Skip to content

Commit

Permalink
feat(authz): propagate an user's deleted entities to Kafka (#1208)
Browse files Browse the repository at this point in the history
  • Loading branch information
bobeal authored Aug 5, 2024
1 parent 5a89a8a commit 7b8b440
Show file tree
Hide file tree
Showing 7 changed files with 46 additions and 21 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import com.egm.stellio.search.authorization.SubjectReferential
import com.egm.stellio.search.authorization.SubjectReferentialService
import com.egm.stellio.search.authorization.toSubjectInfo
import com.egm.stellio.search.config.SearchProperties
import com.egm.stellio.search.service.EntityEventService
import com.egm.stellio.search.service.EntityPayloadService
import com.egm.stellio.shared.model.*
import com.egm.stellio.shared.util.AuthContextModel.AUTH_TERM_IS_MEMBER_OF
Expand Down Expand Up @@ -39,7 +40,8 @@ class IAMListener(
private val subjectReferentialService: SubjectReferentialService,
private val searchProperties: SearchProperties,
private val entityAccessRightsService: EntityAccessRightsService,
private val entityPayloadService: EntityPayloadService
private val entityPayloadService: EntityPayloadService,
private val entityEventService: EntityEventService
) {

private val logger = LoggerFactory.getLogger(javaClass)
Expand Down Expand Up @@ -114,8 +116,10 @@ class IAMListener(
if (searchProperties.onOwnerDeleteCascadeEntities && subjectType == SubjectType.USER) {
val entitiesIds = entityAccessRightsService.getEntitiesIdsOwnedBySubject(sub).getOrNull()
entitiesIds?.let { entityAccessRightsService.deleteAllAccessRightsOnEntities(it) }
entitiesIds?.map { entityId ->
entityPayloadService.deleteEntity(entityId)
entitiesIds?.forEach { entityId ->
entityPayloadService.deleteEntity(entityId).getOrNull()?.also {
entityEventService.publishEntityDeleteEvent(null, it)
}
}
Unit.right()
} else Unit.right()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -659,18 +659,23 @@ class EntityPayloadService(
.execute()

@Transactional
suspend fun deleteEntity(entityId: URI): Either<APIException, Unit> = either {
databaseClient.sql(
suspend fun deleteEntity(entityId: URI): Either<APIException, EntityPayload> = either {
val entity = databaseClient.sql(
"""
DELETE FROM entity_payload WHERE entity_id = :entity_id
DELETE FROM entity_payload
WHERE entity_id = :entity_id
RETURNING *
""".trimIndent()
)
.bind("entity_id", entityId)
.execute()
.oneToResult {
rowToEntityPaylaod(it)
}
.bind()

temporalEntityAttributeService.deleteTemporalAttributesOfEntity(entityId).bind()
scopeService.deleteHistory(entityId).bind()
entity
}

@Transactional
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,19 @@ import arrow.core.right
import com.egm.stellio.search.authorization.EntityAccessRightsService
import com.egm.stellio.search.authorization.SubjectReferentialService
import com.egm.stellio.search.config.SearchProperties
import com.egm.stellio.search.model.EntityPayload
import com.egm.stellio.search.service.EntityEventService
import com.egm.stellio.search.service.EntityPayloadService
import com.egm.stellio.shared.util.*
import com.egm.stellio.shared.util.GlobalRole
import com.egm.stellio.shared.util.SubjectType
import com.egm.stellio.shared.util.loadSampleData
import com.egm.stellio.shared.util.toUri
import com.ninjasquad.springmockk.MockkBean
import io.mockk.coEvery
import io.mockk.coVerify
import io.mockk.every
import io.mockk.mockkClass
import kotlinx.coroutines.Job
import kotlinx.coroutines.test.runTest
import org.junit.jupiter.api.Test
import org.springframework.beans.factory.annotation.Autowired
Expand All @@ -35,6 +42,9 @@ class IAMListenerTests {
@MockkBean(relaxed = true)
private lateinit var subjectReferentialService: SubjectReferentialService

@MockkBean(relaxed = true)
private lateinit var entityEventService: EntityEventService

private val entityId = "urn:ngsi-ld:BeeHive:TESTC".toUri()

@Test
Expand Down Expand Up @@ -358,7 +368,6 @@ class IAMListenerTests {
@Test
fun `it should delete all entities owned by a user if user is deleted`() = runTest {
val subjectDeleteEvent = loadSampleData("events/authorization/UserDeleteEvent.json")
loadSampleData("beehive.jsonld").sampleDataToNgsiLdEntity().shouldSucceedAndResult()
coEvery {
entityAccessRightsService.setOwnerRoleOnEntity(
"6ad19fe0-fc11-4024-85f2-931c6fa6f7e0",
Expand All @@ -367,14 +376,12 @@ class IAMListenerTests {
} returns Unit.right()

coEvery { subjectReferentialService.delete(any()) } returns Unit.right()
every {
searchProperties.onOwnerDeleteCascadeEntities
} returns true
every { searchProperties.onOwnerDeleteCascadeEntities } returns true
coEvery {
entityAccessRightsService.getEntitiesIdsOwnedBySubject("6ad19fe0-fc11-4024-85f2-931c6fa6f7e0")
} returns listOf(
entityId
).right()
} returns listOf(entityId).right()
coEvery { entityPayloadService.deleteEntity(entityId) } returns mockkClass(EntityPayload::class).right()
coEvery { entityEventService.publishEntityDeleteEvent(any(), any()) } returns Job()

iamListener.dispatchIamMessage(subjectDeleteEvent)

Expand All @@ -392,5 +399,8 @@ class IAMListenerTests {
}
)
}
coVerify(timeout = 1000) {
entityEventService.publishEntityDeleteEvent(null, any())
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -344,7 +344,7 @@ class EntityOperationServiceTests {

@Test
fun `batch delete should return the list of deleted entity ids when deletion is successful`() = runTest {
coEvery { entityPayloadService.deleteEntity(any()) } returns Unit.right()
coEvery { entityPayloadService.deleteEntity(any()) } returns mockkClass(EntityPayload::class).right()
coEvery { authorizationService.removeRightsOnEntity(any()) } returns Unit.right()
coEvery { entityEventService.publishEntityDeleteEvent(any(), any()) } returns Job()

Expand Down Expand Up @@ -376,7 +376,9 @@ class EntityOperationServiceTests {
@Test
fun `batch delete should return deleted entity ids and in errors when deletion is partially successful`() =
runTest {
coEvery { entityPayloadService.deleteEntity(firstEntityURI) } returns Unit.right()
coEvery {
entityPayloadService.deleteEntity(firstEntityURI)
} returns mockkClass(EntityPayload::class).right()
coEvery {
entityPayloadService.deleteEntity(secondEntityURI)
} returns InternalErrorException("Something went wrong during deletion").left()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -670,8 +670,11 @@ class EntityPayloadServiceTests : WithTimescaleContainer, WithKafkaContainer {
)
}

val deleteResult = entityPayloadService.deleteEntity(entity01Uri)
assertTrue(deleteResult.isRight())
entityPayloadService.deleteEntity(entity01Uri)
.shouldSucceedWith {
assertEquals(entity01Uri, it.entityId)
assertNotNull(it.payload)
}

// if correctly deleted, we should be able to create a new one
loadMinimalEntity(entity01Uri, setOf(BEEHIVE_TYPE))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2110,7 +2110,7 @@ class EntityHandlerTests {
coEvery { entityPayloadService.retrieve(any<URI>()) } returns entity.right()
every { entity.types } returns listOf(BEEHIVE_TYPE)
coEvery { authorizationService.userCanAdminEntity(beehiveId, sub) } returns Unit.right()
coEvery { entityPayloadService.deleteEntity(any()) } returns Unit.right()
coEvery { entityPayloadService.deleteEntity(any()) } returns mockkClass(EntityPayload::class).right()
coEvery { authorizationService.removeRightsOnEntity(any()) } returns Unit.right()
coEvery { entityEventService.publishEntityDeleteEvent(any(), any()) } returns Job()

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import arrow.core.left
import arrow.core.right
import com.egm.stellio.search.authorization.AuthorizationService
import com.egm.stellio.search.config.SearchProperties
import com.egm.stellio.search.model.EntityPayload
import com.egm.stellio.search.model.SimplifiedAttributeInstanceResult
import com.egm.stellio.search.model.TemporalEntityAttribute
import com.egm.stellio.search.model.TemporalQuery
Expand Down Expand Up @@ -1178,7 +1179,7 @@ class TemporalEntityHandlerTests {
fun `delete temporal entity should return a 204 if an entity has been successfully deleted`() {
coEvery { entityPayloadService.checkEntityExistence(entityUri) } returns Unit.right()
coEvery { authorizationService.userCanAdminEntity(entityUri, sub) } returns Unit.right()
coEvery { entityPayloadService.deleteEntity(any()) } returns Unit.right()
coEvery { entityPayloadService.deleteEntity(any()) } returns mockkClass(EntityPayload::class).right()
coEvery { authorizationService.removeRightsOnEntity(any()) } returns Unit.right()

webClient.delete()
Expand Down

0 comments on commit 7b8b440

Please sign in to comment.