hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

use context.define(...) instead of setCurrent...

Browse Source
This commit is contained in:
Michael Hoennig
2022-08-28 17:30:27 +02:00
parent 7d4815e2cf
commit 4aa8b85bb6
20 changed files with 601 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/test/java/net/hostsharing/hsadminng/context/ContextBasedTest.java
View File

@@ -4,8 +4,6 @@ import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.TestInfo;
import org.springframework.beans.factory.annotation.Autowired;
import static org.assertj.core.api.Assertions.assertThat;
public class ContextBasedTest {
@Autowired
@@ -18,18 +16,9 @@ public class ContextBasedTest {
this.test = testInfo;
}
// TODO: remove the class and check which task is recorded
protected void context(final String currentUser, final String assumedRoles) {
context.setCurrentTask(test.getDisplayName());
context.setCurrentUser(currentUser);
assertThat(context.getCurrentUser()).as("precondition").isEqualTo(currentUser);
if (assumedRoles != null) {
context.assumeRoles(assumedRoles);
assertThat(context.getAssumedRoles()).as("precondition").containsExactly(assumedRoles.split(";"));
// } else {
// context.assumeNoSpecialRole();
}
context.define(test.getDisplayName(), null, currentUser, assumedRoles);
}
protected void context(final String currentUser) {

7
src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java
View File

@@ -20,7 +20,7 @@ class ContextIntegrationTests {
@Test
void registerWithoutHttpServletRequestUsesCallStack() {
context.register("current-user", null);
context.define("current-user", null);
final var currentTask = context.getCurrentTask();
assertThat(currentTask).isEqualTo("ContextIntegrationTests.registerWithoutHttpServletRequestUsesCallStack");
@@ -29,7 +29,7 @@ class ContextIntegrationTests {
@Test
@Transactional
void setCurrentUser() {
context.setCurrentUser("mike@hostsharing.net");
context.define("mike@hostsharing.net");
final var currentUser = context.getCurrentUser();
assertThat(currentUser).isEqualTo("mike@hostsharing.net");
@@ -41,8 +41,7 @@ class ContextIntegrationTests {
@Test
@Transactional
void assumeRoles() {
context.setCurrentUser("mike@hostsharing.net");
context.assumeRoles("customer#xxx.owner;customer#yyy.owner");
context.define("mike@hostsharing.net", "customer#xxx.owner;customer#yyy.owner");
final var currentUser = context.getCurrentUser();
assertThat(currentUser).isEqualTo("mike@hostsharing.net");

168
src/test/java/net/hostsharing/hsadminng/context/ContextUnitTest.java
View File

@@ -1,15 +1,25 @@
package net.hostsharing.hsadminng.context;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import javax.servlet.http.HttpServletRequest;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import java.util.stream.Stream;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.verify;
@@ -22,16 +32,156 @@ class ContextUnitTest {
@Mock
Query nativeQuery;
@InjectMocks
Context context;
@Nested
class WithoutHttpRequest {
@Test
void registerWithoutHttpServletRequestUsesCallStack() {
given(em.createNativeQuery(any())).willReturn(nativeQuery);
@Mock
EntityManager em;
context.register("current-user", null);
@Mock
Query nativeQuery;
verify(em).createNativeQuery(
"set local hsadminng.currentTask = 'ContextUnitTest.registerWithoutHttpServletRequestUsesCallStack';");
@InjectMocks
Context context;
@BeforeEach
void setup() {
RequestContextHolder.setRequestAttributes(null);
given(em.createNativeQuery(any())).willReturn(nativeQuery);
}
@Test
void registerWithoutHttpServletRequestUsesCallStackForTask() {
given(em.createNativeQuery(any())).willReturn(nativeQuery);
context.define("current-user");
verify(em).createNativeQuery("call defineContext(:currentTask, :currentRequest, :currentUser, :assumedRoles);");
verify(nativeQuery).setParameter(
"currentTask",
"WithoutHttpRequest.registerWithoutHttpServletRequestUsesCallStackForTask");
}
@Test
void registerWithoutHttpServletRequestUsesEmptyStringForRequest() {
given(em.createNativeQuery(any())).willReturn(nativeQuery);
context.define("current-user");
verify(em).createNativeQuery("call defineContext(:currentTask, :currentRequest, :currentUser, :assumedRoles);");
verify(nativeQuery).setParameter("currentRequest", "");
}
}
@Nested
class WithHttpRequest {
@Mock
EntityManager em;
@Mock
Query nativeQuery;
@Mock
HttpServletRequest request;
@Mock
RequestAttributes requestAttributes;
@Mock
BufferedReader requestBodyReader;
@Mock
Stream<String> requestBodyLines;
@InjectMocks
Context context;
@BeforeEach
void setup() {
RequestContextHolder.setRequestAttributes(requestAttributes);
given(em.createNativeQuery(any())).willReturn(nativeQuery);
}
@Test
void registerWithHttpServletRequestUsesRequest() throws IOException {
givenRequest("POST", "http://localhost:9999/api/endpoint", Map.ofEntries(
Map.entry("current-user", "given-user"),
Map.entry("content-type", "application/json"),
Map.entry("user-agent", "given-user-agent")),
"{}");
context.define("current-user");
verify(em).createNativeQuery("call defineContext(:currentTask, :currentRequest, :currentUser, :assumedRoles);");
verify(nativeQuery).setParameter("currentTask", "POST http://localhost:9999/api/endpoint");
}
@Test
void registerWithHttpServletRequestForwardsRequestAsCurl() throws IOException {
givenRequest("POST", "http://localhost:9999/api/endpoint", Map.ofEntries(
Map.entry("current-user", "given-user"),
Map.entry("content-type", "application/json"),
Map.entry("user-agent", "given-user-agent")),
"{}");
context.define("current-user");
verify(em).createNativeQuery("call defineContext(:currentTask, :currentRequest, :currentUser, :assumedRoles);");
verify(nativeQuery).setParameter("currentRequest", """
curl -0 -v -X POST http://localhost:9999/api/endpoint \\
-H 'current-user:given-user' \\
-H 'content-type:application/json' \\
--data-binary @- << EOF
{}
EOF
""".trim());
}
@Test
void shortensCurrentTaskTo96Chars() throws IOException {
givenRequest("GET", "http://localhost:9999/api/endpoint/" + "0123456789".repeat(10),
Map.ofEntries(
Map.entry("current-user", "given-user"),
Map.entry("content-type", "application/json"),
Map.entry("user-agent", "given-user-agent")),
"{}");
context.define("current-user");
verify(em).createNativeQuery("call defineContext(:currentTask, :currentRequest, :currentUser, :assumedRoles);");
verify(nativeQuery).setParameter(eq("currentTask"), argThat((String t) -> t.length() == 96));
}
@Test
void shortensCurrentRequestTo512Chars() throws IOException {
givenRequest("GET", "http://localhost:9999/api/endpoint",
Map.ofEntries(
Map.entry("current-user", "given-user"),
Map.entry("content-type", "application/json"),
Map.entry("user-agent", "given-user-agent")),
"""
{
"dummy": "%s"
}
""".formatted("0123456789".repeat(60)));
context.define("current-user");
verify(em).createNativeQuery("call defineContext(:currentTask, :currentRequest, :currentUser, :assumedRoles);");
verify(nativeQuery).setParameter(eq("currentRequest"), argThat((String t) -> t.length() == 512));
}
private void givenRequest(final String method, final String url, final Map<String, String> headers, final String body)
throws IOException {
given(request.getMethod()).willReturn(method);
given(request.getRequestURI()).willReturn(url);
given(request.getHeaderNames()).willReturn(Collections.enumeration(headers.keySet()));
given(request.getHeader(anyString())).willAnswer(invocation -> headers.get(invocation.getArgument(0).toString()));
given(request.getReader()).willReturn(requestBodyReader);
given(requestBodyReader.lines()).willReturn(requestBodyLines);
given(requestBodyLines.collect(any())).willReturn(body);
}
}
}

111
src/test/java/net/hostsharing/hsadminng/context/HttpServletRequestBodyCacheUnitTest.java Normal file
View File

@@ -0,0 +1,111 @@
package net.hostsharing.hsadminng.context;
import org.junit.jupiter.api.Test;
import java.io.IOException;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.spy;
class HttpServletRequestBodyCacheUnitTest {
@Test
void readsTheStream() {
// given
try (final var givenBodyCache = new HttpServletRequestBodyCache("Hallo".getBytes())) {
// when
final var actual = new String(givenBodyCache.readAllBytes());
// then
assertThat(actual).isEqualTo("Hallo");
} catch (final IOException exc) {
throw new AssertionError("unexpected IO exception", exc);
}
}
@Test
void isReadyReturnsTrue() {
// given
try (final var givenBodyCache = new HttpServletRequestBodyCache("Hallo".getBytes())) {
// when
final var actual = givenBodyCache.isReady();
// then
assertThat(actual).isTrue();
} catch (final IOException exc) {
throw new AssertionError("unexpected IO exception", exc);
}
}
@Test
void isFinishedReturnsTrueWhenNotRead() {
// given
try (final var givenBodyCache = new HttpServletRequestBodyCache("Hallo".getBytes())) {
// when
final var actual = givenBodyCache.isFinished();
// then
assertThat(actual).isFalse();
} catch (final IOException exc) {
throw new AssertionError("unexpected IO exception", exc);
}
}
@Test
void isFinishedReturnsTrueWhenRead() {
// given
try (final var givenBodyCache = new HttpServletRequestBodyCache("Hallo".getBytes())) {
givenBodyCache.readAllBytes();
// when
final var actual = givenBodyCache.isFinished();
// then
assertThat(actual).isTrue();
} catch (final IOException exc) {
throw new AssertionError("unexpected IO exception", exc);
}
}
@Test
void isFinishedReturnsTrueOnException() {
// given
try (final var givenBodyCache = spy(new HttpServletRequestBodyCache("".getBytes()))) {
given(givenBodyCache.available()).willThrow(new IOException("fake exception"));
// when
final var actual = givenBodyCache.isFinished();
// then
assertThat(actual).isTrue();
} catch (final IOException exc) {
throw new AssertionError("unexpected IO exception", exc);
}
}
@Test
void setReadListenerThrowsNotImplementedException() {
// given
try (final var givenBodyCache = new HttpServletRequestBodyCache("Hallo".getBytes())) {
// when
final var exception = assertThrows(RuntimeException.class, () -> givenBodyCache.setReadListener(null));
// then
assertThat(exception.getMessage()).isEqualTo("Not implemented");
} catch (final IOException exc) {
throw new AssertionError("unexpected IO exception", exc);
}
}
}

30
src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerControllerAcceptanceTest.java
View File

@@ -57,7 +57,7 @@ class CustomerControllerAcceptanceTest {
}
@Test
void hostsharingAdmin_withoutAssumedRoles_canViewMatchingCustomers_ifCriteriaGiven() throws Exception {
void hostsharingAdmin_withoutAssumedRoles_canViewMatchingCustomers_ifCriteriaGiven() {
RestAssured // @formatter:off
.given()
.header("current-user", "mike@hostsharing.net")
@@ -73,7 +73,7 @@ class CustomerControllerAcceptanceTest {
}
@Test
void hostsharingAdmin_withoutAssumedCustomerAdminRole_canOnlyViewOwnCustomer() throws Exception {
void hostsharingAdmin_withoutAssumedCustomerAdminRole_canOnlyViewOwnCustomer() {
RestAssured // @formatter:off
.given()
.header("current-user", "mike@hostsharing.net")
@@ -90,14 +90,14 @@ class CustomerControllerAcceptanceTest {
}
@Test
void customerAdmin_withoutAssumedRole_canOnlyViewOwnCustomer() throws Exception {
void customerAdmin_withoutAssumedRole_canOnlyViewOwnCustomer() {
RestAssured // @formatter:off
.given()
.given()
.header("current-user", "customer-admin@yyy.example.com")
.port(port)
.when()
.when()
.get("http://localhost/api/customers")
.then().assertThat()
.then().assertThat()
.statusCode(200)
.contentType("application/json")
.body("[0].prefix", is("yyy"))
@@ -107,10 +107,10 @@ class CustomerControllerAcceptanceTest {
}
@Nested
class CreateCustomer {
class AddCustomer {
@Test
void hostsharingAdmin_withoutAssumedRole_canCreateCustomer() throws Exception {
void hostsharingAdmin_withoutAssumedRole_canAddCustomer() {
final var location = RestAssured // @formatter:off
.given()
@@ -136,13 +136,13 @@ class CustomerControllerAcceptanceTest {
// finally, the new customer can be viewed by its own admin
final var newUserUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
context.setCurrentUser("customer-admin@ttt.example.com");
context.define("customer-admin@ttt.example.com");
assertThat(customerRepository.findByUuid(newUserUuid))
.hasValueSatisfying(c -> assertThat(c.getPrefix()).isEqualTo("ttt"));
}
@Test
void hostsharingAdmin_withoutAssumedRole_canCreateCustomerWithGivenUuid() {
void hostsharingAdmin_withoutAssumedRole_canAddCustomerWithGivenUuid() {
final var givenUuid = UUID.randomUUID();
@@ -171,7 +171,7 @@ class CustomerControllerAcceptanceTest {
// finally, the new customer can be viewed by its own admin
final var newUserUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
context.setCurrentUser("customer-admin@vvv.example.com");
context.define("customer-admin@vvv.example.com");
assertThat(customerRepository.findByUuid(newUserUuid))
.hasValueSatisfying(c -> {
assertThat(c.getPrefix()).isEqualTo("vvv");
@@ -180,7 +180,7 @@ class CustomerControllerAcceptanceTest {
}
@Test
void hostsharingAdmin_withAssumedCustomerAdminRole_canNotCreateCustomer() throws Exception {
void hostsharingAdmin_withAssumedCustomerAdminRole_canNotAddCustomer() {
RestAssured // @formatter:off
.given()
@@ -205,12 +205,12 @@ class CustomerControllerAcceptanceTest {
// @formatter:on
// finally, the new customer was not created
context.setCurrentUser("sven@hostsharing.net");
context.define("sven@hostsharing.net");
assertThat(customerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
}
@Test
void customerAdmin_withoutAssumedRole_canNotCreateCustomer() throws Exception {
void customerAdmin_withoutAssumedRole_canNotAddCustomer() {
RestAssured // @formatter:off
.given()
@@ -234,7 +234,7 @@ class CustomerControllerAcceptanceTest {
// @formatter:on
// finally, the new customer was not created
context.setCurrentUser("sven@hostsharing.net");
context.define("sven@hostsharing.net");
assertThat(customerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
}
}

13
src/test/java/net/hostsharing/hsadminng/hs/hspackage/PackageControllerAcceptanceTest.java
View File

@@ -21,8 +21,8 @@ import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
@SpringBootTest(
webEnvironment = WebEnvironment.RANDOM_PORT,
classes = HsadminNgApplication.class
webEnvironment = WebEnvironment.RANDOM_PORT,
classes = HsadminNgApplication.class
)
@Transactional
class PackageControllerAcceptanceTest {
@@ -86,7 +86,7 @@ class PackageControllerAcceptanceTest {
void withDescriptionUpdatesDescription() {
assumeThat(getDescriptionOfPackage("xxx00"))
.isEqualTo("Here can add your own description of package xxx00.");
.isEqualTo("Here can add your own description of package xxx00.");
final var randomDescription = RandomStringUtils.randomAlphanumeric(80);
@@ -118,7 +118,7 @@ class PackageControllerAcceptanceTest {
void withNullDescriptionUpdatesDescriptionToNull() {
assumeThat(getDescriptionOfPackage("xxx01"))
.isEqualTo("Here can add your own description of package xxx01.");
.isEqualTo("Here can add your own description of package xxx01.");
// @formatter:off
RestAssured
@@ -147,7 +147,7 @@ class PackageControllerAcceptanceTest {
void withoutDescriptionDoesNothing() {
assumeThat(getDescriptionOfPackage("xxx02"))
.isEqualTo("Here can add your own description of package xxx02.");
.isEqualTo("Here can add your own description of package xxx02.");
// @formatter:off
RestAssured
@@ -185,8 +185,7 @@ class PackageControllerAcceptanceTest {
}
String getDescriptionOfPackage(final String packageName) {
context.setCurrentUser("mike@hostsharing.net");
context.assumeRoles("customer#xxx.admin");
context.define("mike@hostsharing.net","customer#xxx.admin");
return packageRepository.findAllByOptionalNameLike(packageName).get(0).getDescription();
}
}

31
src/test/java/net/hostsharing/hsadminng/hs/hspackage/PackageRepositoryIntegrationTest.java
View File

@@ -42,7 +42,7 @@ class PackageRepositoryIntegrationTest {
@Test
public void hostsharingAdmin_withoutAssumedRole_canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() {
// given
currentUser("mike@hostsharing.net");
context.define("mike@hostsharing.net");
// when
final var result = packageRepository.findAllByOptionalNameLike(null);
@@ -54,8 +54,7 @@ class PackageRepositoryIntegrationTest {
@Test
public void hostsharingAdmin_withAssumedHostsharingAdminRole__canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() {
given:
currentUser("mike@hostsharing.net");
assumedRoles("global#hostsharing.admin");
context.define("mike@hostsharing.net", "global#hostsharing.admin");
// when
final var result = packageRepository.findAllByOptionalNameLike(null);
@@ -67,7 +66,7 @@ class PackageRepositoryIntegrationTest {
@Test
public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnPackages() {
// given:
currentUser("customer-admin@xxx.example.com");
context.define("customer-admin@xxx.example.com");
// when:
final var result = packageRepository.findAllByOptionalNameLike(null);
@@ -78,8 +77,7 @@ class PackageRepositoryIntegrationTest {
@Test
public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnPackages() {
currentUser("customer-admin@xxx.example.com");
assumedRoles("package#xxx00.admin");
context.define("customer-admin@xxx.example.com", "package#xxx00.admin");
final var result = packageRepository.findAllByOptionalNameLike(null);
@@ -89,8 +87,7 @@ class PackageRepositoryIntegrationTest {
@Test
public void customerAdmin_withAssumedAlienPackageAdminRole_cannotViewAnyPackages() {
// given:
currentUser("customer-admin@xxx.example.com");
assumedRoles("package#yyy00.admin");
context.define("customer-admin@xxx.example.com", "package#yyy00.admin");
// when
final var result = attempt(
@@ -105,7 +102,7 @@ class PackageRepositoryIntegrationTest {
@Test
void unknownUser_withoutAssumedRole_cannotViewAnyPackages() {
currentUser("unknown@example.org");
context.define("unknown@example.org");
final var result = attempt(
em,
@@ -119,8 +116,7 @@ class PackageRepositoryIntegrationTest {
@Test
@Transactional
void unknownUser_withAssumedCustomerRole_cannotViewAnyPackages() {
currentUser("unknown@example.org");
assumedRoles("customer#xxx.admin");
context.define("unknown@example.org", "customer#xxx.admin");
final var result = attempt(
em,
@@ -172,18 +168,7 @@ class PackageRepositoryIntegrationTest {
}
private void hostsharingAdminWithAssumedRole(final String assumedRoles) {
currentUser("mike@hostsharing.net");
assumedRoles(assumedRoles);
}
void currentUser(final String currentUser) {
context.setCurrentUser(currentUser);
assertThat(context.getCurrentUser()).as("precondition").isEqualTo(currentUser);
}
void assumedRoles(final String assumedRoles) {
context.assumeRoles(assumedRoles);
assertThat(context.getAssumedRoles()).as("precondition").containsExactly(assumedRoles.split(";"));
context.define("mike@hostsharing.net", assumedRoles);
}
void noPackagesAreReturned(final List<PackageEntity> actualResult) {

97
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java
View File

@@ -27,13 +27,14 @@ class RbacRoleRepositoryIntegrationTest {
@Autowired
RbacRoleRepository rbacRoleRepository;
@Autowired EntityManager em;
@Autowired
EntityManager em;
@Nested
class FindAllRbacRoles {
private static final String[] ALL_TEST_DATA_ROLES = Array.of(
// @formatter:off
// @formatter:off
"global#hostsharing.admin",
"customer#xxx.admin", "customer#xxx.owner", "customer#xxx.tenant",
"package#xxx00.admin", "package#xxx00.owner", "package#xxx00.tenant",
@@ -53,7 +54,7 @@ class RbacRoleRepositoryIntegrationTest {
@Test
public void hostsharingAdmin_withoutAssumedRole_canViewAllRbacRoles() {
// given
currentUser("mike@hostsharing.net");
context.define("mike@hostsharing.net");
// when
final var result = rbacRoleRepository.findAll();
@@ -65,8 +66,7 @@ class RbacRoleRepositoryIntegrationTest {
@Test
public void hostsharingAdmin_withAssumedHostsharingAdminRole_canViewAllRbacRoles() {
given:
currentUser("mike@hostsharing.net");
assumedRoles("global#hostsharing.admin");
context.define("mike@hostsharing.net", "global#hostsharing.admin");
// when
final var result = rbacRoleRepository.findAll();
@@ -78,15 +78,15 @@ class RbacRoleRepositoryIntegrationTest {
@Test
public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnRbacRole() {
// given:
currentUser("customer-admin@xxx.example.com");
context.define("customer-admin@xxx.example.com");
// when:
final var result = rbacRoleRepository.findAll();
// then:
allTheseRbacRolesAreReturned(
result,
// @formatter:off
result,
// @formatter:off
"customer#xxx.admin",
"customer#xxx.tenant",
"package#xxx00.admin",
@@ -104,8 +104,8 @@ class RbacRoleRepositoryIntegrationTest {
// @formatter:on
);
noneOfTheseRbacRolesIsReturned(
result,
// @formatter:off
result,
// @formatter:off
"global#hostsharing.admin",
"customer#xxx.owner",
"package#yyy00.admin",
@@ -117,64 +117,61 @@ class RbacRoleRepositoryIntegrationTest {
@Test
public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnRbacRole() {
currentUser("customer-admin@xxx.example.com");
assumedRoles("package#xxx00.admin");
context.define("customer-admin@xxx.example.com", "package#xxx00.admin");
final var result = rbacRoleRepository.findAll();
exactlyTheseRbacRolesAreReturned(
result,
"customer#xxx.tenant",
"package#xxx00.admin",
"package#xxx00.tenant",
"unixuser#xxx00-aaaa.admin",
"unixuser#xxx00-aaaa.owner",
"unixuser#xxx00-aaab.admin",
"unixuser#xxx00-aaab.owner");
result,
"customer#xxx.tenant",
"package#xxx00.admin",
"package#xxx00.tenant",
"unixuser#xxx00-aaaa.admin",
"unixuser#xxx00-aaaa.owner",
"unixuser#xxx00-aaab.admin",
"unixuser#xxx00-aaab.owner");
}
@Test
public void customerAdmin_withAssumedAlienPackageAdminRole_cannotViewAnyRbacRole() {
// given:
currentUser("customer-admin@xxx.example.com");
assumedRoles("package#yyy00.admin");
context.define("customer-admin@xxx.example.com", "package#yyy00.admin");
// when
final var result = attempt(
em,
() -> rbacRoleRepository.findAll());
em,
() -> rbacRoleRepository.findAll());
// then
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"[403] user customer-admin@xxx.example.com", "has no permission to assume role package#yyy00#admin");
JpaSystemException.class,
"[403] user customer-admin@xxx.example.com", "has no permission to assume role package#yyy00#admin");
}
@Test
void unknownUser_withoutAssumedRole_cannotViewAnyRbacRoles() {
currentUser("unknown@example.org");
context.define("unknown@example.org");
final var result = attempt(
em,
() -> rbacRoleRepository.findAll());
em,
() -> rbacRoleRepository.findAll());
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"hsadminng.currentUser defined as unknown@example.org, but does not exists");
JpaSystemException.class,
"hsadminng.currentUser defined as unknown@example.org, but does not exists");
}
@Test
void unknownUser_withAssumedRbacRoleRole_cannotViewAnyRbacRoles() {
currentUser("unknown@example.org");
assumedRoles("RbacRole#xxx.admin");
context.define("unknown@example.org", "RbacRole#xxx.admin");
final var result = attempt(
em,
() -> rbacRoleRepository.findAll());
em,
() -> rbacRoleRepository.findAll());
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"hsadminng.currentUser defined as unknown@example.org, but does not exists");
JpaSystemException.class,
"hsadminng.currentUser defined as unknown@example.org, but does not exists");
}
}
@@ -183,7 +180,7 @@ class RbacRoleRepositoryIntegrationTest {
@Test
void customerAdmin_withoutAssumedRole_canFindItsOwnRolesByName() {
currentUser("customer-admin@xxx.example.com");
context.define("customer-admin@xxx.example.com");
final var result = rbacRoleRepository.findByRoleName("customer#xxx.admin");
@@ -195,7 +192,7 @@ class RbacRoleRepositoryIntegrationTest {
@Test
void customerAdmin_withoutAssumedRole_canNotFindAlienRolesByName() {
currentUser("customer-admin@xxx.example.com");
context.define("customer-admin@xxx.example.com");
final var result = rbacRoleRepository.findByRoleName("customer#bbb.admin");
@@ -203,32 +200,22 @@ class RbacRoleRepositoryIntegrationTest {
}
}
void currentUser(final String currentUser) {
context.setCurrentUser(currentUser);
assertThat(context.getCurrentUser()).as("precondition").isEqualTo(currentUser);
}
void assumedRoles(final String assumedRoles) {
context.assumeRoles(assumedRoles);
assertThat(context.getAssumedRoles()).as("precondition").containsExactly(assumedRoles.split(";"));
}
void exactlyTheseRbacRolesAreReturned(final List<RbacRoleEntity> actualResult, final String... expectedRoleNames) {
assertThat(actualResult)
.extracting(RbacRoleEntity::getRoleName)
.containsExactlyInAnyOrder(expectedRoleNames);
.extracting(RbacRoleEntity::getRoleName)
.containsExactlyInAnyOrder(expectedRoleNames);
}
void allTheseRbacRolesAreReturned(final List<RbacRoleEntity> actualResult, final String... expectedRoleNames) {
assertThat(actualResult)
.extracting(RbacRoleEntity::getRoleName)
.contains(expectedRoleNames);
.extracting(RbacRoleEntity::getRoleName)
.contains(expectedRoleNames);
}
void noneOfTheseRbacRolesIsReturned(final List<RbacRoleEntity> actualResult, final String... unexpectedRoleNames) {
assertThat(actualResult)
.extracting(RbacRoleEntity::getRoleName)
.doesNotContain(unexpectedRoleNames);
.extracting(RbacRoleEntity::getRoleName)
.doesNotContain(unexpectedRoleNames);
}
}

4
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java
View File

@@ -71,7 +71,7 @@ class RbacUserControllerAcceptanceTest {
// finally, the user can view its own record
final var newUserUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
context.setCurrentUser("new-user@example.com");
context.define("new-user@example.com");
assertThat(rbacUserRepository.findByUuid(newUserUuid))
.extracting(RbacUserEntity::getName).isEqualTo("new-user@example.com");
}
@@ -399,7 +399,7 @@ class RbacUserControllerAcceptanceTest {
RbacUserEntity findRbacUserByName(final String userName) {
return jpaAttempt.transacted(() -> {
context.setCurrentUser("mike@hostsharing.net");
context.define("mike@hostsharing.net");
return rbacUserRepository.findByName(userName);
}).returnedValue();
}