From d20593329ee6a2253aaa989f96811112708916fc Mon Sep 17 00:00:00 2001
From: dewmini <5234594+dewmini@users.noreply.github.com>
Date: Thu, 27 Jul 2023 08:38:50 +1000
Subject: [PATCH 1/3] Fix #169

---
 .../au/org/ala/userdetails/PropertyController.groovy          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/grails-app/controllers/au/org/ala/userdetails/PropertyController.groovy b/grails-app/controllers/au/org/ala/userdetails/PropertyController.groovy
index 2e28a43f..6ffd14b1 100644
--- a/grails-app/controllers/au/org/ala/userdetails/PropertyController.groovy
+++ b/grails-app/controllers/au/org/ala/userdetails/PropertyController.groovy
@@ -89,7 +89,7 @@ class PropertyController extends BaseController {
     )
     @Path("getProperty")
     @Produces("application/json")
-    @PreAuthorise(requiredScope = 'users/read')
+    @PreAuthorise(requiredScope = 'users/read', requiredRole = '')
     def getProperty() {
         String name = params.name
         Long alaId = params.long('alaId')
@@ -166,7 +166,7 @@ class PropertyController extends BaseController {
     )
     @Path("saveProperty")
     @Produces("application/json")
-    @PreAuthorise(requiredScope = 'users/write')
+    @PreAuthorise(requiredScope = 'users/write', requiredRole = '')
     def saveProperty(){
         String name = params.name;
         String value = params.value;

From 0ec2c52433d6d6175b2ed80669ec108c61df263a Mon Sep 17 00:00:00 2001
From: dewmini <5234594+dewmini@users.noreply.github.com>
Date: Thu, 27 Jul 2023 08:41:50 +1000
Subject: [PATCH 2/3] Update travis config

---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 97aa62e4..6422f6b0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,7 +6,7 @@ branches:
   only:
     - dev
     - master
-    - hotfix
+    - /^hotfix.*$/
     - grails3
     - experimental_jwt
     - /^feature.*$/

From 99abd5e4cd2959e20f85b803338063acc47f81c4 Mon Sep 17 00:00:00 2001
From: dewmini <5234594+dewmini@users.noreply.github.com>
Date: Thu, 27 Jul 2023 10:52:50 +1000
Subject: [PATCH 3/3] Add test cases #169

---
 .../userdetails/PropertyControllerSpec.groovy | 78 +++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 src/test/groovy/au/org/ala/userdetails/PropertyControllerSpec.groovy

diff --git a/src/test/groovy/au/org/ala/userdetails/PropertyControllerSpec.groovy b/src/test/groovy/au/org/ala/userdetails/PropertyControllerSpec.groovy
new file mode 100644
index 00000000..df688edf
--- /dev/null
+++ b/src/test/groovy/au/org/ala/userdetails/PropertyControllerSpec.groovy
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2022 Atlas of Living Australia
+ * All Rights Reserved.
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ */
+
+package au.org.ala.userdetails
+
+import au.org.ala.ws.security.JwtProperties
+import grails.converters.JSON
+import grails.testing.gorm.DataTest
+import grails.testing.web.controllers.ControllerUnitTest
+
+class PropertyControllerSpec extends UserDetailsSpec implements ControllerUnitTest<PropertyController>, DataTest{
+
+    def profileService = Mock(ProfileService)
+
+    static doWithSpring = {
+        jwtProperties(JwtProperties) {
+            enabled = true
+            fallbackToLegacyBehaviour = true
+        }
+        authorisedSystemService(UserDetailsSpec.Authorised)
+    }
+
+    private User user
+
+    void setupSpec() {
+        mockDomains(User, Role, UserRole, UserProperty)
+    }
+
+    void setup() {
+        registerMarshallers()
+        user = createUser()
+        controller.profileService = profileService
+    }
+
+    void "Get user property"() {
+        when:
+        request.method = 'GET'
+        params.alaId = Long.toString(user.id)
+        params.name = "prop1"
+        controller.getProperty()
+
+        then:
+        1 * profileService.getUserProperty(user, 'prop1') >> { [ new UserProperty(user: user, name: 'prop1', value:
+                user.userProperties.find {it.name == "prop1"}.value)] }
+
+        def deserializedJson = JSON.parse(response.text)
+        deserializedJson[0].name == 'prop1'
+        deserializedJson[0].value == user.userProperties.find {it.name == "prop1"}.value
+    }
+
+    void "Save user property"() {
+        when:
+        request.method = 'POST'
+        params.alaId = Long.toString(user.id)
+        params.name = "city"
+        params.value = "city"
+        controller.saveProperty()
+
+        then:
+        1 * profileService.saveUserProperty(user, 'city', 'city') >> { new UserProperty(user: user, name: 'city', value:'city') }
+
+        def deserializedJson = JSON.parse(response.text)
+        deserializedJson.name == 'city'
+        deserializedJson.value == 'city'
+    }
+}