WIP for #699

oharsta · oharsta · commit 5a094932d8f8 · 2026-04-10T14:32:43.000+02:00
diff --git a/server/src/main/java/invite/audit/UserRoleAuditService.java b/server/src/main/java/invite/audit/UserRoleAuditService.java
@@ -16,7 +16,6 @@ public UserRoleAuditService(UserRoleAuditRepository userRoleAuditRepository) {
         this.userRoleAuditRepository = userRoleAuditRepository;
     }
 
-
     public void logAction(UserRole userRole, UserRoleAudit.ActionType action) {
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         String authority = authentication != null ? authentication.getName() : "system";
diff --git a/server/src/main/java/invite/crm/CRMController.java b/server/src/main/java/invite/crm/CRMController.java
@@ -64,6 +64,7 @@
 import java.util.NoSuchElementException;
 import java.util.Optional;
 import java.util.Set;
+import java.util.function.Predicate;
 import java.util.stream.Collectors;
 
 import static invite.SwaggerOpenIdConfig.API_HEADER_SCHEME_NAME;
@@ -342,6 +343,34 @@ public ResponseEntity<ResendInvitationResponse> resendInvitation(@RequestBody Re
         return ResponseEntity.ok(new ResendInvitationResponse(timestamp, 200, "ok", "Resend invitation"));
     }
 
+    @PostMapping(value = "/crm/api/v1/invite/remove", produces = MediaType.APPLICATION_JSON_VALUE)
+    @Operation(summary = "Remove all CRM roles memberships from a user",
+            description = "Remove all CRM roles memberships from a user")
+    @SecurityRequirement(name = API_HEADER_SCHEME_NAME)
+    @PreAuthorize("hasRole('CRM')")
+    public ResponseEntity<String> remove(@RequestBody RemoveRoles removeRoles) {
+        LOG.debug("POST /crm/api/v1/invite/remove: " + removeRoles);
+
+        Optional<Organisation> optionalOrganisation = organisationRepository.findByCrmOrganisationId(removeRoles.crmOrganisationId());
+        optionalOrganisation
+                .flatMap(organisation -> userRepository
+                        .findByCrmContactIdAndOrganisation(removeRoles.crmContatcId(), organisation))
+                .ifPresent(user -> {
+                    LOG.debug("Removing roles from CRM user: " + user.getEmail());
+
+                    Predicate<UserRole> predicate = userRole -> StringUtils.hasText(userRole.getRole().getCrmRoleId());
+                    user.getUserRoles().stream()
+                            .filter(predicate)
+                            .forEach(userRole -> {
+                                this.provisioningService.deleteUserRoleRequest(userRole);
+                                this.userRoleAuditService.logAction(userRole, UserRoleAudit.ActionType.DELETE);
+                            });
+                    user.getUserRoles().removeIf(predicate);
+                    this.userRepository.save(user);
+                });
+        return ResponseEntity.ok().body("removed");
+    }
+
     @GetMapping(value = "/crm/api/v1/organisations", produces = MediaType.APPLICATION_JSON_VALUE)
     @Operation(summary = "Get all CRM organisations")
     @SecurityRequirement(name = API_HEADER_SCHEME_NAME)
diff --git a/server/src/main/java/invite/provision/ProvisioningServiceDefault.java b/server/src/main/java/invite/provision/ProvisioningServiceDefault.java
@@ -86,6 +86,7 @@ private enum APIType {
 
     private final ParameterizedTypeReference<String> stringParameterizedTypeReference = new ParameterizedTypeReference<>() {
     };
+
     private final RestTemplate restTemplate = new RestTemplate();
 
     private final UserRoleRepository userRoleRepository;
@@ -606,7 +607,7 @@ private <T, S> T doExchange(RequestEntity<S> requestEntity,
                     provisioning.getEntityId()));
 
             return body;
-        } catch (RestClientException e) {
+        } catch (RuntimeException e) {
             String errorMessage = String.format("Error %s SCIM request (entityID %s) to %s with %s httpMethod and body %s",
                     api,
                     provisioning.getEntityId(),
diff --git a/server/src/test/java/invite/crm/CRMControllerTest.java b/server/src/test/java/invite/crm/CRMControllerTest.java
@@ -86,7 +86,7 @@ void contactProvisioningNewUser() throws JsonProcessingException {
     }
 
     @Test
-    void contactProvisioningWrongApiHeader() throws JsonProcessingException {
+    void contactProvisioningWrongApiHeader() {
         given()
                 .when()
                 .accept(ContentType.JSON)
@@ -759,7 +759,7 @@ void profileWithOrgGUID() {
         assertEquals(1, profileResponse.profiles().size());
     }
 
-        @Test
+    @Test
     void profileWithGuidRole() {
         this.seedCRMData();
         ProfileResponse profileResponse = given()
@@ -877,6 +877,66 @@ void deleteOrganisation() {
         assertTrue(optionalOrganisation.isEmpty());
     }
 
+    @Test
+    void removeCRMRoles() throws JsonProcessingException {
+        this.seedCRMData();
+
+        Organisation organisation = organisationRepository.findByCrmOrganisationId(CRM_ORGANIZATION_ID).get();
+        User user = userRepository.findByCrmContactIdAndOrganisation(CRM_CONTACT_ID, organisation).get();
+        assertEquals(2, user.getUserRoles().size());
+
+        stubForManageProvisioning(List.of());
+
+        String response = given()
+                .when()
+                .accept(ContentType.JSON)
+                .header(API_KEY_HEADER, "secret")
+                .contentType(ContentType.JSON)
+                .body(new RemoveRoles(CRM_ORGANIZATION_ID, CRM_CONTACT_ID))
+                .post("/crm/api/v1/invite/remove")
+                .then()
+                .extract()
+                .asString();
+        assertEquals("removed", response);
+
+        user = userRepository.findByCrmContactIdAndOrganisation(CRM_CONTACT_ID, organisation).get();
+        assertEquals(1, user.getUserRoles().size());
+    }
+
+    @Test
+    void removeCRMRolesNoUserFound() {
+        this.seedCRMData();
+
+        String response = given()
+                .when()
+                .accept(ContentType.JSON)
+                .header(API_KEY_HEADER, "secret")
+                .contentType(ContentType.JSON)
+                .body(new RemoveRoles(CRM_ORGANIZATION_ID, "nope"))
+                .post("/crm/api/v1/invite/remove")
+                .then()
+                .extract()
+                .asString();
+        assertEquals("removed", response);
+    }
+
+    @Test
+    void removeCRMRolesNoOrganisationFound() {
+        this.seedCRMData();
+
+        String response = given()
+                .when()
+                .accept(ContentType.JSON)
+                .header(API_KEY_HEADER, "secret")
+                .contentType(ContentType.JSON)
+                .body(new RemoveRoles("nope", "nope"))
+                .post("/crm/api/v1/invite/remove")
+                .then()
+                .extract()
+                .asString();
+        assertEquals("removed", response);
+    }
+
     private void seedCRMData() {
         Organisation organisation = organisationRepository.findByCrmOrganisationId(CRM_ORGANIZATION_ID).get();
         Role role = new Role();

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,6 @@ public UserRoleAuditService(UserRoleAuditRepository userRoleAuditRepository) {`
`16`	`16`	`this.userRoleAuditRepository = userRoleAuditRepository;`
`17`	`17`	`}`
`18`	`18`
`19`		`-`
`20`	`19`	`public void logAction(UserRole userRole, UserRoleAudit.ActionType action) {`
`21`	`20`	`Authentication authentication = SecurityContextHolder.getContext().getAuthentication();`
`22`	`21`	`String authority = authentication != null ? authentication.getName() : "system";`