diff --git a/src/main/java/biz/nynja/account/permissions/PermissionsValidator.java b/src/main/java/biz/nynja/account/permissions/PermissionsValidator.java index e24cd67af7ebfe79f743ced4565fc9c92a29cc00..4c6c40cf44053e9bd250d4eb04ffb17f7676385b 100644 --- a/src/main/java/biz/nynja/account/permissions/PermissionsValidator.java +++ b/src/main/java/biz/nynja/account/permissions/PermissionsValidator.java @@ -73,6 +73,19 @@ public class PermissionsValidator { return false; } + private static boolean isAdminRole(DecodedJWT decodedToken) { + String[] requestingRoles = null; + Claim claim = decodedToken.getClaim("roles"); + + if (claim != null) { + requestingRoles = claim.asArray(String.class); + if (requestingRoles != null) { + return isAdmin(requestingRoles); + } + } + return false; + } + private static boolean isAuthorized(String[] requestingRoles) { for (String role : requestingRoles) { switch (role) { @@ -83,11 +96,20 @@ public class PermissionsValidator { } return false; } + + private static boolean isAdmin(String[] requestingRoles) { + for (String role : requestingRoles) { + if (role.equals(RoleConstants.ACCOUNT_ADMIN)) { + return true; + } + } + return false; + } public boolean isAdminToken() { DecodedJWT decodedToken = retrieveDecodedToken(); if(decodedToken != null) { - return isAuthorizedRequestingRole(decodedToken); + return isAdminRole(decodedToken); } else return false; } diff --git a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java index 3b19c2fa031408f90e74e99772952d1768928922..ca0b799e34f3106786dcad7e3225bc5103a9fb5a 100644 --- a/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java +++ b/src/main/java/biz/nynja/account/repositories/AccountRepositoryAdditionalImpl.java @@ -232,7 +232,10 @@ public class AccountRepositoryAdditionalImpl implements AccountRepositoryAdditio Set existingRoles = existingAccount.getRoles().stream().map(Role::valueOf).collect(Collectors.toSet()); if (!permissionsValidator.isAdminToken()) { // No permission to update roles, load old ones - request = UpdateAccountRequest.newBuilder(request).clearRoles().addAllRoles(existingRoles).build(); + // No permission to update access status, load the old one + request = UpdateAccountRequest.newBuilder(request).clearRoles().addAllRoles(existingRoles) + .clearAccessStatus().setAccessStatus(AccessStatus.valueOf(existingAccount.getAccessStatus())) + .build(); } Long timeUpdated = Instant.now().toEpochMilli(); WriteResult wr = null; diff --git a/src/test/java/biz/nynja/account/services/AccountServiceTests.java b/src/test/java/biz/nynja/account/services/AccountServiceTests.java index 0c54f007819e50c59b92db23d4e7576ed87701b9..95148ec480408fb89d39cf168f5b6f7687b5b4de 100644 --- a/src/test/java/biz/nynja/account/services/AccountServiceTests.java +++ b/src/test/java/biz/nynja/account/services/AccountServiceTests.java @@ -37,6 +37,7 @@ import biz.nynja.account.accesspoints.AccessPointService; import biz.nynja.account.components.AccountServiceHelper; import biz.nynja.account.components.PreparedStatementsCache; import biz.nynja.account.configurations.CassandraTestsConfig; +import biz.nynja.account.grpc.AccessStatus; import biz.nynja.account.grpc.AccountByAccountIdRequest; import biz.nynja.account.grpc.AccountDetails; import biz.nynja.account.grpc.AccountResponse; @@ -416,7 +417,8 @@ public class AccountServiceTests extends GrpcServerTestBase { @Test public void testUpdateAccount() throws ExecutionException, InterruptedException { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder().setAccountId(Util.ACCOUNT_ID.toString()) - .setAccountMark(Util.UPDATED_ACCOUNT_MARK).setFirstName(Util.FIRST_NAME).build(); + .setAccountMark(Util.UPDATED_ACCOUNT_MARK).setFirstName(Util.FIRST_NAME) + .setAccessStatus(AccessStatus.ENABLED).build(); given(accountRepositoryAdditional.updateAccount(request)).willReturn(updatedAccount); final AccountResponse reply = accountServiceBlockingStub.updateAccount(request); @@ -428,7 +430,7 @@ public class AccountServiceTests extends GrpcServerTestBase { @Test public void testUpdateAccountMissingFirstName() { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder().setAccountId(Util.ACCOUNT_ID.toString()) - .setAccountMark(Util.UPDATED_ACCOUNT_MARK).build(); + .setAccountMark(Util.UPDATED_ACCOUNT_MARK).setAccessStatus(AccessStatus.ENABLED).build(); final AccountResponse reply = accountServiceBlockingStub.updateAccount(request); assertNotNull("Reply should not be null", reply); @@ -439,7 +441,7 @@ public class AccountServiceTests extends GrpcServerTestBase { @Test public void testUpdateAccountMissingAccountId() { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder().setFirstName(Util.FIRST_NAME) - .setAccountMark(Util.UPDATED_ACCOUNT_MARK).build(); + .setAccountMark(Util.UPDATED_ACCOUNT_MARK).setAccessStatus(AccessStatus.ENABLED).build(); final AccountResponse reply = accountServiceBlockingStub.updateAccount(request); assertNotNull("Reply should not be null", reply); @@ -451,7 +453,7 @@ public class AccountServiceTests extends GrpcServerTestBase { public void testUpdateAccountAccountIdNotFound() { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder() .setAccountId(Util.ACCOUNT_ID_NOT_FOUND.toString()).setFirstName(Util.FIRST_NAME) - .setAccountMark(Util.UPDATED_ACCOUNT_MARK).build(); + .setAccountMark(Util.UPDATED_ACCOUNT_MARK).setAccessStatus(AccessStatus.ENABLED).build(); given(accountRepositoryAdditional.updateAccount(request)).willReturn(null); final AccountResponse reply = accountServiceBlockingStub.updateAccount(request); @@ -464,7 +466,7 @@ public class AccountServiceTests extends GrpcServerTestBase { public void testUpdateAccountUsernameAlreadyUsed() { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder().setAccountId(Util.ACCOUNT_ID.toString()) .setAccountMark(Util.UPDATED_ACCOUNT_MARK).setFirstName(Util.FIRST_NAME).setUsername(Util.USERNAME) - .build(); + .setAccessStatus(AccessStatus.ENABLED).build(); given(accountRepositoryAdditional.foundExistingNotOwnUsername(UUID.fromString(request.getAccountId()), request.getUsername())).willReturn(true); @@ -1447,7 +1449,7 @@ public class AccountServiceTests extends GrpcServerTestBase { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder().setAccountId(Util.ACCOUNT_ID.toString()) .setFirstName(Util.FIRST_NAME).setBirthday(Date.newBuilder().setYear(Util.BIRTHDAY.getYear()) .setMonth(Util.BIRTHDAY.getMonthValue()).setDay(Util.BIRTHDAY.getDayOfMonth()).build()) - .build(); + .setAccessStatus(AccessStatus.ENABLED).build(); given(accountRepositoryAdditional.updateAccount(request)).willReturn(updatedAccount); final AccountResponse reply = accountServiceBlockingStub.updateAccount(request); @@ -1463,7 +1465,8 @@ public class AccountServiceTests extends GrpcServerTestBase { public void testUpdateAccountInvalidBirthdayDate() { final UpdateAccountRequest request = UpdateAccountRequest.newBuilder().setAccountId(Util.ACCOUNT_ID.toString()) .setFirstName(Util.FIRST_NAME) - .setBirthday(Date.newBuilder().setYear(1990).setMonth(9).setDay(32).build()).build(); + .setBirthday(Date.newBuilder().setYear(1990).setMonth(9).setDay(32).build()) + .setAccessStatus(AccessStatus.ENABLED).build(); final AccountResponse reply = accountServiceBlockingStub.updateAccount(request); diff --git a/src/test/java/biz/nynja/account/utils/Util.java b/src/test/java/biz/nynja/account/utils/Util.java index 7e0bf5becd5d6720bec7cd3ce111de1420f1361e..e71388983683d21a93f44dc9415a7280f7bfd4cb 100644 --- a/src/test/java/biz/nynja/account/utils/Util.java +++ b/src/test/java/biz/nynja/account/utils/Util.java @@ -230,6 +230,7 @@ public class Util { account.setLastName(LAST_NAME); account.setBirthday(BIRTHDAY); account.setAccountMark(UPDATED_ACCOUNT_MARK); + account.setAccessStatus(AccessStatus.ENABLED.toString()); return account; }