fix(irs-api): Removed IRS-Admin role

CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [3.5.4] - 2023-10-25
+### Changed
+- removed role "admin_irs"
+
 ## [3.5.3] - 2023-10-09
 ### Fixed
 - Fixed default policy creation.
@@ -385,7 +389,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Unresolved
 - **Select Aspects you need**  You are able to select the needed aspects for which you want to collect the correct endpoint information.
 
-[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.3...HEAD
+[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.4...HEAD
+[3.5.4]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.3...3.5.4
 [3.5.3]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.2...3.5.3
 [3.5.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.1...3.5.2
 [3.5.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.0...3.5.1

irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java

@@ -115,7 +115,7 @@ public class BatchController {
     })
     @PostMapping("/orders")
     @ResponseStatus(HttpStatus.CREATED)
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
     public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBatchOrder request) {
         final UUID batchOrderId = creationBatchService.create(request);
         return BatchOrderCreated.builder().id(batchOrderId).build();
@@ -159,7 +159,7 @@ public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBa
                                          }),
     })
     @GetMapping("/orders/{orderId}")
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
     public BatchOrderResponse getBatchOrder(
             @Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId",
                        example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,
@@ -205,7 +205,7 @@ public BatchOrderResponse getBatchOrder(
                                          }),
     })
     @GetMapping("/orders/{orderId}/batches/{batchId}")
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
     public BatchResponse getBatch(
             @Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId",
                        example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,
@@ -254,7 +254,7 @@ public BatchResponse getBatch(
                                          }),
     })
     @PutMapping("/orders/{orderId}")
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
     public BatchOrderResponse cancelBatchOrder(
             @Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId",
                        example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,

irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java

@@ -127,7 +127,7 @@ public class IrsController {
     @IrsTimer("registerjob")
     @PostMapping("/jobs")
     @ResponseStatus(HttpStatus.CREATED)
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
     public JobHandle registerJobForGlobalAssetId(final @Valid @RequestBody RegisterJob request) {
         return itemJobService.registerItemJob(request);
     }
@@ -178,7 +178,7 @@ public JobHandle registerJobForGlobalAssetId(final @Valid @RequestBody RegisterJ
     })
     @IrsTimer("getjob")
     @GetMapping("/jobs/{id}")
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
     public Jobs getJobById(
             @Parameter(description = "Id of the job.", schema = @Schema(implementation = UUID.class), name = "id",
                        example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,
@@ -227,7 +227,7 @@ public Jobs getJobById(
     })
     @IrsTimer("canceljob")
     @PutMapping("/jobs/{id}")
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
     public Job cancelJobByJobId(
             @Parameter(description = "Id of the job.", schema = @Schema(implementation = UUID.class), name = "id",
                        example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,
@@ -269,7 +269,7 @@ public Job cancelJobByJobId(
     @IrsTimer("getjobbystate")
     @GetMapping("/jobs")
     @PageableAsQueryParam
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
     public PageResult getJobsByState(
             @Valid @ParameterObject @Parameter(description = "Requested job states.", in = QUERY,
                explode = Explode.FALSE, array = @ArraySchema(schema = @Schema(implementation = JobState.class), maxItems = Integer.MAX_VALUE))
@@ -305,7 +305,7 @@ public PageResult getJobsByState(
                                          }),
     })
     @GetMapping("/aspectmodels")
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
     public AspectModels getAllAvailableAspectModels() throws SchemaNotFoundException {
         return semanticHubService.getAllAspectModels();
     }

irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java

@@ -108,7 +108,7 @@ class EssController {
     })
     @PostMapping("/bpn/investigations")
     @ResponseStatus(HttpStatus.CREATED)
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
     public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnInvestigationJob request) {
         return essService.startIrsJob(request);
     }
@@ -151,7 +151,7 @@ public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnI
                                          }),
     })
     @GetMapping("/bpn/investigations/{id}")
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.VIEW_IRS + "')")
     public Jobs getBPNInvestigation(
             @Parameter(description = "Id of the job.", schema = @Schema(implementation = UUID.class), name = "id",
                        example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Valid @PathVariable final UUID id) {

irs-api/src/test/java/org/eclipse/tractusx/irs/services/IrsItemGraphQueryServiceSpringBootTest.java

@@ -302,7 +302,7 @@ private int getRelationshipsSize(final UUID jobId) {
     private static void setSecurityContext() {
         JwtAuthenticationToken jwtAuthenticationToken = mock(JwtAuthenticationToken.class);
         Jwt token = mock(Jwt.class);
-        when(jwtAuthenticationToken.getAuthorities()).thenReturn(List.of(new SimpleGrantedAuthority("admin_irs")));
+        when(jwtAuthenticationToken.getAuthorities()).thenReturn(List.of(new SimpleGrantedAuthority("view_irs")));
         when(jwtAuthenticationToken.getToken()).thenReturn(token);
         when(token.getClaim("clientId")).thenReturn("test-client-id");
         SecurityContext securityContext = mock(SecurityContext.class);

irs-api/src/test/java/org/eclipse/tractusx/irs/services/IrsItemGraphQueryServiceTest.java

@@ -98,7 +98,7 @@ class IrsItemGraphQueryServiceTest {
     @Test
     void registerItemJobWithoutDepthShouldBuildFullTree() throws Exception {
         // given
-        setupSecurityContextWithRole(IrsRoles.ADMIN_IRS);
+        setupSecurityContextWithRole(IrsRoles.VIEW_IRS);
         final var jobId = UUID.randomUUID();
         final AASTransferProcess transfer1 = generate.aasTransferProcess();
         givenTransferResultIsStored(transfer1);
@@ -135,7 +135,7 @@ private byte[] toBlob(final Object transfer) {
 
     @Test
     void cancelJobById() {
-        setupSecurityContextWithRole(IrsRoles.ADMIN_IRS);
+        setupSecurityContextWithRole(IrsRoles.VIEW_IRS);
 
         final Job job = generate.fakeJob(JobState.CANCELED);
 
@@ -150,7 +150,7 @@ void cancelJobById() {
 
     @Test
     void shouldThrowForbiddenExceptionWhenCancelingAnotherOwnerJob() {
-        setupSecurityContextWithRole(IrsRoles.VIEW_IRS);
+        setupSecurityContextWithRole(IrsRoles.ADMIN_IRS);
 
         final Job job = generate.fakeJob(JobState.CANCELED);
 
@@ -170,7 +170,7 @@ void cancelJobById_throwEntityNotFoundException() {
 
     @Test
     void shouldReturnFoundJobs() {
-        setupSecurityContextWithRole(IrsRoles.ADMIN_IRS);
+        setupSecurityContextWithRole(IrsRoles.VIEW_IRS);
         final List<JobState> states = List.of(JobState.COMPLETED);
         final MultiTransferJob multiTransferJob = MultiTransferJob.builder()
                                                                   .job(generate.fakeJob(JobState.COMPLETED))

irs-common/src/main/java/org/eclipse/tractusx/irs/common/auth/SecurityHelperService.java

@@ -53,7 +53,7 @@ public String getBpnClaim() {
     }
 
     public boolean isAdmin() {
-        return getIrsRoles().contains(IrsRoles.ADMIN_IRS);
+        return getIrsRoles().contains(IrsRoles.VIEW_IRS);
     }
 
     public String getClientIdForViewIrs() {

irs-common/src/test/java/org/eclipse/tractusx/irs/common/auth/SecurityHelperServiceTest.java

@@ -43,7 +43,7 @@
 class SecurityHelperServiceTest {
 
     private final String CLIENT_ID = "sa-cl6-cx-2";
-    private final String BPN = "BPNL00000003CRHK";
+    private final String BPN = "BPNL00000001CRHK";
 
     final SecurityHelperService securityHelperService = new SecurityHelperService();
 
@@ -98,7 +98,7 @@ void shouldReturnClientIdWhenJwtAuthenticationAndViewIrsRole() {
     @Test
     void shouldReturnTrueWhenAdminRolePresentInToken() {
         // given
-        thereIsJwtAuthentication(IrsRoles.ADMIN_IRS);
+        thereIsJwtAuthentication(IrsRoles.VIEW_IRS);
 
         // when
         final Boolean isAdmin = securityHelperService.isAdmin();

irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java

@@ -99,7 +99,7 @@ public class PolicyStoreController {
     })
     @PostMapping("/policies")
     @ResponseStatus(HttpStatus.CREATED)
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.ADMIN_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')")
     public void registerAllowedPolicy(final @Valid @RequestBody CreatePolicyRequest request) {
         service.registerPolicy(request);
     }
@@ -128,7 +128,7 @@ public void registerAllowedPolicy(final @Valid @RequestBody CreatePolicyRequest
     })
     @GetMapping("/policies")
     @ResponseStatus(HttpStatus.OK)
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.ADMIN_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')")
     public List<Policy> getPolicies() {
         return service.getStoredPolicies();
     }
@@ -160,7 +160,7 @@ public List<Policy> getPolicies() {
     })
     @DeleteMapping("/policies/{policyId}")
     @ResponseStatus(HttpStatus.OK)
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.ADMIN_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')")
     public void deleteAllowedPolicy(@PathVariable("policyId") final String policyId) {
         service.deletePolicy(policyId);
     }
@@ -192,7 +192,7 @@ public void deleteAllowedPolicy(@PathVariable("policyId") final String policyId)
     })
     @PutMapping("/policies/{policyId}")
     @ResponseStatus(HttpStatus.OK)
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.ADMIN_IRS + "')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('" + IrsRoles.VIEW_IRS + "')")
     public void updateAllowedPolicy(@PathVariable("policyId") final String policyId, final @Valid @RequestBody UpdatePolicyRequest request) {
         service.updatePolicy(policyId, request);
     }