Merge pull request #236 from InseeFr/fix/allow-put-su-from-surveyunit

fix: allow put su from surveyunit
InseeFr · Apr 8, 2024 · 46aef0d · 46aef0d
2 parents 3927a36 + 46c593e
commit 46aef0d
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 15 deletions.
diff --git a/pom.xml b/pom.xml
@@ -10,7 +10,7 @@
     <description>Modules for queen back-office</description>
 
     <properties>
-        <revision>4.2.5</revision>
+        <revision>4.2.6</revision>
         <changelist></changelist>
         <java.version>21</java.version>
         <maven.compiler.source>21</maven.compiler.source>

diff --git a/.../src/main/java/fr/insee/queen/application/surveyunit/controller/SurveyUnitController.java b/.../src/main/java/fr/insee/queen/application/surveyunit/controller/SurveyUnitController.java
@@ -70,10 +70,10 @@ public SurveyUnitDto getSurveyUnitById(@IdValid @PathVariable(value = "id") Stri
      */
     @Operation(summary = "Update survey-unit")
     @PutMapping(path = {"/survey-unit/{id}"})
-    @PreAuthorize(AuthorityPrivileges.HAS_INTERVIEWER_PRIVILEGES)
+    @PreAuthorize(AuthorityPrivileges.HAS_USER_PRIVILEGES)
     public void updateSurveyUnitById(@IdValid @PathVariable(value = "id") String surveyUnitId,
                                      @Valid @RequestBody SurveyUnitUpdateInput surveyUnitUpdateInput) {
-        pilotageComponent.checkHabilitations(surveyUnitId, PilotageRole.INTERVIEWER);
+        pilotageComponent.checkHabilitations(surveyUnitId, PilotageRole.INTERVIEWER, PilotageRole.REVIEWER);
         SurveyUnit surveyUnit = SurveyUnitUpdateInput.toModel(surveyUnitId, surveyUnitUpdateInput);
         surveyUnitService.updateSurveyUnit(surveyUnit);
     }

diff --git a/...tion/src/test/java/fr/insee/queen/application/surveyunit/integration/SurveyUnitTests.java b/...tion/src/test/java/fr/insee/queen/application/surveyunit/integration/SurveyUnitTests.java
@@ -128,7 +128,7 @@ void on_update_with_put_survey_unit_then_survey_unit_is_saved() throws Exception
                         .accept(MediaType.APPLICATION_JSON)
                         .contentType(MediaType.APPLICATION_JSON)
                         .content(surveyUnitDataUpdated)
-                        .with(authentication(authenticatedUserTestHelper.getAuthenticatedUser(AuthorityRoleEnum.INTERVIEWER)))
+                        .with(authentication(authenticatedUserTestHelper.getAuthenticatedUser(AuthorityRoleEnum.SURVEY_UNIT)))
                 )
                 .andExpect(status().isOk());
 
@@ -324,17 +324,6 @@ void when_authenticated_non_admin_user_access_admin_endpoints_return_403() throw
                 .andExpect(status().isForbidden());
     }
 
-    @Test
-    void when_non_interviewer_update_surveyunit_return_403() throws Exception {
-        mockMvc.perform(put("/api/survey-unit/11")
-                        .accept(MediaType.APPLICATION_JSON)
-                        .contentType(MediaType.APPLICATION_JSON)
-                        .content(surveyUnitData)
-                        .with(authentication(authenticatedUserTestHelper.getNonInterviewerUser()))
-                )
-                .andExpect(status().isForbidden());
-    }
-
     @Test
     void when_user_update_surveyunit_data_state_data_return_200() throws Exception {
         String surveyUnitDataStateData = """