SORMAS-Project
SORMAS-Project copied to clipboard
Published
20 hours ago •
SORMAS-Foundation
SORMAS-Foundation
Add backend checks for Sormas2Sormas [5]
Problem Description
We are missing checks for many of the user rights related to accessing the backend.
Proposed Change
We need to check user rights need to access the facade below and their methods.
The following facades are very closely related and need to check whether the user has the S2S_SHARE user right and the EDIT user right for the respective entity (overrride the share method to add the needed RightsAllowed annotation). Within the share method check whether other entities are included and whether the user has the needed user right for those.
- [x] AbstractSormasToSormasInterface
- [x] SormasToSormasCaseFacadeEjb
- [x] SormasToSormasContactFacadeEjb
- [x] SormasToSormasEventFacadeEjb
- [x] SormasToSormasLabMessageFacadeEjb
This also needs to be checked in the user interface for the sharing of
- [ ] case(s)
- [ ] contact(s)
- [ ] event(s)
- [ ] external message(s)
Furthermore:
- [x] SormasToSormasShareInfoFacadeEjb, SormasToSormasShareRequestFacadeEjb, SormasToSormasOriginInfoFacadeEjb: check S2S_SHARE and S2S_CLIENT user rights when creating/editing share meta objects. We don't have a dedicated user right to right share meta data and probably also don't need it.
- [x] SormasToSormasFacadeEjb: Add checks for S2S_SHARE and S2S_CLIENT
- [x] Check usage of these facades in the StartupShutdownService and CronService and make sure called facade methods are annotated with RightsAllowed including UserRight._SYSTEM.
- [x] Extend the archunit test implemented by #8508
