Remove permission check

pom.xml

@@ -2,7 +2,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>org.folio</groupId>
   <artifactId>mod-batch-print</artifactId>
-  <version>1.1.0-SNAPSHOT</version>
+  <version>1.0.0-SNAPSHOT</version>
   <packaging>jar</packaging>
 
   <name>mod-batch-print</name>

src/main/java/org/folio/print/server/resources/BatchCreationResource.java

@@ -37,8 +37,8 @@ public Future<Router> createRouter(Vertx vertx) {
 
   private void process(RoutingContext ctx, Vertx vertx) {
     String tenant = ctx.request().getHeader(XOkapiHeaders.TENANT);
-    JsonArray permissions = new JsonArray(ctx.request().getHeader(XOkapiHeaders.PERMISSIONS));
-    PrintStorage printStorage = new PrintStorage(vertx, tenant, permissions);
+    LOGGER.debug("process:: tenant " + tenant);
+    PrintStorage printStorage = new PrintStorage(vertx, tenant);
     LocalDateTime localDateTime = LocalDateTime.now().with(LocalTime.MIDNIGHT);
 
     printStorage.getEntriesByQuery("type=\"SINGLE\" and created > " + localDateTime

src/main/java/org/folio/print/server/service/PrintService.java

@@ -118,12 +118,8 @@ private void handlers(RouterBuilder routerBuilder) {
   static PrintStorage createFromParams(Vertx vertx, RequestParameters params) {
     // get tenant
     RequestParameter tenantParameter = params.headerParameter(XOkapiHeaders.TENANT);
-    String tenant = tenantParameter.getString();
 
-    // get permissions which is required in OpenAPI spec
-    RequestParameter okapiPermissions = params.headerParameter(XOkapiHeaders.PERMISSIONS);
-    JsonArray permissions = new JsonArray(okapiPermissions.getString());
-    return new PrintStorage(vertx, tenant, permissions);
+    return new PrintStorage(vertx, tenantParameter.getString());
   }
 
   public static PrintStorage create(RoutingContext ctx) {
@@ -220,7 +216,7 @@ public Future<Void> postInit(Vertx vertx, String tenant, JsonObject tenantAttrib
     if (!tenantAttributes.containsKey("module_to")) {
       return Future.succeededFuture(); // doing nothing for disable
     }
-    PrintStorage storage = new PrintStorage(vertx, tenant, null);
+    PrintStorage storage = new PrintStorage(vertx, tenant);
     return storage.init();
   }
 

src/main/java/org/folio/print/server/storage/PrintStorage.java

@@ -48,19 +48,15 @@ public class PrintStorage {
 
   private final String printTable;
 
-  private final JsonArray permissions;
-
 
   /**
    * Construct storage request for a user with given okapi permissions.
    *
    * @param vertx       Vert.x handle
    * @param tenant      tenant
-   * @param permissions permissions as it comes from X-Okapi-Permissions
    */
-  public PrintStorage(Vertx vertx, String tenant, JsonArray permissions) {
+  public PrintStorage(Vertx vertx, String tenant) {
     this.pool = TenantPgPool.pool(vertx, tenant);
-    this.permissions = permissions;
     this.printTable = pool.getSchema() + ".printing";
   }
 
@@ -81,17 +77,6 @@ public Future<Void> init() {
     ));
   }
 
-  /**
-   * Checks if access is allowed.
-   *
-   * @param type        read/write value
-   * @param permissions permissions given at runtime
-   * @return true if access is OK; false otherwise (forbidden)
-   */
-  static boolean checkDesiredPermissions(String type, JsonArray permissions) {
-    return permissions.contains(PERM_PREFIX + "." + PERM_PRINT + "." + type);
-  }
-
   PrintEntry fromRow(Row row) {
     PrintEntry entry = new PrintEntry();
     entry.setId(row.getUUID("id"));
@@ -109,9 +94,6 @@ PrintEntry fromRow(Row row) {
    * @return async result with success if created; failed otherwise
    */
   public Future<Void> createEntry(PrintEntry entry) {
-    if (!checkDesiredPermissions(PERM_WRITE, permissions)) {
-      return Future.failedFuture(new ForbiddenException());
-    }
     return pool.preparedQuery(
             "INSERT INTO " + printTable
                 + " (id, created, type, sorting_field, content)"
@@ -144,9 +126,6 @@ public Future<PrintEntry> getEntry(UUID id) {
           if (entry == null) {
             throw new NotFoundException();
           }
-          if (!checkDesiredPermissions(PERM_READ, permissions)) {
-            throw new ForbiddenException();
-          }
           return entry;
         });
   }
@@ -175,9 +154,6 @@ public Future<Void> deleteEntry(UUID id) {
       if (entry == null) {
         return Future.failedFuture(new NotFoundException());
       }
-      if (!checkDesiredPermissions(PERM_WRITE, permissions)) {
-        return Future.failedFuture(new ForbiddenException());
-      }
       return pool.preparedQuery(
               "DELETE FROM " + printTable + " WHERE id = $1")
           .execute(Tuple.of(id))
@@ -197,9 +173,6 @@ public Future<Void> deleteEntry(UUID id) {
    * @return async result with success if created; failed otherwise
    */
   public Future<Void> updateEntry(PrintEntry entry) {
-    if (!checkDesiredPermissions(PERM_WRITE, permissions)) {
-      return Future.failedFuture(new ForbiddenException());
-    }
     return pool.preparedQuery(
             "UPDATE " + printTable
                 + " SET created = $2, type = $3, sorting_field = $4, content = $5"
@@ -235,9 +208,6 @@ public Future<Void> updateEntry(PrintEntry entry) {
    */
   public Future<Void> getEntries(HttpServerResponse response, String cqlQuery,
                                  int offset, int limit) {
-    if (!checkDesiredPermissions(PERM_READ, permissions)) {
-      return Future.failedFuture(new ForbiddenException());
-    }
 
     Pair<String, String> sqlQuery = createSqlQuery(cqlQuery, offset, limit);
     String countQuery = "SELECT COUNT(*) FROM " + sqlQuery.getRight();
@@ -317,9 +287,6 @@ void resultFooter(HttpServerResponse response, RowSet<Row> rowSet, String diagno
    * @return Result list
    */
   public Future<List<PrintEntry>> getEntriesByQuery(String cqlQuery, int offset, int limit) {
-    if (!checkDesiredPermissions(PERM_READ, permissions)) {
-      return Future.failedFuture(new ForbiddenException());
-    }
 
     Pair<String, String> sqlQuery = createSqlQuery(cqlQuery, offset, limit);
 

src/test/java/org/folio/print/server/main/MainVerticleTest.java

@@ -189,58 +189,6 @@ public void testPostBodyTooBig() {
         .body(is("Request Entity Too Large"));
   }
 
-  @Test
-  public void testMissingPermissions() {
-    PrintEntry entry = new PrintEntry();
-    entry.setContent("AA");
-    entry.setCreated(ZonedDateTime.now().withZoneSameInstant(ZoneOffset.UTC));
-    entry.setId(UUID.randomUUID());
-    entry.setType(PrintEntryType.SINGLE);
-
-    JsonObject en = JsonObject.mapFrom(entry);
-
-    RestAssured.given()
-        .header(XOkapiHeaders.TENANT, TENANT_1)
-        .header(XOkapiHeaders.PERMISSIONS, permRead.encode())
-        .contentType(ContentType.JSON)
-        .body(en.encode())
-        .post("/print/entries")
-        .then()
-        .statusCode(403);
-
-    RestAssured.given()
-        .header(XOkapiHeaders.TENANT, TENANT_1)
-        .header(XOkapiHeaders.PERMISSIONS, permRead.encode())
-        .contentType(ContentType.JSON)
-        .body(en.encode())
-        .put("/print/entries/" + en.getString("id"))
-        .then()
-        .statusCode(403);
-
-    RestAssured.given()
-        .header(XOkapiHeaders.TENANT, TENANT_1)
-        .header(XOkapiHeaders.PERMISSIONS, permWrite.encode())
-        .contentType(ContentType.JSON)
-        .body(en.encode())
-        .post("/print/entries")
-        .then()
-        .statusCode(204);
-
-    RestAssured.given()
-        .header(XOkapiHeaders.TENANT, TENANT_1)
-        .header(XOkapiHeaders.PERMISSIONS, permWrite.encode())
-        .get("/print/entries/" + en.getString("id"))
-        .then()
-        .statusCode(403);
-
-    RestAssured.given()
-        .header(XOkapiHeaders.TENANT, TENANT_1)
-        .header(XOkapiHeaders.PERMISSIONS, permRead.encode())
-        .delete("/print/entries/" + en.getString("id"))
-        .then()
-        .statusCode(403);
-  }
-
   @Test
   public void testNotFound() {
     PrintEntry entry = new PrintEntry();