Fixes #555

New RoleRequest class for creating new Roles

Author: oharsta

server/src/main/java/invite/api/RoleController.java

@@ -1,7 +1,6 @@
 package invite.api;
 
 import invite.config.Config;
-import invite.exception.InvalidInputException;
 import invite.exception.NotFoundException;
 import invite.exception.UserRestrictionException;
 import invite.logging.AccessLogger;
@@ -149,18 +148,20 @@ public ResponseEntity<List<Role>> rolesPerApplicationId(@PathVariable("manageId"
 
 
     @PostMapping("")
-    public ResponseEntity<Role> newRole(@Validated @RequestBody Role role,
+    public ResponseEntity<Role> newRole(@Validated @RequestBody RoleRequest roleRequest,
                                         @Parameter(hidden = true) User user) {
         LOG.debug(String.format("POST /roles/ for user %s", user.getEduPersonPrincipalName()));
-        if (role.getId() != null) {
-            throw new InvalidInputException("Role id must be null for new Role");
-        }
         UserPermissions.assertAuthority(user, Authority.INSTITUTION_ADMIN);
         //For super_users we allow an organization GUID from the input form
+        Role role = new Role(roleRequest);
         if (InstitutionAdmin.isInstitutionAdmin(user)) {
             role.setOrganizationGUID(user.getOrganizationGUID());
+        } else if (user.isSuperUser()) {
+            role.setOrganizationGUID(roleRequest.getOrganizationGUID());
+        } else {
+            role.setOrganizationGUID(null);
         }
-        role.setShortName(GroupURN.sanitizeRoleShortName(role.getShortName()));
+        role.setShortName(GroupURN.sanitizeRoleShortName(roleRequest.getName()));
         role.setIdentifier(UUID.randomUUID().toString());
         role.setUrn(GroupURN.urnFromRole(this.groupUrnPrefix, role));
 
@@ -171,7 +172,7 @@ public ResponseEntity<Role> newRole(@Validated @RequestBody Role role,
 
     @PutMapping("")
     @Retryable(
-            retryFor = { SQLTransactionRollbackException.class },
+            retryFor = {SQLTransactionRollbackException.class},
             maxAttempts = 3,
             backoff = @Backoff(delay = 1000)
     )

server/src/main/java/invite/internal/InternalInviteController.java

@@ -129,7 +129,6 @@ public ResponseEntity<Role> role(@PathVariable("id") Long id,
                     content = {@Content(examples = {@ExampleObject(value = """
                             {
                               "name": "Required role name",
-                              "shortName": "Required short name - may be copy of name",
                               "description": "Required role description",
                               "defaultExpiryDays": 365,
                               "inviterDisplayName": "Free format field used in the invitation emails for this role (can be email address)"
@@ -209,11 +208,12 @@ public ResponseEntity<Role> role(@PathVariable("id") Long id,
                                             }
                                             """
                                     )})})})
-    public ResponseEntity<Role> newRole(@Validated @RequestBody Role role,
+    public ResponseEntity<Role> newRole(@Validated @RequestBody RoleRequest roleRequest,
                                         @Parameter(hidden = true) @AuthenticationPrincipal RemoteUser remoteUser) {
+        Role role = new Role(roleRequest);
         role.setRemoteApiUser(remoteUser.getName());
 
-        role.setShortName(GroupURN.sanitizeRoleShortName(role.getShortName()));
+        role.setShortName(GroupURN.sanitizeRoleShortName(role.getName()));
         role.setIdentifier(UUID.randomUUID().toString());
 
         LOG.debug(String.format("New role '%s' by user %s", role.getName(), remoteUser.getName()));

server/src/main/java/invite/model/Role.java

@@ -125,6 +125,20 @@ public Role(@NotNull String name,
         this.identifier = UUID.randomUUID().toString();
     }
 
+    public Role(RoleRequest roleRequest) {
+        this.name = roleRequest.getName();
+        this.description = roleRequest.getDescription();
+        this.defaultExpiryDays = roleRequest.getDefaultExpiryDays();
+        this.enforceEmailEquality = roleRequest.isEnforceEmailEquality();
+        this.eduIDOnly = roleRequest.isEduIDOnly();
+        this.blockExpiryDate = roleRequest.isBlockExpiryDate();
+        this.overrideSettingsAllowed = roleRequest.isOverrideSettingsAllowed();
+        this.organizationGUID = roleRequest.getOrganizationGUID();
+        this.inviterDisplayName = roleRequest.getInviterDisplayName();
+        this.applicationUsages = roleRequest.getApplicationUsages();
+
+    }
+
     @Transient
     @JsonIgnore
     public List<String> applicationIdentifiers() {

server/src/test/java/invite/api/RoleControllerTest.java

@@ -4,10 +4,7 @@
 import invite.AccessCookieFilter;
 import invite.DefaultPage;
 import invite.manage.EntityType;
-import invite.model.Application;
-import invite.model.ApplicationUsage;
-import invite.model.RemoteProvisionedGroup;
-import invite.model.Role;
+import invite.model.*;
 import io.restassured.common.mapper.TypeRef;
 import io.restassured.http.ContentType;
 import org.junit.jupiter.api.Test;
@@ -28,8 +25,7 @@ void createBySuperUser() throws Exception {
         //Because the user is changed and provisionings are queried
         stubForManageProvisioning(List.of());
         AccessCookieFilter accessCookieFilter = openIDConnectFlow("/api/v1/users/login", SUPER_SUB);
-        Role role = new Role("New", "New desc", application("1", EntityType.SAML20_SP), 365, false, false);
-        role.setOrganizationGUID("ad93daef-0911-e511-80d0-005056956c1a");
+        RoleRequest roleRequest = new RoleRequest("New", "New desc", 365, false, false, false, true, "ad93daef-0911-e511-80d0-005056956c1a", "From me", application("1", EntityType.SAML20_SP));
 
         super.stubForManagerProvidersByIdIn(EntityType.SAML20_SP, List.of("1"));
         super.stubForManageProvisioning(List.of("1"));
@@ -41,12 +37,12 @@ void createBySuperUser() throws Exception {
                 .accept(ContentType.JSON)
                 .header(accessCookieFilter.csrfToken().getHeaderName(), accessCookieFilter.csrfToken().getToken())
                 .contentType(ContentType.JSON)
-                .body(role)
+                .body(roleRequest)
                 .post("/api/v1/roles")
                 .as(Map.class);
         assertNotNull(result.get("id"));
         Role roleFromDB = roleRepository.findById(Long.valueOf((Integer) result.get("id"))).get();
-        assertEquals(role.getOrganizationGUID(), roleFromDB.getOrganizationGUID());
+        assertEquals(roleRequest.getOrganizationGUID(), roleFromDB.getOrganizationGUID());
     }
 
     @Test
@@ -55,8 +51,9 @@ void createByInstitutionAdmin() throws Exception {
         stubForManageProvidersAllowedByIdP(ORGANISATION_GUID);
         AccessCookieFilter accessCookieFilter = openIDConnectFlow("/api/v1/users/login", INSTITUTION_ADMIN_SUB);
 
-        Role role = new Role("New", "New desc", application("1", EntityType.SAML20_SP), 365, false, false);
-        role.setOrganizationGUID(UUID.randomUUID().toString());
+        RoleRequest roleRequest = new RoleRequest("New", "New desc", 365,
+                false, false, false, true,
+                UUID.randomUUID().toString(), "From me", application("1", EntityType.SAML20_SP));
 
         super.stubForManagerProvidersByIdIn(EntityType.SAML20_SP, List.of("1"));
         super.stubForManageProvisioning(List.of("1"));
@@ -68,7 +65,7 @@ void createByInstitutionAdmin() throws Exception {
                 .accept(ContentType.JSON)
                 .header(accessCookieFilter.csrfToken().getHeaderName(), accessCookieFilter.csrfToken().getToken())
                 .contentType(ContentType.JSON)
-                .body(role)
+                .body(roleRequest)
                 .post("/api/v1/roles")
                 .as(Map.class);
         assertNotNull(result.get("id"));
@@ -81,15 +78,18 @@ void createInvalidApplicationUsages() throws Exception {
         //Because the user is changed and provisionings are queried
         stubForManageProvisioning(List.of());
         AccessCookieFilter accessCookieFilter = openIDConnectFlow("/api/v1/users/login", SUPER_SUB);
-        Role role = new Role("New", "New desc", Set.of(), 365, false, false);
+        RoleRequest roleRequest = new RoleRequest("New", "New desc", 365,
+                false, false, false, true,
+                null, "From me", Set.of());
+
 
         given()
                 .when()
                 .filter(accessCookieFilter.cookieFilter())
                 .accept(ContentType.JSON)
                 .header(accessCookieFilter.csrfToken().getHeaderName(), accessCookieFilter.csrfToken().getToken())
                 .contentType(ContentType.JSON)
-                .body(role)
+                .body(roleRequest)
                 .post("/api/v1/roles")
                 .then()
                 .statusCode(400);
@@ -102,15 +102,17 @@ void createInvalidApplicationLandingPage() throws Exception {
         AccessCookieFilter accessCookieFilter = openIDConnectFlow("/api/v1/users/login", SUPER_SUB);
         Set<ApplicationUsage> applicationUsages = application("1", EntityType.SAML20_SP);
         applicationUsages.iterator().next().setLandingPage("nope");
-        Role role = new Role("New", "New desc", applicationUsages, 365, false, false);
+        RoleRequest roleRequest = new RoleRequest("New", "New desc", 365,
+                false, false, false, true,
+                null, "From me", applicationUsages);
 
         given()
                 .when()
                 .filter(accessCookieFilter.cookieFilter())
                 .accept(ContentType.JSON)
                 .header(accessCookieFilter.csrfToken().getHeaderName(), accessCookieFilter.csrfToken().getToken())
                 .contentType(ContentType.JSON)
-                .body(role)
+                .body(roleRequest)
                 .post("/api/v1/roles")
                 .then()
                 .statusCode(400);