From 356bc7efc3cd908a56e991572061e17e3003c0bf Mon Sep 17 00:00:00 2001
From: felmer <franz-josef.elmer@id.ethz.ch>
Date: Thu, 27 Jul 2023 20:21:53 +0200
Subject: [PATCH] SSDM-13800: handle case when ignored users are in a group to
be deleted
---
.../generic/server/task/UserManager.java | 8 ++--
.../systemtest/task/UserManagerTest.java | 42 +++++++++++++++++++
2 files changed, 47 insertions(+), 3 deletions(-)
diff --git a/server-application-server/source/java/ch/systemsx/cisd/openbis/generic/server/task/UserManager.java b/server-application-server/source/java/ch/systemsx/cisd/openbis/generic/server/task/UserManager.java
index 20da322ca1d..dd8ac2d8865 100644
--- a/server-application-server/source/java/ch/systemsx/cisd/openbis/generic/server/task/UserManager.java
+++ b/server-application-server/source/java/ch/systemsx/cisd/openbis/generic/server/task/UserManager.java
@@ -267,7 +267,7 @@ public class UserManager
}
CurrentState currentState = loadCurrentState(sessionToken, service);
manageInstanceAdmins(sessionToken, currentState, report);
- removeGroups(sessionToken, currentState, groupsToBeRemoved, report);
+ removeGroups(sessionToken, currentState, groupsToBeRemoved, usersToBeIgnored, report);
for (Entry<String, Map<String, Principal>> entry : usersByGroupCode.entrySet())
{
String groupCode = entry.getKey();
@@ -348,13 +348,15 @@ public class UserManager
}
private void removeGroups(String sessionToken, CurrentState currentState, List<AuthorizationGroup> groups,
- UserManagerReport report)
+ Set<String> usersToBeIgnored, UserManagerReport report)
{
List<IAuthorizationGroupId> groupIds = new ArrayList<>();
Context context = new Context(sessionToken, service, currentState, report);
for (AuthorizationGroup group : groups)
{
- removeUsersFromGroup(context, group.getCode(), extractUserIds(group));
+ Set<String> users = extractUserIds(group);
+ users.removeAll(usersToBeIgnored);
+ removeUsersFromGroup(context, group.getCode(), users);
groupIds.add(group.getPermId());
report.removeGroup(group.getCode());
String adminGroupCode = group.getCode() + ADMIN_POSTFIX;
diff --git a/server-application-server/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/task/UserManagerTest.java b/server-application-server/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/task/UserManagerTest.java
index 172740e4887..c065cfd6075 100644
--- a/server-application-server/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/task/UserManagerTest.java
+++ b/server-application-server/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/task/UserManagerTest.java
@@ -1064,6 +1064,48 @@ public class UserManagerTest extends AbstractTest
builder.assertExpectations();
}
+ @Test
+ public void testRemoveAGroupWithAUserToBeIgnored()
+ {
+ // Given
+ // 1. create group G1 with users U1 (admin) and group G2 with U2 (admin) and U3
+ MockLogger logger = new MockLogger();
+ Map<Role, List<String>> commonSpaces = commonSpaces();
+ UserManager userManager = new UserManagerBuilder(v3api, logger, report()).commonSpaces(commonSpaces).get();
+ List<String> globalSpaces = Arrays.asList("A", "B");
+ userManager.setGlobalSpaces(globalSpaces);
+ userManager.addGroup(new UserGroupAsBuilder("G1").admins(U1), users(U1));
+ userManager.addGroup(new UserGroupAsBuilder("G2").admins(U2), users(U2, U3));
+ assertEquals(manage(userManager).getErrorReport(), "");
+ // 2. remove group G2
+ userManager = new UserManagerBuilder(v3api, logger, report()).commonSpaces(commonSpaces).get();
+ userManager.setGlobalSpaces(globalSpaces);
+ userManager.addGroup(new UserGroupAsBuilder("G1").admins(U1), users(U1));
+
+ // When
+ UserManagerReport report = manage(userManager, Collections.singleton(U3.getUserId()));
+
+ // Then
+ assertEquals(report.getErrorReport(), "");
+ assertEquals(report.getAuditLog(), "1970-01-01 01:00:00 [REMOVE-USER-FROM-AUTHORIZATION-GROUP] group: G2, user: u2\n"
+ + "1970-01-01 01:00:01 [REMOVE-USER-FROM-AUTHORIZATION-GROUP] group: G2_ADMIN, user: u2\n"
+ + "1970-01-01 01:00:02 [UNASSIGN-ROLE-FORM-USER] user: u2, role: SPACE_ADMIN for G2_U2\n"
+ + "1970-01-01 01:00:03 [REMOVE-AUTHORIZATION-GROUP] G2\n"
+ + "1970-01-01 01:00:04 [REMOVE-AUTHORIZATION-GROUP] G2_ADMIN\n"
+ + "1970-01-01 01:00:05 [REMOVE-USER-FROM-AUTHORIZATION-GROUP] group: ALL_GROUPS, user: u2\n");
+ UserManagerExpectationsBuilder builder = createBuilder();
+ builder.groups("G1").commonSpaces(commonSpaces).users(U1);
+ builder.usersWithoutAuthentication(U2);
+ builder.space("G1_ALPHA").admin(U1);
+ builder.space("G1_BETA").admin(U1);
+ builder.space("G1_GAMMA").admin(U1);
+ builder.space("G2_U3").non(U1).admin(U3);
+ builder.homeSpace(U1, "G1_U1");
+ builder.homeSpace(U2, "G2_U2");
+ builder.homeSpace(U3, "G2_U3");
+ builder.assertExpectations();
+ }
+
@Test
public void testRemoveAGroupAndAddItAgain()
{
--
GitLab