AYS-243 | Prevent Role Passivation if Assigned to a User (#363)

Author: egehanasal

src/main/java/org/ays/auth/service/impl/AysRoleUpdateServiceImpl.java

@@ -103,13 +103,14 @@ public void activate(String id) {
     /**
      * Passivates an existing role.
      * <p>
-     * This method sets the status of the role identified by its ID to passivate. If the role does not exist,
-     * an exception is thrown. Additionally, if the role's status is not {@link AysRoleStatus#ACTIVE},
-     * an exception is thrown.
+     * This method sets the status of the role identified by its ID to passivate.
+     * It also verifies that the role belongs to the same institution as the current user's institution
+     * and no user is assigned to the role.
      * </p>
      *
      * @param id The ID of the role to passivate.
      * @throws AysRoleNotExistByIdException  if a role with the given ID does not exist.
+     * @throws AysRoleAssignedToUserException if any user is assigned to the role.
      * @throws AysInvalidRoleStatusException if the role's current status is not {@link AysRoleStatus#ACTIVE}.
      */
     @Override
@@ -118,6 +119,10 @@ public void passivate(String id) {
                 .filter(roleFromDatabase -> identity.getInstitutionId().equals(roleFromDatabase.getInstitution().getId()))
                 .orElseThrow(() -> new AysRoleNotExistByIdException(id));
 
+        if (roleReadPort.isRoleUsing(id)) {
+            throw new AysRoleAssignedToUserException(id);
+        }
+
         if (!role.isActive()) {
             throw new AysInvalidRoleStatusException(AysRoleStatus.ACTIVE);
         }

src/test/java/org/ays/auth/controller/AysRoleControllerTest.java

@@ -836,6 +836,35 @@ void givenId_whenIdIsNotValidForPassivation_thenReturnValidationError(String inv
                 .passivate(Mockito.anyString());
     }
 
+    @Test
+    void givenValidIdForPassivation_whenRoleUsing_thenReturnConflict() throws Exception {
+
+        // Given
+        String mockId = "13e8ff0e-8d85-4f4f-8e45-efb04d1d8bf8";
+
+        // When
+        Mockito.doThrow(new AysRoleAssignedToUserException(mockId))
+                .when(roleUpdateService)
+                .passivate(mockId);
+
+        // Then
+        String endpoint = BASE_PATH.concat("/role/".concat(mockId).concat("/passivate"));
+        MockHttpServletRequestBuilder mockHttpServletRequestBuilder = AysMockMvcRequestBuilders
+                .patch(endpoint, mockSuperAdminToken.getAccessToken());
+
+        AysErrorResponse mockErrorResponse = AysErrorBuilder.ALREADY_EXIST;
+
+        aysMockMvc.perform(mockHttpServletRequestBuilder, mockErrorResponse)
+                .andExpect(AysMockResultMatchersBuilders.status()
+                        .isConflict())
+                .andExpect(AysMockResultMatchersBuilders.subErrors()
+                        .doesNotExist());
+
+        // Verify
+        Mockito.verify(roleUpdateService, Mockito.times(1))
+                .passivate(mockId);
+    }
+
 
     @Test
     void givenValidId_whenRoleDeleted_thenReturnSuccess() throws Exception {

src/test/java/org/ays/auth/service/impl/AysRoleUpdateServiceImplTest.java

@@ -727,6 +727,47 @@ void givenValidId_whenInstitutionIdDoesNotMatch_thenThrowAysRoleNotExistByIdExce
                 .save(mockRole);
     }
 
+    @Test
+    void givenValidIdForPassivation_whenRoleUsing_thenThrowRoleAssignedToUserException() {
+
+        // Given
+        String mockId = "731f4ba4-c34b-41c3-b488-d9a0c69904a3";
+
+        // When
+        AysRole mockRole = new AysRoleBuilder()
+                .withValidValues()
+                .withId(mockId)
+                .build();
+
+        Mockito.when(roleReadPort.findById(Mockito.anyString()))
+                .thenReturn(Optional.of(mockRole));
+
+        Mockito.when(identity.getInstitutionId())
+                .thenReturn(mockRole.getInstitution().getId());
+
+        Mockito.when(roleReadPort.isRoleUsing(Mockito.anyString()))
+                .thenReturn(true);
+
+        // Then
+        Assertions.assertThrows(
+                AysRoleAssignedToUserException.class,
+                () -> roleUpdateService.passivate(mockId)
+        );
+
+        // Verify
+        Mockito.verify(roleReadPort, Mockito.times(1))
+                .findById(Mockito.anyString());
+
+        Mockito.verify(roleReadPort, Mockito.times(1))
+                .isRoleUsing(Mockito.anyString());
+
+        Mockito.verify(identity, Mockito.times(1))
+                .getInstitutionId();
+
+        Mockito.verify(roleSavePort, Mockito.never())
+                .save(Mockito.any(AysRole.class));
+    }
+
 
     @Test
     void givenValidId_whenRoleFound_thenDeleteRole() {