From b776df1a644abc64e86eb062a96ff064d5895811 Mon Sep 17 00:00:00 2001 From: Daniil Palagin Date: Mon, 29 Jul 2024 13:38:31 +0200 Subject: [PATCH] [kbss-cvut/record-manager-ui#201] Throw ValidationException in getRecords method if user does not have institution and has User Role. Add params to the getRecords test for mocking http request. --- .../kbss/study/rest/PatientRecordController.java | 14 +++++++++++++- .../study/rest/PatientRecordControllerTest.java | 11 ++++++----- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/src/main/java/cz/cvut/kbss/study/rest/PatientRecordController.java b/src/main/java/cz/cvut/kbss/study/rest/PatientRecordController.java index 5e8dae63..1f31171c 100644 --- a/src/main/java/cz/cvut/kbss/study/rest/PatientRecordController.java +++ b/src/main/java/cz/cvut/kbss/study/rest/PatientRecordController.java @@ -6,6 +6,7 @@ import cz.cvut.kbss.study.dto.PatientRecordDto; import cz.cvut.kbss.study.dto.RecordImportResult; import cz.cvut.kbss.study.exception.NotFoundException; +import cz.cvut.kbss.study.exception.ValidationException; import cz.cvut.kbss.study.model.PatientRecord; import cz.cvut.kbss.study.model.RecordPhase; import cz.cvut.kbss.study.model.User; @@ -31,6 +32,8 @@ import org.springframework.data.domain.Page; import org.springframework.http.*; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.web.bind.annotation.*; @@ -71,12 +74,21 @@ public PatientRecordController(PatientRecordService recordService, ApplicationEv this.userService = userService; } - @PreAuthorize("hasRole('" + SecurityConstants.ROLE_ADMIN + "') or @securityUtils.isMemberOfInstitution(#institutionKey)") + @PreAuthorize("hasRole('" + SecurityConstants.ROLE_ADMIN + "') or #institutionKey==null or @securityUtils.isMemberOfInstitution(#institutionKey)") @GetMapping(produces = MediaType.APPLICATION_JSON_VALUE) public List getRecords( @RequestParam(value = "institution", required = false) String institutionKey, @RequestParam MultiValueMap params, UriComponentsBuilder uriBuilder, HttpServletResponse response) { + + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + boolean hasAdminRole = authentication.getAuthorities().stream() + .anyMatch(authority -> authority.getAuthority().equals(SecurityConstants.ROLE_ADMIN)); + + if (!hasAdminRole && institutionKey == null) { + throw new ValidationException("record.save-error.user-not-assigned-to-institution", + "User is not assigned to any institution."); + } final Page result = recordService.findAll(RecordFilterMapper.constructRecordFilter(params), RestUtils.resolvePaging(params)); eventPublisher.publishEvent(new PaginatedResultRetrievedEvent(this, uriBuilder, response, result)); diff --git a/src/test/java/cz/cvut/kbss/study/rest/PatientRecordControllerTest.java b/src/test/java/cz/cvut/kbss/study/rest/PatientRecordControllerTest.java index 250d0ce7..f407cad0 100644 --- a/src/test/java/cz/cvut/kbss/study/rest/PatientRecordControllerTest.java +++ b/src/test/java/cz/cvut/kbss/study/rest/PatientRecordControllerTest.java @@ -116,7 +116,7 @@ public void getRecordsReturnsEmptyListWhenNoReportsAreFound() throws Exception { when(patientRecordServiceMock.findAll(any(RecordFilterParams.class), any(Pageable.class))).thenReturn( Page.empty()); - final MvcResult result = mockMvc.perform(get("/records/")).andReturn(); + final MvcResult result = mockMvc.perform(get("/records/").param("institution", user.getInstitution().toString())).andReturn(); assertEquals(HttpStatus.OK, HttpStatus.valueOf(result.getResponse().getStatus())); final List body = objectMapper.readValue(result.getResponse().getContentAsString(), @@ -139,14 +139,15 @@ public void getRecordsReturnsAllRecords() throws Exception { when(patientRecordServiceMock.findAll(any(RecordFilterParams.class), any(Pageable.class))).thenReturn( new PageImpl<>(records)); - final MvcResult result = mockMvc.perform(get("/records")).andReturn(); + + final MvcResult result = mockMvc.perform(get("/records/").param("institution", user.getInstitution().toString())).andReturn(); assertEquals(HttpStatus.OK, HttpStatus.valueOf(result.getResponse().getStatus())); final List body = objectMapper.readValue(result.getResponse().getContentAsString(), new TypeReference<>() { }); assertEquals(3, body.size()); - verify(patientRecordServiceMock).findAll(new RecordFilterParams(), Pageable.unpaged()); + verify(patientRecordServiceMock).findAll(any(RecordFilterParams.class), any(Pageable.class)); } @Test @@ -431,7 +432,7 @@ void getRecordsPublishesPagingEvent() throws Exception { final Page page = new PageImpl<>(records, PageRequest.of(0, 5), 3); when(patientRecordServiceMock.findAll(any(RecordFilterParams.class), any(Pageable.class))).thenReturn(page); - final MvcResult result = mockMvc.perform(get("/records").queryParam(Constants.PAGE_PARAM, "0") + final MvcResult result = mockMvc.perform(get("/records").param("institution", user.getInstitution().toString()).queryParam(Constants.PAGE_PARAM, "0") .queryParam(Constants.PAGE_SIZE_PARAM, "5")) .andReturn(); @@ -440,7 +441,7 @@ void getRecordsPublishesPagingEvent() throws Exception { new TypeReference<>() { }); assertEquals(3, body.size()); - verify(patientRecordServiceMock).findAll(new RecordFilterParams(), PageRequest.of(0, 5)); + verify(patientRecordServiceMock).findAll(any(RecordFilterParams.class), eq(PageRequest.of(0, 5))); final ArgumentCaptor captor = ArgumentCaptor.forClass( PaginatedResultRetrievedEvent.class); verify(eventPublisherMock).publishEvent(captor.capture());