From a8eda722f41ba7eda9d2f0213a6d5d14ad1f4a9c Mon Sep 17 00:00:00 2001 From: AnuragNagpure <145100366+AnuragNagpure@users.noreply.github.com> Date: Thu, 14 Nov 2024 19:45:08 +0530 Subject: [PATCH] fix(connector): change providercompany check to get access for managed connector (#1124) * adjust provider check to also allow host company * adjust unit tests * mitigate dbaccess-test race condition --------- Co-authored-by: Norbert Truchsess --- .../BusinessLogic/ConnectorsBusinessLogic.cs | 4 +-- .../Repositories/ConnectorsRepository.cs | 4 +-- .../Repositories/IConnectorsRepository.cs | 2 +- .../ConnectorsBusinessLogicTests.cs | 8 ++--- .../ConnectorRepositoryTests.cs | 29 ++++++------------- .../PortalDbContextTests.cs | 6 ++-- 6 files changed, 21 insertions(+), 32 deletions(-) diff --git a/src/administration/Administration.Service/BusinessLogic/ConnectorsBusinessLogic.cs b/src/administration/Administration.Service/BusinessLogic/ConnectorsBusinessLogic.cs index 0de31768de..ad4daa13ab 100644 --- a/src/administration/Administration.Service/BusinessLogic/ConnectorsBusinessLogic.cs +++ b/src/administration/Administration.Service/BusinessLogic/ConnectorsBusinessLogic.cs @@ -78,9 +78,9 @@ public async Task GetCompanyConnectorData(Guid connectorId) throw NotFoundException.Create(AdministrationConnectorErrors.CONNECTOR_NOT_FOUND, new ErrorParameter[] { new("connectorId", connectorId.ToString()) }); } - if (!result.IsProviderCompany) + if (!result.IsProvidingOrHostCompany) { - throw ForbiddenException.Create(AdministrationConnectorErrors.CONNECTOR_NOT_PROVIDER_COMPANY, new ErrorParameter[] { new("companyId", companyId.ToString()), new("connectorId", connectorId.ToString()) }); + throw ForbiddenException.Create(AdministrationConnectorErrors.CONNECTOR_NOT_PROVIDER_COMPANY_NOR_HOST, new ErrorParameter[] { new("companyId", companyId.ToString()), new("connectorId", connectorId.ToString()) }); } return result.ConnectorData; diff --git a/src/portalbackend/PortalBackend.DBAccess/Repositories/ConnectorsRepository.cs b/src/portalbackend/PortalBackend.DBAccess/Repositories/ConnectorsRepository.cs index f18ab6817a..e6e84fdf09 100644 --- a/src/portalbackend/PortalBackend.DBAccess/Repositories/ConnectorsRepository.cs +++ b/src/portalbackend/PortalBackend.DBAccess/Repositories/ConnectorsRepository.cs @@ -84,7 +84,7 @@ public class ConnectorsRepository(PortalDbContext dbContext) : IConnectorsReposi c.ConnectorUrl) ).SingleOrDefaultAsync(); - public Task<(ConnectorData ConnectorData, bool IsProviderCompany)> GetConnectorByIdForCompany(Guid connectorId, Guid companyId) => + public Task<(ConnectorData ConnectorData, bool IsProvidingOrHostCompany)> GetConnectorByIdForCompany(Guid connectorId, Guid companyId) => dbContext.Connectors .AsNoTracking() .Where(connector => connector.Id == connectorId && connector.StatusId != ConnectorStatusId.INACTIVE) @@ -104,7 +104,7 @@ public class ConnectorsRepository(PortalDbContext dbContext) : IConnectorsReposi connector.TechnicalUser.ClientClientId, connector.TechnicalUser.Description), connector.ConnectorUrl), - connector.ProviderId == companyId + connector.ProviderId == companyId || connector.HostId == companyId )) .SingleOrDefaultAsync(); diff --git a/src/portalbackend/PortalBackend.DBAccess/Repositories/IConnectorsRepository.cs b/src/portalbackend/PortalBackend.DBAccess/Repositories/IConnectorsRepository.cs index d8180de151..66de561158 100644 --- a/src/portalbackend/PortalBackend.DBAccess/Repositories/IConnectorsRepository.cs +++ b/src/portalbackend/PortalBackend.DBAccess/Repositories/IConnectorsRepository.cs @@ -43,7 +43,7 @@ public interface IConnectorsRepository /// Pagination.Source of connectors that allows transformation. Func?>> GetManagedConnectorsForCompany(Guid companyId); - Task<(ConnectorData ConnectorData, bool IsProviderCompany)> GetConnectorByIdForCompany(Guid connectorId, Guid companyId); + public Task<(ConnectorData ConnectorData, bool IsProvidingOrHostCompany)> GetConnectorByIdForCompany(Guid connectorId, Guid companyId); Task<(ConnectorInformationData ConnectorInformationData, bool IsProviderUser)> GetConnectorInformationByIdForIamUser(Guid connectorId, Guid userCompanyId); diff --git a/tests/administration/Administration.Service.Tests/BusinessLogic/ConnectorsBusinessLogicTests.cs b/tests/administration/Administration.Service.Tests/BusinessLogic/ConnectorsBusinessLogicTests.cs index f285541d23..fd3bb36f3f 100644 --- a/tests/administration/Administration.Service.Tests/BusinessLogic/ConnectorsBusinessLogicTests.cs +++ b/tests/administration/Administration.Service.Tests/BusinessLogic/ConnectorsBusinessLogicTests.cs @@ -1261,7 +1261,7 @@ public async Task GetConnectorOfferSubscriptionData_ReturnsList() #endregion - #region GetCompanyConnectorData + #region GetCompanyConnectorData [Fact] public async Task GetCompanyConnectorData_WithInvalid_ThrowsForbiddenException() @@ -1277,7 +1277,7 @@ public async Task GetCompanyConnectorData_WithInvalid_ThrowsForbiddenException() // Assert var ex = await Assert.ThrowsAsync(Act); - ex.Message.Should().Be(AdministrationConnectorErrors.CONNECTOR_NOT_PROVIDER_COMPANY.ToString()); + ex.Message.Should().Be(AdministrationConnectorErrors.CONNECTOR_NOT_PROVIDER_COMPANY_NOR_HOST.ToString()); } [Fact] @@ -1286,7 +1286,7 @@ public async Task GetCompanyConnectorData_WithNotExisting_ThrowsNotFoundExceptio // Arrange var connectorId = Guid.NewGuid(); A.CallTo(() => _connectorsRepository.GetConnectorByIdForCompany(connectorId, _identity.CompanyId)) - .Returns<(ConnectorData, bool)>(default); + .Returns<(ConnectorData, bool)>(default); // Act async Task Act() => await _logic.GetCompanyConnectorData(connectorId); @@ -1305,7 +1305,7 @@ public async Task GetCompanyConnectorData_WithValid_ReturnsExpected() .With(x => x.Name, "Test Connector") .Create(); A.CallTo(() => _connectorsRepository.GetConnectorByIdForCompany(connectorId, _identity.CompanyId)) - .Returns((connectorData, true)); + .Returns((connectorData, true)); // Act var result = await _logic.GetCompanyConnectorData(connectorId); diff --git a/tests/portalbackend/PortalBackend.DBAccess.Tests/ConnectorRepositoryTests.cs b/tests/portalbackend/PortalBackend.DBAccess.Tests/ConnectorRepositoryTests.cs index 518f03523a..51f3f72e6b 100644 --- a/tests/portalbackend/PortalBackend.DBAccess.Tests/ConnectorRepositoryTests.cs +++ b/tests/portalbackend/PortalBackend.DBAccess.Tests/ConnectorRepositoryTests.cs @@ -159,21 +159,24 @@ public async Task AttachAndModify_ReturnsExpected() #region GetConnectorByIdForIamUser - [Fact] - public async Task GetConnectorByIdForIamUser_ReturnsExpectedAppCount() + [Theory] + [InlineData("7e86a0b8-6903-496b-96d1-0ef508206839", "41fd2ab8-71cd-4546-9bef-a388d91b2542", true)] + [InlineData("7e86a0b8-6903-496b-96d1-0ef508206839", "2dc4249f-b5ca-4d42-bef1-7a7a950a4f87", true)] + [InlineData("7e86a0b8-6903-496b-96d1-0ef508206839", "deadbeef-dead-beef-dead-beefdeadbeef", false)] + public async Task GetConnectorByIdForIamUser_ReturnsExpected(Guid connectorId, Guid companyId, bool isProviderOrHost) { // Arrange var (sut, _) = await CreateSut(); // Act - var result = await sut.GetConnectorByIdForCompany(new Guid("7e86a0b8-6903-496b-96d1-0ef508206833"), _userCompanyId); + var result = await sut.GetConnectorByIdForCompany(connectorId, companyId); // Assert result.Should().NotBeNull(); - result.IsProviderCompany.Should().BeTrue(); - result.ConnectorData.Name.Should().Be("Test Connector 1"); + result.IsProvidingOrHostCompany.Should().Be(isProviderOrHost); + result.ConnectorData.Name.Should().Be("Test Connector 2"); result.ConnectorData.TechnicalUser.Should().BeNull(); - result.ConnectorData.ConnectorUrl.Should().Be("www.connector1.de"); + result.ConnectorData.ConnectorUrl.Should().Be("www.connector2.de"); } [Fact] @@ -189,20 +192,6 @@ public async Task GetConnectorByIdForIamUser_WithoutExistingId_ReturnsDefault() result.Should().Be(default); } - [Fact] - public async Task GetConnectorByIdForIamUser_WithoutMatchingUser_ReturnsIsProviderUserFalse() - { - // Arrange - var (sut, _) = await CreateSut(); - - // Act - var result = await sut.GetConnectorByIdForCompany(new Guid("5aea3711-cc54-47b4-b7eb-ba9f3bf1cb15"), Guid.NewGuid()); - - // Assert - result.Should().NotBeNull(); - result.IsProviderCompany.Should().BeFalse(); - } - #endregion #region GetConnectorInformationByIdForIamUser diff --git a/tests/portalbackend/PortalBackend.DBAccess.Tests/PortalDbContextTests.cs b/tests/portalbackend/PortalBackend.DBAccess.Tests/PortalDbContextTests.cs index e7ffdd4caa..2ddb707b04 100644 --- a/tests/portalbackend/PortalBackend.DBAccess.Tests/PortalDbContextTests.cs +++ b/tests/portalbackend/PortalBackend.DBAccess.Tests/PortalDbContextTests.cs @@ -94,7 +94,7 @@ public async Task SaveCreatedAuditableEntity_SetsLastEditorId() ca.DateLastChanged.Should().Be(now); var auditEntries = await sut.AuditCompanyApplication20231115.Where(x => x.Id == id).ToListAsync(); auditEntries.Should().ContainSingle().Which.Should().Match( - x => x.ApplicationStatusId == CompanyApplicationStatusId.CREATED && (x.DateCreated - before) < TimeSpan.FromSeconds(1) && x.AuditV1OperationId == AuditOperationId.INSERT && (x.AuditV1DateLastChanged - now) < TimeSpan.FromSeconds(1) && x.LastEditorId == new Guid("ac1cf001-7fbc-1f2f-817f-bce058020001")); + x => x.ApplicationStatusId == CompanyApplicationStatusId.CREATED && (x.DateCreated - before) < TimeSpan.FromSeconds(2) && x.AuditV1OperationId == AuditOperationId.INSERT && (x.AuditV1DateLastChanged - now) < TimeSpan.FromSeconds(2) && x.LastEditorId == new Guid("ac1cf001-7fbc-1f2f-817f-bce058020001")); await trans.RollbackAsync(); } @@ -124,8 +124,8 @@ public async Task SaveDeletedAuditableEntity_SetsLastEditorId() ca.DateLastChanged.Should().Be(later); var auditEntries = await sut.AuditCompanyApplication20231115.Where(x => x.Id == id).ToListAsync(); auditEntries.Should().HaveCount(2).And.Satisfy( - x => x.ApplicationStatusId == CompanyApplicationStatusId.CREATED && (x.DateCreated - before) < TimeSpan.FromSeconds(1) && x.AuditV1OperationId == AuditOperationId.INSERT && x.LastEditorId == new Guid("ac1cf001-7fbc-1f2f-817f-bce058020001"), - x => x.ApplicationStatusId == CompanyApplicationStatusId.CREATED && (x.DateCreated - before) < TimeSpan.FromSeconds(1) && x.AuditV1OperationId == AuditOperationId.DELETE && (x.AuditV1DateLastChanged - later) < TimeSpan.FromSeconds(1) && x.LastEditorId == new Guid("ac1cf001-7fbc-1f2f-817f-bce058020001")); + x => x.ApplicationStatusId == CompanyApplicationStatusId.CREATED && (x.DateCreated - before) < TimeSpan.FromSeconds(2) && x.AuditV1OperationId == AuditOperationId.INSERT && x.LastEditorId == new Guid("ac1cf001-7fbc-1f2f-817f-bce058020001"), + x => x.ApplicationStatusId == CompanyApplicationStatusId.CREATED && (x.DateCreated - before) < TimeSpan.FromSeconds(2) && x.AuditV1OperationId == AuditOperationId.DELETE && (x.AuditV1DateLastChanged - later) < TimeSpan.FromSeconds(2) && x.LastEditorId == new Guid("ac1cf001-7fbc-1f2f-817f-bce058020001")); await trans.RollbackAsync(); }