improve test code coverage
This commit is contained in:
Michael Hoennig
@ -3,6 +3,7 @@ package net.hostsharing.hsadminng.hs.hscustomer;
|
||||
import net.hostsharing.hsadminng.context.Context;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.api.CustomersApi;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.model.CustomerResource;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
@ -33,7 +34,7 @@ public class CustomerController implements CustomersApi {
|
||||
String prefix
|
||||
) {
|
||||
context.setCurrentUser(userName);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
if (!StringUtils.isBlank(assumedRoles)) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
|
||||
@ -51,7 +52,7 @@ public class CustomerController implements CustomersApi {
|
||||
|
||||
context.setCurrentTask("create new customer: #" + customer.getReference() + " / " + customer.getPrefix());
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
if (!StringUtils.isBlank(assumedRoles)) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
if (customer.getUuid() == null) {
|
||||
@ -62,7 +63,7 @@ public class CustomerController implements CustomersApi {
|
||||
|
||||
final var uri =
|
||||
MvcUriComponentsBuilder.fromController(getClass())
|
||||
.path("/api/rbac-users/{id}")
|
||||
.path("/api/customers/{id}")
|
||||
.buildAndExpand(customer.getUuid())
|
||||
.toUri();
|
||||
return ResponseEntity.created(uri).body(map(saved, CustomerResource.class));
|
||||
|
||||
@ -5,6 +5,7 @@ import net.hostsharing.hsadminng.context.Context;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.api.PackagesApi;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.model.PackageResource;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.model.PackageUpdateResource;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
@ -33,7 +34,7 @@ public class PackageController implements PackagesApi {
|
||||
String name
|
||||
) {
|
||||
context.setCurrentUser(userName);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
if (!StringUtils.isBlank(assumedRoles)) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
final var result = packageRepository.findAllByOptionalNameLike(name);
|
||||
@ -49,7 +50,7 @@ public class PackageController implements PackagesApi {
|
||||
final PackageUpdateResource body) {
|
||||
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
if (!StringUtils.isBlank(assumedRoles)) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
final var current = packageRepository.findByUuid(packageUuid);
|
||||
|
||||
@ -3,6 +3,7 @@ package net.hostsharing.hsadminng.rbac.rbacgrant;
|
||||
import net.hostsharing.hsadminng.context.Context;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.api.RbacgrantsApi;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.model.RbacGrantResource;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
@ -38,7 +39,7 @@ public class RbacGrantController implements RbacgrantsApi {
|
||||
final UUID granteeUserUuid) {
|
||||
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
if (!StringUtils.isBlank(assumedRoles)) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
|
||||
@ -57,7 +58,7 @@ public class RbacGrantController implements RbacgrantsApi {
|
||||
final String assumedRoles) {
|
||||
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
if (!StringUtils.isBlank(assumedRoles)) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
return ResponseEntity.ok(mapList(rbacGrantRepository.findAll(), RbacGrantResource.class));
|
||||
@ -72,7 +73,7 @@ public class RbacGrantController implements RbacgrantsApi {
|
||||
|
||||
context.setCurrentTask("granting role to user");
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
if (!StringUtils.isBlank(assumedRoles)) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
|
||||
@ -98,7 +99,7 @@ public class RbacGrantController implements RbacgrantsApi {
|
||||
|
||||
context.setCurrentTask("revoking role from user");
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
if (!StringUtils.isBlank(assumedRoles)) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
|
||||
|
||||
@ -3,6 +3,7 @@ package net.hostsharing.hsadminng.rbac.rbacrole;
|
||||
import net.hostsharing.hsadminng.context.Context;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.api.RbacrolesApi;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.model.RbacRoleResource;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
@ -29,7 +30,7 @@ public class RbacRoleController implements RbacrolesApi {
|
||||
final String assumedRoles) {
|
||||
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
if (!StringUtils.isBlank(assumedRoles)) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
return ResponseEntity.ok(mapList(rbacRoleRepository.findAll(), RbacRoleResource.class));
|
||||
|
||||
@ -2,8 +2,11 @@ package net.hostsharing.hsadminng.rbac.rbacuser;
|
||||
|
||||
import net.hostsharing.hsadminng.context.Context;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.api.RbacusersApi;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.model.RbacGrantResource;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.model.RbacUserPermissionResource;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.model.RbacUserResource;
|
||||
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantId;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
@ -28,7 +31,7 @@ public class RbacUserController implements RbacusersApi {
|
||||
@Override
|
||||
@Transactional
|
||||
public ResponseEntity<RbacUserResource> createUser(
|
||||
@RequestBody final RbacUserResource body
|
||||
final RbacUserResource body
|
||||
) {
|
||||
context.setCurrentTask("creating new user: " + body.getName());
|
||||
context.setCurrentUser(body.getName());
|
||||
@ -47,22 +50,33 @@ public class RbacUserController implements RbacusersApi {
|
||||
}
|
||||
|
||||
@Override
|
||||
public ResponseEntity<List<RbacUserPermissionResource>> getUserById(
|
||||
@Transactional(readOnly = true)
|
||||
public ResponseEntity<RbacUserResource> getUserById(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final String userName) {
|
||||
return null; // TODO implement getUserById
|
||||
final UUID userUuid) {
|
||||
|
||||
context.setCurrentUser(currentUser);
|
||||
if (!StringUtils.isBlank(assumedRoles)) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
|
||||
final var result = rbacUserRepository.findByUuid(userUuid);
|
||||
if (result == null) {
|
||||
return ResponseEntity.notFound().build();
|
||||
}
|
||||
return ResponseEntity.ok(map(result, RbacUserResource.class));
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
public ResponseEntity<List<RbacUserResource>> listUsers(
|
||||
@RequestHeader(name = "current-user") final String currentUserName,
|
||||
@RequestHeader(name = "assumed-roles", required = false) final String assumedRoles,
|
||||
@RequestParam(name = "name", required = false) final String userName
|
||||
final String currentUserName,
|
||||
final String assumedRoles,
|
||||
final String userName
|
||||
) {
|
||||
context.setCurrentUser(currentUserName);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
if (!StringUtils.isBlank(assumedRoles)) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
return ResponseEntity.ok(mapList(rbacUserRepository.findByOptionalNameLike(userName), RbacUserResource.class));
|
||||
@ -71,14 +85,14 @@ public class RbacUserController implements RbacusersApi {
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
public ResponseEntity<List<RbacUserPermissionResource>> listUserPermissions(
|
||||
@RequestHeader(name = "current-user") final String currentUserName,
|
||||
@RequestHeader(name = "assumed-roles", required = false) final String assumedRoles,
|
||||
@PathVariable(name = "userName") final String userName
|
||||
final String currentUserName,
|
||||
final String assumedRoles,
|
||||
final UUID userUuid
|
||||
) {
|
||||
context.setCurrentUser(currentUserName);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
if (!StringUtils.isBlank(assumedRoles)) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
return ResponseEntity.ok(mapList(rbacUserRepository.findPermissionsOfUser(userName), RbacUserPermissionResource.class));
|
||||
return ResponseEntity.ok(mapList(rbacUserRepository.findPermissionsOfUserByUuid(userUuid), RbacUserPermissionResource.class));
|
||||
}
|
||||
}
|
||||
|
||||
@ -22,8 +22,8 @@ public interface RbacUserRepository extends Repository<RbacUserEntity, UUID> {
|
||||
|
||||
RbacUserEntity findByUuid(UUID uuid);
|
||||
|
||||
@Query(value = "select * from grantedPermissions(:userName)", nativeQuery = true)
|
||||
List<RbacUserPermission> findPermissionsOfUser(String userName);
|
||||
@Query(value = "select * from grantedPermissions(:userUuid)", nativeQuery = true)
|
||||
List<RbacUserPermission> findPermissionsOfUserByUuid(UUID userUuid);
|
||||
|
||||
/*
|
||||
Can't use save/saveAndFlush from SpringData because the uuid is not generated on the entity level,
|
||||
|
||||
@ -13,12 +13,12 @@ paths:
|
||||
/api/rbac-users:
|
||||
$ref: "./api-definition/rbac-users.yaml"
|
||||
|
||||
/api/rbac-users/{userUuid}:
|
||||
$ref: "./api-definition/rbac-users-with-id.yaml"
|
||||
|
||||
/api/rbac-users/{userUuid}/permissions:
|
||||
$ref: "./api-definition/rbac-users-with-id-permissions.yaml"
|
||||
|
||||
/api/rbac-users/{userUuid}:
|
||||
$ref: "./api-definition/rbac-users-with-id.yaml"
|
||||
|
||||
/api/rbac-roles:
|
||||
$ref: "./api-definition/rbac-roles.yaml"
|
||||
|
||||
|
||||
@ -6,11 +6,12 @@ get:
|
||||
parameters:
|
||||
- $ref: './api-definition/auth.yaml#/components/parameters/currentUser'
|
||||
- $ref: './api-definition/auth.yaml#/components/parameters/assumedRoles'
|
||||
- name: userName
|
||||
- name: userUuid
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: string
|
||||
format: uuid
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
|
||||
@ -6,20 +6,19 @@ get:
|
||||
parameters:
|
||||
- $ref: './api-definition/auth.yaml#/components/parameters/currentUser'
|
||||
- $ref: './api-definition/auth.yaml#/components/parameters/assumedRoles'
|
||||
- name: userName
|
||||
- name: userUuid
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: string
|
||||
format: uuid
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
content:
|
||||
'application/json':
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
$ref: './api-definition/rbac-user-schemas.yaml#/components/schemas/RbacUserPermission'
|
||||
$ref: './api-definition/rbac-user-schemas.yaml#/components/schemas/RbacUser'
|
||||
|
||||
"401":
|
||||
$ref: './api-definition/error-responses.yaml#/components/responses/Unauthorized'
|
||||
|
||||
@ -205,24 +205,18 @@ grant all privileges on RbacOwnGrantedPermissions_rv to restricted;
|
||||
|
||||
|
||||
*/
|
||||
create or replace function grantedPermissions(userName varchar)
|
||||
create or replace function grantedPermissions(targetUserUuid uuid)
|
||||
returns table(roleUuid uuid, roleName text, permissionUuid uuid, op RbacOp, objectTable varchar, objectIdName varchar, objectUuid uuid)
|
||||
returns null on null input
|
||||
language plpgsql as $$
|
||||
declare
|
||||
targetUserId uuid;
|
||||
currentUserId uuid;
|
||||
begin
|
||||
-- @formatter:off
|
||||
if cardinality(assumedRoles()) > 0 then
|
||||
raise exception '[400] grantedPermissions(...) does not support assumed roles';
|
||||
end if;
|
||||
|
||||
targetUserId := findRbacUserId(userName);
|
||||
currentUserId := currentUserId();
|
||||
|
||||
if hasGlobalRoleGranted(targetUserId) and not hasGlobalRoleGranted(currentUserId) then
|
||||
raise exception '[403] permissions of user "%" are not accessible to user "%"', userName, currentUser();
|
||||
if hasGlobalRoleGranted(targetUserUuid) and not hasGlobalRoleGranted(currentUserId) then
|
||||
raise exception '[403] permissions of user "%" are not accessible to user "%"', targetUserUuid, currentUser();
|
||||
end if;
|
||||
|
||||
return query select
|
||||
@ -235,12 +229,12 @@ begin
|
||||
p.uuid as permissionUuid, p.op, po.objecttable as permissionObjectTable,
|
||||
findIdNameByObjectUuid(po.objectTable, po.uuid) as permissionObjectIdName,
|
||||
po.uuid as permissionObjectUuid
|
||||
from queryPermissionsGrantedToSubjectId( targetUserId) as p
|
||||
from queryPermissionsGrantedToSubjectId( targetUserUuid) as p
|
||||
join rbacgrants as g on g.descendantUuid = p.uuid
|
||||
join rbacobject as po on po.uuid = p.objectUuid
|
||||
join rbacrole_rv as r on r.uuid = g.ascendantUuid
|
||||
join rbacobject as ro on ro.uuid = r.objectUuid
|
||||
where isGranted(targetUserId, r.uuid)
|
||||
where isGranted(targetUserUuid, r.uuid)
|
||||
) xp;
|
||||
-- @formatter:on
|
||||
end; $$;
|
||||
|
||||
Reference in New Issue
Block a user