feat: adjust removeRoles step

Refs: #913

src/portalbackend/PortalBackend.DBAccess/Repositories/IUserRolesRepository.cs

@@ -68,9 +68,6 @@ public interface IUserRolesRepository
     /// <returns></returns>
     IAsyncEnumerable<CompanyUserNameData> GetUserDataByAssignedRoles(Guid companyId, IEnumerable<UserRoleConfig> clientRoles);
 
-    IAsyncEnumerable<(string ClientClientId, IEnumerable<(Guid UserRoleId, string UserRoleText)> UserRoles)> GetUserRolesByClientId(IEnumerable<string> iamClientIds);
-
-    IAsyncEnumerable<(Guid CompanyUserId, IEnumerable<Guid> UserRoleIds)> GetUserWithUserRolesForApplicationId(Guid applicationId, IEnumerable<Guid> userRoleIds);
     IAsyncEnumerable<Guid> GetRolesForClient(string technicalUserProfileClient);
 
     /// <summary>
@@ -88,4 +85,6 @@ public interface IUserRolesRepository
     /// <param name="languageShortName"></param>
     /// <returns></returns>
     Task<(bool IsValid, bool IsProvider, IEnumerable<ActiveAppRoleDetails>? AppRoleDetails)> GetOfferProviderRolesAsync(Guid offerId, OfferTypeId offerTypeId, Guid companyId, string? languageShortName, string defaultLanguageShortName);
+
+    IAsyncEnumerable<(Guid IdentityId, IEnumerable<(string ClientClientId, Guid UserRoleId, string UserRoleText)> InstanceRoleData)> GetUsersWithUserRolesForApplicationId(Guid applicationId, IEnumerable<string> iamClientIds);
 }

src/portalbackend/PortalBackend.DBAccess/Repositories/UserRolesRepository.cs

@@ -258,26 +258,26 @@ public async IAsyncEnumerable<CompanyUserNameData> GetUserDataByAssignedRoles(Gu
         }
     }
 
-    public IAsyncEnumerable<(string ClientClientId, IEnumerable<(Guid UserRoleId, string UserRoleText)> UserRoles)> GetUserRolesByClientId(IEnumerable<string> iamClientIds) =>
-        _dbContext.AppInstances
-            .AsNoTracking()
-            .Where(instance => iamClientIds.Contains(instance.IamClient!.ClientClientId))
-            .Select(instance => new ValueTuple<string, IEnumerable<(Guid, string)>>(
-                instance.IamClient!.ClientClientId,
-                instance.App!.UserRoles.Select(role => new ValueTuple<Guid, string>(role.Id, role.UserRoleText))))
-            .ToAsyncEnumerable();
-
-    public IAsyncEnumerable<(Guid CompanyUserId, IEnumerable<Guid> UserRoleIds)> GetUserWithUserRolesForApplicationId(Guid applicationId, IEnumerable<Guid> userRoleIds) =>
-        _dbContext.CompanyApplications
-            .AsNoTracking()
-            .Where(application => application.Id == applicationId)
-            .SelectMany(application => application.Company!.Identities)
-            .Where(user => user.IdentityAssignedRoles.Any(assigned => userRoleIds.Contains(assigned.UserRoleId)))
-            .Select(user => new ValueTuple<Guid, IEnumerable<Guid>>(
-                user.Id,
-                user.IdentityAssignedRoles.Where(assigned => userRoleIds.Contains(assigned.UserRoleId)).Select(assigned => assigned.UserRoleId)))
-            .Take(2)
-            .ToAsyncEnumerable();
+    public IAsyncEnumerable<(Guid IdentityId, IEnumerable<(string ClientClientId, Guid UserRoleId, string UserRoleText)> InstanceRoleData)> GetUsersWithUserRolesForApplicationId(Guid applicationId, IEnumerable<string> iamClientIds) =>
+        _dbContext.Identities
+        .Where(identity => identity.Company!.CompanyApplications.Any(companyApplication => companyApplication.Id == applicationId))
+        .Select(identity => new
+        {
+            Identity = identity,
+            RoleData = identity.IdentityAssignedRoles.SelectMany(identityAssignedRole =>
+                identityAssignedRole.UserRole!.Offer!.AppInstances
+                    .Where(instance => iamClientIds.Contains(instance.IamClient!.ClientClientId))
+                    .Select(appInstance =>
+                        new { AppInstance = appInstance, UserRole = identityAssignedRole.UserRole }))
+        })
+        .Where(x => x.RoleData.Any())
+        .Select(x => new ValueTuple<Guid, IEnumerable<(string, Guid, string)>>(
+            x.Identity.Id,
+            x.RoleData.Select(roleData => new ValueTuple<string, Guid, string>(
+                        roleData.AppInstance.IamClient!.ClientClientId,
+                        roleData.UserRole.Id, roleData.UserRole.UserRoleText))))
+        .Take(2)
+        .ToAsyncEnumerable();
 
     /// <inheritdoc />
     public IAsyncEnumerable<Guid> GetRolesForClient(string technicalUserProfileClient) =>

src/registration/ApplicationActivation.Library/ApplicationActivationService.cs

@@ -204,42 +204,34 @@ await provisioningManager
     {
         var iamClientIds = _settings.ClientToRemoveRolesOnActivation;
         var userRolesRepository = portalRepositories.GetInstance<IUserRolesRepository>();
-        var clientRoleData = await userRolesRepository
-            .GetUserRolesByClientId(iamClientIds)
-            .ToListAsync(cancellationToken)
-            .ConfigureAwait(false);
-        var invitedUsersData = userRolesRepository
-            .GetUserWithUserRolesForApplicationId(context.ApplicationId, clientRoleData.SelectMany(data => data.UserRoles).Select(role => role.UserRoleId));
+        var invitedUsersData = userRolesRepository.GetUsersWithUserRolesForApplicationId(context.ApplicationId, iamClientIds);
 
         await using var enumerator = invitedUsersData.GetAsyncEnumerator(cancellationToken);
         if (await enumerator.MoveNextAsync().ConfigureAwait(false))
         {
-            var userRoles = clientRoleData.SelectMany(data => data.UserRoles.Select(role => (role.UserRoleId, data.ClientClientId, role.UserRoleText))).ToImmutableDictionary(x => x.UserRoleId, x => (x.ClientClientId, x.UserRoleText));
             var userData = enumerator.Current;
-            if (!userData.UserRoleIds.Any())
+            if (!userData.InstanceRoleData.Any())
             {
                 throw new UnexpectedConditionException("userRoleIds should never be empty here");
             }
 
             var iamUserId =
-                await provisioningManager.GetUserByUserName(userData.CompanyUserId.ToString())
+                await provisioningManager.GetUserByUserName(userData.IdentityId.ToString())
                     .ConfigureAwait(ConfigureAwaitOptions.None) ??
-                throw new ConflictException($"user {userData.CompanyUserId} not found in keycloak");
+                throw new ConflictException($"user {userData.IdentityId} not found in keycloak");
 
-            var roleNamesToDelete = userData.UserRoleIds
-                .Select(roleId => userRoles[roleId])
+            var roleNamesToDelete = userData.InstanceRoleData
                 .GroupBy(clientRoleData => clientRoleData.ClientClientId)
                 .ToImmutableDictionary(
                     clientRoleDataGroup => clientRoleDataGroup.Key,
                     clientRoleData => clientRoleData.Select(y => y.UserRoleText));
 
             await provisioningManager.DeleteClientRolesFromCentralUserAsync(iamUserId, roleNamesToDelete)
                 .ConfigureAwait(ConfigureAwaitOptions.None);
-            userRolesRepository.DeleteCompanyUserAssignedRoles(
-                userData.UserRoleIds.Select(roleId => (userData.CompanyUserId, roleId)));
+            userRolesRepository.DeleteCompanyUserAssignedRoles(userData.InstanceRoleData.Select(roleId => (userData.IdentityId, roleId.UserRoleId)));
 
             var nextStepTypeIds = await enumerator.MoveNextAsync().ConfigureAwait(false)
-                ? ProcessStepTypeId.REMOVE_REGISTRATION_ROLES // in case there are further users eligible to remove roles from the same step is created again
+                ? ProcessStepTypeId.REMOVE_REGISTRATION_ROLES // in case there are further users eligible to remove the roles from the same step is created again
                 : ProcessStepTypeId.SET_THEME;
             return new IApplicationChecklistService.WorkerChecklistProcessStepExecutionResult(
                 ProcessStepStatusId.DONE,

tests/portalbackend/PortalBackend.DBAccess.Tests/UserRolesRepositoryTests.cs

@@ -66,41 +66,15 @@ public async Task GetCoreOfferRolesAsync_WithValidData_ReturnsExpected()
     [Fact]
     public async Task GetUserWithUserRolesForApplicationId_WithValidData_ReturnsExpected()
     {
-        var userRoleIds = new[] {
-            new Guid("7410693c-c893-409e-852f-9ee886ce94a6"),
-            new Guid("7410693c-c893-409e-852f-9ee886ce94a7"),
-            new Guid("ceec23fd-6b26-485c-a4bb-90571a29e148"),
-        };
-
         // Arrange
         var sut = await CreateSut();
 
         // Act
-        var data = await sut.GetUserWithUserRolesForApplicationId(ApplicationWithBpn, userRoleIds).ToListAsync();
+        var data = await sut.GetUsersWithUserRolesForApplicationId(ApplicationWithBpn, Enumerable.Repeat("Cl1-CX-Registration", 1)).ToListAsync();
 
         // Assert
         data.Should().HaveCount(2);
-        data.Should().AllSatisfy(((Guid, IEnumerable<Guid> UserRoleIds) userData) => userData.UserRoleIds.Should().NotBeEmpty().And.AllSatisfy(userRoleId => userRoleIds.Should().Contain(userRoleId)));
-    }
-
-    #endregion
-
-    #region GetUserRolesByClientId
-
-    [Fact]
-    public async Task GetUserRolesByClientId_WithValidData_ReturnsExpected()
-    {
-        // Arrange
-        var sut = await CreateSut();
-
-        // Act
-        var data = await sut.GetUserRolesByClientId(Enumerable.Repeat("Cl1-CX-Registration", 1)).ToListAsync();
-
-        // Assert
-        data.Should().HaveCount(1);
-        var clientData = data.Single();
-        clientData.ClientClientId.Should().Be("Cl1-CX-Registration");
-        clientData.UserRoles.Should().HaveCount(3);
+        data.Should().AllSatisfy(((Guid, IEnumerable<(string, Guid, string)> UserRoleIds) userData) => userData.UserRoleIds.Should().ContainSingle());
     }
 
     #endregion

tests/registration/ApplicationActivation.Library.Tests/ApplicationActivationTests.cs

@@ -446,13 +446,8 @@ public async Task AssignBpn_WithMultipleUsers_AssignsBpnToUser()
     [Fact]
     public async Task RemoveRegistrationRoles_WithMissingRoles_ThrowsUnexpectedConditionException()
     {
-        var userRoles = new (string ClientClientId, IEnumerable<(Guid UserRoleId, string UserRoleText)>)[] {
-            ("remove-id", new[] { (CompanyUserRoleId, "Company Admin") })
-        };
-        A.CallTo(() => _rolesRepository.GetUserRolesByClientId(A<IEnumerable<string>>.That.IsSameSequenceAs(new[] { "remove-id" })))
-            .Returns(userRoles.ToAsyncEnumerable());
-        A.CallTo(() => _rolesRepository.GetUserWithUserRolesForApplicationId(Id, A<IEnumerable<Guid>>._))
-            .Returns(Enumerable.Repeat(new ValueTuple<Guid, IEnumerable<Guid>>(Guid.NewGuid(), Enumerable.Empty<Guid>()), 1).ToAsyncEnumerable());
+        A.CallTo(() => _rolesRepository.GetUsersWithUserRolesForApplicationId(Id, A<IEnumerable<string>>._))
+            .Returns(Enumerable.Repeat(new ValueTuple<Guid, IEnumerable<(string, Guid, string)>>(Guid.NewGuid(), Enumerable.Empty<(string, Guid, string)>()), 1).ToAsyncEnumerable());
 
         var context = new IApplicationChecklistService.WorkerChecklistProcessStepData(Id, default, Checklist, Enumerable.Empty<ProcessStepTypeId>());
         Task Act() => _sut.RemoveRegistrationRoles(context, CancellationToken.None);
@@ -468,17 +463,12 @@ public async Task RemoveRegistrationRoles_WithMissingRoles_ThrowsUnexpectedCondi
     public async Task RemoveRegistrationRoles_WithMultipleUsers_ReturnsExpected()
     {
         //Arrange
-        var userData = new (Guid CompanyUserId, IEnumerable<Guid> UserRoleIds)[]
+        var userData = new (Guid CompanyUserId, IEnumerable<(string, Guid, string)> UserRoleIds)[]
         {
-            new(CompanyUserId1, new[] { CompanyUserRoleId }),
-            new(CompanyUserId2, new[] { CompanyUserRoleId })
-        };
-        var userRoles = new (string ClientClientId, IEnumerable<(Guid UserRoleId, string UserRoleText)>)[] {
-            ("remove-id", new[] { (CompanyUserRoleId, "Company Admin") })
+            new(CompanyUserId1, new[] { ("remove-id", CompanyUserRoleId, "remove") }),
+            new(CompanyUserId2, new[] { ("remove-id", CompanyUserRoleId, "remove") })
         };
-        A.CallTo(() => _rolesRepository.GetUserRolesByClientId(A<IEnumerable<string>>.That.IsSameSequenceAs(new[] { "remove-id" })))
-            .Returns(userRoles.ToAsyncEnumerable());
-        A.CallTo(() => _rolesRepository.GetUserWithUserRolesForApplicationId(A<Guid>._, A<IEnumerable<Guid>>.That.IsSameSequenceAs(new[] { CompanyUserRoleId })))
+        A.CallTo(() => _rolesRepository.GetUsersWithUserRolesForApplicationId(A<Guid>._, A<IEnumerable<string>>.That.IsSameSequenceAs(new[] { "remove-id" })))
             .Returns(userData.ToAsyncEnumerable());
         SetupGetUserByUserName();
 
@@ -507,16 +497,11 @@ public async Task RemoveRegistrationRoles_WithMultipleUsers_ReturnsExpected()
     public async Task RemoveRegistrationRoles_WithValid_ReturnsExpected()
     {
         //Arrange
-        var userData = new (Guid CompanyUserId, IEnumerable<Guid> UserRoleIds)[]
+        var userData = new (Guid CompanyUserId, IEnumerable<(string, Guid, string)> UserRoleIds)[]
         {
-            new(CompanyUserId1, new[] { CompanyUserRoleId })
-        };
-        var userRoles = new (string ClientClientId, IEnumerable<(Guid UserRoleId, string UserRoleText)>)[] {
-            ("remove-id", new[] { (CompanyUserRoleId, "Company Admin") })
+            new(CompanyUserId1, new[] { ("remove-id", CompanyUserRoleId, "remove") }),
         };
-        A.CallTo(() => _rolesRepository.GetUserRolesByClientId(A<IEnumerable<string>>.That.IsSameSequenceAs(new[] { "remove-id" })))
-            .Returns(userRoles.ToAsyncEnumerable());
-        A.CallTo(() => _rolesRepository.GetUserWithUserRolesForApplicationId(A<Guid>._, A<IEnumerable<Guid>>.That.IsSameSequenceAs(new[] { CompanyUserRoleId })))
+        A.CallTo(() => _rolesRepository.GetUsersWithUserRolesForApplicationId(A<Guid>._, A<IEnumerable<string>>.That.IsSameSequenceAs(new[] { "remove-id" })))
             .Returns(userData.ToAsyncEnumerable());
         SetupGetUserByUserName();