=SCD_UPDATE
+quarkus.http.auth.permission.SCD_UPDATE_PUT.methods=PUT
+quarkus.http.auth.policy.SCD_DELETE.roles-allowed=SCD_DELETE
+quarkus.http.auth.permission.SCD_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/SCD/*
+quarkus.http.auth.permission.SCD_DELETE_DELETE.policy=SCD_DELETE
+quarkus.http.auth.permission.SCD_DELETE_DELETE.methods=DELETE
+
+quarkus.http.auth.policy.CID_READ.roles-allowed=CID_READ
+quarkus.http.auth.permission.CID_READ_GET.paths=/compas-scl-data-service/scl/v1/CID/*
+quarkus.http.auth.permission.CID_READ_GET.policy=CID_READ
+quarkus.http.auth.permission.CID_READ_GET.methods=GET
+quarkus.http.auth.policy.CID_CREATE.roles-allowed=CID_CREATE
+quarkus.http.auth.permission.CID_CREATE_POST.paths=/compas-scl-data-service/scl/v1/CID
+quarkus.http.auth.permission.CID_CREATE_POST.policy=CID_CREATE
+quarkus.http.auth.permission.CID_CREATE_POST.methods=POST
+quarkus.http.auth.policy.CID_UPDATE.roles-allowed=CID_UPDATE
+quarkus.http.auth.permission.CID_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/CID/*
+quarkus.http.auth.permission.CID_UPDATE_PUT.policy=CID_UPDATE
+quarkus.http.auth.permission.CID_UPDATE_PUT.methods=PUT
+quarkus.http.auth.policy.CID_DELETE.roles-allowed=CID_DELETE
+quarkus.http.auth.permission.CID_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/CID/*
+quarkus.http.auth.permission.CID_DELETE_DELETE.policy=CID_DELETE
+quarkus.http.auth.permission.CID_DELETE_DELETE.methods=DELETE
+
+quarkus.http.auth.policy.SED_READ.roles-allowed=SED_READ
+quarkus.http.auth.permission.SED_READ_GET.paths=/compas-scl-data-service/scl/v1/SED/*
+quarkus.http.auth.permission.SED_READ_GET.policy=SED_READ
+quarkus.http.auth.permission.SED_READ_GET.methods=GET
+quarkus.http.auth.policy.SED_CREATE.roles-allowed=SED_CREATE
+quarkus.http.auth.permission.SED_CREATE_POST.paths=/compas-scl-data-service/scl/v1/SED
+quarkus.http.auth.permission.SED_CREATE_POST.policy=SED_CREATE
+quarkus.http.auth.permission.SED_CREATE_POST.methods=POST
+quarkus.http.auth.policy.SED_UPDATE.roles-allowed=SED_UPDATE
+quarkus.http.auth.permission.SED_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/SED/*
+quarkus.http.auth.permission.SED_UPDATE_PUT.policy=SED_UPDATE
+quarkus.http.auth.permission.SED_UPDATE_PUT.methods=PUT
+quarkus.http.auth.policy.SED_DELETE.roles-allowed=SED_DELETE
+quarkus.http.auth.permission.SED_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/SED/*
+quarkus.http.auth.permission.SED_DELETE_DELETE.policy=SED_DELETE
+quarkus.http.auth.permission.SED_DELETE_DELETE.methods=DELETE
+
+quarkus.http.auth.policy.ISD_READ.roles-allowed=ISD_READ
+quarkus.http.auth.permission.ISD_READ_GET.paths=/compas-scl-data-service/scl/v1/ISD/*
+quarkus.http.auth.permission.ISD_READ_GET.policy=ISD_READ
+quarkus.http.auth.permission.ISD_READ_GET.methods=GET
+quarkus.http.auth.policy.ISD_CREATE.roles-allowed=ISD_CREATE
+quarkus.http.auth.permission.ISD_CREATE_POST.paths=/compas-scl-data-service/scl/v1/ISD
+quarkus.http.auth.permission.ISD_CREATE_POST.policy=ISD_CREATE
+quarkus.http.auth.permission.ISD_CREATE_POST.methods=POST
+quarkus.http.auth.policy.ISD_UPDATE.roles-allowed=ISD_UPDATE
+quarkus.http.auth.permission.ISD_UPDATE_PUT.paths=/compas-scl-data-service/scl/v1/ISD/*
+quarkus.http.auth.permission.ISD_UPDATE_PUT.policy=ISD_UPDATE
+quarkus.http.auth.permission.ISD_UPDATE_PUT.methods=PUT
+quarkus.http.auth.policy.ISD_DELETE.roles-allowed=ISD_DELETE
+quarkus.http.auth.permission.ISD_DELETE_DELETE.paths=/compas-scl-data-service/scl/v1/ISD/*
+quarkus.http.auth.permission.ISD_DELETE_DELETE.policy=ISD_DELETE
+quarkus.http.auth.permission.ISD_DELETE_DELETE.methods=DELETE

app/src/test/java/org/lfenergy/compas/scl/data/rest/v1/CompasCommonResourceTest.java

@@ -5,17 +5,19 @@
 
 import io.quarkus.test.common.http.TestHTTPEndpoint;
 import io.quarkus.test.junit.QuarkusTest;
+import io.quarkus.test.security.TestSecurity;
 import org.junit.jupiter.api.Test;
-import org.lfenergy.compas.scl.data.model.SclType;
 
 import static io.restassured.RestAssured.given;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.lfenergy.compas.scl.data.rest.Constants.READ_ROLE;
 
 @QuarkusTest
 @TestHTTPEndpoint(CompasCommonResource.class)
 class CompasCommonResourceTest {
     @Test
-    void list_WhenCalled_ThenItemResponseRetrieved() {
+    @TestSecurity(user = "test-user", roles = {"IID_" + READ_ROLE, "SCD_" + READ_ROLE})
+    void list_WhenCalledWithMultipleReadRights_ThenMultipleItemResponseRetrieved() {
         var response = given()
                 .when().get("/type/list")
                 .then()
@@ -24,6 +26,43 @@ void list_WhenCalled_ThenItemResponseRetrieved() {
                 .response();
 
         var xmlPath = response.xmlPath();
-        assertEquals(SclType.values().length, xmlPath.getList("TypeListResponse.Type").size());
+        // User has read rights for 2 types, so these types are returned.
+        var sclTypes = xmlPath.getList("TypeListResponse.Type.Code");
+        assertEquals(2, sclTypes.size());
+        assertEquals("IID", sclTypes.get(0));
+        assertEquals("SCD", sclTypes.get(1));
+    }
+
+    @Test
+    @TestSecurity(user = "test-user", roles = {"SCD_" + READ_ROLE})
+    void list_WhenCalledWithOneReadRights_ThenOneItemResponseRetrieved() {
+        var response = given()
+                .when().get("/type/list")
+                .then()
+                .statusCode(200)
+                .extract()
+                .response();
+
+        var xmlPath = response.xmlPath();
+        // User has read rights for 2 types, so these types are returned.
+        var sclTypes = xmlPath.getList("TypeListResponse.Type.Code");
+        assertEquals(1, sclTypes.size());
+        assertEquals("SCD", sclTypes.get(0));
+    }
+
+    @Test
+    @TestSecurity(user = "test-user")
+    void list_WhenCalledWithNoReadRights_ThenNoItemResponseRetrieved() {
+        var response = given()
+                .when().get("/type/list")
+                .then()
+                .statusCode(200)
+                .extract()
+                .response();
+
+        var xmlPath = response.xmlPath();
+        // User has read rights for 2 types, so these types are returned.
+        var sclTypes = xmlPath.getList("TypeListResponse.Type.Code");
+        assertEquals(0, sclTypes.size());
     }
 }

app/src/test/java/org/lfenergy/compas/scl/data/rest/v1/CompasSclDataResourceTest.java renamed to app/src/test/java/org/lfenergy/compas/scl/data/rest/v1/CompasSclDataResourceAsEditorTest.java

@@ -6,6 +6,7 @@
 import io.quarkus.test.common.http.TestHTTPEndpoint;
 import io.quarkus.test.junit.QuarkusTest;
 import io.quarkus.test.junit.mockito.InjectMock;
+import io.quarkus.test.security.TestSecurity;
 import io.restassured.http.ContentType;
 import org.junit.jupiter.api.Test;
 import org.lfenergy.compas.core.commons.ElementConverter;
@@ -32,7 +33,8 @@
 
 @QuarkusTest
 @TestHTTPEndpoint(CompasSclDataResource.class)
-class CompasSclDataResourceTest {
+@TestSecurity(user = "test-reader", roles = {"SCD_" + READ_ROLE, "SCD_" + CREATE_ROLE, "SCD_" + UPDATE_ROLE, "SCD_" + DELETE_ROLE})
+class CompasSclDataResourceAsEditorTest {
     @InjectMock
     private CompasSclDataService compasSclDataService;