1
0

improve test code coverage and introduce context.register

This commit is contained in:
Michael Hoennig
2022-08-26 14:13:02 +02:00
parent 1a18ba4a3d
commit 2124d448bf
16 changed files with 360 additions and 253 deletions

View File

@ -7,10 +7,8 @@ import java.util.stream.Collectors;
/**
* A nicer API for ModelMapper.
*
* MOst
*/
public class Mapper {
public abstract class Mapper {
private final static ModelMapper modelMapper = new ModelMapper();

View File

@ -1,12 +1,16 @@
package net.hostsharing.hsadminng.context;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.servlet.http.HttpServletRequest;
import java.util.Optional;
import static org.springframework.transaction.annotation.Propagation.*;
import static org.springframework.transaction.annotation.Propagation.MANDATORY;
@Service
public class Context {
@ -14,23 +18,55 @@ public class Context {
@PersistenceContext
private EntityManager em;
@Autowired(required = false)
private HttpServletRequest request;
@Transactional(propagation = MANDATORY)
public void register(final String currentUser, final String assumedRoles) {
if (request != null) {
setCurrentTask(request.getMethod() + " " + request.getRequestURI());
} else {
final Optional<StackWalker.StackFrame> caller =
StackWalker.getInstance(StackWalker.Option.RETAIN_CLASS_REFERENCE)
.walk(frames ->
frames.skip(1)
.filter(c -> c.getDeclaringClass()
.getPackageName()
.startsWith("net.hostsharing.hsadminng"))
.filter(c -> !c.getDeclaringClass().getName().contains("BySpringCGLIB$$"))
.findFirst());
final var callerName = caller.map(
c -> c.getDeclaringClass().getSimpleName() + "." + c.getMethodName())
.orElse("unknown");
setCurrentTask(callerName);
}
setCurrentUser(currentUser);
if (!StringUtils.isBlank(assumedRoles)) {
assumeRoles(assumedRoles);
}
}
@Transactional(propagation = MANDATORY)
public void setCurrentTask(final String task) {
em.createNativeQuery(
String.format(
"set local hsadminng.currentTask = '%s';",
task
)
).executeUpdate();
final var sql = String.format(
"set local hsadminng.currentTask = '%s';",
shortenToMaxLength(task, 95)
);
em.createNativeQuery(sql).executeUpdate();
}
public String getCurrentTask() {
return (String) em.createNativeQuery("select current_setting('hsadminng.currentTask');").getSingleResult();
}
@Transactional(propagation = MANDATORY)
public void setCurrentUser(final String userName) {
em.createNativeQuery(
String.format(
"set local hsadminng.currentUser = '%s';",
userName
)
String.format(
"set local hsadminng.currentUser = '%s';",
userName
)
).executeUpdate();
assumeNoSpecialRole();
}
@ -42,17 +78,17 @@ public class Context {
@Transactional(propagation = MANDATORY)
public void assumeRoles(final String roles) {
em.createNativeQuery(
String.format(
"set local hsadminng.assumedRoles = '%s';",
roles
)
String.format(
"set local hsadminng.assumedRoles = '%s';",
roles
)
).executeUpdate();
}
@Transactional(propagation = MANDATORY)
public void assumeNoSpecialRole() {
em.createNativeQuery(
"set local hsadminng.assumedRoles = '';"
"set local hsadminng.assumedRoles = '';"
).executeUpdate();
}
@ -60,4 +96,7 @@ public class Context {
return (String[]) em.createNativeQuery("select assumedRoles()").getSingleResult();
}
private static String shortenToMaxLength(final String task, final int maxLength) {
return task.substring(0, Math.min(task.length(), maxLength));
}
}

View File

@ -29,14 +29,11 @@ public class CustomerController implements CustomersApi {
@Override
@Transactional(readOnly = true)
public ResponseEntity<List<CustomerResource>> listCustomers(
String userName,
String currentUser,
String assumedRoles,
String prefix
) {
context.setCurrentUser(userName);
if (!StringUtils.isBlank(assumedRoles)) {
context.assumeRoles(assumedRoles);
}
context.register(currentUser, assumedRoles);
final var result = customerRepository.findCustomerByOptionalPrefixLike(prefix);
@ -50,11 +47,8 @@ public class CustomerController implements CustomersApi {
final String assumedRoles,
final CustomerResource customer) {
context.setCurrentTask("create new customer: #" + customer.getReference() + " / " + customer.getPrefix());
context.setCurrentUser(currentUser);
if (!StringUtils.isBlank(assumedRoles)) {
context.assumeRoles(assumedRoles);
}
context.register(currentUser, assumedRoles);
if (customer.getUuid() == null) {
customer.setUuid(UUID.randomUUID());
}

View File

@ -29,14 +29,12 @@ public class PackageController implements PackagesApi {
@Override
@Transactional(readOnly = true)
public ResponseEntity<List<PackageResource>> listPackages(
String userName,
String currentUser,
String assumedRoles,
String name
) {
context.setCurrentUser(userName);
if (!StringUtils.isBlank(assumedRoles)) {
context.assumeRoles(assumedRoles);
}
context.register(currentUser, assumedRoles);
final var result = packageRepository.findAllByOptionalNameLike(name);
return ResponseEntity.ok(mapList(result, PackageResource.class));
}
@ -49,10 +47,8 @@ public class PackageController implements PackagesApi {
final UUID packageUuid,
final PackageUpdateResource body) {
context.setCurrentUser(currentUser);
if (!StringUtils.isBlank(assumedRoles)) {
context.assumeRoles(assumedRoles);
}
context.register(currentUser, assumedRoles);
final var current = packageRepository.findByUuid(packageUuid);
OptionalFromJson.of(body.getDescription()).ifPresent(current::setDescription);
final var saved = packageRepository.save(current);

View File

@ -38,10 +38,7 @@ public class RbacGrantController implements RbacgrantsApi {
final UUID grantedRoleUuid,
final UUID granteeUserUuid) {
context.setCurrentUser(currentUser);
if (!StringUtils.isBlank(assumedRoles)) {
context.assumeRoles(assumedRoles);
}
context.register(currentUser, assumedRoles);
final var id = new RbacGrantId(granteeUserUuid, grantedRoleUuid);
final var result = rbacGrantRepository.findById(id);
@ -57,10 +54,8 @@ public class RbacGrantController implements RbacgrantsApi {
final String currentUser,
final String assumedRoles) {
context.setCurrentUser(currentUser);
if (!StringUtils.isBlank(assumedRoles)) {
context.assumeRoles(assumedRoles);
}
context.register(currentUser, assumedRoles);
return ResponseEntity.ok(mapList(rbacGrantRepository.findAll(), RbacGrantResource.class));
}
@ -71,11 +66,7 @@ public class RbacGrantController implements RbacgrantsApi {
final String assumedRoles,
final RbacGrantResource body) {
context.setCurrentTask("granting role to user");
context.setCurrentUser(currentUser);
if (!StringUtils.isBlank(assumedRoles)) {
context.assumeRoles(assumedRoles);
}
context.register(currentUser, assumedRoles);
final var granted = rbacGrantRepository.save(map(body, RbacGrantEntity.class));
em.flush();
@ -97,11 +88,7 @@ public class RbacGrantController implements RbacgrantsApi {
final UUID grantedRoleUuid,
final UUID granteeUserUuid) {
context.setCurrentTask("revoking role from user");
context.setCurrentUser(currentUser);
if (!StringUtils.isBlank(assumedRoles)) {
context.assumeRoles(assumedRoles);
}
context.register(currentUser, assumedRoles);
rbacGrantRepository.deleteByRbacGrantId(new RbacGrantId(granteeUserUuid, grantedRoleUuid));

View File

@ -22,34 +22,34 @@ public class RbacGrantEntity {
@Column(name = "grantedbyroleidname", updatable = false, insertable = false)
private String grantedByRoleIdName;
@Column(name = "grantedroleidname", updatable = false, insertable = false)
private String grantedRoleIdName;
@Column(name = "username", updatable = false, insertable = false)
private String granteeUserName;
private boolean assumed;
@Column(name = "grantedbyroleuuid", updatable = false, insertable = false)
private UUID grantedByRoleUuid;
@Column(name = "grantedroleidname", updatable = false, insertable = false)
private String grantedRoleIdName;
@Id
@Column(name = "grantedroleuuid")
private UUID grantedRoleUuid;
@Column(name = "username", updatable = false, insertable = false)
private String granteeUserName;
@Id
@Column(name = "useruuid")
private UUID granteeUserUuid;
private boolean assumed;
@Column(name = "objecttable", updatable = false, insertable = false)
private String objectTable;
@Column(name = "objectuuid", updatable = false, insertable = false)
private UUID objectUuid;
@Column(name = "objectidname", updatable = false, insertable = false)
private String objectIdName;
@Column(name = "objectuuid", updatable = false, insertable = false)
private UUID objectUuid;
@Column(name = "grantedroletype", updatable = false, insertable = false)
@Enumerated(EnumType.STRING)
private RbacRoleType grantedRoleType;

View File

@ -3,7 +3,6 @@ package net.hostsharing.hsadminng.rbac.rbacrole;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.generated.api.v1.api.RbacrolesApi;
import net.hostsharing.hsadminng.generated.api.v1.model.RbacRoleResource;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
@ -26,13 +25,11 @@ public class RbacRoleController implements RbacrolesApi {
@Override
@Transactional(readOnly = true)
public ResponseEntity<List<RbacRoleResource>> listRoles(
final String currentUser,
final String assumedRoles) {
final String currentUser,
final String assumedRoles) {
context.register(currentUser, assumedRoles);
context.setCurrentUser(currentUser);
if (!StringUtils.isBlank(assumedRoles)) {
context.assumeRoles(assumedRoles);
}
return ResponseEntity.ok(mapList(rbacRoleRepository.findAll(), RbacRoleResource.class));
}

View File

@ -33,8 +33,7 @@ public class RbacUserController implements RbacusersApi {
public ResponseEntity<RbacUserResource> createUser(
final RbacUserResource body
) {
context.setCurrentTask("creating new user: " + body.getName());
context.setCurrentUser(body.getName());
context.register(body.getName(), null);
if (body.getUuid() == null) {
body.setUuid(UUID.randomUUID());
@ -56,10 +55,7 @@ public class RbacUserController implements RbacusersApi {
final String assumedRoles,
final UUID userUuid) {
context.setCurrentUser(currentUser);
if (!StringUtils.isBlank(assumedRoles)) {
context.assumeRoles(assumedRoles);
}
context.register(currentUser, assumedRoles);
final var result = rbacUserRepository.findByUuid(userUuid);
if (result == null) {
@ -71,28 +67,24 @@ public class RbacUserController implements RbacusersApi {
@Override
@Transactional(readOnly = true)
public ResponseEntity<List<RbacUserResource>> listUsers(
final String currentUserName,
final String currentUser,
final String assumedRoles,
final String userName
) {
context.setCurrentUser(currentUserName);
if (!StringUtils.isBlank(assumedRoles)) {
context.assumeRoles(assumedRoles);
}
context.register(currentUser, assumedRoles);
return ResponseEntity.ok(mapList(rbacUserRepository.findByOptionalNameLike(userName), RbacUserResource.class));
}
@Override
@Transactional(readOnly = true)
public ResponseEntity<List<RbacUserPermissionResource>> listUserPermissions(
final String currentUserName,
final String currentUser,
final String assumedRoles,
final UUID userUuid
) {
context.setCurrentUser(currentUserName);
if (!StringUtils.isBlank(assumedRoles)) {
context.assumeRoles(assumedRoles);
}
context.register(currentUser, assumedRoles);
return ResponseEntity.ok(mapList(rbacUserRepository.findPermissionsOfUserByUuid(userUuid), RbacUserPermissionResource.class));
}
}