From 757b5e88e41509049cd5096323f7f6ac498267e4 Mon Sep 17 00:00:00 2001
From: Constantin Bergatt <constantin.bergatt@dataport.de>
Date: Tue, 15 Oct 2024 07:10:20 +0200
Subject: [PATCH 1/5] BC-7879 - fix `AuthorizationContextParams` to handle enum
 types correctly

---
 .../authorization/api/dto/authorization-body.params.ts | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/server/src/modules/authorization/api/dto/authorization-body.params.ts b/apps/server/src/modules/authorization/api/dto/authorization-body.params.ts
index c2e7b4656ff..474a3eeb865 100644
--- a/apps/server/src/modules/authorization/api/dto/authorization-body.params.ts
+++ b/apps/server/src/modules/authorization/api/dto/authorization-body.params.ts
@@ -1,5 +1,5 @@
-import { Permission } from '@shared/domain/interface';
 import { ApiProperty } from '@nestjs/swagger';
+import { Permission } from '@shared/domain/interface';
 import { Type } from 'class-transformer';
 import { IsArray, IsEnum, IsMongoId, ValidateNested } from 'class-validator';
 import { Action, AuthorizableReferenceType, AuthorizationContext } from '../../domain';
@@ -7,9 +7,9 @@ import { Action, AuthorizableReferenceType, AuthorizationContext } from '../../d
 class AuthorizationContextParams implements AuthorizationContext {
 	@IsEnum(Action)
 	@ApiProperty({
-		description: 'Define for which action the operation should be performend.',
+		name: 'action',
 		enum: Action,
-		enumName: 'Action',
+		description: 'Define for which action the operation should be performend.',
 		example: Action.read,
 	})
 	action!: Action;
@@ -17,11 +17,11 @@ class AuthorizationContextParams implements AuthorizationContext {
 	@IsArray()
 	@IsEnum(Permission, { each: true })
 	@ApiProperty({
+		name: 'requiredPermissions',
 		enum: Permission,
-		enumName: 'Permission',
 		isArray: true,
 		description: 'User permissions that are needed to execute the operation.',
-		example: Permission.USER_UPDATE,
+		example: [Permission.USER_UPDATE],
 	})
 	requiredPermissions!: Permission[];
 }

From 8f0fa9eea82310700715e7fa6e0a8e1f704e79d5 Mon Sep 17 00:00:00 2001
From: Constantin Bergatt <constantin.bergatt@dataport.de>
Date: Tue, 15 Oct 2024 07:46:05 +0200
Subject: [PATCH 2/5] BC-7879 - re-generate authorization API

---
 .../.openapi-generator-ignore                 |   1 -
 .../.openapi-generator/FILES                  |   1 -
 .../authorization-api-client/models/action.ts |  31 ---
 .../models/authorization-context-params.ts    | 210 ++++++++++++++++--
 .../authorization-api-client/models/index.ts  |   1 -
 5 files changed, 190 insertions(+), 54 deletions(-)
 delete mode 100644 apps/server/src/infra/authorization-client/authorization-api-client/models/action.ts

diff --git a/apps/server/src/infra/authorization-client/authorization-api-client/.openapi-generator-ignore b/apps/server/src/infra/authorization-client/authorization-api-client/.openapi-generator-ignore
index bbc533d699f..b10976372d8 100644
--- a/apps/server/src/infra/authorization-client/authorization-api-client/.openapi-generator-ignore
+++ b/apps/server/src/infra/authorization-client/authorization-api-client/.openapi-generator-ignore
@@ -31,7 +31,6 @@ git_push.sh
 models/*
 
 # list of allowed files in the "models" folder
-!models/action.ts
 !models/authorization-body-params.ts
 !models/authorization-context-params.ts
 !models/authorized-reponse.ts
diff --git a/apps/server/src/infra/authorization-client/authorization-api-client/.openapi-generator/FILES b/apps/server/src/infra/authorization-client/authorization-api-client/.openapi-generator/FILES
index b0b81500e3f..3bee5e3e44d 100644
--- a/apps/server/src/infra/authorization-client/authorization-api-client/.openapi-generator/FILES
+++ b/apps/server/src/infra/authorization-client/authorization-api-client/.openapi-generator/FILES
@@ -4,7 +4,6 @@ base.ts
 common.ts
 configuration.ts
 index.ts
-models/action.ts
 models/authorization-body-params.ts
 models/authorization-context-params.ts
 models/authorized-reponse.ts
diff --git a/apps/server/src/infra/authorization-client/authorization-api-client/models/action.ts b/apps/server/src/infra/authorization-client/authorization-api-client/models/action.ts
deleted file mode 100644
index c74334d322b..00000000000
--- a/apps/server/src/infra/authorization-client/authorization-api-client/models/action.ts
+++ /dev/null
@@ -1,31 +0,0 @@
-/* tslint:disable */
-/* eslint-disable */
-/**
- * Schulcloud-Verbund-Software Server API
- * This is v3 of Schulcloud-Verbund-Software Server. Checkout /docs for v1.
- *
- * The version of the OpenAPI document: 3.0
- * 
- *
- * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
- * https://openapi-generator.tech
- * Do not edit the class manually.
- */
-
-
-
-/**
- * 
- * @export
- * @enum {string}
- */
-
-export const Action = {
-    READ: 'read',
-    WRITE: 'write'
-} as const;
-
-export type Action = typeof Action[keyof typeof Action];
-
-
-
diff --git a/apps/server/src/infra/authorization-client/authorization-api-client/models/authorization-context-params.ts b/apps/server/src/infra/authorization-client/authorization-api-client/models/authorization-context-params.ts
index 7ff5255cec6..32ce6a97e38 100644
--- a/apps/server/src/infra/authorization-client/authorization-api-client/models/authorization-context-params.ts
+++ b/apps/server/src/infra/authorization-client/authorization-api-client/models/authorization-context-params.ts
@@ -5,36 +5,206 @@
  * This is v3 of Schulcloud-Verbund-Software Server. Checkout /docs for v1.
  *
  * The version of the OpenAPI document: 3.0
- *
+ * 
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
  * https://openapi-generator.tech
  * Do not edit the class manually.
  */
 
-// May contain unused imports in some cases
-// @ts-ignore
-import type { Action } from './action';
-// May contain unused imports in some cases
-// @ts-ignore
-import type { Permission } from './permission';
+
 
 /**
- *
+ * 
  * @export
  * @interface AuthorizationContextParams
  */
 export interface AuthorizationContextParams {
-	/**
-	 *
-	 * @type {Action}
-	 * @memberof AuthorizationContextParams
-	 */
-	action: Action;
-	/**
-	 * User permissions that are needed to execute the operation.
-	 * @type {Array<Permission>}
-	 * @memberof AuthorizationContextParams
-	 */
-	requiredPermissions: Array<Permission>;
+    /**
+     * Define for which action the operation should be performend.
+     * @type {string}
+     * @memberof AuthorizationContextParams
+     */
+    'action': AuthorizationContextParamsAction;
+    /**
+     * User permissions that are needed to execute the operation.
+     * @type {Array<string>}
+     * @memberof AuthorizationContextParams
+     */
+    'requiredPermissions': Array<AuthorizationContextParamsRequiredPermissions>;
 }
+
+export const AuthorizationContextParamsAction = {
+    READ: 'read',
+    WRITE: 'write'
+} as const;
+
+export type AuthorizationContextParamsAction = typeof AuthorizationContextParamsAction[keyof typeof AuthorizationContextParamsAction];
+export const AuthorizationContextParamsRequiredPermissions = {
+    ACCOUNT_CREATE: 'ACCOUNT_CREATE',
+    ACCOUNT_DELETE: 'ACCOUNT_DELETE',
+    ACCOUNT_EDIT: 'ACCOUNT_EDIT',
+    ACCOUNT_VIEW: 'ACCOUNT_VIEW',
+    ADD_SCHOOL_MEMBERS: 'ADD_SCHOOL_MEMBERS',
+    ADMIN_EDIT: 'ADMIN_EDIT',
+    ADMIN_VIEW: 'ADMIN_VIEW',
+    BASE_VIEW: 'BASE_VIEW',
+    CALENDAR_CREATE: 'CALENDAR_CREATE',
+    CALENDAR_EDIT: 'CALENDAR_EDIT',
+    CALENDAR_VIEW: 'CALENDAR_VIEW',
+    CHANGE_TEAM_ROLES: 'CHANGE_TEAM_ROLES',
+    CLASS_CREATE: 'CLASS_CREATE',
+    CLASS_EDIT: 'CLASS_EDIT',
+    CLASS_FULL_ADMIN: 'CLASS_FULL_ADMIN',
+    CLASS_LIST: 'CLASS_LIST',
+    CLASS_REMOVE: 'CLASS_REMOVE',
+    CLASS_VIEW: 'CLASS_VIEW',
+    COMMENTS_CREATE: 'COMMENTS_CREATE',
+    COMMENTS_EDIT: 'COMMENTS_EDIT',
+    COMMENTS_VIEW: 'COMMENTS_VIEW',
+    CONTENT_NON_OER_VIEW: 'CONTENT_NON_OER_VIEW',
+    CONTENT_VIEW: 'CONTENT_VIEW',
+    CONTEXT_TOOL_ADMIN: 'CONTEXT_TOOL_ADMIN',
+    CONTEXT_TOOL_USER: 'CONTEXT_TOOL_USER',
+    COURSEGROUP_CREATE: 'COURSEGROUP_CREATE',
+    COURSEGROUP_EDIT: 'COURSEGROUP_EDIT',
+    COURSE_ADMINISTRATION: 'COURSE_ADMINISTRATION',
+    COURSE_CREATE: 'COURSE_CREATE',
+    COURSE_DELETE: 'COURSE_DELETE',
+    COURSE_EDIT: 'COURSE_EDIT',
+    COURSE_REMOVE: 'COURSE_REMOVE',
+    COURSE_VIEW: 'COURSE_VIEW',
+    CREATE_SUPPORT_JWT: 'CREATE_SUPPORT_JWT',
+    CREATE_TOPICS_AND_TASKS: 'CREATE_TOPICS_AND_TASKS',
+    DASHBOARD_VIEW: 'DASHBOARD_VIEW',
+    DATASOURCES_CREATE: 'DATASOURCES_CREATE',
+    DATASOURCES_DELETE: 'DATASOURCES_DELETE',
+    DATASOURCES_EDIT: 'DATASOURCES_EDIT',
+    DATASOURCES_RUN: 'DATASOURCES_RUN',
+    DATASOURCES_RUN_VIEW: 'DATASOURCES_RUN_VIEW',
+    DATASOURCES_VIEW: 'DATASOURCES_VIEW',
+    DEFAULT_FILE_PERMISSIONS: 'DEFAULT_FILE_PERMISSIONS',
+    DELETE_TEAM: 'DELETE_TEAM',
+    EDIT_ALL_FILES: 'EDIT_ALL_FILES',
+    ENTERTHECLOUD_START: 'ENTERTHECLOUD_START',
+    FEDERALSTATE_CREATE: 'FEDERALSTATE_CREATE',
+    FEDERALSTATE_EDIT: 'FEDERALSTATE_EDIT',
+    FEDERALSTATE_VIEW: 'FEDERALSTATE_VIEW',
+    FILESTORAGE_CREATE: 'FILESTORAGE_CREATE',
+    FILESTORAGE_EDIT: 'FILESTORAGE_EDIT',
+    FILESTORAGE_REMOVE: 'FILESTORAGE_REMOVE',
+    FILESTORAGE_VIEW: 'FILESTORAGE_VIEW',
+    FILE_CREATE: 'FILE_CREATE',
+    FILE_DELETE: 'FILE_DELETE',
+    FILE_MOVE: 'FILE_MOVE',
+    FOLDER_CREATE: 'FOLDER_CREATE',
+    FOLDER_DELETE: 'FOLDER_DELETE',
+    GROUP_LIST: 'GROUP_LIST',
+    GROUP_FULL_ADMIN: 'GROUP_FULL_ADMIN',
+    GROUP_VIEW: 'GROUP_VIEW',
+    HELPDESK_CREATE: 'HELPDESK_CREATE',
+    HELPDESK_EDIT: 'HELPDESK_EDIT',
+    HELPDESK_VIEW: 'HELPDESK_VIEW',
+    HOMEWORK_CREATE: 'HOMEWORK_CREATE',
+    HOMEWORK_EDIT: 'HOMEWORK_EDIT',
+    HOMEWORK_VIEW: 'HOMEWORK_VIEW',
+    IMPORT_USER_MIGRATE: 'IMPORT_USER_MIGRATE',
+    IMPORT_USER_UPDATE: 'IMPORT_USER_UPDATE',
+    IMPORT_USER_VIEW: 'IMPORT_USER_VIEW',
+    INSTANCE_VIEW: 'INSTANCE_VIEW',
+    INVITE_ADMINISTRATORS: 'INVITE_ADMINISTRATORS',
+    INVITE_EXPERTS: 'INVITE_EXPERTS',
+    JOIN_MEETING: 'JOIN_MEETING',
+    LEAVE_TEAM: 'LEAVE_TEAM',
+    LERNSTORE_VIEW: 'LERNSTORE_VIEW',
+    LESSONS_CREATE: 'LESSONS_CREATE',
+    LESSONS_VIEW: 'LESSONS_VIEW',
+    LINK_CREATE: 'LINK_CREATE',
+    NEWS_CREATE: 'NEWS_CREATE',
+    NEWS_EDIT: 'NEWS_EDIT',
+    NEWS_VIEW: 'NEWS_VIEW',
+    NEXTCLOUD_USER: 'NEXTCLOUD_USER',
+    NOTIFICATION_CREATE: 'NOTIFICATION_CREATE',
+    NOTIFICATION_EDIT: 'NOTIFICATION_EDIT',
+    NOTIFICATION_VIEW: 'NOTIFICATION_VIEW',
+    OAUTH_CLIENT_EDIT: 'OAUTH_CLIENT_EDIT',
+    OAUTH_CLIENT_VIEW: 'OAUTH_CLIENT_VIEW',
+    PASSWORD_EDIT: 'PASSWORD_EDIT',
+    PWRECOVERY_CREATE: 'PWRECOVERY_CREATE',
+    PWRECOVERY_EDIT: 'PWRECOVERY_EDIT',
+    PWRECOVERY_VIEW: 'PWRECOVERY_VIEW',
+    RELEASES_CREATE: 'RELEASES_CREATE',
+    RELEASES_EDIT: 'RELEASES_EDIT',
+    RELEASES_VIEW: 'RELEASES_VIEW',
+    REMOVE_MEMBERS: 'REMOVE_MEMBERS',
+    RENAME_TEAM: 'RENAME_TEAM',
+    REQUEST_CONSENTS: 'REQUEST_CONSENTS',
+    ROLE_CREATE: 'ROLE_CREATE',
+    ROLE_EDIT: 'ROLE_EDIT',
+    ROLE_VIEW: 'ROLE_VIEW',
+    SCHOOL_CHAT_MANAGE: 'SCHOOL_CHAT_MANAGE',
+    SCHOOL_CREATE: 'SCHOOL_CREATE',
+    SCHOOL_EDIT: 'SCHOOL_EDIT',
+    SCHOOL_EDIT_ALL: 'SCHOOL_EDIT_ALL',
+    SCHOOL_LOGO_MANAGE: 'SCHOOL_LOGO_MANAGE',
+    SCHOOL_NEWS_EDIT: 'SCHOOL_NEWS_EDIT',
+    SCHOOL_PERMISSION_CHANGE: 'SCHOOL_PERMISSION_CHANGE',
+    SCHOOL_PERMISSION_VIEW: 'SCHOOL_PERMISSION_VIEW',
+    SCHOOL_STUDENT_TEAM_MANAGE: 'SCHOOL_STUDENT_TEAM_MANAGE',
+    SCHOOL_SYSTEM_EDIT: 'SCHOOL_SYSTEM_EDIT',
+    SCHOOL_SYSTEM_VIEW: 'SCHOOL_SYSTEM_VIEW',
+    SCHOOL_TOOL_ADMIN: 'SCHOOL_TOOL_ADMIN',
+    SCOPE_PERMISSIONS_VIEW: 'SCOPE_PERMISSIONS_VIEW',
+    START_MEETING: 'START_MEETING',
+    STUDENT_CREATE: 'STUDENT_CREATE',
+    STUDENT_DELETE: 'STUDENT_DELETE',
+    STUDENT_EDIT: 'STUDENT_EDIT',
+    STUDENT_LIST: 'STUDENT_LIST',
+    STUDENT_SKIP_REGISTRATION: 'STUDENT_SKIP_REGISTRATION',
+    SUBMISSIONS_CREATE: 'SUBMISSIONS_CREATE',
+    SUBMISSIONS_EDIT: 'SUBMISSIONS_EDIT',
+    SUBMISSIONS_SCHOOL_VIEW: 'SUBMISSIONS_SCHOOL_VIEW',
+    SUBMISSIONS_VIEW: 'SUBMISSIONS_VIEW',
+    SYNC_START: 'SYNC_START',
+    SYSTEM_CREATE: 'SYSTEM_CREATE',
+    SYSTEM_EDIT: 'SYSTEM_EDIT',
+    SYSTEM_VIEW: 'SYSTEM_VIEW',
+    TASK_DASHBOARD_TEACHER_VIEW_V3: 'TASK_DASHBOARD_TEACHER_VIEW_V3',
+    TASK_DASHBOARD_VIEW_V3: 'TASK_DASHBOARD_VIEW_V3',
+    TEACHER_CREATE: 'TEACHER_CREATE',
+    TEACHER_DELETE: 'TEACHER_DELETE',
+    TEACHER_EDIT: 'TEACHER_EDIT',
+    TEACHER_LIST: 'TEACHER_LIST',
+    TEACHER_SKIP_REGISTRATION: 'TEACHER_SKIP_REGISTRATION',
+    TEAM_CREATE: 'TEAM_CREATE',
+    TOOL_CREATE_ETHERPAD: 'TOOL_CREATE_ETHERPAD',
+    TEAM_EDIT: 'TEAM_EDIT',
+    TEAM_INVITE_EXTERNAL: 'TEAM_INVITE_EXTERNAL',
+    TEAM_VIEW: 'TEAM_VIEW',
+    TOOL_ADMIN: 'TOOL_ADMIN',
+    TOOL_CREATE: 'TOOL_CREATE',
+    TOOL_EDIT: 'TOOL_EDIT',
+    TOOL_NEW_VIEW: 'TOOL_NEW_VIEW',
+    TOOL_VIEW: 'TOOL_VIEW',
+    TOPIC_CREATE: 'TOPIC_CREATE',
+    TOPIC_EDIT: 'TOPIC_EDIT',
+    TOPIC_VIEW: 'TOPIC_VIEW',
+    UPLOAD_FILES: 'UPLOAD_FILES',
+    USE_LIBREOFFICE: 'USE_LIBREOFFICE',
+    USE_ROCKETCHAT: 'USE_ROCKETCHAT',
+    USERGROUP_CREATE: 'USERGROUP_CREATE',
+    USERGROUP_EDIT: 'USERGROUP_EDIT',
+    USERGROUP_VIEW: 'USERGROUP_VIEW',
+    USER_CHANGE_OWN_NAME: 'USER_CHANGE_OWN_NAME',
+    USER_CREATE: 'USER_CREATE',
+    USER_LOGIN_MIGRATION_ADMIN: 'USER_LOGIN_MIGRATION_ADMIN',
+    USER_LOGIN_MIGRATION_ROLLBACK: 'USER_LOGIN_MIGRATION_ROLLBACK',
+    USER_LOGIN_MIGRATION_FORCE: 'USER_LOGIN_MIGRATION_FORCE',
+    USER_MIGRATE: 'USER_MIGRATE',
+    USER_UPDATE: 'USER_UPDATE',
+    YEARS_EDIT: 'YEARS_EDIT'
+} as const;
+
+export type AuthorizationContextParamsRequiredPermissions = typeof AuthorizationContextParamsRequiredPermissions[keyof typeof AuthorizationContextParamsRequiredPermissions];
+
+
diff --git a/apps/server/src/infra/authorization-client/authorization-api-client/models/index.ts b/apps/server/src/infra/authorization-client/authorization-api-client/models/index.ts
index 59dfc03282f..befef5df252 100644
--- a/apps/server/src/infra/authorization-client/authorization-api-client/models/index.ts
+++ b/apps/server/src/infra/authorization-client/authorization-api-client/models/index.ts
@@ -1,4 +1,3 @@
-export * from './action';
 export * from './authorization-body-params';
 export * from './authorization-context-params';
 export * from './authorized-reponse';

From b97c5cd747cc430c8ceacc51312d7b0a4be6ce94 Mon Sep 17 00:00:00 2001
From: Constantin Bergatt <constantin.bergatt@dataport.de>
Date: Tue, 15 Oct 2024 08:04:07 +0200
Subject: [PATCH 3/5] BC-7879 - refactor authorization API imports and builder
 methods

This commit refactors the authorization API imports and builder methods in the `authorization-client` module. It updates the import statements and adds new builder methods for `AuthorizationContextParamsAction` and `AuthorizationContextParamsRequiredPermissions`. This improves the organization and readability of the code.
---
 .../src/infra/authorization-client/index.ts   |  7 ++++++-
 .../mapper/authorization-context.builder.ts   | 20 ++++++++++++-------
 .../domain/rules/instance.rule.ts             |  4 ++--
 .../files-storage/files-storage.const.ts      | 14 +++++++------
 .../files-storage/uc/files-storage.uc.ts      |  4 ++--
 5 files changed, 31 insertions(+), 18 deletions(-)

diff --git a/apps/server/src/infra/authorization-client/index.ts b/apps/server/src/infra/authorization-client/index.ts
index 3965174bf62..3ae4709e19f 100644
--- a/apps/server/src/infra/authorization-client/index.ts
+++ b/apps/server/src/infra/authorization-client/index.ts
@@ -1,4 +1,9 @@
-export { Action, AuthorizationBodyParamsReferenceType, AuthorizationContextParams } from './authorization-api-client';
+export {
+	AuthorizationBodyParamsReferenceType,
+	AuthorizationContextParams,
+	AuthorizationContextParamsAction,
+	AuthorizationContextParamsRequiredPermissions,
+} from './authorization-api-client';
 export { AuthorizationClientAdapter } from './authorization-client.adapter';
 export { AuthorizationClientConfig, AuthorizationClientModule } from './authorization-client.module';
 export { AuthorizationContextBuilder } from './mapper';
diff --git a/apps/server/src/infra/authorization-client/mapper/authorization-context.builder.ts b/apps/server/src/infra/authorization-client/mapper/authorization-context.builder.ts
index 16b55a5564c..99432f001cc 100644
--- a/apps/server/src/infra/authorization-client/mapper/authorization-context.builder.ts
+++ b/apps/server/src/infra/authorization-client/mapper/authorization-context.builder.ts
@@ -1,22 +1,28 @@
-import { Permission } from '@shared/domain/interface';
-import { Action, AuthorizationContextParams } from '../authorization-api-client';
+import {
+	AuthorizationContextParams,
+	AuthorizationContextParamsAction,
+	AuthorizationContextParamsRequiredPermissions,
+} from '../authorization-api-client';
 
 export class AuthorizationContextBuilder {
-	static build(requiredPermissions: Array<Permission>, action: Action): AuthorizationContextParams {
+	static build(
+		requiredPermissions: Array<AuthorizationContextParamsRequiredPermissions>,
+		action: AuthorizationContextParamsAction
+	): AuthorizationContextParams {
 		return {
 			action,
 			requiredPermissions,
 		};
 	}
 
-	static write(requiredPermissions: Permission[]): AuthorizationContextParams {
-		const context = this.build(requiredPermissions, Action.WRITE);
+	static write(requiredPermissions: AuthorizationContextParamsRequiredPermissions[]): AuthorizationContextParams {
+		const context = this.build(requiredPermissions, AuthorizationContextParamsAction.WRITE);
 
 		return context;
 	}
 
-	static read(requiredPermissions: Permission[]): AuthorizationContextParams {
-		const context = this.build(requiredPermissions, Action.READ);
+	static read(requiredPermissions: AuthorizationContextParamsRequiredPermissions[]): AuthorizationContextParams {
+		const context = this.build(requiredPermissions, AuthorizationContextParamsAction.READ);
 
 		return context;
 	}
diff --git a/apps/server/src/modules/authorization/domain/rules/instance.rule.ts b/apps/server/src/modules/authorization/domain/rules/instance.rule.ts
index 7389aca1023..8729ee23be0 100644
--- a/apps/server/src/modules/authorization/domain/rules/instance.rule.ts
+++ b/apps/server/src/modules/authorization/domain/rules/instance.rule.ts
@@ -1,8 +1,8 @@
+import { AuthorizationContextParamsAction } from '@infra/authorization-client';
 import { Instance } from '@modules/instance';
 import { Injectable } from '@nestjs/common';
 import { User } from '@shared/domain/entity';
 import { RoleName } from '@shared/domain/interface';
-import { Action } from '@infra/authorization-client';
 import { AuthorizationHelper } from '../service/authorization.helper';
 import { AuthorizationContext, Rule } from '../type';
 
@@ -20,7 +20,7 @@ export class InstanceRule implements Rule<Instance> {
 		const hasPermission = this.authorizationHelper.hasAllPermissions(user, context.requiredPermissions);
 
 		// As temporary solution until the user with write access to instance added as group, we must check the role.
-		if (context.action === Action.WRITE) {
+		if (context.action === AuthorizationContextParamsAction.WRITE) {
 			const hasRole = this.authorizationHelper.hasRole(user, RoleName.SUPERHERO);
 
 			return hasPermission && hasRole;
diff --git a/apps/server/src/modules/files-storage/files-storage.const.ts b/apps/server/src/modules/files-storage/files-storage.const.ts
index 970f575b327..2d731aa02d8 100644
--- a/apps/server/src/modules/files-storage/files-storage.const.ts
+++ b/apps/server/src/modules/files-storage/files-storage.const.ts
@@ -1,5 +1,7 @@
-import { AuthorizationContextBuilder } from '@infra/authorization-client';
-import { Permission } from '@shared/domain/interface';
+import {
+	AuthorizationContextBuilder,
+	AuthorizationContextParamsRequiredPermissions,
+} from '@infra/authorization-client';
 
 export enum FilesStorageInternalActions {
 	downloadBySecurityToken = '/file-security/download/:token',
@@ -8,8 +10,8 @@ export enum FilesStorageInternalActions {
 export const API_VERSION_PATH = '/api/v3';
 
 export const FileStorageAuthorizationContext = {
-	create: AuthorizationContextBuilder.write([Permission.FILESTORAGE_CREATE]),
-	read: AuthorizationContextBuilder.read([Permission.FILESTORAGE_VIEW]),
-	update: AuthorizationContextBuilder.write([Permission.FILESTORAGE_EDIT]),
-	delete: AuthorizationContextBuilder.write([Permission.FILESTORAGE_REMOVE]),
+	create: AuthorizationContextBuilder.write([AuthorizationContextParamsRequiredPermissions.FILESTORAGE_CREATE]),
+	read: AuthorizationContextBuilder.read([AuthorizationContextParamsRequiredPermissions.FILESTORAGE_VIEW]),
+	update: AuthorizationContextBuilder.write([AuthorizationContextParamsRequiredPermissions.FILESTORAGE_EDIT]),
+	delete: AuthorizationContextBuilder.write([AuthorizationContextParamsRequiredPermissions.FILESTORAGE_REMOVE]),
 };
diff --git a/apps/server/src/modules/files-storage/uc/files-storage.uc.ts b/apps/server/src/modules/files-storage/uc/files-storage.uc.ts
index ac80e3d45a8..0ee2c516e63 100644
--- a/apps/server/src/modules/files-storage/uc/files-storage.uc.ts
+++ b/apps/server/src/modules/files-storage/uc/files-storage.uc.ts
@@ -3,11 +3,11 @@ import {
 	AuthorizationClientAdapter,
 	AuthorizationContextBuilder,
 	AuthorizationContextParams,
+	AuthorizationContextParamsRequiredPermissions,
 } from '@infra/authorization-client';
 import { EntityManager, RequestContext } from '@mikro-orm/core';
 import { HttpService } from '@nestjs/axios';
 import { Injectable, NotFoundException } from '@nestjs/common';
-import { Permission } from '@shared/domain/interface';
 import { Counted, EntityId } from '@shared/domain/types';
 import { DomainErrorHandler } from '@src/core';
 import { LegacyLogger } from '@src/core/logger';
@@ -85,7 +85,7 @@ export class FilesStorageUC {
 			await this.authorizationClientAdapter.checkPermissionsByReference(
 				AuthorizationBodyParamsReferenceType.INSTANCES,
 				storageLocationId,
-				AuthorizationContextBuilder.write([Permission.INSTANCE_VIEW])
+				AuthorizationContextBuilder.write([AuthorizationContextParamsRequiredPermissions.INSTANCE_VIEW])
 			);
 		}
 

From 557c1591b27f07e1609a68d9f1b01be361cfc65b Mon Sep 17 00:00:00 2001
From: Constantin Bergatt <constantin.bergatt@dataport.de>
Date: Tue, 15 Oct 2024 10:07:20 +0200
Subject: [PATCH 4/5] BC-7879 - fix errorneous dependencies in
 `nstance.rule.ts`

---
 .../src/modules/authorization/domain/rules/instance.rule.ts  | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/apps/server/src/modules/authorization/domain/rules/instance.rule.ts b/apps/server/src/modules/authorization/domain/rules/instance.rule.ts
index 8729ee23be0..c40fed63eac 100644
--- a/apps/server/src/modules/authorization/domain/rules/instance.rule.ts
+++ b/apps/server/src/modules/authorization/domain/rules/instance.rule.ts
@@ -1,10 +1,9 @@
-import { AuthorizationContextParamsAction } from '@infra/authorization-client';
 import { Instance } from '@modules/instance';
 import { Injectable } from '@nestjs/common';
 import { User } from '@shared/domain/entity';
 import { RoleName } from '@shared/domain/interface';
 import { AuthorizationHelper } from '../service/authorization.helper';
-import { AuthorizationContext, Rule } from '../type';
+import { Action, AuthorizationContext, Rule } from '../type';
 
 @Injectable()
 export class InstanceRule implements Rule<Instance> {
@@ -20,7 +19,7 @@ export class InstanceRule implements Rule<Instance> {
 		const hasPermission = this.authorizationHelper.hasAllPermissions(user, context.requiredPermissions);
 
 		// As temporary solution until the user with write access to instance added as group, we must check the role.
-		if (context.action === AuthorizationContextParamsAction.WRITE) {
+		if (context.action === Action.write) {
 			const hasRole = this.authorizationHelper.hasRole(user, RoleName.SUPERHERO);
 
 			return hasPermission && hasRole;

From 05044c51a7654ec60fed972a3d6b1a158911353a Mon Sep 17 00:00:00 2001
From: Constantin Bergatt <constantin.bergatt@dataport.de>
Date: Thu, 17 Oct 2024 10:45:13 +0200
Subject: [PATCH 5/5] BC-7879 - fix tests and sonarcube issues

---
 .../authorization-client.adapter.spec.ts      | 25 +++++++++++--------
 ...orization-error.loggable-exception.spec.ts |  6 ++---
 ...ation-forbidden.loggable-exception.spec.ts |  4 +--
 3 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/apps/server/src/infra/authorization-client/authorization-client.adapter.spec.ts b/apps/server/src/infra/authorization-client/authorization-client.adapter.spec.ts
index e2b68d63e56..c346b2960c7 100644
--- a/apps/server/src/infra/authorization-client/authorization-client.adapter.spec.ts
+++ b/apps/server/src/infra/authorization-client/authorization-client.adapter.spec.ts
@@ -4,16 +4,21 @@ import { Test, TestingModule } from '@nestjs/testing';
 import { AxiosResponse } from 'axios';
 import { Request } from 'express';
 import {
-	Action,
 	AuthorizationApi,
+	AuthorizationBodyParams,
 	AuthorizationBodyParamsReferenceType,
+	AuthorizationContextParamsAction,
+	AuthorizationContextParamsRequiredPermissions,
 	AuthorizedReponse,
 } from './authorization-api-client';
 import { AuthorizationClientAdapter } from './authorization-client.adapter';
 import { AuthorizationErrorLoggableException, AuthorizationForbiddenLoggableException } from './error';
 
 const jwtToken = 'someJwtToken';
-const requiredPermissions = ['somePermissionA', 'somePermissionB'];
+const requiredPermissions: Array<AuthorizationContextParamsRequiredPermissions> = [
+	AuthorizationContextParamsRequiredPermissions.ACCOUNT_CREATE,
+	AuthorizationContextParamsRequiredPermissions.ACCOUNT_DELETE,
+];
 
 describe(AuthorizationClientAdapter.name, () => {
 	let module: TestingModule;
@@ -58,9 +63,9 @@ describe(AuthorizationClientAdapter.name, () => {
 	describe('checkPermissionsByReference', () => {
 		describe('when authorizationReferenceControllerAuthorizeByReference resolves successful', () => {
 			const setup = (props: { isAuthorized: boolean }) => {
-				const params = {
+				const params: AuthorizationBodyParams = {
 					context: {
-						action: Action.READ,
+						action: AuthorizationContextParamsAction.READ,
 						requiredPermissions,
 					},
 					referenceType: AuthorizationBodyParamsReferenceType.COURSES,
@@ -118,7 +123,7 @@ describe(AuthorizationClientAdapter.name, () => {
 			const setup = () => {
 				const params = {
 					context: {
-						action: Action.READ,
+						action: AuthorizationContextParamsAction.READ,
 						requiredPermissions,
 					},
 					referenceType: AuthorizationBodyParamsReferenceType.COURSES,
@@ -148,7 +153,7 @@ describe(AuthorizationClientAdapter.name, () => {
 			const setup = () => {
 				const params = {
 					context: {
-						action: Action.READ,
+						action: AuthorizationContextParamsAction.READ,
 						requiredPermissions,
 					},
 					referenceType: AuthorizationBodyParamsReferenceType.COURSES,
@@ -196,7 +201,7 @@ describe(AuthorizationClientAdapter.name, () => {
 			const setup = () => {
 				const params = {
 					context: {
-						action: Action.READ,
+						action: AuthorizationContextParamsAction.READ,
 						requiredPermissions,
 					},
 					referenceType: AuthorizationBodyParamsReferenceType.COURSES,
@@ -239,7 +244,7 @@ describe(AuthorizationClientAdapter.name, () => {
 			const setup = () => {
 				const params = {
 					context: {
-						action: Action.READ,
+						action: AuthorizationContextParamsAction.READ,
 						requiredPermissions,
 					},
 					referenceType: AuthorizationBodyParamsReferenceType.COURSES,
@@ -282,7 +287,7 @@ describe(AuthorizationClientAdapter.name, () => {
 			const setup = () => {
 				const params = {
 					context: {
-						action: Action.READ,
+						action: AuthorizationContextParamsAction.READ,
 						requiredPermissions,
 					},
 					referenceType: AuthorizationBodyParamsReferenceType.COURSES,
@@ -314,7 +319,7 @@ describe(AuthorizationClientAdapter.name, () => {
 			const setup = () => {
 				const params = {
 					context: {
-						action: Action.READ,
+						action: AuthorizationContextParamsAction.READ,
 						requiredPermissions,
 					},
 					referenceType: AuthorizationBodyParamsReferenceType.COURSES,
diff --git a/apps/server/src/infra/authorization-client/error/authorization-error.loggable-exception.spec.ts b/apps/server/src/infra/authorization-client/error/authorization-error.loggable-exception.spec.ts
index 601cad990fc..41530094e87 100644
--- a/apps/server/src/infra/authorization-client/error/authorization-error.loggable-exception.spec.ts
+++ b/apps/server/src/infra/authorization-client/error/authorization-error.loggable-exception.spec.ts
@@ -1,4 +1,4 @@
-import { Action, AuthorizationBodyParamsReferenceType } from '../authorization-api-client';
+import { AuthorizationBodyParamsReferenceType, AuthorizationContextParamsAction } from '../authorization-api-client';
 import { AuthorizationErrorLoggableException } from './authorization-error.loggable-exception';
 
 describe('AuthorizationErrorLoggableException', () => {
@@ -7,7 +7,7 @@ describe('AuthorizationErrorLoggableException', () => {
 			const setup = () => {
 				const params = {
 					context: {
-						action: Action.READ,
+						action: AuthorizationContextParamsAction.READ,
 						requiredPermissions: [],
 					},
 					referenceType: AuthorizationBodyParamsReferenceType.COURSES,
@@ -49,7 +49,7 @@ describe('AuthorizationErrorLoggableException', () => {
 			const setup = () => {
 				const params = {
 					context: {
-						action: Action.READ,
+						action: AuthorizationContextParamsAction.READ,
 						requiredPermissions: [],
 					},
 					referenceType: AuthorizationBodyParamsReferenceType.COURSES,
diff --git a/apps/server/src/infra/authorization-client/error/authorization-forbidden.loggable-exception.spec.ts b/apps/server/src/infra/authorization-client/error/authorization-forbidden.loggable-exception.spec.ts
index 75b19806969..cf68e47dddd 100644
--- a/apps/server/src/infra/authorization-client/error/authorization-forbidden.loggable-exception.spec.ts
+++ b/apps/server/src/infra/authorization-client/error/authorization-forbidden.loggable-exception.spec.ts
@@ -1,12 +1,12 @@
+import { AuthorizationBodyParamsReferenceType, AuthorizationContextParamsAction } from '../authorization-api-client';
 import { AuthorizationForbiddenLoggableException } from './authorization-forbidden.loggable-exception';
-import { Action, AuthorizationBodyParamsReferenceType } from '../authorization-api-client';
 
 describe('AuthorizationForbiddenLoggableException', () => {
 	describe('getLogMessage', () => {
 		const setup = () => {
 			const params = {
 				context: {
-					action: Action.READ,
+					action: AuthorizationContextParamsAction.READ,
 					requiredPermissions: [],
 				},
 				referenceType: AuthorizationBodyParamsReferenceType.COURSES,