From 3c073bad6e65d7f07e7fee4b1cbc9ecbacf3b9ad Mon Sep 17 00:00:00 2001
From: IrynaMatveieva <irina.m2004@icloud.com>
Date: Wed, 6 Nov 2024 11:11:34 +0200
Subject: [PATCH] removed authority customer user for endpoints

---
 .../server/controller/CalculatedFieldController.java         | 4 ++--
 .../server/dao/device/DeviceProfileServiceImpl.java          | 4 ++--
 .../server/dao/service/AssetProfileServiceTest.java          | 1 +
 .../server/dao/service/DeviceProfileServiceTest.java         | 5 +----
 4 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/CalculatedFieldController.java b/application/src/main/java/org/thingsboard/server/controller/CalculatedFieldController.java
index b3f2c018cb..78331e61b4 100644
--- a/application/src/main/java/org/thingsboard/server/controller/CalculatedFieldController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/CalculatedFieldController.java
@@ -57,7 +57,7 @@ public class CalculatedFieldController extends BaseController {
                     "Referencing non-existing Calculated Field Id will cause 'Not Found' error. " +
                     "Remove 'id', 'tenantId' from the request body example (below) to create new Calculated Field entity. "
                     + TENANT_OR_CUSTOMER_AUTHORITY_PARAGRAPH)
-    @PreAuthorize("hasAnyAuthority('TENANT_ADMIN', 'CUSTOMER_USER')")
+    @PreAuthorize("hasAnyAuthority('TENANT_ADMIN')")
     @RequestMapping(value = "/calculatedField", method = RequestMethod.POST)
     @ResponseBody
     public CalculatedField saveCalculatedField(@io.swagger.v3.oas.annotations.parameters.RequestBody(description = "A JSON value representing the calculated field.")
@@ -70,7 +70,7 @@ public class CalculatedFieldController extends BaseController {
     @ApiOperation(value = "Get Calculated Field (getCalculatedFieldById)",
             notes = "Fetch the Calculated Field object based on the provided Calculated Field Id."
     )
-    @PreAuthorize("hasAnyAuthority('TENANT_ADMIN', 'CUSTOMER_USER')")
+    @PreAuthorize("hasAnyAuthority('TENANT_ADMIN')")
     @RequestMapping(value = "/calculatedField/{calculatedFieldId}", method = RequestMethod.GET)
     @ResponseBody
     public CalculatedField getCalculatedFieldById(@Parameter @PathVariable(CALCULATED_FIELD_ID) String strCalculatedFieldId) throws ThingsboardException {
diff --git a/dao/src/main/java/org/thingsboard/server/dao/device/DeviceProfileServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/device/DeviceProfileServiceImpl.java
index ec68562f5d..09e2be01e0 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/device/DeviceProfileServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/device/DeviceProfileServiceImpl.java
@@ -230,8 +230,8 @@ public class DeviceProfileServiceImpl extends CachedVersionedEntityService<Devic
         if (deviceProfile == null) {
             return;
         }
-        if (!force && entityViewService.existsByTenantIdAndEntityId(tenantId, id)) {
-            throw new DataValidationException("Can't delete device that has entity views!");
+        if (!force && deviceProfile.isDefault()) {
+            throw new DataValidationException("Deletion of Default Device Profile is prohibited!");
         }
         removeDeviceProfile(tenantId, deviceProfile);
     }
diff --git a/dao/src/test/java/org/thingsboard/server/dao/service/AssetProfileServiceTest.java b/dao/src/test/java/org/thingsboard/server/dao/service/AssetProfileServiceTest.java
index 17601aa395..7271a0fc8a 100644
--- a/dao/src/test/java/org/thingsboard/server/dao/service/AssetProfileServiceTest.java
+++ b/dao/src/test/java/org/thingsboard/server/dao/service/AssetProfileServiceTest.java
@@ -380,4 +380,5 @@ public class AssetProfileServiceTest extends AbstractServiceTest {
         assertThat(assetProfileInfos).isEqualTo(expected);
     }
 
+
 }
diff --git a/dao/src/test/java/org/thingsboard/server/dao/service/DeviceProfileServiceTest.java b/dao/src/test/java/org/thingsboard/server/dao/service/DeviceProfileServiceTest.java
index d99eaa2cea..aa14e20151 100644
--- a/dao/src/test/java/org/thingsboard/server/dao/service/DeviceProfileServiceTest.java
+++ b/dao/src/test/java/org/thingsboard/server/dao/service/DeviceProfileServiceTest.java
@@ -31,11 +31,9 @@ import org.thingsboard.server.common.data.DeviceProfileInfo;
 import org.thingsboard.server.common.data.DeviceTransportType;
 import org.thingsboard.server.common.data.EntityInfo;
 import org.thingsboard.server.common.data.OtaPackage;
-import org.thingsboard.server.common.data.calculated_field.CalculatedField;
 import org.thingsboard.server.common.data.ota.ChecksumAlgorithm;
 import org.thingsboard.server.common.data.page.PageData;
 import org.thingsboard.server.common.data.page.PageLink;
-import org.thingsboard.server.dao.calculated_field.CalculatedFieldService;
 import org.thingsboard.server.dao.device.DeviceProfileService;
 import org.thingsboard.server.dao.device.DeviceService;
 import org.thingsboard.server.dao.exception.DataValidationException;
@@ -51,7 +49,6 @@ import java.util.concurrent.Executors;
 import java.util.stream.Collectors;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.thingsboard.server.common.data.ota.OtaPackageType.FIRMWARE;
 
 @DaoSqlTest
@@ -400,7 +397,7 @@ public class DeviceProfileServiceTest extends AbstractServiceTest {
 
 
         var profileA = deviceProfileService.saveDeviceProfile(
-                createDeviceProfile(tenantId, "profile A"));
+                    createDeviceProfile(tenantId, "profile A"));
         deviceProfiles.add(deviceProfileService.saveDeviceProfile(profileA));