Commit ba03c428 authored by Hando Lukats's avatar Hando Lukats
Browse files

TEIS-2300 removed privilege validation from getBusinessTypes request

parent a09dc814
......@@ -20,7 +20,6 @@ import static ee.sm.ti.teis.types.enums.ObjectStatus.CURRENT;
import static ee.sm.ti.teis.types.enums.RolePrivilegeCode.EX_VIEW_RISK_ASSESSMENTS;
import static ee.sm.ti.teis.types.enums.RolePrivilegeCode.TI_VIEW_RISK_ASSESSMENTS;
import static ee.sm.ti.teis.types.enums.classifier.RiskSettingsStatus.ACTIVE;
import static ee.sm.ti.teis.utils.TestUtils.assertResponseForbidden;
import static ee.sm.ti.teis.utils.TestUtils.createRequestMeta;
import static java.util.UUID.randomUUID;
import static org.assertj.core.api.Assertions.assertThat;
......@@ -74,26 +73,6 @@ public class BusinessTypesPublicGwListenerTest extends RiskAssessmentsAppTestBas
assertThat(dto.getObjectStatus()).isEqualTo(CURRENT);
}
@Test
public void getBusinessTypes_isPersonType_wrongPrivilege_forbidden() {
request.getRequestMetaDTO().setUserType(PERSON);
request.getRequestMetaDTO().setPrivileges(List.of(TI_VIEW_RISK_ASSESSMENTS.name()));
BusinessTypesPublicResponse response = listener.getBusinessTypes(request);
assertResponseForbidden(response.getError());
}
@Test
public void getBusinessTypes_isOfficialType_wrongPrivilege_forbidden() {
request.getRequestMetaDTO().setUserType(OFFICIAL_USER);
request.getRequestMetaDTO().setPrivileges(List.of(EX_VIEW_RISK_ASSESSMENTS.name()));
BusinessTypesPublicResponse response = listener.getBusinessTypes(request);
assertResponseForbidden(response.getError());
}
@Test
public void getBusinessTypes_includeInactive_success() {
request.getRequestMetaDTO().setUserType(PERSON);
......
......@@ -26,8 +26,6 @@ public class BusinessTypePublicGwListener {
private final BusinessTypePublicBusinessService service;
@RabbitListener(queues = {GW_BUSINESS_TYPES_QUEUE})
@PreAuthorize("@accessController.hasAnyPrivilege('TI_VIEW_RISK_ASSESSMENTS', #request.requestMetaDTO.companyId, " +
"'EX_VIEW_RISK_ASSESSMENTS', null)")
public BusinessTypesPublicResponse getBusinessTypes(BusinessTypesPublicRequest request) {
RequestMetaDTO requestMetaDTO = request.getRequestMetaDTO();
List<BusinessTypePublicLightDto> dtoList = service.getBusinessTypes(request.getPayload(), requestMetaDTO);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment