[SELC-6300] feat: new permission actions management by role and product (#247)

giulia-tremolada · web-flow · commit 0eca890ca80a · 2025-02-07T10:29:38.000+01:00
diff --git a/apps/user-ms/src/main/java/it/pagopa/selfcare/user/service/UserServiceImpl.java b/apps/user-ms/src/main/java/it/pagopa/selfcare/user/service/UserServiceImpl.java
@@ -824,7 +824,11 @@ private List<OnboardedProductWithActions> filterProductAndAddActions(UserInstitu
                 .filter(onboardedProductWithActions -> ACTIVE.equals(onboardedProductWithActions.getStatus()))
                 .filter(onboardedProductWithActions -> Objects.isNull(productId) || productId.equalsIgnoreCase(onboardedProductWithActions.getProductId()))
                 .filter(onboardedProductWithActions -> StringUtils.isNotBlank(onboardedProductWithActions.getRole()))
-                .peek(onboardedProductWithActions -> onboardedProductWithActions.setUserProductActions(actionMapRetriever.getUserActionsMap().get(onboardedProductWithActions.getRole())))
+                .peek(onboardedProductWithActions -> {
+                    Map<String, List<String>> roleActions = actionMapRetriever.getUserActionsMap().get(onboardedProductWithActions.getRole());
+                        List<String> productActions = roleActions.getOrDefault(onboardedProductWithActions.getProductId(), roleActions.get("default"));
+                        onboardedProductWithActions.setUserProductActions(productActions);
+                })
                 .toList();
     }
 
diff --git a/apps/user-ms/src/main/java/it/pagopa/selfcare/user/util/ActionMapRetriever.java b/apps/user-ms/src/main/java/it/pagopa/selfcare/user/util/ActionMapRetriever.java
@@ -3,7 +3,6 @@
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.quarkus.runtime.Startup;
-import it.pagopa.selfcare.onboarding.common.PartyRole;
 import it.pagopa.selfcare.user.exception.InvalidRequestException;
 import jakarta.enterprise.context.ApplicationScoped;
 import lombok.Getter;
@@ -19,14 +18,14 @@
 @Startup
 public class ActionMapRetriever {
 
-    private Map<String, List<String>> userActionsMap;
+    private Map<String, Map<String, List<String>>> userActionsMap;
     private static final String ACTIONS_FILE_PATH = "role_action_mapping.json";
 
     public ActionMapRetriever() {
         this.userActionsMap = retrieveActionsMap();
     }
 
-    private Map<String, List<String>>  retrieveActionsMap() {
+    private Map<String, Map<String, List<String>>> retrieveActionsMap() {
         try (InputStream actionsFile = getClass().getClassLoader().getResourceAsStream(ACTIONS_FILE_PATH)) {
             assert actionsFile != null;
             byte[] jsonFile = actionsFile.readAllBytes();
diff --git a/apps/user-ms/src/main/resources/role_action_mapping.json b/apps/user-ms/src/main/resources/role_action_mapping.json
@@ -1,69 +1,108 @@
 {
-  "MANAGER": [
-    "Selc:UploadLogo",
-    "Selc:ViewBilling",
-    "Selc:RequestProductAccess",
-    "Selc:ListAvailableProducts",
-    "Selc:ListActiveProducts",
-    "Selc:AccessProductBackoffice",
-    "Selc:ViewManagedInstitutions",
-    "Selc:ViewDelegations",
-    "Selc:ManageProductUsers",
-    "Selc:ListProductUsers",
-    "Selc:ManageProductGroups",
-    "Selc:CreateDelegation",
-    "Selc:ViewInstitutionData",
-    "Selc:UpdateInstitutionData"
-  ],
-  "DELEGATE": [
-    "Selc:UploadLogo",
-    "Selc:ViewBilling",
-    "Selc:RequestProductAccess",
-    "Selc:ListAvailableProducts",
-    "Selc:ListActiveProducts",
-    "Selc:AccessProductBackoffice",
-    "Selc:ViewManagedInstitutions",
-    "Selc:ViewDelegations",
-    "Selc:ManageProductUsers",
-    "Selc:ListProductUsers",
-    "Selc:ManageProductGroups",
-    "Selc:CreateDelegation",
-    "Selc:ViewInstitutionData",
-    "Selc:UpdateInstitutionData"
-  ],
-  "SUB_DELEGATE": [
-    "Selc:UploadLogo",
-    "Selc:ViewBilling",
-    "Selc:RequestProductAccess",
-    "Selc:ListAvailableProducts",
-    "Selc:ListActiveProducts",
-    "Selc:AccessProductBackoffice",
-    "Selc:ViewManagedInstitutions",
-    "Selc:ViewDelegations",
-    "Selc:ManageProductUsers",
-    "Selc:ListProductUsers",
-    "Selc:ManageProductGroups",
-    "Selc:CreateDelegation",
-    "Selc:ViewInstitutionData",
-    "Selc:UpdateInstitutionData"
-  ],
-  "ADMIN_EA": [
-    "Selc:UploadLogo",
-    "Selc:ViewBilling",
-    "Selc:RequestProductAccess",
-    "Selc:ListActiveProducts",
-    "Selc:AccessProductBackoffice",
-    "Selc:ViewManagedInstitutions",
-    "Selc:ViewDelegations",
-    "Selc:ListProductUsers",
-    "Selc:ManageProductGroups",
-    "Selc:ViewInstitutionData",
-    "Selc:UpdateInstitutionData"
-  ],
-  "OPERATOR": [
-    "Selc:ViewBilling",
-    "Selc:AccessProductBackoffice",
-    "Selc:ViewInstitutionData",
-    "Selc:ListActiveProducts"
-  ]
+  "MANAGER": {
+    "default": [
+      "Selc:UploadLogo",
+      "Selc:ViewBilling",
+      "Selc:RequestProductAccess",
+      "Selc:ListAvailableProducts",
+      "Selc:ListActiveProducts",
+      "Selc:AccessProductBackoffice",
+      "Selc:ViewManagedInstitutions",
+      "Selc:ViewDelegations",
+      "Selc:ManageProductUsers",
+      "Selc:ListProductUsers",
+      "Selc:ManageProductGroups",
+      "Selc:CreateDelegation",
+      "Selc:ViewInstitutionData",
+      "Selc:UpdateInstitutionData"
+    ]
+  },
+  "DELEGATE": {
+    "default": [
+      "Selc:UploadLogo",
+      "Selc:ViewBilling",
+      "Selc:RequestProductAccess",
+      "Selc:ListAvailableProducts",
+      "Selc:ListActiveProducts",
+      "Selc:AccessProductBackoffice",
+      "Selc:ViewManagedInstitutions",
+      "Selc:ViewDelegations",
+      "Selc:ManageProductUsers",
+      "Selc:ListProductUsers",
+      "Selc:ManageProductGroups",
+      "Selc:CreateDelegation",
+      "Selc:ViewInstitutionData",
+      "Selc:UpdateInstitutionData"
+    ]
+  },
+  "SUB_DELEGATE": {
+    "default": [
+      "Selc:UploadLogo",
+      "Selc:ViewBilling",
+      "Selc:RequestProductAccess",
+      "Selc:ListAvailableProducts",
+      "Selc:ListActiveProducts",
+      "Selc:AccessProductBackoffice",
+      "Selc:ViewManagedInstitutions",
+      "Selc:ViewDelegations",
+      "Selc:ManageProductUsers",
+      "Selc:ListProductUsers",
+      "Selc:ManageProductGroups",
+      "Selc:CreateDelegation",
+      "Selc:ViewInstitutionData",
+      "Selc:UpdateInstitutionData"
+    ]
+  },
+  "ADMIN_EA": {
+    "prod-io": [
+      "Selc:UploadLogo",
+      "Selc:ViewBilling",
+      "Selc:ListActiveProducts",
+      "Selc:AccessProductBackoffice",
+      "Selc:ViewManagedInstitutions",
+      "Selc:ViewDelegations",
+      "Selc:ManageProductUsers",
+      "Selc:ListProductUsers",
+      "Selc:ManageProductGroups",
+      "Selc:CreateDelegation",
+      "Selc:ViewInstitutionData",
+      "Selc:UpdateInstitutionData"
+    ],
+    "prod-pagopa": [
+      "Selc:UploadLogo",
+      "Selc:ViewBilling",
+      "Selc:RequestProductAccess",
+      "Selc:ListAvailableProducts",
+      "Selc:ListActiveProducts",
+      "Selc:AccessProductBackoffice",
+      "Selc:ViewManagedInstitutions",
+      "Selc:ViewDelegations",
+      "Selc:ListProductUsers",
+      "Selc:ManageProductGroups",
+      "Selc:ViewInstitutionData",
+      "Selc:UpdateInstitutionData"
+    ],
+    "default": [
+      "Selc:UploadLogo",
+      "Selc:ViewBilling",
+      "Selc:RequestProductAccess",
+      "Selc:ListAvailableProducts",
+      "Selc:ListActiveProducts",
+      "Selc:AccessProductBackoffice",
+      "Selc:ViewManagedInstitutions",
+      "Selc:ViewDelegations",
+      "Selc:ListProductUsers",
+      "Selc:ManageProductGroups",
+      "Selc:ViewInstitutionData",
+      "Selc:UpdateInstitutionData"
+    ]
+  },
+  "OPERATOR": {
+    "default": [
+      "Selc:ViewBilling",
+      "Selc:AccessProductBackoffice",
+      "Selc:ViewInstitutionData",
+      "Selc:ListActiveProducts"
+    ]
+  }
 }
diff --git a/apps/user-ms/src/test/java/it/pagopa/selfcare/user/service/UserServiceTest.java b/apps/user-ms/src/test/java/it/pagopa/selfcare/user/service/UserServiceTest.java
@@ -150,6 +150,26 @@ private UserInstitution createUserInstitution(){
         return userInstitution;
     }
 
+    private UserInstitution createUserInstitution_ADMIN_EA_IO(){
+        UserInstitution userInstitution = new UserInstitution();
+        userInstitution.setId(ObjectId.get());
+        userInstitution.setUserId(userId.toString());
+        userInstitution.setInstitutionId("institutionId");
+        userInstitution.setUserMailUuid(workContractsKey);
+        userInstitution.setInstitutionRootName("institutionRootName");
+
+        OnboardedProduct product = new OnboardedProduct();
+        product.setProductId("prod-io");
+        product.setProductRole("admin");
+        product.setRole(ADMIN_EA);
+        product.setStatus(OnboardedProductState.ACTIVE);
+
+        List<OnboardedProduct> products = new ArrayList<>();
+        products.add(product);
+        userInstitution.setProducts(products);
+        return userInstitution;
+    }
+
     @Test
     void getUsersEmailsTest() {
 
@@ -1909,6 +1929,27 @@ void testGetUserInstitutionWithPermissionQueryWithoutProductId() {
 
     }
 
+    @Test
+    void testGetUserInstitutionWithPermissionQueryWithoutProductId_ADMIN_EA_IO() {
+        String institutionId = "institutionId";
+        String userId = "userId";
+
+        Map<String, Object> queryParameter;
+        queryParameter = UserInstitutionFilter.builder().userId(userId).institutionId(institutionId).build().constructMap();
+
+        when(userInstitutionService.retrieveFirstFilteredUserInstitution(queryParameter))
+                .thenReturn(Uni.createFrom().item(createUserInstitution_ADMIN_EA_IO()));
+
+        userService.getUserInstitutionWithPermission(userId, institutionId, null)
+                .subscribe()
+                .withSubscriber(UniAssertSubscriber.create())
+                .assertItem(getUserInstitutionWithAction_ADMIN_EA_IO())
+                .assertCompleted();
+
+        verify(userInstitutionService).retrieveFirstFilteredUserInstitution(queryParameter);
+
+    }
+
     private UserInstitutionWithActions getUserInstitutionWithAction() {
         UserInstitutionWithActions userInstitutionWithActions = new UserInstitutionWithActions();
         OnboardedProductWithActions product = new OnboardedProductWithActions();
@@ -1938,6 +1979,33 @@ private UserInstitutionWithActions getUserInstitutionWithAction() {
         return userInstitutionWithActions;
     }
 
+    private UserInstitutionWithActions getUserInstitutionWithAction_ADMIN_EA_IO() {
+        UserInstitutionWithActions userInstitutionWithActions = new UserInstitutionWithActions();
+        OnboardedProductWithActions product = new OnboardedProductWithActions();
+        product.setRole(ADMIN_EA.name());
+        product.setProductId("prod-io");
+        product.setProductRole("admin");
+        product.setStatus(ACTIVE);
+        product.setUserProductActions(List.of("Selc:UploadLogo",
+                "Selc:ViewBilling",
+                "Selc:ListActiveProducts",
+                "Selc:AccessProductBackoffice",
+                "Selc:ViewManagedInstitutions",
+                "Selc:ViewDelegations",
+                "Selc:ManageProductUsers",
+                "Selc:ListProductUsers",
+                "Selc:ManageProductGroups",
+                "Selc:CreateDelegation",
+                "Selc:ViewInstitutionData",
+                "Selc:UpdateInstitutionData"));
+        userInstitutionWithActions.setInstitutionRootName("institutionRootName");
+        userInstitutionWithActions.setUserMailUuid(workContractsKey);
+        userInstitutionWithActions.setInstitutionId("institutionId");
+        userInstitutionWithActions.setUserId(userId.toString());
+        userInstitutionWithActions.setProducts(List.of(product));
+        return userInstitutionWithActions;
+    }
+
     @Test
     void testGetUserInstitutionWithPermissionQueryWithProductId() {
         String productId = "productId";
diff --git a/apps/user-ms/src/test/resources/role_action_mapping_test.json b/apps/user-ms/src/test/resources/role_action_mapping_test.json
@@ -1,25 +1,43 @@
 {
-  "MANAGER": [
-    "Selc:UploadLogo",
-    "Selc:ViewBilling",
-    "Selc:RequestProductAccess"
-  ],
-  "DELEGATE": [
-    "Selc:UploadLogo",
-    "Selc:ViewBilling",
-    "Selc:RequestProductAccess"
-  ],
-  "SUB_DELEGATE": [
-    "Selc:UploadLogo",
-    "Selc:ViewBilling",
-    "Selc:RequestProductAccess"
-  ],
-  "ADMIN_EA": [
-    "Selc:UploadLogo",
-    "Selc:ViewBilling",
-    "Selc:RequestProductAccess"
-  ],
-  "OPERATOR": [
-    "Selc:ViewBilling"
-  ]
+  "MANAGER": {
+    "default": [
+      "Selc:UploadLogo",
+      "Selc:ViewBilling",
+      "Selc:RequestProductAccess"
+    ]
+  },
+  "DELEGATE": {
+    "default": [
+      "Selc:UploadLogo",
+      "Selc:ViewBilling",
+      "Selc:RequestProductAccess"
+    ]
+  },
+  "SUB_DELEGATE": {
+    "default": [
+      "Selc:UploadLogo",
+      "Selc:ViewBilling",
+      "Selc:RequestProductAccess"
+    ]
+  },
+  "ADMIN_EA": {
+    "prod-io": [
+      "Selc:UploadLogo",
+      "Selc:ViewBilling"
+    ],
+    "prod-pagopa": [
+      "Selc:ViewBilling",
+      "Selc:RequestProductAccess"
+    ],
+    "default": [
+      "Selc:UploadLogo",
+      "Selc:ViewBilling",
+      "Selc:RequestProductAccess"
+    ]
+  },
+  "OPERATOR": {
+    "default": [
+      "Selc:ViewBilling"
+    ]
+  }
 }
