SHIBUI-2393/2493

fixed issue when changing dynamic registration group
TIER · Dec 6, 2022 · 988ac5d · 988ac5d
1 parent d7cd6fb
commit 988ac5d
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 11 deletions.
diff --git a/.../edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiPermissionDelegate.java b/.../edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiPermissionDelegate.java
@@ -59,24 +59,18 @@ public Collection getPersistentEntities(Authentication ignored, ShibUiPermissibl
             case approve:
                 return getAllDynamicRegistrationInfoObjectsNeedingApprovalBasedOnUserAccess();
             case enable:
-                return getAllDynamicRegistrationNeedingEnabledByUserAccess();
+                // This particular list is used for an admin function, so the user must be an ADMIN
+                if (!hasPermission(ignored, null, PermissionType.admin)) {
+                    throw new ForbiddenException();
+                }
+                dynamicRegistrationInfoRepository.getDynamicRegistrationsNeedingEnabling();
             case fetch:
                 return getAllDynamicRegistrationInfoObjectsBasedOnUserAccess();
             }
         }
         return null;
     }
 
-    private Collection getAllDynamicRegistrationNeedingEnabledByUserAccess() throws ForbiddenException {
-        if (userService.currentUserIsAdmin()) {
-            return dynamicRegistrationInfoRepository.getDynamicRegistrationsNeedingEnabling();
-        } else if (userService.currentUserCanEnable()) {
-            return dynamicRegistrationInfoRepository.getDynamicRegistrationsNeedingEnabling(userService.getCurrentUser().getGroupId());
-        }
-        throw new ForbiddenException("User has no access rights to enable");
-
-    }
-
     private List<DynamicRegistrationInfo> getAllDynamicRegistrationInfoObjectsNeedingApprovalBasedOnUserAccess() {
         List<String> groupsToApprove = userService.getGroupsCurrentUserCanApprove();
         return dynamicRegistrationInfoRepository.getAllNeedingApproval(groupsToApprove);

diff --git a/...net2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy b/...net2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy
@@ -9,6 +9,7 @@ import edu.internet2.tier.shibboleth.admin.ui.security.model.Group
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Role
 import edu.internet2.tier.shibboleth.admin.ui.security.model.User
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository
+import edu.internet2.tier.shibboleth.admin.ui.service.DynamicRegistrationService
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityDescriptorServiceImpl
 import edu.internet2.tier.shibboleth.admin.ui.util.WithMockAdmin
 import groovy.json.JsonOutput
@@ -32,6 +33,9 @@ class GroupsControllerIntegrationTests extends AbstractBaseDataJpaTest {
     @Autowired
     GroupsRepository groupsRepository
 
+    @Autowired
+    private DynamicRegistrationService dynamicRegistrationService
+
     @Autowired
     JPAEntityDescriptorServiceImpl service
 
@@ -44,6 +48,7 @@ class GroupsControllerIntegrationTests extends AbstractBaseDataJpaTest {
         GroupController groupController = new GroupController().with ({
             it.groupService = this.groupService
             it.entityDescriptorService = this.service
+            it.dynamicRegistrationService = this.dynamicRegistrationService
             it
         })
         mockMvc = MockMvcBuilders.standaloneSetup(groupController).build()