throw error if engagement type participant roles don't match the allo…

…wed values in the config

src/main/java/com/redhat/labs/lodestar/resource/ConfigResource.java

@@ -57,12 +57,27 @@ public Response invalidateRbacCache() {
     @Path("artifact/options")
     @SecurityRequirement(name = "jwt")
     @APIResponses(value = { @APIResponse(responseCode = "401", description = "Missing or Invalid JWT"),
-            @APIResponse(responseCode = "200", description = "Artifact ptions success.") })
-    @Operation(summary = "Returns a map of key value pairs or artifact option.")
+            @APIResponse(responseCode = "200", description = "Artifact options success.") })
+    @Operation(summary = "Returns a map of key value pairs of artifact options.")
     public Map<String, String> getArtifactOptions() {
         return configService.getArtifactOptions();
     }
 
+    @GET
+    @Path("participant/options")
+    @SecurityRequirement(name = "jwt")
+    @APIResponses(value = { @APIResponse(responseCode = "401", description = "Missing or Invalid JWT"),
+            @APIResponse(responseCode = "200", description = "Participant options success.") })
+    @Operation(summary = "Returns a map of key value pairs of participant options. " +
+            "If the engagement type is not found it will return the default values (Residency)")
+    public Map<String, String> getParticipantOptions(@QueryParam("engagementType") String type) {
+        if(type == null) {
+            return configService.getParticipantOptions();
+        }
+
+        return configService.getParticipantOptions(type);
+    }
+
     @GET
     @Path("engagement/options")
     @SecurityRequirement(name = "jwt")

src/main/java/com/redhat/labs/lodestar/rest/client/ConfigApiClient.java

@@ -33,6 +33,14 @@ public interface ConfigApiClient {
     @Path("artifact/options")
     Map<String, String> getArtifactOptions();
 
+    @GET
+    @Path("participant/options")
+    Map<String, String> getParticipantOptions(@QueryParam("engagementType") String type);
+
+    @GET
+    @Path("participant/options")
+    Map<String, String> getParticipantOptions();
+
     @GET
     @Path("engagement/options")
     Map<String, String> getEngagementOptions();

src/main/java/com/redhat/labs/lodestar/service/ConfigService.java

@@ -54,6 +54,17 @@ public Response getRuntimeConfig(Optional<String> type) {
 		return configApiClient.getRuntimeConfig(type.isPresent() ? type.get() : null);
 	}
 
+	@CacheResult(cacheName = "participant-options")
+	public Map<String, String> getParticipantOptions(String type) {
+		LOGGER.debug("cache miss for participant options ({})", type);
+		return configApiClient.getParticipantOptions(type);
+	}
+	@CacheResult(cacheName = "participant-options-base")
+	public Map<String, String> getParticipantOptions() {
+		LOGGER.debug("cache miss for participant options (base)");
+		return configApiClient.getParticipantOptions();
+	}
+
 	@CacheResult(cacheName = "artifact-options")
 	public Map<String, String> getArtifactOptions() {
 		LOGGER.debug("cache miss for artifact options");

src/main/java/com/redhat/labs/lodestar/service/EngagementService.java

@@ -146,6 +146,8 @@ public Engagement create(Engagement engagement) {
 
     /**
      * Updates the {@link Engagement} resource in the data store
+     * This supports the way v1 frontend saves the entire engagement. In the future the FE should use direct
+     * updates to each component
      * 
      * @param engagement
      * @return
@@ -194,6 +196,20 @@ public Engagement update(Engagement engagement) {
         diff = javers.compareCollections(new HashSet<>(participants), engagement.getEngagementUsers(), EngagementUser.class);
         if(diff.hasChanges()) {
             LOGGER.debug("Participants changed {}", diff);
+
+            //Validate participant options
+            Set<String> allowed = configService.getParticipantOptions(engagement.getType()).keySet();
+            String errors = "";
+            for(EngagementUser p : engagement.getEngagementUsers()) {
+                if(allowed.contains(p.getRole())) {
+                    errors += String.format("Participant %s has invalid role %s. ", p.getEmail(), p.getRole());
+                    LOGGER.error("Participant {} has invalid role {} for engagement type {} - {}", p.getEmail(), p.getRole(), engagement.getType(), engagement.getUuid());
+                }
+            }
+
+            if(!errors.isEmpty()) {
+                throw new WebApplicationException(Response.status(400).entity(Map.of("lodestarMessage", errors.trim())).build());
+            }
             participants = participantService.updateParticipantsAndReload(engagementUuid, author, authorEmail,
                     engagement.getEngagementUsers());
             LOGGER.debug("Updated {}", participants);

src/test/java/com/redhat/labs/lodestar/resource/ConfigResourceTest.java

@@ -137,4 +137,19 @@ void testEngagementOptions() throws Exception {
                 .body("$", Matchers.hasKey("training"));
     }
 
+    @Test
+    void testParticipantOptions() throws Exception {
+        String participants = ResourceLoader.load("config-participant-options.json");
+        Map<String, String> pariticipantsMap = om.readValue(participants, Map.class);
+        Mockito.when(configApiClient.getParticipantOptions()).thenReturn(pariticipantsMap);
+        given().when().auth().oauth2(VALID_TOKEN).get("/participant/options").then().statusCode(200)
+                .body("$", Matchers.hasKey("arole"))
+                .body("$", Matchers.hasKey("brole"));
+
+        Mockito.when(configApiClient.getParticipantOptions("DO")).thenReturn(pariticipantsMap);
+        given().queryParam("engagementType", "DO").when().auth().oauth2(VALID_TOKEN).get("/participant/options").then().statusCode(200)
+                .body("$", Matchers.hasKey("arole"))
+                .body("$", Matchers.hasKey("brole"));
+    }
+
 }

src/test/resources/config-participant-options.json

@@ -0,0 +1,4 @@
+{
+  "arole": "Rolly",
+  "brole": "Polly"
+}