#2548: service layer for UC support for quizzes - WIP

NationalSecurityAgency · Jan 17, 2025 · 6abccf2 · 6abccf2
1 parent a34fe50
commit 6abccf2
Show file tree

Hide file tree

Showing 3 changed files with 146 additions and 0 deletions.
diff --git a/service/src/main/java/skills/services/AccessSettingsStorageService.groovy b/service/src/main/java/skills/services/AccessSettingsStorageService.groovy
@@ -368,6 +368,11 @@ class AccessSettingsStorageService {
         String userIdLower = userId?.toLowerCase()
         User user = userRepository.findByUserId(userIdLower)
         if (user) {
+            if (!userCommunityService.isUserCommunityMember(userIdLower) && userCommunityService.isUserCommunityOnlyQuiz(quizId)) {
+                String userIdForDisplay = loadUserInfo(userId)?.userIdForDisplay ?: userId
+                throw new SkillQuizException("User [${userIdForDisplay}] is not allowed to be assigned [${roleName?.displayName}] user role", quizId, ErrorCode.AccessDenied)
+            }
+
             UserRole userRole = new UserRole(userRefId: user.id, userId: userIdLower, roleName: roleName, quizId: quizId, adminGroupId: adminGroupId)
             // check that the new user role does not already exist
             UserRole existingUserRole = userRoleRepository.findByUserIdAndRoleNameAndQuizIdAndAdminGroupId(userId, roleName, quizId, adminGroupId)

diff --git a/service/src/main/java/skills/services/adminGroup/AdminGroupRoleService.groovy b/service/src/main/java/skills/services/adminGroup/AdminGroupRoleService.groovy
@@ -23,6 +23,7 @@ import skills.auth.UserInfoService
 import skills.auth.UserNameService
 import skills.controller.exceptions.ErrorCode
 import skills.controller.exceptions.SkillException
+import skills.controller.exceptions.SkillQuizException
 import skills.controller.result.model.ProjectResult
 import skills.controller.result.model.UserRoleRes
 import skills.services.AccessSettingsStorageService
@@ -156,6 +157,12 @@ class AdminGroupRoleService {
     void addQuizToAdminGroup(String adminGroupId, String quizId) {
         AdminGroupDef adminGroupDef = findAdminGroupDef(adminGroupId)
         QuizDef quizDef = quizDefService.findQuizDef(quizId)
+
+        if (userCommunityService.isUserCommunityOnlyQuiz(quizId) && !userCommunityService.isUserCommunityOnlyAdminGroup(adminGroupId)) {
+            String communityName = userCommunityService.getCommunityNameBasedOnConfAndItemStatus(true)
+            throw new SkillQuizException("Admin Group [${adminGroupDef.name}] is not allowed to be assigned to [${quizDef.name}] Quiz as the group does not have ${communityName} permission".toString(), quizId, ErrorCode.AccessDenied)
+        }
+
         accessSettingsStorageService.findAllAdminGroupMembers(adminGroupDef.adminGroupId).each { UserRoleRes userRoleRes ->
             accessSettingsStorageService.addQuizDefUserRoleForUser(userRoleRes.userId, quizDef.quizId, RoleName.ROLE_QUIZ_ADMIN, adminGroupId)
         }

diff --git a/...rc/test/java/skills/intTests/community/quiz/QuizAdminsAndAdminGroupsCommunitySpecs.groovy b/...rc/test/java/skills/intTests/community/quiz/QuizAdminsAndAdminGroupsCommunitySpecs.groovy
@@ -0,0 +1,134 @@
+/**
+ * Copyright 2024 SkillTree
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package skills.intTests.community.quiz
+
+
+import skills.intTests.utils.DefaultIntSpec
+import skills.intTests.utils.QuizDefFactory
+import skills.intTests.utils.SkillsClientException
+import skills.intTests.utils.SkillsService
+import skills.storage.model.auth.RoleName
+
+import static skills.intTests.utils.AdminGroupDefFactory.createAdminGroup
+
+class QuizAdminsAndAdminGroupsCommunitySpecs extends DefaultIntSpec {
+
+    def "do not allow to add a non-UC admin to UC quiz"() {
+        List<String> users = getRandomUsers(2)
+
+        SkillsService allDragons = createService(users[0])
+        SkillsService pristineDragonsUser = createService(users[1])
+        SkillsService rootUser = createRootSkillService()
+        rootUser.saveUserTag(pristineDragonsUser.userName, 'dragons', ['DivineDragon'])
+
+        def quiz = QuizDefFactory.createQuiz(1)
+        quiz.enableProtectedUserCommunity = true
+        pristineDragonsUser.createQuizDef(quiz)
+
+        String allDragonsUserIdForDisplay = userAttrsRepo.findByUserIdIgnoreCase(allDragons.userName).userIdForDisplay
+
+        when:
+        pristineDragonsUser.addQuizUserRole(quiz.quizId, allDragons.userName, RoleName.ROLE_QUIZ_ADMIN.toString())
+        then:
+        SkillsClientException e = thrown(SkillsClientException)
+        e.getMessage().contains("User [${allDragonsUserIdForDisplay}] is not allowed to be assigned [${RoleName.ROLE_QUIZ_ADMIN.displayName}] user role")
+    }
+
+    def "add UC admin to UC quiz"() {
+        List<String> users = getRandomUsers(2)
+
+        SkillsService anotherPristineDragon = createService(users[0])
+        SkillsService pristineDragonsUser = createService(users[1])
+        SkillsService rootUser = createRootSkillService()
+        rootUser.saveUserTag(pristineDragonsUser.userName, 'dragons', ['DivineDragon'])
+        rootUser.saveUserTag(anotherPristineDragon.userName, 'dragons', ['DivineDragon'])
+
+        def quiz = QuizDefFactory.createQuiz(1)
+        quiz.enableProtectedUserCommunity = true
+        pristineDragonsUser.createQuizDef(quiz)
+
+        when:
+        pristineDragonsUser.addQuizUserRole(quiz.quizId, anotherPristineDragon.userName, RoleName.ROLE_QUIZ_ADMIN.toString())
+
+        def allAdmins = pristineDragonsUser.getQuizUserRoles(quiz.quizId)
+        then:
+        allAdmins.userId.sort() == [pristineDragonsUser.userName, anotherPristineDragon.userName].sort()
+    }
+
+    def "do not allow to add a non-UC Admin Group to UC quiz"() {
+        List<String> users = getRandomUsers(2)
+
+        SkillsService pristineDragonsUser = createService(users[1])
+        SkillsService rootUser = createRootSkillService()
+        rootUser.saveUserTag(pristineDragonsUser.userName, 'dragons', ['DivineDragon'])
+
+        def quiz = QuizDefFactory.createQuiz(1)
+        quiz.enableProtectedUserCommunity = true
+        pristineDragonsUser.createQuizDef(quiz)
+
+        def adminGroup = createAdminGroup(1)
+        pristineDragonsUser.createAdminGroupDef(adminGroup)
+
+        when:
+        pristineDragonsUser.addQuizToAdminGroup(adminGroup.adminGroupId, quiz.quizId)
+        then:
+        SkillsClientException e = thrown(SkillsClientException)
+        e.getMessage().contains("Admin Group [${adminGroup.name}] is not allowed to be assigned to [${quiz.name}] Quiz as the group does not have Divine Dragon permission")
+    }
+
+    def "add UC Admin Group to UC quiz"() {
+        List<String> users = getRandomUsers(2)
+
+        SkillsService pristineDragonsUser = createService(users[1])
+        SkillsService rootUser = createRootSkillService()
+        rootUser.saveUserTag(pristineDragonsUser.userName, 'dragons', ['DivineDragon'])
+
+        def quiz = QuizDefFactory.createQuiz(1)
+        quiz.enableProtectedUserCommunity = true
+        pristineDragonsUser.createQuizDef(quiz)
+
+        def adminGroup = createAdminGroup(1)
+        adminGroup.enableProtectedUserCommunity = true
+        pristineDragonsUser.createAdminGroupDef(adminGroup)
+
+        when:
+        pristineDragonsUser.addQuizToAdminGroup(adminGroup.adminGroupId, quiz.quizId)
+        def adminGroups = pristineDragonsUser.getAdminGroupsForQuiz(quiz.quizId)
+        then:
+        adminGroups.adminGroupId == [adminGroup.adminGroupId]
+    }
+
+    def "add UC Admin Group to non-UC quiz"() {
+        List<String> users = getRandomUsers(2)
+
+        SkillsService pristineDragonsUser = createService(users[1])
+        SkillsService rootUser = createRootSkillService()
+        rootUser.saveUserTag(pristineDragonsUser.userName, 'dragons', ['DivineDragon'])
+
+        def quiz = QuizDefFactory.createQuiz(1)
+        pristineDragonsUser.createQuizDef(quiz)
+
+        def adminGroup = createAdminGroup(1)
+        adminGroup.enableProtectedUserCommunity = true
+        pristineDragonsUser.createAdminGroupDef(adminGroup)
+
+        when:
+        pristineDragonsUser.addQuizToAdminGroup(adminGroup.adminGroupId, quiz.quizId)
+        def adminGroups = pristineDragonsUser.getAdminGroupsForQuiz(quiz.quizId)
+        then:
+        adminGroups.adminGroupId == [adminGroup.adminGroupId]
+    }
+}