implements HsOfficePartnerController.deletePartnerByUuid

This commit is contained in:
Michael Hoennig 2022-09-14 13:47:25 +02:00
parent 7d8d6bb495
commit 68c3375a08
3 changed files with 96 additions and 6 deletions

View File

@ -98,8 +98,18 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
@Override @Override
@Transactional @Transactional
public ResponseEntity<Void> deletePartnerByUuid(final String currentUser, final String assumedRoles, final UUID userUuid) { public ResponseEntity<Void> deletePartnerByUuid(
return null; final String currentUser,
final String assumedRoles,
final UUID partnerUuid) {
context.define(currentUser, assumedRoles);
final var result = partnerRepo.deleteByUuid(partnerUuid);
if (result == 0) {
return ResponseEntity.notFound().build();
}
return ResponseEntity.noContent().build();
} }
@Override @Override

View File

@ -12,6 +12,7 @@ get:
schema: schema:
type: string type: string
format: uuid format: uuid
description: UUID of the partner to fetch.
responses: responses:
"200": "200":
description: OK description: OK
@ -55,21 +56,21 @@ patch:
"403": "403":
$ref: './error-responses.yaml#/components/responses/Forbidden' $ref: './error-responses.yaml#/components/responses/Forbidden'
delete: delete:
tags: tags:
- hs-office-partners - hs-office-partners
description: 'Delete a single business partner by its uuid, if permitted for the current subject.'
operationId: deletePartnerByUuid operationId: deletePartnerByUuid
parameters: parameters:
- $ref: './auth.yaml#/components/parameters/currentUser' - $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles' - $ref: './auth.yaml#/components/parameters/assumedRoles'
- name: userUuid - name: partnerUUID
in: path in: path
required: true required: true
schema: schema:
type: string type: string
format: uuid format: uuid
description: UUID of the user to delete. description: UUID of the partner to delete.
responses: responses:
"204": "204":
description: No Content description: No Content

View File

@ -24,6 +24,7 @@ import java.util.UUID;
import static net.hostsharing.test.IsValidUuidMatcher.isUuidValid; import static net.hostsharing.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.test.JsonMatcher.lenientlyEquals; import static net.hostsharing.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assumptions.assumeThat;
import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.startsWith; import static org.hamcrest.Matchers.startsWith;
@ -267,11 +268,89 @@ class HsOfficePartnerControllerAcceptanceTest {
} }
} }
@Nested
@Accepts({ "Partner:D(Delete)" })
class DeletePartner {
@Test
void globalAdmin_withoutAssumedRole_canDeleteArbitraryPartner() {
context.define("superuser-alex@hostsharing.net");
final var givenPartner = givenSomeTemporaryPartnerBessler();
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/partners/" + toCleanup(givenPartner.getUuid()))
.then().log().body().assertThat()
.statusCode(204); // @formatter:on
// then the given partner is gone
assertThat(partnerRepo.findByUuid(givenPartner.getUuid())).isEmpty();
}
@Test
@Accepts({ "Partner:X(Access Control)" })
void contactAdminUser_canNotDeleteRelatedPartner() {
context.define("superuser-alex@hostsharing.net");
final var givenPartner = givenSomeTemporaryPartnerBessler();
assumeThat(givenPartner.getContact().getLabel()).isEqualTo("forth contact");
RestAssured // @formatter:off
.given()
.header("current-user", "customer-admin@forthcontact.example.com")
.port(port)
.when()
.delete("http://localhost/api/hs/office/partners/" + toCleanup(givenPartner.getUuid()))
.then().log().body().assertThat()
.statusCode(403); // @formatter:on
// then the given partner is still there
assertThat(partnerRepo.findByUuid(givenPartner.getUuid())).isNotEmpty();
}
@Test
@Accepts({ "Partner:X(Access Control)" })
void normalUser_canNotDeleteUnrelatedPartner() {
context.define("superuser-alex@hostsharing.net");
final var givenPartner = givenSomeTemporaryPartnerBessler();
assumeThat(givenPartner.getContact().getLabel()).isEqualTo("forth contact");
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/partners/" + toCleanup(givenPartner.getUuid()))
.then().log().body().assertThat()
.statusCode(404); // @formatter:on
// then the given partner is still there
assertThat(partnerRepo.findByUuid(givenPartner.getUuid())).isNotEmpty();
}
}
private UUID toCleanup(final UUID tempPartnerUuid) { private UUID toCleanup(final UUID tempPartnerUuid) {
tempPartnerUuids.add(tempPartnerUuid); tempPartnerUuids.add(tempPartnerUuid);
return tempPartnerUuid; return tempPartnerUuid;
} }
private HsOfficePartnerEntity givenSomeTemporaryPartnerBessler() {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
final var givenPerson = personRepo.findPersonByOptionalNameLike("Erben Bessler").get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike("forth contact").get(0);
final var newPartner = HsOfficePartnerEntity.builder()
.uuid(UUID.randomUUID())
.person(givenPerson)
.contact(givenContact)
.build();
return partnerRepo.save(newPartner);
}).assertSuccessful().returnedValue();
}
@AfterEach @AfterEach
void cleanup() { void cleanup() {
tempPartnerUuids.forEach(uuid -> { tempPartnerUuids.forEach(uuid -> {
@ -279,7 +358,7 @@ class HsOfficePartnerControllerAcceptanceTest {
context.define("superuser-alex@hostsharing.net", null); context.define("superuser-alex@hostsharing.net", null);
System.out.println("DELETING temporary partner: " + uuid); System.out.println("DELETING temporary partner: " + uuid);
final var count = partnerRepo.deleteByUuid(uuid); final var count = partnerRepo.deleteByUuid(uuid);
assertThat(count).isGreaterThan(0); System.out.println("DELETED temporary partner: " + uuid + (count > 0 ? " successful" : " failed"));
}); });
}); });
} }