From 99ee67b0e7cb94cf49e4a26b4edaf5a02a0a8491 Mon Sep 17 00:00:00 2001 From: Daniel Kavan Date: Thu, 5 May 2022 15:51:30 +0200 Subject: [PATCH] #1693 mergefix: admin-auth for PropDefs only. --- .../v3/PropertyDefinitionControllerV3.scala | 11 ++--- .../DatasetControllerV3IntegrationSuite.scala | 47 ++++--------------- ...ingTableControllerV3IntegrationSuite.scala | 20 ++------ .../SchemaControllerV3IntegrationSuite.scala | 41 +++++----------- 4 files changed, 29 insertions(+), 90 deletions(-) diff --git a/rest-api/src/main/scala/za/co/absa/enceladus/rest_api/controllers/v3/PropertyDefinitionControllerV3.scala b/rest-api/src/main/scala/za/co/absa/enceladus/rest_api/controllers/v3/PropertyDefinitionControllerV3.scala index d7982eba5..8b1c0d6f1 100644 --- a/rest-api/src/main/scala/za/co/absa/enceladus/rest_api/controllers/v3/PropertyDefinitionControllerV3.scala +++ b/rest-api/src/main/scala/za/co/absa/enceladus/rest_api/controllers/v3/PropertyDefinitionControllerV3.scala @@ -24,6 +24,8 @@ import org.springframework.security.core.userdetails.UserDetails import org.springframework.web.bind.annotation._ import za.co.absa.enceladus.model.properties.PropertyDefinition import za.co.absa.enceladus.model.{ExportableObject, Validation} +import za.co.absa.enceladus.rest_api.exceptions.NotFoundException +import za.co.absa.enceladus.rest_api.models.rest.DisabledPayload import za.co.absa.enceladus.rest_api.services.v3.PropertyDefinitionServiceV3 import java.util.Optional @@ -69,14 +71,11 @@ class PropertyDefinitionControllerV3 @Autowired()(propertyDefinitionService: Pro super.edit(user, name, version, item, request) } - @DeleteMapping(Array("/{name}", "/{name}/{version}")) + @DeleteMapping(Array("/{name}")) @ResponseStatus(HttpStatus.OK) @PreAuthorize("@authConstants.hasAdminRole(authentication)") - override def disable(@PathVariable name: String, - @PathVariable version: Optional[String]): CompletableFuture[UpdateResult] = { - - super.disable(name, version) + override def disable(@PathVariable name: String): CompletableFuture[DisabledPayload] = { + super.disable(name) } - } diff --git a/rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/DatasetControllerV3IntegrationSuite.scala b/rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/DatasetControllerV3IntegrationSuite.scala index bb535cf84..55a8ca071 100644 --- a/rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/DatasetControllerV3IntegrationSuite.scala +++ b/rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/DatasetControllerV3IntegrationSuite.scala @@ -117,22 +117,13 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA datasetFixture.add(dataset1) val dataset2 = DatasetFactory.getDummyDataset("dummyDs", description = Some("a new version attempt")) - val response = sendPostByAdmin[Dataset, EntityDisabledException](apiUrl, bodyOpt = Some(dataset2)) + val response = sendPost[Dataset, EntityDisabledException](apiUrl, bodyOpt = Some(dataset2)) assertBadRequest(response) response.getBody.getMessage should include("Entity dummyDs is disabled. Enable it first") } } - "return 403" when { - s"admin auth is not used for POST" in { - val dataset = DatasetFactory.getDummyDataset("dummyDs") - - val response = sendPost[Dataset, Validation](apiUrl, bodyOpt = Some(dataset)) - response.getStatusCode shouldBe HttpStatus.FORBIDDEN - } - } - } s"GET $apiUrl/{name}" should { @@ -340,7 +331,7 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA datasetFixture.add(dataset1) val dataset2 = DatasetFactory.getDummyDataset("dummyDs", description = Some("ds update")) - val response = sendPutByAdmin[Dataset, EntityDisabledException](s"$apiUrl/dummyDs/1", bodyOpt = Some(dataset2)) + val response = sendPut[Dataset, EntityDisabledException](s"$apiUrl/dummyDs/1", bodyOpt = Some(dataset2)) assertBadRequest(response) response.getBody.getMessage should include("Entity dummyDs is disabled. Enable it first") @@ -925,7 +916,7 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA val dsB = DatasetFactory.getDummyDataset(name = "dsB", version = 1, disabled = true) datasetFixture.add(dsA1, dsA2, dsB) - val response = sendPutByAdmin[String, DisabledPayload](s"$apiUrl/dsA") + val response = sendPut[String, DisabledPayload](s"$apiUrl/dsA") assertOk(response) response.getBody shouldBe DisabledPayload(disabled = false) @@ -951,7 +942,7 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA val dsA2 = DatasetFactory.getDummyDataset(name = "dsA", version = 2, disabled = false) datasetFixture.add(dsA1, dsA2) - val response = sendPutByAdmin[String, DisabledPayload](s"$apiUrl/dsA") + val response = sendPut[String, DisabledPayload](s"$apiUrl/dsA") assertOk(response) response.getBody shouldBe DisabledPayload(disabled = false) @@ -970,22 +961,11 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA "return 404" when { "no Dataset with the given name exists" should { "enable nothing" in { - val response = sendPutByAdmin[String, DisabledPayload](s"$apiUrl/aDataset") + val response = sendPut[String, DisabledPayload](s"$apiUrl/aDataset") assertNotFound(response) } } } - - "return 403" when { - s"admin auth is not used for DELETE" in { - schemaFixture.add(SchemaFactory.getDummySchema("dummySchema")) - val datasetV1 = DatasetFactory.getDummyDataset(name = "datasetA", version = 1) - datasetFixture.add(datasetV1) - - val response = sendDelete[Validation](s"$apiUrl/datasetA") - response.getStatusCode shouldBe HttpStatus.FORBIDDEN - } - } } s"DELETE $apiUrl/{name}" can { @@ -997,7 +977,7 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA val dsB = DatasetFactory.getDummyDataset(name = "dsB", version = 1) datasetFixture.add(dsA1, dsA2, dsB) - val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/dsA") + val response = sendDelete[DisabledPayload](s"$apiUrl/dsA") assertOk(response) response.getBody shouldBe DisabledPayload(disabled = true) @@ -1023,7 +1003,7 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA val dsA2 = DatasetFactory.getDummyDataset(name = "dsA", version = 2, disabled = false) datasetFixture.add(dsA1, dsA2) - val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/dsA") + val response = sendDelete[DisabledPayload](s"$apiUrl/dsA") assertOk(response) response.getBody shouldBe DisabledPayload(disabled = true) @@ -1042,21 +1022,10 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA "return 404" when { "no Dataset with the given name exists" should { "disable nothing" in { - val response = sendDeleteByAdmin[String](s"$apiUrl/aDataset") + val response = sendDelete[String](s"$apiUrl/aDataset") assertNotFound(response) } } } - - "return 403" when { - s"admin auth is not used for DELETE" in { - schemaFixture.add(SchemaFactory.getDummySchema("dummySchema")) - val datasetV1 = DatasetFactory.getDummyDataset(name = "datasetA", version = 1) - datasetFixture.add(datasetV1) - - val response = sendDelete[Validation](s"$apiUrl/datasetA") - response.getStatusCode shouldBe HttpStatus.FORBIDDEN - } - } } } diff --git a/rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/MappingTableControllerV3IntegrationSuite.scala b/rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/MappingTableControllerV3IntegrationSuite.scala index 380fae84f..6a2b9c2b1 100644 --- a/rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/MappingTableControllerV3IntegrationSuite.scala +++ b/rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/MappingTableControllerV3IntegrationSuite.scala @@ -328,7 +328,7 @@ class MappingTableControllerV3IntegrationSuite extends BaseRestApiTestV3 with Be val mtB = MappingTableFactory.getDummyMappingTable(name = "mtB", version = 1) mappingTableFixture.add(mtA1, mtA2, mtB) - val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/mtA") + val response = sendDelete[DisabledPayload](s"$apiUrl/mtA") assertOk(response) response.getBody shouldBe DisabledPayload(disabled = true) @@ -354,7 +354,7 @@ class MappingTableControllerV3IntegrationSuite extends BaseRestApiTestV3 with Be val mtA2 = MappingTableFactory.getDummyMappingTable(name = "mtA", version = 2, disabled = false) mappingTableFixture.add(mtA1, mtA2) - val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/mtA") + val response = sendDelete[DisabledPayload](s"$apiUrl/mtA") assertOk(response) response.getBody shouldBe DisabledPayload(disabled = true) @@ -376,7 +376,7 @@ class MappingTableControllerV3IntegrationSuite extends BaseRestApiTestV3 with Be val mappingTable2 = MappingTableFactory.getDummyMappingTable(name = "mappingTable", version = 2) mappingTableFixture.add(mappingTable1, mappingTable2) - val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/mappingTable") + val response = sendDelete[DisabledPayload](s"$apiUrl/mappingTable") assertOk(response) response.getBody shouldBe DisabledPayload(disabled = true) @@ -406,7 +406,7 @@ class MappingTableControllerV3IntegrationSuite extends BaseRestApiTestV3 with Be val disabledDs = DatasetFactory.getDummyDataset(name = "disabledDs", conformance = List(mcr("mappingTable", 2)), disabled = true) datasetFixture.add(dataset1, dataset2, dataset3, disabledDs) - val response = sendDeleteByAdmin[UsedIn](s"$apiUrl/mappingTable") + val response = sendDelete[UsedIn](s"$apiUrl/mappingTable") assertBadRequest(response) response.getBody shouldBe UsedIn(Some(Seq(MenasReference(None, "dataset1", 1), MenasReference(None, "dataset2", 7))), None) @@ -417,21 +417,11 @@ class MappingTableControllerV3IntegrationSuite extends BaseRestApiTestV3 with Be "return 404" when { "no MappingTable with the given name exists" should { "disable nothing" in { - val response = sendDeleteByAdmin[String](s"$apiUrl/aMappingTable") + val response = sendDelete[String](s"$apiUrl/aMappingTable") assertNotFound(response) } } } - - "return 403" when { - s"admin auth is not used for DELETE" in { - val mappingTableV1 = MappingTableFactory.getDummyMappingTable(name = "mappingTableA", version = 1) - mappingTableFixture.add(mappingTableV1) - - val response = sendDelete[Validation](s"$apiUrl/mappingTableA") - response.getStatusCode shouldBe HttpStatus.FORBIDDEN - } - } } } diff --git a/rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/SchemaControllerV3IntegrationSuite.scala b/rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/SchemaControllerV3IntegrationSuite.scala index 56cf49b69..ba7c8d5f7 100644 --- a/rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/SchemaControllerV3IntegrationSuite.scala +++ b/rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/SchemaControllerV3IntegrationSuite.scala @@ -795,7 +795,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn val schB = SchemaFactory.getDummySchema(name = "schB", version = 1, disabled = true) schemaFixture.add(schA1, schA2, schB) - val response = sendPutByAdmin[String, DisabledPayload](s"$apiUrl/schA") + val response = sendPut[String, DisabledPayload](s"$apiUrl/schA") assertOk(response) response.getBody shouldBe DisabledPayload(disabled = false) @@ -821,7 +821,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn val schA2 = SchemaFactory.getDummySchema(name = "schA", version = 2, disabled = false) schemaFixture.add(schA1, schA2) - val response = sendPutByAdmin[String, DisabledPayload](s"$apiUrl/schA") + val response = sendPut[String, DisabledPayload](s"$apiUrl/schA") assertOk(response) response.getBody shouldBe DisabledPayload(disabled = false) @@ -840,21 +840,12 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn "return 404" when { "no Schema with the given name exists" should { "enable nothing" in { - val response = sendPutByAdmin[String, DisabledPayload](s"$apiUrl/aSchema") + val response = sendPut[String, DisabledPayload](s"$apiUrl/aSchema") assertNotFound(response) } } } - "return 403" when { - s"admin auth is not used for DELETE" in { - val schemaV1 = SchemaFactory.getDummySchema(name = "schemaA", version = 1) - schemaFixture.add(schemaV1) - - val response = sendDelete[Validation](s"$apiUrl/schemaA") - response.getStatusCode shouldBe HttpStatus.FORBIDDEN - } - } } s"DELETE $apiUrl/{name}" can { @@ -866,7 +857,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn val schB = SchemaFactory.getDummySchema(name = "schB", version = 1) schemaFixture.add(schA1, schA2, schB) - val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/schA") + val response = sendDelete[DisabledPayload](s"$apiUrl/schA") assertOk(response) response.getBody shouldBe DisabledPayload(disabled = true) @@ -892,7 +883,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn val schA2 = SchemaFactory.getDummySchema(name = "schA", version = 2, disabled = false) schemaFixture.add(schA1, schA2) - val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/schA") + val response = sendDelete[DisabledPayload](s"$apiUrl/schA") assertOk(response) response.getBody shouldBe DisabledPayload(disabled = true) @@ -914,7 +905,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn val schema2 = SchemaFactory.getDummySchema(name = "schema", version = 2) schemaFixture.add(schema1, schema2) - val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/schema") + val response = sendDelete[DisabledPayload](s"$apiUrl/schema") assertOk(response) response.getBody shouldBe DisabledPayload(disabled = true) @@ -937,7 +928,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn val schema2 = SchemaFactory.getDummySchema(name = "schema", version = 2) schemaFixture.add(schema1, schema2) - val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/schema") + val response = sendDelete[DisabledPayload](s"$apiUrl/schema") assertOk(response) response.getBody shouldBe DisabledPayload(disabled = true) @@ -967,7 +958,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn val disabledDs = DatasetFactory.getDummyDataset(name = "disabledDs", schemaName = "schema", schemaVersion = 2, disabled = true) datasetFixture.add(dataset1, dataset2, dataset3, disabledDs) - val response = sendDeleteByAdmin[UsedIn](s"$apiUrl/schema") + val response = sendDelete[UsedIn](s"$apiUrl/schema") assertBadRequest(response) response.getBody shouldBe UsedIn(Some(Seq(MenasReference(None, "dataset1", 1), MenasReference(None, "dataset2", 7))), None) @@ -983,7 +974,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn val mappingTable2 = MappingTableFactory.getDummyMappingTable(name = "mapping2", schemaName = "schema", schemaVersion = 2, disabled = false) mappingTableFixture.add(mappingTable1, mappingTable2) - val response = sendDeleteByAdmin[UsedIn](s"$apiUrl/schema") + val response = sendDelete[UsedIn](s"$apiUrl/schema") assertBadRequest(response) response.getBody shouldBe UsedIn(None, Some(Seq(MenasReference(None, "mapping1", 1), MenasReference(None, "mapping2", 1)))) @@ -1001,7 +992,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn val dataset2 = DatasetFactory.getDummyDataset(name = "dataset2", schemaName = "schema", schemaVersion = 2) datasetFixture.add(dataset2) - val response = sendDeleteByAdmin[UsedIn](s"$apiUrl/schema") + val response = sendDelete[UsedIn](s"$apiUrl/schema") assertBadRequest(response) response.getBody shouldBe UsedIn(Some(Seq(MenasReference(None, "dataset2", 1))), Some(Seq(MenasReference(None, "mapping1", 1)))) @@ -1012,21 +1003,11 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn "return 404" when { "no Schema with the given name exists" should { "disable nothing" in { - val response = sendDeleteByAdmin[String](s"$apiUrl/aSchema") + val response = sendDelete[String](s"$apiUrl/aSchema") assertNotFound(response) } } } - - "return 403" when { - s"admin auth is not used for DELETE" in { - val schemaV1 = SchemaFactory.getDummySchema(name = "schemaA", version = 1) - schemaFixture.add(schemaV1) - - val response = sendDelete[Validation](s"$apiUrl/schemaA") - response.getStatusCode shouldBe HttpStatus.FORBIDDEN - } - } } }