Skip to content

Commit

Permalink
Rename 'Roles' object to 'BusinessUnitUserPermissions'
Browse files Browse the repository at this point in the history
  • Loading branch information
RustyHMCTS committed Sep 18, 2024
1 parent a2b0d27 commit 2f68e5c
Show file tree
Hide file tree
Showing 19 changed files with 62 additions and 64 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
import uk.gov.hmcts.opal.authentication.service.AccessTokenService;
import uk.gov.hmcts.opal.authentication.service.AuthenticationService;
import uk.gov.hmcts.opal.authorisation.model.Permission;
import uk.gov.hmcts.opal.authorisation.model.Role;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions;
import uk.gov.hmcts.opal.authorisation.model.UserState;
import uk.gov.hmcts.opal.authorisation.service.AuthorisationService;

Expand Down Expand Up @@ -67,7 +67,7 @@ void testHandleOauthCode() throws Exception {
UserState userState = UserState.builder()
.userName("name")
.userId(123L)
.roles(Set.of(Role.builder()
.roles(Set.of(BusinessUnitUserPermissions.builder()
.businessUnitId((short) 123)
.businessUserId("BU123")
.permissions(Set.of(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
import uk.gov.hmcts.opal.authentication.model.SecurityToken;
import uk.gov.hmcts.opal.authentication.service.AccessTokenService;
import uk.gov.hmcts.opal.authorisation.model.Permission;
import uk.gov.hmcts.opal.authorisation.model.Role;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions;
import uk.gov.hmcts.opal.authorisation.model.UserState;
import uk.gov.hmcts.opal.authorisation.service.AuthorisationService;
import uk.gov.hmcts.opal.dto.AppMode;
Expand All @@ -40,7 +40,7 @@ class TestingSupportControllerTest {
private static final UserState USER_STATE = UserState.builder()
.userName("name")
.userId(123L)
.roles(Set.of(Role.builder()
.roles(Set.of(BusinessUnitUserPermissions.builder()
.businessUnitId((short) 123)
.businessUserId("BU123")
.permissions(Set.of(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
import org.aspectj.lang.annotation.Aspect;
import org.springframework.stereotype.Component;
import uk.gov.hmcts.opal.authentication.aspect.UserStateAspectService;
import uk.gov.hmcts.opal.authorisation.model.Role;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions;
import uk.gov.hmcts.opal.authorisation.model.UserState;

import static uk.gov.hmcts.opal.util.PermissionUtil.checkAnyRoleHasPermission;
Expand Down Expand Up @@ -40,11 +40,10 @@ public Object checkAuthorization(ProceedingJoinPoint joinPoint,
Object[] args = joinPoint.getArgs();
UserState userState = userStateAspectService.getUserState(joinPoint);

Role role = authorizationAspectService.getRole(args, userState);
BusinessUnitUserPermissions role = authorizationAspectService.getRole(args, userState);
if (checkRoleHasPermission(role, authorizedRoleHasPermission.value())) {
return joinPoint.proceed();
}
throw new PermissionNotAllowedException(authorizedRoleHasPermission.value(), role);
}
}

Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import uk.gov.hmcts.opal.authentication.aspect.AccessTokenParam;
import uk.gov.hmcts.opal.authorisation.model.Role;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions;
import uk.gov.hmcts.opal.authorisation.model.UserState;
import uk.gov.hmcts.opal.dto.AddNoteDto;
import uk.gov.hmcts.opal.dto.NoteDto;
Expand Down Expand Up @@ -55,10 +55,10 @@ public Optional<String> getAuthorization(String authHeaderValue) {
return Optional.empty();
}

public Role getRole(Object[] args, UserState userState) {
public BusinessUnitUserPermissions getRole(Object[] args, UserState userState) {
for (Object arg : args) {
if (arg instanceof Role) {
return (Role) arg;
if (arg instanceof BusinessUnitUserPermissions) {
return (BusinessUnitUserPermissions) arg;
} else if (arg instanceof AddNoteDto addNoteDto) {
return getRequiredRole(userState, addNoteDto.getBusinessUnitId());
} else if (arg instanceof NoteDto noteDto) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,21 @@

import lombok.Getter;
import uk.gov.hmcts.opal.authorisation.model.Permissions;
import uk.gov.hmcts.opal.authorisation.model.Role;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions;

@Getter
public class PermissionNotAllowedException extends RuntimeException {

private final Permissions permission;
private final Role role;
private final BusinessUnitUserPermissions role;

public PermissionNotAllowedException(Permissions value) {
super(value + " permission is not allowed for the user");
this.permission = value;
this.role = null;
}

public PermissionNotAllowedException(Permissions permission, Role role) {
public PermissionNotAllowedException(Permissions permission, BusinessUnitUserPermissions role) {
super(permission + " permission is not allowed for the role " + role);
this.permission = permission;
this.role = role;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

@Builder
@Data
public class Role {
public class BusinessUnitUserPermissions {

@NonNull
String businessUserId;
Expand All @@ -25,9 +25,9 @@ public class Role {
Set<Permission> permissions;

@JsonCreator
public Role(@JsonProperty("business_user_id") String businessUserId,
@JsonProperty("business_unit_id") Short businessUnitId,
@JsonProperty("permissions") Set<Permission> permissions) {
public BusinessUnitUserPermissions(@JsonProperty("business_user_id") String businessUserId,
@JsonProperty("business_unit_id") Short businessUnitId,
@JsonProperty("permissions") Set<Permission> permissions) {

this.businessUserId = businessUserId;
this.businessUnitId = businessUnitId;
Expand All @@ -46,7 +46,7 @@ public boolean matchesBusinessUnitId(Short roleBusinessUnitId) {
return businessUnitId.equals(roleBusinessUnitId);
}

public static class DeveloperRole extends Role {
public static class DeveloperRole extends BusinessUnitUserPermissions {
DeveloperRole() {
super("", Short.MAX_VALUE, Collections.emptySet());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.NonNull;
import uk.gov.hmcts.opal.authorisation.model.Role.DeveloperRole;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions.DeveloperRole;

import java.util.Collections;
import java.util.Optional;
Expand All @@ -24,13 +24,13 @@ public class UserState {
String userName;

@EqualsAndHashCode.Exclude
Set<Role> roles;
Set<BusinessUnitUserPermissions> roles;

@JsonCreator
public UserState(
@JsonProperty("user_id") Long userId,
@JsonProperty("user_name") String userName,
@JsonProperty("roles") Set<Role> roles
@JsonProperty("roles") Set<BusinessUnitUserPermissions> roles
) {
this.userId = userId;
this.userName = userName;
Expand Down Expand Up @@ -58,7 +58,7 @@ public boolean hasRoleWithPermission(short roleBusinessUnitId, Permissions permi
.anyMatch(r -> r.hasPermission(permission));
}

public Optional<Role> getRoleForBusinessUnit(Short businessUnitId) {
public Optional<BusinessUnitUserPermissions> getRoleForBusinessUnit(Short businessUnitId) {
return roles.stream()
.filter(r -> r.matchesBusinessUnitId(businessUnitId))
.findFirst();
Expand All @@ -69,10 +69,10 @@ public static interface UserRoles {
}

public static class UserRolesImpl implements UserRoles {
private final Set<Role> roles;
private final Set<BusinessUnitUserPermissions> roles;
private final Set<Short> businessUnits;

public UserRolesImpl(Set<Role> roles) {
public UserRolesImpl(Set<BusinessUnitUserPermissions> roles) {
this.roles = roles;
businessUnits = roles.stream().map(r -> r.getBusinessUnitId()).collect(Collectors.toSet());
}
Expand All @@ -83,7 +83,7 @@ public boolean containsBusinessUnit(Short businessUnitId) {
}

public static class DeveloperUserState extends UserState {
private static final Optional<Role> DEV_ROLE = Optional.of(new DeveloperRole());
private static final Optional<BusinessUnitUserPermissions> DEV_ROLE = Optional.of(new DeveloperRole());

public DeveloperUserState() {
super(0L, "Developer_User", Collections.emptySet());
Expand All @@ -95,7 +95,7 @@ public boolean anyRoleHasPermission(Permissions permission) {
}

@Override
public Optional<Role> getRoleForBusinessUnit(Short businessUnitId) {
public Optional<BusinessUnitUserPermissions> getRoleForBusinessUnit(Short businessUnitId) {
return DEV_ROLE;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import uk.gov.hmcts.opal.authorisation.model.Role;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions;
import uk.gov.hmcts.opal.authorisation.model.UserState;
import uk.gov.hmcts.opal.dto.AccountDetailsDto;
import uk.gov.hmcts.opal.dto.AccountEnquiryDto;
Expand Down Expand Up @@ -117,7 +117,7 @@ public ResponseEntity<NoteDto> addNote(
log.info(":POST:addNote: {}", addNote.toPrettyJson());

UserState userState = userStateService.getUserStateUsingAuthToken(authHeaderValue);
Role role = getRequiredRole(userState, addNote.getBusinessUnitId());
BusinessUnitUserPermissions role = getRequiredRole(userState, addNote.getBusinessUnitId());

NoteDto noteDto = NoteDto.builder()
.associatedRecordId(addNote.getAssociatedRecordId())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import uk.gov.hmcts.opal.authorisation.model.Role;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions;
import uk.gov.hmcts.opal.authorisation.model.UserState;
import uk.gov.hmcts.opal.dto.NoteDto;
import uk.gov.hmcts.opal.dto.search.NoteSearchDto;
Expand Down Expand Up @@ -51,7 +51,7 @@ public ResponseEntity<NoteDto> createNote(
log.info(":POST:createNote: {}", noteDto.toPrettyJson());

UserState userState = userStateService.getUserStateUsingAuthToken(authHeaderValue);
Role role = getRequiredRole(userState, noteDto.getBusinessUnitId());
BusinessUnitUserPermissions role = getRequiredRole(userState, noteDto.getBusinessUnitId());

noteDto.setPostedBy(role.getBusinessUserId());
noteDto.setPostedByUserId(userState.getUserId());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.stereotype.Service;
import uk.gov.hmcts.opal.authorisation.model.Role;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions;
import uk.gov.hmcts.opal.dto.search.BusinessUnitUserSearchDto;
import uk.gov.hmcts.opal.entity.BusinessUnitUserEntity;
import uk.gov.hmcts.opal.repository.BusinessUnitUserRepository;
Expand Down Expand Up @@ -46,10 +46,10 @@ public List<BusinessUnitUserEntity> searchBusinessUnitUsers(BusinessUnitUserSear
/**
* Return a Set of Authorisation Roles mapped from BusinessUnitUsers keyed on the user id from the Users table.
*/
public Set<Role> getAuthorisationRolesByUserId(Long userId) {
public Set<BusinessUnitUserPermissions> getAuthorisationRolesByUserId(Long userId) {
List<BusinessUnitUserEntity> buuList = businessUnitUserRepository.findAllByUser_UserId(userId);

return buuList.stream().map(buu -> Role.builder()
return buuList.stream().map(buu -> BusinessUnitUserPermissions.builder()
.businessUserId(buu.getBusinessUnitUserId())
.businessUnitId(buu.getBusinessUnit().getBusinessUnitId())
.permissions(userEntitlementService.getPermissionsByBusinessUnitUserId(buu.getBusinessUnitUserId()))
Expand All @@ -62,10 +62,10 @@ public Set<Role> getAuthorisationRolesByUserId(Long userId) {
* This method is assuming that there are no Permissions for the Roles and so skips performing the additional
* repository queries that <i>do</i> get performed in the method above.
*/
public Set<Role> getLimitedRolesByUserId(Long userId) {
public Set<BusinessUnitUserPermissions> getLimitedRolesByUserId(Long userId) {
List<BusinessUnitUserEntity> buuList = businessUnitUserRepository.findAllByUser_UserId(userId);

return buuList.stream().map(buu -> Role.builder()
return buuList.stream().map(buu -> BusinessUnitUserPermissions.builder()
.businessUserId(buu.getBusinessUnitUserId())
.businessUnitId(buu.getBusinessUnit().getBusinessUnitId())
.permissions(Collections.emptySet()) // We are assuming that Permissions exist for this Role.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
import org.springframework.stereotype.Service;
import uk.gov.hmcts.opal.authentication.exception.AuthenticationException;
import uk.gov.hmcts.opal.authorisation.model.Permission;
import uk.gov.hmcts.opal.authorisation.model.Role;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions;
import uk.gov.hmcts.opal.authorisation.model.UserState;
import uk.gov.hmcts.opal.dto.search.UserEntitlementSearchDto;
import uk.gov.hmcts.opal.entity.BusinessUnitUserEntity;
Expand Down Expand Up @@ -82,7 +82,7 @@ public Optional<UserState> getUserStateByUsername(String username) {
return users.stream().findFirst().map(u -> UserState.builder()
.userId(u.getUserId())
.userName(u.getUsername())
.roles(businessUnitUsers.stream().map(buu -> Role.builder()
.roles(businessUnitUsers.stream().map(buu -> BusinessUnitUserPermissions.builder()
.businessUserId(buu.getBusinessUnitUserId())
.businessUnitId(buu.getBusinessUnit().getBusinessUnitId())
.permissions(toPermissions(entitlementsMap.get(buu.getBusinessUnitUserId())))
Expand Down
6 changes: 3 additions & 3 deletions src/main/java/uk/gov/hmcts/opal/util/PermissionUtil.java
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

import org.springframework.security.access.AccessDeniedException;
import uk.gov.hmcts.opal.authorisation.model.Permissions;
import uk.gov.hmcts.opal.authorisation.model.Role;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions;
import uk.gov.hmcts.opal.authorisation.model.UserState;
import uk.gov.hmcts.opal.entity.BusinessUnitRef;
import uk.gov.hmcts.opal.service.opal.UserStateService;
Expand All @@ -12,12 +12,12 @@

public class PermissionUtil {

public static Role getRequiredRole(UserState userState, Short businessUnitId) {
public static BusinessUnitUserPermissions getRequiredRole(UserState userState, Short businessUnitId) {
return userState.getRoleForBusinessUnit(businessUnitId).orElseThrow(() -> new
AccessDeniedException("User does not have an assigned role in business unit: " + businessUnitId));
}

public static boolean checkRoleHasPermission(Role role, Permissions permission) {
public static boolean checkRoleHasPermission(BusinessUnitUserPermissions role, Permissions permission) {
if (role.doesNotHavePermission(permission)) {
throw new AccessDeniedException("User does not have the required permission: " + permission.description);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
import uk.gov.hmcts.opal.authentication.exception.MissingRequestHeaderException;
import uk.gov.hmcts.opal.authorisation.model.LogActions;
import uk.gov.hmcts.opal.authorisation.model.Permission;
import uk.gov.hmcts.opal.authorisation.model.Role;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions;
import uk.gov.hmcts.opal.authorisation.model.UserState;
import uk.gov.hmcts.opal.dto.AddLogAuditDetailDto;
import uk.gov.hmcts.opal.service.opal.LogAuditDetailService;
Expand All @@ -32,7 +32,7 @@ class LogAuditDetailsAspectTest {
private static final UserState USER_STATE = UserState.builder()
.userName("name")
.userId(123L)
.roles(Set.of(Role.builder()
.roles(Set.of(BusinessUnitUserPermissions.builder()
.businessUnitId((short) 123)
.businessUserId("BU123")
.permissions(Set.of(
Expand Down Expand Up @@ -162,4 +162,3 @@ void writeAuditLog_shouldHandleGeneralExceptionGracefully() {
}
}
}

Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
import uk.gov.hmcts.opal.authentication.exception.MissingRequestHeaderException;
import uk.gov.hmcts.opal.authorisation.aspect.AuthorizationAspectService;
import uk.gov.hmcts.opal.authorisation.model.Permission;
import uk.gov.hmcts.opal.authorisation.model.Role;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions;
import uk.gov.hmcts.opal.authorisation.model.UserState;
import uk.gov.hmcts.opal.service.opal.UserStateService;

Expand Down Expand Up @@ -47,7 +47,7 @@ class UserStateAspectServiceTest {
private static final UserState USER_STATE = UserState.builder()
.userName("name")
.userId(123L)
.roles(Set.of(Role.builder()
.roles(Set.of(BusinessUnitUserPermissions.builder()
.businessUnitId((short) 123)
.businessUserId("BU123")
.permissions(Set.of(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
import org.springframework.web.context.request.ServletRequestAttributes;
import uk.gov.hmcts.opal.authentication.aspect.AccessTokenParam;
import uk.gov.hmcts.opal.authorisation.model.Permission;
import uk.gov.hmcts.opal.authorisation.model.Role;
import uk.gov.hmcts.opal.authorisation.model.BusinessUnitUserPermissions;
import uk.gov.hmcts.opal.authorisation.model.UserState;
import uk.gov.hmcts.opal.dto.AddNoteDto;

Expand All @@ -33,7 +33,7 @@
@ExtendWith(MockitoExtension.class)
class AuthorizationAspectServiceTest {

static final Role ROLE = Role.builder()
static final BusinessUnitUserPermissions ROLE = BusinessUnitUserPermissions.builder()
.businessUnitId((short) 12)
.businessUserId("BU123")
.permissions(Set.of(
Expand Down Expand Up @@ -171,17 +171,17 @@ void getRole_WhenAddNoteDtoArgument() {
AddNoteDto addNoteDto = AddNoteDto.builder().businessUnitId((short) 12).build();
Object[] args = {addNoteDto};

Role actualRole = authorizationAspectService.getRole(args, USER_STATE);
BusinessUnitUserPermissions actualRole = authorizationAspectService.getRole(args, USER_STATE);

assertEquals(ROLE, actualRole);
}

@Test
void getRole_WhenRoleArgument() {
Role expectedRole = ROLE;
BusinessUnitUserPermissions expectedRole = ROLE;
Object[] args = {expectedRole};

Role actualRole = authorizationAspectService.getRole(args, USER_STATE);
BusinessUnitUserPermissions actualRole = authorizationAspectService.getRole(args, USER_STATE);

assertEquals(expectedRole, actualRole);
}
Expand Down
Loading

0 comments on commit 2f68e5c

Please sign in to comment.