From bfcabf465e397845d52816722596915368f23179 Mon Sep 17 00:00:00 2001 From: HelaKaraa Date: Thu, 5 Sep 2024 14:54:31 +0200 Subject: [PATCH 1/6] feat #740: filter personal team if tenant's subscriptionSecurity is activated. --- daikoku/app/controllers/ApiController.scala | 11 +++++++++-- daikoku/app/domain/CommonServices.scala | 10 +++++++++- daikoku/app/storage/api.scala | 16 ++++++++++++++-- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/daikoku/app/controllers/ApiController.scala b/daikoku/app/controllers/ApiController.scala index 7e20ef0ea..9e23e432d 100644 --- a/daikoku/app/controllers/ApiController.scala +++ b/daikoku/app/controllers/ApiController.scala @@ -3309,14 +3309,21 @@ class ApiController( val teamUsersFilter = if (ctx.user.isDaikokuAdmin) Json.obj() else Json.obj("users.userId" -> ctx.user.id.value) - + val typeFilter = if (ctx.tenant.subscriptionSecurity.isDefined + && ctx.tenant.subscriptionSecurity.exists(identity)) { + Json.obj( + "type" -> Json.obj("$in" -> Json.arr(TeamType.Admin.name, TeamType.Organization.name)) + ) + } else { + Json.obj() + } for { myTeams <- env.dataStore.teamRepo.myTeams(ctx.tenant, ctx.user) teams <- env.dataStore.teamRepo .forTenant(ctx.tenant.id) .findNotDeleted( - Json.obj("name" -> searchAsRegex) ++ teamUsersFilter, + Json.obj("name" -> searchAsRegex) ++ teamUsersFilter ++ typeFilter, 5, Json.obj("name" -> 1).some ) diff --git a/daikoku/app/domain/CommonServices.scala b/daikoku/app/domain/CommonServices.scala index 9c0b03ccb..72b4d3b6f 100644 --- a/daikoku/app/domain/CommonServices.scala +++ b/daikoku/app/domain/CommonServices.scala @@ -673,6 +673,14 @@ object CommonServices { _TenantAdminAccessTenant( AuditTrailEvent("@{user.name} has accessed to all teams list") )(ctx) { + val typeFilter = if (ctx.tenant.subscriptionSecurity.isDefined + && ctx.tenant.subscriptionSecurity.exists(identity)) { + Json.obj( + "type" -> Json.obj("$in" -> Json.arr(TeamType.Admin.name, TeamType.Organization.name)) + ) + } else { + Json.obj() + } for { teams <- env.dataStore.teamRepo @@ -681,7 +689,7 @@ object CommonServices { Json.obj( "_deleted" -> false, "name" -> Json.obj("$regex" -> research) - ), + )++ typeFilter, offset, limit, Some(Json.obj("_humanReadableId" -> 1)) diff --git a/daikoku/app/storage/api.scala b/daikoku/app/storage/api.scala index fa054245f..d9f717ef4 100644 --- a/daikoku/app/storage/api.scala +++ b/daikoku/app/storage/api.scala @@ -400,15 +400,27 @@ trait TeamRepo extends TenantCapableRepo[Team, TeamId] { env: Env, ec: ExecutionContext ): Future[Seq[Team]] = { + val typeFilter = if (tenant.subscriptionSecurity.isDefined + && tenant.subscriptionSecurity.exists(identity)) { + Json.obj( + "type" -> Json.obj("$in" -> Json.arr(TeamType.Admin.name, TeamType.Organization.name)) + ) + } else { + Json.obj() + } if (user.isDaikokuAdmin) { env.dataStore.teamRepo .forTenant(tenant.id) - .findAllNotDeleted() + .findNotDeleted( + typeFilter + ) + + } else { env.dataStore.teamRepo .forTenant(tenant.id) .findNotDeleted( - Json.obj("users.userId" -> user.id.value) + Json.obj("users.userId" -> user.id.value) ++ typeFilter ) } } From 0bedcca33c08d43e4234f9ac266bbd5745c1535f Mon Sep 17 00:00:00 2001 From: HelaKaraa Date: Tue, 10 Sep 2024 15:28:08 +0200 Subject: [PATCH 2/6] feat #740: playwright + add filter to myTeams --- daikoku/app/domain/CommonServices.scala | 16 +++++++++++++--- daikoku/javascript/tests/completeJourney.spec.ts | 2 +- daikoku/javascript/tests/connectedUser.spec.ts | 2 +- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/daikoku/app/domain/CommonServices.scala b/daikoku/app/domain/CommonServices.scala index 72b4d3b6f..210ee934d 100644 --- a/daikoku/app/domain/CommonServices.scala +++ b/daikoku/app/domain/CommonServices.scala @@ -648,19 +648,29 @@ object CommonServices { env: Env, ec: ExecutionContext ) = { + + val typeFilter = if (ctx.tenant.subscriptionSecurity.isDefined + && ctx.tenant.subscriptionSecurity.exists(identity)) { + Json.obj( + "type" -> Json.obj("$ne" ->TeamType.Personal.name) + ) + } else { + Json.obj() + } _UberPublicUserAccess( AuditTrailEvent("@{user.name} has accessed his team list") )(ctx) { (if (ctx.user.isDaikokuAdmin) env.dataStore.teamRepo .forTenant(ctx.tenant) - .findAllNotDeleted() + .findNotDeleted(typeFilter) else env.dataStore.teamRepo .forTenant(ctx.tenant) - .findNotDeleted(Json.obj("users.userId" -> ctx.user.id.value))) + .findNotDeleted(Json.obj("users.userId" -> ctx.user.id.value) ++ typeFilter)) .map(teams => - teams.sortWith((a, b) => a.name.compareToIgnoreCase(b.name) < 0) + teams + .sortWith((a, b) => a.name.compareToIgnoreCase(b.name) < 0) ) } } diff --git a/daikoku/javascript/tests/completeJourney.spec.ts b/daikoku/javascript/tests/completeJourney.spec.ts index 34f768528..dbd0beca1 100644 --- a/daikoku/javascript/tests/completeJourney.spec.ts +++ b/daikoku/javascript/tests/completeJourney.spec.ts @@ -41,7 +41,7 @@ test('test a complete user journey', async ({ page }) => { //create a new API await page.locator('div:nth-child(4) > .notification-link').first().click(); await page.locator('span').filter({ hasText: 'API' }).first().click(); - await page.locator('div').filter({ hasText: /^The A team$/ }).click(); + await page.locator('div').filter({ hasText: /^The A team$/ }).nth(1).click(); await page.getByRole('button', { name: 'Published' }).click(); await page.getByPlaceholder('New Api').fill('Test API'); diff --git a/daikoku/javascript/tests/connectedUser.spec.ts b/daikoku/javascript/tests/connectedUser.spec.ts index fb7a97cca..84616a535 100644 --- a/daikoku/javascript/tests/connectedUser.spec.ts +++ b/daikoku/javascript/tests/connectedUser.spec.ts @@ -463,7 +463,7 @@ test('do search', async ({ page, request }) => { await expect(page.locator('.navbar-panel.opened .block__entry__link')).toHaveCount(1) await expect(page.getByRole('link', { name: 'Testers' })).toBeVisible(); await page.getByRole('link', { name: 'Testers' }).click(); - await expect(page.getByRole('heading', { name: 'In progress demands' })).toBeVisible(); + await expect(page.getByRole('heading', { name: 'My Pending Requests' })).toBeVisible(); //search an API await page.locator('.notification-link').first().click(); From 1fcf48a61c33ffc53aa3ae6d3182d01fd9434326 Mon Sep 17 00:00:00 2001 From: HelaKaraa Date: Thu, 5 Sep 2024 14:54:31 +0200 Subject: [PATCH 3/6] feat #740: filter personal team if tenant's subscriptionSecurity is activated. --- daikoku/app/controllers/ApiController.scala | 11 +++++++++-- daikoku/app/domain/CommonServices.scala | 10 +++++++++- daikoku/app/storage/api.scala | 16 ++++++++++++++-- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/daikoku/app/controllers/ApiController.scala b/daikoku/app/controllers/ApiController.scala index 7e20ef0ea..9e23e432d 100644 --- a/daikoku/app/controllers/ApiController.scala +++ b/daikoku/app/controllers/ApiController.scala @@ -3309,14 +3309,21 @@ class ApiController( val teamUsersFilter = if (ctx.user.isDaikokuAdmin) Json.obj() else Json.obj("users.userId" -> ctx.user.id.value) - + val typeFilter = if (ctx.tenant.subscriptionSecurity.isDefined + && ctx.tenant.subscriptionSecurity.exists(identity)) { + Json.obj( + "type" -> Json.obj("$in" -> Json.arr(TeamType.Admin.name, TeamType.Organization.name)) + ) + } else { + Json.obj() + } for { myTeams <- env.dataStore.teamRepo.myTeams(ctx.tenant, ctx.user) teams <- env.dataStore.teamRepo .forTenant(ctx.tenant.id) .findNotDeleted( - Json.obj("name" -> searchAsRegex) ++ teamUsersFilter, + Json.obj("name" -> searchAsRegex) ++ teamUsersFilter ++ typeFilter, 5, Json.obj("name" -> 1).some ) diff --git a/daikoku/app/domain/CommonServices.scala b/daikoku/app/domain/CommonServices.scala index 9c0b03ccb..72b4d3b6f 100644 --- a/daikoku/app/domain/CommonServices.scala +++ b/daikoku/app/domain/CommonServices.scala @@ -673,6 +673,14 @@ object CommonServices { _TenantAdminAccessTenant( AuditTrailEvent("@{user.name} has accessed to all teams list") )(ctx) { + val typeFilter = if (ctx.tenant.subscriptionSecurity.isDefined + && ctx.tenant.subscriptionSecurity.exists(identity)) { + Json.obj( + "type" -> Json.obj("$in" -> Json.arr(TeamType.Admin.name, TeamType.Organization.name)) + ) + } else { + Json.obj() + } for { teams <- env.dataStore.teamRepo @@ -681,7 +689,7 @@ object CommonServices { Json.obj( "_deleted" -> false, "name" -> Json.obj("$regex" -> research) - ), + )++ typeFilter, offset, limit, Some(Json.obj("_humanReadableId" -> 1)) diff --git a/daikoku/app/storage/api.scala b/daikoku/app/storage/api.scala index fa054245f..d9f717ef4 100644 --- a/daikoku/app/storage/api.scala +++ b/daikoku/app/storage/api.scala @@ -400,15 +400,27 @@ trait TeamRepo extends TenantCapableRepo[Team, TeamId] { env: Env, ec: ExecutionContext ): Future[Seq[Team]] = { + val typeFilter = if (tenant.subscriptionSecurity.isDefined + && tenant.subscriptionSecurity.exists(identity)) { + Json.obj( + "type" -> Json.obj("$in" -> Json.arr(TeamType.Admin.name, TeamType.Organization.name)) + ) + } else { + Json.obj() + } if (user.isDaikokuAdmin) { env.dataStore.teamRepo .forTenant(tenant.id) - .findAllNotDeleted() + .findNotDeleted( + typeFilter + ) + + } else { env.dataStore.teamRepo .forTenant(tenant.id) .findNotDeleted( - Json.obj("users.userId" -> user.id.value) + Json.obj("users.userId" -> user.id.value) ++ typeFilter ) } } From d9e4c40a52b57978ddea4b250fed80d9d15c439e Mon Sep 17 00:00:00 2001 From: HelaKaraa Date: Tue, 10 Sep 2024 15:28:08 +0200 Subject: [PATCH 4/6] feat #740: playwright + add filter to myTeams --- daikoku/app/domain/CommonServices.scala | 16 +++++++++++++--- daikoku/javascript/tests/completeJourney.spec.ts | 2 +- daikoku/javascript/tests/connectedUser.spec.ts | 2 +- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/daikoku/app/domain/CommonServices.scala b/daikoku/app/domain/CommonServices.scala index 72b4d3b6f..210ee934d 100644 --- a/daikoku/app/domain/CommonServices.scala +++ b/daikoku/app/domain/CommonServices.scala @@ -648,19 +648,29 @@ object CommonServices { env: Env, ec: ExecutionContext ) = { + + val typeFilter = if (ctx.tenant.subscriptionSecurity.isDefined + && ctx.tenant.subscriptionSecurity.exists(identity)) { + Json.obj( + "type" -> Json.obj("$ne" ->TeamType.Personal.name) + ) + } else { + Json.obj() + } _UberPublicUserAccess( AuditTrailEvent("@{user.name} has accessed his team list") )(ctx) { (if (ctx.user.isDaikokuAdmin) env.dataStore.teamRepo .forTenant(ctx.tenant) - .findAllNotDeleted() + .findNotDeleted(typeFilter) else env.dataStore.teamRepo .forTenant(ctx.tenant) - .findNotDeleted(Json.obj("users.userId" -> ctx.user.id.value))) + .findNotDeleted(Json.obj("users.userId" -> ctx.user.id.value) ++ typeFilter)) .map(teams => - teams.sortWith((a, b) => a.name.compareToIgnoreCase(b.name) < 0) + teams + .sortWith((a, b) => a.name.compareToIgnoreCase(b.name) < 0) ) } } diff --git a/daikoku/javascript/tests/completeJourney.spec.ts b/daikoku/javascript/tests/completeJourney.spec.ts index ef5333906..d88d02dae 100644 --- a/daikoku/javascript/tests/completeJourney.spec.ts +++ b/daikoku/javascript/tests/completeJourney.spec.ts @@ -41,7 +41,7 @@ test('test a complete user journey', async ({ page }) => { //create a new API await page.locator('div:nth-child(4) > .notification-link').first().click(); await page.locator('span').filter({ hasText: 'API' }).first().click(); - await page.locator('div').filter({ hasText: /^The A team$/ }).click(); + await page.locator('div').filter({ hasText: /^The A team$/ }).nth(1).click(); await page.getByRole('button', { name: 'Published' }).click(); await page.getByPlaceholder('New Api').fill('Test API'); diff --git a/daikoku/javascript/tests/connectedUser.spec.ts b/daikoku/javascript/tests/connectedUser.spec.ts index 0f9a05520..8eeeaf89b 100644 --- a/daikoku/javascript/tests/connectedUser.spec.ts +++ b/daikoku/javascript/tests/connectedUser.spec.ts @@ -463,7 +463,7 @@ test('do search', async ({ page, request }) => { await expect(page.locator('.navbar-panel.opened .block__entry__link')).toHaveCount(1) await expect(page.getByRole('link', { name: 'Testers' })).toBeVisible(); await page.getByRole('link', { name: 'Testers' }).click(); - await expect(page.getByRole('heading', { name: 'In progress demands' })).toBeVisible(); + await expect(page.getByRole('heading', { name: 'My Pending Requests' })).toBeVisible(); //search an API await page.locator('.notification-link').first().click(); From 0f72650ce3da8e3a2db19f515c2e6770e1344043 Mon Sep 17 00:00:00 2001 From: HelaKaraa Date: Wed, 11 Sep 2024 09:55:58 +0200 Subject: [PATCH 5/6] feat #740: Modification of scala test --- daikoku/test/daikoku/ApiControllerSpec.scala | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/daikoku/test/daikoku/ApiControllerSpec.scala b/daikoku/test/daikoku/ApiControllerSpec.scala index fcb3250df..e16ad4298 100644 --- a/daikoku/test/daikoku/ApiControllerSpec.scala +++ b/daikoku/test/daikoku/ApiControllerSpec.scala @@ -578,7 +578,7 @@ class ApiControllerSpec() resp.status mustBe 200 val result = (resp.json \ "data" \ "myTeams").as[JsArray] - result.value.length mustBe 3 + result.value.length mustBe 2 } "see one of his teams" in { @@ -1750,7 +1750,7 @@ class ApiControllerSpec() resp.status mustBe 200 val result = (resp.json \ "data" \ "myTeams").as[JsArray] - result.value.length mustBe 2 + result.value.length mustBe 1 } "see one of his teams" in { @@ -2367,7 +2367,7 @@ class ApiControllerSpec() resp.status mustBe 200 val result = (resp.json \ "data" \ "myTeams").as[JsArray] - result.value.length mustBe 3 + result.value.length mustBe 2 } "see one of his teams" in { From b7cf48875dde555b35f5495749d4b7b6c231154f Mon Sep 17 00:00:00 2001 From: Quentin AUBERT Date: Thu, 12 Sep 2024 17:23:42 +0200 Subject: [PATCH 6/6] Add tests --- daikoku/app/controllers/ApiController.scala | 3 +- daikoku/app/domain/CommonServices.scala | 4 +- daikoku/app/storage/api.scala | 2 +- daikoku/test/daikoku/ApiControllerSpec.scala | 132 +++++++++++++++++- daikoku/test/daikoku/TeamControllerSpec.scala | 75 ++++++++++ 5 files changed, 210 insertions(+), 6 deletions(-) diff --git a/daikoku/app/controllers/ApiController.scala b/daikoku/app/controllers/ApiController.scala index 8fea2b736..592b17155 100644 --- a/daikoku/app/controllers/ApiController.scala +++ b/daikoku/app/controllers/ApiController.scala @@ -3393,10 +3393,11 @@ class ApiController( val teamUsersFilter = if (ctx.user.isDaikokuAdmin) Json.obj() else Json.obj("users.userId" -> ctx.user.id.value) + val typeFilter = if (ctx.tenant.subscriptionSecurity.isDefined && ctx.tenant.subscriptionSecurity.exists(identity)) { Json.obj( - "type" -> Json.obj("$in" -> Json.arr(TeamType.Admin.name, TeamType.Organization.name)) + "type" -> Json.obj("$ne" -> TeamType.Personal.name) ) } else { Json.obj() diff --git a/daikoku/app/domain/CommonServices.scala b/daikoku/app/domain/CommonServices.scala index 210ee934d..f39b16368 100644 --- a/daikoku/app/domain/CommonServices.scala +++ b/daikoku/app/domain/CommonServices.scala @@ -686,7 +686,7 @@ object CommonServices { val typeFilter = if (ctx.tenant.subscriptionSecurity.isDefined && ctx.tenant.subscriptionSecurity.exists(identity)) { Json.obj( - "type" -> Json.obj("$in" -> Json.arr(TeamType.Admin.name, TeamType.Organization.name)) + "type" -> TeamType.Organization.name ) } else { Json.obj() @@ -699,7 +699,7 @@ object CommonServices { Json.obj( "_deleted" -> false, "name" -> Json.obj("$regex" -> research) - )++ typeFilter, + ) ++ typeFilter, offset, limit, Some(Json.obj("_humanReadableId" -> 1)) diff --git a/daikoku/app/storage/api.scala b/daikoku/app/storage/api.scala index 59cd3a721..d8f6b97b5 100644 --- a/daikoku/app/storage/api.scala +++ b/daikoku/app/storage/api.scala @@ -405,7 +405,7 @@ trait TeamRepo extends TenantCapableRepo[Team, TeamId] { val typeFilter = if (tenant.subscriptionSecurity.isDefined && tenant.subscriptionSecurity.exists(identity)) { Json.obj( - "type" -> Json.obj("$in" -> Json.arr(TeamType.Admin.name, TeamType.Organization.name)) + "type" -> Json.obj("$ne" -> TeamType.Personal.name) ) } else { Json.obj() diff --git a/daikoku/test/daikoku/ApiControllerSpec.scala b/daikoku/test/daikoku/ApiControllerSpec.scala index 3a180e1ec..2d836e23e 100644 --- a/daikoku/test/daikoku/ApiControllerSpec.scala +++ b/daikoku/test/daikoku/ApiControllerSpec.scala @@ -545,9 +545,9 @@ class ApiControllerSpec() resp.status mustBe 403 } - "see his teams" in { + "see his teams (graphQl)" in { setupEnvBlocking( - tenants = Seq(tenant), + tenants = Seq(tenant.copy(subscriptionSecurity = Some(true))), users = Seq(userAdmin), teams = Seq(teamOwner, teamConsumer) ) @@ -581,6 +581,134 @@ class ApiControllerSpec() val result = (resp.json \ "data" \ "myTeams").as[JsArray] result.value.length mustBe 2 + + setupEnvBlocking( + tenants = Seq(tenant.copy(subscriptionSecurity = Some(false))), + users = Seq(userAdmin), + teams = Seq(teamOwner, teamConsumer) + ) + val session2 = loginWithBlocking(userAdmin, tenant) + val resp2 = httpJsonCallBlocking( + "/api/search", + "POST", + body = Some( + Json.obj( + "query" -> + """ + |query MyTeams { + | myTeams { + | name + | _humanReadableId + | _id + | type + | users { + | user { + | userId: id + | } + | teamPermission + | } + | } + | } + |""".stripMargin + ) + ) + )(tenant, session2) + resp2.status mustBe 200 + + val result2 = (resp2.json \ "data" \ "myTeams").as[JsArray] + result2.value.length mustBe 3 + } + "see his teams" in { + setupEnvBlocking( + tenants = Seq(tenant.copy(subscriptionSecurity = Some(true))), + users = Seq(userAdmin), + teams = Seq(teamOwner, teamConsumer) + ) + val session = loginWithBlocking(userAdmin, tenant) + val resp = httpJsonCallBlocking("/api/me/teams")(tenant, session) + resp.status mustBe 200 + + val result = resp.json.as[JsArray] + result.value.length mustBe 2 + + setupEnvBlocking( + tenants = Seq(tenant.copy(subscriptionSecurity = Some(false))), + users = Seq(userAdmin), + teams = Seq(teamOwner, teamConsumer) + ) + val session2 = loginWithBlocking(userAdmin, tenant) + val resp2 = httpJsonCallBlocking("/api/me/teams")(tenant, session2) + resp2.status mustBe 200 + + val result2 = resp2.json.as[JsArray] + result2.value.length mustBe 3 + } + + "search a team" in { + setupEnvBlocking( + tenants = Seq(tenant.copy(subscriptionSecurity = Some(true))), + users = Seq(userAdmin), + teams = Seq(teamOwner, teamConsumer) + ) + val session = loginWithBlocking(userAdmin, tenant) + + val resp = + httpJsonCallBlocking( + path = s"/api/_search", + method = "POST", + body = Some(Json.obj("search" -> "")) + )(tenant, session) + + resp.status mustBe 200 + val maybeValue = resp.json.as[JsArray].value.find(entry => (entry \ "label").as[String] == "Teams") + maybeValue.isDefined mustBe true + (maybeValue.get \ "options").as[JsArray].value.length mustBe 2 + + val resp2 = + httpJsonCallBlocking( + path = s"/api/_search", + method = "POST", + body = Some(Json.obj("search" -> "Admin")) + )(tenant, session) + + resp2.status mustBe 200 + val maybeValue2 = resp2.json.as[JsArray].value.find(entry => (entry \ "label").as[String] == "Teams") + maybeValue2.isDefined mustBe true + (maybeValue2.get \ "options").as[JsArray].value.length mustBe 0 + + //disable subscription security + + setupEnvBlocking( + tenants = Seq(tenant.copy(subscriptionSecurity = Some(false))), + users = Seq(userAdmin, userApiEditor), + teams = Seq(teamOwner, teamConsumer) + ) + val session2 = loginWithBlocking(userAdmin, tenant) + + val resp3 = + httpJsonCallBlocking( + path = s"/api/_search", + method = "POST", + body = Some(Json.obj("search" -> "")) + )(tenant, session2) + + resp3.status mustBe 200 + val maybeValue3 = resp3.json.as[JsArray].value.find(entry => (entry \ "label").as[String] == "Teams") + maybeValue3.isDefined mustBe true + (maybeValue3.get \ "options").as[JsArray].value.length mustBe 3 + + val resp4 = + httpJsonCallBlocking( + path = s"/api/_search", + method = "POST", + body = Some(Json.obj("search" -> "Admin")) + )(tenant, session2) + + resp4.status mustBe 200 + val maybeValue4 = resp4.json.as[JsArray].value.find(entry => (entry \ "label").as[String] == "Teams") + maybeValue4.isDefined mustBe true + (maybeValue4.get \ "options").as[JsArray].value.length mustBe 1 + } "see one of his teams" in { diff --git a/daikoku/test/daikoku/TeamControllerSpec.scala b/daikoku/test/daikoku/TeamControllerSpec.scala index cba7e6143..a25365de8 100644 --- a/daikoku/test/daikoku/TeamControllerSpec.scala +++ b/daikoku/test/daikoku/TeamControllerSpec.scala @@ -186,6 +186,81 @@ class TeamControllerSpec() )(tenant, session) respDelete.status mustBe 403 } + + "list all teams" in { + setupEnvBlocking( + tenants = Seq(tenant.copy(subscriptionSecurity = Some(true))), + users = Seq(userAdmin, tenantAdmin), + teams = Seq(teamOwner, teamConsumer, defaultAdminTeam) + ) + val session = loginWithBlocking(tenantAdmin, tenant) + val resp = httpJsonCallBlocking( + "/api/search", + "POST", + body = Some( + Json.obj( + "query" -> + """ + |query getAllteams($research: String, $limit: Int, $offset: Int) { + | teamsPagination(research: $research, limit: $limit, offset: $offset) { + | teams { + | _id + | _humanReadableId + | name + | avatar + | type + | } + | total + | } + | } + |""".stripMargin, + "variables" -> Json.obj( + "research" -> "", + "limit" -> 10, + "offset" -> 0 + ) + ) + ) + )(tenant, session) + + resp.status mustBe 200 + val result = (resp.json \ "data" \ "teamsPagination" \ "total").as[Int] + result mustBe 2 + + setupEnvBlocking( + tenants = Seq(tenant.copy(subscriptionSecurity = Some(false))), + users = Seq(userAdmin, tenantAdmin), + teams = Seq(teamOwner, teamConsumer, defaultAdminTeam) + ) + val session2 = loginWithBlocking(tenantAdmin, tenant) + val resp2 = httpJsonCallBlocking( + "/api/search", + "POST", + body = Some( + Json.obj( + "query" -> + """ + |query getAllteams { + | teamsPagination { + | teams { + | _id + | _humanReadableId + | name + | avatar + | type + | } + | total + | } + | } + |""".stripMargin + ) + ) + )(tenant, session2) + resp2.status mustBe 200 + + val result2 = (resp2.json \ "data" \ "teamsPagination" \ "total").as[Int] + result2 mustBe 4 + } } "a team administrator" can {