implements HsOfficeContactController

This commit is contained in:
Michael Hoennig 2022-09-20 14:17:12 +02:00
parent 44eb59c918
commit 863f0e2811
11 changed files with 705 additions and 16 deletions

View File

@ -95,11 +95,11 @@ public class Context {
.getSingleResult();
}
private static String getCallerMethodNameFromStack() {
public static String getCallerMethodNameFromStackFrame(final int skipFrames) {
final Optional<StackWalker.StackFrame> caller =
StackWalker.getInstance(StackWalker.Option.RETAIN_CLASS_REFERENCE)
.walk(frames -> frames
.skip(2)
.skip(skipFrames)
.filter(c -> c.getDeclaringClass() != Context.class)
.filter(c -> c.getDeclaringClass()
.getPackageName()
@ -115,7 +115,7 @@ public class Context {
if (isRequestScopeAvailable()) {
return request.getMethod() + " " + request.getRequestURI();
} else {
return getCallerMethodNameFromStack();
return getCallerMethodNameFromStackFrame(2);
}
}

View File

@ -0,0 +1,117 @@
package net.hostsharing.hsadminng.hs.office.contact;
import net.hostsharing.hsadminng.Mapper;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.api.HsOfficeContactsApi;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeContactInsertResource;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeContactPatchResource;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeContactResource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder;
import java.util.List;
import java.util.UUID;
import static net.hostsharing.hsadminng.Mapper.map;
@RestController
public class HsOfficeContactController implements HsOfficeContactsApi {
@Autowired
private Context context;
@Autowired
private HsOfficeContactRepository contactRepo;
@Override
@Transactional(readOnly = true)
public ResponseEntity<List<HsOfficeContactResource>> listContacts(
final String currentUser,
final String assumedRoles,
final String label) {
context.define(currentUser, assumedRoles);
final var entities = contactRepo.findContactByOptionalLabelLike(label);
final var resources = Mapper.mapList(entities, HsOfficeContactResource.class);
return ResponseEntity.ok(resources);
}
@Override
@Transactional
public ResponseEntity<HsOfficeContactResource> addContact(
final String currentUser,
final String assumedRoles,
final HsOfficeContactInsertResource body) {
context.define(currentUser, assumedRoles);
final var entityToSave = map(body, HsOfficeContactEntity.class);
entityToSave.setUuid(UUID.randomUUID());
final var saved = contactRepo.save(entityToSave);
final var uri =
MvcUriComponentsBuilder.fromController(getClass())
.path("/api/hs/office/contacts/{id}")
.buildAndExpand(entityToSave.getUuid())
.toUri();
final var mapped = map(saved, HsOfficeContactResource.class);
return ResponseEntity.created(uri).body(mapped);
}
@Override
@Transactional(readOnly = true)
public ResponseEntity<HsOfficeContactResource> getContactByUuid(
final String currentUser,
final String assumedRoles,
final UUID contactUuid) {
context.define(currentUser, assumedRoles);
final var result = contactRepo.findByUuid(contactUuid);
if (result.isEmpty()) {
return ResponseEntity.notFound().build();
}
return ResponseEntity.ok(map(result.get(), HsOfficeContactResource.class));
}
@Override
@Transactional
public ResponseEntity<Void> deleteContactByUuid(
final String currentUser,
final String assumedRoles,
final UUID contactUuid) {
context.define(currentUser, assumedRoles);
final var result = contactRepo.deleteByUuid(contactUuid);
if (result == 0) {
return ResponseEntity.notFound().build();
}
return ResponseEntity.noContent().build();
}
@Override
@Transactional
public ResponseEntity<HsOfficeContactResource> patchContact(
final String currentUser,
final String assumedRoles,
final UUID contactUuid,
final HsOfficeContactPatchResource body) {
context.define(currentUser, assumedRoles);
final var current = contactRepo.findByUuid(contactUuid).orElseThrow();
new HsOfficeContactEntityPatch(current).apply(body);
final var saved = contactRepo.save(current);
final var mapped = map(saved, HsOfficeContactResource.class);
return ResponseEntity.ok(mapped);
}
}

View File

@ -0,0 +1,20 @@
package net.hostsharing.hsadminng.hs.office.contact;
import net.hostsharing.hsadminng.OptionalFromJson;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeContactPatchResource;
class HsOfficeContactEntityPatch {
private final HsOfficeContactEntity entity;
HsOfficeContactEntityPatch(final HsOfficeContactEntity entity) {
this.entity = entity;
}
void apply(final HsOfficeContactPatchResource resource) {
OptionalFromJson.of(resource.getLabel()).ifPresent(entity::setLabel);
OptionalFromJson.of(resource.getPostalAddress()).ifPresent(entity::setPostalAddress);
OptionalFromJson.of(resource.getEmailAddresses()).ifPresent(entity::setEmailAddresses);
OptionalFromJson.of(resource.getPhoneNumbers()).ifPresent(entity::setPhoneNumbers);
}
}

View File

@ -14,3 +14,5 @@ map:
paths:
/api/hs/office/partners/{partnerUUID}:
null: org.openapitools.jackson.nullable.JsonNullable
/api/hs/office/contacts/{contactUUID}:
null: org.openapitools.jackson.nullable.JsonNullable

View File

@ -3,7 +3,22 @@ components:
schemas:
HsOfficeContactBase:
HsOfficeContact:
type: object
properties:
uuid:
type: string
format: uuid
label:
type: string
postalAddress:
type: string
emailAddresses:
type: string
phoneNumbers:
type: string
HsOfficeContactInsert:
type: object
properties:
label:
@ -14,15 +29,21 @@ components:
type: string
phoneNumbers:
type: string
required:
- label
HsOfficeContact:
allOf:
- type: object
properties:
uuid:
type: string
format: uuid
- $ref: '#/components/schemas/HsOfficeContactBase'
HsOfficeContactUpdate:
$ref: '#/components/schemas/HsOfficeContactBase'
HsOfficeContactPatch:
type: object
properties:
label:
type: string
nullable: true
postalAddress:
type: string
nullable: true
emailAddresses:
type: string
nullable: true
phoneNumbers:
type: string
nullable: true

View File

@ -0,0 +1,83 @@
get:
tags:
- hs-office-contacts
description: 'Fetch a single business contact by its uuid, if visible for the current subject.'
operationId: getContactByUuid
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
- name: contactUUID
in: path
required: true
schema:
type: string
format: uuid
description: UUID of the contact to fetch.
responses:
"200":
description: OK
content:
'application/json':
schema:
$ref: './hs-office-contact-schemas.yaml#/components/schemas/HsOfficeContact'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
$ref: './error-responses.yaml#/components/responses/Forbidden'
patch:
tags:
- hs-office-contacts
description: 'Updates a single business contact by its uuid, if permitted for the current subject.'
operationId: patchContact
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
- name: contactUUID
in: path
required: true
schema:
type: string
format: uuid
requestBody:
content:
'application/json':
schema:
$ref: './hs-office-contact-schemas.yaml#/components/schemas/HsOfficeContactPatch'
responses:
"200":
description: OK
content:
'application/json':
schema:
$ref: './hs-office-contact-schemas.yaml#/components/schemas/HsOfficeContact'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
$ref: './error-responses.yaml#/components/responses/Forbidden'
delete:
tags:
- hs-office-contacts
description: 'Delete a single business contact by its uuid, if permitted for the current subject.'
operationId: deleteContactByUuid
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
- name: contactUUID
in: path
required: true
schema:
type: string
format: uuid
description: UUID of the contact to delete.
responses:
"204":
description: No Content
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
$ref: './error-responses.yaml#/components/responses/Forbidden'
"404":
$ref: './error-responses.yaml#/components/responses/NotFound'

View File

@ -0,0 +1,56 @@
get:
summary: Returns a list of (optionally filtered) contacts.
description: Returns the list of (optionally filtered) contacts which are visible to the current user or any of it's assumed roles.
tags:
- hs-office-contacts
operationId: listContacts
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
- name: name
in: query
required: false
schema:
type: string
description: Prefix of label to filter the results.
responses:
"200":
description: OK
content:
'application/json':
schema:
type: array
items:
$ref: './hs-office-contact-schemas.yaml#/components/schemas/HsOfficeContact'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
$ref: './error-responses.yaml#/components/responses/Forbidden'
post:
summary: Adds a new contact.
tags:
- hs-office-contacts
operationId: addContact
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
requestBody:
content:
'application/json':
schema:
$ref: './hs-office-contact-schemas.yaml#/components/schemas/HsOfficeContactInsert'
required: true
responses:
"201":
description: Created
content:
'application/json':
schema:
$ref: './hs-office-contact-schemas.yaml#/components/schemas/HsOfficeContact'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
$ref: './error-responses.yaml#/components/responses/Forbidden'
"409":
$ref: './error-responses.yaml#/components/responses/Conflict'

View File

@ -12,7 +12,7 @@ get:
required: false
schema:
type: string
description: Customer-prefix to filter the results. TODO
description: Prefix of name properties from person or contact to filter the results.
responses:
"200":
description: OK

View File

@ -8,9 +8,20 @@ servers:
paths:
# Partners
/api/hs/office/partners:
$ref: "./hs-office-partners.yaml"
/api/hs/office/partners/{partnerUUID}:
$ref: "./hs-office-partners-with-uuid.yaml"
# Contacts
/api/hs/office/contacts:
$ref: "./hs-office-contacts.yaml"
/api/hs/office/contacts/{contactUUID}:
$ref: "./hs-office-contacts-with-uuid.yaml"

View File

@ -0,0 +1,377 @@
package net.hostsharing.hsadminng.hs.office.contact;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import net.hostsharing.hsadminng.Accepts;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.test.JpaAttempt;
import org.apache.commons.lang3.RandomStringUtils;
import org.json.JSONException;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.web.server.LocalServerPort;
import org.springframework.transaction.annotation.Transactional;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
import static net.hostsharing.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.startsWith;
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, JpaAttempt.class }
)
@Transactional
class HsOfficeContactControllerAcceptanceTest {
@LocalServerPort
private Integer port;
@Autowired
Context context;
@Autowired
Context contextMock;
@Autowired
HsOfficeContactRepository contactRepo;
@Autowired
JpaAttempt jpaAttempt;
Set<UUID> tempContactUuids = new HashSet<>();
@Nested
@Accepts({ "Contact:F(Find)" })
class ListContacts {
@Test
void globalAdmin_withoutAssumedRoles_canViewAllContacts_ifNoCriteriaGiven() throws JSONException {
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts")
.then().log().all().assertThat()
.statusCode(200)
.contentType("application/json")
.body("", lenientlyEquals("""
[
{ "label": "first contact" },
{ "label": "second contact" },
{ "label": "third contact" },
{ "label": "forth contact" },
{ "label": "fifth contact" },
{ "label": "sixth contact" },
{ "label": "eighth contact" },
{ "label": "ninth contact" },
{ "label": "tenth contact" },
{ "label": "eleventh contact" },
{ "label": "twelfth contact" }
]
"""
));
// @formatter:on
}
}
@Nested
@Accepts({ "Contact:C(Create)" })
class AddContact {
@Test
void globalAdmin_withoutAssumedRole_canAddContact() {
context.define("superuser-alex@hostsharing.net");
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
"label": "Test Contact",
"emailAddresses": "test@example.org"
}
""")
.port(port)
.when()
.post("http://localhost/api/hs/office/contacts")
.then().assertThat()
.statusCode(201)
.contentType(ContentType.JSON)
.body("uuid", isUuidValid())
.body("label", is("Test Contact"))
.body("emailAddresses", is("test@example.org"))
.header("Location", startsWith("http://localhost"))
.extract().header("Location"); // @formatter:on
// finally, the new contact can be accessed under the generated UUID
final var newUserUuid = toCleanup(UUID.fromString(
location.substring(location.lastIndexOf('/') + 1)));
assertThat(newUserUuid).isNotNull();
}
}
@Nested
@Accepts({ "Contact:R(Read)" })
class GetContact {
@Test
void globalAdmin_withoutAssumedRole_canGetArbitraryContact() {
context.define("superuser-alex@hostsharing.net");
final var givenContactUuid = contactRepo.findContactByOptionalLabelLike("first").get(0).getUuid();
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
.body("", lenientlyEquals("""
{
"label": "first contact"
}
""")); // @formatter:on
}
@Test
@Accepts({ "Contact:X(Access Control)" })
void normalUser_canNotGetUnrelatedContact() {
context.define("superuser-alex@hostsharing.net");
final var givenContactUuid = contactRepo.findContactByOptionalLabelLike("first").get(0).getUuid();
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
.then().log().body().assertThat()
.statusCode(404); // @formatter:on
}
@Test
@Accepts({ "Contact:X(Access Control)" })
void contactAdminUser_canGetRelatedContact() {
context.define("superuser-alex@hostsharing.net");
final var givenContactUuid = contactRepo.findContactByOptionalLabelLike("first").get(0).getUuid();
RestAssured // @formatter:off
.given()
.header("current-user", "customer-admin@firstcontact.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
.body("", lenientlyEquals("""
{
"label": "first contact",
"emailAddresses": "customer-admin@firstcontact.example.com",
"phoneNumbers": "+49 123 1234567"
}
""")); // @formatter:on
}
}
@Nested
@Accepts({ "Contact:U(Update)" })
class PatchContact {
@Test
void globalAdmin_withoutAssumedRole_canPatchAllPropertiesOfArbitraryContact() {
context.define("superuser-alex@hostsharing.net");
final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org");
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
"label": "patched contact",
"emailAddresses": "patched@example.org",
"postalAddress": "Patched Address",
"phoneNumbers": "+01 100 123456"
}
""")
.port(port)
.when()
.patch("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
.then().assertThat()
.statusCode(200)
.contentType(ContentType.JSON)
.body("uuid", isUuidValid())
.body("label", is("patched contact"))
.body("emailAddresses", is("patched@example.org"))
.body("postalAddress", is("Patched Address"))
.body("phoneNumbers", is("+01 100 123456"));
// @formatter:on
// finally, the contact is actually updated
context.define("superuser-alex@hostsharing.net");
assertThat(contactRepo.findByUuid(givenContact.getUuid())).isPresent().get()
.matches(person -> {
assertThat(person.getLabel()).isEqualTo("patched contact");
assertThat(person.getEmailAddresses()).isEqualTo("patched@example.org");
assertThat(person.getPostalAddress()).isEqualTo("Patched Address");
assertThat(person.getPhoneNumbers()).isEqualTo("+01 100 123456");
return true;
});
}
@Test
void globalAdmin_withoutAssumedRole_canPatchPartialPropertiesOfArbitraryContact() {
context.define("superuser-alex@hostsharing.net");
final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org");
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
"emailAddresses": "patched@example.org",
"phoneNumbers": "+01 100 123456"
}
""")
.port(port)
.when()
.patch("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
.then().assertThat()
.statusCode(200)
.contentType(ContentType.JSON)
.body("uuid", isUuidValid())
.body("label", is(givenContact.getLabel()))
.body("emailAddresses", is("patched@example.org"))
.body("postalAddress", is(givenContact.getPostalAddress()))
.body("phoneNumbers", is("+01 100 123456"));
// @formatter:on
// finally, the contact is actually updated
assertThat(contactRepo.findByUuid(givenContact.getUuid())).isPresent().get()
.matches(person -> {
assertThat(person.getLabel()).isEqualTo(givenContact.getLabel());
assertThat(person.getEmailAddresses()).isEqualTo("patched@example.org");
assertThat(person.getPostalAddress()).isEqualTo(givenContact.getPostalAddress());
assertThat(person.getPhoneNumbers()).isEqualTo("+01 100 123456");
return true;
});
}
}
@Nested
@Accepts({ "Contact:D(Delete)" })
class DeleteContact {
@Test
void globalAdmin_withoutAssumedRole_canDeleteArbitraryContact() {
context.define("superuser-alex@hostsharing.net");
final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org");
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
.then().log().body().assertThat()
.statusCode(204); // @formatter:on
// then the given contact is gone
assertThat(contactRepo.findByUuid(givenContact.getUuid())).isEmpty();
}
@Test
@Accepts({ "Contact:X(Access Control)" })
void contactOwner_canDeleteRelatedContact() {
final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org");
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-test-user@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
.then().log().body().assertThat()
.statusCode(204); // @formatter:on
// then the given contact is still there
assertThat(contactRepo.findByUuid(givenContact.getUuid())).isEmpty();
}
@Test
@Accepts({ "Contact:X(Access Control)" })
void normalUser_canNotDeleteUnrelatedContact() {
context.define("superuser-alex@hostsharing.net");
final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org");
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
.then().log().body().assertThat()
.statusCode(404); // unrelated user cannot even view the contact
// @formatter:on
// then the given contact is still there
assertThat(contactRepo.findByUuid(givenContact.getUuid())).isNotEmpty();
}
}
private HsOfficeContactEntity givenSomeTemporaryContactCreatedBy(final String creatingUser) {
return jpaAttempt.transacted(() -> {
context.define(creatingUser);
final var newContact = HsOfficeContactEntity.builder()
.uuid(UUID.randomUUID())
.label("Temp from " + Context.getCallerMethodNameFromStackFrame(1) )
.emailAddresses(RandomStringUtils.randomAlphabetic(10) + "@example.org")
.postalAddress("Postal Address " + RandomStringUtils.randomAlphabetic(10))
.phoneNumbers("+01 200 " + RandomStringUtils.randomNumeric(8))
.build();
toCleanup(newContact.getUuid());
return contactRepo.save(newContact);
}).assertSuccessful().returnedValue();
}
private UUID toCleanup(final UUID tempContactUuid) {
tempContactUuids.add(tempContactUuid);
return tempContactUuid;
}
@AfterEach
void cleanup() {
tempContactUuids.forEach(uuid -> {
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
System.out.println("DELETING temporary contact: " + uuid);
final var count = contactRepo.deleteByUuid(uuid);
System.out.println("DELETED temporary contact: " + uuid + (count > 0 ? " successful" : " failed"));
}).assertSuccessful();
});
}
}

View File

@ -7,6 +7,7 @@ import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.test.Array;
import net.hostsharing.test.JpaAttempt;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.modelmapper.internal.bytebuddy.utility.RandomString;
@ -270,6 +271,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
}).assumeSuccessful().returnedValue();
}
@BeforeEach
@AfterEach
void cleanup() {
context("superuser-alex@hostsharing.net", null);