This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push: new c8abd0565e [SYNCOPE-1793] Enforce transactional read c8abd0565e is described below commit c8abd0565eb52697fc1021ac0c20dda7ccf1eec4 Author: Francesco Chicchiriccò <ilgro...@apache.org> AuthorDate: Sat Dec 9 15:12:22 2023 +0100 [SYNCOPE-1793] Enforce transactional read --- .../org/apache/syncope/core/logic/UserLogic.java | 12 +++++------ .../apache/syncope/fit/core/UserIssuesITCase.java | 24 ++++++++++++++++++++++ 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java index dba15799b8..08c18cb1b6 100644 --- a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java +++ b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java @@ -507,17 +507,17 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserCR, UserUR> { } protected void updateChecks(final String key) { - User user = userDAO.authFind(key); + UserTO userTO = binder.getUserTO(key); Set<String> authRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(IdRepoEntitlement.USER_UPDATE), - user.getRealm().getFullPath()); + userTO.getRealm()); userDAO.securityChecks( authRealms, - user.getKey(), - user.getRealm().getFullPath(), - user.getMemberships().stream(). - map(m -> m.getRightEnd().getKey()). + userTO.getKey(), + userTO.getRealm(), + userTO.getMemberships().stream(). + map(MembershipTO::getGroupKey). collect(Collectors.toSet())); } diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java index 833d29aec2..7c115e3c90 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java @@ -54,6 +54,7 @@ import org.apache.syncope.common.lib.request.AttrPatch; import org.apache.syncope.common.lib.request.GroupCR; import org.apache.syncope.common.lib.request.MembershipUR; import org.apache.syncope.common.lib.request.PasswordPatch; +import org.apache.syncope.common.lib.request.ResourceAR; import org.apache.syncope.common.lib.request.StringPatchItem; import org.apache.syncope.common.lib.request.StringReplacePatchItem; import org.apache.syncope.common.lib.request.UserCR; @@ -68,19 +69,23 @@ import org.apache.syncope.common.lib.to.PropagationStatus; import org.apache.syncope.common.lib.to.ProvisioningResult; import org.apache.syncope.common.lib.to.RealmTO; import org.apache.syncope.common.lib.to.ResourceTO; +import org.apache.syncope.common.lib.to.RoleTO; import org.apache.syncope.common.lib.to.UserTO; import org.apache.syncope.common.lib.types.AnyTypeKind; import org.apache.syncope.common.lib.types.CipherAlgorithm; import org.apache.syncope.common.lib.types.ClientExceptionType; import org.apache.syncope.common.lib.types.ExecStatus; import org.apache.syncope.common.lib.types.IdMImplementationType; +import org.apache.syncope.common.lib.types.IdRepoEntitlement; import org.apache.syncope.common.lib.types.IdRepoImplementationType; import org.apache.syncope.common.lib.types.ImplementationEngine; import org.apache.syncope.common.lib.types.MappingPurpose; import org.apache.syncope.common.lib.types.PatchOperation; import org.apache.syncope.common.lib.types.PolicyType; +import org.apache.syncope.common.lib.types.ResourceAssociationAction; import org.apache.syncope.common.rest.api.RESTHeaders; import org.apache.syncope.common.rest.api.beans.RealmQuery; +import org.apache.syncope.common.rest.api.service.UserService; import org.apache.syncope.core.provisioning.api.serialization.POJOHelper; import org.apache.syncope.core.provisioning.java.propagation.DBPasswordPropagationActions; import org.apache.syncope.core.provisioning.java.propagation.GenerateRandomPasswordPropagationActions; @@ -1610,4 +1615,23 @@ public class UserIssuesITCase extends AbstractITCase { assertTrue(e.getMessage().contains("InvalidPassword: Password must be 10 or more characters in length.")); } } + + @Test + public void issueSYNCOPE1793() { + RoleTO role = new RoleTO(); + role.setKey("syncope1793" + getUUIDString()); + role.getRealms().add(SyncopeConstants.ROOT_REALM); + role.getEntitlements().add(IdRepoEntitlement.USER_UPDATE); + role = createRole(role); + + UserCR userCR = UserITCase.getUniqueSample("syncope1...@apache.org"); + userCR.getRoles().add(role.getKey()); + UserTO userTO = createUser(userCR).getEntity(); + + UserService userService = CLIENT_FACTORY.create(userTO.getUsername(), "password123"). + getService(UserService.class); + Response response = userService.associate(new ResourceAR.Builder().key(userTO.getKey()). + resource(RESOURCE_NAME_NOPROPAGATION).action(ResourceAssociationAction.ASSIGN).build()); + assertEquals(Response.Status.OK.getStatusCode(), response.getStatus()); + } }