add CustomerRepositoryIntegrationTest, fix testcontainers liquibase context and improve error messages

2022-07-31 18:56:03 +02:00
parent 5d4fb85383
commit 27c5699c36
6 changed files with 214 additions and 24 deletions
--- a/src/test/java/net/hostsharing/hsadminng/hscustomer/CustomerRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hscustomer/CustomerRepositoryIntegrationTest.java
@ -0,0 +1,155 @@
+package net.hostsharing.hsadminng.hscustomer;
+
+import net.hostsharing.hsadminng.context.Context;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.orm.jpa.JpaSystemException;
+
+import javax.persistence.EntityManager;
+import javax.transaction.Transactional;
+import java.util.Optional;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+@DataJpaTest
+@ComponentScan(basePackageClasses = { Context.class, CustomerRepository.class })
+class CustomerRepositoryIntegrationTest {
+
+    final static String adminUser = "mike@hostsharing.net";
+    final static String customerAaa = "admin@aaa.example.com";
+
+    @Autowired
+    Context context;
+
+    @Autowired
+    CustomerRepository customerRepository;
+
+    @Autowired EntityManager em;
+
+    @Test
+    @Transactional
+    void hostsharingAdminWithoutAssumedRoleCanViewAllCustomers() {
+        // given
+        context.setCurrentUser(adminUser);
+
+        // when
+        final var actual = customerRepository.findAll();
+
+        // then
+
+        assertThat(actual).hasSize(3)
+            .extracting(CustomerEntity::getPrefix)
+            .containsExactlyInAnyOrder("aaa", "aab", "aac");
+    }
+
+    @Test
+    @Transactional
+    void hostsharingAdminWithAssumedHostsharingAdminRoleCanViewAllCustomers() {
+        // given
+        context.setCurrentUser(adminUser);
+        context.assumeRoles("global#hostsharing.admin");
+
+        // when
+        final var actual = customerRepository.findAll();
+
+        // then
+
+        assertThat(actual).hasSize(3)
+            .extracting(CustomerEntity::getPrefix)
+            .containsExactlyInAnyOrder("aaa", "aab", "aac");
+    }
+
+    @Test
+    @Transactional
+    void customerAdminWithoutAssumedRoleCanViewItsOwnCustomer() {
+        // given
+        context.setCurrentUser(customerAaa);
+
+        // when
+        final var actual = customerRepository.findAll();
+
+        // then
+
+        assertThat(actual).hasSize(1)
+            .extracting(CustomerEntity::getPrefix)
+            .containsExactly("aaa");
+    }
+
+    @Test
+    @Transactional
+    void customerAdminWithAssumedOwnedPackageAdminRoleCanViewItsOwnCustomer() {
+        // given
+        context.setCurrentUser(customerAaa);
+        context.assumeRoles("package#aaa00.admin");
+
+        // when
+        final var actual = customerRepository.findAll();
+
+        // then
+        assertThat(actual).hasSize(1)
+            .extracting(CustomerEntity::getPrefix)
+            .containsExactly("aaa");
+    }
+
+    @Test
+    @Transactional
+    void customerAdminWithAssumedAlienPackageAdminRoleCanViewItsOwnCustomer() {
+        // given
+        context.setCurrentUser(customerAaa);
+        context.assumeRoles("package#aab00.admin");
+
+        // when
+        final JpaSystemException thrown =
+            assertThrows(JpaSystemException.class, () -> customerRepository.findAll());
+
+        // then
+        assertThat(firstRootCauseMessageLineOf(thrown)).matches(
+            ".* user admin@aaa.example.com .* has no permission to assume role package#aab00#admin .*"
+        );
+   }
+
+    @Test
+    @Transactional
+    void unknownUserWithoutAssumedRoleCannotViewAnyCustomers() {
+        // given
+        context.setCurrentUser("unknown@example.org");
+
+        // when
+        final JpaSystemException thrown =
+            assertThrows(JpaSystemException.class, () -> customerRepository.findAll());
+
+        // then
+        assertThat(firstRootCauseMessageLineOf(thrown)).matches(
+            ".* user unknown@example.org does not exist.*"
+        );
+    }
+
+    @Test
+    @Transactional
+    void unknownUserWithAssumedRoleCannotViewAnyCustomers() {
+        // given
+        context.setCurrentUser("unknown@example.org");
+        assertThat(context.getCurrentUser()).isEqualTo("unknown@example.org");
+        context.assumeRoles("customer#aaa.admin");
+
+
+        // when
+        final JpaSystemException thrown =
+            assertThrows(JpaSystemException.class, () -> customerRepository.findAll());
+
+        // then
+        assertThat(firstRootCauseMessageLineOf(thrown)).matches(
+            ".* user unknown@example.org does not exist.*"
+        );
+    }
+
+    private String firstRootCauseMessageLineOf(final JpaSystemException throwable) {
+        return Optional.ofNullable(throwable.getRootCause())
+            .map(Throwable::getMessage)
+            .map( message -> message.split("\\r|\\n|\\r\\n", 0)[0])
+        .orElse(null);
+    }
+}
--- a/src/test/resources/application.yml
+++ b/src/test/resources/application.yml
@ -4,7 +4,8 @@ spring:
            platform: postgres

    datasource:
-        url: jdbc:tc:postgresql:12.9-alpine:///spring_boot_testcontainers
+        url: jdbc:tc:postgresql:13.7-bullseye:///spring_boot_testcontainers
+        url-local: jdbc:postgresql://localhost:5432/postgres
        username: postgres
        password: password

@ -23,11 +24,8 @@ spring:

    liquibase:
        change-log: classpath:/db/changelog/db.changelog-master.yaml
-        contexts: test
+        contexts: tc,test,dev

 logging:
    level:
        liquibase: INFO
-
-liquibase:
-    contexts: dev,tc