-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
178 additions
and
0 deletions.
There are no files selected for viewing
11 changes: 11 additions & 0 deletions
11
src/main/java/org/highmed/numportal/domain/dto/QueryDto.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| package org.highmed.numportal.domain.dto; | ||
|
|
||
| import io.swagger.v3.oas.annotations.media.Schema; | ||
| import jakarta.validation.constraints.NotNull; | ||
| import lombok.Data; | ||
|
|
||
| @Data | ||
| @Schema | ||
| public class QueryDto { | ||
| @NotNull private String aql; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
src/main/java/org/highmed/numportal/web/controller/QueryController.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| package org.highmed.numportal.web.controller; | ||
|
|
||
| import io.swagger.v3.oas.annotations.Operation; | ||
| import io.swagger.v3.oas.annotations.security.SecurityRequirement; | ||
| import jakarta.validation.Valid; | ||
| import lombok.AllArgsConstructor; | ||
| import org.ehrbase.openehr.sdk.response.dto.QueryResponseData; | ||
| import org.highmed.numportal.domain.dto.QueryDto; | ||
| import org.highmed.numportal.service.ehrbase.EhrBaseService; | ||
| import org.highmed.numportal.web.config.Role; | ||
| import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; | ||
| import org.springframework.http.ResponseEntity; | ||
| import org.springframework.security.access.prepost.PreAuthorize; | ||
| import org.springframework.web.bind.annotation.PostMapping; | ||
| import org.springframework.web.bind.annotation.RequestBody; | ||
| import org.springframework.web.bind.annotation.RequestMapping; | ||
| import org.springframework.web.bind.annotation.RestController; | ||
|
|
||
| @RestController | ||
| @AllArgsConstructor | ||
| @RequestMapping(value = "/query", produces = "application/json") | ||
| @SecurityRequirement(name = "security_auth") | ||
| @ConditionalOnProperty(value = "feature.search-with-aql", havingValue = "true") | ||
| public class QueryController { | ||
|
|
||
| private final EhrBaseService ehrBaseService; | ||
|
|
||
| @PostMapping("execute") | ||
| @Operation(description = "Executes an AQL query") | ||
| @PreAuthorize(Role.MANAGER) | ||
| public ResponseEntity<QueryResponseData> execute( | ||
| @RequestBody @Valid QueryDto queryDto) { | ||
| return ResponseEntity.ok( | ||
| ehrBaseService.executePlainQuery(queryDto.getAql()) | ||
| ); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -107,3 +107,4 @@ user-service: | |
| delete-users-cron: 0 0 5 * * * | ||
|
|
||
| feature: | ||
| search-with-aql: false | ||
52 changes: 52 additions & 0 deletions
52
...java/org/highmed/numportal/integrationtesting/tests/QueryControllerFeatureDisabledIT.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| package org.highmed.numportal.integrationtesting.tests; | ||
|
|
||
| import com.fasterxml.jackson.databind.ObjectMapper; | ||
| import lombok.SneakyThrows; | ||
| import org.highmed.numportal.domain.dto.QueryDto; | ||
| import org.highmed.numportal.integrationtesting.security.WithMockNumUser; | ||
| import org.junit.Test; | ||
| import org.springframework.beans.factory.annotation.Autowired; | ||
| import org.springframework.http.MediaType; | ||
| import org.springframework.test.context.TestPropertySource; | ||
| import org.springframework.test.web.servlet.MockMvc; | ||
|
|
||
| import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf; | ||
| import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; | ||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||
|
|
||
| @TestPropertySource(properties = """ | ||
| feature.search-with-aql = false | ||
| """) | ||
| public class QueryControllerFeatureDisabledIT extends IntegrationTest { | ||
|
|
||
| @Autowired | ||
| public MockMvc mockMvc; | ||
|
|
||
| private static final String PATH = "/query/execute"; | ||
| @Autowired | ||
| private ObjectMapper mapper; | ||
|
|
||
| @Test | ||
| @SneakyThrows | ||
| @WithMockNumUser(roles = {"MANAGER"}) | ||
| public void execute() { | ||
| QueryDto queryDto = new QueryDto(); | ||
|
|
||
| mockMvc.perform(post(PATH).with(csrf()) | ||
| .contentType(MediaType.APPLICATION_JSON) | ||
| .content(mapper.writeValueAsString(queryDto)) | ||
| ).andExpect(status().isNotFound()); | ||
| } | ||
|
|
||
| @Test | ||
| @SneakyThrows | ||
| @WithMockNumUser() | ||
| public void executeAsNonAuthorizedUser() { | ||
| QueryDto queryDto = new QueryDto(); | ||
|
|
||
| mockMvc.perform(post(PATH).with(csrf()) | ||
| .contentType(MediaType.APPLICATION_JSON) | ||
| .content(mapper.writeValueAsString(queryDto)) | ||
| ).andExpect(status().isNotFound()); | ||
| } | ||
| } |
75 changes: 75 additions & 0 deletions
75
src/test/java/org/highmed/numportal/integrationtesting/tests/QueryControllerIT.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| package org.highmed.numportal.integrationtesting.tests; | ||
|
|
||
| import com.fasterxml.jackson.databind.ObjectMapper; | ||
| import lombok.SneakyThrows; | ||
| import org.ehrbase.openehr.sdk.response.dto.QueryResponseData; | ||
| import org.highmed.numportal.domain.dto.QueryDto; | ||
| import org.highmed.numportal.integrationtesting.security.WithMockNumUser; | ||
| import org.junit.Test; | ||
| import org.mockserver.model.HttpRequest; | ||
| import org.mockserver.model.HttpResponse; | ||
| import org.mockserver.model.HttpStatusCode; | ||
| import org.mockserver.model.StringBody; | ||
| import org.springframework.beans.factory.annotation.Autowired; | ||
| import org.springframework.http.MediaType; | ||
| import org.springframework.test.context.TestPropertySource; | ||
| import org.springframework.test.web.servlet.MockMvc; | ||
|
|
||
| import java.nio.charset.StandardCharsets; | ||
|
|
||
| import static org.hamcrest.MatcherAssert.assertThat; | ||
| import static org.hamcrest.Matchers.equalTo; | ||
| import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf; | ||
| import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; | ||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||
|
|
||
| @TestPropertySource(properties = """ | ||
| feature.search-with-aql = true | ||
| """) | ||
| public class QueryControllerIT extends IntegrationTest { | ||
|
|
||
| @Autowired | ||
| public MockMvc mockMvc; | ||
|
|
||
| private static final String PATH = "/query/execute"; | ||
|
|
||
| @Autowired | ||
| private ObjectMapper mapper; | ||
|
|
||
| @Test | ||
| @SneakyThrows | ||
| @WithMockNumUser(roles = {"MANAGER"}) | ||
| public void execute() { | ||
| var query = "SELECT *"; | ||
| QueryDto queryDto = new QueryDto(); | ||
| queryDto.setAql(query); | ||
| QueryResponseData queryResponseData = new QueryResponseData(); | ||
| var expectedResult = mapper.writeValueAsString(queryResponseData); | ||
|
|
||
| ehrClient | ||
| .when(HttpRequest.request().withMethod("POST").withPath("/ehrbase/rest/openehr/v1/query/aql/").withBody(StringBody.subString(query, StandardCharsets.UTF_8))) | ||
| .respond(HttpResponse.response().withStatusCode(HttpStatusCode.OK_200.code()).withBody(expectedResult, org.mockserver.model.MediaType.JSON_UTF_8)); | ||
|
|
||
| var result = mockMvc.perform(post(PATH).with(csrf()) | ||
| .contentType(MediaType.APPLICATION_JSON) | ||
| .content(mapper.writeValueAsString(queryDto)) | ||
| ).andExpect(status().isOk()) | ||
| .andReturn(); | ||
|
|
||
| assertThat(result.getResponse().getContentAsString(), equalTo(expectedResult)); | ||
| } | ||
|
|
||
| @Test | ||
| @SneakyThrows | ||
| @WithMockNumUser() | ||
| public void executeAsNonAuthorizedUser() { | ||
| var query = "SELECT *"; | ||
| QueryDto queryDto = new QueryDto(); | ||
| queryDto.setAql(query); | ||
|
|
||
| mockMvc.perform(post(PATH).with(csrf()) | ||
| .contentType(MediaType.APPLICATION_JSON) | ||
| .content(mapper.writeValueAsString(queryDto)) | ||
| ).andExpect(status().isForbidden()); | ||
| } | ||
| } |