Merge branch 'main' into BC-8193-start-bbb

hpi-schul-cloud · Dec 16, 2024 · 1c69034 · 1c69034
2 parents b177a9c + c8be3a7
commit 1c69034
Show file tree

Hide file tree

Showing 44 changed files with 812 additions and 199 deletions.
diff --git a/apps/server/src/infra/schulconnex-client/schulconnex-client-config.ts b/apps/server/src/infra/schulconnex-client/schulconnex-client-config.ts
@@ -1,4 +1,5 @@
 export interface SchulconnexClientConfig {
+	SCHULCONNEX_CLIENT__PERSON_INFO_TIMEOUT_IN_MS: number;
 	SCHULCONNEX_CLIENT__PERSONEN_INFO_TIMEOUT_IN_MS: number;
 	SCHULCONNEX_CLIENT__POLICIES_INFO_TIMEOUT_IN_MS: number;
 	SCHULCONNEX_CLIENT__API_URL?: string;

diff --git a/apps/server/src/infra/schulconnex-client/schulconnex-client.module.ts b/apps/server/src/infra/schulconnex-client/schulconnex-client.module.ts
@@ -8,7 +8,7 @@ import { SchulconnexRestClientOptions } from './schulconnex-rest-client-options'
 
 @Module({})
 export class SchulconnexClientModule {
-	static registerAsync(): DynamicModule {
+	public static registerAsync(): DynamicModule {
 		return {
 			imports: [HttpModule, LoggerModule],
 			module: SchulconnexClientModule,
@@ -27,6 +27,7 @@ export class SchulconnexClientModule {
 							tokenEndpoint: configService.get<string>('SCHULCONNEX_CLIENT__TOKEN_ENDPOINT'),
 							clientId: configService.get<string>('SCHULCONNEX_CLIENT__CLIENT_ID'),
 							clientSecret: configService.get<string>('SCHULCONNEX_CLIENT__CLIENT_SECRET'),
+							personInfoTimeoutInMs: configService.get<number>('SCHULCONNEX_CLIENT__PERSON_INFO_TIMEOUT_IN_MS'),
 							personenInfoTimeoutInMs: configService.get<number>('SCHULCONNEX_CLIENT__PERSONEN_INFO_TIMEOUT_IN_MS'),
 							policiesInfoTimeoutInMs: configService.get<number>('SCHULCONNEX_CLIENT__POLICIES_INFO_TIMEOUT_IN_MS'),
 						};

diff --git a/apps/server/src/infra/schulconnex-client/schulconnex-rest-client-options.ts b/apps/server/src/infra/schulconnex-client/schulconnex-rest-client-options.ts
@@ -7,6 +7,8 @@ export interface SchulconnexRestClientOptions {
 
 	clientSecret?: string;
 
+	personInfoTimeoutInMs?: number;
+
 	personenInfoTimeoutInMs?: number;
 
 	policiesInfoTimeoutInMs?: number;

diff --git a/apps/server/src/infra/schulconnex-client/schulconnex-rest-client.spec.ts b/apps/server/src/infra/schulconnex-client/schulconnex-rest-client.spec.ts
@@ -25,8 +25,9 @@ describe(SchulconnexRestClient.name, () => {
 		clientId: 'clientId',
 		clientSecret: 'clientSecret',
 		tokenEndpoint: 'https://schulconnex.url/token',
-		personenInfoTimeoutInMs: 30000,
-		policiesInfoTimeoutInMs: 30000,
+		personInfoTimeoutInMs: 30001,
+		personenInfoTimeoutInMs: 30002,
+		policiesInfoTimeoutInMs: 30003,
 	};
 
 	beforeAll(() => {
@@ -100,6 +101,7 @@ describe(SchulconnexRestClient.name, () => {
 						Authorization: `Bearer ${accessToken}`,
 						'Accept-Encoding': 'gzip',
 					},
+					timeout: options.personInfoTimeoutInMs,
 				});
 			});
 

diff --git a/apps/server/src/infra/schulconnex-client/schulconnex-rest-client.ts b/apps/server/src/infra/schulconnex-client/schulconnex-rest-client.ts
@@ -30,10 +30,14 @@ export class SchulconnexRestClient implements SchulconnexApiInterface {
 		this.SCHULCONNEX_API_BASE_URL = options.apiUrl || '';
 	}
 
-	public async getPersonInfo(accessToken: string, options?: { overrideUrl: string }): Promise<SchulconnexResponse> {
+	public getPersonInfo(accessToken: string, options?: { overrideUrl: string }): Promise<SchulconnexResponse> {
 		const url: URL = new URL(options?.overrideUrl ?? `${this.SCHULCONNEX_API_BASE_URL}/person-info`);
 
-		const response: Promise<SchulconnexResponse> = this.getRequest<SchulconnexResponse>(url, accessToken);
+		const response: Promise<SchulconnexResponse> = this.getRequest<SchulconnexResponse>(
+			url,
+			accessToken,
+			this.options.personInfoTimeoutInMs
+		);
 
 		return response;
 	}

diff --git a/apps/server/src/migrations/mikro-orm/Migration20241113100535.ts b/apps/server/src/migrations/mikro-orm/Migration20241113100535.ts
@@ -46,7 +46,7 @@ export class Migration20241113100535 extends Migration {
 		);
 
 		if (teacherRoleUpdate.modifiedCount > 0) {
-			console.info('Rollback: Permission ROOM_CREATE added to role teacher.');
+			console.info('Rollback: Permission ROOM_CREATE removed from role teacher.');
 		}
 
 		const roomEditorRoleUpdate = await this.getCollection('roles').updateOne(
@@ -61,7 +61,7 @@ export class Migration20241113100535 extends Migration {
 		);
 
 		if (roomEditorRoleUpdate.modifiedCount > 0) {
-			console.info('Rollback: Permission ROOM_DELETE added to role roomeditor.');
+			console.info('Rollback: Permission ROOM_DELETE removed from role roomeditor.');
 		}
 	}
 }
diff --git a/apps/server/src/migrations/mikro-orm/Migration20241209165812.ts b/apps/server/src/migrations/mikro-orm/Migration20241209165812.ts
@@ -0,0 +1,40 @@
+import { Migration } from '@mikro-orm/migrations-mongodb';
+
+export class Migration20241209165812 extends Migration {
+	async up(): Promise<void> {
+		// Add ROOM_OWNER role
+		await this.getCollection('roles').insertOne({
+			name: 'roomowner',
+			permissions: [
+				'ROOM_VIEW',
+				'ROOM_EDIT',
+				'ROOM_DELETE',
+				'ROOM_MEMBERS_ADD',
+				'ROOM_MEMBERS_REMOVE',
+				'ROOM_CHANGE_OWNER',
+			],
+		});
+		console.info(
+			'Added ROOM_OWNER role with ROOM_VIEW, -_EDIT, _DELETE, -_MEMBERS_ADD, -_MEMBERS_REMOVE AND -_CHANGE_OWNER permission'
+		);
+
+		// Add ROOM_ADMIN role
+		await this.getCollection('roles').insertOne({
+			name: 'roomadmin',
+			permissions: ['ROOM_VIEW', 'ROOM_EDIT', 'ROOM_MEMBERS_ADD', 'ROOM_MEMBERS_REMOVE'],
+		});
+		console.info(
+			'Added ROOM_ADMIN role with ROOM_VIEW, ROOM_EDIT, ROOM_MEMBERS_ADD AND ROOM_MEMBERS_REMOVE permissions'
+		);
+	}
+
+	async down(): Promise<void> {
+		// Remove ROOM_OWNER role
+		await this.getCollection('roles').deleteOne({ name: 'roomowner' });
+		console.info('Rollback: Removed ROOM_OWNER role');
+
+		// Remove ROOM_ADMIN role
+		await this.getCollection('roles').deleteOne({ name: 'roomadmin' });
+		console.info('Rollback: Removed ROOM_ADMIN role');
+	}
+}
diff --git a/apps/server/src/migrations/mikro-orm/Migration20241210152600.ts b/apps/server/src/migrations/mikro-orm/Migration20241210152600.ts
@@ -0,0 +1,35 @@
+import { Migration } from '@mikro-orm/migrations-mongodb';
+
+export class Migration20241210152600 extends Migration {
+	async up(): Promise<void> {
+		const roomEditorRoleUpdate = await this.getCollection('roles').updateOne(
+			{ name: 'roomeditor' },
+			{
+				$set: {
+					permissions: ['ROOM_VIEW', 'ROOM_EDIT'],
+				},
+			}
+		);
+
+		if (roomEditorRoleUpdate.modifiedCount > 0) {
+			console.info('Permission ROOM_DELETE removed from role roomeditor.');
+		}
+	}
+
+	async down(): Promise<void> {
+		const roomEditorRoleUpdate = await this.getCollection('roles').updateOne(
+			{ name: 'roomeditor' },
+			{
+				$set: {
+					permissions: ['ROOM_VIEW', 'ROOM_EDIT', 'ROOM_DELETE'],
+				},
+			}
+		);
+
+		if (roomEditorRoleUpdate.modifiedCount > 0) {
+			console.info(
+				'Rollback: Permissions ROOM_DELETE added to and ROOM_MEMBERS_ADD and ROOM_MEMBERS_REMOVE removed from role roomeditor.'
+			);
+		}
+	}
+}
diff --git a/apps/server/src/migrations/mikro-orm/Migration20241213145222.ts b/apps/server/src/migrations/mikro-orm/Migration20241213145222.ts
@@ -0,0 +1,11 @@
+import { Migration } from '@mikro-orm/migrations-mongodb';
+
+export class Migration20241213145222 extends Migration {
+	public async up(): Promise<void> {
+		await this.getCollection('files').createIndex({ 'securityCheck.requestToken': 1 });
+	}
+
+	public async down(): Promise<void> {
+		// no need
+	}
+}
diff --git a/apps/server/src/modules/idp-console/idp-console.config.ts b/apps/server/src/modules/idp-console/idp-console.config.ts
@@ -1,12 +1,12 @@
+import { Configuration } from '@hpi-schul-cloud/commons';
 import { ConsoleWriterConfig } from '@infra/console';
-import { LoggerConfig } from '@src/core/logger';
+import { RabbitMqConfig } from '@infra/rabbitmq';
+import { SchulconnexClientConfig } from '@infra/schulconnex-client';
 import { AccountConfig } from '@modules/account';
-import { UserConfig } from '@modules/user';
 import { SynchronizationConfig } from '@modules/synchronization';
-import { SchulconnexClientConfig } from '@infra/schulconnex-client';
-import { Configuration } from '@hpi-schul-cloud/commons';
+import { UserConfig } from '@modules/user';
 import { LanguageType } from '@shared/domain/interface';
-import { RabbitMqConfig } from '@infra/rabbitmq';
+import { LoggerConfig } from '@src/core/logger';
 
 export interface IdpConsoleConfig
 	extends ConsoleWriterConfig,
@@ -33,6 +33,9 @@ const config: IdpConsoleConfig = {
 	TEACHER_VISIBILITY_FOR_EXTERNAL_TEAM_INVITATION: Configuration.get(
 		'TEACHER_VISIBILITY_FOR_EXTERNAL_TEAM_INVITATION'
 	) as string,
+	SCHULCONNEX_CLIENT__PERSON_INFO_TIMEOUT_IN_MS: Configuration.get(
+		'SCHULCONNEX_CLIENT__PERSON_INFO_TIMEOUT_IN_MS'
+	) as number,
 	SCHULCONNEX_CLIENT__PERSONEN_INFO_TIMEOUT_IN_MS: Configuration.get(
 		'SCHULCONNEX_CLIENT__PERSONEN_INFO_TIMEOUT_IN_MS'
 	) as number,

diff --git a/apps/server/src/modules/provisioning/loggable/group-provisioning-info.loggable.spec.ts b/apps/server/src/modules/provisioning/loggable/group-provisioning-info.loggable.spec.ts
@@ -0,0 +1,38 @@
+import { externalGroupDtoFactory, externalGroupUserDtoFactory } from '../testing';
+import { GroupProvisioningInfoLoggable } from './group-provisioning-info.loggable';
+
+describe(GroupProvisioningInfoLoggable.name, () => {
+	describe('getLogMessage', () => {
+		const setup = () => {
+			const groupCount = 2;
+			const otherUserCount = 5;
+			const totalUserCount = groupCount * otherUserCount + groupCount;
+			const externalGroups = externalGroupDtoFactory.buildList(groupCount, {
+				otherUsers: externalGroupUserDtoFactory.buildList(otherUserCount),
+			});
+
+			const loggable = new GroupProvisioningInfoLoggable(externalGroups, 100);
+
+			return {
+				loggable,
+				totalUserCount,
+				groupCount,
+			};
+		};
+
+		it('should return a loggable message', () => {
+			const { loggable, totalUserCount, groupCount } = setup();
+
+			const message = loggable.getLogMessage();
+
+			expect(message).toEqual({
+				message: 'Group provisioning has finished.',
+				data: {
+					groupCount,
+					userCount: totalUserCount,
+					durationMs: 100,
+				},
+			});
+		});
+	});
+});
diff --git a/apps/server/src/modules/provisioning/loggable/group-provisioning-info.loggable.ts b/apps/server/src/modules/provisioning/loggable/group-provisioning-info.loggable.ts
@@ -0,0 +1,22 @@
+import { ErrorLogMessage, Loggable, LogMessage, ValidationErrorLogMessage } from '@src/core/logger';
+import { ExternalGroupDto } from '../dto';
+
+export class GroupProvisioningInfoLoggable implements Loggable {
+	constructor(private readonly groups: ExternalGroupDto[], private readonly durationMs: number) {}
+
+	public getLogMessage(): LogMessage | ErrorLogMessage | ValidationErrorLogMessage {
+		const userCount = this.groups.reduce(
+			(count: number, group: ExternalGroupDto) => count + (group.otherUsers?.length ?? 0),
+			this.groups.length
+		);
+
+		return {
+			message: 'Group provisioning has finished.',
+			data: {
+				groupCount: this.groups.length,
+				userCount,
+				durationMs: this.durationMs,
+			},
+		};
+	}
+}
diff --git a/apps/server/src/modules/provisioning/loggable/index.ts b/apps/server/src/modules/provisioning/loggable/index.ts
@@ -8,3 +8,4 @@ export { FetchingPoliciesInfoFailedLoggable } from './fetching-policies-info-fai
 export { PoliciesInfoErrorResponseLoggable } from './policies-info-error-response-loggable';
 export { UserRoleUnknownLoggableException } from './user-role-unknown.loggable-exception';
 export { SchoolMissingLoggableException } from './school-missing.loggable-exception';
+export { GroupProvisioningInfoLoggable } from './group-provisioning-info.loggable';
diff --git a/apps/server/src/modules/provisioning/provisioning.config.ts b/apps/server/src/modules/provisioning/provisioning.config.ts
@@ -2,6 +2,7 @@ export interface ProvisioningConfig {
 	FEATURE_SCHULCONNEX_COURSE_SYNC_ENABLED: boolean;
 	FEATURE_SCHULCONNEX_MEDIA_LICENSE_ENABLED: boolean;
 	PROVISIONING_SCHULCONNEX_POLICIES_INFO_URL: string;
+	PROVISIONING_SCHULCONNEX_GROUP_USERS_LIMIT?: number;
 	FEATURE_SANIS_GROUP_PROVISIONING_ENABLED: boolean;
 	FEATURE_OTHER_GROUPUSERS_PROVISIONING_ENABLED: boolean;
 }
diff --git a/apps/server/src/modules/provisioning/strategy/schulconnex/sanis.strategy.ts b/apps/server/src/modules/provisioning/strategy/schulconnex/sanis.strategy.ts
@@ -46,9 +46,9 @@ export class SanisProvisioningStrategy extends SchulconnexProvisioningStrategy {
 		protected readonly schulconnexLicenseProvisioningService: SchulconnexLicenseProvisioningService,
 		protected readonly schulconnexToolProvisioningService: SchulconnexToolProvisioningService,
 		protected readonly configService: ConfigService<ProvisioningConfig, true>,
+		protected readonly logger: Logger,
 		private readonly responseMapper: SchulconnexResponseMapper,
-		private readonly schulconnexRestClient: SchulconnexRestClient,
-		private readonly logger: Logger
+		private readonly schulconnexRestClient: SchulconnexRestClient
 	) {
 		super(
 			schulconnexSchoolProvisioningService,
@@ -58,7 +58,8 @@ export class SanisProvisioningStrategy extends SchulconnexProvisioningStrategy {
 			schulconnexLicenseProvisioningService,
 			schulconnexToolProvisioningService,
 			groupService,
-			configService
+			configService,
+			logger
 		);
 	}
 

diff --git a/.../server/src/modules/provisioning/strategy/schulconnex/schulconnex-response-mapper.spec.ts b/.../server/src/modules/provisioning/strategy/schulconnex/schulconnex-response-mapper.spec.ts
@@ -47,6 +47,11 @@ describe(SchulconnexResponseMapper.name, () => {
 		mapper = module.get(SchulconnexResponseMapper);
 	});
 
+	beforeEach(() => {
+		config.FEATURE_OTHER_GROUPUSERS_PROVISIONING_ENABLED = false;
+		config.PROVISIONING_SCHULCONNEX_GROUP_USERS_LIMIT = undefined;
+	});
+
 	describe('mapToExternalSchoolDto', () => {
 		describe('when a schulconnex response is provided', () => {
 			const setup = () => {
@@ -316,6 +321,8 @@ describe(SchulconnexResponseMapper.name, () => {
 
 		describe('when other participants have unknown roles', () => {
 			const setup = () => {
+				config.FEATURE_OTHER_GROUPUSERS_PROVISIONING_ENABLED = true;
+
 				const schulconnexResponse: SchulconnexResponse = schulconnexResponseFactory.build();
 				schulconnexResponse.personenkontexte[0].gruppen![0]!.sonstige_gruppenzugehoerige = [
 					{
@@ -514,6 +521,56 @@ describe(SchulconnexResponseMapper.name, () => {
 				);
 			});
 		});
+
+		describe('when there are too many users in groups', () => {
+			const setup = () => {
+				config.FEATURE_OTHER_GROUPUSERS_PROVISIONING_ENABLED = true;
+				config.PROVISIONING_SCHULCONNEX_GROUP_USERS_LIMIT = 1;
+
+				const schulconnexResponse: SchulconnexResponse = schulconnexResponseFactory.build();
+
+				return {
+					schulconnexResponse,
+				};
+			};
+
+			it('should not map other group users', () => {
+				const { schulconnexResponse } = setup();
+
+				const result: ExternalGroupDto[] | undefined = mapper.mapToExternalGroupDtos(schulconnexResponse);
+
+				expect(result).toEqual([
+					expect.objectContaining<Partial<ExternalGroupDto>>({
+						otherUsers: undefined,
+					}),
+				]);
+			});
+		});
+
+		describe('when there are not too many users in groups', () => {
+			const setup = () => {
+				config.FEATURE_OTHER_GROUPUSERS_PROVISIONING_ENABLED = true;
+				config.PROVISIONING_SCHULCONNEX_GROUP_USERS_LIMIT = 10;
+
+				const schulconnexResponse: SchulconnexResponse = schulconnexResponseFactory.build();
+
+				return {
+					schulconnexResponse,
+				};
+			};
+
+			it('should not map other group users', () => {
+				const { schulconnexResponse } = setup();
+
+				const result: ExternalGroupDto[] | undefined = mapper.mapToExternalGroupDtos(schulconnexResponse);
+
+				expect(result).not.toEqual([
+					expect.objectContaining({
+						otherUsers: undefined,
+					}),
+				]);
+			});
+		});
 	});
 
 	describe('mapLernperiode', () => {