"Fix" permissions' issues

FAForever · May 22, 2023 · 6eaf11d · 6eaf11d
1 parent 478997e
commit 6eaf11d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/src/inttest/java/com/faforever/api/data/UserGroupTest.java b/src/inttest/java/com/faforever/api/data/UserGroupTest.java
@@ -8,6 +8,8 @@
 import org.springframework.test.context.jdbc.Sql;
 import org.springframework.test.context.jdbc.Sql.ExecutionPhase;
 
+import java.util.Set;
+
 import static com.faforever.api.data.JsonApiMediaType.JSON_API_MEDIA_TYPE;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.patch;
@@ -128,7 +130,10 @@ public void cannotCreateUserGroupWithoutRole() throws Exception {
   @Test
   public void canCreateUserGroupWithScopeAndRole() throws Exception {
     mockMvc.perform(post("/data/userGroup")
-      .with(getOAuthTokenWithActiveUser(OAuthScope._ADMINISTRATIVE_ACTION, GroupPermission.ROLE_WRITE_USER_GROUP))
+        .with(getOAuthTokenWithActiveUser(
+          Set.of(OAuthScope._ADMINISTRATIVE_ACTION, OAuthScope._READ_SENSIBLE_USERDATA),
+          Set.of(GroupPermission.ROLE_WRITE_USER_GROUP, GroupPermission.ROLE_READ_USER_GROUP)
+        ))
       .header(HttpHeaders.CONTENT_TYPE, JSON_API_MEDIA_TYPE)
       .content(testPost))
       .andExpect(status().isCreated());
@@ -155,7 +160,10 @@ public void cannotUpdateUserGroupWithoutRole() throws Exception {
   @Test
   public void canUpdateUserGroupWithScopeAndRole() throws Exception {
     mockMvc.perform(patch("/data/userGroup/3")
-      .with(getOAuthTokenWithActiveUser(OAuthScope._ADMINISTRATIVE_ACTION, GroupPermission.ROLE_WRITE_USER_GROUP))
+      .with(getOAuthTokenWithActiveUser(
+        Set.of(OAuthScope._ADMINISTRATIVE_ACTION, OAuthScope._READ_SENSIBLE_USERDATA),
+        Set.of(GroupPermission.ROLE_WRITE_USER_GROUP, GroupPermission.ROLE_READ_USER_GROUP)
+      ))
       .header(HttpHeaders.CONTENT_TYPE, JSON_API_MEDIA_TYPE)
       .content(testPatch))
       .andExpect(status().isNoContent());

diff --git a/src/main/java/com/faforever/api/data/domain/UserGroup.java b/src/main/java/com/faforever/api/data/domain/UserGroup.java
@@ -30,8 +30,7 @@
 @CreatePermission(expression = WriteUserGroupCheck.EXPRESSION)
 @ReadPermission(expression = UserGroupPublicCheck.EXPRESSION + " or " + ReadUserGroupCheck.EXPRESSION)
 @Setter
-public class
-UserGroup extends AbstractEntity<UserGroup> {
+public class UserGroup extends AbstractEntity<UserGroup> {
 
   private String technicalName;
   private String nameKey;