implements rbac-grants get-by-id

2022-08-19 17:39:41 +02:00
parent a66ed8e59f
commit 5ea8069608
14 changed files with 292 additions and 78 deletions
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java
@ -27,6 +27,7 @@ import java.util.UUID;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assumptions.assumeThat;
 import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.is;

@SpringBootTest(
        webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
@ -57,6 +58,67 @@ class RbacGrantControllerAcceptanceTest {
    @Autowired
    JpaAttempt jpaAttempt;

+    @Nested
+    class GetGrantById {
+
+        @Test
+        @Accepts({ "GRT:R(Read)" })
+        void customerAdmin_withAssumedPacketAdminRole_canReadPacketAdminsGrantById() {
+            // given
+            final var givenCurrentUserAsPackageAdmin = new Subject("admin@aaa.example.com");
+            final var givenGranteeUser = findRbacUserByName("aaa00@aaa.example.com");
+            final var givenGrantedRole = findRbacRoleByName("package#aaa00.admin");
+
+            // when
+            final var grant = givenCurrentUserAsPackageAdmin.getGrantById()
+                    .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser);
+
+            // then
+            grant.assertThat()
+                    .statusCode(200)
+                    .body("grantedByRoleIdName", is("customer#aaa.admin"))
+                    .body("grantedRoleIdName", is("package#aaa00.admin"))
+                    .body("granteeUserName", is("aaa00@aaa.example.com"));
+        }
+
+        @Test
+        @Accepts({ "GRT:R(Read)" })
+        void packageAdmin_withoutAssumedRole_canReadItsOwnGrantById() {
+            // given
+            final var givenCurrentUserAsPackageAdmin = new Subject("aaa00@aaa.example.com");
+            final var givenGranteeUser = findRbacUserByName("aaa00@aaa.example.com");
+            final var givenGrantedRole = findRbacRoleByName("package#aaa00.admin");
+
+            // when
+            final var grant = givenCurrentUserAsPackageAdmin.getGrantById()
+                    .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser);
+
+            // then
+            grant.assertThat()
+                    .statusCode(200)
+                    .body("grantedByRoleIdName", is("customer#aaa.admin"))
+                    .body("grantedRoleIdName", is("package#aaa00.admin"))
+                    .body("granteeUserName", is("aaa00@aaa.example.com"));
+        }
+
+        @Test
+        @Accepts({ "GRT:R(Read)" })
+        void packageAdmin_withAssumedUnixUserAdmin_canNotReadItsOwnGrantById() {
+            // given
+            final var givenCurrentUserAsPackageAdmin = new Subject("aaa00@aaa.example.com", "unixuser#aaa00-aaaa.admin");
+            final var givenGranteeUser = findRbacUserByName("aaa00@aaa.example.com");
+            final var givenGrantedRole = findRbacRoleByName("package#aaa00.admin");
+
+            // when
+            final var grant = givenCurrentUserAsPackageAdmin.getGrantById()
+                    .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser);
+
+            // then
+            grant.assertThat()
+                    .statusCode(404);
+        }
+    }
+
    @Nested
    class GrantRoleToUser {

@ -166,6 +228,10 @@ class RbacGrantControllerAcceptanceTest {
            this.assumedRole = assumedRole;
        }

+        public Subject(final String currentUser) {
+            this(currentUser, "");
+        }
+
        GrantFixture grantsRole(final RbacRoleEntity givenOwnPackageAdminRole) {
            return new GrantFixture(givenOwnPackageAdminRole);
        }
@ -174,6 +240,10 @@ class RbacGrantControllerAcceptanceTest {
            return new RevokeFixture(givenOwnPackageAdminRole);
        }

+        GetGrantByIdFixture getGrantById() {
+            return new GetGrantByIdFixture();
+        }
+
        class GrantFixture {

            private Subject grantingSubject = Subject.this;
@ -252,6 +322,34 @@ class RbacGrantControllerAcceptanceTest {
                        .then(); // @formatter:on
            }
        }
+
+        private class GetGrantByIdFixture {
+
+            private Subject currentSubject = Subject.this;
+            private RbacRoleEntity grantedRole;
+            private boolean assumed;
+            private RbacUserEntity granteeUser;
+
+            GetGrantByIdFixture forGrantedRole(final RbacRoleEntity grantedRole) {
+                this.grantedRole = grantedRole;
+                return this;
+            }
+
+            ValidatableResponse toGranteeUser(final RbacUserEntity granteeUser) {
+                this.granteeUser = granteeUser;
+
+                return RestAssured // @formatter:ff
+                        .given()
+                        .header("current-user", currentSubject.currentUser)
+                        .header("assumed-roles", currentSubject.assumedRole)
+                        .port(port)
+                        .when()
+                        .get("http://localhost/api/rbac-grants/%s/%s".formatted(
+                                grantedRole.getUuid(), granteeUser.getUuid()
+                        ))
+                        .then(); // @formatter:on
+            }
+        }
    }

    private void assumeGrantExists(final Subject grantingSubject, final String expectedGrant) {
@ -275,6 +373,13 @@ class RbacGrantControllerAcceptanceTest {
        ).returnedValue();
    }

+    RbacUserEntity findRbacUserByName(final String userName) {
+        return jpaAttempt.transacted(() -> {
+            context.setCurrentUser("mike@hostsharing.net");
+            return rbacUserRepository.findByName(userName);
+        }).returnedValue();
+    }
+
    RbacRoleEntity findRbacRoleByName(final String roleName) {
        return jpaAttempt.transacted(() -> {
            context.setCurrentUser("mike@hostsharing.net");
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java
@ -108,7 +108,7 @@ class RbacGrantRepositoryIntegrationTest {
            // given
            currentUser("admin@aaa.example.com");
            assumedRoles("customer#aaa.admin");
-            final var givenArbitraryUserUuid = rbacUserRepository.findUuidByName("aac00@aac.example.com");
+            final var givenArbitraryUserUuid = rbacUserRepository.findByName("aac00@aac.example.com").getUuid();
            final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("package#aaa00.admin").getUuid();

            // when
@ -132,9 +132,7 @@ class RbacGrantRepositoryIntegrationTest {
        @Transactional(propagation = Propagation.NEVER)
        public void packageAdmin_canNotGrantPackageOwnerRole() {
            // given
-            record Given(RbacUserEntity arbitraryUser, UUID packageOwnerRoleUuid) {
-
-            }
+            record Given(RbacUserEntity arbitraryUser, UUID packageOwnerRoleUuid) {}
            final var given = jpaAttempt.transacted(() -> {
                // to find the uuids of we need to have access rights to these
                currentUser("admin@aaa.example.com");
@ -247,7 +245,7 @@ class RbacGrantRepositoryIntegrationTest {
        private RbacGrantEntity create(GrantBuilder with) {
            currentUser(with.byUserName);
            assumedRoles(with.assumedRole);
-            final var givenArbitraryUserUuid = rbacUserRepository.findUuidByName(with.granteeUserName);
+            final var givenArbitraryUserUuid = rbacUserRepository.findByName(with.granteeUserName).getUuid();
            final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName(with.grantedRole).getUuid();

            final var grant = RbacGrantEntity.builder()