diff --git a/src/main/kotlin/no/digdir/service_catalog/controller/PublicServiceController.kt b/src/main/kotlin/no/digdir/service_catalog/controller/PublicServiceController.kt index 39fda5e..c65538d 100644 --- a/src/main/kotlin/no/digdir/service_catalog/controller/PublicServiceController.kt +++ b/src/main/kotlin/no/digdir/service_catalog/controller/PublicServiceController.kt @@ -4,6 +4,7 @@ import no.digdir.service_catalog.model.PublicService import no.digdir.service_catalog.security.EndpointPermissions import no.digdir.service_catalog.service.PublicServiceService import org.springframework.http.HttpStatus +import org.springframework.http.MediaType import org.springframework.http.ResponseEntity import org.springframework.security.core.annotation.AuthenticationPrincipal import org.springframework.security.oauth2.jwt.Jwt @@ -25,4 +26,17 @@ class PublicServiceController(private val publicServiceService: PublicServiceSer } else { ResponseEntity(HttpStatus.FORBIDDEN) } + + @GetMapping(value = [ "/{id}"], produces = [MediaType.APPLICATION_JSON_VALUE]) + fun getPublicServiceById( + @AuthenticationPrincipal jwt: Jwt, + @PathVariable catalogId: String, + @PathVariable id: String): ResponseEntity = + if (endpointPermissions.hasOrgReadPermission(jwt, catalogId)) { + publicServiceService.findPublicServiceById(id, catalogId) + ?.let { ResponseEntity(it, HttpStatus.OK) } + ?: ResponseEntity(HttpStatus.NOT_FOUND) + } else { + ResponseEntity(HttpStatus.FORBIDDEN) + } } diff --git a/src/main/kotlin/no/digdir/service_catalog/service/PublicServiceService.kt b/src/main/kotlin/no/digdir/service_catalog/service/PublicServiceService.kt index 1d6537c..4f55801 100644 --- a/src/main/kotlin/no/digdir/service_catalog/service/PublicServiceService.kt +++ b/src/main/kotlin/no/digdir/service_catalog/service/PublicServiceService.kt @@ -1,10 +1,17 @@ package no.digdir.service_catalog.service +import no.digdir.service_catalog.model.PublicService import no.digdir.service_catalog.mongodb.PublicServiceRepository +import org.springframework.data.repository.findByIdOrNull import org.springframework.stereotype.Service @Service class PublicServiceService(private val publicServiceRepository: PublicServiceRepository) { fun findPublicServicesByCatalogId(catalogId: String) = publicServiceRepository.getByCatalogId(catalogId) + + fun findPublicServiceById(id: String, catalogId: String) = + publicServiceRepository.findByIdOrNull(id)?.takeIf { + it.catalogId === catalogId + } } diff --git a/src/test/kotlin/no/digdir/service_catalog/integration/PublicServices.kt b/src/test/kotlin/no/digdir/service_catalog/integration/PublicServices.kt index ae17e30..8613362 100644 --- a/src/test/kotlin/no/digdir/service_catalog/integration/PublicServices.kt +++ b/src/test/kotlin/no/digdir/service_catalog/integration/PublicServices.kt @@ -5,6 +5,7 @@ import com.fasterxml.jackson.module.kotlin.readValue import no.digdir.service_catalog.model.PublicService import no.digdir.service_catalog.utils.ApiTestContext import no.digdir.service_catalog.utils.PUBLIC_SERVICES +import no.digdir.service_catalog.utils.PUBLIC_SERVICE_1 import no.digdir.service_catalog.utils.apiAuthorizedRequest import no.digdir.service_catalog.utils.jwt.Access import no.digdir.service_catalog.utils.jwt.JwtToken @@ -27,7 +28,12 @@ class PublicServices: ApiTestContext() { @Test fun `able to get all public services`() { - val response = apiAuthorizedRequest("/catalogs/910244132/public-services", port, null, JwtToken(Access.ORG_READ).toString(), "GET") + val response = apiAuthorizedRequest( + "/catalogs/910244132/public-services", + port, + null, + JwtToken(Access.ORG_READ).toString(), + "GET") Assertions.assertEquals(HttpStatus.OK.value(), response["status"]) val result: List = mapper.readValue(response["body"] as String) @@ -36,13 +42,47 @@ class PublicServices: ApiTestContext() { @Test fun `unauthorized when missing token`() { - val response = apiAuthorizedRequest("/catalogs/910244132/public-services", port, null, null, "GET") + val response = apiAuthorizedRequest( + "/catalogs/910244132/public-services", + port, + null, + null, + "GET") Assertions.assertEquals(HttpStatus.UNAUTHORIZED.value(), response["status"]) } @Test fun `forbidden when authorized for other catalog`() { - val response = apiAuthorizedRequest("/catalogs/910244132/public-services", port, null, JwtToken(Access.WRONG_ORG_READ).toString(), "GET") + val response = apiAuthorizedRequest( + "/catalogs/910244132/public-services", + port, + null, + JwtToken(Access.WRONG_ORG_READ).toString(), + "GET") Assertions.assertEquals(HttpStatus.FORBIDDEN.value(), response["status"]) } + + @Test + fun `able to get public service by id`() { + val response = apiAuthorizedRequest( + "/catalogs/910244132/public-services/1", + port, + null, + JwtToken(Access.ORG_READ).toString(), + "GET") + Assertions.assertEquals(HttpStatus.OK.value(), response["status"]) + val result: PublicService = mapper.readValue(response["body"] as String) + Assertions.assertEquals(PUBLIC_SERVICE_1, result) + } + + @Test + fun `receive not found when public service is not found`() { + val response = apiAuthorizedRequest( + "/catalogs/910244132/public-services/1000", + port, + null, + JwtToken(Access.ORG_READ).toString(), + "GET") + Assertions.assertEquals(HttpStatus.NOT_FOUND.value(), response["status"]) + } } diff --git a/src/test/kotlin/no/digdir/service_catalog/utils/TestUtils.kt b/src/test/kotlin/no/digdir/service_catalog/utils/TestUtils.kt index 8278ce3..a26bc03 100644 --- a/src/test/kotlin/no/digdir/service_catalog/utils/TestUtils.kt +++ b/src/test/kotlin/no/digdir/service_catalog/utils/TestUtils.kt @@ -78,4 +78,4 @@ fun apiAuthorizedRequest(path: String, port: Int, body: String?, token: String?, "body" to " " ) } -} \ No newline at end of file +}