Allow searching for users with all roles in a tenant (#230)

Author: slavikm

src/main/java/com/descope/model/user/request/RolesList.java

@@ -0,0 +1,16 @@
+package com.descope.model.user.request;
+
+import java.util.List;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class RolesList {
+  List<String> values;
+  Boolean and;
+}

src/main/java/com/descope/model/user/request/UserSearchRequest.java

@@ -43,6 +43,6 @@ public class UserSearchRequest {
   /** Retrieve only users updated before the given time. */
   @JsonSerialize(using = InstantToMillisSerializer.class)
   Instant toModifiedTime;
-  Map<String, List<String>> tenantRoleIds;
-  Map<String, List<String>> tenantRoleNames;
+  Map<String, RolesList> tenantRoleIds;
+  Map<String, RolesList> tenantRoleNames;
 }

src/main/java/com/descope/sdk/mgmt/impl/UserServiceImpl.java

@@ -62,9 +62,7 @@
 import com.descope.proxy.ApiProxy;
 import com.descope.sdk.mgmt.UserService;
 import com.fasterxml.jackson.core.type.TypeReference;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import java.net.URI;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import org.apache.commons.collections4.CollectionUtils;
@@ -256,19 +254,10 @@ public AllUsersResponseDetails searchAll(UserSearchRequest request) throws Desco
     if (request.getPage() == null || request.getPage() < 0) {
       throw ServerCommonException.invalidArgument("page");
     }
-
-    Map<String, Object> payload = new ObjectMapper().convertValue(request, new TypeReference<Map<String, Object>>() {});
 
-    if (request.getTenantRoleIds() != null) {
-      payload.put("tenantRoleIds", mapToValuesObject(request.getTenantRoleIds()));
-    }
-    if (request.getTenantRoleNames() != null) {
-      payload.put("tenantRoleNames", mapToValuesObject(request.getTenantRoleNames()));
-    }
-
     URI composeSearchAllUri = composeSearchAllUri();
     ApiProxy apiProxy = getApiProxy();
-    return apiProxy.post(composeSearchAllUri, payload, AllUsersResponseDetails.class);
+    return apiProxy.post(composeSearchAllUri, request, AllUsersResponseDetails.class);
   }
 
   @Override
@@ -753,16 +742,4 @@ private URI composeGenerateEmbeddedLink() {
     return getUri(USER_CREATE_EMBEDDED_LINK);
   }
 
-  private static Map<String, Map<String, List<String>>> mapToValuesObject(Map<String, List<String>> inputMap) {
-    if (inputMap == null) {
-      return null;
-    }
-    Map<String, Map<String, List<String>>> result = new HashMap<>();
-    for (Map.Entry<String, List<String>> entry : inputMap.entrySet()) {
-      if (entry.getValue() != null) {
-        result.put(entry.getKey(), mapOf("values", entry.getValue()));
-      }
-    }
-    return result.isEmpty() ? null : result;
-  }
 }

src/test/java/com/descope/model/user/request/UserSearchRequestTest.java

@@ -44,17 +44,19 @@ public void testTenantRoleIdsAndNamesSerialization() throws JsonProcessingExcept
     UserSearchRequest request = UserSearchRequest.builder()
         .tenantIds(Collections.singletonList("tenant1"))
         .roles(Collections.singletonList("role1"))
-        .tenantRoleIds(Collections.singletonMap("tenant1", Collections.singletonList("roleA")))
-        .tenantRoleNames(Collections.singletonMap("tenant2", Collections.singletonList("roleX")))
+        .tenantRoleIds(Collections.singletonMap("tenant1",
+            RolesList.builder().values(Collections.singletonList("roleA")).build()))
+        .tenantRoleNames(Collections.singletonMap("tenant2",
+            RolesList.builder().values(Collections.singletonList("roleX")).build()))
         .build();
 
     String json = mapper.writeValueAsString(request);
     String expectedJson = "{\"tenantIds\":[\"tenant1\"],\"roles\":[\"role1\"],\"limit\":0,\"page\":0,"
         + "\"withTestUser\":null,\"testUsersOnly\":null,\"customAttributes\":null,\"statuses\":null,\"emails\":null,"
         + "\"phones\":null,\"loginIds\":null,\"userIds\":null,\"ssoAppIds\":null,\"fromCreatedTime\":null,"
         + "\"toCreatedTime\":null,\"fromModifiedTime\":null,\"toModifiedTime\":null,"
-        + "\"tenantRoleIds\":{\"tenant1\":[\"roleA\"]},"
-        + "\"tenantRoleNames\":{\"tenant2\":[\"roleX\"]}}";
+        + "\"tenantRoleIds\":{\"tenant1\":{\"values\":[\"roleA\"],\"and\":null}},"
+        + "\"tenantRoleNames\":{\"tenant2\":{\"values\":[\"roleX\"],\"and\":null}}}";
 
     assertEquals(expectedJson, json);
   }

src/test/java/com/descope/sdk/mgmt/impl/UserServiceImplTest.java

@@ -3,6 +3,7 @@
 import static com.descope.utils.CollectionUtils.mapOf;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -30,6 +31,7 @@
 import com.descope.model.user.request.BatchUserPasswordPbkdf2;
 import com.descope.model.user.request.BatchUserRequest;
 import com.descope.model.user.request.PatchUserRequest;
+import com.descope.model.user.request.RolesList;
 import com.descope.model.user.request.UserRequest;
 import com.descope.model.user.request.UserSearchRequest;
 import com.descope.model.user.response.AllUsersResponseDetails;
@@ -66,7 +68,6 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junitpioneer.jupiter.RetryingTest;
-import org.mockito.ArgumentCaptor;
 import org.mockito.MockedStatic;
 
 public class UserServiceImplTest {
@@ -825,50 +826,6 @@ void testSearchAllForSuccess() {
     }
   }
 
-  @Test
-  void testSearchAllWithTenantRoleParams() {
-    Map<String, List<String>> tenantRoleIds = mapOf("tenant1", Arrays.asList("roleA", "roleB"));
-    Map<String, List<String>> tenantRoleNames = mapOf("tenant1", Arrays.asList("roleA", "roleB"));
-    AllUsersResponseDetails allUsersResponse = mock(AllUsersResponseDetails.class);
-    UserSearchRequest userSearchRequest = UserSearchRequest.builder()
-        .limit(5)
-        .page(0)
-        .tenantRoleIds(tenantRoleIds)
-        .tenantRoleNames(tenantRoleNames)
-        .build();
-
-    ApiProxy apiProxy = mock(ApiProxy.class);
-    doReturn(allUsersResponse).when(apiProxy).post(any(), any(), any());
-
-    try (MockedStatic<ApiProxyBuilder> mockedApiProxyBuilder = mockStatic(ApiProxyBuilder.class)) {
-      mockedApiProxyBuilder.when(() -> ApiProxyBuilder.buildProxy(any(), any())).thenReturn(apiProxy);
-
-      userService.searchAll(userSearchRequest);
-
-      @SuppressWarnings("unchecked")
-      ArgumentCaptor<Map<String, Object>> captor = ArgumentCaptor.forClass(Map.class);
-      verify(apiProxy).post(any(), captor.capture(), any());
-
-      Map<String, Object> payload = captor.getValue();
-
-      @SuppressWarnings("unchecked")
-      Map<String, Object> wrappedIds = (Map<String, Object>) payload.get("tenantRoleIds");
-      assertTrue(wrappedIds.get("tenant1") instanceof Map);
-
-      @SuppressWarnings("unchecked")
-      Map<String, Object> tenantIdsMap = (Map<String, Object>) wrappedIds.get("tenant1");
-      assertEquals(Arrays.asList("roleA", "roleB"), (tenantIdsMap.get("values")));
-
-      @SuppressWarnings("unchecked")
-      Map<String, Object> wrappedNames = (Map<String, Object>) payload.get("tenantRoleNames");
-      assertTrue(wrappedNames.get("tenant1") instanceof Map);
-
-      @SuppressWarnings("unchecked")
-      Map<String, Object> tenantNamesMap = (Map<String, Object>) wrappedNames.get("tenant1");
-      assertEquals(Arrays.asList("roleA", "roleB"), (tenantNamesMap.get("values")));
-    }
-  }
-
   @Test
   void testSearchAllForInvalidLimit() {
     ServerCommonException thrown = assertThrows(ServerCommonException.class,
@@ -1019,8 +976,10 @@ void testFunctionalUserWithTenantAndRole() {
     String tenantName = TestUtils.getRandomName("t-");
     String tenantId = tenantService.create(tenantName, Arrays.asList(tenantName + ".com"));
     assertThat(tenantId).isNotBlank();
-    String roleName = TestUtils.getRandomName("r-").substring(0, 20);
-    roleService.create(roleName, "", null);
+    String roleName1 = TestUtils.getRandomName("r-").substring(0, 20);
+    roleService.create(roleName1, "", null);
+    String roleName2 = TestUtils.getRandomName("r-").substring(0, 20);
+    roleService.create(roleName2, "", null);
     String loginId = TestUtils.getRandomName("u-");
     String email = TestUtils.getRandomName("test-") + "@descope.com";
     String phone = "+1-555-555-5555";
@@ -1029,7 +988,8 @@ void testFunctionalUserWithTenantAndRole() {
         UserRequest.builder().email(email).verifiedEmail(true).phone(phone).verifiedPhone(true)
             .displayName("Testing Test")
             .userTenants(
-                Arrays.asList(AssociatedTenant.builder().tenantId(tenantId).roleNames(Arrays.asList(roleName)).build()))
+                Arrays.asList(
+                  AssociatedTenant.builder().tenantId(tenantId).roleNames(Arrays.asList(roleName1, roleName2)).build()))
             .build());
     UserResponse user = createResponse.getUser();
     assertNotNull(user);
@@ -1041,34 +1001,53 @@ void testFunctionalUserWithTenantAndRole() {
     assertEquals("Testing Test", user.getName());
     assertEquals("invited", user.getStatus());
     assertThat(user.getUserTenants()).containsExactly(AssociatedTenant.builder().tenantId(tenantId)
-        .tenantName(tenantName).roleNames(Arrays.asList(roleName)).build());
+        .tenantName(tenantName).roleNames(Arrays.asList(roleName1, roleName2)).build());
     UserResponseDetails updateResponse = userService.update(loginId,
-        UserRequest.builder().roleNames(Arrays.asList(roleName)).email(email).verifiedEmail(true).phone(phone)
+        UserRequest.builder().roleNames(
+          Arrays.asList(roleName1, roleName2)).email(email).verifiedEmail(true).phone(phone)
             .verifiedPhone(true).displayName("Testing Test").build());
     user = updateResponse.getUser();
     assertNotNull(user);
-    assertThat(user.getRoleNames()).containsExactly(roleName);
+    assertThat(user.getRoleNames()).containsExactly(roleName1, roleName2);
     // Patch
     UserResponseDetails patchResponse = userService.patch(loginId,
         PatchUserRequest.builder()
             .userTenants(
                 Arrays.asList(AssociatedTenant.builder()
-                    .tenantId(tenantId).roleNames(Arrays.asList(roleName)).build())).build());
+                    .tenantId(tenantId).roleNames(Arrays.asList(roleName1, roleName2)).build())).build());
     user = patchResponse.getUser();
     assertNotNull(user);
     assertThat(user.getUserTenants()).containsExactly(AssociatedTenant.builder().tenantId(tenantId)
-        .tenantName(tenantName).roleNames(Arrays.asList(roleName)).build());
+        .tenantName(tenantName).roleNames(Arrays.asList(roleName1, roleName2)).build());
     // Search
     AllUsersResponseDetails searchByTenantRoleNames = userService.searchAll(
         UserSearchRequest.builder()
-            .tenantRoleNames(mapOf(tenantId, Arrays.asList(roleName))).build());
+            .tenantRoleNames(
+              mapOf(tenantId, RolesList.builder().values(
+                Arrays.asList(roleName1, roleName2)).and(true).build())).build());
     boolean foundByRoleName = searchByTenantRoleNames.getUsers().stream()
         .anyMatch(u -> u.getUserId().equals(createResponse.getUser().getUserId()));
     assertTrue(foundByRoleName); 
+    patchResponse = userService.patch(loginId,
+        PatchUserRequest.builder()
+            .userTenants(
+                Arrays.asList(AssociatedTenant.builder()
+                    .tenantId(tenantId).roleNames(Arrays.asList(roleName1)).build())).build());
+    user = patchResponse.getUser();
+    assertNotNull(user);
+    searchByTenantRoleNames = userService.searchAll(
+        UserSearchRequest.builder()
+            .tenantRoleNames(
+              mapOf(tenantId, RolesList.builder().values(
+                Arrays.asList(roleName1, roleName2)).and(true).build())).build());
+    foundByRoleName = searchByTenantRoleNames.getUsers().stream()
+        .anyMatch(u -> u.getUserId().equals(createResponse.getUser().getUserId()));
+    assertFalse(foundByRoleName); 
     // Delete
     userService.delete(loginId);
     tenantService.delete(tenantId);
-    roleService.delete(roleName);
+    roleService.delete(roleName1);
+    roleService.delete(roleName2);
   }
 
   @RetryingTest(value = 3, suspendForMs = 30000, onExceptions = RateLimitExceededException.class)