hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

introduce separate database-schemas base+rbac (#103)

Browse Source 
Co-authored-by: Michael Hoennig <michael@hoennig.de>
Co-authored-by: Michael Hönnig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/103
Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>
This commit is contained in:
Michael Hoennig
2024-09-16 15:36:37 +02:00
parent 80d79de5f4
commit 1eed0e9b21
287 changed files with 3194 additions and 3454 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java
+7 -7
View File
@@ -14,7 +14,7 @@ import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem;
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetRbacEntity;
import net.hostsharing.hsadminng.rbac.context.ContextBasedTest;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
import net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService;
import org.springframework.data.repository.Repository;
import org.springframework.web.bind.annotation.RestController;
@@ -68,11 +68,11 @@ public class ArchitectureTest {
"..mapper",
"..ping",
"..rbac",
"..rbac.rbacuser",
"..rbac.rbacgrant",
"..rbac.rbacrole",
"..rbac.rbacobject",
"..rbac.rbacdef",
"..rbac.generator",
"..rbac.subject",
"..rbac.grant",
"..rbac.role",
"..rbac.object",
"..stringify"
// ATTENTION: Don't simply add packages here, also add arch rules for the new package!
);
@@ -160,7 +160,7 @@ public class ArchitectureTest {
"..hs.booking.(*)..",
"..hs.hosting.(*)..",
"..hs.migration",
"..rbac.rbacgrant" // TODO.test: just because of RbacGrantsDiagramServiceIntegrationTest
"..rbacgrant" // TODO.test: just because of RbacGrantsDiagramServiceIntegrationTest
);
@ArchTest
src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java
+10 -10
View File
@@ -72,7 +72,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/booking/items?projectUuid=" + givenProject.getUuid())
@@ -140,7 +140,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -176,9 +176,9 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
.extract().header("Location"); // @formatter:on
// finally, the new bookingItem can be accessed under the generated UUID
final var newUserUuid = UUID.fromString(
final var newSubjectUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
assertThat(newUserUuid).isNotNull();
assertThat(newSubjectUuid).isNotNull();
}
}
@@ -198,7 +198,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/booking/items/" + givenBookingItemUuid)
@@ -232,7 +232,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/booking/items/" + givenBookingItemUuid)
@@ -250,7 +250,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:ADMIN")
.port(port)
.when()
@@ -294,7 +294,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT")
.contentType(ContentType.JSON)
.body("""
@@ -350,7 +350,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid())
@@ -369,7 +369,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerRestTest.java
+2 -2
View File
@@ -83,7 +83,7 @@ class HsBookingItemControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/booking/items")
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -133,7 +133,7 @@ class HsBookingItemControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/booking/items")
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java
+7 -7
View File
@@ -4,8 +4,8 @@ import io.hypersistence.utils.hibernate.type.range.Range;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRealRepository;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
@@ -30,8 +30,8 @@ import java.util.Map;
import static java.util.Map.entry;
import static net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType.MANAGED_SERVER;
import static net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType.MANAGED_WEBSPACE;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.mapper.Array.fromFormatted;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@@ -69,7 +69,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'caption'
from tx_journal_v
from base.tx_journal_v
where targettable = 'hs_booking_item';
""");
@@ -175,9 +175,9 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
.containsExactlyInAnyOrder(fromFormatted(
initialGrantNames,
// global-admin
// rbac.global-admin
"{ grant perm:hs_booking_item#somenewbookingitem:INSERT>hs_booking_item to role:hs_booking_item#somenewbookingitem:ADMIN by system and assume }",
"{ grant perm:hs_booking_item#somenewbookingitem:DELETE to role:global#global:ADMIN by system and assume }",
"{ grant perm:hs_booking_item#somenewbookingitem:DELETE to role:rbac.global#global:ADMIN by system and assume }",
// owner
"{ grant role:hs_booking_item#somenewbookingitem:OWNER to role:hs_booking_project#D-1000111-D-1000111defaultproject:AGENT by system and assume }",
src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java
+10 -10
View File
@@ -57,7 +57,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/booking/projects?debitorUuid=" + givenDebitor.getUuid())
@@ -88,7 +88,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -111,9 +111,9 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
.extract().header("Location"); // @formatter:on
// finally, the new bookingProject can be accessed under the generated UUID
final var newUserUuid = UUID.fromString(
final var newSubjectUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
assertThat(newUserUuid).isNotNull();
assertThat(newSubjectUuid).isNotNull();
}
}
@@ -128,7 +128,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid)
@@ -151,7 +151,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid)
@@ -167,7 +167,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "person-TuckerJack@example.com")
.header("current-subject", "person-TuckerJack@example.com")
.header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:AGENT")
.port(port)
.when()
@@ -193,7 +193,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -232,7 +232,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/booking/projects/" + givenBookingProject.getUuid())
@@ -250,7 +250,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/booking/projects/" + givenBookingProject.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java
+7 -7
View File
@@ -2,8 +2,8 @@ package net.hostsharing.hsadminng.hs.booking.project;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.booking.debitor.HsBookingDebitorRepository;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
@@ -25,8 +25,8 @@ import java.time.ZonedDateTime;
import java.util.Arrays;
import java.util.List;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.mapper.Array.fromFormatted;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@@ -64,7 +64,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'caption'
from tx_journal_v
from base.tx_journal_v
where targettable = 'hs_booking_project';
""");
@@ -161,8 +161,8 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
.containsExactlyInAnyOrder(fromFormatted(
initialGrantNames,
// global-admin
"{ grant perm:hs_booking_project#D-1000111-somenewbookingproject:DELETE to role:global#global:ADMIN by system and assume }",
// rbacgGlobal-admin
"{ grant perm:hs_booking_project#D-1000111-somenewbookingproject:DELETE to role:rbac.global#global:ADMIN by system and assume }",
// owner
"{ grant role:hs_booking_project#D-1000111-somenewbookingproject:ADMIN to role:hs_booking_project#D-1000111-somenewbookingproject:OWNER by system and assume }",
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java
+16 -16
View File
@@ -85,7 +85,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/hosting/assets?projectUuid=" + givenProject.getUuid() + "&type=MANAGED_WEBSPACE")
@@ -113,7 +113,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_hosting_asset#fir01:AGENT")
.port(port)
.when()
@@ -160,7 +160,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -217,7 +217,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_hosting_asset#vm1011:ADMIN")
.contentType(ContentType.JSON)
.body("""
@@ -247,9 +247,9 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
.extract().header("Location"); // @formatter:on
// finally, the new asset can be accessed under the generated UUID
final var newUserUuid = UUID.fromString(
final var newSubjectUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
assertThat(newUserUuid).isNotNull();
assertThat(newSubjectUuid).isNotNull();
}
@Test
@@ -271,7 +271,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -317,7 +317,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -372,7 +372,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -411,7 +411,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)
@@ -436,7 +436,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)
@@ -453,7 +453,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "person-TuckerJack@example.com")
.header("current-subject", "person-TuckerJack@example.com")
.header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:AGENT")
.port(port)
.when()
@@ -499,7 +499,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -573,7 +573,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
//.header("assumed-roles", "hs_hosting_asset#vm2001:ADMIN")
.contentType(ContentType.JSON)
.body("""
@@ -657,7 +657,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
.build());
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())
@@ -690,7 +690,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
.build());
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java
+2 -2
View File
@@ -590,7 +590,7 @@ public class HsHostingAssetControllerRestTest {
// when
final var result = mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/hosting/assets?type="+testCase.name())
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.accept(MediaType.APPLICATION_JSON))
// then
@@ -660,7 +660,7 @@ public class HsHostingAssetControllerRestTest {
// when
final var result = mockMvc.perform(MockMvcRequestBuilders
.patch("/api/hs/hosting/assets/" + givenDomainHttpSetupUuid)
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java
+8 -8
View File
@@ -5,8 +5,8 @@ import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealEntity;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealRepository;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType;
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRbacRepository;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
@@ -35,8 +35,8 @@ import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.DOMA
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.EMAIL_ADDRESS;
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_SERVER;
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_WEBSPACE;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.mapper.Array.fromFormatted;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@@ -77,7 +77,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'caption'
from tx_journal_v
from base.tx_journal_v
where targettable = 'hs_hosting_asset';
""");
@@ -200,8 +200,8 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
.containsExactlyInAnyOrder(fromFormatted(
initialGrantNames,
// global-admin
"{ grant role:hs_hosting_asset#fir00:OWNER to role:global#global:ADMIN by system }", // workaround
// rbac.global-admin
"{ grant role:hs_hosting_asset#fir00:OWNER to role:rbac.global#global:ADMIN by system }", // workaround
// owner
"{ grant role:hs_hosting_asset#fir00:OWNER to user:superuser-alex@hostsharing.net by hs_hosting_asset#fir00:OWNER and assume }",
@@ -250,7 +250,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
context("person-SmithPeter@example.com");
assertThatAssetIsPersisted(result.returnedValue());
// ... a global admin can see the new domain setup as well if the domain OWNER role is assumed
// ... a rbac.global admin can see the new domain setup as well if the domain OWNER role is assumed
context("superuser-alex@hostsharing.net", "hs_hosting_asset#example.net:OWNER"); // only works with the assumed role
assertThatAssetIsPersisted(result.returnedValue());
}
src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java
+4 -4
View File
@@ -6,7 +6,7 @@ import com.opencsv.CSVReaderBuilder;
import lombok.SneakyThrows;
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAsset;
import net.hostsharing.hsadminng.rbac.context.ContextBasedTest;
import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity;
import net.hostsharing.hsadminng.rbac.object.BaseEntity;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.junit.jupiter.api.extension.BeforeEachCallback;
import org.junit.jupiter.api.extension.ExtensionContext;
@@ -298,9 +298,9 @@ public class CsvDataImport extends ContextBasedTest {
protected void deleteFromCommonTables() {
jpaAttempt.transacted(() -> {
context(rbacSuperuser);
em.createNativeQuery("delete from rbacuser_rv where name not like 'superuser-%'").executeUpdate();
em.createNativeQuery("delete from tx_journal where true").executeUpdate();
em.createNativeQuery("delete from tx_context where true").executeUpdate();
em.createNativeQuery("delete from rbac.subject_rv where name not like 'superuser-%'").executeUpdate();
em.createNativeQuery("delete from base.tx_journal where true").executeUpdate();
em.createNativeQuery("delete from base.tx_context where true").executeUpdate();
}).assertSuccessful();
}
src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java
+11 -11
View File
@@ -54,7 +54,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/bankaccounts")
@@ -120,7 +120,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -143,9 +143,9 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
.extract().header("Location"); // @formatter:on
// finally, the new bankaccount can be accessed under the generated UUID
final var newUserUuid = UUID.fromString(
final var newSubjectUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
assertThat(newUserUuid).isNotNull();
assertThat(newSubjectUuid).isNotNull();
}
}
@@ -159,7 +159,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid)
@@ -180,7 +180,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid)
@@ -196,7 +196,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "bankaccount-admin@firstbankaccount.example.com")
.header("current-subject", "bankaccount-admin@firstbankaccount.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid)
@@ -224,7 +224,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -262,7 +262,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid())
@@ -279,7 +279,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-test-user@hostsharing.org")
.header("current-subject", "selfregistered-test-user@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid())
@@ -300,7 +300,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java
+2 -2
View File
@@ -62,7 +62,7 @@ class HsOfficeBankAccountControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/bankaccounts")
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -109,7 +109,7 @@ class HsOfficeBankAccountControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/bankaccounts")
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java
+6 -6
View File
@@ -2,8 +2,8 @@ package net.hostsharing.hsadminng.hs.office.bankaccount;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.apache.commons.lang3.RandomStringUtils;
@@ -22,8 +22,8 @@ import java.util.List;
import java.util.function.Supplier;
import static net.hostsharing.hsadminng.hs.office.bankaccount.TestHsOfficeBankAccount.hsOfficeBankAccount;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@@ -109,7 +109,7 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames,
"{ grant perm:hs_office_bankaccount#DE25500105176934832579:DELETE to role:hs_office_bankaccount#DE25500105176934832579:OWNER by system and assume }",
"{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to role:global#global:ADMIN by system and assume }",
"{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_bankaccount#DE25500105176934832579:OWNER and assume }",
"{ grant role:hs_office_bankaccount#DE25500105176934832579:ADMIN to role:hs_office_bankaccount#DE25500105176934832579:OWNER by system and assume }",
@@ -272,7 +272,7 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'iban'
from tx_journal_v
from base.tx_journal_v
where targettable = 'hs_office_bankaccount';
""");
src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java
+12 -12
View File
@@ -61,7 +61,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts")
@@ -99,7 +99,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -122,9 +122,9 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
.extract().header("Location"); // @formatter:on
// finally, the new contact can be accessed under the generated UUID
final var newUserUuid = UUID.fromString(
final var newSubjectUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
assertThat(newUserUuid).isNotNull();
assertThat(newSubjectUuid).isNotNull();
}
}
@@ -138,7 +138,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
@@ -159,7 +159,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
@@ -174,7 +174,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "contact-admin@firstcontact.example.com")
.header("current-subject", "contact-admin@firstcontact.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
@@ -206,7 +206,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -253,7 +253,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -301,7 +301,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
@@ -321,7 +321,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-test-user@hostsharing.org")
.header("current-subject", "selfregistered-test-user@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
@@ -342,7 +342,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java
+6 -6
View File
@@ -2,8 +2,8 @@ package net.hostsharing.hsadminng.hs.office.contact;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.apache.commons.lang3.RandomStringUtils;
@@ -22,8 +22,8 @@ import java.util.List;
import java.util.function.Supplier;
import static net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRbacTestEntity.hsOfficeContact;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@@ -109,7 +109,7 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC
));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames,
"{ grant role:hs_office_contact#anothernewcontact:OWNER to role:global#global:ADMIN by system and assume }",
"{ grant role:hs_office_contact#anothernewcontact:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant perm:hs_office_contact#anothernewcontact:UPDATE to role:hs_office_contact#anothernewcontact:ADMIN by system and assume }",
"{ grant role:hs_office_contact#anothernewcontact:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_contact#anothernewcontact:OWNER and assume }",
"{ grant perm:hs_office_contact#anothernewcontact:DELETE to role:hs_office_contact#anothernewcontact:OWNER by system and assume }",
@@ -257,7 +257,7 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'caption'
from tx_journal_v
from base.tx_journal_v
where targettable = 'hs_office_contact';
""");
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java
+9 -9
View File
@@ -62,7 +62,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions")
@@ -80,7 +80,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions?membershipUuid="+givenMembership.getUuid())
@@ -143,7 +143,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions?membershipUuid="
@@ -176,7 +176,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -233,7 +233,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -289,7 +289,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -329,7 +329,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off
.given().header("current-user", "superuser-alex@hostsharing.net")
.given().header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid)
@@ -352,7 +352,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off
.given().header("current-user", "selfregistered-user-drew@hostsharing.org")
.given().header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid)
@@ -370,7 +370,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-user", "person-FirstGmbH@example.com")
.header("current-subject", "person-FirstGmbH@example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid)
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerRestTest.java
+1 -1
View File
@@ -115,7 +115,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/coopassetstransactions")
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content(testCase.givenRequestBody())
.accept(MediaType.APPLICATION_JSON))
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java
+5 -5
View File
@@ -3,8 +3,8 @@ package net.hostsharing.hsadminng.hs.office.coopassets;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipRepository;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.junit.jupiter.api.AfterEach;
@@ -24,8 +24,8 @@ import java.time.LocalDate;
import java.util.Arrays;
import java.util.List;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@@ -221,7 +221,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'reference'
from tx_journal_v
from base.tx_journal_v
where targettable = 'hs_office_coopassetstransaction';
""");
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java
+9 -9
View File
@@ -69,7 +69,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopsharestransactions")
@@ -86,7 +86,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202);
RestAssured // @formatter:off
.given().header("current-user", "superuser-alex@hostsharing.net").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid()).then().log().all().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals("""
.given().header("current-subject", "superuser-alex@hostsharing.net").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid()).then().log().all().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals("""
[
{
"transactionType": "SUBSCRIPTION",
@@ -141,7 +141,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202);
RestAssured // @formatter:off
.given().header("current-user", "superuser-alex@hostsharing.net").port(port).when()
.given().header("current-subject", "superuser-alex@hostsharing.net").port(port).when()
.get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid() + "&fromValueDate=2020-01-01&toValueDate=2021-12-31").then().log().all().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals("""
[
{
@@ -166,7 +166,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
final var location = RestAssured // @formatter:off
.given().header("current-user", "superuser-alex@hostsharing.net").contentType(ContentType.JSON).body("""
.given().header("current-subject", "superuser-alex@hostsharing.net").contentType(ContentType.JSON).body("""
{
"membershipUuid": "%s",
"transactionType": "SUBSCRIPTION",
@@ -210,7 +210,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -265,7 +265,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
RestAssured // @formatter:off
.given().header("current-user", "superuser-alex@hostsharing.net").contentType(ContentType.JSON).body("""
.given().header("current-subject", "superuser-alex@hostsharing.net").contentType(ContentType.JSON).body("""
{
"membershipUuid": "%s",
"transactionType": "CANCELLATION",
@@ -293,7 +293,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off
.given().header("current-user", "superuser-alex@hostsharing.net").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid).then().log().body().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals("""
.given().header("current-subject", "superuser-alex@hostsharing.net").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid).then().log().body().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals("""
{
"transactionType": "SUBSCRIPTION"
}
@@ -306,7 +306,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off
.given().header("current-user", "selfregistered-user-drew@hostsharing.org").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid).then().log().body().assertThat().statusCode(404); // @formatter:on
.given().header("current-subject", "selfregistered-user-drew@hostsharing.org").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid).then().log().body().assertThat().statusCode(404); // @formatter:on
}
@Test
@@ -316,7 +316,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-user", "person-FirstGmbH@example.com")
.header("current-subject", "person-FirstGmbH@example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid)
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerRestTest.java
+1 -1
View File
@@ -111,7 +111,7 @@ class HsOfficeCoopSharesTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/coopsharestransactions")
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content(testCase.givenRequestBody())
.accept(MediaType.APPLICATION_JSON))
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java
+5 -5
View File
@@ -3,8 +3,8 @@ package net.hostsharing.hsadminng.hs.office.coopshares;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipRepository;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.junit.jupiter.api.AfterEach;
@@ -23,8 +23,8 @@ import java.time.LocalDate;
import java.util.Arrays;
import java.util.List;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@@ -220,7 +220,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'reference'
from tx_journal_v
from base.tx_journal_v
where targettable = 'hs_office_coopsharestransaction';
""");
src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java
+18 -18
View File
@@ -80,7 +80,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors")
@@ -235,7 +235,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors?debitorNumber=1000212")
@@ -284,7 +284,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -315,9 +315,9 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
.extract().header("Location"); // @formatter:on
// finally, the new debitor can be accessed under the generated UUID
final var newUserUuid = UUID.fromString(
final var newSubjectUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
assertThat(newUserUuid).isNotNull();
assertThat(newSubjectUuid).isNotNull();
}
@Test
@@ -329,7 +329,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -367,9 +367,9 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
.extract().header("Location"); // @formatter:on
// finally, the new debitor can be accessed under the generated UUID
final var newUserUuid = UUID.fromString(
final var newSubjectUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
assertThat(newUserUuid).isNotNull();
assertThat(newSubjectUuid).isNotNull();
}
@Test
@@ -381,7 +381,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -417,7 +417,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -448,7 +448,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid)
@@ -509,7 +509,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid)
@@ -524,7 +524,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "contact-admin@firstcontact.example.com")
.header("current-subject", "contact-admin@firstcontact.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid)
@@ -554,7 +554,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -637,7 +637,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
// @formatter:on
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_office_contact#fourthcontact:ADMIN")
.contentType(ContentType.JSON)
.body("""
@@ -666,7 +666,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())
@@ -685,7 +685,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "contact-admin@fourthcontact.example.com")
.header("current-subject", "contact-admin@fourthcontact.example.com")
.port(port)
.when()
.delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())
@@ -704,7 +704,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java
+10 -10
View File
@@ -9,9 +9,9 @@ import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelation;
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity;
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.hibernate.Hibernate;
@@ -34,8 +34,8 @@ import java.util.Arrays;
import java.util.List;
import static net.hostsharing.hsadminng.rbac.test.EntityList.one;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@@ -190,7 +190,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// owner
"{ grant perm:debitor#D-1000122:DELETE to role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER by system and assume }",
"{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:DELETE to role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER by system and assume }",
"{ grant role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER to role:global#global:ADMIN by system and assume }",
"{ grant role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER to role:person#FirstGmbH:ADMIN by system and assume }",
"{ grant role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER to user:superuser-alex@hostsharing.net by relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER and assume }",
@@ -349,7 +349,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// then
result.assertSuccessful();
assertThatDebitorIsVisibleForUserWithRole(result.returnedValue(), "global#global:ADMIN", true);
assertThatDebitorIsVisibleForUserWithRole(result.returnedValue(), "rbac.global#global:ADMIN", true);
// ... partner role was reassigned:
assertThatDebitorIsNotVisibleForUserWithRole(
@@ -398,7 +398,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
result.assertSuccessful();
assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(),
"global#global:ADMIN", true);
"rbac.global#global:ADMIN", true);
// ... bank-account role was assigned:
assertThatDebitorIsVisibleForUserWithRole(
@@ -427,7 +427,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
result.assertSuccessful();
assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(),
"global#global:ADMIN", true);
"rbac.global#global:ADMIN", true);
// ... bank-account role was removed from previous bank-account admin:
assertThatDebitorIsNotVisibleForUserWithRole(
@@ -590,7 +590,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'defaultprefix'
from tx_journal_v
from base.tx_journal_v
where targettable = 'hs_office_debitor';
""");
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java
+15 -15
View File
@@ -67,7 +67,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/memberships")
@@ -113,7 +113,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.queryParam("partnerUuid", partner.getUuid() )
@@ -141,7 +141,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.queryParam("memberNumber", 1000202 )
@@ -178,7 +178,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -204,10 +204,10 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
.extract().header("Location"); // @formatter:on
// finally, the new membership can be accessed under the generated UUID
final var newUserUuid = UUID.fromString(
final var newSubjectUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
assertThat(newUserUuid).isNotNull();
assertThat(membershipRepo.findByUuid(newUserUuid)).isPresent();
assertThat(newSubjectUuid).isNotNull();
assertThat(membershipRepo.findByUuid(newSubjectUuid)).isPresent();
}
}
@@ -221,7 +221,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid)
@@ -247,7 +247,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid)
@@ -262,7 +262,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT")
.port(port)
.when()
@@ -294,7 +294,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -338,7 +338,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
// when
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", givenPartnerAdmin)
.contentType(ContentType.JSON)
.body("""
@@ -373,7 +373,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid())
@@ -391,7 +391,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT")
.port(port)
.when()
@@ -410,7 +410,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerRestTest.java
+3 -3
View File
@@ -69,7 +69,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/memberships")
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -99,7 +99,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/memberships")
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -125,7 +125,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/memberships")
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
+5 -5
View File
@@ -5,8 +5,8 @@ import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository;
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerRepository;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.junit.jupiter.api.Nested;
@@ -24,8 +24,8 @@ import java.time.LocalDate;
import java.util.Arrays;
import java.util.List;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@@ -337,7 +337,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'membernumbersuffix'
from tx_journal_v
from base.tx_journal_v
where targettable = 'hs_office_membership';
""");
src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java
+15 -15
View File
@@ -62,7 +62,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/partners")
@@ -96,7 +96,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -141,9 +141,9 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
.extract().header("Location"); // @formatter:on
// finally, the new partner can be accessed under the generated UUID
final var newUserUuid = UUID.fromString(
final var newSubjectUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
assertThat(newUserUuid).isNotNull();
assertThat(newSubjectUuid).isNotNull();
}
@Test
@@ -155,7 +155,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -193,7 +193,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -238,7 +238,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@@ -270,7 +270,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@@ -285,7 +285,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "contact-admin@firstcontact.example.com")
.header("current-subject", "contact-admin@firstcontact.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@@ -316,7 +316,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -383,7 +383,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -421,7 +421,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -469,7 +469,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid())
@@ -489,7 +489,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "contact-admin@fourthcontact.example.com")
.header("current-subject", "contact-admin@fourthcontact.example.com")
.port(port)
.when()
.delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid())
@@ -508,7 +508,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerRestTest.java
+3 -3
View File
@@ -95,7 +95,7 @@ class HsOfficePartnerControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/partners")
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -132,7 +132,7 @@ class HsOfficePartnerControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/partners")
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -184,7 +184,7 @@ class HsOfficePartnerControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.delete("/api/hs/office/partners/" + givenPartnerUuid)
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.accept(MediaType.APPLICATION_JSON))
src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java
+9 -9
View File
@@ -7,9 +7,9 @@ import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity;
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealRepository;
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacObjectRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacObjectRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Nested;
@@ -27,9 +27,9 @@ import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacObjectEntity.objectDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacObjectEntity.objectDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.mapper.Array.from;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@@ -158,7 +158,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
"{ grant perm:relation#HostsharingeG-with-PARTNER-EBess:SELECT to role:relation#HostsharingeG-with-PARTNER-EBess:TENANT by system and assume }",
// relation owner
"{ grant role:relation#HostsharingeG-with-PARTNER-EBess:OWNER to role:global#global:ADMIN by system and assume }",
"{ grant role:relation#HostsharingeG-with-PARTNER-EBess:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant role:relation#HostsharingeG-with-PARTNER-EBess:OWNER to user:superuser-alex@hostsharing.net by relation#HostsharingeG-with-PARTNER-EBess:OWNER and assume }",
// relation admin
@@ -278,7 +278,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
assertThatPartnerIsVisibleForUserWithRole(
givenPartner,
"global#global:ADMIN");
"rbac.global#global:ADMIN");
assertThatPartnerIsVisibleForUserWithRole(
givenPartner,
"hs_office_person#ThirdOHG:ADMIN");
@@ -434,7 +434,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'partnernumber'
from tx_journal_v
from base.tx_journal_v
where targettable = 'hs_office_partner';
""");
src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java
+12 -12
View File
@@ -56,7 +56,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/persons")
@@ -76,7 +76,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -99,9 +99,9 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
.extract().header("Location"); // @formatter:on
// finally, the new person can be accessed under the generated UUID
final var newUserUuid = UUID.fromString(
final var newSubjectUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
assertThat(newUserUuid).isNotNull();
assertThat(newSubjectUuid).isNotNull();
}
}
@@ -116,7 +116,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/persons/" + givenPersonUuid)
@@ -139,7 +139,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/persons/" + givenPersonUuid)
@@ -156,7 +156,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "person-ErbenBesslerMelBessler@example.com")
.header("current-subject", "person-ErbenBesslerMelBessler@example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/persons/" + givenPersonUuid)
@@ -185,7 +185,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -227,7 +227,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -271,7 +271,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid())
@@ -290,7 +290,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-test-user@hostsharing.org")
.header("current-subject", "selfregistered-test-user@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid())
@@ -310,7 +310,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java
+6 -6
View File
@@ -2,8 +2,8 @@ package net.hostsharing.hsadminng.hs.office.person;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.apache.commons.lang3.RandomStringUtils;
@@ -22,8 +22,8 @@ import java.util.List;
import java.util.function.Supplier;
import static net.hostsharing.hsadminng.hs.office.person.TestHsOfficePerson.hsOfficePerson;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@@ -112,7 +112,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu
"{ grant perm:hs_office_person#anothernewperson:INSERT>hs_office_relation to role:hs_office_person#anothernewperson:ADMIN by system and assume }",
"{ grant role:hs_office_person#anothernewperson:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_person#anothernewperson:OWNER and assume }",
"{ grant role:hs_office_person#anothernewperson:OWNER to role:global#global:ADMIN by system and assume }",
"{ grant role:hs_office_person#anothernewperson:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant perm:hs_office_person#anothernewperson:UPDATE to role:hs_office_person#anothernewperson:ADMIN by system and assume }",
"{ grant perm:hs_office_person#anothernewperson:DELETE to role:hs_office_person#anothernewperson:OWNER by system and assume }",
"{ grant role:hs_office_person#anothernewperson:ADMIN to role:hs_office_person#anothernewperson:OWNER by system and assume }",
@@ -261,7 +261,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'tradename', targetdelta->>'lastname'
from tx_journal_v
from base.tx_journal_v
where targettable = 'hs_office_person';
""");
src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java
+14 -14
View File
@@ -66,7 +66,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/relations?personUuid=%s&relationType=%s"
@@ -129,7 +129,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -161,9 +161,9 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
.extract().header("Location"); // @formatter:on
// finally, the new relation can be accessed under the generated UUID
final var newUserUuid = toCleanup(HsOfficeRelationRealEntity.class, UUID.fromString(
final var newSubjectUuid = toCleanup(HsOfficeRelationRealEntity.class, UUID.fromString(
location.substring(location.lastIndexOf('/') + 1)));
assertThat(newUserUuid).isNotNull();
assertThat(newSubjectUuid).isNotNull();
}
@Test
@@ -176,7 +176,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -208,7 +208,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -241,7 +241,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -275,7 +275,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/relations/" + givenRelationUuid)
@@ -298,7 +298,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/relations/" + givenRelationUuid)
@@ -314,7 +314,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "contact-admin@firstcontact.example.com")
.header("current-subject", "contact-admin@firstcontact.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
@@ -357,7 +357,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -400,7 +400,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
@@ -419,7 +419,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "contact-admin@seventhcontact.example.com")
.header("current-subject", "contact-admin@seventhcontact.example.com")
.port(port)
.when()
.delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
@@ -438,7 +438,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java
+7 -7
View File
@@ -4,8 +4,8 @@ import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealRepository;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRepository;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.junit.jupiter.api.Nested;
@@ -24,8 +24,8 @@ import java.util.List;
import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.NATURAL_PERSON;
import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.UNINCORPORATED_FIRM;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@@ -133,7 +133,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
initialGrantNames,
"{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:DELETE to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:global#global:ADMIN by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to user:superuser-alex@hostsharing.net by hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER and assume }",
"{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:UPDATE to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
@@ -233,7 +233,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
assertThat(result.returnedValue().getContact().getCaption()).isEqualTo("sixth contact");
assertThatRelationIsVisibleForUserWithRole(
result.returnedValue(),
"global#global:ADMIN");
"rbac.global#global:ADMIN");
assertThatRelationIsVisibleForUserWithRole(
result.returnedValue(),
"hs_office_contact#sixthcontact:ADMIN");
@@ -395,7 +395,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'mark'
from tx_journal_v
from base.tx_journal_v
where targettable = 'hs_office_relation';
""");
src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java
+16 -16
View File
@@ -62,7 +62,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates")
@@ -111,7 +111,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -138,9 +138,9 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
.extract().header("Location"); // @formatter:on
// finally, the new sepaMandate can be accessed under the generated UUID
final var newUserUuid = UUID.fromString(
final var newSubjectUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
assertThat(newUserUuid).isNotNull();
assertThat(newSubjectUuid).isNotNull();
}
// TODO.test: move validation tests to a ...WebMvcTest
@@ -153,7 +153,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -178,7 +178,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -208,7 +208,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -242,7 +242,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid)
@@ -272,7 +272,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid)
@@ -289,7 +289,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "bankaccount-admin@FirstGmbH.example.com")
.header("current-subject", "bankaccount-admin@FirstGmbH.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid)
@@ -321,7 +321,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -367,7 +367,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -407,7 +407,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -441,7 +441,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid())
@@ -459,7 +459,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "bankaccount-admin@FirstGmbH.example.com")
.header("current-subject", "bankaccount-admin@FirstGmbH.example.com")
.port(port)
.when()
.delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid())
@@ -477,7 +477,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java
+6 -6
View File
@@ -5,8 +5,8 @@ import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountRepository;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.junit.jupiter.api.Nested;
@@ -24,8 +24,8 @@ import java.time.LocalDate;
import java.util.Arrays;
import java.util.List;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.mapper.Array.fromFormatted;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@@ -128,7 +128,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
// owner
"{ grant perm:sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):DELETE to role:sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER by system and assume }",
"{ grant role:sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER to role:global#global:ADMIN by system and assume }",
"{ grant role:sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant role:sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER to user:superuser-alex@hostsharing.net by sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER and assume }",
// admin
@@ -380,7 +380,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'reference'
from tx_journal_v
from base.tx_journal_v
where targettable = 'hs_office_sepamandate';
""");
src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java
+6 -6
View File
@@ -1,7 +1,7 @@
package net.hostsharing.hsadminng.rbac.context;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
import net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.TestInfo;
import org.springframework.beans.factory.annotation.Autowired;
@@ -26,7 +26,7 @@ public abstract class ContextBasedTest {
<pre>
RbacGrantsDiagramService.writeToFile(
"title",
diagramService.allGrantsToCurrentUser(of(RbacGrantsDiagramService.Include.USERS, RbacGrantsDiagramService.Include.TEST_ENTITIES, RbacGrantsDiagramService.Include.NOT_ASSUMED, RbacGrantsDiagramService.Include.DETAILS, RbacGrantsDiagramService.Include.PERMISSIONS)),
diagramService.allGrantsTocurrentSubject(of(RbacGrantsDiagramService.Include.USERS, RbacGrantsDiagramService.Include.TEST_ENTITIES, RbacGrantsDiagramService.Include.NOT_ASSUMED, RbacGrantsDiagramService.Include.DETAILS, RbacGrantsDiagramService.Include.PERMISSIONS)),
"filename.md
);
</pre>
@@ -41,12 +41,12 @@ public abstract class ContextBasedTest {
this.test = testInfo;
}
protected void context(final String currentUser, final String assumedRoles) {
context.define(test.getDisplayName(), null, currentUser, assumedRoles);
protected void context(final String currentSubject, final String assumedRoles) {
context.define(test.getDisplayName(), null, currentSubject, assumedRoles);
}
protected void context(final String currentUser) {
context(currentUser, null);
protected void context(final String currentSubject) {
context(currentSubject, null);
}
protected void historicalContext(final Long txId) {
src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java
+17 -17
View File
@@ -36,30 +36,30 @@ class ContextIntegrationTests {
context.define("superuser-alex@hostsharing.net", null);
assertThat(context.getCurrentTask())
assertThat(context.fetchCurrentTask())
.isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack");
}
@Test
@Transactional
void defineWithCurrentUserButWithoutAssumedRoles() {
void defineWithcurrentSubjectButWithoutAssumedRoles() {
// when
context.define("superuser-alex@hostsharing.net");
// then
assertThat(context.getCurrentUser()).
assertThat(context.fetchCurrentSubject()).
isEqualTo("superuser-alex@hostsharing.net");
assertThat(context.getCurrentUserUUid()).isNotNull();
assertThat(context.fetchCurrentSubjectUuid()).isNotNull();
assertThat(context.getAssumedRoles()).isEmpty();
assertThat(context.fetchAssumedRoles()).isEmpty();
assertThat(context.currentSubjectsUuids())
.containsExactly(context.getCurrentUserUUid());
assertThat(context.fetchCurrentSubjectOrAssumedRolesUuids())
.containsExactly(context.fetchCurrentSubjectUuid());
}
@Test
void defineWithoutCurrentUserButWithAssumedRoles() {
void defineWithoutcurrentSubjectButWithAssumedRoles() {
// when
final var result = jpaAttempt.transacted(() ->
context.define(null, "test_package#yyy00:ADMIN")
@@ -72,7 +72,7 @@ class ContextIntegrationTests {
}
@Test
void defineWithUnknownCurrentUser() {
void defineWithUnknowncurrentSubject() {
// when
final var result = jpaAttempt.transacted(() ->
context.define("unknown@example.org")
@@ -81,27 +81,27 @@ class ContextIntegrationTests {
// then
result.assertExceptionWithRootCauseMessage(
jakarta.persistence.PersistenceException.class,
"[401] user unknown@example.org given in `defineContext(...)` does not exist");
"[401] subject unknown@example.org given in `base.defineContext(...)` does not exist");
}
@Test
@Transactional
void defineWithCurrentUserAndAssumedRoles() {
void defineWithcurrentSubjectAndAssumedRoles() {
// given
context.define("superuser-alex@hostsharing.net", "test_customer#xxx:OWNER;test_customer#yyy:OWNER");
// when
final var currentUser = context.getCurrentUser();
assertThat(currentUser).isEqualTo("superuser-alex@hostsharing.net");
final var currentSubject = context.fetchCurrentSubject();
assertThat(currentSubject).isEqualTo("superuser-alex@hostsharing.net");
// then
assertThat(context.getAssumedRoles())
assertThat(context.fetchAssumedRoles())
.isEqualTo(Array.of("test_customer#xxx:OWNER", "test_customer#yyy:OWNER"));
assertThat(context.currentSubjectsUuids()).hasSize(2);
assertThat(context.fetchCurrentSubjectOrAssumedRolesUuids()).hasSize(2);
}
@Test
public void defineContextWithCurrentUserAndAssumeInaccessibleRole() {
public void defineContextWithcurrentSubjectAndAssumeInaccessibleRole() {
// when
final var result = jpaAttempt.transacted(() ->
context.define("customer-admin@xxx.example.com", "test_package#yyy00:ADMIN")
@@ -110,6 +110,6 @@ class ContextIntegrationTests {
// then
result.assertExceptionWithRootCauseMessage(
jakarta.persistence.PersistenceException.class,
"ERROR: [403] user customer-admin@xxx.example.com has no permission to assume role test_package#yyy00:ADMIN");
"ERROR: [403] subject customer-admin@xxx.example.com has no permission to assume role test_package#yyy00:ADMIN");
}
}
src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java
+12 -12
View File
@@ -28,10 +28,10 @@ import static org.mockito.Mockito.verify;
class ContextUnitTest {
private static final String DEFINE_CONTEXT_QUERY_STRING = """
call defineContext(
call base.defineContext(
cast(:currentTask as varchar(127)),
cast(:currentRequest as text),
cast(:currentUser as varchar(63)),
cast(:currentSubject as varchar(63)),
cast(:assumedRoles as varchar(1023)));
""";
@@ -57,7 +57,7 @@ class ContextUnitTest {
void registerWithoutHttpServletRequestUsesCallStackForTask() {
given(em.createNativeQuery(any())).willReturn(nativeQuery);
context.define("current-user");
context.define("current-subject");
verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
verify(nativeQuery).setParameter(
@@ -69,7 +69,7 @@ class ContextUnitTest {
void registerWithoutHttpServletRequestUsesEmptyStringForRequest() {
given(em.createNativeQuery(any())).willReturn(nativeQuery);
context.define("current-user");
context.define("current-subject");
verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
verify(nativeQuery).setParameter("currentRequest", null);
@@ -109,12 +109,12 @@ class ContextUnitTest {
@Test
void registerWithHttpServletRequestUsesRequest() throws IOException {
givenRequest("POST", "http://localhost:9999/api/endpoint", Map.ofEntries(
Map.entry("current-user", "given-user"),
Map.entry("current-subject", "given-user"),
Map.entry("content-type", "application/json"),
Map.entry("user-agent", "given-user-agent")),
"{}");
context.define("current-user");
context.define("current-subject");
verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
verify(nativeQuery).setParameter("currentTask", "POST http://localhost:9999/api/endpoint");
@@ -123,20 +123,20 @@ class ContextUnitTest {
@Test
void registerWithHttpServletRequestForwardsRequestAsCurl() throws IOException {
givenRequest("POST", "http://localhost:9999/api/endpoint", Map.ofEntries(
Map.entry("current-user", "given-user"),
Map.entry("current-subject", "given-user"),
Map.entry("content-type", "application/json"),
Map.entry("user-agent", "given-user-agent")),
"{}");
context.define("current-user");
context.define("current-subject");
verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
verify(nativeQuery).setParameter("currentRequest", """
curl -0 -v -X POST http://localhost:9999/api/endpoint \\
-H 'current-user:given-user' \\
-H 'content-type:application/json' \\
-H 'current-subject:given-user' \\
--data-binary @- << EOF
{}
EOF
""".trim());
@@ -146,12 +146,12 @@ class ContextUnitTest {
void shortensCurrentTaskToMaxLength() throws IOException {
givenRequest("GET", "http://localhost:9999/api/endpoint/" + "0123456789".repeat(13),
Map.ofEntries(
Map.entry("current-user", "given-user"),
Map.entry("current-subject", "given-user"),
Map.entry("content-type", "application/json"),
Map.entry("user-agent", "given-user-agent")),
"{}");
context.define("current-user");
context.define("current-subject");
verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
verify(nativeQuery).setParameter(eq("currentTask"), argThat((String t) -> t.length() == 127));
src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java → src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java
+75 -75
View File
@@ -1,14 +1,14 @@
package net.hostsharing.hsadminng.rbac.rbacgrant;
package net.hostsharing.hsadminng.rbac.grant;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import io.restassured.response.ValidatableResponse;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.rbac.context.ContextBasedTest;
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity;
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository;
import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserEntity;
import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserRepository;
import net.hostsharing.hsadminng.rbac.role.RbacRoleEntity;
import net.hostsharing.hsadminng.rbac.role.RbacRoleRepository;
import net.hostsharing.hsadminng.rbac.subject.RbacSubjectEntity;
import net.hostsharing.hsadminng.rbac.subject.RbacSubjectRepository;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.jupiter.api.Nested;
@@ -43,7 +43,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
EntityManager em;
@Autowired
RbacUserRepository rbacUserRepository;
RbacSubjectRepository rbacSubjectRepository;
@Autowired
RbacRoleRepository rbacRoleRepository;
@@ -61,7 +61,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
void globalAdmin_withoutAssumedRole_canViewAllGrants() {
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/grants")
@@ -73,7 +73,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// TODO: should there be a grantedByRole or just a grantedByTrigger?
hasEntry("grantedByRoleIdName", "test_customer#xxx:OWNER"),
hasEntry("grantedRoleIdName", "test_customer#xxx:ADMIN"),
hasEntry("granteeUserName", "customer-admin@xxx.example.com")
hasEntry("granteeSubjectName", "customer-admin@xxx.example.com")
)
))
.body("", hasItem(
@@ -81,28 +81,28 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// TODO: should there be a grantedByRole or just a grantedByTrigger?
hasEntry("grantedByRoleIdName", "test_customer#yyy:OWNER"),
hasEntry("grantedRoleIdName", "test_customer#yyy:ADMIN"),
hasEntry("granteeUserName", "customer-admin@yyy.example.com")
hasEntry("granteeSubjectName", "customer-admin@yyy.example.com")
)
))
.body("", hasItem(
allOf(
hasEntry("grantedByRoleIdName", "global#global:ADMIN"),
hasEntry("grantedRoleIdName", "global#global:ADMIN"),
hasEntry("granteeUserName", "superuser-fran@hostsharing.net")
hasEntry("grantedByRoleIdName", "rbac.global#global:ADMIN"),
hasEntry("grantedRoleIdName", "rbac.global#global:ADMIN"),
hasEntry("granteeSubjectName", "superuser-fran@hostsharing.net")
)
))
.body("", hasItem(
allOf(
hasEntry("grantedByRoleIdName", "test_customer#xxx:ADMIN"),
hasEntry("grantedRoleIdName", "test_package#xxx00:ADMIN"),
hasEntry("granteeUserName", "pac-admin-xxx00@xxx.example.com")
hasEntry("granteeSubjectName", "pac-admin-xxx00@xxx.example.com")
)
))
.body("", hasItem(
allOf(
hasEntry("grantedByRoleIdName", "test_customer#zzz:ADMIN"),
hasEntry("grantedRoleIdName", "test_package#zzz02:ADMIN"),
hasEntry("granteeUserName", "pac-admin-zzz02@zzz.example.com")
hasEntry("granteeSubjectName", "pac-admin-zzz02@zzz.example.com")
)
))
.body("size()", greaterThanOrEqualTo(14));
@@ -113,7 +113,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
void globalAdmin_withAssumedPackageAdminRole_canViewPacketRelatedGrants() {
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_package#yyy00:ADMIN")
.port(port)
.when()
@@ -125,7 +125,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
allOf(
hasEntry("grantedByRoleIdName", "test_customer#yyy:ADMIN"),
hasEntry("grantedRoleIdName", "test_package#yyy00:ADMIN"),
hasEntry("granteeUserName", "pac-admin-yyy00@yyy.example.com")
hasEntry("granteeSubjectName", "pac-admin-yyy00@yyy.example.com")
)
))
.body("size()", is(1));
@@ -136,7 +136,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
void packageAdmin_withoutAssumedRole_canViewPacketRelatedGrants() {
RestAssured // @formatter:off
.given()
.header("current-user", "pac-admin-yyy00@yyy.example.com")
.header("current-subject", "pac-admin-yyy00@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/grants")
@@ -147,12 +147,12 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
allOf(
hasEntry("grantedByRoleIdName", "test_customer#yyy:ADMIN"),
hasEntry("grantedRoleIdName", "test_package#yyy00:ADMIN"),
hasEntry("granteeUserName", "pac-admin-yyy00@yyy.example.com")
hasEntry("granteeSubjectName", "pac-admin-yyy00@yyy.example.com")
)
))
.body("[0].grantedByRoleIdName", is("test_customer#yyy:ADMIN"))
.body("[0].grantedRoleIdName", is("test_package#yyy00:ADMIN"))
.body("[0].granteeUserName", is("pac-admin-yyy00@yyy.example.com"));
.body("[0].granteeSubjectName", is("pac-admin-yyy00@yyy.example.com"));
// @formatter:on
}
}
@@ -163,12 +163,12 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
@Test
void customerAdmin_withAssumedPacketAdminRole_canReadPacketAdminsGrantById() {
// given
final var givenCurrentUserAsPackageAdmin = new Subject("customer-admin@xxx.example.com");
final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
final var givencurrentSubjectAsPackageAdmin = new Subject("customer-admin@xxx.example.com");
final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com");
final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN");
// when
final var grant = givenCurrentUserAsPackageAdmin.getGrantById()
final var grant = givencurrentSubjectAsPackageAdmin.getGrantById()
.forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser);
// then
@@ -176,18 +176,18 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
.statusCode(200)
.body("grantedByRoleIdName", is("test_customer#xxx:ADMIN"))
.body("grantedRoleIdName", is("test_package#xxx00:ADMIN"))
.body("granteeUserName", is("pac-admin-xxx00@xxx.example.com"));
.body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com"));
}
@Test
void packageAdmin_withoutAssumedRole_canReadItsOwnGrantById() {
// given
final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com");
final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com");
final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com");
final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN");
// when
final var grant = givenCurrentUserAsPackageAdmin.getGrantById()
final var grant = givencurrentSubjectAsPackageAdmin.getGrantById()
.forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser);
// then
@@ -195,20 +195,20 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
.statusCode(200)
.body("grantedByRoleIdName", is("test_customer#xxx:ADMIN"))
.body("grantedRoleIdName", is("test_package#xxx00:ADMIN"))
.body("granteeUserName", is("pac-admin-xxx00@xxx.example.com"));
.body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com"));
}
@Test
void packageAdmin_withAssumedPackageAdmin_canStillReadItsOwnGrantById() {
// given
final var givenCurrentUserAsPackageAdmin = new Subject(
final var givencurrentSubjectAsPackageAdmin = new Subject(
"pac-admin-xxx00@xxx.example.com",
"test_package#xxx00:ADMIN");
final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com");
final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN");
// when
final var grant = givenCurrentUserAsPackageAdmin.getGrantById()
final var grant = givencurrentSubjectAsPackageAdmin.getGrantById()
.forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser);
// then
@@ -216,19 +216,19 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
.statusCode(200)
.body("grantedByRoleIdName", is("test_customer#xxx:ADMIN"))
.body("grantedRoleIdName", is("test_package#xxx00:ADMIN"))
.body("granteeUserName", is("pac-admin-xxx00@xxx.example.com"));
.body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com"));
}
@Test
void packageAdmin_withAssumedPackageTenantRole_canNotReadItsOwnGrantByIdAnymore() {
// given
final var givenCurrentUserAsPackageAdmin = new Subject(
final var givencurrentSubjectAsPackageAdmin = new Subject(
"pac-admin-xxx00@xxx.example.com",
"test_package#xxx00:TENANT");
final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com");
final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN");
final var grant = givenCurrentUserAsPackageAdmin.getGrantById()
final var grant = givencurrentSubjectAsPackageAdmin.getGrantById()
.forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser);
// then
@@ -238,20 +238,20 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
}
@Nested
class GrantRoleToUser {
class GrantRoleToSubject {
@Test
void packageAdmin_canGrantOwnPackageAdminRole_toArbitraryUser() {
// given
final var givenNewUser = createRBacUser();
final var givenNewUser = createRbacSubject();
final var givenRoleToGrant = "test_package#xxx00:ADMIN";
final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
final var givenOwnPackageAdminRole =
getRbacRoleByName(givenCurrentUserAsPackageAdmin.assumedRole);
getRbacRoleByName(givencurrentSubjectAsPackageAdmin.assumedRole);
// when
final var response = givenCurrentUserAsPackageAdmin
final var response = givencurrentSubjectAsPackageAdmin
.grantsRole(givenOwnPackageAdminRole).assumed()
.toUser(givenNewUser);
@@ -261,8 +261,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
.body("grantedByRoleIdName", is("test_package#xxx00:ADMIN"))
.body("assumed", is(true))
.body("grantedRoleIdName", is("test_package#xxx00:ADMIN"))
.body("granteeUserName", is(givenNewUser.getName()));
assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin))
.body("granteeSubjectName", is(givenNewUser.getName()));
assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin))
.extracting(RbacGrantEntity::toDisplay)
.contains("{ grant role:" + givenOwnPackageAdminRole.getRoleName() +
" to user:" + givenNewUser.getName() +
@@ -273,13 +273,13 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
void packageAdmin_canNotGrantAlienPackageAdminRole_toArbitraryUser() {
// given
final var givenNewUser = createRBacUser();
final var givenNewUser = createRbacSubject();
final var givenRoleToGrant = "test_package#xxx00:ADMIN";
final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
final var givenAlienPackageAdminRole = getRbacRoleByName("test_package#yyy00:ADMIN");
// when
final var result = givenCurrentUserAsPackageAdmin
final var result = givencurrentSubjectAsPackageAdmin
.grantsRole(givenAlienPackageAdminRole).assumed()
.toUser(givenNewUser);
@@ -288,45 +288,45 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
.statusCode(403)
.body("message", containsString("Access to granted role"))
.body("message", containsString("forbidden for test_package#xxx00:ADMIN"));
assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin))
.extracting(RbacGrantEntity::getGranteeUserName)
assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin))
.extracting(RbacGrantEntity::getGranteeSubjectName)
.doesNotContain(givenNewUser.getName());
}
}
@Nested
class RevokeRoleFromUser {
class RevokeRoleFromSubject {
@Test
@Transactional(propagation = Propagation.NEVER)
void packageAdmin_canRevokePackageAdminRole_grantedByPackageAdmin_fromArbitraryUser() {
// given
final var givenArbitraryUser = createRBacUser();
final var givenArbitraryUser = createRbacSubject();
final var givenRoleToGrant = "test_package#xxx00:ADMIN";
final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
final var givenCurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
final var givenOwnPackageAdminRole = getRbacRoleByName("test_package#xxx00:ADMIN");
// and given an existing grant
assumeCreated(givenCurrentUserAsPackageAdmin
assumeCreated(givenCurrentSubjectAsPackageAdmin
.grantsRole(givenOwnPackageAdminRole).assumed()
.toUser(givenArbitraryUser));
assumeGrantExists(
givenCurrentUserAsPackageAdmin,
givenCurrentSubjectAsPackageAdmin,
"{ grant role:%s to user:%s by role:%s and assume }".formatted(
givenOwnPackageAdminRole.getRoleName(),
givenArbitraryUser.getName(),
givenCurrentUserAsPackageAdmin.assumedRole));
givenCurrentSubjectAsPackageAdmin.assumedRole));
// when
final var revokeResponse = givenCurrentUserAsPackageAdmin
final var revokeResponse = givenCurrentSubjectAsPackageAdmin
.revokesRole(givenOwnPackageAdminRole)
.fromUser(givenArbitraryUser);
// then
revokeResponse.assertThat().statusCode(204);
assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin))
.extracting(RbacGrantEntity::getGranteeUserName)
assertThat(findAllGrantsOf(givenCurrentSubjectAsPackageAdmin))
.extracting(RbacGrantEntity::getGranteeSubjectName)
.doesNotContain(givenArbitraryUser.getName());
}
}
@@ -337,16 +337,16 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
class Subject {
final String currentUser;
final String currentSubject;
final String assumedRole;
public Subject(final String currentUser, final String assumedRole) {
this.currentUser = currentUser;
public Subject(final String currentSubject, final String assumedRole) {
this.currentSubject = currentSubject;
this.assumedRole = assumedRole;
}
public Subject(final String currentUser) {
this(currentUser, "");
public Subject(final String currentSubject) {
this(currentSubject, "");
}
GrantFixture grantsRole(final RbacRoleEntity givenOwnPackageAdminRole) {
@@ -366,7 +366,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
private Subject grantingSubject = Subject.this;
private final RbacRoleEntity grantedRole;
private boolean assumed;
private RbacUserEntity granteeUser;
private RbacSubjectEntity granteeUser;
public GrantFixture(final RbacRoleEntity roleToGrant) {
this.grantedRole = roleToGrant;
@@ -377,19 +377,19 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
return this;
}
ValidatableResponse toUser(final RbacUserEntity granteeUser) {
ValidatableResponse toUser(final RbacSubjectEntity granteeUser) {
this.granteeUser = granteeUser;
return RestAssured // @formatter:ff
.given()
.header("current-user", grantingSubject.currentUser)
.header("current-subject", grantingSubject.currentSubject)
.header("assumed-roles", grantingSubject.assumedRole)
.contentType(ContentType.JSON)
.body("""
{
"assumed": true,
"grantedRoleUuid": "%s",
"granteeUserUuid": "%s"
"granteeSubjectUuid": "%s"
}
""".formatted(
grantedRole.getUuid(),
@@ -407,25 +407,25 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
private Subject currentSubject = Subject.this;
private final RbacRoleEntity grantedRole;
private boolean assumed;
private RbacUserEntity granteeUser;
private RbacSubjectEntity granteeUser;
public RevokeFixture(final RbacRoleEntity roleToGrant) {
this.grantedRole = roleToGrant;
}
ValidatableResponse fromUser(final RbacUserEntity granteeUser) {
ValidatableResponse fromUser(final RbacSubjectEntity granteeUser) {
this.granteeUser = granteeUser;
return RestAssured // @formatter:ff
.given()
.header("current-user", currentSubject.currentUser)
.header("current-subject", currentSubject.currentSubject)
.header("assumed-roles", currentSubject.assumedRole)
.contentType(ContentType.JSON)
.body("""
{
"assumed": true,
"grantedRoleUuid": "%s",
"granteeUserUuid": "%s"
"granteeSubjectUuid": "%s"
}
""".formatted(
grantedRole.getUuid(),
@@ -450,11 +450,11 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
return this;
}
ValidatableResponse toGranteeUser(final RbacUserEntity granteeUser) {
ValidatableResponse toGranteeUser(final RbacSubjectEntity granteeUser) {
return RestAssured // @formatter:ff
.given()
.header("current-user", currentSubject.currentUser)
.header("current-subject", currentSubject.currentSubject)
.header("assumed-roles", currentSubject.assumedRole)
.port(port)
.when()
@@ -475,23 +475,23 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
List<RbacGrantEntity> findAllGrantsOf(final Subject grantingSubject) {
return jpaAttempt.transacted(() -> {
context(grantingSubject.currentUser, null);
context(grantingSubject.currentSubject, null);
return rbacGrantRepository.findAll();
}).returnedValue();
}
RbacUserEntity createRBacUser() {
RbacSubjectEntity createRbacSubject() {
return jpaAttempt.transacted(() -> {
final String newUserName = "test-user-" + RandomStringUtils.randomAlphabetic(8) + "@example.com";
context(null);
return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), newUserName));
return rbacSubjectRepository.create(new RbacSubjectEntity(UUID.randomUUID(), newUserName));
}).returnedValue();
}
RbacUserEntity findRbacUserByName(final String userName) {
RbacSubjectEntity findRbacSubjectByName(final String userName) {
return jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", null);
return rbacUserRepository.findByName(userName);
return rbacSubjectRepository.findByName(userName);
}).assertNotNull().returnedValue();
}
src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntityUnitTest.java → src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantEntityUnitTest.java
+5 -5
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.rbac.rbacgrant;
package net.hostsharing.hsadminng.rbac.grant;
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleType;
import net.hostsharing.hsadminng.rbac.role.RbacRoleType;
import org.junit.jupiter.api.Test;
import java.util.UUID;
@@ -13,16 +13,16 @@ class RbacGrantEntityUnitTest {
void getRbacGrantId() {
// given
final var grantedRoleUuid = UUID.randomUUID();
final var granteeUserUuid = UUID.randomUUID();
final var granteeSubjectUuid = UUID.randomUUID();
final var entity = new RbacGrantEntity();
entity.setGrantedRoleUuid(grantedRoleUuid);
entity.setGranteeUserUuid(granteeUserUuid);
entity.setGranteeSubjectUuid(granteeSubjectUuid);
// when
final var grantId = entity.getRbacGrantId();
// then
assertThat(grantId).isEqualTo(new RbacGrantId(granteeUserUuid, grantedRoleUuid));
assertThat(grantId).isEqualTo(new RbacGrantId(granteeSubjectUuid, grantedRoleUuid));
}
@Test
src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java → src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java
+24 -24
View File
@@ -1,10 +1,10 @@
package net.hostsharing.hsadminng.rbac.rbacgrant;
package net.hostsharing.hsadminng.rbac.grant;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.ContextBasedTest;
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository;
import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserEntity;
import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserRepository;
import net.hostsharing.hsadminng.rbac.role.RbacRoleRepository;
import net.hostsharing.hsadminng.rbac.subject.RbacSubjectEntity;
import net.hostsharing.hsadminng.rbac.subject.RbacSubjectRepository;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
@@ -42,7 +42,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
RawRbacGrantRepository rawRbacGrantRepository;
@Autowired
RbacUserRepository rbacUserRepository;
RbacSubjectRepository rbacSubjectRepository;
@Autowired
RbacRoleRepository rbacRoleRepository;
@@ -103,18 +103,18 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
}
@Nested
class GrantRoleToUser {
class GrantRoleToSubject {
@Test
public void customerAdmin_canGrantOwnPackageAdminRole_toArbitraryUser() {
// given
context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN");
final var givenArbitraryUserUuid = rbacUserRepository.findByName("pac-admin-zzz00@zzz.example.com").getUuid();
final var givenArbitrarySubjectUuid = rbacSubjectRepository.findByName("pac-admin-zzz00@zzz.example.com").getUuid();
final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("test_package#xxx00:ADMIN").getUuid();
// when
final var grant = RbacGrantEntity.builder()
.granteeUserUuid(givenArbitraryUserUuid).grantedRoleUuid(givenOwnPackageRoleUuid)
.granteeSubjectUuid(givenArbitrarySubjectUuid).grantedRoleUuid(givenOwnPackageRoleUuid)
.assumed(true)
.build();
final var attempt = attempt(em, () ->
@@ -133,7 +133,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
@Transactional(propagation = Propagation.NEVER)
public void packageAdmin_canNotGrantPackageOwnerRole() {
// given
record Given(RbacUserEntity arbitraryUser, UUID packageOwnerRoleUuid) {}
record Given(RbacSubjectEntity arbitraryUser, UUID packageOwnerRoleUuid) {}
final var given = jpaAttempt.transacted(() -> {
// to find the uuids of we need to have access rights to these
context("customer-admin@xxx.example.com", null);
@@ -148,7 +148,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
// now we try to use these uuids as a less privileged user
context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN");
final var grant = RbacGrantEntity.builder()
.granteeUserUuid(given.arbitraryUser.getUuid())
.granteeSubjectUuid(given.arbitraryUser.getUuid())
.grantedRoleUuid(given.packageOwnerRoleUuid)
.assumed(true)
.build();
@@ -170,7 +170,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
}
@Nested
class RevokeRoleFromUser {
class revokeRoleFromSubject {
@Test
public void customerAdmin_canRevokeSelfGrantedPackageAdminRole() {
@@ -188,7 +188,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN");
assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull();
assertThat(rbacGrantRepository.findAll())
.extracting(RbacGrantEntity::getGranteeUserName)
.extracting(RbacGrantEntity::getGranteeSubjectName)
.doesNotContain("pac-admin-zzz00@zzz.example.com");
}
@@ -209,7 +209,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull();
context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN");
assertThat(rbacGrantRepository.findAll())
.extracting(RbacGrantEntity::getGranteeUserName)
.extracting(RbacGrantEntity::getGranteeSubjectName)
.doesNotContain("pac-admin-zzz00@zzz.example.com");
}
@@ -236,11 +236,11 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
private RbacGrantEntity create(GrantBuilder with) {
context(with.byUserName, with.assumedRole);
final var givenArbitraryUserUuid = rbacUserRepository.findByName(with.granteeUserName).getUuid();
final var givenArbitrarySubjectUuid = rbacSubjectRepository.findByName(with.granteeSubjectName).getUuid();
final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName(with.grantedRole).getUuid();
final var grant = RbacGrantEntity.builder()
.granteeUserUuid(givenArbitraryUserUuid).grantedRoleUuid(givenOwnPackageRoleUuid)
.granteeSubjectUuid(givenArbitrarySubjectUuid).grantedRoleUuid(givenOwnPackageRoleUuid)
.assumed(true)
.build();
final var grantAttempt = attempt(em, () ->
@@ -251,7 +251,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
assertThat(rawRbacGrantRepository.findAll())
.extracting(RawRbacGrantEntity::toDisplay)
.contains("{ grant role:%s to user:%s by %s and assume }".formatted(
with.grantedRole, with.granteeUserName, with.assumedRole
with.grantedRole, with.granteeSubjectName, with.assumedRole
));
return grant;
@@ -266,7 +266,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
String byUserName;
String assumedRole = "";
String grantedRole;
String granteeUserName;
String granteeSubjectName;
GrantBuilder byUser(final String userName) {
byUserName = userName;
@@ -284,28 +284,28 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
}
GrantBuilder toUser(final String toUser) {
this.granteeUserName = toUser;
this.granteeSubjectName = toUser;
return this;
}
}
}
private RbacUserEntity createNewUserTransacted() {
private RbacSubjectEntity createNewUserTransacted() {
return jpaAttempt.transacted(() -> {
final var newUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
context(null);
return rbacUserRepository.create(new RbacUserEntity(null, newUserName));
return rbacSubjectRepository.create(new RbacSubjectEntity(null, newUserName));
}).assumeSuccessful().returnedValue();
}
private RbacUserEntity createNewUser() {
return rbacUserRepository.create(
new RbacUserEntity(null, "test-user-" + System.currentTimeMillis() + "@example.com"));
private RbacSubjectEntity createNewUser() {
return rbacSubjectRepository.create(
new RbacSubjectEntity(null, "test-user-" + System.currentTimeMillis() + "@example.com"));
}
void exactlyTheseRbacGrantsAreReturned(final List<RbacGrantEntity> actualResult, final String... expectedGrant) {
assertThat(actualResult)
.filteredOn(g -> !g.getGranteeUserName().startsWith("test-user-")) // ignore test-users created by other tests
.filteredOn(g -> !g.getGranteeSubjectName().startsWith("test-user-")) // ignore test-users created by other tests
.extracting(RbacGrantEntity::toDisplay)
.containsExactlyInAnyOrder(expectedGrant);
}
src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java → src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java
+12 -12
View File
@@ -1,8 +1,8 @@
package net.hostsharing.hsadminng.rbac.rbacgrant;
package net.hostsharing.hsadminng.rbac.grant;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService.Include;
import net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService.Include;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
@@ -44,18 +44,18 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu
this.test = testInfo;
}
protected void context(final String currentUser, final String assumedRoles) {
context.define(test.getDisplayName(), null, currentUser, assumedRoles);
protected void context(final String currentSubject, final String assumedRoles) {
context.define(test.getDisplayName(), null, currentSubject, assumedRoles);
}
protected void context(final String currentUser) {
context(currentUser, null);
protected void context(final String currentSubject) {
context(currentSubject, null);
}
@Test
void allGrantsToCurrentUser() {
void allGrantsTocurrentSubject() {
context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa:OWNER");
final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.TEST_ENTITIES));
final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.TEST_ENTITIES));
assertThat(graph).isEqualTo("""
flowchart TB
@@ -68,9 +68,9 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu
}
@Test
void allGrantsToCurrentUserIncludingPermissions() {
void allGrantsTocurrentSubjectIncludingPermissions() {
context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa:OWNER");
final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.TEST_ENTITIES, Include.PERMISSIONS));
final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.TEST_ENTITIES, Include.PERMISSIONS));
assertThat(graph).isEqualTo("""
flowchart TB
@@ -93,11 +93,11 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu
//context("superuser-alex@hostsharing.net", "hs_office_person#FirbySusan:ADMIN");
context("superuser-alex@hostsharing.net");
//final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS));
//final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS));
final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office_coopassetstransaction WHERE reference='ref 1000101-1'").getSingleResult();
final var graph = grantsMermaidService.allGrantsFrom(targetObject, "view", EnumSet.of(Include.USERS));
RbacGrantsDiagramService.writeToFile(join(";", context.getAssumedRoles()), graph, "doc/all-grants.md");
RbacGrantsDiagramService.writeToFile(join(";", context.fetchAssumedRoles()), graph, "doc/all-grants.md");
}
}
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/TestRbacUser.java
-14
View File
@@ -1,14 +0,0 @@
package net.hostsharing.hsadminng.rbac.rbacuser;
import static java.util.UUID.randomUUID;
public class TestRbacUser {
static final RbacUserEntity userxxx = rbacRole("customer-admin@xxx.example.com");
static final RbacUserEntity userBbb = rbacRole("customer-admin@bbb.example.com");
static public RbacUserEntity rbacRole(final String userName) {
return new RbacUserEntity(randomUUID(), userName);
}
}
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectEntity.java → src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacObjectEntity.java
+2 -2
View File
@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.rbac.rbacrole;
package net.hostsharing.hsadminng.rbac.role;
import lombok.*;
import org.jetbrains.annotations.NotNull;
@@ -9,7 +9,7 @@ import java.util.List;
import java.util.UUID;
@Entity
@Table(name = "rbacobject") // TODO: create view rbacobject_ev
@Table(schema = "rbac", name = "object") // TODO.impl: create view rbacobject_ev
@Getter
@Setter
@ToString
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectRepository.java → src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacObjectRepository.java
+1 -1
View File
@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.rbac.rbacrole;
package net.hostsharing.hsadminng.rbac.role;
import org.springframework.data.repository.Repository;
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleEntity.java → src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacRoleEntity.java
+2 -2
View File
@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.rbac.rbacrole;
package net.hostsharing.hsadminng.rbac.role;
import lombok.*;
import org.hibernate.annotations.Formula;
@@ -10,7 +10,7 @@ import java.util.List;
import java.util.UUID;
@Entity
@Table(name = "rbacrole_ev")
@Table(schema = "rbac", name = "role_ev")
@Getter
@Setter
@ToString
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleRepository.java → src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacRoleRepository.java
+1 -1
View File
@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.rbac.rbacrole;
package net.hostsharing.hsadminng.rbac.role;
import org.springframework.data.repository.Repository;
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java → src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java
+7 -7
View File
@@ -1,9 +1,9 @@
package net.hostsharing.hsadminng.rbac.rbacrole;
package net.hostsharing.hsadminng.rbac.role;
import io.restassured.RestAssured;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserRepository;
import net.hostsharing.hsadminng.rbac.subject.RbacSubjectRepository;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
@@ -24,7 +24,7 @@ class RbacRoleControllerAcceptanceTest {
Context context;
@Autowired
RbacUserRepository rbacUserRepository;
RbacSubjectRepository rbacSubjectRepository;
@Autowired
RbacRoleRepository rbacRoleRepository;
@@ -35,7 +35,7 @@ class RbacRoleControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/roles")
@@ -46,7 +46,7 @@ class RbacRoleControllerAcceptanceTest {
.body("", hasItem(hasEntry("roleName", "test_customer#xxx:OWNER")))
.body("", hasItem(hasEntry("roleName", "test_customer#xxx:TENANT")))
// ...
.body("", hasItem(hasEntry("roleName", "global#global:ADMIN")))
.body("", hasItem(hasEntry("roleName", "rbac.global#global:ADMIN")))
.body("", hasItem(hasEntry("roleName", "test_customer#yyy:ADMIN")))
.body("", hasItem(hasEntry("roleName", "test_package#yyy00:ADMIN")))
.body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER")))
@@ -60,7 +60,7 @@ class RbacRoleControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_package#yyy00:ADMIN")
.port(port)
.when()
@@ -93,7 +93,7 @@ class RbacRoleControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "pac-admin-zzz00@zzz.example.com")
.header("current-subject", "pac-admin-zzz00@zzz.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/roles")
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java → src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java
+4 -4
View File
@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.rbac.rbacrole;
package net.hostsharing.hsadminng.rbac.role;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.mapper.Mapper;
@@ -21,7 +21,7 @@ import jakarta.persistence.SynchronizationType;
import java.util.Map;
import static java.util.Arrays.asList;
import static net.hostsharing.hsadminng.rbac.rbacrole.TestRbacRole.*;
import static net.hostsharing.hsadminng.rbac.role.TestRbacRole.*;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.is;
import static org.mockito.ArgumentMatchers.any;
@@ -67,13 +67,13 @@ class RbacRoleControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/rbac/roles")
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.accept(MediaType.APPLICATION_JSON))
// then
.andExpect(status().isOk())
.andExpect(jsonPath("$", hasSize(3)))
.andExpect(jsonPath("$[0].roleName", is("global#global:ADMIN")))
.andExpect(jsonPath("$[0].roleName", is("rbac.global#global:ADMIN")))
.andExpect(jsonPath("$[1].roleName", is("test_customer#xxx:OWNER")))
.andExpect(jsonPath("$[2].roleName", is("test_customer#xxx:ADMIN")))
.andExpect(jsonPath("$[2].uuid", is(customerXxxAdmin.getUuid().toString())))
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java → src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java
+6 -6
View File
@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.rbac.rbacrole;
package net.hostsharing.hsadminng.rbac.role;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.mapper.Array;
@@ -38,8 +38,8 @@ class RbacRoleRepositoryIntegrationTest {
class FindAllRbacRoles {
private static final String[] ALL_TEST_DATA_ROLES = Array.of(
// @formatter:off
"global#global:ADMIN",
// @formatter:off
"rbac.global#global:ADMIN",
"test_customer#xxx:ADMIN", "test_customer#xxx:OWNER", "test_customer#xxx:TENANT",
"test_package#xxx00:ADMIN", "test_package#xxx00:OWNER", "test_package#xxx00:TENANT",
"test_package#xxx01:ADMIN", "test_package#xxx01:OWNER", "test_package#xxx01:TENANT",
@@ -70,7 +70,7 @@ class RbacRoleRepositoryIntegrationTest {
@Test
public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacRoles() {
given:
context.define("superuser-alex@hostsharing.net", "global#global:ADMIN");
context.define("superuser-alex@hostsharing.net", "rbac.global#global:ADMIN");
// when
final var result = rbacRoleRepository.findAll();
@@ -110,7 +110,7 @@ class RbacRoleRepositoryIntegrationTest {
noneOfTheseRbacRolesIsReturned(
result,
// @formatter:off
"global#global:ADMIN",
"rbac.global#global:ADMIN",
"test_customer#xxx:OWNER",
"test_package#yyy00:ADMIN",
"test_package#yyy00:OWNER",
@@ -146,7 +146,7 @@ class RbacRoleRepositoryIntegrationTest {
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user");
"[401] currentSubjectOrAssumedRolesUuids cannot be determined, please call `base.defineContext(...)` with a valid subject");
}
}
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/TestRbacRole.java → src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java
+2 -2
View File
@@ -1,10 +1,10 @@
package net.hostsharing.hsadminng.rbac.rbacrole;
package net.hostsharing.hsadminng.rbac.role;
import static java.util.UUID.randomUUID;
public class TestRbacRole {
public static final RbacRoleEntity hostmasterRole = rbacRole("global", "global", RbacRoleType.ADMIN);
public static final RbacRoleEntity hostmasterRole = rbacRole("rbac.global", "global", RbacRoleType.ADMIN);
static final RbacRoleEntity customerXxxOwner = rbacRole("test_customer", "xxx", RbacRoleType.OWNER);
static final RbacRoleEntity customerXxxAdmin = rbacRole("test_customer", "xxx", RbacRoleType.ADMIN);
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java → src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java
+60 -60
View File
@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.rbac.rbacuser;
package net.hostsharing.hsadminng.rbac.subject;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
@@ -22,7 +22,7 @@ import static org.hamcrest.Matchers.*;
classes = { HsadminNgApplication.class, JpaAttempt.class }
)
@Transactional
class RbacUserControllerAcceptanceTest {
class RbacSubjectControllerAcceptanceTest {
@LocalServerPort
private Integer port;
@@ -34,10 +34,10 @@ class RbacUserControllerAcceptanceTest {
Context context;
@Autowired
RbacUserRepository rbacUserRepository;
RbacSubjectRepository rbacSubjectRepository;
@Nested
class CreateRbacUser {
class CreateRbacSubject {
@Test
void anybody_canCreateANewUser() {
@@ -53,7 +53,7 @@ class RbacUserControllerAcceptanceTest {
""")
.port(port)
.when()
.post("http://localhost/api/rbac/users")
.post("http://localhost/api/rbac/subjects")
.then().assertThat()
.statusCode(201)
.contentType(ContentType.JSON)
@@ -63,28 +63,28 @@ class RbacUserControllerAcceptanceTest {
// @formatter:on
// finally, the user can view its own record
final var newUserUuid = UUID.fromString(
final var newSubjectUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
context.define("new-user@example.com");
assertThat(rbacUserRepository.findByUuid(newUserUuid))
.extracting(RbacUserEntity::getName).isEqualTo("new-user@example.com");
assertThat(rbacSubjectRepository.findByUuid(newSubjectUuid))
.extracting(RbacSubjectEntity::getName).isEqualTo("new-user@example.com");
}
}
@Nested
class GetRbacUser {
class GetRbacSubject {
@Test
void globalAdmin_withoutAssumedRole_canGetArbitraryUser() {
final var givenUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
final var givenUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com");
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/users/" + givenUser.getUuid())
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@@ -94,16 +94,16 @@ class RbacUserControllerAcceptanceTest {
@Test
void globalAdmin_withAssumedCustomerAdminRole_canGetUserWithinInItsRealm() {
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
final var givenUser = findRbacSubjectByName("pac-admin-yyy00@yyy.example.com");
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#yyy:ADMIN")
.port(port)
.when()
.get("http://localhost/api/rbac/users/" + givenUser.getUuid())
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@@ -113,15 +113,15 @@ class RbacUserControllerAcceptanceTest {
@Test
void customerAdmin_withoutAssumedRole_canGetUserWithinInItsRealm() {
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
final var givenUser = findRbacSubjectByName("pac-admin-yyy00@yyy.example.com");
// @formatter:off
RestAssured
.given()
.header("current-user", "customer-admin@yyy.example.com")
.header("current-subject", "customer-admin@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/users/" + givenUser.getUuid())
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@@ -131,15 +131,15 @@ class RbacUserControllerAcceptanceTest {
@Test
void customerAdmin_withoutAssumedRole_canNotGetUserOutsideOfItsRealm() {
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
final var givenUser = findRbacSubjectByName("pac-admin-yyy00@yyy.example.com");
// @formatter:off
RestAssured
.given()
.header("current-user", "customer-admin@xxx.example.com")
.header("current-subject", "customer-admin@xxx.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/users/" + givenUser.getUuid())
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
.then().log().body().assertThat()
.statusCode(404);
// @formatter:on
@@ -147,7 +147,7 @@ class RbacUserControllerAcceptanceTest {
}
@Nested
class ListRbacUsers {
class ListRbacSubjects {
@Test
void globalAdmin_withoutAssumedRole_canViewAllUsers() {
@@ -155,10 +155,10 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/users")
.get("http://localhost/api/rbac/subjects")
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@@ -180,10 +180,10 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/users?name=pac-admin-zzz0")
.get("http://localhost/api/rbac/subjects?name=pac-admin-zzz0")
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@@ -200,11 +200,11 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#yyy:ADMIN")
.port(port)
.when()
.get("http://localhost/api/rbac/users")
.get("http://localhost/api/rbac/subjects")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@@ -222,10 +222,10 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "customer-admin@yyy.example.com")
.header("current-subject", "customer-admin@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/users")
.get("http://localhost/api/rbac/subjects")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@@ -243,10 +243,10 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "pac-admin-xxx01@xxx.example.com")
.header("current-subject", "pac-admin-xxx01@xxx.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/users")
.get("http://localhost/api/rbac/subjects")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@@ -257,19 +257,19 @@ class RbacUserControllerAcceptanceTest {
}
@Nested
class ListRbacUserPermissions {
class ListRbacSubjectPermissions {
@Test
void globalAdmin_withoutAssumedRole_canViewArbitraryUsersPermissions() {
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
final var givenUser = findRbacSubjectByName("pac-admin-yyy00@yyy.example.com");
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions")
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@@ -290,16 +290,16 @@ class RbacUserControllerAcceptanceTest {
@Test
void globalAdmin_withAssumedCustomerAdminRole_canViewArbitraryUsersPermissions() {
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
final var givenUser = findRbacSubjectByName("pac-admin-yyy00@yyy.example.com");
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#yyy:ADMIN")
.port(port)
.when()
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions")
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@@ -320,15 +320,15 @@ class RbacUserControllerAcceptanceTest {
@Test
void packageAdmin_withoutAssumedRole_canViewPermissionsOfUsersInItsRealm() {
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
final var givenUser = findRbacSubjectByName("pac-admin-yyy00@yyy.example.com");
// @formatter:off
RestAssured
.given()
.header("current-user", "pac-admin-yyy00@yyy.example.com")
.header("current-subject", "pac-admin-yyy00@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions")
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@@ -349,15 +349,15 @@ class RbacUserControllerAcceptanceTest {
@Test
void packageAdmin_canViewPermissionsOfUsersOutsideOfItsRealm() {
final var givenUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
final var givenUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com");
// @formatter:off
RestAssured
.given()
.header("current-user", "pac-admin-yyy00@yyy.example.com")
.header("current-subject", "pac-admin-yyy00@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions")
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@@ -367,7 +367,7 @@ class RbacUserControllerAcceptanceTest {
}
@Nested
class DeleteRbacUser {
class DeleteRbacSubject {
@Test
void anybody_canDeleteTheirOwnUser() {
@@ -378,16 +378,16 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
final var location = RestAssured
.given()
.header("current-user", givenUser.getName())
.header("current-subject", givenUser.getName())
.port(port)
.when()
.delete("http://localhost/api/rbac/users/" + givenUser.getUuid())
.delete("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
.then().log().all().assertThat()
.statusCode(204);
// @formatter:on
// finally, the user is actually deleted
assertThat(rbacUserRepository.findByName(givenUser.getName())).isNull();
assertThat(rbacSubjectRepository.findByName(givenUser.getName())).isNull();
}
@Test
@@ -399,17 +399,17 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
final var location = RestAssured
.given()
.header("current-user", "customer-admin@xxx.example.com")
.header("current-subject", "customer-admin@xxx.example.com")
.port(port)
.when()
.delete("http://localhost/api/rbac/users/" + givenUser.getUuid())
.delete("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
.then().log().all().assertThat()
// that user cannot even see other users, thus the system won't even try to delete
.statusCode(204);
// @formatter:on
// finally, the user is still there
assertThat(rbacUserRepository.findByName(givenUser.getName())).isNotNull();
assertThat(rbacSubjectRepository.findByName(givenUser.getName())).isNotNull();
}
@Test
@@ -421,33 +421,33 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
final var location = RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/rbac/users/" + givenUser.getUuid())
.delete("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
.then().log().all().assertThat()
.statusCode(204);
// @formatter:on
// finally, the user is actually deleted
assertThat(rbacUserRepository.findByName(givenUser.getName())).isNull();
assertThat(rbacSubjectRepository.findByName(givenUser.getName())).isNull();
}
}
RbacUserEntity findRbacUserByName(final String userName) {
RbacSubjectEntity findRbacSubjectByName(final String userName) {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
return rbacUserRepository.findByName(userName);
return rbacSubjectRepository.findByName(userName);
}).returnedValue();
}
RbacUserEntity givenANewUser() {
RbacSubjectEntity givenANewUser() {
final var givenUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
final var givenUser = jpaAttempt.transacted(() -> {
context.define(null);
return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), givenUserName));
return rbacSubjectRepository.create(new RbacSubjectEntity(UUID.randomUUID(), givenUserName));
}).assumeSuccessful().returnedValue();
assertThat(rbacUserRepository.findByName(givenUser.getName())).isNotNull();
assertThat(rbacSubjectRepository.findByName(givenUser.getName())).isNotNull();
return givenUser;
}
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerRestTest.java → src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerRestTest.java
+10 -10
View File
@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.rbac.rbacuser;
package net.hostsharing.hsadminng.rbac.subject;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.mapper.Mapper;
@@ -30,10 +30,10 @@ import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@WebMvcTest(RbacUserController.class)
@WebMvcTest(RbacSubjectController.class)
@Import(Mapper.class)
@RunWith(SpringRunner.class)
class RbacUserControllerRestTest {
class RbacSubjectControllerRestTest {
@Autowired
MockMvc mockMvc;
@@ -42,7 +42,7 @@ class RbacUserControllerRestTest {
Context contextMock;
@MockBean
RbacUserRepository rbacUserRepository;
RbacSubjectRepository rbacSubjectRepository;
@Mock
EntityManager em;
@@ -59,13 +59,13 @@ class RbacUserControllerRestTest {
}
@Test
void createUserUsesGivenUuid() throws Exception {
void createSubjectUsesGivenUuid() throws Exception {
// given
final var givenUuid = UUID.randomUUID();
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/rbac/users")
.post("/api/rbac/subjects")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -79,14 +79,14 @@ class RbacUserControllerRestTest {
.andExpect(jsonPath("uuid", is(givenUuid.toString())));
// then
verify(rbacUserRepository).create(argThat(entity -> entity.getUuid().equals(givenUuid)));
verify(rbacSubjectRepository).create(argThat(entity -> entity.getUuid().equals(givenUuid)));
}
@Test
void createUserGeneratesRandomUuidIfNotGiven() throws Exception {
void createSubjectGeneratesRandomUuidIfNotGiven() throws Exception {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/rbac/users")
.post("/api/rbac/subjects")
.contentType(MediaType.APPLICATION_JSON)
.content("{}")
.accept(MediaType.APPLICATION_JSON))
@@ -96,6 +96,6 @@ class RbacUserControllerRestTest {
.andExpect(jsonPath("uuid", isUuidValid()));
// then
verify(rbacUserRepository).create(argThat(entity -> entity.getUuid() != null));
verify(rbacSubjectRepository).create(argThat(entity -> entity.getUuid() != null));
}
}
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserEntityUnitTest.java → src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectEntityUnitTest.java
+3 -3
View File
@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.rbac.rbacuser;
package net.hostsharing.hsadminng.rbac.subject;
import org.junit.jupiter.api.Test;
@@ -9,9 +9,9 @@ import java.util.UUID;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
class RbacUserEntityUnitTest {
class RbacSubjectEntityUnitTest {
RbacUserEntity givenUser = new RbacUserEntity(UUID.randomUUID(), "test@example.org");
RbacSubjectEntity givenUser = new RbacSubjectEntity(UUID.randomUUID(), "test@example.org");
@Test
void generatedAccessCodeMatchesDefinedPattern() {
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java → src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java
+48 -56
View File
@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.rbac.rbacuser;
package net.hostsharing.hsadminng.rbac.subject;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.ContextBasedTest;
@@ -26,10 +26,10 @@ import static org.assertj.core.api.Assertions.assertThat;
@DataJpaTest
@Import( { Context.class, JpaAttempt.class })
class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest {
@Autowired
RbacUserRepository rbacUserRepository;
RbacSubjectRepository rbacSubjectRepository;
@Autowired
JpaAttempt jpaAttempt;
@@ -41,7 +41,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
HttpServletRequest request;
@Nested
class CreateUser {
class CreateSubject {
@Test
@Transactional(propagation = Propagation.NEVER)
@@ -54,35 +54,35 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
// when:
final var result = jpaAttempt.transacted(() -> {
context(null);
return rbacUserRepository.create(new RbacUserEntity(givenUuid, newUserName));
return rbacSubjectRepository.create(new RbacSubjectEntity(givenUuid, newUserName));
});
// then:
assertThat(result.wasSuccessful()).isTrue();
assertThat(result.returnedValue()).isNotNull()
.extracting(RbacUserEntity::getUuid).isEqualTo(givenUuid);
assertThat(rbacUserRepository.findByName(result.returnedValue().getName())).isNotNull();
.extracting(RbacSubjectEntity::getUuid).isEqualTo(givenUuid);
assertThat(rbacSubjectRepository.findByName(result.returnedValue().getName())).isNotNull();
}
}
@Nested
class DeleteUser {
class DeleteSubject {
@Test
@Transactional(propagation = Propagation.NEVER)
public void anyoneCanDeleteTheirOwnUser() {
// given
final RbacUserEntity givenUser = givenANewUser();
final RbacSubjectEntity givenUser = givenANewSubject();
// when
final var result = jpaAttempt.transacted(() -> {
context(givenUser.getName());
rbacUserRepository.deleteByUuid(givenUser.getUuid());
rbacSubjectRepository.deleteByUuid(givenUser.getUuid());
});
// then the user is deleted
result.assertSuccessful();
assertThat(rbacUserRepository.findByName(givenUser.getName())).isNull();
assertThat(rbacSubjectRepository.findByName(givenUser.getName())).isNull();
}
}
@@ -102,27 +102,27 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
);
@Test
public void globalAdmin_withoutAssumedRole_canViewAllRbacUsers() {
public void globalAdmin_withoutAssumedRole_canViewAllRbacSubjects() {
// given
context("superuser-alex@hostsharing.net");
// when
final var result = rbacUserRepository.findByOptionalNameLike(null);
final var result = rbacSubjectRepository.findByOptionalNameLike(null);
// then
allTheseRbacUsersAreReturned(result, ALL_TEST_DATA_USERS);
allTheseRbacSubjectsAreReturned(result, ALL_TEST_DATA_USERS);
}
@Test
public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacUsers() {
public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacSubjects() {
given:
context("superuser-alex@hostsharing.net", "global#global:ADMIN");
context("superuser-alex@hostsharing.net", "rbac.global#global:ADMIN");
// when
final var result = rbacUserRepository.findByOptionalNameLike(null);
final var result = rbacSubjectRepository.findByOptionalNameLike(null);
then:
allTheseRbacUsersAreReturned(result, ALL_TEST_DATA_USERS);
allTheseRbacSubjectsAreReturned(result, ALL_TEST_DATA_USERS);
}
@Test
@@ -131,10 +131,10 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
context("superuser-alex@hostsharing.net", "test_customer#xxx:ADMIN");
// when
final var result = rbacUserRepository.findByOptionalNameLike(null);
final var result = rbacSubjectRepository.findByOptionalNameLike(null);
then:
exactlyTheseRbacUsersAreReturned(
exactlyTheseRbacSubjectsAreReturned(
result,
"customer-admin@xxx.example.com",
"pac-admin-xxx00@xxx.example.com", "pac-admin-xxx01@xxx.example.com", "pac-admin-xxx02@xxx.example.com"
@@ -147,10 +147,10 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
context("customer-admin@xxx.example.com");
// when:
final var result = rbacUserRepository.findByOptionalNameLike(null);
final var result = rbacSubjectRepository.findByOptionalNameLike(null);
// then:
exactlyTheseRbacUsersAreReturned(
exactlyTheseRbacSubjectsAreReturned(
result,
"customer-admin@xxx.example.com",
"pac-admin-xxx00@xxx.example.com", "pac-admin-xxx01@xxx.example.com", "pac-admin-xxx02@xxx.example.com"
@@ -161,24 +161,24 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyUsersHavingRolesInThatPackage() {
context("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN");
final var result = rbacUserRepository.findByOptionalNameLike(null);
final var result = rbacSubjectRepository.findByOptionalNameLike(null);
exactlyTheseRbacUsersAreReturned(result, "pac-admin-xxx00@xxx.example.com");
exactlyTheseRbacSubjectsAreReturned(result, "pac-admin-xxx00@xxx.example.com");
}
@Test
public void packageAdmin_withoutAssumedRole_canViewOnlyUsersHavingRolesInThatPackage() {
context("pac-admin-xxx00@xxx.example.com");
final var result = rbacUserRepository.findByOptionalNameLike(null);
final var result = rbacSubjectRepository.findByOptionalNameLike(null);
exactlyTheseRbacUsersAreReturned(result, "pac-admin-xxx00@xxx.example.com");
exactlyTheseRbacSubjectsAreReturned(result, "pac-admin-xxx00@xxx.example.com");
}
}
@Nested
class ListUserPermissions {
class ListSubjectPermissions {
private static final String[] ALL_USER_PERMISSIONS = Array.of(
// @formatter:off
@@ -232,9 +232,9 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
context("superuser-alex@hostsharing.net");
// when
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("superuser-fran@hostsharing.net"))
final var result = rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid("superuser-fran@hostsharing.net"))
.stream().filter(p -> p.getObjectTable().contains("test_"))
.sorted(comparing(RbacUserPermission::toString)).toList();
.sorted(comparing(RbacSubjectPermission::toString)).toList();
// then
allTheseRbacPermissionsAreReturned(result, ALL_USER_PERMISSIONS);
@@ -246,7 +246,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
context("customer-admin@xxx.example.com");
// when
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("customer-admin@xxx.example.com"));
final var result = rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid("customer-admin@xxx.example.com"));
// then
allTheseRbacPermissionsAreReturned(
@@ -286,17 +286,17 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
public void customerAdmin_withoutAssumedRole_isNotAllowedToViewGlobalAdminsPermissions() {
// given
context("customer-admin@xxx.example.com");
final UUID userUuid = userUUID("superuser-alex@hostsharing.net");
final UUID subjectUuid = subjectUuid("superuser-alex@hostsharing.net");
// when
final var result = attempt(em, () ->
rbacUserRepository.findPermissionsOfUserByUuid(userUuid)
rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid)
);
// then
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"[403] permissions of user \"" + userUuid
"[403] permissions of user \"" + subjectUuid
+ "\" are not accessible to user \"customer-admin@xxx.example.com\"");
}
@@ -306,7 +306,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
context("customer-admin@xxx.example.com");
// when
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("pac-admin-xxx00@xxx.example.com"));
final var result = rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid("pac-admin-xxx00@xxx.example.com"));
// then
allTheseRbacPermissionsAreReturned(
@@ -342,7 +342,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
context("customer-admin@xxx.example.com");
// when
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("pac-admin-yyy00@yyy.example.com"));
final var result = rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid("pac-admin-yyy00@yyy.example.com"));
// then
noRbacPermissionsAreReturned(result);
@@ -354,7 +354,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
context("pac-admin-xxx00@xxx.example.com");
// when
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("pac-admin-xxx00@xxx.example.com"));
final var result = rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid("pac-admin-xxx00@xxx.example.com"));
// then
allTheseRbacPermissionsAreReturned(
@@ -385,51 +385,43 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
}
}
UUID userUUID(final String userName) {
return rbacUserRepository.findByName(userName).getUuid();
UUID subjectUuid(final String userName) {
return rbacSubjectRepository.findByName(userName).getUuid();
}
RbacUserEntity givenANewUser() {
RbacSubjectEntity givenANewSubject() {
final var givenUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
final var givenUser = jpaAttempt.transacted(() -> {
context(null);
return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), givenUserName));
return rbacSubjectRepository.create(new RbacSubjectEntity(UUID.randomUUID(), givenUserName));
}).assumeSuccessful().returnedValue();
assertThat(rbacUserRepository.findByName(givenUser.getName())).isNotNull();
assertThat(rbacSubjectRepository.findByName(givenUser.getName())).isNotNull();
return givenUser;
}
void exactlyTheseRbacUsersAreReturned(final List<RbacUserEntity> actualResult, final String... expectedUserNames) {
void exactlyTheseRbacSubjectsAreReturned(final List<RbacSubjectEntity> actualResult, final String... expectedUserNames) {
assertThat(actualResult)
.extracting(RbacUserEntity::getName)
.extracting(RbacSubjectEntity::getName)
.filteredOn(n -> !n.startsWith("test-user"))
.containsExactlyInAnyOrder(expectedUserNames);
}
void allTheseRbacUsersAreReturned(final List<RbacUserEntity> actualResult, final String... expectedUserNames) {
void allTheseRbacSubjectsAreReturned(final List<RbacSubjectEntity> actualResult, final String... expectedUserNames) {
assertThat(actualResult)
.extracting(RbacUserEntity::getName)
.extracting(RbacSubjectEntity::getName)
.filteredOn(n -> !n.startsWith("test-user"))
.contains(expectedUserNames);
}
void noRbacPermissionsAreReturned(
final List<RbacUserPermission> actualResult) {
final List<RbacSubjectPermission> actualResult) {
assertThat(actualResult)
.extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp())
.containsExactlyInAnyOrder();
}
void exactlyTheseRbacPermissionsAreReturned(
final List<RbacUserPermission> actualResult,
final String... expectedRoleNames) {
assertThat(actualResult)
.extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp())
.containsExactlyInAnyOrder(expectedRoleNames);
}
void allTheseRbacPermissionsAreReturned(
final List<RbacUserPermission> actualResult,
final List<RbacSubjectPermission> actualResult,
final String... expectedRoleNames) {
assertThat(actualResult)
.extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp()
@@ -438,7 +430,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
}
void noneOfTheseRbacPermissionsAreReturned(
final List<RbacUserPermission> actualResult,
final List<RbacSubjectPermission> actualResult,
final String... unexpectedRoleNames) {
assertThat(actualResult)
.extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp())
src/test/java/net/hostsharing/hsadminng/rbac/subject/TestRbacSubject.java
+14
View File
@@ -0,0 +1,14 @@
package net.hostsharing.hsadminng.rbac.subject;
import static java.util.UUID.randomUUID;
public class TestRbacSubject {
static final RbacSubjectEntity userxxx = rbacRole("customer-admin@xxx.example.com");
static final RbacSubjectEntity userBbb = rbacRole("customer-admin@bbb.example.com");
static public RbacSubjectEntity rbacRole(final String userName) {
return new RbacSubjectEntity(randomUUID(), userName);
}
}
src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java
+10 -10
View File
@@ -1,12 +1,12 @@
package net.hostsharing.hsadminng.rbac.test;
import net.hostsharing.hsadminng.rbac.context.ContextBasedTest;
import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantEntity;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity;
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository;
import net.hostsharing.hsadminng.rbac.object.BaseEntity;
import net.hostsharing.hsadminng.rbac.grant.RbacGrantEntity;
import net.hostsharing.hsadminng.rbac.grant.RbacGrantRepository;
import net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService;
import net.hostsharing.hsadminng.rbac.role.RbacRoleEntity;
import net.hostsharing.hsadminng.rbac.role.RbacRoleRepository;
import org.apache.commons.collections4.SetUtils;
import org.jetbrains.annotations.NotNull;
import org.junit.jupiter.api.AfterEach;
@@ -200,7 +200,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
});
}).caughtException();
// ... and in case of foreign key violations, we rely on the RbacObject cleanup.
// ... and in case of foreign key violations, we rely on the rbac.object cleanup.
if (exception != null) {
System.err.println(exception);
}
@@ -305,7 +305,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
protected String[] roleNames(final String sqlLikeExpression) {
final var pattern = Pattern.compile(sqlLikeExpression);
//noinspection unchecked
final List<Object[]> rows = (List<Object[]>) em.createNativeQuery("select * from rbacrole_ev where roleidname like 'hs_booking_project#%'")
final List<Object[]> rows = (List<Object[]>) em.createNativeQuery("select * from rbac.role_ev where roleidname like 'hs_booking_project#%'")
.getResultList();
return rows.stream()
.map(row -> (row[0]).toString())
@@ -322,7 +322,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
protected void generateRbacDiagramForCurrentSubjects(final EnumSet<RbacGrantsDiagramService.Include> include, final String name) {
RbacGrantsDiagramService.writeToFile(
name,
diagramService.allGrantsToCurrentUser(include),
diagramService.allGrantsTocurrentSubject(include),
"doc/temp/" + name + ".md"
);
}
@@ -362,7 +362,7 @@ interface RbacObjectRepository extends Repository<RbacObjectEntity, UUID> {
}
@Entity
@Table(name = "rbacobject")
@Table(schema ="rbac", name = "object")
class RbacObjectEntity {
@Id
src/test/java/net/hostsharing/hsadminng/rbac/test/EntityList.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.rbac.test;
import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity;
import net.hostsharing.hsadminng.rbac.object.BaseEntity;
import java.util.List;
src/test/java/net/hostsharing/hsadminng/rbac/test/PatchUnitTestBase.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.rbac.test;
import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity;
import net.hostsharing.hsadminng.rbac.object.BaseEntity;
import net.hostsharing.hsadminng.mapper.EntityPatcher;
import org.junit.jupiter.api.Named;
import org.junit.jupiter.api.Test;
src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java
+10 -10
View File
@@ -54,7 +54,7 @@ class TestCustomerControllerAcceptanceTest {
void globalAdmin_withoutAssumedRoles_canViewAllCustomers_ifNoCriteriaGiven() {
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/test/customers")
@@ -72,7 +72,7 @@ class TestCustomerControllerAcceptanceTest {
void globalAdmin_withoutAssumedRoles_canViewMatchingCustomers_ifCriteriaGiven() {
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/test/customers?prefix=y")
@@ -88,7 +88,7 @@ class TestCustomerControllerAcceptanceTest {
void globalAdmin_withoutAssumedCustomerAdminRole_canOnlyViewOwnCustomer() {
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#yyy:ADMIN")
.port(port)
.when()
@@ -105,7 +105,7 @@ class TestCustomerControllerAcceptanceTest {
void customerAdmin_withoutAssumedRole_canOnlyViewOwnCustomer() {
RestAssured // @formatter:off
.given()
.header("current-user", "customer-admin@yyy.example.com")
.header("current-subject", "customer-admin@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/test/customers")
@@ -126,7 +126,7 @@ class TestCustomerControllerAcceptanceTest {
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@@ -146,10 +146,10 @@ class TestCustomerControllerAcceptanceTest {
.extract().header("Location"); // @formatter:on
// finally, the new customer can be viewed by its own admin
final var newUserUuid = UUID.fromString(
final var newSubjectUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
context.define("superuser-fran@hostsharing.net", "test_customer#uuu:ADMIN");
assertThat(testCustomerRepository.findByUuid(newUserUuid))
assertThat(testCustomerRepository.findByUuid(newSubjectUuid))
.hasValueSatisfying(c -> assertThat(c.getPrefix()).isEqualTo("uuu"));
}
@@ -158,7 +158,7 @@ class TestCustomerControllerAcceptanceTest {
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx:ADMIN")
.contentType(ContentType.JSON)
.body("""
@@ -189,7 +189,7 @@ class TestCustomerControllerAcceptanceTest {
RestAssured // @formatter:off
.given()
.header("current-user", "customer-admin@yyy.example.com")
.header("current-subject", "customer-admin@yyy.example.com")
.contentType(ContentType.JSON)
.body("""
{
@@ -219,7 +219,7 @@ class TestCustomerControllerAcceptanceTest {
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("{]") // deliberately invalid JSON
.port(port)
src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntityUnitTest.java
+7 -7
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.rbac.test.cust;
import net.hostsharing.hsadminng.rbac.rbacdef.RbacViewMermaidFlowchartGenerator;
import net.hostsharing.hsadminng.rbac.generator.RbacViewMermaidFlowchartGenerator;
import org.junit.jupiter.api.Test;
import static org.assertj.core.api.Assertions.assertThat;
@@ -13,19 +13,19 @@ class TestCustomerEntityUnitTest {
assertThat(rbacFlowchart).isEqualTo("""
%%{init:{'flowchart':{'htmlLabels':false}}}%%
flowchart TB
subgraph customer["`**customer**`"]
direction TB
style customer fill:#dd4901,stroke:#274d6e,stroke-width:8px
subgraph customer:roles[ ]
style customer:roles fill:#dd4901,stroke:white
role:customer:OWNER[[customer:OWNER]]
role:customer:ADMIN[[customer:ADMIN]]
role:customer:TENANT[[customer:TENANT]]
end
subgraph customer:permissions[ ]
style customer:permissions fill:#dd4901,stroke:white
@@ -40,12 +40,12 @@ class TestCustomerEntityUnitTest {
user:creator ==>|XX| role:customer:OWNER
%% granting roles to roles
role:global:ADMIN ==>|XX| role:customer:OWNER
role:rbac.global:ADMIN ==>|XX| role:customer:OWNER
role:customer:OWNER ==> role:customer:ADMIN
role:customer:ADMIN ==> role:customer:TENANT
%% granting permissions to roles
role:global:ADMIN ==> perm:customer:INSERT
role:rbac.global:ADMIN ==> perm:customer:INSERT
role:customer:OWNER ==> perm:customer:DELETE
role:customer:ADMIN ==> perm:customer:UPDATE
role:customer:TENANT ==> perm:customer:SELECT
src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java
+6 -6
View File
@@ -43,7 +43,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx:ADMIN")
.port(port)
.when()
@@ -65,7 +65,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx:ADMIN")
.port(port)
.when()
@@ -94,7 +94,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx:ADMIN")
.contentType(ContentType.JSON)
.body(format("""
@@ -125,7 +125,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx:ADMIN")
.contentType(ContentType.JSON)
.body("""
@@ -155,7 +155,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx:ADMIN")
.contentType(ContentType.JSON)
.body("{}")
@@ -175,7 +175,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off
return UUID.fromString(RestAssured
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx:ADMIN")
.port(port)
.when()
src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntityUnitTest.java
+2 -2
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.rbac.test.pac;
import net.hostsharing.hsadminng.rbac.rbacdef.RbacViewMermaidFlowchartGenerator;
import net.hostsharing.hsadminng.rbac.generator.RbacViewMermaidFlowchartGenerator;
import org.junit.jupiter.api.Test;
import static org.assertj.core.api.Assertions.assertThat;
@@ -50,7 +50,7 @@ class TestPackageEntityUnitTest {
end
%% granting roles to roles
role:global:ADMIN -.->|XX| role:customer:OWNER
role:rbac.global:ADMIN -.->|XX| role:customer:OWNER
role:customer:OWNER -.-> role:customer:ADMIN
role:customer:ADMIN -.-> role:customer:TENANT
role:customer:ADMIN ==> role:package:OWNER
src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java
+2 -2
View File
@@ -40,7 +40,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canNotViewAnyPackages_becauseThoseGrantsAreNotAssumed() {
// given
// alex is not just global-admin but lso the creating user, thus we use fran
// alex is not just rbac.global-admin but lso the creating user, thus we use fran
context.define("superuser-fran@hostsharing.net");
// when
@@ -53,7 +53,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withAssumedglobalAdminRole__canNotViewAnyPackages_becauseThoseGrantsAreNotAssumed() {
given:
context.define("superuser-alex@hostsharing.net", "global#global:ADMIN");
context.define("superuser-alex@hostsharing.net", "rbac.global#global:ADMIN");
// when
final var result = testPackageRepository.findAllByOptionalNameLike(null);