Merge branch 'main' into fix/remove-jodd

CHANGELOG.md

@@ -1,5 +1,36 @@
 # Changelog
 
+## [30.8.0](https://github.com/dasch-swiss/dsp-api/compare/v30.7.0...v30.8.0) (2024-02-05)
+
+
+### Maintenance
+
+* Admin groups cleanup ([#3011](https://github.com/dasch-swiss/dsp-api/issues/3011)) ([34fd51a](https://github.com/dasch-swiss/dsp-api/commit/34fd51a6417d5f593edb681e5ae9b714bcd30b96))
+* Bump sipi to 3.8.10 ([#3007](https://github.com/dasch-swiss/dsp-api/issues/3007)) ([be8ce70](https://github.com/dasch-swiss/dsp-api/commit/be8ce705f3407dec2b59f16bdcb2eeb70349baec))
+* Bump Sipi to 3.8.11 ([#3014](https://github.com/dasch-swiss/dsp-api/issues/3014)) ([67e6762](https://github.com/dasch-swiss/dsp-api/commit/67e676220537a7dd9312518cdce7a7d03fb37a56))
+* Dependency updates ([#3017](https://github.com/dasch-swiss/dsp-api/issues/3017)) ([4918f5c](https://github.com/dasch-swiss/dsp-api/commit/4918f5c0b7310b12752c181b6f8852fdf8509f20))
+* Migrate `GET /admin/lists?projectIri` route to tapir ([#3006](https://github.com/dasch-swiss/dsp-api/issues/3006)) ([a931357](https://github.com/dasch-swiss/dsp-api/commit/a931357160bc00ae54f285badb716f6ecb7d8a05))
+* Migrate `POST /admin/lists` and `POST /admin/lists/<parentListIri>` to Tapir (DEV-1589) ([#3018](https://github.com/dasch-swiss/dsp-api/issues/3018)) ([63fe560](https://github.com/dasch-swiss/dsp-api/commit/63fe5600aec489a68c9868e56315feb1b14278f6))
+* Migrate GET /admin/users/iri/<userIri> to tapir ([#3010](https://github.com/dasch-swiss/dsp-api/issues/3010)) ([34d2d7a](https://github.com/dasch-swiss/dsp-api/commit/34d2d7a226ead4e8dd4b1dd966e89376d58914f5))
+* Migrate some `GET /admin/lists/*` endpoints to Tapir ([#3012](https://github.com/dasch-swiss/dsp-api/issues/3012)) ([785b573](https://github.com/dasch-swiss/dsp-api/commit/785b57332f8b96969db020184ec8acfdbd2abceb))
+* Migrate update and delete of lists to Tapir ([#3013](https://github.com/dasch-swiss/dsp-api/issues/3013)) ([dafaffb](https://github.com/dasch-swiss/dsp-api/commit/dafaffba8dde87d9867ecf1dd82bf62e7f19b6c4))
+* Minor dependency updates ([#3016](https://github.com/dasch-swiss/dsp-api/issues/3016)) ([d59246f](https://github.com/dasch-swiss/dsp-api/commit/d59246fc479d5462d56b6972bd21cdfea3b75c69))
+* Patch dependency updates ([#3015](https://github.com/dasch-swiss/dsp-api/issues/3015)) ([b46f8f7](https://github.com/dasch-swiss/dsp-api/commit/b46f8f7fc39adc1aaad84a1af7cf31be56f4a600))
+* **readme:** Update installation instruction ([#2999](https://github.com/dasch-swiss/dsp-api/issues/2999)) ([296815c](https://github.com/dasch-swiss/dsp-api/commit/296815cb1a296d356524f6708db76b39b50e9a46))
+* **readme:** Use just targets instead of make targets ([#3000](https://github.com/dasch-swiss/dsp-api/issues/3000)) ([71e6119](https://github.com/dasch-swiss/dsp-api/commit/71e61198636df9a1a2a6271786db4ec41a91e677))
+* Remove needless `ProjectsResponderRequestADM` classes ([#3008](https://github.com/dasch-swiss/dsp-api/issues/3008)) ([1468d2c](https://github.com/dasch-swiss/dsp-api/commit/1468d2cfa58df3fb2abdce9e1acaeb75726939fa))
+
+
+### Enhancements
+
+* Enable `UpgradePlugin`s to restrict to a specific graph and update the knora base version to 26 ([#3005](https://github.com/dasch-swiss/dsp-api/issues/3005)) ([e54aa0b](https://github.com/dasch-swiss/dsp-api/commit/e54aa0bbc49b581215f9a655666823951be406ae))
+
+
+### Bug Fixes
+
+* Less information in auth error messages (DEV-3260) ([#3019](https://github.com/dasch-swiss/dsp-api/issues/3019)) ([569a6c1](https://github.com/dasch-swiss/dsp-api/commit/569a6c19512a3eb6273259cba8debff34630ed5a))
+* Only allow System Administrators to create users ([#3022](https://github.com/dasch-swiss/dsp-api/issues/3022)) ([5ab6e35](https://github.com/dasch-swiss/dsp-api/commit/5ab6e35187a4c334e85aea15e902fe3fb56edc6f))
+
 ## [30.7.0](https://github.com/dasch-swiss/dsp-api/compare/v30.6.0...v30.7.0) (2024-01-25)
 
 

integration/src/test/scala/org/knora/webapi/e2e/admin/UsersADME2ESpec.scala

@@ -296,6 +296,27 @@ class UsersADME2ESpec
     }
 
     "given a custom Iri" should {
+      "given no credentials in the request when creating a user it must be forbidden" in {
+        val validUserCreationRequest: String =
+          s"""{
+             |    "id": "$customUserIri",
+             |    "username": "userWithCustomIri",
+             |    "email": "userWithCustomIri@example.org",
+             |    "givenName": "a user",
+             |    "familyName": "with a custom Iri",
+             |    "password": "test",
+             |    "status": true,
+             |    "lang": "en",
+             |    "systemAdmin": false
+             |}""".stripMargin
+        val request = Post(
+          baseApiUrl + s"/admin/users",
+          HttpEntity(ContentTypes.`application/json`, validUserCreationRequest)
+        )
+        val response: HttpResponse = singleAwaitingRequest(request)
+        response.status should be(StatusCodes.Forbidden)
+      }
+
       "create a user with the provided custom IRI" in {
         val createUserWithCustomIriRequest: String =
           s"""{
@@ -323,7 +344,7 @@ class UsersADME2ESpec
         val request = Post(
           baseApiUrl + s"/admin/users",
           HttpEntity(ContentTypes.`application/json`, createUserWithCustomIriRequest)
-        )
+        ) ~> addRootUserCredentials()
         val response: HttpResponse = singleAwaitingRequest(request)
 
         response.status should be(StatusCodes.OK)
@@ -359,7 +380,10 @@ class UsersADME2ESpec
              |    "systemAdmin": false
              |}""".stripMargin
 
-        val request                = Post(baseApiUrl + s"/admin/users", HttpEntity(ContentTypes.`application/json`, params))
+        val request = Post(
+          baseApiUrl + s"/admin/users",
+          HttpEntity(ContentTypes.`application/json`, params)
+        ) ~> addRootUserCredentials()
         val response: HttpResponse = singleAwaitingRequest(request)
         response.status should be(StatusCodes.BadRequest)
 
@@ -389,7 +413,7 @@ class UsersADME2ESpec
         val request = Post(
           baseApiUrl + s"/admin/users",
           HttpEntity(ContentTypes.`application/json`, createUserWithApostropheRequest)
-        )
+        ) ~> addRootUserCredentials()
         val response: HttpResponse = singleAwaitingRequest(request)
 
         response.status should be(StatusCodes.OK)
@@ -463,7 +487,11 @@ class UsersADME2ESpec
             text = createUserRequest
           )
         )
-        val request                = Post(baseApiUrl + s"/admin/users", HttpEntity(ContentTypes.`application/json`, createUserRequest))
+        val request = Post(
+          baseApiUrl + s"/admin/users",
+          HttpEntity(ContentTypes.`application/json`, createUserRequest)
+        ) ~> addRootUserCredentials()
+
         val response: HttpResponse = singleAwaitingRequest(request)
 
         response.status should be(StatusCodes.OK)
@@ -513,7 +541,10 @@ class UsersADME2ESpec
             text = createUserRequest
           )
         )
-        val request                = Post(baseApiUrl + s"/admin/users", HttpEntity(ContentTypes.`application/json`, createUserRequest))
+        val request = Post(
+          baseApiUrl + s"/admin/users",
+          HttpEntity(ContentTypes.`application/json`, createUserRequest)
+        ) ~> addRootUserCredentials()
         val response: HttpResponse = singleAwaitingRequest(request)
 
         response.status should be(StatusCodes.BadRequest)
@@ -553,7 +584,10 @@ class UsersADME2ESpec
             text = createUserRequest
           )
         )
-        val request                = Post(baseApiUrl + s"/admin/users", HttpEntity(ContentTypes.`application/json`, createUserRequest))
+        val request = Post(
+          baseApiUrl + s"/admin/users",
+          HttpEntity(ContentTypes.`application/json`, createUserRequest)
+        ) ~> addRootUserCredentials()
         val response: HttpResponse = singleAwaitingRequest(request)
 
         response.status should be(StatusCodes.BadRequest)

integration/src/test/scala/org/knora/webapi/responders/admin/GroupsResponderADMSpec.scala

@@ -9,56 +9,43 @@ import org.apache.pekko.actor.Status.Failure
 
 import java.util.UUID
 
-import dsp.errors.BadRequestException
-import dsp.errors.DuplicateValueException
-import dsp.errors.NotFoundException
+import dsp.errors.*
 import dsp.valueobjects.Group.*
 import dsp.valueobjects.V2
 import org.knora.webapi.*
 import org.knora.webapi.messages.admin.responder.groupsmessages.*
-import org.knora.webapi.messages.admin.responder.usersmessages.GroupMembersGetResponseADM
-import org.knora.webapi.messages.admin.responder.usersmessages.UserInformationTypeADM
+import org.knora.webapi.messages.admin.responder.usersmessages.*
 import org.knora.webapi.messages.store.triplestoremessages.StringLiteralV2
-import org.knora.webapi.sharedtestdata.SharedTestDataADM
+import org.knora.webapi.routing.UnsafeZioRun
+import org.knora.webapi.sharedtestdata.SharedTestDataADM.*
 import org.knora.webapi.slice.admin.domain.model.GroupIri
 import org.knora.webapi.slice.admin.domain.model.KnoraProject.ProjectIri
 import org.knora.webapi.util.MutableTestIri
 
 /**
- * This spec is used to test the messages received by the [[org.knora.webapi.responders.admin.GroupsResponderADMSpec]] actor.
+ * This spec is used to test the messages received by the [[GroupsResponderADMSpec]] actor.
  */
 class GroupsResponderADMSpec extends CoreSpec {
-  private val imagesProject       = SharedTestDataADM.imagesProject
-  private val imagesReviewerGroup = SharedTestDataADM.imagesReviewerGroup
-
   "The GroupsResponder " when {
     "asked about all groups" should {
       "return a list" in {
-        appActor ! GroupsGetRequestADM()
-
-        val response = expectMsgType[GroupsGetResponseADM](timeout)
-        response.groups.nonEmpty should be(true)
-        response.groups.size should be(2)
+        val groups = UnsafeZioRun.runOrThrow(GroupsResponderADM.groupsGetADM)
+        assert(groups.nonEmpty)
+        assert(groups.size == 2)
       }
     }
 
     "asked about a group identified by 'iri' " should {
       "return group info if the group is known " in {
-        appActor ! GroupGetRequestADM(
-          groupIri = imagesReviewerGroup.id
-        )
-
-        expectMsg(GroupGetResponseADM(imagesReviewerGroup))
+        val group = UnsafeZioRun.runOrThrow(GroupsResponderADM.groupGetADM(imagesReviewerGroup.id))
+        assert(group.nonEmpty)
+        assert(group.map(_.id).contains(imagesReviewerGroup.id))
       }
 
-      "return 'NotFoundException' when the group is unknown " in {
-        appActor ! GroupGetRequestADM(
-          groupIri = "http://rdfh.ch/groups/notexisting"
-        )
-
-        expectMsgPF(timeout) { case msg: Failure =>
-          msg.cause.isInstanceOf[NotFoundException] should ===(true)
-        }
+      "return 'None' when the group is unknown " in {
+        val iri      = "http://rdfh.ch/groups/notexisting"
+        val response = UnsafeZioRun.runOrThrow(GroupsResponderADM.groupGetADM(iri))
+        assert(response.isEmpty)
       }
     }
 
@@ -80,16 +67,16 @@ class GroupsResponderADMSpec extends CoreSpec {
                 )
               )
               .fold(e => throw e.head, v => v),
-            project = ProjectIri.unsafeFrom(SharedTestDataADM.imagesProjectIri),
+            project = ProjectIri.unsafeFrom(imagesProjectIri),
             status = GroupStatus.active,
             selfjoin = GroupSelfJoin.make(false).fold(e => throw e.head, v => v)
           ),
-          requestingUser = SharedTestDataADM.imagesUser01,
+          requestingUser = imagesUser01,
           apiRequestID = UUID.randomUUID
         )
 
-        val received: GroupOperationResponseADM = expectMsgType[GroupOperationResponseADM](timeout)
-        val newGroupInfo                        = received.group
+        val received: GroupGetResponseADM = expectMsgType[GroupGetResponseADM](timeout)
+        val newGroupInfo                  = received.group
 
         newGroupInfo.name should equal("NewGroup")
         newGroupInfo.descriptions should equal(
@@ -111,11 +98,11 @@ class GroupsResponderADMSpec extends CoreSpec {
             descriptions = GroupDescriptions
               .make(Seq(V2.StringLiteralV2(value = "NewGroupDescription", language = Some("en"))))
               .fold(e => throw e.head, v => v),
-            project = ProjectIri.unsafeFrom(SharedTestDataADM.imagesProjectIri),
+            project = ProjectIri.unsafeFrom(imagesProjectIri),
             status = GroupStatus.active,
             selfjoin = GroupSelfJoin.make(false).fold(e => throw e.head, v => v)
           ),
-          requestingUser = SharedTestDataADM.imagesUser01,
+          requestingUser = imagesUser01,
           apiRequestID = UUID.randomUUID
         )
 
@@ -137,12 +124,12 @@ class GroupsResponderADMSpec extends CoreSpec {
                 .fold(e => throw e.head, v => v)
             )
           ),
-          requestingUser = SharedTestDataADM.imagesUser01,
+          requestingUser = imagesUser01,
           apiRequestID = UUID.randomUUID
         )
 
-        val received: GroupOperationResponseADM = expectMsgType[GroupOperationResponseADM](timeout)
-        val updatedGroupInfo                    = received.group
+        val received: GroupGetResponseADM = expectMsgType[GroupGetResponseADM](timeout)
+        val updatedGroupInfo              = received.group
 
         updatedGroupInfo.name should equal("UpdatedGroupName")
         updatedGroupInfo.descriptions should equal(
@@ -164,7 +151,7 @@ class GroupsResponderADMSpec extends CoreSpec {
                 .fold(e => throw e.head, v => v)
             )
           ),
-          requestingUser = SharedTestDataADM.imagesUser01,
+          requestingUser = imagesUser01,
           apiRequestID = UUID.randomUUID
         )
 
@@ -184,7 +171,7 @@ class GroupsResponderADMSpec extends CoreSpec {
                 .fold(e => throw e.head, v => v)
             )
           ),
-          requestingUser = SharedTestDataADM.imagesUser01,
+          requestingUser = imagesUser01,
           apiRequestID = UUID.randomUUID
         )
 
@@ -200,41 +187,38 @@ class GroupsResponderADMSpec extends CoreSpec {
 
     "used to query members" should {
       "return all members of a group identified by IRI" in {
-        appActor ! GroupMembersGetRequestADM(
-          groupIri = SharedTestDataADM.imagesReviewerGroup.id,
-          requestingUser = SharedTestDataADM.rootUser
-        )
-
-        val received: GroupMembersGetResponseADM = expectMsgType[GroupMembersGetResponseADM](timeout)
+        val iri = (GroupIri.unsafeFrom(imagesReviewerGroup.id))
+        val received =
+          UnsafeZioRun.runOrThrow(GroupsResponderADM.groupMembersGetRequest(iri, rootUser))
 
         received.members.map(_.id) should contain allElementsOf Seq(
-          SharedTestDataADM.multiuserUser.ofType(UserInformationTypeADM.Restricted),
-          SharedTestDataADM.imagesReviewerUser.ofType(UserInformationTypeADM.Restricted)
+          multiuserUser.ofType(UserInformationTypeADM.Restricted),
+          imagesReviewerUser.ofType(UserInformationTypeADM.Restricted)
         ).map(_.id)
       }
 
       "remove all members when group is deactivated" in {
         appActor ! GroupMembersGetRequestADM(
-          groupIri = SharedTestDataADM.imagesReviewerGroup.id,
-          requestingUser = SharedTestDataADM.rootUser
+          groupIri = imagesReviewerGroup.id,
+          requestingUser = rootUser
         )
 
         val membersBeforeStatusChange: GroupMembersGetResponseADM = expectMsgType[GroupMembersGetResponseADM](timeout)
         membersBeforeStatusChange.members.size shouldBe 2
 
         appActor ! GroupChangeStatusRequestADM(
-          groupIri = SharedTestDataADM.imagesReviewerGroup.id,
+          groupIri = imagesReviewerGroup.id,
           changeGroupRequest = ChangeGroupApiRequestADM(status = Some(false)),
-          requestingUser = SharedTestDataADM.imagesUser01,
+          requestingUser = imagesUser01,
           apiRequestID = UUID.randomUUID
         )
 
-        val statusChangeResponse = expectMsgType[GroupOperationResponseADM](timeout)
+        val statusChangeResponse = expectMsgType[GroupGetResponseADM](timeout)
         statusChangeResponse.group.status shouldBe false
 
         appActor ! GroupMembersGetRequestADM(
-          groupIri = SharedTestDataADM.imagesReviewerGroup.id,
-          requestingUser = SharedTestDataADM.rootUser
+          groupIri = imagesReviewerGroup.id,
+          requestingUser = rootUser
         )
 
         val noMembers: GroupMembersGetResponseADM = expectMsgType[GroupMembersGetResponseADM](timeout)
@@ -244,7 +228,7 @@ class GroupsResponderADMSpec extends CoreSpec {
       "return 'NotFound' when the group IRI is unknown" in {
         appActor ! GroupMembersGetRequestADM(
           groupIri = "http://rdfh.ch/groups/notexisting",
-          requestingUser = SharedTestDataADM.rootUser
+          requestingUser = rootUser
         )
 
         expectMsgPF(timeout) { case msg: Failure =>

version.txt

@@ -1 +1 @@
-30.7.0
+30.8.0

webapi/src/main/scala/org/knora/webapi/messages/admin/responder/groupsmessages/GroupsMessagesADM.scala

@@ -18,7 +18,6 @@ import org.knora.webapi.IRI
 import org.knora.webapi.core.RelayedMessage
 import org.knora.webapi.messages.ResponderRequest.KnoraRequestADM
 import org.knora.webapi.messages.admin.responder.AdminKnoraResponseADM
-import org.knora.webapi.messages.admin.responder.KnoraResponseADM
 import org.knora.webapi.messages.admin.responder.projectsmessages.ProjectADM
 import org.knora.webapi.messages.admin.responder.projectsmessages.ProjectsADMJsonProtocol
 import org.knora.webapi.messages.store.triplestoremessages.StringLiteralV2
@@ -104,11 +103,6 @@ sealed trait GroupsResponderRequestADM extends KnoraRequestADM with RelayedMessa
  */
 case class GroupsGetADM() extends GroupsResponderRequestADM
 
-/**
- * Get all information about all groups.
- */
-case class GroupsGetRequestADM() extends GroupsResponderRequestADM
-
 /**
  * Get everything about a single group identified through its IRI. A successful response will be
  * an [[Option[GroupADM] ]], which will be `None` if the group was not found.
@@ -117,14 +111,6 @@ case class GroupsGetRequestADM() extends GroupsResponderRequestADM
  */
 case class GroupGetADM(groupIri: IRI) extends GroupsResponderRequestADM
 
-/**
- * Get everything about a single group identified through its IRI. The response will be a
- * [[GroupGetResponseADM]], or an error if the group was not found.
- *
- * @param groupIri             IRI of the group.
- */
-case class GroupGetRequestADM(groupIri: IRI) extends GroupsResponderRequestADM
-
 /**
  * Get everything about a multiple groups identified by their IRIs. The response will be a
  * [[Set[GroupGetResponseADM] ]], or an error if one or more groups was not found.
@@ -205,15 +191,6 @@ case class GroupGetResponseADM(group: GroupADM) extends AdminKnoraResponseADM wi
   def toJsValue = groupResponseADMFormat.write(this)
 }
 
-/**
- * Represents an answer to a group creating/modifying operation.
- *
- * @param group the new group information of the created/modified group.
- */
-case class GroupOperationResponseADM(group: GroupADM) extends KnoraResponseADM with GroupsADMJsonProtocol {
-  def toJsValue = groupOperationResponseADMFormat.write(this)
-}
-
 //////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // Components of messages
 
@@ -257,6 +234,4 @@ trait GroupsADMJsonProtocol extends SprayJsonSupport with DefaultJsonProtocol wi
     jsonFormat(CreateGroupApiRequestADM, "id", "name", "descriptions", "project", "status", "selfjoin")
   implicit val changeGroupApiRequestADMFormat: RootJsonFormat[ChangeGroupApiRequestADM] =
     jsonFormat(ChangeGroupApiRequestADM, "name", "descriptions", "status", "selfjoin")
-  implicit val groupOperationResponseADMFormat: RootJsonFormat[GroupOperationResponseADM] =
-    jsonFormat(GroupOperationResponseADM, "group")
 }