From 8d25a88a746aa009a251653b8bb584685f492dba Mon Sep 17 00:00:00 2001 From: Angel Montenegro Date: Fri, 1 Mar 2024 12:03:50 -0600 Subject: [PATCH] Deactivated should return409 on public and member api (#7004) * Deactivated records should get 409 on GET requests * API 2.0 and 2.1 and also Public API * Fix unit tests --- ...berV2ApiServiceVersionedDelegatorImpl.java | 11 +-- ...berV2ApiServiceVersionedDelegatorTest.java | 99 +++++++++++++++++-- ...licV2ApiServiceVersionedDelegatorImpl.java | 7 +- .../impl/PublicV3ApiServiceDelegatorImpl.java | 9 +- .../PublicV2ApiServiceDelegatorTest.java | 5 +- ...licV2ApiServiceVersionedDelegatorTest.java | 99 ++++++++++++++++++- 6 files changed, 193 insertions(+), 37 deletions(-) diff --git a/orcid-api-web/src/main/java/org/orcid/api/memberV2/server/delegator/impl/MemberV2ApiServiceVersionedDelegatorImpl.java b/orcid-api-web/src/main/java/org/orcid/api/memberV2/server/delegator/impl/MemberV2ApiServiceVersionedDelegatorImpl.java index fbbb652e435..af564945d77 100644 --- a/orcid-api-web/src/main/java/org/orcid/api/memberV2/server/delegator/impl/MemberV2ApiServiceVersionedDelegatorImpl.java +++ b/orcid-api-web/src/main/java/org/orcid/api/memberV2/server/delegator/impl/MemberV2ApiServiceVersionedDelegatorImpl.java @@ -10,7 +10,6 @@ import org.orcid.api.common.jaxb.OrcidValidationJaxbContextResolver; import org.orcid.api.memberV2.server.delegator.MemberV2ApiServiceDelegator; -import org.orcid.core.exception.DeactivatedException; import org.orcid.core.exception.OrcidCoreExceptionMapper; import org.orcid.core.manager.OrcidSearchManager; import org.orcid.core.manager.OrcidSecurityManager; @@ -602,15 +601,7 @@ private Object downgradeObject(Object entity) { } private void checkProfileStatus(String orcid, boolean readOperation) { - try { - orcidSecurityManager.checkProfile(orcid); - } catch (DeactivatedException e) { - // If it is a read operation, ignore the deactivated status since we - // are going to return the empty element with the deactivation date - if (!readOperation) { - throw e; - } - } + orcidSecurityManager.checkProfile(orcid); } } \ No newline at end of file diff --git a/orcid-api-web/src/test/java/org/orcid/api/memberV2/server/delegator/MemberV2ApiServiceVersionedDelegatorTest.java b/orcid-api-web/src/test/java/org/orcid/api/memberV2/server/delegator/MemberV2ApiServiceVersionedDelegatorTest.java index dd31dba60dd..afa70666fc3 100644 --- a/orcid-api-web/src/test/java/org/orcid/api/memberV2/server/delegator/MemberV2ApiServiceVersionedDelegatorTest.java +++ b/orcid-api-web/src/test/java/org/orcid/api/memberV2/server/delegator/MemberV2ApiServiceVersionedDelegatorTest.java @@ -1692,29 +1692,114 @@ public void test2_1() { person.getResearcherUrls().getResearcherUrls().forEach(e -> assertSourceElement(e, true)); } } - + /** * Deactivated elements tests - * */ - @Test - public void testViewDeactivatedRecordDontThrowError() { - SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); + */ + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewActivities() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewActivities(deactivatedUserOrcid); - serviceDelegator.viewRecord(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewRecord() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); + serviceDelegator.viewRecord(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewPerson() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewPerson(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewAddresses() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewAddresses(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewEducations() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewEducations(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewEmails() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewEmails(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewEmployments() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewEmployments(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewExternalIdentifiers() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewExternalIdentifiers(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewFundings() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewFundings(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewKeywords() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewKeywords(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewOtherNames() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewOtherNames(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewPeerReviews() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewPeerReviews(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewPersonalDetails() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewPersonalDetails(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewResearcherUrls() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewResearcherUrls(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewWorks() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewWorks(deactivatedUserOrcid); - } + fail(); + } @Test(expected = DeactivatedException.class) public void testDeactivatedRecordCreateWork() { diff --git a/orcid-pub-web/src/main/java/org/orcid/api/publicV2/server/delegator/impl/PublicV2ApiServiceVersionedDelegatorImpl.java b/orcid-pub-web/src/main/java/org/orcid/api/publicV2/server/delegator/impl/PublicV2ApiServiceVersionedDelegatorImpl.java index ebb03f3da87..f7aa0bbc8e5 100644 --- a/orcid-pub-web/src/main/java/org/orcid/api/publicV2/server/delegator/impl/PublicV2ApiServiceVersionedDelegatorImpl.java +++ b/orcid-pub-web/src/main/java/org/orcid/api/publicV2/server/delegator/impl/PublicV2ApiServiceVersionedDelegatorImpl.java @@ -7,7 +7,6 @@ import javax.ws.rs.core.Response; import org.orcid.api.publicV2.server.delegator.PublicV2ApiServiceDelegator; -import org.orcid.core.exception.DeactivatedException; import org.orcid.core.manager.OrcidSecurityManager; import org.orcid.core.manager.ProfileEntityCacheManager; import org.orcid.core.version.V2Convertible; @@ -282,11 +281,7 @@ private Response downgradeResponse(Response response) { } private void checkProfileStatus(String orcid) { - try { - orcidSecurityManager.checkProfile(orcid); - } catch(DeactivatedException e) { - // Ignore the DeactivatedException since we should be able to return the empty element - } + orcidSecurityManager.checkProfile(orcid); } @SuppressWarnings({ "rawtypes", "unchecked" }) diff --git a/orcid-pub-web/src/main/java/org/orcid/api/publicV3/server/delegator/impl/PublicV3ApiServiceDelegatorImpl.java b/orcid-pub-web/src/main/java/org/orcid/api/publicV3/server/delegator/impl/PublicV3ApiServiceDelegatorImpl.java index dc6e08ee382..783c9db5272 100644 --- a/orcid-pub-web/src/main/java/org/orcid/api/publicV3/server/delegator/impl/PublicV3ApiServiceDelegatorImpl.java +++ b/orcid-pub-web/src/main/java/org/orcid/api/publicV3/server/delegator/impl/PublicV3ApiServiceDelegatorImpl.java @@ -1,7 +1,5 @@ package org.orcid.api.publicV3.server.delegator.impl; -import static org.orcid.core.api.OrcidApiConstants.STATUS_OK_MESSAGE; - import java.util.ArrayList; import java.util.Arrays; import java.util.Iterator; @@ -17,7 +15,6 @@ import org.orcid.api.common.writer.citeproc.V3WorkToCiteprocTranslator; import org.orcid.api.publicV3.server.delegator.PublicV3ApiServiceDelegator; import org.orcid.api.publicV3.server.security.PublicAPISecurityManagerV3; -import org.orcid.core.exception.DeactivatedException; import org.orcid.core.exception.OrcidBadRequestException; import org.orcid.core.exception.OrcidNoResultException; import org.orcid.core.exception.SearchStartParameterLimitExceededException; @@ -927,11 +924,7 @@ public Response viewServiceSummary(String orcid, Long putCode) { } private void checkProfileStatus(String orcid) { - try { - orcidSecurityManager.checkProfile(orcid); - } catch(DeactivatedException e) { - // Ignore the DeactivatedException since we should be able to return the empty element - } + orcidSecurityManager.checkProfile(orcid); } @Override diff --git a/orcid-pub-web/src/test/java/org/orcid/api/publicV2/server/PublicV2ApiServiceDelegatorTest.java b/orcid-pub-web/src/test/java/org/orcid/api/publicV2/server/PublicV2ApiServiceDelegatorTest.java index 5440409f162..c29e07a5684 100644 --- a/orcid-pub-web/src/test/java/org/orcid/api/publicV2/server/PublicV2ApiServiceDelegatorTest.java +++ b/orcid-pub-web/src/test/java/org/orcid/api/publicV2/server/PublicV2ApiServiceDelegatorTest.java @@ -34,6 +34,7 @@ import org.orcid.api.publicV2.server.delegator.PublicV2ApiServiceDelegator; import org.orcid.api.publicV2.server.delegator.impl.PublicV2ApiServiceDelegatorImpl; import org.orcid.core.api.OrcidApiConstants; +import org.orcid.core.exception.DeactivatedException; import org.orcid.core.exception.OrcidBadRequestException; import org.orcid.core.exception.OrcidNonPublicElementException; import org.orcid.core.exception.SearchStartParameterLimitExceededException; @@ -113,7 +114,8 @@ public class PublicV2ApiServiceDelegatorTest extends DBUnitTest { "/data/PeerReviewEntityData.xml", "/data/BiographyEntityData.xml", "/data/RecordNameEntityData.xml"); private final String ORCID = "0000-0000-0000-0003"; - + private String deactivatedUserOrcid = "0000-0000-0000-0007"; + @Resource(name = "publicV2ApiServiceDelegator") PublicV2ApiServiceDelegator serviceDelegator; @@ -1517,4 +1519,5 @@ public void testSchemaOrgMBWriterV2() throws WebApplicationException, IOExceptio assertEquals("self_public_user_obo_type",doc.identifier.get(0).propertyID); assertEquals( "self_public_user_obo_ref",doc.identifier.get(0).value); } + } diff --git a/orcid-pub-web/src/test/java/org/orcid/api/publicV2/server/PublicV2ApiServiceVersionedDelegatorTest.java b/orcid-pub-web/src/test/java/org/orcid/api/publicV2/server/PublicV2ApiServiceVersionedDelegatorTest.java index 1962ae3e75b..2557b64cd25 100644 --- a/orcid-pub-web/src/test/java/org/orcid/api/publicV2/server/PublicV2ApiServiceVersionedDelegatorTest.java +++ b/orcid-pub-web/src/test/java/org/orcid/api/publicV2/server/PublicV2ApiServiceVersionedDelegatorTest.java @@ -28,15 +28,18 @@ import org.mockito.Mockito; import org.mockito.MockitoAnnotations; import org.orcid.api.publicV2.server.delegator.PublicV2ApiServiceDelegator; +import org.orcid.core.exception.DeactivatedException; import org.orcid.core.exception.LockedException; import org.orcid.core.exception.OrcidDeprecatedException; import org.orcid.core.exception.OrcidNoBioException; import org.orcid.core.exception.OrcidNoResultException; import org.orcid.core.exception.OrcidNotClaimedException; +import org.orcid.core.utils.SecurityContextTestUtils; import org.orcid.core.version.V2VersionConverterChain; import org.orcid.jaxb.model.client_v2.ClientSummary; import org.orcid.jaxb.model.common_v2.OrcidIdentifier; import org.orcid.jaxb.model.error_v2.OrcidError; +import org.orcid.jaxb.model.message.ScopePathType; import org.orcid.jaxb.model.record_v2.Work; import org.orcid.jaxb.model.record_v2.WorkBulk; import org.orcid.jaxb.model.search_v2.Result; @@ -841,25 +844,111 @@ private void updateProfileSubmissionDate(String orcid, int increment) { } /** - * Deactivated elements should not throw exception - * */ - @Test - public void testViewDeactivatedRecordDontThrowError() { + * Deactivated elements tests + */ + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewActivities() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewActivities(deactivatedUserOrcid); - serviceDelegator.viewRecord(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewRecord() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); + serviceDelegator.viewRecord(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewPerson() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewPerson(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewAddresses() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewAddresses(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewEducations() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewEducations(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewEmails() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewEmails(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewEmployments() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewEmployments(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewExternalIdentifiers() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewExternalIdentifiers(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewFundings() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewFundings(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewKeywords() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewKeywords(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewOtherNames() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewOtherNames(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewPeerReviews() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewPeerReviews(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewPersonalDetails() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewPersonalDetails(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewResearcherUrls() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewResearcherUrls(deactivatedUserOrcid); + fail(); + } + + @Test(expected = DeactivatedException.class) + public void testDeactivatedRecordViewWorks() { + SecurityContextTestUtils.setUpSecurityContext("0000-0000-0000-0007", ScopePathType.READ_LIMITED); serviceDelegator.viewWorks(deactivatedUserOrcid); + fail(); } }