introduces agent+guest role for role-system around debitor+partner
This commit is contained in:
Michael Hoennig
27
src/test/java/net/hostsharing/hsadminng/StringTemplater.java
Normal file
27
src/test/java/net/hostsharing/hsadminng/StringTemplater.java
Normal file
@@ -0,0 +1,27 @@
|
||||
package net.hostsharing.hsadminng;
|
||||
|
||||
import lombok.experimental.UtilityClass;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.util.Map;
|
||||
|
||||
import static liquibase.repackaged.org.apache.commons.text.StringSubstitutor.replace;
|
||||
import static org.apache.commons.lang3.StringUtils.stripEnd;
|
||||
|
||||
@UtilityClass
|
||||
public class StringTemplater {
|
||||
|
||||
@SafeVarargs
|
||||
public static String indentedMultilineTemplate(final String template, final Map.Entry<String, String>... properties) {
|
||||
return stripEnd(replace(template, Map.ofEntries(properties)).indent(4), null);
|
||||
}
|
||||
|
||||
public static Map.Entry<String, String> property(final String name, final String value) {
|
||||
return Map.entry(name, value);
|
||||
}
|
||||
|
||||
public static Map.Entry<String, String> property(final String name, @NotNull final Object value) {
|
||||
return Map.entry(name, value.toString());
|
||||
}
|
||||
|
||||
}
|
||||
@@ -110,7 +110,8 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTest {
|
||||
initialRoleNames,
|
||||
"hs_office_bankaccount#sometempaccC.owner",
|
||||
"hs_office_bankaccount#sometempaccC.admin",
|
||||
"hs_office_bankaccount#sometempaccC.tenant"
|
||||
"hs_office_bankaccount#sometempaccC.tenant",
|
||||
"hs_office_bankaccount#sometempaccC.guest"
|
||||
));
|
||||
assertThat(grantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted(
|
||||
initialGrantNames,
|
||||
@@ -120,8 +121,10 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTest {
|
||||
|
||||
"{ grant role hs_office_bankaccount#sometempaccC.admin to role hs_office_bankaccount#sometempaccC.owner by system and assume }",
|
||||
|
||||
"{ grant perm view on hs_office_bankaccount#sometempaccC to role hs_office_bankaccount#sometempaccC.tenant by system and assume }",
|
||||
"{ grant role hs_office_bankaccount#sometempaccC.tenant to role hs_office_bankaccount#sometempaccC.admin by system and assume }",
|
||||
|
||||
"{ grant perm view on hs_office_bankaccount#sometempaccC to role hs_office_bankaccount#sometempaccC.guest by system and assume }",
|
||||
"{ grant role hs_office_bankaccount#sometempaccC.guest to role hs_office_bankaccount#sometempaccC.tenant by system and assume }",
|
||||
null
|
||||
));
|
||||
}
|
||||
@@ -258,9 +261,9 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTest {
|
||||
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
|
||||
final var givenBankAccount = givenSomeTemporaryBankAccount("selfregistered-user-drew@hostsharing.org");
|
||||
assertThat(rawRoleRepo.findAll().size()).as("unexpected number of roles created")
|
||||
.isEqualTo(initialRoleNames.size() + 3);
|
||||
.isEqualTo(initialRoleNames.size() + 4);
|
||||
assertThat(rawGrantRepo.findAll().size()).as("unexpected number of grants created")
|
||||
.isEqualTo(initialGrantNames.size() + 6);
|
||||
.isEqualTo(initialGrantNames.size() + 7);
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
|
||||
@@ -112,7 +112,8 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
initialRoleNames,
|
||||
"hs_office_contact#anothernewcontact.owner",
|
||||
"hs_office_contact#anothernewcontact.admin",
|
||||
"hs_office_contact#anothernewcontact.tenant"
|
||||
"hs_office_contact#anothernewcontact.tenant",
|
||||
"hs_office_contact#anothernewcontact.guest"
|
||||
));
|
||||
assertThat(grantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.from(
|
||||
initialGrantNames,
|
||||
@@ -121,7 +122,8 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
"{ grant role hs_office_contact#anothernewcontact.tenant to role hs_office_contact#anothernewcontact.admin by system and assume }",
|
||||
"{ grant perm * on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.owner by system and assume }",
|
||||
"{ grant role hs_office_contact#anothernewcontact.admin to role hs_office_contact#anothernewcontact.owner by system and assume }",
|
||||
"{ grant perm view on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.tenant by system and assume }",
|
||||
"{ grant perm view on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.guest by system and assume }",
|
||||
"{ grant role hs_office_contact#anothernewcontact.guest to role hs_office_contact#anothernewcontact.tenant by system and assume }",
|
||||
"{ grant role hs_office_contact#anothernewcontact.owner to user selfregistered-user-drew@hostsharing.org by global#global.admin and assume }"
|
||||
));
|
||||
}
|
||||
|
||||
@@ -99,7 +99,13 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTest {
|
||||
// given
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
|
||||
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
|
||||
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll()).stream()
|
||||
.map(s -> s.replace("superuser-alex@hostsharing.net", "superuser-alex"))
|
||||
.map(s -> s.replace("20002Fourthe.G.-forthcontact", "FeG"))
|
||||
.map(s -> s.replace("Fourthe.G.-forthcontact", "FeG"))
|
||||
.map(s -> s.replace("forthcontact", "4th"))
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.toList();
|
||||
|
||||
// when
|
||||
attempt(em, () -> {
|
||||
@@ -117,26 +123,44 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTest {
|
||||
// then
|
||||
assertThat(roleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from(
|
||||
initialRoleNames,
|
||||
"hs_office_debitor#20002Fourthe.G.-forthcontact.admin",
|
||||
"hs_office_debitor#20002Fourthe.G.-forthcontact.owner",
|
||||
"hs_office_debitor#20002Fourthe.G.-forthcontact.tenant"));
|
||||
assertThat(grantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted(
|
||||
initialGrantNames,
|
||||
"{ grant perm * on hs_office_debitor#20002Fourthe.G.-forthcontact to role hs_office_debitor#20002Fourthe.G.-forthcontact.owner by system and assume }",
|
||||
"{ grant role hs_office_debitor#20002Fourthe.G.-forthcontact.owner to role global#global.admin by system and assume }",
|
||||
"hs_office_debitor#20002Fourthe.G.-forthcontact.admin",
|
||||
"hs_office_debitor#20002Fourthe.G.-forthcontact.agent",
|
||||
"hs_office_debitor#20002Fourthe.G.-forthcontact.tenant",
|
||||
"hs_office_debitor#20002Fourthe.G.-forthcontact.guest"));
|
||||
assertThat(grantDisplaysOf(rawGrantRepo.findAll()))
|
||||
.map(s -> s.replace("superuser-alex@hostsharing.net", "superuser-alex"))
|
||||
.map(s -> s.replace("20002Fourthe.G.-forthcontact", "FeG"))
|
||||
.map(s -> s.replace("Fourthe.G.-forthcontact", "FeG"))
|
||||
.map(s -> s.replace("forthcontact", "4th"))
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.containsExactlyInAnyOrder(Array.fromFormatted(
|
||||
initialGrantNames,
|
||||
// owner
|
||||
"{ grant perm * on debitor#FeG to role debitor#FeG.owner by system and assume }",
|
||||
"{ grant role debitor#FeG.owner to role global#global.admin by system and assume }",
|
||||
"{ grant role debitor#FeG.owner to user superuser-alex by global#global.admin and assume }",
|
||||
|
||||
"{ grant role hs_office_debitor#20002Fourthe.G.-forthcontact.admin to role hs_office_debitor#20002Fourthe.G.-forthcontact.owner by system and assume }",
|
||||
"{ grant role hs_office_debitor#20002Fourthe.G.-forthcontact.admin to role hs_office_partner#Fourthe.G.-forthcontact.admin by system and assume }",
|
||||
"{ grant role hs_office_debitor#20002Fourthe.G.-forthcontact.admin to role hs_office_person#Fourthe.G..admin by system and assume }",
|
||||
"{ grant role hs_office_debitor#20002Fourthe.G.-forthcontact.admin to role hs_office_contact#forthcontact.admin by system and assume }",
|
||||
"{ grant role hs_office_contact#forthcontact.tenant to role hs_office_debitor#20002Fourthe.G.-forthcontact.admin by system and assume }",
|
||||
"{ grant role hs_office_partner#Fourthe.G.-forthcontact.tenant to role hs_office_debitor#20002Fourthe.G.-forthcontact.admin by system and assume }",
|
||||
"{ grant role hs_office_person#Fourthe.G..tenant to role hs_office_debitor#20002Fourthe.G.-forthcontact.admin by system and assume }",
|
||||
"{ grant role hs_office_debitor#20002Fourthe.G.-forthcontact.tenant to role hs_office_debitor#20002Fourthe.G.-forthcontact.admin by system and assume }",
|
||||
// admin
|
||||
"{ grant perm edit on debitor#FeG to role debitor#FeG.admin by system and assume }",
|
||||
"{ grant role debitor#FeG.admin to role debitor#FeG.owner by system and assume }",
|
||||
|
||||
"{ grant perm view on hs_office_debitor#20002Fourthe.G.-forthcontact to role hs_office_debitor#20002Fourthe.G.-forthcontact.tenant by system and assume }",
|
||||
// agent
|
||||
"{ grant role debitor#FeG.agent to role debitor#FeG.admin by system and assume }",
|
||||
"{ grant role debitor#FeG.agent to role contact#4th.admin by system and assume }",
|
||||
"{ grant role debitor#FeG.agent to role partner#FeG.admin by system and assume }",
|
||||
|
||||
null));
|
||||
// tenant
|
||||
"{ grant role contact#4th.guest to role debitor#FeG.tenant by system and assume }",
|
||||
"{ grant role debitor#FeG.tenant to role debitor#FeG.agent by system and assume }",
|
||||
"{ grant role debitor#FeG.tenant to role partner#FeG.agent by system and assume }",
|
||||
"{ grant role partner#FeG.tenant to role debitor#FeG.tenant by system and assume }",
|
||||
|
||||
// guest
|
||||
"{ grant perm view on debitor#FeG to role debitor#FeG.guest by system and assume }",
|
||||
"{ grant role debitor#FeG.guest to role debitor#FeG.tenant by system and assume }",
|
||||
|
||||
null));
|
||||
}
|
||||
|
||||
private void assertThatDebitorIsPersisted(final HsOfficeDebitorEntity saved) {
|
||||
@@ -247,6 +271,9 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTest {
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net");
|
||||
givenDebitor.setBillingContact(rawReference(givenNewContact));
|
||||
// TODO.test: also test update of partner+bankAccount
|
||||
// givenDebitor.setPartner(rawReference(givenNewPartner));
|
||||
// givenDebitor.setRefundBankAccount(rawReference(givenNewBankAccount));
|
||||
givenDebitor.setVatId(givenNewVatId);
|
||||
givenDebitor.setVatCountryCode(givenNewVatCountryCode);
|
||||
givenDebitor.setVatBusiness(givenNewVatBusiness);
|
||||
@@ -390,9 +417,9 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTest {
|
||||
final var initialGrantNames = Array.from(grantDisplaysOf(rawGrantRepo.findAll()));
|
||||
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "twelfth");
|
||||
assertThat(rawRoleRepo.findAll().size()).as("precondition failed: unexpected number of roles created")
|
||||
.isEqualTo(initialRoleNames.length + 3);
|
||||
.isEqualTo(initialRoleNames.length + 5);
|
||||
assertThat(rawGrantRepo.findAll().size()).as("precondition failed: unexpected number of grants created")
|
||||
.isEqualTo(initialGrantNames.length + 11);
|
||||
.isEqualTo(initialGrantNames.length + 14);
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
|
||||
@@ -96,7 +96,11 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
// given
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
|
||||
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
|
||||
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll()).stream()
|
||||
.map(s -> s.replace("ErbenBesslerMelBessler", "EBess"))
|
||||
.map(s -> s.replace("forthcontact", "4th"))
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.toList();
|
||||
|
||||
// when
|
||||
attempt(em, () -> {
|
||||
@@ -114,20 +118,40 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
assertThat(roleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from(
|
||||
initialRoleNames,
|
||||
"hs_office_partner#ErbenBesslerMelBessler-forthcontact.admin",
|
||||
"hs_office_partner#ErbenBesslerMelBessler-forthcontact.agent",
|
||||
"hs_office_partner#ErbenBesslerMelBessler-forthcontact.owner",
|
||||
"hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant"));
|
||||
assertThat(grantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.from(
|
||||
initialGrantNames,
|
||||
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.owner to role global#global.admin by system and assume }",
|
||||
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant to role hs_office_contact#forthcontact.admin by system and assume }",
|
||||
"{ grant perm edit on hs_office_partner#ErbenBesslerMelBessler-forthcontact to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.admin by system and assume }",
|
||||
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.admin by system and assume }",
|
||||
"{ grant perm * on hs_office_partner#ErbenBesslerMelBessler-forthcontact to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.owner by system and assume }",
|
||||
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.admin to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.owner by system and assume }",
|
||||
"{ grant perm view on hs_office_partner#ErbenBesslerMelBessler-forthcontact to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant by system and assume }",
|
||||
"{ grant role hs_office_contact#forthcontact.tenant to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant by system and assume }",
|
||||
"{ grant role hs_office_person#ErbenBesslerMelBessler.tenant to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant by system and assume }",
|
||||
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant to role hs_office_person#ErbenBesslerMelBessler.admin by system and assume }"));
|
||||
"hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant",
|
||||
"hs_office_partner#ErbenBesslerMelBessler-forthcontact.guest"));
|
||||
assertThat(grantDisplaysOf(rawGrantRepo.findAll()))
|
||||
.map(s -> s.replace("ErbenBesslerMelBessler", "EBess"))
|
||||
.map(s -> s.replace("forthcontact", "4th"))
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.containsExactlyInAnyOrder(Array.fromFormatted(
|
||||
initialGrantNames,
|
||||
// owner
|
||||
"{ grant perm * on partner#EBess-4th to role partner#EBess-4th.owner by system and assume }",
|
||||
"{ grant role partner#EBess-4th.owner to role global#global.admin by system and assume }",
|
||||
|
||||
// admin
|
||||
"{ grant perm edit on partner#EBess-4th to role partner#EBess-4th.admin by system and assume }",
|
||||
"{ grant role partner#EBess-4th.admin to role partner#EBess-4th.owner by system and assume }",
|
||||
"{ grant role person#EBess.tenant to role partner#EBess-4th.admin by system and assume }",
|
||||
"{ grant role contact#4th.tenant to role partner#EBess-4th.admin by system and assume }",
|
||||
|
||||
// agent
|
||||
"{ grant role partner#EBess-4th.agent to role partner#EBess-4th.admin by system and assume }",
|
||||
"{ grant role partner#EBess-4th.agent to role person#EBess.admin by system and assume }",
|
||||
"{ grant role partner#EBess-4th.agent to role contact#4th.admin by system and assume }",
|
||||
|
||||
// tenant
|
||||
"{ grant role partner#EBess-4th.tenant to role partner#EBess-4th.agent by system and assume }",
|
||||
"{ grant role person#EBess.guest to role partner#EBess-4th.tenant by system and assume }",
|
||||
"{ grant role contact#4th.guest to role partner#EBess-4th.tenant by system and assume }",
|
||||
|
||||
// guest
|
||||
"{ grant perm view on partner#EBess-4th to role partner#EBess-4th.guest by system and assume }",
|
||||
"{ grant role partner#EBess-4th.guest to role partner#EBess-4th.tenant by system and assume }",
|
||||
null));
|
||||
}
|
||||
|
||||
private void assertThatPartnerIsPersisted(final HsOfficePartnerEntity saved) {
|
||||
|
||||
@@ -110,7 +110,8 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
initialRoleNames,
|
||||
"hs_office_person#anothernewperson.owner",
|
||||
"hs_office_person#anothernewperson.admin",
|
||||
"hs_office_person#anothernewperson.tenant"
|
||||
"hs_office_person#anothernewperson.tenant",
|
||||
"hs_office_person#anothernewperson.guest"
|
||||
));
|
||||
assertThat(grantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(
|
||||
Array.from(
|
||||
@@ -120,7 +121,8 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
"{ grant role hs_office_person#anothernewperson.tenant to role hs_office_person#anothernewperson.admin by system and assume }",
|
||||
"{ grant perm * on hs_office_person#anothernewperson to role hs_office_person#anothernewperson.owner by system and assume }",
|
||||
"{ grant role hs_office_person#anothernewperson.admin to role hs_office_person#anothernewperson.owner by system and assume }",
|
||||
"{ grant perm view on hs_office_person#anothernewperson to role hs_office_person#anothernewperson.tenant by system and assume }",
|
||||
"{ grant perm view on hs_office_person#anothernewperson to role hs_office_person#anothernewperson.guest by system and assume }",
|
||||
"{ grant role hs_office_person#anothernewperson.guest to role hs_office_person#anothernewperson.tenant by system and assume }",
|
||||
"{ grant role hs_office_person#anothernewperson.owner to user selfregistered-user-drew@hostsharing.org by global#global.admin and assume }"
|
||||
));
|
||||
}
|
||||
|
||||
@@ -135,6 +135,7 @@ class HsOfficeRelationshipRepositoryIntegrationTest extends ContextBasedTest {
|
||||
"{ grant role hs_office_relationship#BesslerAnita-with-JOINT_AGENT-BesslerAnita.tenant to role hs_office_contact#forthcontact.admin by system and assume }",
|
||||
"{ grant role hs_office_relationship#BesslerAnita-with-JOINT_AGENT-BesslerAnita.tenant to role hs_office_person#BesslerAnita.admin by system and assume }",
|
||||
|
||||
"{ grant role hs_office_relationship#BesslerAnita-with-JOINT_AGENT-BesslerAnita.tenant to role hs_office_relationship#BesslerAnita-with-JOINT_AGENT-BesslerAnita.admin by system and assume }",
|
||||
"{ grant role hs_office_contact#forthcontact.tenant to role hs_office_relationship#BesslerAnita-with-JOINT_AGENT-BesslerAnita.tenant by system and assume }",
|
||||
"{ grant role hs_office_person#BesslerAnita.tenant to role hs_office_relationship#BesslerAnita-with-JOINT_AGENT-BesslerAnita.tenant by system and assume }",
|
||||
null)
|
||||
@@ -353,7 +354,7 @@ class HsOfficeRelationshipRepositoryIntegrationTest extends ContextBasedTest {
|
||||
assertThat(rawRoleRepo.findAll().size()).as("unexpected number of roles created")
|
||||
.isEqualTo(initialRoleNames.length + 3);
|
||||
assertThat(rawGrantRepo.findAll().size()).as("unexpected number of grants created")
|
||||
.isEqualTo(initialGrantNames.length + 12);
|
||||
.isEqualTo(initialGrantNames.length + 13);
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
|
||||
Reference in New Issue
Block a user