Fetch OrganizationRoleClaims from DB when feature flag enabled (#8030)

* Fetch OrganizationRoleClaims from DB when feature flag enabled * Simplify sanitizeOktaOrgRoleClaims method * Combine if statements * Clean up consolidateUser method
CDCgov · Aug 27, 2024 · 453dc84 · 453dc84
1 parent 5af4490
commit 453dc84
Show file tree

Hide file tree

Showing 14 changed files with 894 additions and 131 deletions.
diff --git a/.../java/gov/cdc/usds/simplereport/config/authorization/DemoAuthenticationConfiguration.java b/.../java/gov/cdc/usds/simplereport/config/authorization/DemoAuthenticationConfiguration.java
@@ -1,10 +1,12 @@
 package gov.cdc.usds.simplereport.config.authorization;
 
 import gov.cdc.usds.simplereport.config.BeanProfiles;
+import gov.cdc.usds.simplereport.config.FeatureFlagsConfig;
 import gov.cdc.usds.simplereport.config.simplereport.DemoUserConfiguration;
 import gov.cdc.usds.simplereport.config.simplereport.DemoUserConfiguration.DemoUser;
 import gov.cdc.usds.simplereport.idp.repository.OktaRepository;
 import gov.cdc.usds.simplereport.service.AuthorizationService;
+import gov.cdc.usds.simplereport.service.DbOrgRoleClaimsService;
 import gov.cdc.usds.simplereport.service.model.IdentityAttributes;
 import gov.cdc.usds.simplereport.service.model.IdentitySupplier;
 import jakarta.servlet.Filter;
@@ -86,8 +88,11 @@ public FilterRegistrationBean<Filter> identityFilter() {
   public AuthorizationService getDemoAuthorizationService(
       OktaRepository oktaRepo,
       IdentitySupplier supplier,
-      DemoUserConfiguration demoUserConfiguration) {
-    return new DemoAuthorizationService(oktaRepo, supplier, demoUserConfiguration);
+      DemoUserConfiguration demoUserConfiguration,
+      DbOrgRoleClaimsService dbOrgRoleClaimsService,
+      FeatureFlagsConfig featureFlagsConfig) {
+    return new DemoAuthorizationService(
+        oktaRepo, supplier, demoUserConfiguration, dbOrgRoleClaimsService, featureFlagsConfig);
   }
 
   @Bean
@@ -149,14 +154,20 @@ public static class DemoAuthorizationService implements AuthorizationService {
     private final IdentitySupplier _getCurrentUser;
     private final OktaRepository _oktaRepo;
     private final Set<String> _adminGroupMemberSet;
+    private final DbOrgRoleClaimsService _dbOrgRoleClaimsService;
+    private final FeatureFlagsConfig _featureFlagsConfig;
 
     public DemoAuthorizationService(
         OktaRepository oktaRepo,
         IdentitySupplier getCurrent,
-        DemoUserConfiguration demoUserConfiguration) {
+        DemoUserConfiguration demoUserConfiguration,
+        DbOrgRoleClaimsService dbOrgRoleClaimsService,
+        FeatureFlagsConfig featureFlagsConfig) {
       super();
       this._getCurrentUser = getCurrent;
       this._oktaRepo = oktaRepo;
+      this._dbOrgRoleClaimsService = dbOrgRoleClaimsService;
+      this._featureFlagsConfig = featureFlagsConfig;
 
       _adminGroupMemberSet =
           demoUserConfiguration.getSiteAdminEmails().stream()
@@ -168,7 +179,14 @@ public List<OrganizationRoleClaims> findAllOrganizationRoles() {
       String username = Optional.ofNullable(_getCurrentUser.get()).orElseThrow().getUsername();
       Optional<OrganizationRoleClaims> claims =
           _oktaRepo.getOrganizationRoleClaimsForUser(username);
-      return claims.isEmpty() ? List.of() : List.of(claims.get());
+      List<OrganizationRoleClaims> oktaOrgRoleClaims =
+          claims.isEmpty() ? List.of() : List.of(claims.get());
+      if (!isSiteAdmin() && _featureFlagsConfig.isOktaMigrationEnabled()) {
+        List<OrganizationRoleClaims> dbOrgRoleClaims =
+            _dbOrgRoleClaimsService.getOrganizationRoleClaims(username);
+        return dbOrgRoleClaims;
+      }
+      return oktaOrgRoleClaims;
     }
 
     @Override

diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/db/model/ApiUser.java b/backend/src/main/java/gov/cdc/usds/simplereport/db/model/ApiUser.java
@@ -87,6 +87,12 @@ public void setRoles(Set<OrganizationRole> newOrgRoles, Organization org) {
     }
   }
 
+  public Set<Organization> getOrganizations() {
+    return this.roleAssignments.stream()
+        .map(ApiUserRole::getOrganization)
+        .collect(Collectors.toSet());
+  }
+
   public ApiUser clearRolesAndFacilities() {
     this.roleAssignments.clear();
     this.facilityAssignments.clear();

diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/db/model/ApiUserRole.java b/backend/src/main/java/gov/cdc/usds/simplereport/db/model/ApiUserRole.java
@@ -20,6 +20,7 @@ public class ApiUserRole extends AuditedEntity {
 
   @ManyToOne
   @JoinColumn(name = "organization_id", nullable = false)
+  @Getter
   private Organization organization;
 
   @Column(nullable = false, columnDefinition = "organization_role")