feat(rbac): link default project to each user

code/api/api/src/main/java/com/decathlon/ara/loader/DemoSettingsLoader.java

@@ -97,7 +97,7 @@ public DemoSettingsLoader(
 
     public ProjectDTO createProjectWithCommunicationsAndRootCauses() throws NotUniqueException, ForbiddenException {
         var creationUser = userAccountService.getCurrentUserEntity().orElseThrow(() -> new ForbiddenException(Entities.PROJECT, "demo project creation"));
-        var demoProject = new ProjectDTO(DEMO_PROJECT_CODE, DEMO_PROJECT_NAME, false);
+        var demoProject = new ProjectDTO(DEMO_PROJECT_CODE, DEMO_PROJECT_NAME);
         return projectService.create(demoProject, creationUser);
     }
 

code/api/api/src/main/java/com/decathlon/ara/security/configuration/SecurityConfiguration.java

@@ -78,6 +78,8 @@ public SecurityFilterChain configure(HttpSecurity http) throws Exception {
                 .authorizeRequests() //NOSONAR
                 .antMatchers(AuthenticationResource.PATHS, RestConstants.ACTUATOR_PATHS).permitAll()
                 // user
+                .antMatchers(HttpMethod.DELETE, UserResource.DEFAULT_PROJECT_PATH).authenticated()
+                .antMatchers(HttpMethod.PUT, UserResource.DEFAULT_PROJECT_CODE_PATH).access(PROJECT_INSTANCE_FETCH_PERMISSION)
                 .antMatchers(HttpMethod.GET, UserResource.PATHS).authenticated()
 
                 // projects > demo

code/api/api/src/main/java/com/decathlon/ara/security/dto/user/UserAccount.java

@@ -17,12 +17,14 @@
 
 package com.decathlon.ara.security.dto.user;
 
+import com.decathlon.ara.domain.Project;
 import com.decathlon.ara.domain.security.member.user.entity.UserEntity;
 import com.decathlon.ara.domain.security.member.user.entity.UserEntityRoleOnProject;
 import com.decathlon.ara.security.dto.user.scope.UserAccountScope;
 import com.decathlon.ara.security.dto.user.scope.UserAccountScopeRole;
 import com.decathlon.ara.security.service.AuthorityService;
 import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import org.apache.commons.collections.CollectionUtils;
 import org.springframework.lang.NonNull;
 import org.springframework.security.core.GrantedAuthority;
@@ -50,11 +52,15 @@ public class UserAccount {
 
     private List<UserAccountScope> scopes;
 
+    @JsonProperty("default_project")
+    private String defaultProjectCode;
+
     public UserAccount(@NonNull Map<String, String> userAttributes, @NonNull UserEntity userEntity) {
         this.providerName = userEntity.getProviderName();
         this.login = userEntity.getLogin();
         this.profile = getProfileFromUserEntity(userEntity);
         this.scopes = getScopesFromUserEntity(userEntity);
+        this.defaultProjectCode = userEntity.getDefaultProject().map(Project::getCode).orElse(null);
 
         this.firstName = userAttributes.get(StandardClaimNames.GIVEN_NAME);
         this.lastName = userAttributes.get(StandardClaimNames.FAMILY_NAME);
@@ -94,6 +100,10 @@ public List<UserAccountScope> getScopes() {
         return scopes;
     }
 
+    public String getDefaultProjectCode() {
+        return defaultProjectCode;
+    }
+
     private UserAccountProfile getProfileFromUserEntity(@NonNull UserEntity userEntity) {
         var userEntityProfile = userEntity.getProfile();
         return UserAccountProfile.valueOf(userEntityProfile.name());

code/api/api/src/main/java/com/decathlon/ara/security/service/user/UserAccountService.java

@@ -302,4 +302,45 @@ private static void updateUserEntityRoles(String projectCode, Project project, U
             userRoles.add(new UserEntityRoleOnProject(userToUpdate, project, roleToUpdate));
         }
     }
+
+    /**
+     * Clear the current user default project
+     * @return the updated user account
+     * @throws ForbiddenException thrown if the operation failed
+     */
+    public UserAccount clearDefaultProject() throws ForbiddenException {
+        var userToUpdate = getCurrentUserEntity().orElseThrow(() -> new ForbiddenException(Entities.PROJECT, "clear default project"));
+        userToUpdate.setDefaultProject(null);
+        var updatedUser = userEntityRepository.save(userToUpdate);
+        return getUserAccountFromUserEntity(updatedUser);
+    }
+
+    private UserAccount getUserAccountFromUserEntity(@NonNull UserEntity userEntity) {
+        var authentication = (OAuth2AuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
+        var oauth2User = authentication.getPrincipal();
+        var providerName = userEntity.getProviderName();
+        var strategy = userStrategySelector.selectUserStrategyFromProviderName(providerName);
+        return strategy.getUserAccount(oauth2User, userEntity);
+    }
+
+    /**
+     * Update the user default project
+     * @param projectCode the project code. Note that the code must exist and the user must have access to this project.
+     * @return the updated user account
+     * @throws ForbiddenException thrown if the operation failed
+     */
+    public UserAccount updateDefaultProject(@NonNull String projectCode) throws ForbiddenException {
+        var projectCodeContext = getProjectCodeExceptionContext(projectCode);
+        var exception = new ForbiddenException(Entities.PROJECT, "update default project", projectCodeContext);
+
+        if (StringUtils.isBlank(projectCode)) {
+            throw exception;
+        }
+
+        var defaultProject = projectRepository.findByCode(projectCode).orElseThrow(() -> exception);
+        var userToUpdate = getCurrentUserEntity().orElseThrow(() -> exception);
+        userToUpdate.setDefaultProject(defaultProject);
+        var updatedUser = userEntityRepository.save(userToUpdate);
+        return getUserAccountFromUserEntity(updatedUser);
+    }
 }

code/api/api/src/main/java/com/decathlon/ara/service/ProjectService.java

@@ -108,7 +108,7 @@ public ProjectDTO create(@NonNull ProjectDTO dtoToCreate, @NonNull UserEntity cr
      */
     public ProjectDTO createFromCode(@NonNull String projectCode, @NonNull UserEntity creationUser) throws NotUniqueException {
         var projectName =  getProjectNameFromCode(projectCode);
-        var projectToCreate = new ProjectDTO(projectCode, projectName, false);
+        var projectToCreate = new ProjectDTO(projectCode, projectName);
         return create(projectToCreate, creationUser);
     }
 
@@ -209,7 +209,6 @@ public long toId(String code) throws NotFoundException {
     private void validateBusinessRules(ProjectDTO dto) throws NotUniqueException {
         validateUniqueCode(dto);
         validateUniqueName(dto);
-        switchProjectAsDefault(dto);
     }
 
     private void validateUniqueCode(ProjectDTO dto) throws NotUniqueException {
@@ -226,13 +225,4 @@ private void validateUniqueName(ProjectDTO dto) throws NotUniqueException {
         }
     }
 
-    private void switchProjectAsDefault(ProjectDTO dto) {
-        if (dto.isDefaultAtStartup()) {
-            Project entityDataBaseWithDefaultAtStartup = projectRepository.findByDefaultAtStartup(true);
-            if (entityDataBaseWithDefaultAtStartup != null && !entityDataBaseWithDefaultAtStartup.getCode().equals(dto.getCode())) {
-                entityDataBaseWithDefaultAtStartup.setDefaultAtStartup(false);
-            }
-        }
-    }
-
 }

code/api/api/src/main/java/com/decathlon/ara/service/dto/project/ProjectDTO.java

@@ -42,12 +42,6 @@ public class ProjectDTO {
     @Size(min = 1, max = 64, message = "The name is required and must not exceed {max} characters.")
     private String name;
 
-    /**
-     * True to use that project as the default one appearing at ARA's client startup when no project code is present in
-     * URL. Only one project can be declared as the default.
-     */
-    private boolean defaultAtStartup;
-
     @JsonProperty("creation_date")
     @JsonFormat(pattern = DATE_FORMAT_YEAR_TO_SECOND)
     private Date creationDate;
@@ -65,20 +59,15 @@ public class ProjectDTO {
     public ProjectDTO() {
     }
 
-    public ProjectDTO(Long id,
-            String code,
-            String name,
-            boolean defaultAtStartup) {
+    public ProjectDTO(Long id, String code, String name) {
         this.id = id;
         this.code = code;
         this.name = name;
-        this.defaultAtStartup = defaultAtStartup;
     }
 
-    public ProjectDTO(String code, String name, boolean defaultAtStartup) {
+    public ProjectDTO(String code, String name) {
         this.code = code;
         this.name = name;
-        this.defaultAtStartup = defaultAtStartup;
     }
 
     public Long getId() {
@@ -97,10 +86,6 @@ public String getName() {
         return name;
     }
 
-    public boolean isDefaultAtStartup() {
-        return defaultAtStartup;
-    }
-
     public Date getCreationDate() {
         return creationDate;
     }

code/api/api/src/main/java/com/decathlon/ara/service/mapper/ProjectMapper.java

@@ -14,8 +14,7 @@ public ProjectDTO getProjectDTOFromProjectEntity(@NonNull Project project) {
         var id = project.getId();
         var code = project.getCode();
         var name = project.getName();
-        var isDefaultAtStartup = project.isDefaultAtStartup();
-        var projectToConvert = new ProjectDTO(id, code, name, isDefaultAtStartup);
+        var projectToConvert = new ProjectDTO(id, code, name);
 
         var creationDate = project.getCreationDate();
         if (creationDate != null) {
@@ -41,9 +40,6 @@ public Project getProjectEntityFromProjectDTO(@NonNull ProjectDTO projectDTO) {
         var id = projectDTO.getId();
         var code = projectDTO.getCode();
         var name = projectDTO.getName();
-        var isDefaultAtStartup = projectDTO.isDefaultAtStartup();
-        var projectToConvert = new Project(id, code, name);
-        projectToConvert.setDefaultAtStartup(isDefaultAtStartup);
-        return projectToConvert;
+        return new Project(id, code, name);
     }
 }

code/api/api/src/main/java/com/decathlon/ara/web/rest/authentication/UserResource.java

@@ -2,13 +2,14 @@
 
 import com.decathlon.ara.security.dto.user.UserAccount;
 import com.decathlon.ara.security.service.user.UserAccountService;
+import com.decathlon.ara.service.exception.ForbiddenException;
+import com.decathlon.ara.web.rest.util.ResponseUtil;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import static com.decathlon.ara.web.rest.util.RestConstants.API_PATH;
+import static com.decathlon.ara.web.rest.util.RestConstants.PROJECT_CODE_REQUEST_PARAMETER;
 
 @RestController
 @RequestMapping(UserResource.PATH)
@@ -19,6 +20,11 @@ public class UserResource {
     static final String PATH = API_PATH + "/user";
     public static final String PATHS = PATH + "/**";
 
+    private static final String DEFAULT_PROJECT = "/default-project";
+    private static final String DEFAULT_PROJECT_CODE = DEFAULT_PROJECT + "/" + PROJECT_CODE_REQUEST_PARAMETER;
+    public static final String DEFAULT_PROJECT_PATH = PATH + DEFAULT_PROJECT;
+    public static final String DEFAULT_PROJECT_CODE_PATH = PATH + DEFAULT_PROJECT_CODE;
+
     public UserResource(UserAccountService userAccountService) {
         this.userAccountService = userAccountService;
     }
@@ -29,4 +35,23 @@ public ResponseEntity<UserAccount> getUserDetails(OAuth2AuthenticationToken auth
         return user.map(ResponseEntity::ok).orElse(ResponseEntity.badRequest().build());
     }
 
+    @DeleteMapping(DEFAULT_PROJECT)
+    public ResponseEntity<UserAccount> clearDefaultProject() {
+        try {
+            var updatedAccount = userAccountService.clearDefaultProject();
+            return ResponseEntity.ok().body(updatedAccount);
+        } catch (ForbiddenException e) {
+            return ResponseUtil.handle(e);
+        }
+    }
+
+    @PutMapping(DEFAULT_PROJECT_CODE)
+    public ResponseEntity<UserAccount> updateDefaultProject(@PathVariable String projectCode) {
+        try {
+            var updatedAccount = userAccountService.updateDefaultProject(projectCode);
+            return ResponseEntity.ok().body(updatedAccount);
+        } catch (ForbiddenException e) {
+            return ResponseUtil.handle(e);
+        }
+    }
 }

code/api/api/src/test/java/com/decathlon/ara/cartography/AraExporterTest.java → code/api/api/src/test/java/com/decathlon/ara/cartography/AraExporterIT.java

@@ -16,7 +16,7 @@
 @TestPropertySource(properties = {
         "ara.database.target=h2"
 })
-class AraExporterTest {
+class AraExporterIT {
 
     @Autowired
     private AraExporter sut;

code/api/api/src/test/java/com/decathlon/ara/repository/util/SpecificationUtilTest.java → code/api/api/src/test/java/com/decathlon/ara/repository/util/SpecificationUtilIT.java

@@ -33,7 +33,7 @@
 
 @DataJpaTest
 @ExtendWith(MockitoExtension.class)
-class SpecificationUtilTest {
+class SpecificationUtilIT {
 
     @Autowired
     private EntityManager entityManager;
@@ -134,7 +134,7 @@ public Predicate not() {
         }
 
         private String getName() {
-            return SpecificationUtilTest.getName(expression);
+            return SpecificationUtilIT.getName(expression);
         }
 
         @SuppressWarnings("unchecked")

code/api/api/src/test/java/com/decathlon/ara/security/dto/user/UserAccountTest.java

@@ -12,10 +12,7 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 
 import static org.assertj.core.api.Assertions.*;
 import static org.mockito.Mockito.mock;
@@ -34,6 +31,9 @@ void UserAccountConstructor_createUserAccountWithoutAttribute_whenUserAttributes
         var userLogin = "user-login";
         var providerName = "provider-name";
 
+        var defaultProject = mock(Project.class);
+        var defaultProjectCode = "default-project-code";
+
         var userEntityRole1 = mock(UserEntityRoleOnProject.class);
         var userEntityScope1 = UserEntityRoleOnProject.ScopedUserRoleOnProject.ADMIN;
         var project1 = mock(Project.class);
@@ -55,6 +55,8 @@ void UserAccountConstructor_createUserAccountWithoutAttribute_whenUserAttributes
         when(userEntity.getLogin()).thenReturn(userLogin);
         when(userEntity.getProviderName()).thenReturn(providerName);
         when(userEntity.getProfile()).thenReturn(userEntityProfile);
+        when(userEntity.getDefaultProject()).thenReturn(Optional.of(defaultProject));
+        when(defaultProject.getCode()).thenReturn(defaultProjectCode);
 
         when(userEntity.getRolesOnProjectWhenScopedUser()).thenReturn(userEntityRoles);
         when(userEntityRole1.getRole()).thenReturn(userEntityScope1);
@@ -74,6 +76,7 @@ void UserAccountConstructor_createUserAccountWithoutAttribute_whenUserAttributes
                         "providerName",
                         "login",
                         "profile",
+                        "defaultProjectCode",
                         "firstName",
                         "lastName",
                         "email",
@@ -83,6 +86,7 @@ void UserAccountConstructor_createUserAccountWithoutAttribute_whenUserAttributes
                         providerName,
                         userLogin,
                         UserAccountProfile.valueOf(userEntityProfile.name()),
+                        defaultProjectCode,
                         null,
                         null,
                         null,
@@ -116,6 +120,9 @@ void UserAccountConstructor_createUserAccountWithAttributes_whenUserAttributesIs
         var userLogin = "user-login";
         var providerName = "provider-name";
 
+        var defaultProject = mock(Project.class);
+        var defaultProjectCode = "default-project-code";
+
         var userEntityRole1 = mock(UserEntityRoleOnProject.class);
         var userEntityScope1 = UserEntityRoleOnProject.ScopedUserRoleOnProject.ADMIN;
         var project1 = mock(Project.class);
@@ -137,6 +144,8 @@ void UserAccountConstructor_createUserAccountWithAttributes_whenUserAttributesIs
         when(userEntity.getLogin()).thenReturn(userLogin);
         when(userEntity.getProviderName()).thenReturn(providerName);
         when(userEntity.getProfile()).thenReturn(userEntityProfile);
+        when(userEntity.getDefaultProject()).thenReturn(Optional.of(defaultProject));
+        when(defaultProject.getCode()).thenReturn(defaultProjectCode);
 
         when(userEntity.getRolesOnProjectWhenScopedUser()).thenReturn(userEntityRoles);
         when(userEntityRole1.getRole()).thenReturn(userEntityScope1);
@@ -156,6 +165,7 @@ void UserAccountConstructor_createUserAccountWithAttributes_whenUserAttributesIs
                         "providerName",
                         "login",
                         "profile",
+                        "defaultProjectCode",
                         "firstName",
                         "lastName",
                         "email",
@@ -165,6 +175,7 @@ void UserAccountConstructor_createUserAccountWithAttributes_whenUserAttributesIs
                         providerName,
                         userLogin,
                         UserAccountProfile.valueOf(userEntityProfile.name()),
+                        defaultProjectCode,
                         userFirstName,
                         userLastName,
                         userEmail,