#197 - POST /documents/compress should be enabled for readonly users

fkq-lambda-core/src/main/java/com/formkiq/aws/services/lambda/ApiAuthorizationBuilder.java

@@ -43,7 +43,7 @@ public class ApiAuthorizationBuilder {
   /** Cognito Admin Group Name. */
   private static final String COGNITO_ADMIN_GROUP = "Admins";
   /** The suffix for the 'readonly' Cognito group. */
-  private static final String COGNITO_READ_SUFFIX = "_read";
+  public static final String COGNITO_READ_SUFFIX = "_read";
 
   /** {@link List} {@link ApiAuthorizationInterceptor}. */
   private ApiAuthorizationInterceptor interceptor = null;

lambda-api/src/main/java/com/formkiq/stacks/api/handler/DocumentsCompressRequestHandler.java

@@ -34,6 +34,7 @@
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.UUID;
 import com.amazonaws.services.lambda.runtime.LambdaLogger;
 import com.formkiq.aws.dynamodb.DynamicObject;
@@ -45,6 +46,7 @@
 import com.formkiq.aws.services.lambda.ApiGatewayRequestEventUtil;
 import com.formkiq.aws.services.lambda.ApiGatewayRequestHandler;
 import com.formkiq.aws.services.lambda.ApiMapResponse;
+import com.formkiq.aws.services.lambda.ApiPermission;
 import com.formkiq.aws.services.lambda.ApiRequestHandlerResponse;
 import com.formkiq.module.lambdaservices.AwsServiceCache;
 import com.formkiq.stacks.dynamodb.DocumentService;
@@ -98,6 +100,13 @@ private DynamicObject getS3TaskObject(final DynamicObject requestBodyObject, fin
         entry(siteIdKey, siteId == null ? DEFAULT_SITE_ID : siteId)));
   }
 
+  @Override
+  public Optional<Boolean> isAuthorized(final AwsServiceCache awsservice, final String method,
+      final ApiGatewayRequestEvent event, final ApiAuthorization authorization) {
+    boolean access = authorization.permissions().contains(ApiPermission.READ);
+    return Optional.of(Boolean.valueOf(access));
+  }
+
   @Override
   public ApiRequestHandlerResponse post(final LambdaLogger logger,
       final ApiGatewayRequestEvent event, final ApiAuthorization authorization,

lambda-api/src/test/java/com/formkiq/stacks/api/handler/AbstractApiClientRequestTest.java

@@ -24,6 +24,7 @@
 package com.formkiq.stacks.api.handler;
 
 import static com.formkiq.aws.dynamodb.SiteIdKeyGenerator.DEFAULT_SITE_ID;
+import static com.formkiq.aws.services.lambda.ApiAuthorizationBuilder.COGNITO_READ_SUFFIX;
 import java.net.URISyntaxException;
 import java.util.Collection;
 import java.util.HashMap;
@@ -188,6 +189,20 @@ public void setBearerToken(final String siteId) {
     this.client.addDefaultHeader("Authorization", jwt);
   }
 
+  /**
+   * Set BearerToken.
+   * 
+   * @param siteId {@link String}
+   * @param readonly boolean
+   */
+  public void setBearerToken(final String siteId, final boolean readonly) {
+    String permission = siteId != null ? siteId : DEFAULT_SITE_ID;
+    permission = readonly ? permission + COGNITO_READ_SUFFIX : permission;
+
+    String jwt = JwtTokenEncoder.encodeCognito(new String[] {permission}, "joesmith");
+    this.client.addDefaultHeader("Authorization", jwt);
+  }
+
   /**
    * Set BearerToken.
    * 

lambda-api/src/test/java/com/formkiq/stacks/api/handler/DocumentsCompressRequestTest.java

@@ -91,19 +91,22 @@ void testHandlePostDocumentsCompress01() throws ApiException {
     // given
     for (String siteId : Arrays.asList(null, UUID.randomUUID().toString())) {
 
-      setBearerToken(siteId);
-
-      String doc1 = UUID.randomUUID().toString();
-      List<String> documentIds = Arrays.asList(doc1);
-      DocumentsCompressRequest req = new DocumentsCompressRequest().documentIds(documentIds);
-
-      // when
-      try {
-        this.documentsApi.compressDocuments(req, siteId);
-        fail();
-      } catch (ApiException e) {
-        assertEquals("{\"errors\":[{\"key\":\"documentId\",\"error\":\"Document '" + doc1
-            + "' does not exist\"}]}", e.getResponseBody());
+      for (Boolean read : Arrays.asList(Boolean.FALSE, Boolean.TRUE)) {
+
+        setBearerToken(siteId, read.booleanValue());
+
+        String doc1 = UUID.randomUUID().toString();
+        List<String> documentIds = Arrays.asList(doc1);
+        DocumentsCompressRequest req = new DocumentsCompressRequest().documentIds(documentIds);
+
+        // when
+        try {
+          this.documentsApi.compressDocuments(req, siteId);
+          fail();
+        } catch (ApiException e) {
+          assertEquals("{\"errors\":[{\"key\":\"documentId\",\"error\":\"Document '" + doc1
+              + "' does not exist\"}]}", e.getResponseBody());
+        }
       }
     }
   }

ocr/src/test/java/com/formkiq/module/ocr/pdf/PdfPortfolioTest.java

@@ -1,3 +1,26 @@
+/**
+ * MIT License
+ * 
+ * Copyright (c) 2018 - 2020 FormKiQ
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.formkiq.module.ocr.pdf;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;