Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

638 nbspimplmenter le nouveau mcanisme pour le module dataset cot back ajouter des tests si non prsent #720

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

638 nbspimplmenter le nouveau mcanisme pour le module dataset cot back ajouter des tests si non prsent #720

wants to merge 21 commits into from

Conversation

HugoBouttes
Copy link
Contributor

@HugoBouttes HugoBouttes linked an issue Aug 2, 2024 that may be closed by this pull request
 Implémenter le nouveau mécanisme pour le module DataSet coté Back (ajouter des tests si non présent) #638
Open
Fabrice B and others added 9 commits August 8, 2024 16:11
refactor (craft Rbac) WIP
180f095
@FBibonne
refactor(crat Rbac)
165c84d
@FBibonne
Merge branch 'main' into 638-nbspimplmenter-le-nouveau-mcanisme-pour-…
a92d84b 
…le-module-dataset-cot-back-ajouter-des-tests-si-non-prsent
@FBibonne
refactor(change conception of Rbac + fix tests)
86bfa48 
- Limit dependencies to userProvider to security layer
- Reduce dependency over deprecated class StampRestrictionServiceImpl
@FBibonne
refactor (rbac : architecture and tests)
31a83cf 
- less coupling
- more tests case for access control
- parametrized tests
fix (RBAC : Gestionnaire_ensemble_concepts_RMESGNCS has ALL strategy …
28d975d 
…for concepts) : #634 (comment)
feat (implement create rights stratey) :
eda4526 
- Un utilisateur avec la stratégie STAMP ne peut créer de ressource que pour son timbre
- Un utilisateur avec la stratégie ALL peut créer des ressources pour n'importe quel timbre
Merge branch 'main' into 638-nbspimplmenter-le-nouveau-mcanisme-pour-…
c39b260 
…le-module-dataset-cot-back-ajouter-des-tests-si-non-prsent
test (fix tests)
cab1235
FBibonne
FBibonne requested changes Aug 19, 2024
View reviewed changes
src/main/java/fr/insee/rmes/webservice/dataset/DatasetResources.java Outdated
@@ -19,6 +19,7 @@
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Import inutile

src/main/java/fr/insee/rmes/webservice/dataset/DatasetResources.java Outdated
@@ -38,28 +39,31 @@ public DatasetResources(DatasetService datasetService) {
this.datasetService = datasetService;
}

// @PreAuthorize("canReadDataset(#datasetId)")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

C'est bien l'annotation attendue. Pourquoi la commenter ?

src/main/java/fr/insee/rmes/webservice/dataset/DatasetResources.java Outdated
@GetMapping(produces = "application/json")
@Operation(operationId = "getDatasets", summary = "List of datasets",
responses = {@ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Dataset.class))))})
public String getDatasets() throws RmesException {
return this.datasetService.getDatasets();
}

// @PreAuthorize("canReadDataset(#datasetId)")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

C'est bien l'annotation attendue. Pourquoi la commenter ?

src/main/java/fr/insee/rmes/webservice/dataset/DatasetResources.java Outdated
@GetMapping(value = "/{id}", produces = "application/json")
@Operation(operationId = "getDataset", summary = "Get a dataset",
responses = {@ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Dataset.class))))})
public String getDataset(@PathVariable(Constants.ID) String id) throws RmesException {
return this.datasetService.getDatasetByID(id);
}

// @PreAuthorize("canReadDataset(#datasetId)")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

C'est bien l'annotation attendue. Pourquoi la commenter ?

...ee/rmes/bauhaus_services/accesscontrol/AuthorizationCheckerWithResourceOwnershipByStamp.java
}

@Override
public boolean userStampIsAuthorizedForResource(Module module, String id, Stamp stamp) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clarify names of modules (constants of enum Module) to fit with authorization methods of this class.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarCloud

@EmmanuelDemey
Copy link
Collaborator

@HugoBouttes what is the status of this PR ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FBibonne FBibonne FBibonne requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

 Implémenter le nouveau mécanisme pour le module DataSet coté Back (ajouter des tests si non présent)
3 participants
@HugoBouttes @EmmanuelDemey @FBibonne