feat: when checking stamps for structure and component, contributors … (

#821) * feat: when checking stamps for structure and component, contributors is an arrau * fix: solve unit test * fix: solve sonar issue
InseeFr · Dec 3, 2024 · cc3f75e · cc3f75e
1 parent b5ffed3
commit cc3f75e
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 8 deletions.
diff --git a/src/main/java/fr/insee/rmes/config/auth/security/SecurityExpressionRootForBauhaus.java b/src/main/java/fr/insee/rmes/config/auth/security/SecurityExpressionRootForBauhaus.java
@@ -4,6 +4,7 @@
 import fr.insee.rmes.config.auth.roles.Roles;
 import fr.insee.rmes.config.auth.user.Stamp;
 import fr.insee.rmes.exceptions.RmesRuntimeBadRequestException;
+import org.json.JSONArray;
 import org.json.JSONObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -173,6 +174,9 @@ private boolean checkStampIsContributor(String body) {
     private static @Nullable String extractContributorStampFromBody(String body) {
         return (new JSONObject(body)).optString("contributor");
     }
+    private static @Nullable JSONArray extractContributorStampsFromBody(String body) {
+        return (new JSONObject(body)).optJSONArray("contributor");
+    }
 
     //for PUT and DELETE structure
     public boolean isStructureContributor(String structureId){
@@ -183,7 +187,13 @@ public boolean isStructureContributor(String structureId){
 //  for POST structure or component
     public boolean isStructureAndComponentContributor(String body) {
         logger.trace("Check if {} can create the structure or component", methodSecurityExpressionRoot.getPrincipal());
-        return hasRole(Roles.STRUCTURES_CONTRIBUTOR)&& checkStampIsContributor(body);
+        Optional<Stamp> stamp = getStamp();
+        JSONArray contributors = extractContributorStampsFromBody(body);
+
+        if(contributors == null){
+            return false;
+        }
+        return hasRole(Roles.STRUCTURES_CONTRIBUTOR) && contributors.toList().stream().anyMatch(s -> ((String) s).equalsIgnoreCase(stamp.get().stamp()));
     }
 
 

diff --git a/src/test/java/fr/insee/rmes/integration/authorizations/TestStructuresResourcesEnvProd.java b/src/test/java/fr/insee/rmes/integration/authorizations/TestStructuresResourcesEnvProd.java
@@ -12,7 +12,6 @@
 import fr.insee.rmes.config.auth.security.DefaultSecurityContext;
 import fr.insee.rmes.config.auth.security.OpenIDConnectSecurityContext;
 import fr.insee.rmes.config.auth.user.Stamp;
-import fr.insee.rmes.model.ValidationStatus;
 import fr.insee.rmes.webservice.StructureResources;
 import org.junit.jupiter.api.Test;
 import org.mockito.Mockito;
@@ -28,7 +27,6 @@
 
 import static fr.insee.rmes.integration.authorizations.TokenForTestsConfiguration.*;
 import static fr.insee.rmes.integration.authorizations.TokenForTestsConfiguration.KEY_FOR_ROLES_IN_ROLE_CLAIM;
-import static fr.insee.rmes.model.ValidationStatus.UNPUBLISHED;
 import static org.mockito.Mockito.when;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -68,7 +66,6 @@ class TestStructuresResourcesEnvProd {
 
     int structureId=10;
     int componentId=12;
-    ValidationStatus status= UNPUBLISHED;
 
     @Test
     void putStructureAdmin_ok() throws Exception {
@@ -139,7 +136,7 @@ void postStructureAsStructureContributor_ok() throws Exception {
         mvc.perform(post("/structures/structure").header("Authorization", "Bearer toto")
                         .contentType(MediaType.APPLICATION_JSON)
                         .accept(MediaType.APPLICATION_JSON)
-                        .content("{\"id\": \"1\",\"contributor\": \""+timbre+"\"}"))
+                        .content("{\"id\": \"1\",\"contributor\": [\""+timbre+"\"]}"))
                 .andExpect(status().isOk());
     }
 
@@ -168,7 +165,7 @@ void postStructureAsStructureContributorWrongStamp_ko() throws Exception {
         mvc.perform(post("/structures/structure").header("Authorization", "Bearer toto")
                         .contentType(MediaType.APPLICATION_JSON)
                         .accept(MediaType.APPLICATION_JSON)
-                        .content("{\"id\": \"1\",\"contributor\": \"wrong\"}"))
+                        .content("{\"id\": \"1\",\"contributor\": [\"wrong\"]}"))
                 .andExpect(status().isForbidden());
     }
 
@@ -228,7 +225,7 @@ void postComponentAsStructureContributor_ok() throws Exception {
         mvc.perform(post("/structures/components").header("Authorization", "Bearer toto")
                         .contentType(MediaType.APPLICATION_JSON)
                         .accept(MediaType.APPLICATION_JSON)
-                        .content("{\"id\": \"1\",\"contributor\": \""+timbre+"\"}"))
+                        .content("{\"id\": \"1\",\"contributor\": [\""+timbre+"\"]}"))
                 .andExpect(status().isCreated());
     }
 
@@ -257,7 +254,7 @@ void postComponentAsStructureContributorWrongStamp_ko() throws Exception {
         mvc.perform(post("/structures/components").header("Authorization", "Bearer toto")
                         .contentType(MediaType.APPLICATION_JSON)
                         .accept(MediaType.APPLICATION_JSON)
-                        .content("{\"id\": \"1\",\"contributor\": \"wrong\"}"))
+                        .content("{\"id\": \"1\",\"contributor\": [\"wrong\"]}"))
                 .andExpect(status().isForbidden());
     }