From 55646673871b9d2b5a7061848f6b153aad3f92f7 Mon Sep 17 00:00:00 2001
From: Tusha <mujuzimoses@gmail.com>
Date: Thu, 25 Jul 2024 19:54:25 +0300
Subject: [PATCH] RESTWS-946: /session endpoint throws an error if user doesn't
 have Get Providers privilege (#613)

---
 .../openmrs1_9/SessionController1_9.java      |  2 +-
 .../openmrs2_0/SessionController2_0.java      | 60 +++++++++++++++++++
 .../openmrs2_0/SessionController2_0Test.java  | 43 +++++++++++++
 .../sessionControllerTestDataset.xml          | 19 ++++++
 4 files changed, 123 insertions(+), 1 deletion(-)
 create mode 100644 omod-2.0/src/main/java/org/openmrs/module/webservices/rest/web/v1_0/controller/openmrs2_0/SessionController2_0.java
 create mode 100644 omod-2.0/src/test/java/org/openmrs/module/webservices/rest/web/v1_0/controller/openmrs2_0/SessionController2_0Test.java
 create mode 100644 omod-2.0/src/test/resources/sessionControllerTestDataset.xml

diff --git a/omod-1.9/src/main/java/org/openmrs/module/webservices/rest/web/v1_0/controller/openmrs1_9/SessionController1_9.java b/omod-1.9/src/main/java/org/openmrs/module/webservices/rest/web/v1_0/controller/openmrs1_9/SessionController1_9.java
index e19e6d1fd..b8e065bdc 100644
--- a/omod-1.9/src/main/java/org/openmrs/module/webservices/rest/web/v1_0/controller/openmrs1_9/SessionController1_9.java
+++ b/omod-1.9/src/main/java/org/openmrs/module/webservices/rest/web/v1_0/controller/openmrs1_9/SessionController1_9.java
@@ -132,7 +132,7 @@ public void delete(HttpServletRequest request) {
 	 *
 	 * @return Provider if the user is authenticated
 	 */
-	private Provider getCurrentProvider() {
+	protected Provider getCurrentProvider() {
 		Provider currentProvider = null;
 		User currentUser = Context.getAuthenticatedUser();
 		if (currentUser != null) {
diff --git a/omod-2.0/src/main/java/org/openmrs/module/webservices/rest/web/v1_0/controller/openmrs2_0/SessionController2_0.java b/omod-2.0/src/main/java/org/openmrs/module/webservices/rest/web/v1_0/controller/openmrs2_0/SessionController2_0.java
new file mode 100644
index 000000000..4443db8db
--- /dev/null
+++ b/omod-2.0/src/main/java/org/openmrs/module/webservices/rest/web/v1_0/controller/openmrs2_0/SessionController2_0.java
@@ -0,0 +1,60 @@
+/**
+ * This Source Code Form is subject to the terms of the Mozilla Public License,
+ * v. 2.0. If a copy of the MPL was not distributed with this file, You can
+ * obtain one at http://mozilla.org/MPL/2.0/. OpenMRS is also distributed under
+ * the terms of the Healthcare Disclaimer located at http://openmrs.org/license.
+ *
+ * Copyright (C) OpenMRS Inc. OpenMRS is a registered trademark and the OpenMRS
+ * graphic logo is a trademark of OpenMRS Inc.
+ */
+package org.openmrs.module.webservices.rest.web.v1_0.controller.openmrs2_0;
+
+import java.util.Collection;
+import java.util.HashSet;
+
+import org.openmrs.Provider;
+import org.openmrs.User;
+import org.openmrs.api.context.Context;
+import org.openmrs.module.webservices.rest.web.v1_0.controller.openmrs1_9.SessionController1_9;
+import org.openmrs.util.PrivilegeConstants;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+/**
+ * @see SessionController1_9
+ */
+@Controller
+@RequestMapping
+public class SessionController2_0 extends SessionController1_9 {
+
+    private static final Logger log = LoggerFactory.getLogger(SessionController2_0.class);
+
+    /**
+     * @see SessionController1_9#getCurrentProvider()
+     */
+    @Override
+    protected Provider getCurrentProvider() {
+        Provider currentProvider = null;
+        User currentUser = Context.getAuthenticatedUser();
+        if (currentUser != null) {
+            Collection<Provider> providers = new HashSet<Provider>();
+            try {
+                Context.addProxyPrivilege(PrivilegeConstants.GET_PROVIDERS);
+                if (currentUser.getPerson() != null) {
+                    providers = Context.getProviderService().getProvidersByPerson(currentUser.getPerson(), false);
+                }
+            }
+            finally {
+                Context.removeProxyPrivilege(PrivilegeConstants.GET_PROVIDERS);
+            }
+            if (providers.size() > 1) {
+                log.warn("Can't handle users with multiple provider accounts");
+            } else if (providers.size() == 1) {
+                currentProvider = providers.iterator().next();
+            }
+        }
+        return currentProvider;
+    }
+}
diff --git a/omod-2.0/src/test/java/org/openmrs/module/webservices/rest/web/v1_0/controller/openmrs2_0/SessionController2_0Test.java b/omod-2.0/src/test/java/org/openmrs/module/webservices/rest/web/v1_0/controller/openmrs2_0/SessionController2_0Test.java
new file mode 100644
index 000000000..c82ebfee3
--- /dev/null
+++ b/omod-2.0/src/test/java/org/openmrs/module/webservices/rest/web/v1_0/controller/openmrs2_0/SessionController2_0Test.java
@@ -0,0 +1,43 @@
+/**
+ * This Source Code Form is subject to the terms of the Mozilla Public License,
+ * v. 2.0. If a copy of the MPL was not distributed with this file, You can
+ * obtain one at http://mozilla.org/MPL/2.0/. OpenMRS is also distributed under
+ * the terms of the Healthcare Disclaimer located at http://openmrs.org/license.
+ *
+ * Copyright (C) OpenMRS Inc. OpenMRS is a registered trademark and the OpenMRS
+ * graphic logo is a trademark of OpenMRS Inc.
+ */
+package org.openmrs.module.webservices.rest.web.v1_0.controller.openmrs2_0;
+
+import org.apache.commons.beanutils.PropertyUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.openmrs.api.context.Context;
+import org.openmrs.web.test.BaseModuleWebContextSensitiveTest;
+
+/**
+ * Tests functionality of {@link SessionController2_0}
+ */
+public class SessionController2_0Test extends BaseModuleWebContextSensitiveTest {
+
+    /**
+     * @see SessionController2_0#get()
+     * @verifies return the session with current provider if the user doesn't have Get Providers privilege
+     */
+    @Test
+    public void get_shouldReturnCurrentProviderIfTheUserDoesNotHaveGetProvidersPrivilege() throws Exception {
+        executeDataSet("sessionControllerTestDataset.xml");
+
+        // authenticate new user without privileges
+        Context.logout();
+        Context.authenticate("test_user", "test");
+        Assert.assertTrue(Context.isAuthenticated());
+
+        SessionController2_0 controller = Context.getRegisteredComponents(SessionController2_0.class).iterator().next();
+
+        Object ret = controller.get();
+        Object currentProvider = PropertyUtils.getProperty(ret, "currentProvider");
+        Assert.assertNotNull(currentProvider);
+        Assert.assertTrue(currentProvider.toString().contains("Test Provider"));
+    }
+}
diff --git a/omod-2.0/src/test/resources/sessionControllerTestDataset.xml b/omod-2.0/src/test/resources/sessionControllerTestDataset.xml
new file mode 100644
index 000000000..17a71e1f1
--- /dev/null
+++ b/omod-2.0/src/test/resources/sessionControllerTestDataset.xml
@@ -0,0 +1,19 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!--
+
+    This Source Code Form is subject to the terms of the Mozilla Public License,
+    v. 2.0. If a copy of the MPL was not distributed with this file, You can
+    obtain one at http://mozilla.org/MPL/2.0/. OpenMRS is also distributed under
+    the terms of the Healthcare Disclaimer located at http://openmrs.org/license.
+
+    Copyright (C) OpenMRS Inc. OpenMRS is a registered trademark and the OpenMRS
+    graphic logo is a trademark of OpenMRS Inc.
+
+-->
+<dataset>
+
+    <person person_id="601" gender="M" dead="false" birthdate_estimated="0" creator="1" date_created="2008-08-15 15:57:09.0" voided="false" uuid="hy6b4e41-790c-484f-b6ed-71dc3e4222de"/>
+    <users user_id="601" person_id="601" system_id="7-5" username="test_user" password="4a1750c8607d0fa237de36c6305715c223415189" salt="c788c6ad82a157b712392ca695dfcf2eed193d7f" creator="1" date_created="2008-08-15 15:57:09.0" retired="false" uuid="06d05314-e132-11de-babe-001e37123456"/>
+    <provider provider_id="601" person_id="601" name="Mr. Test Provider" identifier="Test Provider" creator="1" date_created="2008-08-15 15:57:09.0" retired="false" uuid="e1009293-c561-47ae-b112-214052c17888" />
+
+</dataset>