diff --git a/.travis.yml b/.travis.yml index 97aa62e4..6422f6b0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,7 +6,7 @@ branches: only: - dev - master - - hotfix + - /^hotfix.*$/ - grails3 - experimental_jwt - /^feature.*$/ diff --git a/grails-app/controllers/au/org/ala/userdetails/PropertyController.groovy b/grails-app/controllers/au/org/ala/userdetails/PropertyController.groovy index 2e28a43f..6ffd14b1 100644 --- a/grails-app/controllers/au/org/ala/userdetails/PropertyController.groovy +++ b/grails-app/controllers/au/org/ala/userdetails/PropertyController.groovy @@ -89,7 +89,7 @@ class PropertyController extends BaseController { ) @Path("getProperty") @Produces("application/json") - @PreAuthorise(requiredScope = 'users/read') + @PreAuthorise(requiredScope = 'users/read', requiredRole = '') def getProperty() { String name = params.name Long alaId = params.long('alaId') @@ -166,7 +166,7 @@ class PropertyController extends BaseController { ) @Path("saveProperty") @Produces("application/json") - @PreAuthorise(requiredScope = 'users/write') + @PreAuthorise(requiredScope = 'users/write', requiredRole = '') def saveProperty(){ String name = params.name; String value = params.value; diff --git a/src/test/groovy/au/org/ala/userdetails/PropertyControllerSpec.groovy b/src/test/groovy/au/org/ala/userdetails/PropertyControllerSpec.groovy new file mode 100644 index 00000000..df688edf --- /dev/null +++ b/src/test/groovy/au/org/ala/userdetails/PropertyControllerSpec.groovy @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2022 Atlas of Living Australia + * All Rights Reserved. + * + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + */ + +package au.org.ala.userdetails + +import au.org.ala.ws.security.JwtProperties +import grails.converters.JSON +import grails.testing.gorm.DataTest +import grails.testing.web.controllers.ControllerUnitTest + +class PropertyControllerSpec extends UserDetailsSpec implements ControllerUnitTest, DataTest{ + + def profileService = Mock(ProfileService) + + static doWithSpring = { + jwtProperties(JwtProperties) { + enabled = true + fallbackToLegacyBehaviour = true + } + authorisedSystemService(UserDetailsSpec.Authorised) + } + + private User user + + void setupSpec() { + mockDomains(User, Role, UserRole, UserProperty) + } + + void setup() { + registerMarshallers() + user = createUser() + controller.profileService = profileService + } + + void "Get user property"() { + when: + request.method = 'GET' + params.alaId = Long.toString(user.id) + params.name = "prop1" + controller.getProperty() + + then: + 1 * profileService.getUserProperty(user, 'prop1') >> { [ new UserProperty(user: user, name: 'prop1', value: + user.userProperties.find {it.name == "prop1"}.value)] } + + def deserializedJson = JSON.parse(response.text) + deserializedJson[0].name == 'prop1' + deserializedJson[0].value == user.userProperties.find {it.name == "prop1"}.value + } + + void "Save user property"() { + when: + request.method = 'POST' + params.alaId = Long.toString(user.id) + params.name = "city" + params.value = "city" + controller.saveProperty() + + then: + 1 * profileService.saveUserProperty(user, 'city', 'city') >> { new UserProperty(user: user, name: 'city', value:'city') } + + def deserializedJson = JSON.parse(response.text) + deserializedJson.name == 'city' + deserializedJson.value == 'city' + } +}