AYS-343 | Institution Control for Role Activation Has Been Implemented (#359)

Author: egehanasal

src/main/java/org/ays/auth/service/impl/AysRoleUpdateServiceImpl.java

@@ -88,6 +88,7 @@ public void update(final String id,
     @Override
     public void activate(String id) {
         final AysRole role = roleReadPort.findById(id)
+                .filter(roleFromDatabase -> identity.getInstitutionId().equals(roleFromDatabase.getInstitution().getId()))
                 .orElseThrow(() -> new AysRoleNotExistByIdException(id));
 
         if (!role.isPassive()) {

src/test/java/org/ays/auth/controller/AysRoleControllerTest.java

@@ -683,12 +683,12 @@ void givenValidIdAndInvalidRoleUpdateRequest_whenPermissionIdIsNotValid_thenRetu
     void givenValidId_whenRoleActivated_thenReturnSuccess() throws Exception {
 
         // Given
-        String mockId = AysRandomUtil.generateUUID();
+        String mockId = "3ce7dace-e006-459c-b3c0-693bf2a36e26";
 
         // When
         Mockito.doNothing()
                 .when(roleUpdateService)
-                .activate(Mockito.any());
+                .activate(Mockito.anyString());
 
         // Then
         String endpoint = BASE_PATH.concat("/role/".concat(mockId).concat("/activate"));
@@ -708,6 +708,30 @@ void givenValidId_whenRoleActivated_thenReturnSuccess() throws Exception {
                 .activate(Mockito.anyString());
     }
 
+    @Test
+    void givenValidId_whenUserUnauthorizedForActivation_thenReturnAccessDeniedException() throws Exception {
+
+        // Given
+        String mockId = "8c19bb92-5f11-4752-a93f-11c440d1725b";
+
+        // Then
+        String endpoint = BASE_PATH.concat("/role/").concat(mockId).concat("/activate");
+        MockHttpServletRequestBuilder mockHttpServletRequestBuilder = AysMockMvcRequestBuilders
+                .patch(endpoint, mockUserToken.getAccessToken());
+
+        AysErrorResponse mockErrorResponse = AysErrorBuilder.FORBIDDEN;
+
+        aysMockMvc.perform(mockHttpServletRequestBuilder, mockErrorResponse)
+                .andExpect(AysMockResultMatchersBuilders.status()
+                        .isForbidden())
+                .andExpect(AysMockResultMatchersBuilders.subErrors()
+                        .doesNotExist());
+
+        // Verify
+        Mockito.verify(roleUpdateService, Mockito.never())
+                .activate(Mockito.anyString());
+    }
+
     @ParameterizedTest
     @ValueSource(strings = {
             "A",

src/test/java/org/ays/auth/controller/AysRoleEndToEndTest.java

@@ -23,7 +23,6 @@
 import org.ays.common.model.response.AysResponseBuilder;
 import org.ays.institution.model.Institution;
 import org.ays.institution.model.InstitutionBuilder;
-import org.ays.institution.port.InstitutionSavePort;
 import org.ays.util.AysMockMvcRequestBuilders;
 import org.ays.util.AysMockResultMatchersBuilders;
 import org.ays.util.AysValidTestData;
@@ -42,9 +41,6 @@
 
 class AysRoleEndToEndTest extends AysEndToEndTest {
 
-    @Autowired
-    private InstitutionSavePort institutionSavePort;
-
     @Autowired
     private AysRoleSavePort roleSavePort;
 
@@ -484,17 +480,16 @@ void givenValidRoleUpdateRequest_whenRoleUpdated_thenReturnSuccess() throws Exce
     void givenId_whenRoleActivated_thenReturnSuccess() throws Exception {
 
         // Initialize
-        Institution institution = institutionSavePort.save(
-                new InstitutionBuilder()
-                        .withValidValues()
-                        .withoutId()
-                        .build()
-        );
-        List<AysPermission> permissions = permissionReadPort.findAll();
+        Institution institution = new InstitutionBuilder()
+                .withId(AysValidTestData.Admin.INSTITUTION_ID)
+                .build();
+
+        List<AysPermission> permissions = permissionReadPort.findAllByIsSuperFalse();
         AysRole role = roleSavePort.save(
                 new AysRoleBuilder()
                         .withValidValues()
                         .withoutId()
+                        .withName("buBirRol")
                         .withStatus(AysRoleStatus.PASSIVE)
                         .withInstitution(institution)
                         .withPermissions(permissions)
@@ -507,7 +502,7 @@ void givenId_whenRoleActivated_thenReturnSuccess() throws Exception {
         // Then
         String endpoint = BASE_PATH.concat("/role/".concat(id).concat("/activate"));
         MockHttpServletRequestBuilder mockHttpServletRequestBuilder = AysMockMvcRequestBuilders
-                .patch(endpoint, superAdminToken.getAccessToken());
+                .patch(endpoint, adminToken.getAccessToken());
 
         AysResponse<Void> mockResponse = AysResponseBuilder.SUCCESS;
 

src/test/java/org/ays/auth/service/impl/AysRoleUpdateServiceImplTest.java

@@ -452,13 +452,21 @@ void givenValidIdAndRoleUpdateRequest_whenPermissionsNotExists_thenThrowAysPermi
 
     @Test
     void givenValidId_whenRoleIsPassive_thenActivateRole() {
+
         // Given
-        String mockId = AysRandomUtil.generateUUID();
+        String mockId = "c1614e48-725f-4c5f-88e8-4442332d0f57";
 
         // When
+        Institution mockInstitution = new InstitutionBuilder()
+                .withValidValues()
+                .build();
+        Mockito.when(identity.getInstitutionId())
+                .thenReturn(mockInstitution.getId());
+
         AysRole mockRole = new AysRoleBuilder()
                 .withValidValues()
                 .withId(mockId)
+                .withInstitution(mockInstitution)
                 .withStatus(AysRoleStatus.PASSIVE)
                 .build();
 
@@ -472,6 +480,9 @@ void givenValidId_whenRoleIsPassive_thenActivateRole() {
         roleUpdateService.activate(mockId);
 
         // Verify
+        Mockito.verify(identity, Mockito.times(1))
+                .getInstitutionId();
+
         Mockito.verify(roleReadPort, Mockito.times(1))
                 .findById(Mockito.anyString());
 
@@ -490,12 +501,19 @@ void givenValidId_whenRoleIsNotPassive_thenThrowAysInvalidRoleStatusException(St
         AysRoleStatus status = AysRoleStatus.valueOf(roleStatus);
 
         // Given
-        String mockId = AysRandomUtil.generateUUID();
+        String mockId = "f0229414-0179-4a56-bead-1ce03e168539";
 
         // When
+        Institution mockInstitution = new InstitutionBuilder()
+                .withValidValues()
+                .build();
+        Mockito.when(identity.getInstitutionId())
+                .thenReturn(mockInstitution.getId());
+
         AysRole mockRole = new AysRoleBuilder()
                 .withValidValues()
                 .withId(mockId)
+                .withInstitution(mockInstitution)
                 .withStatus(status)
                 .build();
 
@@ -509,6 +527,9 @@ void givenValidId_whenRoleIsNotPassive_thenThrowAysInvalidRoleStatusException(St
         );
 
         // Verify
+        Mockito.verify(identity, Mockito.times(1))
+                .getInstitutionId();
+
         Mockito.verify(roleReadPort, Mockito.times(1))
                 .findById(Mockito.anyString());
 
@@ -518,9 +539,10 @@ void givenValidId_whenRoleIsNotPassive_thenThrowAysInvalidRoleStatusException(St
     }
 
     @Test
-    void givenValidId_whenRoleNotFound_thenThrowAysRoleNotExistByIdException() {
+    void givenValidId_whenRoleNotFoundForActivation_thenThrowAysRoleNotExistByIdException() {
+
         // Given
-        String mockId = AysRandomUtil.generateUUID();
+        String mockId = "f6ecfa12-17e0-4294-a8fb-6598224fcd93";
 
         // When
         Mockito.when(roleReadPort.findById(Mockito.anyString()))
@@ -538,6 +560,9 @@ void givenValidId_whenRoleNotFound_thenThrowAysRoleNotExistByIdException() {
 
         Mockito.verify(roleSavePort, Mockito.never())
                 .save(Mockito.any(AysRole.class));
+
+        Mockito.verify(identity, Mockito.never())
+                .getInstitutionId();
     }