(syncope) branch master updated: [SYNCOPE-1793] Enforce transactional read

Sat, 09 Dec 2023 06:24:01 -0800 

This is an automated email from the ASF dual-hosted git repository.

ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
     new c8abd0565e [SYNCOPE-1793] Enforce transactional read
c8abd0565e is described below

commit c8abd0565eb52697fc1021ac0c20dda7ccf1eec4
Author: Francesco Chicchiriccò <ilgro...@apache.org>
AuthorDate: Sat Dec 9 15:12:22 2023 +0100

    [SYNCOPE-1793] Enforce transactional read
---
 .../org/apache/syncope/core/logic/UserLogic.java   | 12 +++++------
 .../apache/syncope/fit/core/UserIssuesITCase.java  | 24 ++++++++++++++++++++++
 2 files changed, 30 insertions(+), 6 deletions(-)

diff --git 
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java 
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java
index dba15799b8..08c18cb1b6 100644
--- 
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java
+++ 
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java
@@ -507,17 +507,17 @@ public class UserLogic extends AbstractAnyLogic<UserTO, 
UserCR, UserUR> {
     }
 
     protected void updateChecks(final String key) {
-        User user = userDAO.authFind(key);
+        UserTO userTO = binder.getUserTO(key);
 
         Set<String> authRealms = RealmUtils.getEffective(
                 
AuthContextUtils.getAuthorizations().get(IdRepoEntitlement.USER_UPDATE),
-                user.getRealm().getFullPath());
+                userTO.getRealm());
         userDAO.securityChecks(
                 authRealms,
-                user.getKey(),
-                user.getRealm().getFullPath(),
-                user.getMemberships().stream().
-                        map(m -> m.getRightEnd().getKey()).
+                userTO.getKey(),
+                userTO.getRealm(),
+                userTO.getMemberships().stream().
+                        map(MembershipTO::getGroupKey).
                         collect(Collectors.toSet()));
     }
 
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
index 833d29aec2..7c115e3c90 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
@@ -54,6 +54,7 @@ import org.apache.syncope.common.lib.request.AttrPatch;
 import org.apache.syncope.common.lib.request.GroupCR;
 import org.apache.syncope.common.lib.request.MembershipUR;
 import org.apache.syncope.common.lib.request.PasswordPatch;
+import org.apache.syncope.common.lib.request.ResourceAR;
 import org.apache.syncope.common.lib.request.StringPatchItem;
 import org.apache.syncope.common.lib.request.StringReplacePatchItem;
 import org.apache.syncope.common.lib.request.UserCR;
@@ -68,19 +69,23 @@ import org.apache.syncope.common.lib.to.PropagationStatus;
 import org.apache.syncope.common.lib.to.ProvisioningResult;
 import org.apache.syncope.common.lib.to.RealmTO;
 import org.apache.syncope.common.lib.to.ResourceTO;
+import org.apache.syncope.common.lib.to.RoleTO;
 import org.apache.syncope.common.lib.to.UserTO;
 import org.apache.syncope.common.lib.types.AnyTypeKind;
 import org.apache.syncope.common.lib.types.CipherAlgorithm;
 import org.apache.syncope.common.lib.types.ClientExceptionType;
 import org.apache.syncope.common.lib.types.ExecStatus;
 import org.apache.syncope.common.lib.types.IdMImplementationType;
+import org.apache.syncope.common.lib.types.IdRepoEntitlement;
 import org.apache.syncope.common.lib.types.IdRepoImplementationType;
 import org.apache.syncope.common.lib.types.ImplementationEngine;
 import org.apache.syncope.common.lib.types.MappingPurpose;
 import org.apache.syncope.common.lib.types.PatchOperation;
 import org.apache.syncope.common.lib.types.PolicyType;
+import org.apache.syncope.common.lib.types.ResourceAssociationAction;
 import org.apache.syncope.common.rest.api.RESTHeaders;
 import org.apache.syncope.common.rest.api.beans.RealmQuery;
+import org.apache.syncope.common.rest.api.service.UserService;
 import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
 import 
org.apache.syncope.core.provisioning.java.propagation.DBPasswordPropagationActions;
 import 
org.apache.syncope.core.provisioning.java.propagation.GenerateRandomPasswordPropagationActions;
@@ -1610,4 +1615,23 @@ public class UserIssuesITCase extends AbstractITCase {
             assertTrue(e.getMessage().contains("InvalidPassword: Password must 
be 10 or more characters in length."));
         }
     }
+
+    @Test
+    public void issueSYNCOPE1793() {
+        RoleTO role = new RoleTO();
+        role.setKey("syncope1793" + getUUIDString());
+        role.getRealms().add(SyncopeConstants.ROOT_REALM);
+        role.getEntitlements().add(IdRepoEntitlement.USER_UPDATE);
+        role = createRole(role);
+
+        UserCR userCR = UserITCase.getUniqueSample("syncope1...@apache.org");
+        userCR.getRoles().add(role.getKey());
+        UserTO userTO = createUser(userCR).getEntity();
+
+        UserService userService = CLIENT_FACTORY.create(userTO.getUsername(), 
"password123").
+                getService(UserService.class);
+        Response response = userService.associate(new 
ResourceAR.Builder().key(userTO.getKey()).
+                
resource(RESOURCE_NAME_NOPROPAGATION).action(ResourceAssociationAction.ASSIGN).build());
+        assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+    }
 }

Reply via email to