fix: Add required role to the endpoint calls

0c96c2cf · Martin Lowe · 1a95ce67 · 0c96c2cf · 0c96c2cf · 0c96c2cf
Commit 0c96c2cf authored 1 month ago by Martin Lowe
--- a/src/main/java/org/eclipsefoundation/openvsx/namespace/OpenVSXParameters.java
+++ b/src/main/java/org/eclipsefoundation/openvsx/namespace/OpenVSXParameters.java
+/*********************************************************************
+* Copyright (c) 2025 Eclipse Foundation.
+*
+* This program and the accompanying materials are made
+* available under the terms of the Eclipse Public License 2.0
+* which is available at https://www.eclipse.org/legal/epl-2.0/
+*
+* SPDX-License-Identifier: EPL-2.0
+**********************************************************************/
+package org.eclipsefoundation.openvsx.namespace;
+
+/**
+ * Shared parameters used in the operation of the API.
+ */
+public class OpenVSXParameters {
+  public static final String DEFAULT_ACCESS_ROLE = "openvsx_publisher_agreement";
+
+  private OpenVSXParameters() {}
+}
--- a/src/main/java/org/eclipsefoundation/openvsx/resources/ProfileResource.java
+++ b/src/main/java/org/eclipsefoundation/openvsx/resources/ProfileResource.java
@@ -15,15 +15,16 @@ import java.util.Arrays;

 import org.eclipsefoundation.efservices.services.ProfileService;
 import org.eclipsefoundation.http.exception.ApplicationException;
+import org.eclipsefoundation.openvsx.namespace.OpenVSXParameters;

-import io.quarkus.security.Authenticated;
 import io.quarkus.security.identity.SecurityIdentity;
+import jakarta.annotation.security.RolesAllowed;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.Path;
 import jakarta.ws.rs.core.Response;

-@Authenticated
 @Path("profile")
+@RolesAllowed(OpenVSXParameters.DEFAULT_ACCESS_ROLE)
 public class ProfileResource {

    private final ProfileService profile;

--- a/src/main/java/org/eclipsefoundation/openvsx/resources/PublisherAgreementResource.java
+++ b/src/main/java/org/eclipsefoundation/openvsx/resources/PublisherAgreementResource.java
@@ -21,12 +21,13 @@ import org.eclipsefoundation.http.exception.ApplicationException;
 import org.eclipsefoundation.openvsx.config.PublisherAgreementConfig;
 import org.eclipsefoundation.openvsx.models.AgreementSigningRequest;
 import org.eclipsefoundation.openvsx.models.PublisherAgreementData;
+import org.eclipsefoundation.openvsx.namespace.OpenVSXParameters;
 import org.eclipsefoundation.openvsx.services.FoundationOperationService;
 import org.eclipsefoundation.openvsx.services.PublisherAgreementService;
 import org.eclipsefoundation.utils.exception.FinalForbiddenException;

-import io.quarkus.security.Authenticated;
 import io.quarkus.security.identity.SecurityIdentity;
+import jakarta.annotation.security.RolesAllowed;
 import jakarta.ws.rs.BadRequestException;
 import jakarta.ws.rs.DELETE;
 import jakarta.ws.rs.GET;
@@ -41,8 +42,8 @@ import jakarta.ws.rs.core.Response.Status;
 /**
 * Resource containing calls for retrieving and signing OpenVSX publisher agreements.
 */
-@Authenticated
 @Path("publisher_agreement")
+@RolesAllowed(OpenVSXParameters.DEFAULT_ACCESS_ROLE)
 public class PublisherAgreementResource {

    private static final String NOT_FOUND_MSG_FORMAT = "Unable to find agreement for user: %s";

--- a/src/test/java/org/eclipsefoundation/openvsx/resources/ProfileResourceTest.java
+++ b/src/test/java/org/eclipsefoundation/openvsx/resources/ProfileResourceTest.java
@@ -14,8 +14,8 @@ package org.eclipsefoundation.openvsx.resources;
 import java.util.Map;
 import java.util.Optional;

+import org.eclipsefoundation.openvsx.namespace.OpenVSXParameters;
 import org.eclipsefoundation.openvsx.test.helpers.SchemaNamespaceHelper;
-import org.eclipsefoundation.testing.helpers.AuthHelper;
 import org.eclipsefoundation.testing.helpers.TestCaseHelper;
 import org.eclipsefoundation.testing.models.EndpointTestBuilder;
 import org.eclipsefoundation.testing.models.EndpointTestCase;
@@ -37,19 +37,19 @@ class ProfileResourceTest {
     * GET CURRENT USER
     */
    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
+    @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
    void testGetProfile_success() {
        EndpointTestBuilder.from(GET_CURRENT_SUCCESS).run();
    }

    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
+    @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
    void testGetProfile_success_validateResponseFormat() {
        EndpointTestBuilder.from(GET_CURRENT_SUCCESS).andCheckFormat().run();
    }

    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
+    @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
    void testGetProfile_success_validateSchema() {
        EndpointTestBuilder.from(GET_CURRENT_SUCCESS).andCheckSchema().run();
    }
@@ -70,4 +70,16 @@ class ProfileResourceTest {
                        .build())
                .run();
    }
+    
+    @Test
+    @TestSecurity(user = FAKEUSER_PROFILE, roles = "user")
+    void testGetProfile_failure_noValidRole() {
+        EndpointTestBuilder
+                .from(TestCaseHelper
+                        .prepareTestCase(BASE_URL, new String[] {}, null)
+                        .setStatusCode(403)
+                        .setHeaderParams(Optional.of(Map.of("Authorization", "Bearer token1")))
+                        .build())
+                .run();
+    }
 }
--- a/src/test/java/org/eclipsefoundation/openvsx/resources/PublisherAgreementResourceTest.java
+++ b/src/test/java/org/eclipsefoundation/openvsx/resources/PublisherAgreementResourceTest.java
@@ -15,8 +15,8 @@ import java.util.Map;
 import java.util.Optional;

 import org.eclipsefoundation.openvsx.models.AgreementSigningRequest;
+import org.eclipsefoundation.openvsx.namespace.OpenVSXParameters;
 import org.eclipsefoundation.openvsx.test.helpers.SchemaNamespaceHelper;
-import org.eclipsefoundation.testing.helpers.AuthHelper;
 import org.eclipsefoundation.testing.helpers.TestCaseHelper;
 import org.eclipsefoundation.testing.models.EndpointTestBuilder;
 import org.eclipsefoundation.testing.models.EndpointTestCase;
@@ -32,248 +32,269 @@ import jakarta.inject.Inject;

 @QuarkusTest
 class PublisherAgreementResourceTest {
-    public static final String BASE_URL = "publisher_agreement";
-    public static final String USER_URL = BASE_URL + "/{efusername}";
-
-    public static final String FAKEUSER_PROFILE = "fakeuser";
-    public static final String OTHERUSER_PROFILE = "otheruser";
-    public static final String NODOC_PROFILE = "nodoc";
-
-    public static final Optional<Map<String, Object>> invalidCreds = Optional.of(Map.of("Authorization", "Bearer token1"));
-
-    public static final EndpointTestCase GET_CURRENT_SUCCESS = TestCaseHelper
-            .prepareTestCase(BASE_URL, new String[] {}, SchemaNamespaceHelper.PUBLISHER_AGREEMENT_SCHEMA_PATH)
-            .build();
-
-    public static final EndpointTestCase GET_CURRENT_NOT_FOUND = TestCaseHelper
-            .prepareTestCase(BASE_URL, new String[] {}, SchemaNamespaceHelper.ERROR_SCHEMA_PATH)
-            .setStatusCode(404)
-            .build();
-
-    public static final EndpointTestCase BAD_CREDS = TestCaseHelper
-            .prepareTestCase(BASE_URL, new String[] {}, null)
-            .setStatusCode(401)
-            .setHeaderParams(invalidCreds)
-            .build();
-
-    public static final EndpointTestCase POST_CURRENT_CONFLICT = TestCaseHelper
-            .prepareTestCase(BASE_URL, new String[] {}, null)
-            .setStatusCode(409)
-            .build();
-
-    public static final EndpointTestCase POST_CURRENT_INVALID_HANDLE = TestCaseHelper
-            .prepareTestCase(BASE_URL, new String[] {}, SchemaNamespaceHelper.ERROR_SCHEMA_PATH)
-            .setStatusCode(400)
-            .build();
-
-    public static final EndpointTestCase GET_USER_SUCCESS = TestCaseHelper
-            .prepareTestCase(USER_URL, new String[] { "fakeuser" }, SchemaNamespaceHelper.PUBLISHER_AGREEMENT_SCHEMA_PATH)
-            .build();
-
-    public static final EndpointTestCase GET_USER_NOT_FOUND = TestCaseHelper
-            .prepareTestCase(USER_URL, new String[] { "name" }, SchemaNamespaceHelper.ERROR_SCHEMA_PATH)
-            .setStatusCode(404)
-            .build();
-
-    public static final EndpointTestCase FOR_USER_BAD_CREDS = TestCaseHelper
-            .prepareTestCase(USER_URL, new String[] { "fakeuser" }, SchemaNamespaceHelper.PUBLISHER_AGREEMENT_SCHEMA_PATH)
-            .setStatusCode(401)
-            .setHeaderParams(invalidCreds)
-            .build();
-
-    public static final EndpointTestCase REVOKE_SUCCESS = TestCaseHelper
-            .prepareTestCase(USER_URL, new String[] { "fakeuser" }, SchemaNamespaceHelper.PUBLISHER_AGREEMENT_SCHEMA_PATH)
-            .setStatusCode(204)
-            .build();
-
-    public static final EndpointTestCase REVOKE_NO_DOC = TestCaseHelper
-            .prepareTestCase(USER_URL, new String[] { "name" }, SchemaNamespaceHelper.ERROR_SCHEMA_PATH)
-            .setStatusCode(404)
-            .build();
-
-    public static final EndpointTestCase REVOKE_INVALID_USER = TestCaseHelper
-            .prepareTestCase(USER_URL, new String[] { "other" }, SchemaNamespaceHelper.ERROR_SCHEMA_PATH)
-            .setStatusCode(403)
-            .setResponseContentType(ContentType.JSON)
-            .build();
-
-    @Inject
-    ObjectMapper mapper;
-
-    /*
-     * GET CURRENT USER
-     */
-    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testGet_currentUser_success() {
-        EndpointTestBuilder.from(GET_CURRENT_SUCCESS).run();
-    }
-
-    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testGet_currentUser_success_validateResponseFormat() {
-        EndpointTestBuilder.from(GET_CURRENT_SUCCESS).andCheckFormat().run();
-    }
-
-    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testGet_currentUser_success_validateSchema() {
-        EndpointTestBuilder.from(GET_CURRENT_SUCCESS).andCheckSchema().run();
-    }
-
-    @Test
-    @TestSecurity(user = OTHERUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testGet_currentUser_failure_notFound() {
-        EndpointTestBuilder.from(GET_CURRENT_NOT_FOUND).run();
-    }
-
-    @Test
-    @TestSecurity(user = OTHERUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testGet_currentUser_failure_notFound_validateResponseFormat() {
-        EndpointTestBuilder.from(GET_CURRENT_NOT_FOUND).andCheckFormat().run();
-    }
-
-    @Test
-    @TestSecurity(user = OTHERUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testGet_currentUser_failure_notFound_validateSchema() {
-        EndpointTestBuilder.from(GET_CURRENT_NOT_FOUND).andCheckSchema().run();
-    }
-
-    @Test
-    void testGet_currentUser_failure_badCreds() {
-        EndpointTestBuilder.from(BAD_CREDS).run();
-    }
-
-    /*
-     * POST CURRENT USER
-     */
-    @Test
-    @TestSecurity(user = NODOC_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testPost_currentUser_success() {
-        EndpointTestBuilder
-                .from(TestCaseHelper
-                        .prepareTestCase(BASE_URL, new String[] {}, SchemaNamespaceHelper.PUBLISHER_AGREEMENT_SCHEMA_PATH)
-                        .build())
-                .doPost(generateSigningSample("nodoc"))
-                .run();
-    }
-
-    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testPost_currentUser_conflict() {
-        EndpointTestBuilder.from(POST_CURRENT_CONFLICT).doPost(generateSigningSample("fakeuser")).run();
-    }
-
-    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testPost_currentUser_conflict_validateResponseFormat() {
-        EndpointTestBuilder.from(POST_CURRENT_CONFLICT).doPost(generateSigningSample("fakeuser")).andCheckFormat().run();
-    }
-
-    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testPost_currentUser_conflict_validateSchema() {
-        EndpointTestBuilder.from(POST_CURRENT_CONFLICT).doPost(generateSigningSample("fakeuser")).andCheckFormat().run();
-    }
-
-    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testPost_currentUser_failure_invalidHandle() {
-        EndpointTestBuilder.from(POST_CURRENT_INVALID_HANDLE).doPost(generateSigningSample("otheruser")).run();
-    }
-
-    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testPost_currentUser_failure_invalidHandle_validateFormat() {
-        EndpointTestBuilder.from(POST_CURRENT_INVALID_HANDLE).doPost(generateSigningSample("otheruser")).andCheckFormat().run();
-    }
-
-    @Test
-    void testPost_currentUser_failure_badCreds() {
-        EndpointTestBuilder.from(BAD_CREDS).doPost(generateSigningSample("fakeuser")).run();
-    }
-
-    /*
-     * GET FOR USER
-     */
-    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testGet_getForUser_success() {
-        EndpointTestBuilder.from(GET_USER_SUCCESS).run();
-    }
-
-    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testGet_geFortUser_success_validateResponseFormat() {
-        EndpointTestBuilder.from(GET_USER_SUCCESS).andCheckFormat().run();
-    }
-
-    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testGet_getForUser_success_validateSchema() {
-        EndpointTestBuilder.from(GET_USER_SUCCESS).andCheckSchema().run();
-    }
-
-    @Test
-    @TestSecurity(user = OTHERUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testGet_getForUser_failure_notFound() {
-        EndpointTestBuilder.from(GET_USER_NOT_FOUND).run();
-    }
-
-    @Test
-    @TestSecurity(user = OTHERUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testGet_getForUser_failure_notFound_validateResponseFormat() {
-        EndpointTestBuilder.from(GET_USER_NOT_FOUND).andCheckFormat().run();
-    }
-
-    @Test
-    @TestSecurity(user = OTHERUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testGet_getForUser_failure_notFound_validateSchema() {
-        EndpointTestBuilder.from(GET_USER_NOT_FOUND).andCheckSchema().run();
-    }
-
-    @Test
-    void testGet_getForUser_failure_badCreds() {
-        EndpointTestBuilder.from(FOR_USER_BAD_CREDS).run();
-    }
-
-    /*
-     * DELETE FOR USER
-     */
-    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testDelete_deleteForUser_success() {
-        EndpointTestBuilder.from(REVOKE_SUCCESS).doDelete(null).run();
-    }
-
-    @Test
-    @TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testDelete_deleteForUser_failure_invalidUser() {
-        EndpointTestBuilder.from(REVOKE_INVALID_USER).doDelete(null).run();
-    }
-
-    @Test
-    @TestSecurity(user = OTHERUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testDelete_deleteForUser_failure_noDoc() {
-        EndpointTestBuilder.from(REVOKE_NO_DOC).doDelete(null).run();
-    }
-
-    @Test
-    @TestSecurity(user = OTHERUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE)
-    void testDelete_deleteForUser_failure_noDoc_validateSchema() {
-        EndpointTestBuilder.from(REVOKE_NO_DOC).doDelete(null).andCheckSchema().run();
-    }
-
-    @Test
-    void testDelete_deleteForUser_failure_badCreds() {
-        EndpointTestBuilder.from(FOR_USER_BAD_CREDS).run();
-    }
-
-    private String generateSigningSample(String ghHandle) {
-        try {
-            return mapper.writeValueAsString(new AgreementSigningRequest("1", ghHandle));
-        } catch (JsonProcessingException e) {
-            throw new RuntimeException(e);
-        }
+  public static final String BASE_URL = "publisher_agreement";
+  public static final String USER_URL = BASE_URL + "/{efusername}";
+
+  public static final String FAKEUSER_PROFILE = "fakeuser";
+  public static final String OTHERUSER_PROFILE = "otheruser";
+  public static final String NODOC_PROFILE = "nodoc";
+
+  public static final Optional<Map<String, Object>> invalidCreds = Optional.of(Map.of("Authorization", "Bearer token1"));
+
+  public static final EndpointTestCase GET_CURRENT_SUCCESS = TestCaseHelper
+      .prepareTestCase(BASE_URL, new String[] {}, SchemaNamespaceHelper.PUBLISHER_AGREEMENT_SCHEMA_PATH)
+      .build();
+
+  public static final EndpointTestCase GET_CURRENT_NOT_FOUND = TestCaseHelper
+      .prepareTestCase(BASE_URL, new String[] {}, SchemaNamespaceHelper.ERROR_SCHEMA_PATH)
+      .setStatusCode(404)
+      .build();
+
+  public static final EndpointTestCase BAD_CREDS = TestCaseHelper
+      .prepareTestCase(BASE_URL, new String[] {}, null)
+      .setStatusCode(401)
+      .setHeaderParams(invalidCreds)
+      .build();
+
+  public static final EndpointTestCase POST_CURRENT_CONFLICT = TestCaseHelper
+      .prepareTestCase(BASE_URL, new String[] {}, null)
+      .setStatusCode(409)
+      .build();
+
+  public static final EndpointTestCase POST_CURRENT_INVALID_HANDLE = TestCaseHelper
+      .prepareTestCase(BASE_URL, new String[] {}, SchemaNamespaceHelper.ERROR_SCHEMA_PATH)
+      .setStatusCode(400)
+      .build();
+
+  public static final EndpointTestCase GET_USER_SUCCESS = TestCaseHelper
+      .prepareTestCase(USER_URL, new String[] { "fakeuser" }, SchemaNamespaceHelper.PUBLISHER_AGREEMENT_SCHEMA_PATH)
+      .build();
+
+  public static final EndpointTestCase GET_USER_NOT_FOUND = TestCaseHelper
+      .prepareTestCase(USER_URL, new String[] { "name" }, SchemaNamespaceHelper.ERROR_SCHEMA_PATH)
+      .setStatusCode(404)
+      .build();
+
+  public static final EndpointTestCase FOR_USER_BAD_CREDS = TestCaseHelper
+      .prepareTestCase(USER_URL, new String[] { "fakeuser" }, SchemaNamespaceHelper.PUBLISHER_AGREEMENT_SCHEMA_PATH)
+      .setStatusCode(401)
+      .setHeaderParams(invalidCreds)
+      .build();
+
+  public static final EndpointTestCase FOR_USER_BAD_ROLE = TestCaseHelper
+      .prepareTestCase(USER_URL, new String[] { "fakeuser" }, SchemaNamespaceHelper.PUBLISHER_AGREEMENT_SCHEMA_PATH)
+      .setStatusCode(403)
+      .setHeaderParams(invalidCreds)
+      .build();
+
+  public static final EndpointTestCase REVOKE_SUCCESS = TestCaseHelper
+      .prepareTestCase(USER_URL, new String[] { "fakeuser" }, SchemaNamespaceHelper.PUBLISHER_AGREEMENT_SCHEMA_PATH)
+      .setStatusCode(204)
+      .build();
+
+  public static final EndpointTestCase REVOKE_NO_DOC = TestCaseHelper
+      .prepareTestCase(USER_URL, new String[] { "name" }, SchemaNamespaceHelper.ERROR_SCHEMA_PATH)
+      .setStatusCode(404)
+      .build();
+
+  public static final EndpointTestCase REVOKE_INVALID_USER = TestCaseHelper
+      .prepareTestCase(USER_URL, new String[] { "other" }, SchemaNamespaceHelper.ERROR_SCHEMA_PATH)
+      .setStatusCode(403)
+      .setResponseContentType(ContentType.JSON)
+      .build();
+  public static final EndpointTestCase REVOKE_INVALID_ROLE = TestCaseHelper
+      .prepareTestCase(USER_URL, new String[] { "fakeuser" }, SchemaNamespaceHelper.ERROR_SCHEMA_PATH)
+      .setStatusCode(403)
+      .setResponseContentType(ContentType.JSON)
+      .build();
+
+  @Inject
+  ObjectMapper mapper;
+
+  /*
+   * GET CURRENT USER
+   */
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testGet_currentUser_success() {
+    EndpointTestBuilder.from(GET_CURRENT_SUCCESS).run();
+  }
+
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testGet_currentUser_success_validateResponseFormat() {
+    EndpointTestBuilder.from(GET_CURRENT_SUCCESS).andCheckFormat().run();
+  }
+
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testGet_currentUser_success_validateSchema() {
+    EndpointTestBuilder.from(GET_CURRENT_SUCCESS).andCheckSchema().run();
+  }
+
+  @Test
+  @TestSecurity(user = OTHERUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testGet_currentUser_failure_notFound() {
+    EndpointTestBuilder.from(GET_CURRENT_NOT_FOUND).run();
+  }
+
+  @Test
+  @TestSecurity(user = OTHERUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testGet_currentUser_failure_notFound_validateResponseFormat() {
+    EndpointTestBuilder.from(GET_CURRENT_NOT_FOUND).andCheckFormat().run();
+  }
+
+  @Test
+  @TestSecurity(user = OTHERUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testGet_currentUser_failure_notFound_validateSchema() {
+    EndpointTestBuilder.from(GET_CURRENT_NOT_FOUND).andCheckSchema().run();
+  }
+
+  @Test
+  void testGet_currentUser_failure_badCreds() {
+    EndpointTestBuilder.from(BAD_CREDS).run();
+  }
+
+  /*
+   * POST CURRENT USER
+   */
+  @Test
+  @TestSecurity(user = NODOC_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testPost_currentUser_success() {
+    EndpointTestBuilder
+        .from(TestCaseHelper.prepareTestCase(BASE_URL, new String[] {}, SchemaNamespaceHelper.PUBLISHER_AGREEMENT_SCHEMA_PATH).build())
+        .doPost(generateSigningSample("nodoc"))
+        .run();
+  }
+
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testPost_currentUser_conflict() {
+    EndpointTestBuilder.from(POST_CURRENT_CONFLICT).doPost(generateSigningSample("fakeuser")).run();
+  }
+
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testPost_currentUser_conflict_validateResponseFormat() {
+    EndpointTestBuilder.from(POST_CURRENT_CONFLICT).doPost(generateSigningSample("fakeuser")).andCheckFormat().run();
+  }
+
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testPost_currentUser_conflict_validateSchema() {
+    EndpointTestBuilder.from(POST_CURRENT_CONFLICT).doPost(generateSigningSample("fakeuser")).andCheckFormat().run();
+  }
+
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testPost_currentUser_failure_invalidHandle() {
+    EndpointTestBuilder.from(POST_CURRENT_INVALID_HANDLE).doPost(generateSigningSample("otheruser")).run();
+  }
+
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testPost_currentUser_failure_invalidHandle_validateFormat() {
+    EndpointTestBuilder.from(POST_CURRENT_INVALID_HANDLE).doPost(generateSigningSample("otheruser")).andCheckFormat().run();
+  }
+
+  @Test
+  void testPost_currentUser_failure_badCreds() {
+    EndpointTestBuilder.from(BAD_CREDS).doPost(generateSigningSample("fakeuser")).run();
+  }
+
+  /*
+   * GET FOR USER
+   */
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testGet_getForUser_success() {
+    EndpointTestBuilder.from(GET_USER_SUCCESS).run();
+  }
+
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testGet_geFortUser_success_validateResponseFormat() {
+    EndpointTestBuilder.from(GET_USER_SUCCESS).andCheckFormat().run();
+  }
+
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testGet_getForUser_success_validateSchema() {
+    EndpointTestBuilder.from(GET_USER_SUCCESS).andCheckSchema().run();
+  }
+
+  @Test
+  @TestSecurity(user = OTHERUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testGet_getForUser_failure_notFound() {
+    EndpointTestBuilder.from(GET_USER_NOT_FOUND).run();
+  }
+
+  @Test
+  @TestSecurity(user = OTHERUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testGet_getForUser_failure_notFound_validateResponseFormat() {
+    EndpointTestBuilder.from(GET_USER_NOT_FOUND).andCheckFormat().run();
+  }
+
+  @Test
+  @TestSecurity(user = OTHERUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testGet_getForUser_failure_notFound_validateSchema() {
+    EndpointTestBuilder.from(GET_USER_NOT_FOUND).andCheckSchema().run();
+  }
+
+  @Test
+  void testGet_getForUser_failure_badCreds() {
+    EndpointTestBuilder.from(FOR_USER_BAD_CREDS).run();
+  }
+
+  @Test
+  @TestSecurity(user = OTHERUSER_PROFILE, roles = "profile")
+  void testGet_getForUser_failure_noValidRole() {
+    EndpointTestBuilder.from(FOR_USER_BAD_ROLE).run();
+  }
+
+  /*
+   * DELETE FOR USER
+   */
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testDelete_deleteForUser_success() {
+    EndpointTestBuilder.from(REVOKE_SUCCESS).doDelete(null).run();
+  }
+
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testDelete_deleteForUser_failure_invalidUser() {
+    EndpointTestBuilder.from(REVOKE_INVALID_USER).doDelete(null).run();
+  }
+
+  @Test
+  @TestSecurity(user = FAKEUSER_PROFILE, roles = "role")
+  void testDelete_deleteForUser_failure_invalidRole() {
+    EndpointTestBuilder.from(REVOKE_INVALID_ROLE).doDelete(null).run();
+  }
+
+  @Test
+  @TestSecurity(user = OTHERUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testDelete_deleteForUser_failure_noDoc() {
+    EndpointTestBuilder.from(REVOKE_NO_DOC).doDelete(null).run();
+  }
+
+  @Test
+  @TestSecurity(user = OTHERUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
+  void testDelete_deleteForUser_failure_noDoc_validateSchema() {
+    EndpointTestBuilder.from(REVOKE_NO_DOC).doDelete(null).andCheckSchema().run();
+  }
+
+  @Test
+  void testDelete_deleteForUser_failure_badCreds() {
+    EndpointTestBuilder.from(FOR_USER_BAD_CREDS).run();
+  }
+
+  private String generateSigningSample(String ghHandle) {
+    try {
+      return mapper.writeValueAsString(new AgreementSigningRequest("1", ghHandle));
+    } catch (JsonProcessingException e) {
+      throw new RuntimeException(e);
    }
+  }
 }