Fix permissions

Author: Brutus5000

…ata/MatchmakerQueueMapPoolElideTest.java …faforever/api/data/MapPoolElideTest.javasrc/inttest/java/com/faforever/api/data/MatchmakerQueueMapPoolElideTest.java renamed to src/inttest/java/com/faforever/api/data/MapPoolElideTest.java src/inttest/java/com/faforever/api/data/MatchmakerQueueMapPoolElideTest.java renamed to src/inttest/java/com/faforever/api/data/MapPoolElideTest.java

@@ -15,59 +15,59 @@
 @Sql(executionPhase = ExecutionPhase.BEFORE_TEST_METHOD, scripts = "classpath:sql/truncateTables.sql")
 @Sql(executionPhase = ExecutionPhase.BEFORE_TEST_METHOD, scripts = "classpath:sql/prepDefaultData.sql")
 @Sql(executionPhase = ExecutionPhase.BEFORE_TEST_METHOD, scripts = "classpath:sql/prepMapData.sql")
-public class MatchmakerQueueMapPoolElideTest extends AbstractIntegrationTest {
-  private static final String NEW_LADDER_MAP_BODY = "{\"data\":{\"type\":\"ladder1v1Map\",\"relationships\":{\"mapVersion\":{\"data\":{\"type\":\"mapVersion\",\"id\":\"2\"}}}}}";
+public class MapPoolElideTest extends AbstractIntegrationTest {
+  private static final String NEW_LADDER_MAP_BODY = "{\"data\":{\"type\":\"mapVersion\",\"id\":\"2\"}}}";
 
   @Test
-  public void cannotCreateLadderMapWithoutScope() throws Exception {
+  public void cannotCreateMapPoolItemWithoutScope() throws Exception {
     mockMvc.perform(
-      post("/data/ladder1v1Map")
+      post("/data/mapPool/1/mapVersions")
         .with(getOAuthTokenWithTestUser(NO_SCOPE, GroupPermission.ROLE_WRITE_MATCHMAKER_MAP))
         .header(HttpHeaders.CONTENT_TYPE, JsonApiMediaType.JSON_API_MEDIA_TYPE)
         .content(NEW_LADDER_MAP_BODY)) // magic value from prepMapData.sql
       .andExpect(status().isForbidden());
   }
 
   @Test
-  public void cannotCreateLadderMapWithoutRole() throws Exception {
+  public void cannotCreateMapPoolItemWithoutRole() throws Exception {
     mockMvc.perform(
-      post("/data/ladder1v1Map")
+      post("/data/mapPool/1/mapVersions")
         .with(getOAuthTokenWithTestUser(OAuthScope._ADMINISTRATIVE_ACTION, NO_AUTHORITIES))
         .header(HttpHeaders.CONTENT_TYPE, JsonApiMediaType.JSON_API_MEDIA_TYPE)
         .content(NEW_LADDER_MAP_BODY)) // magic value from prepMapData.sql
       .andExpect(status().isForbidden());
   }
 
   @Test
-  public void canCreateLadderMapWithScopeAndRole() throws Exception {
+  public void canCreateMapPoolItemWithScopeAndRole() throws Exception {
     mockMvc.perform(
-      post("/data/ladder1v1Map")
+      post("/data/mapPool/1/mapVersions")
         .with(getOAuthTokenWithTestUser(OAuthScope._ADMINISTRATIVE_ACTION, GroupPermission.ROLE_WRITE_MATCHMAKER_MAP))
         .header(HttpHeaders.CONTENT_TYPE, JsonApiMediaType.JSON_API_MEDIA_TYPE)
         .content(NEW_LADDER_MAP_BODY)) // magic value from prepMapData.sql
       .andExpect(status().isCreated());
   }
 
   @Test
-  public void canDeleteLadderMapWithScopeAndRole() throws Exception {
+  public void canDeleteMapPoolItemWithScopeAndRole() throws Exception {
     mockMvc.perform(
-      delete("/data/ladder1v1Map/1")
+      delete("/data/mapPool/1/mapVersions/1")
         .with(getOAuthTokenWithTestUser(OAuthScope._ADMINISTRATIVE_ACTION, GroupPermission.ROLE_WRITE_MATCHMAKER_MAP))) // magic value from prepMapData.sql
       .andExpect(status().isNoContent());
   }
 
   @Test
-  public void cannotDeleteLadderMapWithoutScope() throws Exception {
+  public void cannotDeleteMapPoolItemWithoutScope() throws Exception {
     mockMvc.perform(
-      delete("/data/ladder1v1Map/1")
+      delete("/data/mapPool/1/mapVersions/1")
         .with(getOAuthTokenWithTestUser(NO_SCOPE, GroupPermission.ROLE_WRITE_MATCHMAKER_MAP))) // magic value from prepMapData.sql
       .andExpect(status().isForbidden());
   }
 
   @Test
-  public void cannotDeleteLadderMapWithoutRole() throws Exception {
+  public void cannotDeleteMapPoolItemWithoutRole() throws Exception {
     mockMvc.perform(
-      delete("/data/ladder1v1Map/1")
+      delete("/data/mapPool/1")
         .with(getOAuthTokenWithTestUser(OAuthScope._ADMINISTRATIVE_ACTION, NO_AUTHORITIES))) // magic value from prepMapData.sql
       .andExpect(status().isForbidden());
   }

src/main/java/com/faforever/api/data/domain/MapPool.java

@@ -1,10 +1,14 @@
 package com.faforever.api.data.domain;
 
+import com.faforever.api.security.elide.permission.WriteMatchmakerMapCheck;
+import com.yahoo.elide.annotation.CreatePermission;
+import com.yahoo.elide.annotation.DeletePermission;
 import com.yahoo.elide.annotation.Include;
+import com.yahoo.elide.annotation.SharePermission;
+import com.yahoo.elide.annotation.UpdatePermission;
 import lombok.Setter;
 import org.hibernate.annotations.Immutable;
 
-import javax.persistence.CascadeType;
 import javax.persistence.Entity;
 import javax.persistence.JoinColumn;
 import javax.persistence.JoinTable;
@@ -17,7 +21,10 @@
 @Setter
 @Table(name = "map_pool")
 @Include(rootLevel = true, type = "mapPool")
-@Immutable
+@CreatePermission(expression = WriteMatchmakerMapCheck.EXPRESSION)
+@UpdatePermission(expression = WriteMatchmakerMapCheck.EXPRESSION)
+@DeletePermission(expression = WriteMatchmakerMapCheck.EXPRESSION)
+@SharePermission
 public class MapPool extends AbstractEntity {
   private String name;
   private Set<MapVersion> mapVersions;