Merge branch 'feature/shibui-2393' of bitbucket.org:unicon/shib-idp-u…

…i into feature/shibui-2393
TIER · Dec 6, 2022 · f0b3462 · f0b3462
2 parents be3ea5c + 988ac5d
commit f0b3462
Show file tree

Hide file tree

Showing 9 changed files with 41 additions and 13 deletions.
diff --git a/...main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupController.java b/...main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupController.java
@@ -6,6 +6,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.exception.InvalidGroupRegexException;
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Group;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService;
+import edu.internet2.tier.shibboleth.admin.ui.service.DynamicRegistrationService;
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import io.swagger.v3.oas.annotations.tags.Tags;
@@ -33,6 +34,9 @@ public class GroupController {
     @Autowired
     private EntityDescriptorService entityDescriptorService;
 
+    @Autowired
+    private DynamicRegistrationService dynamicRegistrationService;
+
     @Secured("ROLE_ADMIN")
     @PostMapping
     @Transactional
@@ -71,6 +75,7 @@ public ResponseEntity<?> getOne(@PathVariable String resourceId) throws Persiste
     public ResponseEntity<?> update(@RequestBody Group group) throws PersistentEntityNotFound, InvalidGroupRegexException {
         Group result = groupService.updateGroup(group);
         entityDescriptorService.checkApprovalStatusOfEntitiesForGroup(result);
+        dynamicRegistrationService.checkApprovalStatusOfEntitiesForGroup(result);
         return ResponseEntity.ok(result);
     }
 }
diff --git a/.../edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiPermissionDelegate.java b/.../edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiPermissionDelegate.java
@@ -59,24 +59,18 @@ public Collection getPersistentEntities(Authentication ignored, ShibUiPermissibl
             case approve:
                 return getAllDynamicRegistrationInfoObjectsNeedingApprovalBasedOnUserAccess();
             case enable:
-                return getAllDynamicRegistrationNeedingEnabledByUserAccess();
+                // This particular list is used for an admin function, so the user must be an ADMIN
+                if (!hasPermission(ignored, null, PermissionType.admin)) {
+                    throw new ForbiddenException();
+                }
+                dynamicRegistrationInfoRepository.getDynamicRegistrationsNeedingEnabling();
             case fetch:
                 return getAllDynamicRegistrationInfoObjectsBasedOnUserAccess();
             }
         }
         return null;
     }
 
-    private Collection getAllDynamicRegistrationNeedingEnabledByUserAccess() throws ForbiddenException {
-        if (userService.currentUserIsAdmin()) {
-            return dynamicRegistrationInfoRepository.getDynamicRegistrationsNeedingEnabling();
-        } else if (userService.currentUserCanEnable()) {
-            return dynamicRegistrationInfoRepository.getDynamicRegistrationsNeedingEnabling(userService.getCurrentUser().getGroupId());
-        }
-        throw new ForbiddenException("User has no access rights to enable");
-
-    }
-
     private List<DynamicRegistrationInfo> getAllDynamicRegistrationInfoObjectsNeedingApprovalBasedOnUserAccess() {
         List<String> groupsToApprove = userService.getGroupsCurrentUserCanApprove();
         return dynamicRegistrationInfoRepository.getAllNeedingApproval(groupsToApprove);

diff --git a/...rnet2/tier/shibboleth/admin/ui/security/repository/DynamicRegistrationInfoRepository.java b/...rnet2/tier/shibboleth/admin/ui/security/repository/DynamicRegistrationInfoRepository.java
@@ -11,6 +11,9 @@
 public interface DynamicRegistrationInfoRepository extends JpaRepository<DynamicRegistrationInfo, String> {
     List<DynamicRegistrationInfo> findAllByIdOfOwner(String idOfOwner);
 
+    @Query(value="SELECT dri.resourceId FROM DynamicRegistrationInfo dri WHERE dri.idOfOwner = :groupId AND dri.enabled = false")
+    List<String> findAllResourceIdsByIdOfOwnerAndNotEnabled(@Param("groupId") String groupId);
+
     DynamicRegistrationInfo findByResourceId(String id);
 
     @Query(value = "SELECT dri FROM DynamicRegistrationInfo dri " +

diff --git a/.../main/java/edu/internet2/tier/shibboleth/admin/ui/service/DynamicRegistrationService.java b/.../main/java/edu/internet2/tier/shibboleth/admin/ui/service/DynamicRegistrationService.java
@@ -6,6 +6,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException;
 import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound;
 import edu.internet2.tier.shibboleth.admin.ui.exception.UnsupportedShibUiOperationException;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.Group;
 import org.springframework.http.HttpStatus;
 
 import java.util.List;
@@ -14,6 +15,8 @@ public interface DynamicRegistrationService {
     DynamicRegistrationRepresentation approveDynamicRegistration(String resourceId, boolean status)
                     throws PersistentEntityNotFound, ForbiddenException;
 
+    void checkApprovalStatusOfEntitiesForGroup(Group result);
+
     DynamicRegistrationRepresentation createNew(DynamicRegistrationRepresentation dynRegRepresentation) throws ObjectIdExistsException,
                     MissingRequiredFieldsException;
 

diff --git a/...ava/edu/internet2/tier/shibboleth/admin/ui/service/JPADynamicRegistrationServiceImpl.java b/...ava/edu/internet2/tier/shibboleth/admin/ui/service/JPADynamicRegistrationServiceImpl.java
@@ -1,5 +1,6 @@
 package edu.internet2.tier.shibboleth.admin.ui.service;
 
+import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor;
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.DynamicRegistrationRepresentation;
 import edu.internet2.tier.shibboleth.admin.ui.domain.oidc.DynamicRegistrationInfo;
 import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException;
@@ -146,6 +147,7 @@ public HttpStatus enableDynamicRegistration(String resourceId) throws Persistent
         HttpStatus status = shibRestTemplateDelegate.sendRequest(existingDri);
         if (status == HttpStatus.CREATED || status == HttpStatus.OK) {
             existingDri.setEnabled(true);
+            existingDri.setApproved(true);
             repository.save(existingDri);
         }
         return status;
@@ -236,4 +238,18 @@ public DynamicRegistrationRepresentation updateGroupForDynamicRegistration(Strin
         DynamicRegistrationInfo savedEntity = repository.save(existingDri);
         return new DynamicRegistrationRepresentation(savedEntity);
     }
+
+    /**
+     * Update the approval status of entities that were in some approval state but the group approvers were added/removed.
+     */
+    @Override
+    public void checkApprovalStatusOfEntitiesForGroup(Group group) {
+        repository.findAllResourceIdsByIdOfOwnerAndNotEnabled(group.getResourceId()).forEach(id -> {
+            DynamicRegistrationInfo dri = repository.findByResourceId(id);
+            int approvedCount = dri.approvedCount(); // total number of approvals so far
+            List<Approvers> theApprovers = groupService.find(dri.getIdOfOwner()).getApproversList();
+            dri.setApproved(approvedCount >= theApprovers.size());
+            dri = repository.save(dri);
+        });
+    }
 }
diff --git a/...net2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy b/...net2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy
@@ -9,6 +9,7 @@ import edu.internet2.tier.shibboleth.admin.ui.security.model.Group
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Role
 import edu.internet2.tier.shibboleth.admin.ui.security.model.User
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository
+import edu.internet2.tier.shibboleth.admin.ui.service.DynamicRegistrationService
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityDescriptorServiceImpl
 import edu.internet2.tier.shibboleth.admin.ui.util.WithMockAdmin
 import groovy.json.JsonOutput
@@ -32,6 +33,9 @@ class GroupsControllerIntegrationTests extends AbstractBaseDataJpaTest {
     @Autowired
     GroupsRepository groupsRepository
 
+    @Autowired
+    private DynamicRegistrationService dynamicRegistrationService
+
     @Autowired
     JPAEntityDescriptorServiceImpl service
 
@@ -44,6 +48,7 @@ class GroupsControllerIntegrationTests extends AbstractBaseDataJpaTest {
         GroupController groupController = new GroupController().with ({
             it.groupService = this.groupService
             it.entityDescriptorService = this.service
+            it.dynamicRegistrationService = this.dynamicRegistrationService
             it
         })
         mockMvc = MockMvcBuilders.standaloneSetup(groupController).build()

diff --git a/ui/src/app/dynamic-registration/component/DynamicRegistrationList.js b/ui/src/app/dynamic-registration/component/DynamicRegistrationList.js
@@ -103,7 +103,7 @@ export function DynamicRegistrationList ({entities, children, onChangeGroup, onD
                                                 className="form-control"
                                                 onChange={(event) => onChangeGroup(reg, event.target.value)}
                                                 value={reg.idOfOwner ? reg.idOfOwner : ''}
-                                                disabled={loadingGroups}
+                                                disabled={loadingGroups || reg.enabled}
                                                 disablevalidation="true">
                                                 <option>Select Group</option>
                                                 {groups.map((g, ridx) => (

diff --git a/ui/src/app/dynamic-registration/view/DynamicRegistrationDetail.js b/ui/src/app/dynamic-registration/view/DynamicRegistrationDetail.js
@@ -86,7 +86,7 @@ export function DynamicRegistrationDetail () {
                                                                     className="form-control form-control-sm"
                                                                     onChange={({target: {value}}) => changeGroup({ registration: detail, group: value })}
                                                                     value={detail.idOfOwner}
-                                                                    disabled={loadingGroups}
+                                                                    disabled={loadingGroups || detail.enabled}
                                                                     disablevalidation="true">
                                                                     <option>Select Group</option>
                                                                     {groups.map((g, ridx) => (

diff --git a/ui/src/app/store/dynamic-registration/DynamicRegistrationSlice.js b/ui/src/app/store/dynamic-registration/DynamicRegistrationSlice.js
@@ -13,12 +13,14 @@ export const DynamicRegistrationApi = createApi({
         url: `/DynamicRegistrations`
       }),
       providesTags: ['DynamicRegistration'],
+      // transformResponse: (registrations) => [...registrations.map(r => ({...r, enabled: true}))]
     }),
     selectDynamicRegistration: builder.query({
       query: ({id}) => ({
         url: `/DynamicRegistration/${id}`
       }),
       providesTags: ['DynamicRegistration'],
+      // transformResponse: (reg) => ({...reg, enabled: true})
     }),
     getDisabledRegistrations: builder.query({
       query: () => ({