#1693 mergefix: admin-auth for PropDefs only.

rest-api/src/main/scala/za/co/absa/enceladus/rest_api/controllers/v3/PropertyDefinitionControllerV3.scala

@@ -24,6 +24,8 @@ import org.springframework.security.core.userdetails.UserDetails
 import org.springframework.web.bind.annotation._
 import za.co.absa.enceladus.model.properties.PropertyDefinition
 import za.co.absa.enceladus.model.{ExportableObject, Validation}
+import za.co.absa.enceladus.rest_api.exceptions.NotFoundException
+import za.co.absa.enceladus.rest_api.models.rest.DisabledPayload
 import za.co.absa.enceladus.rest_api.services.v3.PropertyDefinitionServiceV3
 
 import java.util.Optional
@@ -69,14 +71,11 @@ class PropertyDefinitionControllerV3 @Autowired()(propertyDefinitionService: Pro
     super.edit(user, name, version, item, request)
   }
 
-  @DeleteMapping(Array("/{name}", "/{name}/{version}"))
+  @DeleteMapping(Array("/{name}"))
   @ResponseStatus(HttpStatus.OK)
   @PreAuthorize("@authConstants.hasAdminRole(authentication)")
-  override def disable(@PathVariable name: String,
-              @PathVariable version: Optional[String]): CompletableFuture[UpdateResult] = {
-
-    super.disable(name, version)
+  override def disable(@PathVariable name: String): CompletableFuture[DisabledPayload] = {
+    super.disable(name)
   }
-
 }
 

rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/DatasetControllerV3IntegrationSuite.scala

@@ -117,22 +117,13 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA
         datasetFixture.add(dataset1)
 
         val dataset2 = DatasetFactory.getDummyDataset("dummyDs", description = Some("a new version attempt"))
-        val response = sendPostByAdmin[Dataset, EntityDisabledException](apiUrl, bodyOpt = Some(dataset2))
+        val response = sendPost[Dataset, EntityDisabledException](apiUrl, bodyOpt = Some(dataset2))
 
         assertBadRequest(response)
         response.getBody.getMessage should include("Entity dummyDs is disabled. Enable it first")
       }
     }
 
-    "return 403" when {
-      s"admin auth is not used for POST" in {
-        val dataset = DatasetFactory.getDummyDataset("dummyDs")
-
-        val response = sendPost[Dataset, Validation](apiUrl, bodyOpt = Some(dataset))
-        response.getStatusCode shouldBe HttpStatus.FORBIDDEN
-      }
-    }
-
   }
 
   s"GET $apiUrl/{name}" should {
@@ -340,7 +331,7 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA
         datasetFixture.add(dataset1)
 
         val dataset2 = DatasetFactory.getDummyDataset("dummyDs", description = Some("ds update"))
-        val response = sendPutByAdmin[Dataset, EntityDisabledException](s"$apiUrl/dummyDs/1", bodyOpt = Some(dataset2))
+        val response = sendPut[Dataset, EntityDisabledException](s"$apiUrl/dummyDs/1", bodyOpt = Some(dataset2))
 
         assertBadRequest(response)
         response.getBody.getMessage should include("Entity dummyDs is disabled. Enable it first")
@@ -925,7 +916,7 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA
           val dsB = DatasetFactory.getDummyDataset(name = "dsB", version = 1, disabled = true)
           datasetFixture.add(dsA1, dsA2, dsB)
 
-          val response = sendPutByAdmin[String, DisabledPayload](s"$apiUrl/dsA")
+          val response = sendPut[String, DisabledPayload](s"$apiUrl/dsA")
           assertOk(response)
           response.getBody shouldBe DisabledPayload(disabled = false)
 
@@ -951,7 +942,7 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA
           val dsA2 = DatasetFactory.getDummyDataset(name = "dsA", version = 2, disabled = false)
           datasetFixture.add(dsA1, dsA2)
 
-          val response = sendPutByAdmin[String, DisabledPayload](s"$apiUrl/dsA")
+          val response = sendPut[String, DisabledPayload](s"$apiUrl/dsA")
           assertOk(response)
           response.getBody shouldBe DisabledPayload(disabled = false)
 
@@ -970,22 +961,11 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA
     "return 404" when {
       "no Dataset with the given name exists" should {
         "enable nothing" in {
-          val response = sendPutByAdmin[String, DisabledPayload](s"$apiUrl/aDataset")
+          val response = sendPut[String, DisabledPayload](s"$apiUrl/aDataset")
           assertNotFound(response)
         }
       }
     }
-
-    "return 403" when {
-      s"admin auth is not used for DELETE" in {
-        schemaFixture.add(SchemaFactory.getDummySchema("dummySchema"))
-        val datasetV1 = DatasetFactory.getDummyDataset(name = "datasetA", version = 1)
-        datasetFixture.add(datasetV1)
-
-        val response = sendDelete[Validation](s"$apiUrl/datasetA")
-        response.getStatusCode shouldBe HttpStatus.FORBIDDEN
-      }
-    }
   }
 
   s"DELETE $apiUrl/{name}" can {
@@ -997,7 +977,7 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA
           val dsB = DatasetFactory.getDummyDataset(name = "dsB", version = 1)
           datasetFixture.add(dsA1, dsA2, dsB)
 
-          val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/dsA")
+          val response = sendDelete[DisabledPayload](s"$apiUrl/dsA")
           assertOk(response)
           response.getBody shouldBe DisabledPayload(disabled = true)
 
@@ -1023,7 +1003,7 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA
           val dsA2 = DatasetFactory.getDummyDataset(name = "dsA", version = 2, disabled = false)
           datasetFixture.add(dsA1, dsA2)
 
-          val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/dsA")
+          val response = sendDelete[DisabledPayload](s"$apiUrl/dsA")
           assertOk(response)
           response.getBody shouldBe DisabledPayload(disabled = true)
 
@@ -1042,21 +1022,10 @@ class DatasetControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeA
     "return 404" when {
       "no Dataset with the given name exists" should {
         "disable nothing" in {
-          val response = sendDeleteByAdmin[String](s"$apiUrl/aDataset")
+          val response = sendDelete[String](s"$apiUrl/aDataset")
           assertNotFound(response)
         }
       }
     }
-
-    "return 403" when {
-      s"admin auth is not used for DELETE" in {
-        schemaFixture.add(SchemaFactory.getDummySchema("dummySchema"))
-        val datasetV1 = DatasetFactory.getDummyDataset(name = "datasetA", version = 1)
-        datasetFixture.add(datasetV1)
-
-        val response = sendDelete[Validation](s"$apiUrl/datasetA")
-        response.getStatusCode shouldBe HttpStatus.FORBIDDEN
-      }
-    }
   }
 }

rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/MappingTableControllerV3IntegrationSuite.scala

@@ -328,7 +328,7 @@ class MappingTableControllerV3IntegrationSuite extends BaseRestApiTestV3 with Be
           val mtB = MappingTableFactory.getDummyMappingTable(name = "mtB", version = 1)
           mappingTableFixture.add(mtA1, mtA2, mtB)
 
-          val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/mtA")
+          val response = sendDelete[DisabledPayload](s"$apiUrl/mtA")
           assertOk(response)
           response.getBody shouldBe DisabledPayload(disabled = true)
 
@@ -354,7 +354,7 @@ class MappingTableControllerV3IntegrationSuite extends BaseRestApiTestV3 with Be
           val mtA2 = MappingTableFactory.getDummyMappingTable(name = "mtA", version = 2, disabled = false)
           mappingTableFixture.add(mtA1, mtA2)
 
-          val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/mtA")
+          val response = sendDelete[DisabledPayload](s"$apiUrl/mtA")
           assertOk(response)
           response.getBody shouldBe DisabledPayload(disabled = true)
 
@@ -376,7 +376,7 @@ class MappingTableControllerV3IntegrationSuite extends BaseRestApiTestV3 with Be
           val mappingTable2 = MappingTableFactory.getDummyMappingTable(name = "mappingTable", version = 2)
           mappingTableFixture.add(mappingTable1, mappingTable2)
 
-          val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/mappingTable")
+          val response = sendDelete[DisabledPayload](s"$apiUrl/mappingTable")
 
           assertOk(response)
           response.getBody shouldBe DisabledPayload(disabled = true)
@@ -406,7 +406,7 @@ class MappingTableControllerV3IntegrationSuite extends BaseRestApiTestV3 with Be
           val disabledDs = DatasetFactory.getDummyDataset(name = "disabledDs", conformance = List(mcr("mappingTable", 2)), disabled = true)
           datasetFixture.add(dataset1, dataset2, dataset3, disabledDs)
 
-          val response = sendDeleteByAdmin[UsedIn](s"$apiUrl/mappingTable")
+          val response = sendDelete[UsedIn](s"$apiUrl/mappingTable")
 
           assertBadRequest(response)
           response.getBody shouldBe UsedIn(Some(Seq(MenasReference(None, "dataset1", 1), MenasReference(None, "dataset2", 7))), None)
@@ -417,21 +417,11 @@ class MappingTableControllerV3IntegrationSuite extends BaseRestApiTestV3 with Be
     "return 404" when {
       "no MappingTable with the given name exists" should {
         "disable nothing" in {
-          val response = sendDeleteByAdmin[String](s"$apiUrl/aMappingTable")
+          val response = sendDelete[String](s"$apiUrl/aMappingTable")
           assertNotFound(response)
         }
       }
     }
-
-    "return 403" when {
-      s"admin auth is not used for DELETE" in {
-        val mappingTableV1 = MappingTableFactory.getDummyMappingTable(name = "mappingTableA", version = 1)
-        mappingTableFixture.add(mappingTableV1)
-
-        val response = sendDelete[Validation](s"$apiUrl/mappingTableA")
-        response.getStatusCode shouldBe HttpStatus.FORBIDDEN
-      }
-    }
   }
 
 }

rest-api/src/test/scala/za/co/absa/enceladus/rest_api/integration/controllers/v3/SchemaControllerV3IntegrationSuite.scala

@@ -795,7 +795,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn
           val schB = SchemaFactory.getDummySchema(name = "schB", version = 1, disabled = true)
           schemaFixture.add(schA1, schA2, schB)
 
-          val response = sendPutByAdmin[String, DisabledPayload](s"$apiUrl/schA")
+          val response = sendPut[String, DisabledPayload](s"$apiUrl/schA")
           assertOk(response)
           response.getBody shouldBe DisabledPayload(disabled = false)
 
@@ -821,7 +821,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn
           val schA2 = SchemaFactory.getDummySchema(name = "schA", version = 2, disabled = false)
           schemaFixture.add(schA1, schA2)
 
-          val response = sendPutByAdmin[String, DisabledPayload](s"$apiUrl/schA")
+          val response = sendPut[String, DisabledPayload](s"$apiUrl/schA")
           assertOk(response)
           response.getBody shouldBe DisabledPayload(disabled = false)
 
@@ -840,21 +840,12 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn
     "return 404" when {
       "no Schema with the given name exists" should {
         "enable nothing" in {
-          val response = sendPutByAdmin[String, DisabledPayload](s"$apiUrl/aSchema")
+          val response = sendPut[String, DisabledPayload](s"$apiUrl/aSchema")
           assertNotFound(response)
         }
       }
     }
 
-    "return 403" when {
-      s"admin auth is not used for DELETE" in {
-        val schemaV1 = SchemaFactory.getDummySchema(name = "schemaA", version = 1)
-        schemaFixture.add(schemaV1)
-
-        val response = sendDelete[Validation](s"$apiUrl/schemaA")
-        response.getStatusCode shouldBe HttpStatus.FORBIDDEN
-      }
-    }
   }
 
   s"DELETE $apiUrl/{name}" can {
@@ -866,7 +857,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn
           val schB = SchemaFactory.getDummySchema(name = "schB", version = 1)
           schemaFixture.add(schA1, schA2, schB)
 
-          val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/schA")
+          val response = sendDelete[DisabledPayload](s"$apiUrl/schA")
           assertOk(response)
           response.getBody shouldBe DisabledPayload(disabled = true)
 
@@ -892,7 +883,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn
           val schA2 = SchemaFactory.getDummySchema(name = "schA", version = 2, disabled = false)
           schemaFixture.add(schA1, schA2)
 
-          val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/schA")
+          val response = sendDelete[DisabledPayload](s"$apiUrl/schA")
           assertOk(response)
           response.getBody shouldBe DisabledPayload(disabled = true)
 
@@ -914,7 +905,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn
           val schema2 = SchemaFactory.getDummySchema(name = "schema", version = 2)
           schemaFixture.add(schema1, schema2)
 
-          val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/schema")
+          val response = sendDelete[DisabledPayload](s"$apiUrl/schema")
 
           assertOk(response)
           response.getBody shouldBe DisabledPayload(disabled = true)
@@ -937,7 +928,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn
           val schema2 = SchemaFactory.getDummySchema(name = "schema", version = 2)
           schemaFixture.add(schema1, schema2)
 
-          val response = sendDeleteByAdmin[DisabledPayload](s"$apiUrl/schema")
+          val response = sendDelete[DisabledPayload](s"$apiUrl/schema")
 
           assertOk(response)
           response.getBody shouldBe DisabledPayload(disabled = true)
@@ -967,7 +958,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn
           val disabledDs = DatasetFactory.getDummyDataset(name = "disabledDs", schemaName = "schema", schemaVersion = 2, disabled = true)
           datasetFixture.add(dataset1, dataset2, dataset3, disabledDs)
 
-          val response = sendDeleteByAdmin[UsedIn](s"$apiUrl/schema")
+          val response = sendDelete[UsedIn](s"$apiUrl/schema")
 
           assertBadRequest(response)
           response.getBody shouldBe UsedIn(Some(Seq(MenasReference(None, "dataset1", 1), MenasReference(None, "dataset2", 7))), None)
@@ -983,7 +974,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn
           val mappingTable2 = MappingTableFactory.getDummyMappingTable(name = "mapping2", schemaName = "schema", schemaVersion = 2, disabled = false)
           mappingTableFixture.add(mappingTable1, mappingTable2)
 
-          val response = sendDeleteByAdmin[UsedIn](s"$apiUrl/schema")
+          val response = sendDelete[UsedIn](s"$apiUrl/schema")
           assertBadRequest(response)
 
           response.getBody shouldBe UsedIn(None, Some(Seq(MenasReference(None, "mapping1", 1), MenasReference(None, "mapping2", 1))))
@@ -1001,7 +992,7 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn
           val dataset2 = DatasetFactory.getDummyDataset(name = "dataset2", schemaName = "schema", schemaVersion = 2)
           datasetFixture.add(dataset2)
 
-          val response = sendDeleteByAdmin[UsedIn](s"$apiUrl/schema")
+          val response = sendDelete[UsedIn](s"$apiUrl/schema")
           assertBadRequest(response)
 
           response.getBody shouldBe UsedIn(Some(Seq(MenasReference(None, "dataset2", 1))), Some(Seq(MenasReference(None, "mapping1", 1))))
@@ -1012,21 +1003,11 @@ class SchemaControllerV3IntegrationSuite extends BaseRestApiTestV3 with BeforeAn
     "return 404" when {
       "no Schema with the given name exists" should {
         "disable nothing" in {
-          val response = sendDeleteByAdmin[String](s"$apiUrl/aSchema")
+          val response = sendDelete[String](s"$apiUrl/aSchema")
           assertNotFound(response)
         }
       }
     }
-
-    "return 403" when {
-      s"admin auth is not used for DELETE" in {
-        val schemaV1 = SchemaFactory.getDummySchema(name = "schemaA", version = 1)
-        schemaFixture.add(schemaV1)
-
-        val response = sendDelete[Validation](s"$apiUrl/schemaA")
-        response.getStatusCode shouldBe HttpStatus.FORBIDDEN
-      }
-    }
   }
 
 }