add role to get the filling plan access

api/api-iam/iam-internal/src/main/config/customer-init.yml

@@ -74,6 +74,7 @@ customer-init:
         - ROLE_GET_ACCESS_CONTRACTS
         - ROLE_CREATE_ACCESS_CONTRACTS
         - ROLE_UPDATE_ACCESS_CONTRACTS
+        - ROLE_GET_FILLING_PLAN_ACCESS
 
     - name: Profil pour la gestion des contrats d'entrée
       description: Gestion des contrats d'entrée dans Vitam
@@ -83,6 +84,7 @@ customer-init:
         - ROLE_GET_INGEST_CONTRACTS
         - ROLE_CREATE_INGEST_CONTRACTS
         - ROLE_UPDATE_INGEST_CONTRACTS
+        - ROLE_GET_FILLING_PLAN_ACCESS
 
     - name: Profil pour les services agents
       description: Gestion des services agents dans Vitam
@@ -109,6 +111,7 @@ customer-init:
       level:
       roles:
         - ROLE_LOGBOOKS
+
     - name: Profil pour le dépôt et suivi des versements
       description: Gestion des applications de dépôt et suivi des versements
       app-name: INGEST_MANAGEMENT_APP

api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/UnitExternalController.java

@@ -85,10 +85,10 @@ public class UnitExternalController {
         SanityChecker.sanitizeCriteria(Optional.of(dsl.toString()));
         return unitExternalService.findUnitByDsl(id, dsl);
     }
-    
+
     @PostMapping(CommonConstants.PATH_ID + CommonConstants.PATH_OBJECTS)
     @Secured(ServicesData.ROLE_GET_UNITS)
-    public JsonNode findObjectMetadataById(            
+    public JsonNode findObjectMetadataById(
             @PathVariable final String id,
             @RequestBody final JsonNode dsl) throws VitamClientException {
         ParameterChecker.checkParameter("The dsl query is mandatory : ", dsl);
@@ -96,7 +96,8 @@ public class UnitExternalController {
         return unitExternalService.findObjectMetadataById(id, dsl);
     }
 
-    // TODO: Must Secure ? Multiple (OR) CREATE_APPNAME_ROLE ? Unique FILLING_PLAN_ACCESS ?
+
+    @Secured(ServicesData.ROLE_GET_FILLING_PLAN_ACCESS)
     @GetMapping(RestApi.FILING_PLAN_PATH)
     public VitamUISearchResponseDto getFillingPlan() {
         return unitExternalService.getFilingPlan();

api/api-referential/referential-internal/src/main/java/fr/gouv/vitamui/referential/internal/server/rest/UnitInternalController.java

@@ -103,7 +103,7 @@ public class UnitInternalController {
         ParameterChecker.checkParameter("The Identifier is a mandatory parameter: ", id);
         return unitInternalService.findUnitById(id, vitamContext);
     }
- 
+
     // TODO : Secure it !
     @PostMapping({RestApi.DSL_PATH, RestApi.DSL_PATH + CommonConstants.PATH_ID})
     public JsonNode findByDsl(
@@ -115,9 +115,9 @@ public class UnitInternalController {
         SanityChecker.sanitizeCriteria(Optional.of(dsl.toString()));
         return unitInternalService.searchUnitsWithErrors(id, dsl, vitamContext);
     }
-    
+
     @PostMapping(CommonConstants.PATH_ID + CommonConstants.PATH_OBJECTS)
-    public JsonNode findObjectMetadataById(            
+    public JsonNode findObjectMetadataById(
     		@RequestHeader(value = CommonConstants.X_TENANT_ID_HEADER) final Integer tenantId,
             @RequestHeader(value = CommonConstants.X_ACCESS_CONTRACT_ID_HEADER) final String accessContractId,
             @PathVariable final String id,
@@ -136,23 +136,26 @@ public class UnitInternalController {
             throws VitamClientException, IOException {
         LOGGER.debug("Get filing plan");
         final VitamContext vitamContext = securityService.buildVitamContext(tenantId, accessContractId);
-        
+
         // TULEAP-20359 : The filling plan must retrieve the units with the FILING or HOLDING type
         final JsonNode fillingOrHoldingQuery = createQueryForFillingOrHoldingUnit();
-        
+
         return objectMapper.treeToValue(unitInternalService.searchUnits(fillingOrHoldingQuery, vitamContext), VitamUISearchResponseDto.class);
     }
 
     private JsonNode createQueryForFillingOrHoldingUnit() {
+
         try {
             final SelectMultiQuery select = new SelectMultiQuery();
-            final Query query = in(unitType(), UnitTypeEnum.FILING_UNIT.getValue(), UnitTypeEnum.HOLDING_UNIT.getValue());
+            final Query query =
+                in(unitType(), UnitTypeEnum.HOLDING_UNIT.getValue(), UnitTypeEnum.FILING_UNIT.getValue());
             select.addQueries(query);
             select.addUsedProjection(FILING_PLAN_PROJECTION);
+            LOGGER.debug("query =", select.getFinalSelect().toPrettyString());
             return select.getFinalSelect();
-        }
-        catch (InvalidCreateOperationException | InvalidParseOperationException e) {
-            throw new UnexpectedDataException("Unexpected error occured while building holding dsl query : " + e.getMessage());
+        } catch (InvalidCreateOperationException | InvalidParseOperationException e) {
+            throw new UnexpectedDataException(
+                "Unexpected error occured while building holding dsl query : " + e.getMessage());
         }
     }
 

commons/commons-api/src/main/java/fr/gouv/vitamui/commons/api/domain/ServicesData.java

@@ -229,12 +229,16 @@ public class ServicesData {
 
     public static final String SERVICE_INGEST_CONTRACT = "INGEST_CONTRACTS";
 
+    public static final String SERVICE_FILLING_PLAN_ACCESS = "FILLING_PLAN_ACCESS";
+
     public static final String ROLE_CREATE_INGEST_CONTRACTS = CREATE_ROLE_PREFIX + SERVICE_INGEST_CONTRACT;
 
     public static final String ROLE_GET_INGEST_CONTRACTS = GET_ROLE_PREFIX + SERVICE_INGEST_CONTRACT;
 
     public static final String ROLE_UPDATE_INGEST_CONTRACTS = UPDATE_ROLE_PREFIX + SERVICE_INGEST_CONTRACT;
 
+    public static final String ROLE_GET_FILLING_PLAN_ACCESS = GET_ROLE_PREFIX + SERVICE_FILLING_PLAN_ACCESS;
+
     //------------------------------------ AGENCIES -----------------------------------------
 
     public static final String SERVICE_AGENCIES = "AGENCIES";
@@ -449,6 +453,7 @@ public class ServicesData {
             ROLE_CREATE_INGEST_CONTRACTS,
             ROLE_GET_INGEST_CONTRACTS,
             ROLE_UPDATE_INGEST_CONTRACTS,
+            ROLE_GET_FILLING_PLAN_ACCESS,
 
             ROLE_GET_AGENCIES,
             ROLE_UPDATE_AGENCIES,
@@ -584,6 +589,7 @@ public class ServicesData {
             ROLE_CREATE_INGEST_CONTRACTS,
             ROLE_GET_INGEST_CONTRACTS,
             ROLE_UPDATE_INGEST_CONTRACTS,
+            ROLE_GET_FILLING_PLAN_ACCESS,
 
             ROLE_GET_AGENCIES,
             ROLE_UPDATE_AGENCIES,

deployment/roles/vitamui/files/customer-init.yml

@@ -39,6 +39,7 @@ customer-init:
         - ROLE_GET_ACCESS_CONTRACTS
         - ROLE_CREATE_ACCESS_CONTRACTS
         - ROLE_UPDATE_ACCESS_CONTRACTS
+        - ROLE_GET_FILLING_PLAN_ACCESS
 
     - name: Profil pour la gestion des contrats d'entrée
       description: Gestion des contrats d'entrée dans Vitam
@@ -48,6 +49,7 @@ customer-init:
         - ROLE_GET_INGEST_CONTRACTS
         - ROLE_CREATE_INGEST_CONTRACTS
         - ROLE_UPDATE_INGEST_CONTRACTS
+        - ROLE_GET_FILLING_PLAN_ACCESS
 
     - name: Profil pour les services agents
       description: Gestion des services agents dans Vitam

deployment/scripts/mongod/2.0.0/31_update_referential_ui_contexts.js.j2

+db = db.getSiblingDB('security')
+
+print("START_31_update_referential_ui_contexts.js");
+
+db.contexts.updateOne({
+   "_id":"ui_referential_context"
+},
+{
+   $addToSet:{
+      "roleNames":{
+         $each:[
+            "ROLE_GET_FILLING_PLAN_ACCESS"
+        	]
+        }
+    }
+});
+
+print("END_31_update_referential_ui_contexts.js");

deployment/scripts/mongod/2.0.0/32_add_filling_plan_access_role_to_profiles.js.j2

+db = db.getSiblingDB('iam')
+
+print("START_32_add_filling_plan_access_role_to profils.js");
+
+// ------ ACCESS CONTRACT PROFILE --------
+
+db.profiles.updateOne({
+   "_id" : "system_access_contract",
+},
+{
+   $addToSet:{
+      "roles":{
+         $each:[
+            {
+               "name":"ROLE_GET_FILLING_PLAN_ACCESS"
+            }
+         ]
+      }
+   }
+});
+
+// ---------- INGEST CONTRACT PROFILE -----------
+
+db.profiles.updateOne({
+   "_id" : "system_ingest_contract",
+},
+{
+   $addToSet:{
+      "roles":{
+         $each:[
+            {
+               "name":"ROLE_GET_FILLING_PLAN_ACCESS"
+            }
+         ]
+      }
+   }
+});
+
+print("START_32_add_filling_plan_access_role_to profils.js");

deployment/scripts/mongod/2.0.0/33_update_admin_externalParameters_value.js.j2

+db = db.getSiblingDB('iam')
+
+print("START_33_update_admin_externalParameters_value.js");
+
+const index = 0;
+
+db.externalParameters.update(
+{"_id" : "external_param_default"
+},
+{
+   $set:{
+      [`parameters.${index}.value`] : "ContratTNR"
+   }
+});
+
+print("START_33_update_admin_externalParameters_value.js");