fix: validation on the controller, not the interface is illegal

also changed the tests so we have at least one test for that controller
HangarMC · Dec 20, 2023 · 23a2559 · 23a2559
1 parent ace9793
commit 23a2559
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/backend/src/main/java/io/papermc/hangar/controller/api/v1/PermissionsController.java b/backend/src/main/java/io/papermc/hangar/controller/api/v1/PermissionsController.java
@@ -11,7 +11,6 @@
 import io.papermc.hangar.security.annotations.Anyone;
 import io.papermc.hangar.security.annotations.ratelimit.RateLimit;
 import io.papermc.hangar.service.PermissionService;
-import jakarta.validation.constraints.Size;
 import java.util.Collection;
 import java.util.Set;
 import java.util.function.BiPredicate;
@@ -35,7 +34,7 @@ public PermissionsController(final PermissionService permissionService) {
     }
 
     @Override
-    public ResponseEntity<PermissionCheck> hasAllPermissions(final @Size(max = 50) Set<NamedPermission> permissions, final String slug, final String organization) {
+    public ResponseEntity<PermissionCheck> hasAllPermissions(final Set<NamedPermission> permissions, final String slug, final String organization) {
         return this.has(permissions, slug, organization, (namedPerms, perm) -> namedPerms.stream().allMatch(p -> perm.has(p.getPermission())));
     }
 

diff --git a/.../src/main/java/io/papermc/hangar/controller/api/v1/interfaces/IPermissionsController.java b/.../src/main/java/io/papermc/hangar/controller/api/v1/interfaces/IPermissionsController.java
@@ -9,6 +9,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.validation.constraints.Size;
 import java.util.Set;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -34,7 +35,7 @@ public interface IPermissionsController {
         @ApiResponse(responseCode = "401", description = "Api session missing, invalid or expired")
     })
     @GetMapping("/permissions/hasAll")
-    ResponseEntity<PermissionCheck> hasAllPermissions(@Parameter(description = "The permissions to check", required = true) @RequestParam Set<NamedPermission> permissions,
+    ResponseEntity<PermissionCheck> hasAllPermissions(@Parameter(description = "The permissions to check", required = true) @RequestParam @Size(max = 50) Set<NamedPermission> permissions,
                                                       @Parameter(description = "The project slug of the project to check permissions in. Must not be used together with `organizationName`") @RequestParam(required = false) String slug,
                                                       @Parameter(description = "The organization to check permissions in. Must not be used together with `projectOwner` and `projectSlug`") @RequestParam(required = false) String organization
     );

diff --git a/backend/src/test/java/io/papermc/hangar/controller/api/v1/PermissionsControllerTest.java b/backend/src/test/java/io/papermc/hangar/controller/api/v1/PermissionsControllerTest.java
@@ -8,7 +8,6 @@
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
 
-@Disabled //TODO fix wtf is going on here
 class PermissionsControllerTest extends ControllerTest {
 
     @Test
@@ -19,41 +18,47 @@ void testHasAllWithProjectOnly() throws Exception {
     }
 
     @Test
+    @Disabled //TODO fix wtf is going on here
     void testHasAllWithAll() throws Exception {
         this.mockMvc.perform(get("/api/v1/permissions/hasAll?permissions=create_organization&permissions=create_project")
                 .with(this.apiKey(TestData.KEY_ALL)))
             .andExpect(jsonPath("$.result").value(true));
     }
 
     @Test
+    @Disabled //TODO fix wtf is going on here
     void testHasAnyWithProjectOnly() throws Exception {
         this.mockMvc.perform(get("/api/v1/permissions/hasAny?permissions=create_organization&permissions=create_project")
                 .with(this.apiKey(TestData.KEY_PROJECT_ONLY)))
             .andExpect(jsonPath("$.result").value(true));
     }
 
     @Test
+    @Disabled //TODO fix wtf is going on here
     void testHasAnyWithAll() throws Exception {
         this.mockMvc.perform(get("/api/v1/permissions/hasAny?permissions=create_organization&permissions=create_project")
                 .with(this.apiKey(TestData.KEY_ALL)))
             .andExpect(jsonPath("$.result").value(true));
     }
 
     @Test
+    @Disabled //TODO fix wtf is going on here
     void testHiddenProjectSeeHidden() throws Exception {
         this.mockMvc.perform(get("/api/v1/permissions?slug=" + TestData.PROJECT.getSlug())
                 .with(this.apiKey(TestData.KEY_SEE_HIDDEN)))
             .andExpect(jsonPath("$.permissionBinString").value("10000000000000000000000000"));
     }
 
     @Test
+    @Disabled //TODO fix wtf is going on here
     void testHiddenProjectProjectOnly() throws Exception {
         this.mockMvc.perform(get("/api/v1/permissions?slug=" + TestData.PROJECT.getSlug())
                 .with(this.apiKey(TestData.KEY_PROJECT_ONLY)))
             .andExpect(jsonPath("$.permissionBinString").value("100000000"));
     }
 
     @Test
+    @Disabled //TODO fix wtf is going on here
     void testHiddenProjectOrganizationOnly() throws Exception {
         this.mockMvc.perform(get("/api/v1/permissions?organization=" + TestData.ORG.getName())
                 .with(this.apiKey(TestData.KEY_PROJECT_ONLY)))