fix: Add required role to the endpoint calls

0c96c2cf · Martin Lowe · 1a95ce67 · 0c96c2cf · 0c96c2cf · 0c96c2cf
Commit 0c96c2cf authored 1 month ago by Martin Lowe
--- a/src/main/java/org/eclipsefoundation/openvsx/namespace/OpenVSXParameters.java
+++ b/src/main/java/org/eclipsefoundation/openvsx/namespace/OpenVSXParameters.java
+/*********************************************************************
+* Copyright (c) 2025 Eclipse Foundation.
+*
+* This program and the accompanying materials are made
+* available under the terms of the Eclipse Public License 2.0
+* which is available at https://www.eclipse.org/legal/epl-2.0/
+*
+* SPDX-License-Identifier: EPL-2.0
+**********************************************************************/
+package org.eclipsefoundation.openvsx.namespace;
+/**
+ * Shared parameters used in the operation of the API.
+ */
+public class OpenVSXParameters {
+  public static final String DEFAULT_ACCESS_ROLE = "openvsx_publisher_agreement";
+  private OpenVSXParameters() {}
+}
--- a/src/main/java/org/eclipsefoundation/openvsx/resources/ProfileResource.java
+++ b/src/main/java/org/eclipsefoundation/openvsx/resources/ProfileResource.java
@@ -15,15 +15,16 @@ import java.util.Arrays;
 import org.eclipsefoundation.efservices.services.ProfileService;
 import org.eclipsefoundation.http.exception.ApplicationException;
+import org.eclipsefoundation.openvsx.namespace.OpenVSXParameters;
-import io.quarkus.security.Authenticated;
 import io.quarkus.security.identity.SecurityIdentity;
+import jakarta.annotation.security.RolesAllowed;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.Path;
 import jakarta.ws.rs.core.Response;
-@Authenticated
 @Path("profile")
+@RolesAllowed(OpenVSXParameters.DEFAULT_ACCESS_ROLE)
 public class ProfileResource {
    private final ProfileService profile;

--- a/src/main/java/org/eclipsefoundation/openvsx/resources/PublisherAgreementResource.java
+++ b/src/main/java/org/eclipsefoundation/openvsx/resources/PublisherAgreementResource.java
@@ -21,12 +21,13 @@ import org.eclipsefoundation.http.exception.ApplicationException;
 import org.eclipsefoundation.openvsx.config.PublisherAgreementConfig;
 import org.eclipsefoundation.openvsx.models.AgreementSigningRequest;
 import org.eclipsefoundation.openvsx.models.PublisherAgreementData;
+import org.eclipsefoundation.openvsx.namespace.OpenVSXParameters;
 import org.eclipsefoundation.openvsx.services.FoundationOperationService;
 import org.eclipsefoundation.openvsx.services.PublisherAgreementService;
 import org.eclipsefoundation.utils.exception.FinalForbiddenException;
-import io.quarkus.security.Authenticated;
 import io.quarkus.security.identity.SecurityIdentity;
+import jakarta.annotation.security.RolesAllowed;
 import jakarta.ws.rs.BadRequestException;
 import jakarta.ws.rs.DELETE;
 import jakarta.ws.rs.GET;
@@ -41,8 +42,8 @@ import jakarta.ws.rs.core.Response.Status;
 /**
 * Resource containing calls for retrieving and signing OpenVSX publisher agreements.
 */
-@Authenticated
 @Path("publisher_agreement")
+@RolesAllowed(OpenVSXParameters.DEFAULT_ACCESS_ROLE)
 public class PublisherAgreementResource {
    private static final String NOT_FOUND_MSG_FORMAT = "Unable to find agreement for user: %s";

--- a/src/test/java/org/eclipsefoundation/openvsx/resources/ProfileResourceTest.java
+++ b/src/test/java/org/eclipsefoundation/openvsx/resources/ProfileResourceTest.java
@@ -14,8 +14,8 @@ package org.eclipsefoundation.openvsx.resources;
 import java.util.Map;
 import java.util.Optional;
+import org.eclipsefoundation.openvsx.namespace.OpenVSXParameters;
 import org.eclipsefoundation.openvsx.test.helpers.SchemaNamespaceHelper;
-import org.eclipsefoundation.testing.helpers.AuthHelper;
 import org.eclipsefoundation.testing.helpers.TestCaseHelper;
 import org.eclipsefoundation.testing.models.EndpointTestBuilder;
 import org.eclipsefoundation.testing.models.EndpointTestCase;
@@ -37,19 +37,19 @@ class ProfileResourceTest {
     * GET CURRENT USER
     */
    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
+    @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
    void testGetProfile_success() {
        EndpointTestBuilder.from(GET_CURRENT_SUCCESS).run();
    }
    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
+    @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
    void testGetProfile_success_validateResponseFormat() {
        EndpointTestBuilder.from(GET_CURRENT_SUCCESS).andCheckFormat().run();
    }
    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
+    @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
    void testGetProfile_success_validateSchema() {
        EndpointTestBuilder.from(GET_CURRENT_SUCCESS).andCheckSchema().run();
    }
@@ -70,4 +70,16 @@ class ProfileResourceTest {
                        .build())
                .run();
    }
+    @Test
+    @TestSecurity(user = FAKEUSER_PROFILE, roles = "user")
+    void testGetProfile_failure_noValidRole() {
+        EndpointTestBuilder
+                .from(TestCaseHelper
+                        .prepareTestCase(BASE_URL, new String[] {}, null)
+                        .setStatusCode(403)
+                        .setHeaderParams(Optional.of(Map.of("Authorization", "Bearer token1")))
+                        .build())
+                .run();
+    }
 }
--- a/src/test/java/org/eclipsefoundation/openvsx/resources/PublisherAgreementResourceTest.java
+++ b/src/test/java/org/eclipsefoundation/openvsx/resources/PublisherAgreementResourceTest.java