PIN-3794 Prevent the creation of the EService for not IPA organization

pagopa · Aug 10, 2023 · 65d27ee · 65d27ee
1 parent 487ba11
commit 65d27ee
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 2 deletions.
diff --git a/src/main/resources/interface-specification.yml b/src/main/resources/interface-specification.yml
@@ -140,6 +140,12 @@ paths:
             application/problem+json:
               schema:
                 $ref: '#/components/schemas/Problem'
+        '403':
+          description: Forbidden
+          content:
+            application/problem+json:
+              schema:
+                $ref: '#/components/schemas/Problem'        
         '409':
           description: Name Conflict
           content:

diff --git a/src/main/scala/it/pagopa/interop/catalogprocess/api/impl/ProcessApiServiceImpl.scala b/src/main/scala/it/pagopa/interop/catalogprocess/api/impl/ProcessApiServiceImpl.scala
@@ -49,6 +49,8 @@ final case class ProcessApiServiceImpl(
   implicit val logger: LoggerTakingImplicit[ContextFieldsToLog] =
     Logger.takingImplicit[ContextFieldsToLog](this.getClass)
 
+  val IPA = "IPA"
+
   override def createEService(eServiceSeed: EServiceSeed)(implicit
     contexts: Seq[(String, String)],
     toEntityMarshallerProblem: ToEntityMarshaller[Problem],
@@ -59,6 +61,8 @@ final case class ProcessApiServiceImpl(
 
     val result: Future[EService] = for {
       organizationId <- getOrganizationIdFutureUUID(contexts)
+      origin         <- getExternalIdOrigin(contexts)
+      _              <- if (origin.exists(_ == IPA)) Future.unit else Future.failed(OriginIsNotComplaint(IPA))
       clientSeed = eServiceSeed.toDependency(organizationId)
       maybeEservice <- catalogManagementService
         .getEServices(

diff --git a/src/main/scala/it/pagopa/interop/catalogprocess/api/impl/ResponseHandlers.scala b/src/main/scala/it/pagopa/interop/catalogprocess/api/impl/ResponseHandlers.scala
@@ -43,6 +43,7 @@ object ResponseHandlers extends AkkaResponses {
   )(result: Try[T])(implicit contexts: Seq[(String, String)], logger: LoggerTakingImplicit[ContextFieldsToLog]): Route =
     result match {
       case Success(s)                          => success(s)
+      case Failure(ex: OriginIsNotComplaint)   => forbidden(ex, logMessage)
       case Failure(ex: DuplicatedEServiceName) => conflict(ex, logMessage)
       case Failure(ex)                         => internalServerError(ex, logMessage)
     }

diff --git a/src/main/scala/it/pagopa/interop/catalogprocess/errors/CatalogProcessErrors.scala b/src/main/scala/it/pagopa/interop/catalogprocess/errors/CatalogProcessErrors.scala
@@ -43,4 +43,7 @@ object CatalogProcessErrors {
   final case class DuplicatedEServiceName(name: String)
       extends ComponentError("0010", s"EService with name: $name already in use")
 
+  final case class OriginIsNotComplaint(origin: String)
+      extends ComponentError("0011", s"Requester has not origin: $origin")
+
 }
diff --git a/src/test/scala/it/pagopa/interop/catalogprocess/CatalogProcessSpec.scala b/src/test/scala/it/pagopa/interop/catalogprocess/CatalogProcessSpec.scala
@@ -274,7 +274,12 @@ class CatalogProcessSpec extends SpecHelper with AnyWordSpecLike with ScalatestR
       val catalogItems: Seq[CatalogItem] = Seq.empty
 
       implicit val context: Seq[(String, String)] =
-        Seq("bearer" -> bearerToken, USER_ROLES -> "admin", ORGANIZATION_ID_CLAIM -> requesterId.toString)
+        Seq(
+          "bearer"              -> bearerToken,
+          USER_ROLES            -> "admin",
+          ORGANIZATION_ID_CLAIM -> requesterId.toString,
+          ORGANIZATION_EXTERNAL_ID_ORIGIN_CLAIM = "IPA"
+        )
 
       val apiSeed: EServiceSeed =
         EServiceSeed(name = "MyService", description = "My Service", technology = EServiceTechnology.REST)
@@ -380,7 +385,12 @@ class CatalogProcessSpec extends SpecHelper with AnyWordSpecLike with ScalatestR
       val requesterId = UUID.randomUUID()
 
       implicit val context: Seq[(String, String)] =
-        Seq("bearer" -> bearerToken, USER_ROLES -> "admin", ORGANIZATION_ID_CLAIM -> requesterId.toString)
+        Seq(
+          "bearer"              -> bearerToken,
+          USER_ROLES            -> "admin",
+          ORGANIZATION_ID_CLAIM -> requesterId.toString,
+          ORGANIZATION_EXTERNAL_ID_ORIGIN_CLAIM = "IPA"
+        )
 
       val catalogItems: Seq[CatalogItem] = Seq(SpecData.catalogItem)
 
@@ -406,6 +416,25 @@ class CatalogProcessSpec extends SpecHelper with AnyWordSpecLike with ScalatestR
         status shouldEqual StatusCodes.Conflict
       }
     }
+    "fail with forbidden requester origin is not IPA" in {
+
+      val requesterId = UUID.randomUUID()
+
+      implicit val context: Seq[(String, String)] =
+        Seq(
+          "bearer"              -> bearerToken,
+          USER_ROLES            -> "admin",
+          ORGANIZATION_ID_CLAIM -> requesterId.toString,
+          ORGANIZATION_EXTERNAL_ID_ORIGIN_CLAIM = "NOT_IPA"
+        )
+
+      val apiSeed: EServiceSeed =
+        EServiceSeed(name = "MyService", description = "My Service", technology = EServiceTechnology.REST)
+
+      Post() ~> service.createEService(apiSeed) ~> check {
+        status shouldEqual StatusCodes.Forbidden
+      }
+    }
   }
   "EService update" should {
     "succeed" in {