Merge remote-tracking branch

'origin/issues/232_Updating_Organization_Fails_If_Binary_Exists_With_Org_Tag' into develop
highmed · Aug 19, 2021 · 698841c · 698841c
2 parents d98f751 + 08a3ffc
commit 698841c
Show file tree

Hide file tree

Showing 8 changed files with 181 additions and 35 deletions.
diff --git a/dsf-bpe/dsf-bpe-server-jetty/docker/Dockerfile b/dsf-bpe/dsf-bpe-server-jetty/docker/Dockerfile
@@ -8,7 +8,7 @@ RUN chown root:java ./ && \
 	chmod 1775 ./log ./last_event
 
 
-FROM openjdk:11-slim
+FROM openjdk:11-jre-slim
 LABEL maintainer="[email protected]"
 
 EXPOSE 8080

diff --git a/dsf-fhir/dsf-fhir-server-jetty/docker/Dockerfile b/dsf-fhir/dsf-fhir-server-jetty/docker/Dockerfile
@@ -8,7 +8,7 @@ RUN chown root:java ./ && \
 	chmod 1775 ./log
 
 
-FROM openjdk:11-slim
+FROM openjdk:11-jre-slim
 LABEL maintainer="[email protected]"
 
 EXPOSE 8080

diff --git a/...ir-server/src/main/resources/db/trigger_functions/on_organization_affiliations_insert.sql b/...ir-server/src/main/resources/db/trigger_functions/on_organization_affiliations_insert.sql
@@ -9,6 +9,13 @@ DECLARE
 BEGIN
 	PERFORM on_resources_insert(NEW.organization_affiliation_id, NEW.version, NEW.organization_affiliation);
 
+	DELETE FROM read_access
+	WHERE access_type = 'ROLE'
+	AND organization_affiliation_id = NEW.organization_affiliation_id;
+
+	GET DIAGNOSTICS delete_count = ROW_COUNT;
+	RAISE NOTICE 'Existing rows deleted from read_access for created/updated organization-affiliation: %', delete_count;
+
 	RAISE NOTICE 'NEW.organization_affiliation->>''active'' = ''%''', NEW.organization_affiliation->>'active';
 	IF (NEW.organization_affiliation->>'active' = 'true') THEN
 		consortium_identifier := jsonb_path_query(organization, '$.identifier[*] ? (@.system == "http://highmed.org/sid/organization-identifier")')->>'value'
@@ -61,12 +68,7 @@ BEGIN
 		END IF;
 
 	ELSIF (NEW.organization_affiliation->>'active' = 'false') THEN
-		DELETE FROM read_access
-		WHERE access_type = 'ROLE'
-		AND organization_affiliation_id = NEW.organization_affiliation_id;
-
-		GET DIAGNOSTICS delete_count = ROW_COUNT;
-		RAISE NOTICE 'Rows deleted from read_access: %', delete_count;
+		RAISE NOTICE 'Not inserting any entries to read_access, created/updated organization-affiliation is not active';
 	END IF;
 	RETURN NEW;
 END;

diff --git a/dsf-fhir/dsf-fhir-server/src/main/resources/db/trigger_functions/on_organizations_insert.sql b/dsf-fhir/dsf-fhir-server/src/main/resources/db/trigger_functions/on_organizations_insert.sql
@@ -10,6 +10,24 @@ DECLARE
 BEGIN
 	PERFORM on_resources_insert(NEW.organization_id, NEW.version, NEW.organization);
 
+	DELETE FROM read_access
+	WHERE access_type = 'ORGANIZATION'
+	AND organization_id = NEW.organization_id;
+
+	GET DIAGNOSTICS delete_count = ROW_COUNT;
+	RAISE NOTICE 'Existing rows deleted from read_access for created/updated organization, ORGANIZATION Tag: %', delete_count;
+
+	DELETE FROM read_access
+	WHERE access_type = 'ROLE'
+	AND organization_affiliation_id IN (
+		SELECT organization_affiliation_id FROM current_organization_affiliations 
+		WHERE NEW.organization_id = (regexp_match(organization_affiliation->'participatingOrganization'->>'reference', reference_regex))[5]::uuid
+		OR NEW.organization_id = (regexp_match(organization_affiliation->'organization'->>'reference', reference_regex))[5]::uuid
+	); 
+
+	GET DIAGNOSTICS roles_delete_count = ROW_COUNT;
+	RAISE NOTICE 'Existing rows deleted from read_access for created/updated organization, ROLE Tag: %', roles_delete_count;
+
 	RAISE NOTICE 'NEW.organization->>''active'' = ''%''', NEW.organization->>'active';
 	IF (NEW.organization->>'active' = 'true') THEN
 		INSERT INTO read_access
@@ -66,7 +84,7 @@ BEGIN
 		)
 		SELECT array_agg(resource_id) FROM temp_role_ids INTO role_ids;
 
-		RAISE NOTICE 'Rows inserted into read_access: %', organization_insert_count + array_length(role_ids, 1);
+		RAISE NOTICE 'Rows inserted into read_acces for created/updated active organization: %', organization_insert_count + array_length(role_ids, 1);
 
 		INSERT INTO read_access
 			SELECT binary_id, version, access_type, organization_id, NULL
@@ -85,23 +103,7 @@ BEGIN
 		RAISE NOTICE 'Rows inserted into read_access based on Binary.securityContext: %', binary_insert_count;
 
 	ELSIF (NEW.organization->>'active' = 'false') THEN
-		DELETE FROM read_access
-		WHERE access_type = 'ORGANIZATION'
-		AND organization_id = NEW.organization_id;
-
-		GET DIAGNOSTICS delete_count = ROW_COUNT;
-		RAISE NOTICE 'Rows deleted from read_access: %', delete_count;
-
-		DELETE FROM read_access
-		WHERE access_type = 'ROLE'
-		AND organization_affiliation_id IN (
-			SELECT organization_affiliation_id FROM current_organization_affiliations 
-			WHERE NEW.organization_id = (regexp_match(organization_affiliation->'participatingOrganization'->>'reference', reference_regex))[5]::uuid
-			OR NEW.organization_id = (regexp_match(organization_affiliation->'organization'->>'reference', reference_regex))[5]::uuid
-		); 
-
-		GET DIAGNOSTICS roles_delete_count = ROW_COUNT;
-		RAISE NOTICE 'Rows deleted from read_access based on disabled roles: %', roles_delete_count;
+		RAISE NOTICE 'Not inserting any entries to read_access, created/updated organization is not active';
 	END IF;
 	RETURN NEW;
 END;

diff --git a/dsf-fhir/dsf-fhir-server/src/main/resources/db/trigger_functions/on_resources_insert.sql b/dsf-fhir/dsf-fhir-server/src/main/resources/db/trigger_functions/on_resources_insert.sql
@@ -20,23 +20,23 @@ BEGIN
 	GET DIAGNOSTICS binary_delete_count = ROW_COUNT;
 	RAISE NOTICE 'Rows deleted from read_access based on Binary.securityContext: %', binary_delete_count;
 
-	-- add entries for ALL if tag exists
+	-- add entry for ALL if tag exists
 	IF (new_resource->'meta'->'tag' @> '[{"system":"http://highmed.org/fhir/CodeSystem/read-access-tag","code":"ALL"}]'::jsonb) THEN
 		INSERT INTO read_access
 		VALUES(new_resource_id, new_resource_version, 'ALL', NULL, NULL);
 
 		GET DIAGNOSTICS all_insert_count = ROW_COUNT;
 	END IF;
 
-	-- add entries for LOCAL if tag exists
+	-- add entry for LOCAL if tag exists
 	IF (new_resource->'meta'->'tag' @> '[{"system":"http://highmed.org/fhir/CodeSystem/read-access-tag","code":"LOCAL"}]'::jsonb) THEN
 		INSERT INTO read_access
 		VALUES(new_resource_id, new_resource_version, 'LOCAL', NULL, NULL);
 
 		GET DIAGNOSTICS local_insert_count = ROW_COUNT;
 	END IF;
 
-	-- add entries for ORGANIZATION if tag exists
+	-- add entries for ORGANIZATION if tag(s) exists
 	IF (new_resource->'meta'->'tag' @> '[{"system":"http://highmed.org/fhir/CodeSystem/read-access-tag","code":"ORGANIZATION"}]'::jsonb) THEN
 		INSERT INTO read_access 			
 		SELECT new_resource_id, new_resource_version,'ORGANIZATION', organization_id, NULL FROM (
@@ -52,7 +52,7 @@ BEGIN
 		GET DIAGNOSTICS organization_insert_count = ROW_COUNT;
 	END IF;
 
-	-- add entries for ROLE if tag exists
+	-- add entries for ROLE if tag(s) exists
 	IF (new_resource->'meta'->'tag' @> '[{"system":"http://highmed.org/fhir/CodeSystem/read-access-tag","code":"ROLE"}]'::jsonb) THEN
 		INSERT INTO read_access 			
 		SELECT new_resource_id, new_resource_version, 'ROLE', member_organization_id, organization_affiliation_id FROM (

diff --git a/dsf-fhir/dsf-fhir-server/src/test/java/org/highmed/dsf/fhir/dao/BinaryDaoTest.java b/dsf-fhir/dsf-fhir-server/src/test/java/org/highmed/dsf/fhir/dao/BinaryDaoTest.java
@@ -548,14 +548,12 @@ private void testReadAccessTriggerSecurityContextOrganization(Function<ResearchS
 		assertReadAccessEntryCount(4, 1, createdB, READ_ACCESS_TAG_VALUE_ORGANIZATION, createdOrg);
 	}
 
-
 	@Test
 	public void testReadAccessTriggerSecurityContextOrganization() throws Exception
 	{
 		testReadAccessTriggerSecurityContextOrganization(rs -> rs.getIdElement().toUnqualifiedVersionless());
 	}
 
-
 	@Test
 	public void testReadAccessTriggerSecurityContextVersionSpecificOrganization() throws Exception
 	{

diff --git a/...sf-fhir-server/src/test/java/org/highmed/dsf/fhir/dao/OrganizationAffiliationDaoTest.java b/...sf-fhir-server/src/test/java/org/highmed/dsf/fhir/dao/OrganizationAffiliationDaoTest.java
@@ -8,8 +8,12 @@
 import java.util.List;
 import java.util.UUID;
 
+import org.highmed.dsf.fhir.authorization.read.ReadAccessHelper;
+import org.highmed.dsf.fhir.authorization.read.ReadAccessHelperImpl;
+import org.highmed.dsf.fhir.dao.jdbc.BinaryDaoJdbc;
 import org.highmed.dsf.fhir.dao.jdbc.OrganizationAffiliationDaoJdbc;
 import org.highmed.dsf.fhir.dao.jdbc.OrganizationDaoJdbc;
+import org.hl7.fhir.r4.model.Binary;
 import org.hl7.fhir.r4.model.Organization;
 import org.hl7.fhir.r4.model.OrganizationAffiliation;
 import org.junit.Test;
@@ -313,4 +317,121 @@ public void testSearchWithUserFilterAfterReadAccessTriggerLocalWithRemoteUser()
 	{
 		ReadAccessDaoTest.super.testSearchWithUserFilterAfterReadAccessTriggerLocalWithRemoteUser();
 	}
+
+	@Test
+	public void testUpdateWithExistingBinary() throws Exception
+	{
+		BinaryDaoJdbc binaryDao = new BinaryDaoJdbc(defaultDataSource, permanentDeleteDataSource, fhirContext);
+		OrganizationDaoJdbc orgDao = new OrganizationDaoJdbc(defaultDataSource, permanentDeleteDataSource, fhirContext);
+
+		Organization memberOrg = new Organization();
+		memberOrg.setActive(true);
+		memberOrg.getIdentifierFirstRep().setSystem(ReadAccessHelper.ORGANIZATION_IDENTIFIER_SYSTEM)
+				.setValue("member.com");
+
+		Organization parentOrg = new Organization();
+		parentOrg.setActive(true);
+		parentOrg.getIdentifierFirstRep().setSystem(ReadAccessHelper.ORGANIZATION_IDENTIFIER_SYSTEM)
+				.setValue("parent.com");
+
+		Organization createdParentOrg = orgDao.create(parentOrg);
+		Organization createdMemberOrg = orgDao.create(memberOrg);
+
+		OrganizationAffiliation affiliation = new OrganizationAffiliation();
+		affiliation.setActive(true);
+		affiliation.getParticipatingOrganization()
+				.setReference("Organization/" + createdMemberOrg.getIdElement().getIdPart());
+		affiliation.getOrganization().setReference("Organization/" + createdParentOrg.getIdElement().getIdPart());
+		affiliation.addCode().getCodingFirstRep().setSystem("role-system").setCode("role-code");
+
+		OrganizationAffiliation createdAffiliation = dao.create(affiliation);
+
+		Binary binary = new Binary();
+		binary.setContentType("text/plain");
+		binary.setData("1234567890".getBytes());
+		new ReadAccessHelperImpl().addRole(binary, "parent.com", "role-system", "role-code");
+
+		Binary createdBinary = binaryDao.create(binary);
+		assertNotNull(createdBinary);
+
+		dao.update(createdAffiliation);
+	}
+
+	@Test
+	public void testUpdateWithExistingBinaryUpdateMemberOrg() throws Exception
+	{
+		BinaryDaoJdbc binaryDao = new BinaryDaoJdbc(defaultDataSource, permanentDeleteDataSource, fhirContext);
+		OrganizationDaoJdbc orgDao = new OrganizationDaoJdbc(defaultDataSource, permanentDeleteDataSource, fhirContext);
+
+		Organization memberOrg = new Organization();
+		memberOrg.setActive(true);
+		memberOrg.getIdentifierFirstRep().setSystem(ReadAccessHelper.ORGANIZATION_IDENTIFIER_SYSTEM)
+				.setValue("member.com");
+
+		Organization parentOrg = new Organization();
+		parentOrg.setActive(true);
+		parentOrg.getIdentifierFirstRep().setSystem(ReadAccessHelper.ORGANIZATION_IDENTIFIER_SYSTEM)
+				.setValue("parent.com");
+
+		Organization createdParentOrg = orgDao.create(parentOrg);
+		Organization createdMemberOrg = orgDao.create(memberOrg);
+
+		OrganizationAffiliation affiliation = new OrganizationAffiliation();
+		affiliation.setActive(true);
+		affiliation.getParticipatingOrganization()
+				.setReference("Organization/" + createdMemberOrg.getIdElement().getIdPart());
+		affiliation.getOrganization().setReference("Organization/" + createdParentOrg.getIdElement().getIdPart());
+		affiliation.addCode().getCodingFirstRep().setSystem("role-system").setCode("role-code");
+
+		dao.create(affiliation);
+
+		Binary binary = new Binary();
+		binary.setContentType("text/plain");
+		binary.setData("1234567890".getBytes());
+		new ReadAccessHelperImpl().addRole(binary, "parent.com", "role-system", "role-code");
+
+		Binary createdBinary = binaryDao.create(binary);
+		assertNotNull(createdBinary);
+
+		orgDao.update(createdMemberOrg);
+	}
+
+	@Test
+	public void testUpdateWithExistingBinaryUpdateParentOrg() throws Exception
+	{
+		BinaryDaoJdbc binaryDao = new BinaryDaoJdbc(defaultDataSource, permanentDeleteDataSource, fhirContext);
+		OrganizationDaoJdbc orgDao = new OrganizationDaoJdbc(defaultDataSource, permanentDeleteDataSource, fhirContext);
+
+		Organization memberOrg = new Organization();
+		memberOrg.setActive(true);
+		memberOrg.getIdentifierFirstRep().setSystem(ReadAccessHelper.ORGANIZATION_IDENTIFIER_SYSTEM)
+				.setValue("member.com");
+
+		Organization parentOrg = new Organization();
+		parentOrg.setActive(true);
+		parentOrg.getIdentifierFirstRep().setSystem(ReadAccessHelper.ORGANIZATION_IDENTIFIER_SYSTEM)
+				.setValue("parent.com");
+
+		Organization createdParentOrg = orgDao.create(parentOrg);
+		Organization createdMemberOrg = orgDao.create(memberOrg);
+
+		OrganizationAffiliation affiliation = new OrganizationAffiliation();
+		affiliation.setActive(true);
+		affiliation.getParticipatingOrganization()
+				.setReference("Organization/" + createdMemberOrg.getIdElement().getIdPart());
+		affiliation.getOrganization().setReference("Organization/" + createdParentOrg.getIdElement().getIdPart());
+		affiliation.addCode().getCodingFirstRep().setSystem("role-system").setCode("role-code");
+
+		dao.create(affiliation);
+
+		Binary binary = new Binary();
+		binary.setContentType("text/plain");
+		binary.setData("1234567890".getBytes());
+		new ReadAccessHelperImpl().addRole(binary, "parent.com", "role-system", "role-code");
+
+		Binary createdBinary = binaryDao.create(binary);
+		assertNotNull(createdBinary);
+
+		orgDao.update(createdParentOrg);
+	}
 }
diff --git a/dsf-fhir/dsf-fhir-server/src/test/java/org/highmed/dsf/fhir/dao/OrganizationDaoTest.java b/dsf-fhir/dsf-fhir-server/src/test/java/org/highmed/dsf/fhir/dao/OrganizationDaoTest.java
@@ -1,8 +1,6 @@
 package org.highmed.dsf.fhir.dao;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.*;
 
 import java.nio.charset.StandardCharsets;
 import java.sql.Connection;
@@ -14,8 +12,10 @@
 import org.apache.commons.codec.binary.Hex;
 import org.highmed.dsf.fhir.authorization.read.ReadAccessHelper;
 import org.highmed.dsf.fhir.authorization.read.ReadAccessHelperImpl;
+import org.highmed.dsf.fhir.dao.jdbc.BinaryDaoJdbc;
 import org.highmed.dsf.fhir.dao.jdbc.CodeSystemDaoJdbc;
 import org.highmed.dsf.fhir.dao.jdbc.OrganizationDaoJdbc;
+import org.hl7.fhir.r4.model.Binary;
 import org.hl7.fhir.r4.model.CodeSystem;
 import org.hl7.fhir.r4.model.Organization;
 import org.hl7.fhir.r4.model.StringType;
@@ -420,4 +420,27 @@ public void testSearchWithUserFilterAfterReadAccessTriggerLocalWithRemoteUser()
 	{
 		ReadAccessDaoTest.super.testSearchWithUserFilterAfterReadAccessTriggerLocalWithRemoteUser();
 	}
+
+	@Test
+	public void testUpdateWithExistingBinary() throws Exception
+	{
+		Organization org = new Organization();
+		org.setActive(true);
+		org.getIdentifierFirstRep().setSystem(ReadAccessHelper.ORGANIZATION_IDENTIFIER_SYSTEM)
+				.setValue("organization.com");
+
+		Organization cretedOrg = dao.create(org);
+		assertNotNull(cretedOrg);
+
+		Binary binary = new Binary();
+		binary.setContentType("text/plain");
+		binary.setData("1234567890".getBytes());
+		new ReadAccessHelperImpl().addOrganization(binary, "organization.com");
+
+		BinaryDaoJdbc binaryDao = new BinaryDaoJdbc(defaultDataSource, permanentDeleteDataSource, fhirContext);
+		Binary createdBinary = binaryDao.create(binary);
+		assertNotNull(createdBinary);
+
+		dao.update(cretedOrg);
+	}
 }