WIP for #595

Author: oharsta

client/src/App.jsx

@@ -80,7 +80,12 @@ const App = () => {
                     setIsAuthenticated(res[0].authenticated);
                     if (res[0].authenticated) {
                         me().then(user => {
-                            const currentOrganization = user.organizationMemberships.map(om => om.organization)[0] || {name: ""};
+                            //If there are multiple organization memberships, we default to the one which is used to login
+                            const identityProviderId = (user.identityProvider || {}).id;
+                            const orgMembership = (user.organizationMemberships || [])
+                                .find(organizationMembership => !isEmpty(identityProviderId) &&
+                                    organizationMembership.organization.manageIdentifier === identityProviderId);
+                            const currentOrganization = orgMembership?.organization || user.organizationMemberships.map(om => om.organization)[0] || {name: ""};
                             const newMenuItems = menuItemsForUser(user, currentOrganization);
                             useAppStore.setState(() => ({
                                 user: user,

client/src/api/index.js

@@ -78,6 +78,10 @@ export function me() {
     return fetchJson("/api/v1/users/me");
 }
 
+export function organizationSwitch(organization) {
+    return fetchJson(`/api/v1/users/organization-switch/${organization.id}`);
+}
+
 export function deleteUser() {
     return fetchDelete("/api/v1/users");
 }

client/src/components/UserMenu.jsx

@@ -9,6 +9,7 @@ import CheckPlain from "../icons/check-plain.svg";
 import CaretDown from "../icons/caret_down.svg";
 import {mainMenuItems, menuItemsForUser} from "../utils/MenuItems.js";
 import {useLogout} from '../hooks/UseLogout.jsx';
+import {organizationSwitch} from "../api/index.js";
 
 export const UserMenu = ({setIsAuthenticated}) => {
 
@@ -23,13 +24,17 @@ export const UserMenu = ({setIsAuthenticated}) => {
     const logoutUser = useLogout();
 
     const switchOrganization = organization => {
-        const newMenuItems = menuItemsForUser(user, organization);
-        useAppStore.setState(() => ({
-            currentOrganization: organization,
-            menuItems: newMenuItems,
-            activeMenuItem: mainMenuItems.home
-        }))
-        navigate("/home");
+        organizationSwitch(organization)
+            .then(newUser => {
+                const newMenuItems = menuItemsForUser(newUser, organization);
+                useAppStore.setState(() => ({
+                    currentOrganization: organization,
+                    menuItems: newMenuItems,
+                    user: newUser,
+                    activeMenuItem: mainMenuItems.home,
+                }));
+                navigate("/home");
+            });
     }
 
     const renderOrganizationSwitch = () => {
@@ -48,7 +53,9 @@ export const UserMenu = ({setIsAuthenticated}) => {
                 {isSwitchOrganizationOpen &&
                     <section className="organization-switch-section sds--user-info--dropdown">
                         {organizations.map((org, index) =>
-                            <div key={index} className="organization-option" onClick={() => switchOrganization(org)}>
+                            <div key={index}
+                                 className="organization-option"
+                                 onClick={() => switchOrganization(org)}>
                                 <span className={`${currentOrganization.id === org.id ? "active" : ""}`}>
                                     {org.name}
                                 </span>

client/src/utils/MenuItems.js

@@ -57,7 +57,7 @@ const doMenuItemsForUser = (user, currentOrganization, feedbackWidgetEnabled = u
     if (isMember || isAdmin) {
         newMenuItems.push(mainMenuItems.users);
     }
-    if (!user.externalUser) {
+    if (!isEmpty(currentOrganization.manageIdentifier)) {
         newMenuItems.push(mainMenuItems.accessibleApps, mainMenuItems.idp, mainMenuItems.invite, mainMenuItems.sram);
     }
     if ((isAdmin || user.superUser) && !isEmpty(currentOrganization.manageIdentifier)) {

server/src/main/java/access/api/ConnectionController.java

@@ -323,7 +323,7 @@ private Connection productionReadyChangeRequests(Connection connection, User use
                 //And therefore we don't create a new change request, but update the existing one
                 Map<String, Object> existingChangeRequest = existingChangeRequests.getFirst();
                 ChangeRequest changeRequest = changeRequestOptional.get();
-                existingChangeRequest.get("pathUpdates")
+                existingChangeRequest.get("pathUpdates");
                 //TODO , add / override all new pathUpdates, except if the value is a List, then sort out the difference
 
 

server/src/main/java/access/api/UserController.java

@@ -3,6 +3,7 @@
 import access.config.Config;
 import access.exception.NotAllowedException;
 import access.exception.NotFoundException;
+import access.exception.UserRestrictionException;
 import access.mail.MailBox;
 import access.manage.Manage;
 import access.model.*;
@@ -134,6 +135,34 @@ public ResponseEntity<User> me(@Parameter(hidden = true) User user, Authenticati
         return ResponseEntity.ok(userFromDB);
     }
 
+    @GetMapping("/organization-switch/{organizationId}")
+    public ResponseEntity<User> organizationSwitch(@Parameter(hidden = true) User user,
+                                                   @PathVariable("organizationId") Long organizationId,
+                                                   Authentication authentication) {
+        LOG.debug(String.format("/organization-switch for user %s", user.getEduPersonPrincipalName()));
+
+        User userFromDB = userRepository.findDetailsById(user.getId())
+                .orElseThrow(() -> new NotFoundException("User not found"));
+
+        Organization organization = userFromDB.getOrganizationMemberships().stream()
+                .filter(organizationMembership -> organizationMembership.getOrganization().getId().equals(organizationId))
+                .map(organizationMembership -> organizationMembership.getOrganization())
+                .findFirst()
+                .orElseThrow(() -> new UserRestrictionException((String.format("User %s is not a member of organization %s",
+                        user.getEmail(), organizationId))));
+
+        boolean isInternalUserFromOrganization = StringUtils.hasText(organization.getManageIdentifier());
+        userFromDB.setExternalUser(!isInternalUserFromOrganization);
+        if (isInternalUserFromOrganization) {
+            Map<String, Object> identityProvider = manage.providerByManageIdentifier(
+                    EntityType.saml20_idp, organization.getManageIdentifier(), Environment.PROD);
+            userFromDB.setIdentityProvider(identityProvider);
+            List<Map<String, Object>> changeRequests = manage.getChangeRequestsIdentityProvider(identityProvider);
+            userFromDB.setChangeRequests(changeRequests);
+        }
+        return ResponseEntity.ok(userFromDB);
+    }
+
     @GetMapping("/other/{id}")
     public ResponseEntity<User> details(@PathVariable("id") Long id, @Parameter(hidden = true) User user) {
         LOG.debug(String.format("/other/%s for user %s", id, user.getEduPersonPrincipalName()));

server/src/test/java/access/api/UserControllerTest.java

@@ -3,21 +3,23 @@
 import access.AbstractTest;
 import access.AccessCookieFilter;
 import access.UserInfoEnhancer;
-import access.model.*;
+import access.model.Authority;
+import access.model.EntityType;
+import access.model.Environment;
+import access.model.Institution;
+import access.model.Organization;
+import access.model.OrganizationMembership;
+import access.model.User;
 import io.restassured.common.mapper.TypeRef;
 import io.restassured.http.ContentType;
-import io.restassured.http.Headers;
-import lombok.SneakyThrows;
 import org.junit.jupiter.api.Test;
 import org.springframework.data.domain.Sort;
 import org.springframework.http.HttpStatus;
 
-import java.lang.reflect.Type;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 
-import static com.github.tomakehurst.wiremock.client.WireMock.*;
 import static io.restassured.RestAssured.given;
 import static org.junit.jupiter.api.Assertions.*;
 
@@ -112,6 +114,61 @@ void meManagerWithMockLogin() {
         assertEquals("ShareLogics", organization.getName());
     }
 
+    @Test
+    void swichOrganizationManagerWithMockLogin() {
+        AccessCookieFilter accessCookieFilter = mockLoginFlow(MANAGE_SUB);
+
+        super.stubForGetProvider(EntityType.saml20_idp, "7", Environment.PROD);
+        super.stubForGetChangeRequests(getChangeRequests());
+
+        User user = given()
+                .when()
+                .filter(accessCookieFilter.cookieFilter())
+                .accept(ContentType.JSON)
+                .contentType(ContentType.JSON)
+                .pathParam("organizationId", seedIdentifiers.get(SHARE_LOGICS))
+                .get("/api/v1/users/organization-switch/{organizationId}")
+                .as(User.class);
+        assertEquals(1, user.getOrganizationMemberships().size());
+
+        Organization organization = user.getOrganizationMemberships().stream().findFirst().get().getOrganization();
+        assertEquals("ShareLogics", organization.getName());
+
+        assertEquals("7", user.getIdentityProvider().get("id"));
+    }
+
+    @Test
+    void swichOrganizationGuestWithoutIdP() {
+        AccessCookieFilter accessCookieFilter = mockLoginFlow(GUEST_SUB);
+
+        User user = given()
+                .when()
+                .filter(accessCookieFilter.cookieFilter())
+                .accept(ContentType.JSON)
+                .contentType(ContentType.JSON)
+                .pathParam("organizationId", seedIdentifiers.get(FAR_WIND))
+                .get("/api/v1/users/organization-switch/{organizationId}")
+                .as(User.class);
+        assertEquals(1, user.getOrganizationMemberships().size());
+
+        assertNull(user.getIdentityProvider());
+    }
+
+    @Test
+    void swichOrganizationGuestNoAccess() {
+        AccessCookieFilter accessCookieFilter = mockLoginFlow(GUEST_SUB);
+
+        given()
+                .when()
+                .filter(accessCookieFilter.cookieFilter())
+                .accept(ContentType.JSON)
+                .contentType(ContentType.JSON)
+                .pathParam("organizationId", -1L)
+                .get("/api/v1/users/organization-switch/{organizationId}")
+                .then()
+                .statusCode(HttpStatus.FORBIDDEN.value());
+    }
+
     @Test
     void meMissingAttributes() throws Exception {
         this.stubForStats();