refactor: Move saml auth providers endpoint to admin namespace

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-saml-auth-providers.ee.js

@@ -1,5 +1,5 @@
-import { renderObject } from '../../../../helpers/renderer.js';
-import SamlAuthProvider from '../../../../models/saml-auth-provider.ee.js';
+import { renderObject } from '../../../../../helpers/renderer.js';
+import SamlAuthProvider from '../../../../../models/saml-auth-provider.ee.js';
 
 export default async (request, response) => {
   const samlAuthProviders = await SamlAuthProvider.query().orderBy(

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-saml-auth-providers.ee.test.js

@@ -0,0 +1,39 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import { createSamlAuthProvider } from '../../../../../../test/factories/saml-auth-provider.ee.js';
+import getSamlAuthProvidersMock from '../../../../../../test/mocks/rest/api/v1/saml-auth-providers/get-saml-auth-providers.ee.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('GET /api/v1/admin/saml-auth-providers', () => {
+  let samlAuthProviderOne, samlAuthProviderTwo, currentUser, token;
+
+  beforeEach(async () => {
+    const role = await createRole({ key: 'admin' });
+    currentUser = await createUser({ roleId: role.id });
+
+    samlAuthProviderOne = await createSamlAuthProvider();
+    samlAuthProviderTwo = await createSamlAuthProvider();
+
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return saml auth providers', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    const response = await request(app)
+      .get('/api/v1/admin/saml-auth-providers')
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = await getSamlAuthProvidersMock([
+      samlAuthProviderTwo,
+      samlAuthProviderOne,
+    ]);
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/saml-auth-providers/get-saml-auth-providers.ee.test.js

@@ -1,46 +0,0 @@
-import { vi, describe, it, expect, beforeEach } from 'vitest';
-import request from 'supertest';
-import app from '../../../../app.js';
-import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id.js';
-import { createUser } from '../../../../../test/factories/user.js';
-import { createPermission } from '../../../../../test/factories/permission.js';
-import { createSamlAuthProvider } from '../../../../../test/factories/saml-auth-provider.ee.js';
-import getSamlAuthProvidersMock from '../../../../../test/mocks/rest/api/v1/saml-auth-providers/get-saml-auth-providers.ee.js';
-import * as license from '../../../../helpers/license.ee.js';
-
-describe('GET /api/v1/saml-auth-providers', () => {
-  let samlAuthProviderOne, samlAuthProviderTwo, currentUser, token;
-
-  beforeEach(async () => {
-    currentUser = await createUser();
-    const role = await currentUser.$relatedQuery('role');
-
-    await createPermission({
-      roleId: role.id,
-      action: 'read',
-      subject: 'SamlAuthProvider',
-      conditions: [],
-    });
-
-    samlAuthProviderOne = await createSamlAuthProvider();
-    samlAuthProviderTwo = await createSamlAuthProvider();
-
-    token = createAuthTokenByUserId(currentUser.id);
-  });
-
-  it('should return saml auth providers', async () => {
-    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
-
-    const response = await request(app)
-      .get('/api/v1/saml-auth-providers')
-      .set('Authorization', token)
-      .expect(200);
-
-    const expectedPayload = await getSamlAuthProvidersMock([
-      samlAuthProviderTwo,
-      samlAuthProviderOne,
-    ]);
-
-    expect(response.body).toEqual(expectedPayload);
-  });
-});

packages/backend/src/helpers/authorization.js

@@ -7,7 +7,7 @@ const authorizationList = {
     action: 'read',
     subject: 'User',
   },
-  '/api/v1/saml-auth-providers/': {
+  'GET /api/v1/admin/saml-auth-providers/': {
     action: 'read',
     subject: 'SamlAuthProvider',
   },
@@ -24,3 +24,13 @@ export const authorizeUser = async (request, response, next) => {
     return response.status(403).end();
   }
 };
+
+export const authorizeAdmin = async (request, response, next) => {
+  const role = await request.currentUser.$relatedQuery('role');
+
+  if (role?.isAdmin) {
+    next();
+  } else {
+    return response.status(403).end();
+  }
+};

packages/backend/src/routes/api/v1/saml-auth-providers.ee.js

@@ -1,15 +1,15 @@
 import { Router } from 'express';
 import { authenticateUser } from '../../../helpers/authentication.js';
-import { authorizeUser } from '../../../helpers/authorization.js';
+import { authorizeAdmin } from '../../../helpers/authorization.js';
 import { checkIsEnterprise } from '../../../helpers/check-is-enterprise.js';
-import getSamlAuthProvidersAction from '../../../controllers/api/v1/saml-auth-providers/get-saml-auth-providers.ee.js';
+import getSamlAuthProvidersAction from '../../../controllers/api/v1/admin/saml-auth-providers/get-saml-auth-providers.ee.js';
 
 const router = Router();
 
 router.get(
   '/',
   authenticateUser,
-  authorizeUser,
+  authorizeAdmin,
   checkIsEnterprise,
   getSamlAuthProvidersAction
 );

packages/backend/src/routes/index.js

@@ -15,6 +15,6 @@ router.use('/paddle', paddleRouter);
 router.use('/healthcheck', healthcheckRouter);
 router.use('/api/v1/automatisch', automatischRouter);
 router.use('/api/v1/users', usersRouter);
-router.use('/api/v1/saml-auth-providers', samlAuthProvidersRouter);
+router.use('/api/v1/admin/saml-auth-providers', samlAuthProvidersRouter);
 
 export default router;