LRZ-BADW · gierens · Sep 29, 2024 · Sep 28, 2024 · Sep 28, 2024 · Sep 28, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -19,6 +19,11 @@ This is the combined changelog of all contained `lrzcc` crates.
 - api: bump thiserror from 1.0.63 to 1.0.64
 - wire: remove ProjectCreated
 - lib/api: refactor to use Project for project create response
+- wire: add ProjectListParams
+- lib: use wire.project.ProjectListParams in project list with serde_urlencoded
+- api: implement all and user class filters for project list
+- test: revise project list tests to use all parameter
+- test: split project tests into submodules and add more tests
 
 ## [lrzcc-cli-v1.1.2] - 2024-09-24
 

diff --git a/api/src/routes/user/project/get.rs b/api/src/routes/user/project/get.rs
@@ -9,16 +9,16 @@ use anyhow::Context;
 use lrzcc_wire::user::{Project, ProjectDetailed, User};
 use sqlx::{Executor, FromRow, MySql, MySqlPool, Transaction};
 
-// TODO proper query set and permissions
 #[tracing::instrument(name = "project_get")]
 pub async fn project_get(
     user: ReqData<User>,
-    // TODO: we don't need this right?
     project: ReqData<Project>,
     db_pool: Data<MySqlPool>,
     params: Path<ProjectIdParam>,
 ) -> Result<HttpResponse, OptionApiError> {
-    require_admin_user(&user)?;
+    if params.project_id != project.id {
+        require_admin_user(&user)?;
+    }
     let mut transaction = db_pool
         .begin()
         .await

diff --git a/api/src/routes/user/project/list.rs b/api/src/routes/user/project/list.rs
@@ -8,7 +8,6 @@ use sqlx::{Executor, FromRow, MySql, MySqlPool, Transaction};
 #[tracing::instrument(name = "project_list")]
 pub async fn project_list(
     user: ReqData<User>,
-    // TODO: we don't need this right?
     project: ReqData<Project>,
     db_pool: Data<MySqlPool>,
     params: Query<ProjectListParams>,

diff --git a/api/src/startup.rs b/api/src/startup.rs
@@ -27,6 +27,8 @@ impl Application {
         let port = listener.local_addr().unwrap().port();
         let openstack = OpenStack::new(configuration.openstack).await?;
 
+        // TODO: insert admin user and project into database
+
         let server = run(
             listener,
             connection_pool,

diff --git a/test/tests/user/project/get.rs b/test/tests/user/project/get.rs
@@ -5,7 +5,7 @@ use std::str::FromStr;
 use tokio::task::spawn_blocking;
 
 #[tokio::test]
-async fn e2e_lib_project_get_denies_access_to_normal_user() {
+async fn e2e_lib_user_can_get_own_project() {
     // arrange
     let server = spawn_app().await;
     let (user, project, token) = server
@@ -28,7 +28,51 @@ async fn e2e_lib_project_get_denies_access_to_normal_user() {
         .unwrap();
 
         // act
-        let get = client.project.get(project.id);
+        let ProjectRetrieved::Detailed(project_detailed) =
+            client.project.get(project.id).unwrap()
+        else {
+            panic!("Expected ProjectDetailed")
+        };
+
+        // assert
+        assert_eq!(project.id, project_detailed.id);
+        assert_eq!(project.name, project_detailed.name);
+        assert_eq!(project.openstack_id, project_detailed.openstack_id);
+        assert_eq!(project.user_class, project_detailed.user_class);
+    })
+    .await
+    .unwrap();
+}
+
+#[tokio::test]
+async fn e2e_lib_user_cannot_get_other_project() {
+    // arrange
+    let server = spawn_app().await;
+    let (user, _project, token) = server
+        .setup_test_user_and_project(false)
+        .await
+        .expect("Failed to setup test user and project.");
+    let (_user2, project2, _token2) = server
+        .setup_test_user_and_project(false)
+        .await
+        .expect("Failed to setup test user2 and project.");
+    server
+        .mock_keystone_auth(&token, &user.openstack_id, &user.name)
+        .mount(&server.keystone_server)
+        .await;
+
+    spawn_blocking(move || {
+        // arrange
+        let client = Api::new(
+            format!("{}/api", &server.address),
+            Token::from_str(&token).unwrap(),
+            None,
+            None,
+        )
+        .unwrap();
+
+        // act
+        let get = client.project.get(project2.id);
 
         // assert
         assert!(get.is_err());
@@ -42,7 +86,7 @@ async fn e2e_lib_project_get_denies_access_to_normal_user() {
 }
 
 #[tokio::test]
-async fn e2e_lib_project_get_for_own_project_of_admin() {
+async fn e2e_lib_admin_can_get_own_project() {
     // arrange
     let server = spawn_app().await;
     let (user, project, token) = server
@@ -80,3 +124,49 @@ async fn e2e_lib_project_get_for_own_project_of_admin() {
     .await
     .unwrap();
 }
+
+#[tokio::test]
+async fn e2e_lib_admin_can_get_other_project() {
+    // arrange
+    let server = spawn_app().await;
+    let (user, _project, token) = server
+        .setup_test_user_and_project(true)
+        .await
+        .expect("Failed to setup test user and project.");
+    let (_user2, project2, _token2) = server
+        .setup_test_user_and_project(false)
+        .await
+        .expect("Failed to setup test user2 and project.");
+    server
+        .mock_keystone_auth(&token, &user.openstack_id, &user.name)
+        .mount(&server.keystone_server)
+        .await;
+
+    spawn_blocking(move || {
+        // arrange
+        let client = Api::new(
+            format!("{}/api", &server.address),
+            Token::from_str(&token).unwrap(),
+            None,
+            None,
+        )
+        .unwrap();
+
+        // act
+        let ProjectRetrieved::Detailed(project_detailed) =
+            client.project.get(project2.id).unwrap()
+        else {
+            panic!("Expected ProjectDetailed")
+        };
+
+        // assert
+        assert_eq!(project2.id, project_detailed.id);
+        assert_eq!(project2.name, project_detailed.name);
+        assert_eq!(project2.openstack_id, project_detailed.openstack_id);
+        assert_eq!(project2.user_class, project_detailed.user_class);
+    })
+    .await
+    .unwrap();
+}
+
+// TODO: add master user cases