ACS-9178 Add REST API for deauthorizing (#3169)

* ACS-9178 Set peopleEntityResource bean id * ACS-9178 Add the 'deauthorizeUser' operation * ACS-9178 Add 'deauthorizeUser' to Rest API * ACS-9178 Add test * ACS-9178 Fix PMD * ACS-9178 Fix deauthorize API tests --------- Co-authored-by: Gerard Olenski <gerard.olenski@hyland.com>
2025-07-24 17:32:48 +00:00 · 2025-01-30 11:07:57 +01:00
parent 6804d5e288
commit 733e232e42
4 changed files with 299 additions and 236 deletions
--- a/packaging/tests/tas-restapi/src/main/java/org/alfresco/rest/requests/People.java
+++ b/packaging/tests/tas-restapi/src/main/java/org/alfresco/rest/requests/People.java
@@ -437,6 +437,15 @@ public class People extends ModelRequest<People>
        restWrapper.processEmptyModel(request);
    }

+    /**
+     * Deauthorize a user
+     */
+    public void deauthorizeUser()
+    {
+        RestRequest request = RestRequest.simpleRequest(HttpMethod.POST, "people/{personId}/deauthorize", this.person.getUsername(), restWrapper.getParameters());
+        restWrapper.processEmptyModel(request);
+    }
+
    /**
     * Update avatar image PUT call on 'people/{nodeId}/children
     */
--- a/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/people/deauthorization/community/DeauthorizeSanityTests.java
+++ b/packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/people/deauthorization/community/DeauthorizeSanityTests.java
@@ -0,0 +1,40 @@
+package org.alfresco.rest.people.deauthorization.community;
+
+import org.springframework.http.HttpStatus;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+import org.alfresco.rest.RestTest;
+import org.alfresco.utility.model.TestGroup;
+import org.alfresco.utility.model.UserModel;
+import org.alfresco.utility.testrail.ExecutionType;
+import org.alfresco.utility.testrail.annotation.TestRail;
+
+/**
+ * Verifies API behavior in community edition. Should be excluded in enterprise edition.
+ */
+@Test
+public class DeauthorizeSanityTests extends RestTest
+{
+    private UserModel userModel;
+    private UserModel adminUser;
+
+    @BeforeClass(alwaysRun = true)
+    public void dataPreparation()
+    {
+        adminUser = dataUser.getAdminUser();
+        userModel = dataUser.createRandomTestUser();
+    }
+
+    @Test(groups = {TestGroup.REST_API, TestGroup.PEOPLE, TestGroup.SANITY})
+    @TestRail(section = {TestGroup.REST_API, TestGroup.PEOPLE}, executionType = ExecutionType.SANITY,
+            description = "Check if de-authorization is not implemented in Community Edition")
+    public void deauthorizationIsNotImplementedInCommunityEdition()
+    {
+        restClient.authenticateUser(adminUser).withCoreAPI().usingUser(userModel).deauthorizeUser();
+        restClient.assertStatusCodeIs(HttpStatus.NOT_IMPLEMENTED);
+
+        restClient.authenticateUser(userModel).withCoreAPI().usingUser(userModel).deauthorizeUser();
+        restClient.assertStatusCodeIs(HttpStatus.NOT_IMPLEMENTED);
+    }
+}
--- a/remote-api/src/main/java/org/alfresco/rest/api/people/PeopleEntityResource.java
+++ b/remote-api/src/main/java/org/alfresco/rest/api/people/PeopleEntityResource.java
@@ -2,7 +2,7 @@
 * #%L
 * Alfresco Remote API
 * %%
- * Copyright (C) 2005 - 2023 Alfresco Software Limited
+ * Copyright (C) 2005 - 2025 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
@@ -28,9 +28,10 @@ package org.alfresco.rest.api.people;
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.List;
-
 import jakarta.servlet.http.HttpServletResponse;

+import org.springframework.beans.factory.InitializingBean;
+
 import org.alfresco.model.ContentModel;
 import org.alfresco.rest.api.People;
 import org.alfresco.rest.api.model.Client;
@@ -53,9 +54,6 @@ import org.alfresco.rest.framework.resource.parameters.CollectionWithPagingInfo;
 import org.alfresco.rest.framework.resource.parameters.Parameters;
 import org.alfresco.rest.framework.webscripts.WithResponse;
 import org.alfresco.util.PropertyCheck;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.beans.factory.InitializingBean;

 /**
 * An implementation of an Entity Resource for a Person
@@ -63,14 +61,12 @@ import org.springframework.beans.factory.InitializingBean;
 * @author sglover
 * @author Gethin James
 */
-@EntityResource(name="people", title = "People")
+@EntityResource(name = "people", title = "People")
 public class PeopleEntityResource implements EntityResourceAction.ReadById<Person>, EntityResourceAction.Create<Person>,
-        EntityResourceAction.Update<Person>,EntityResourceAction.Read<Person>,
+        EntityResourceAction.Update<Person>, EntityResourceAction.Read<Person>,

        BinaryResourceAction.Read, BinaryResourceAction.Update<Person>, BinaryResourceAction.Delete, InitializingBean
 {
-    private static Log logger = LogFactory.getLog(PeopleEntityResource.class);
-    
    private People people;

    public void setPeople(People people)
@@ -99,9 +95,9 @@ public class PeopleEntityResource implements EntityResourceAction.ReadById<Perso
    }

    @Override
-    @WebApiDescription(title="Create person", description="Create a person")
-    @WebApiParam(name="persons", title="A single person", description="A single person, multiple people are not supported.",
-            kind= ResourceParameter.KIND.HTTP_BODY_OBJECT, allowMultiple=false, required = true)
+    @WebApiDescription(title = "Create person", description = "Create a person")
+    @WebApiParam(name = "persons", title = "A single person", description = "A single person, multiple people are not supported.",
+            kind = ResourceParameter.KIND.HTTP_BODY_OBJECT, allowMultiple = false, required = true)
    public List<Person> create(List<Person> persons, Parameters parameters)
    {
        Person p = persons.get(0);
@@ -114,7 +110,7 @@ public class PeopleEntityResource implements EntityResourceAction.ReadById<Perso
    }

    @Override
-    @WebApiDescription(title="Update person", description="Update the given person's details")
+    @WebApiDescription(title = "Update person", description = "Update the given person's details")
    public Person update(String personId, Person person, Parameters parameters)
    {
        if (person.wasSet(ContentModel.PROP_USERNAME))
@@ -186,7 +182,8 @@ public class PeopleEntityResource implements EntityResourceAction.ReadById<Perso
     * Download avatar image content
     *
     * @param personId
-     * @param parameters {@link Parameters}
+     * @param parameters
+     *            {@link Parameters}
     * @return
     * @throws EntityNotFoundException
     */
@@ -202,8 +199,10 @@ public class PeopleEntityResource implements EntityResourceAction.ReadById<Perso
     * Upload avatar image content
     *
     * @param personId
-     * @param contentInfo Basic information about the content stream
-     * @param stream An inputstream
+     * @param contentInfo
+     *            Basic information about the content stream
+     * @param stream
+     *            An inputstream
     * @param parameters
     * @return
     */
@@ -224,11 +223,26 @@ public class PeopleEntityResource implements EntityResourceAction.ReadById<Perso
     */
    @Override
    @WebApiDescription(title = "Delete avatar image", description = "Delete avatar image")
-    @BinaryProperties({ "avatar" })
+    @BinaryProperties({"avatar"})
    public void deleteProperty(String personId, Parameters parameters)
    {
        people.deleteAvatarContent(personId);
    }

-
+    /**
+     * De-authorize user
+     *
+     * Not currently supported in community edition.
+     * 
+     * @param personId
+     * @param body
+     * @param parameters
+     * @param withResponse
+     */
+    @Operation("deauthorize")
+    @WebApiDescription(title = "De-authorize user", description = "Performs user de-authorization", successStatus = HttpServletResponse.SC_NOT_IMPLEMENTED)
+    public void deauthorizeUser(String personId, Void body, Parameters parameters, WithResponse withResponse)
+    {
+        // functionality is not implemented in community edition
+    }
 }
--- a/remote-api/src/main/resources/alfresco/public-rest-context.xml
+++ b/remote-api/src/main/resources/alfresco/public-rest-context.xml
@@ -1116,7 +1116,7 @@
        <property name="siteMembershipRequests" ref="SiteMembershipRequests" />
    </bean>

-    <bean class="org.alfresco.rest.api.people.PeopleEntityResource">
+    <bean id="peopleEntityResource" class="org.alfresco.rest.api.people.PeopleEntityResource">
        <property name="people" ref="People" />
    </bean>