#146 [AccessRights] simple AccessFilter for UserRoleAssignments
allows r/w for ADMINs and r/o for SUPPORTERs no entity dependent access rights implemented yet
This commit is contained in:
Michael Hoennig
@ -49,7 +49,7 @@ public class JSonAccessFilterTestFixture {
|
||||
}
|
||||
|
||||
@EntityTypeId("test.Given")
|
||||
static class GivenDto implements FluentBuilder<GivenDto> {
|
||||
static class GivenDto implements AccessMappings, FluentBuilder<GivenDto> {
|
||||
|
||||
@SelfId(resolver = GivenService.class)
|
||||
@AccessFor(read = ANYBODY)
|
||||
@ -119,7 +119,7 @@ public class JSonAccessFilterTestFixture {
|
||||
static abstract class GivenChildService implements IdToDtoResolver<GivenChildDto> {
|
||||
}
|
||||
|
||||
public static class GivenChildDto implements FluentBuilder<GivenChildDto> {
|
||||
public static class GivenChildDto implements AccessMappings, FluentBuilder<GivenChildDto> {
|
||||
|
||||
@SelfId(resolver = GivenChildService.class)
|
||||
@AccessFor(read = Role.ANY_CUSTOMER_USER)
|
||||
@ -133,7 +133,7 @@ public class JSonAccessFilterTestFixture {
|
||||
String restrictedField;
|
||||
}
|
||||
|
||||
public static class GivenDtoWithMultipleSelfId {
|
||||
public static class GivenDtoWithMultipleSelfId implements AccessMappings {
|
||||
|
||||
@SelfId(resolver = GivenChildService.class)
|
||||
@AccessFor(read = Role.ANY_CUSTOMER_USER)
|
||||
@ -145,7 +145,7 @@ public class JSonAccessFilterTestFixture {
|
||||
|
||||
}
|
||||
|
||||
public static class GivenDtoWithUnknownFieldType {
|
||||
public static class GivenDtoWithUnknownFieldType implements AccessMappings {
|
||||
|
||||
@SelfId(resolver = GivenChildService.class)
|
||||
@AccessFor(read = Role.ANYBODY)
|
||||
|
||||
@ -20,6 +20,9 @@ public class JSonBuilder {
|
||||
json.append(prop.right);
|
||||
} else if (prop.right instanceof List) {
|
||||
json.append(toJSonArray(prop.right));
|
||||
} else if (prop.right instanceof String && ((String) prop.right).startsWith("{\n")) {
|
||||
// TODO mhoennig: find better solution for adding object nodes
|
||||
json.append(prop.right);
|
||||
} else {
|
||||
json.append(inQuotes(prop.right));
|
||||
}
|
||||
@ -44,12 +47,23 @@ public class JSonBuilder {
|
||||
}
|
||||
|
||||
public JSonBuilder withFieldValueIfPresent(String name, String value) {
|
||||
json.append(value != null ? inQuotes(name) + ":" + inQuotes(value) + "," : "");
|
||||
if (value != null) {
|
||||
json.append(inQuotes(name) + ":" + inQuotes(value) + ",");
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
public JSonBuilder withFieldValueIfPresent(String name, Number value) {
|
||||
json.append(value != null ? inQuotes(name) + ":" + value + "," : "");
|
||||
if (value != null) {
|
||||
json.append(inQuotes(name) + ":" + value + ",");
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
public <E extends Enum<E>> JSonBuilder withFieldValueIfPresent(final String name, final E value) {
|
||||
if (value != null) {
|
||||
json.append(inQuotes(name) + ":" + inQuotes(value.name()) + ",");
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
@ -74,5 +88,4 @@ public class JSonBuilder {
|
||||
private static String inQuotes(Object value) {
|
||||
return value != null ? "\"" + value.toString() + "\"" : "null";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -16,6 +16,7 @@ import com.fasterxml.jackson.core.JsonParser;
|
||||
import com.fasterxml.jackson.core.ObjectCodec;
|
||||
import com.fasterxml.jackson.core.TreeNode;
|
||||
import com.fasterxml.jackson.databind.DeserializationFeature;
|
||||
import com.fasterxml.jackson.databind.JsonDeserializer;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
import org.apache.commons.lang3.NotImplementedException;
|
||||
@ -118,12 +119,7 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
ImmutablePair.of("openStringField", null)));
|
||||
|
||||
// when
|
||||
GivenDto actualDto = new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenDto.class).deserialize();
|
||||
final GivenDto actualDto = deserializerForGivenDto().deserialize(jsonParser, null);
|
||||
|
||||
// then
|
||||
assertThat(actualDto.openStringField).isNull();
|
||||
@ -139,12 +135,7 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
ImmutablePair.of("openStringField", "String Value")));
|
||||
|
||||
// when
|
||||
GivenDto actualDto = new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenDto.class).deserialize();
|
||||
final GivenDto actualDto = deserializerForGivenDto().deserialize(jsonParser, null);
|
||||
|
||||
// then
|
||||
assertThat(actualDto.openStringField).isEqualTo("String Value");
|
||||
@ -160,12 +151,9 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
ImmutablePair.of("openIntegerField", 1234)));
|
||||
|
||||
// when
|
||||
GivenDto actualDto = new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenDto.class).deserialize();
|
||||
// @formatter:off
|
||||
final GivenDto actualDto = deserializerForGivenDto().deserialize(jsonParser, null);;
|
||||
// @formatter:on
|
||||
|
||||
// then
|
||||
assertThat(actualDto.openIntegerField).isEqualTo(1234);
|
||||
@ -182,12 +170,8 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
ImmutablePair.of("restrictedBigDecimalField", SOME_BIG_DECIMAL_WITH_ANOTHER_SCALE)));
|
||||
|
||||
// when
|
||||
GivenDto actualDto = new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenDto.class).deserialize();
|
||||
final GivenDto actualDto = deserializerForGivenDto().deserialize(jsonParser, null);
|
||||
;
|
||||
|
||||
// then
|
||||
assertThat(actualDto.restrictedBigDecimalField).isEqualByComparingTo(SOME_BIG_DECIMAL);
|
||||
@ -217,12 +201,8 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
ImmutablePair.of("openEnumField", TestEnum.GREEN)));
|
||||
|
||||
// when
|
||||
GivenDto actualDto = new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenDto.class).deserialize();
|
||||
final GivenDto actualDto = deserializerForGivenDto().deserialize(jsonParser, null);
|
||||
;
|
||||
|
||||
// then
|
||||
assertThat(actualDto.openIntegerField).isEqualTo(11);
|
||||
@ -247,13 +227,7 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
ImmutablePair.of("openArrayField", Arrays.asList(11, 22, 33))));
|
||||
|
||||
// when
|
||||
Throwable exception = catchThrowable(
|
||||
() -> new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenDto.class).deserialize());
|
||||
Throwable exception = catchThrowable(() -> deserializerForGivenDto().deserialize(jsonParser, null));
|
||||
|
||||
// then
|
||||
assertThat(exception).isInstanceOf(NotImplementedException.class);
|
||||
@ -271,12 +245,7 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
ImmutablePair.of("restrictedField", "update value of restricted field")));
|
||||
|
||||
// when
|
||||
GivenDto actualDto = new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenDto.class).deserialize();
|
||||
final GivenDto actualDto = deserializerForGivenDto().deserialize(jsonParser, null);
|
||||
|
||||
// then
|
||||
assertThat(actualDto.restrictedField).isEqualTo("update value of restricted field");
|
||||
@ -294,12 +263,7 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
ImmutablePair.of("restrictedField", "initial value of restricted field")));
|
||||
|
||||
// when
|
||||
GivenDto actualDto = new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenDto.class).deserialize();
|
||||
final GivenDto actualDto = deserializerForGivenDto().deserialize(jsonParser, null);
|
||||
|
||||
// then
|
||||
assertThat(actualDto.restrictedField).isEqualTo("initial value of restricted field");
|
||||
@ -316,13 +280,7 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
ImmutablePair.of("restrictedField", "updated value of restricted field")));
|
||||
|
||||
// when
|
||||
Throwable exception = catchThrowable(
|
||||
() -> new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenDto.class).deserialize());
|
||||
final Throwable exception = catchThrowable(() -> deserializerForGivenDto().deserialize(jsonParser, null));
|
||||
|
||||
// then
|
||||
assertThat(exception).isInstanceOfSatisfying(BadRequestAlertException.class, badRequestAlertException -> {
|
||||
@ -342,13 +300,7 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
ImmutablePair.of("restrictedField", "another value of restricted field")));
|
||||
|
||||
// when
|
||||
Throwable exception = catchThrowable(
|
||||
() -> new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenDto.class).deserialize());
|
||||
final Throwable exception = catchThrowable(() -> deserializerForGivenDto().deserialize(jsonParser, null));
|
||||
|
||||
// then
|
||||
assertThat(exception).isInstanceOfSatisfying(BadRequestAlertException.class, badRequestAlertException -> {
|
||||
@ -368,12 +320,7 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
|
||||
// when
|
||||
Throwable exception = catchThrowable(
|
||||
() -> new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenChildDto.class).deserialize());
|
||||
() -> deserializerForGivenChildDto().deserialize(jsonParser, null));
|
||||
|
||||
// then
|
||||
assertThat(exception).isInstanceOfSatisfying(BadRequestAlertException.class, badRequestAlertException -> {
|
||||
@ -392,13 +339,8 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
ImmutablePair.of("parentId", 1234L)));
|
||||
|
||||
// when
|
||||
final GivenChildDto actualDto = new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenChildDto.class)
|
||||
.deserialize();
|
||||
final GivenChildDto actualDto = deserializerForGivenChildDto().deserialize(jsonParser, null);
|
||||
;
|
||||
|
||||
// then
|
||||
assertThat(actualDto.parentId).isEqualTo(1234L);
|
||||
@ -416,13 +358,8 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
ImmutablePair.of("restrictedField", "Restricted String Value")));
|
||||
|
||||
// when
|
||||
Throwable exception = catchThrowable(
|
||||
() -> new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenDto.class).deserialize());
|
||||
final Throwable exception = catchThrowable(
|
||||
() -> deserializerForGivenDto().deserialize(jsonParser, null));
|
||||
|
||||
// then
|
||||
assertThat(exception).isInstanceOfSatisfying(BadRequestAlertException.class, badRequestAlertException -> {
|
||||
@ -437,14 +374,8 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
givenJSonTree(asJSon(ImmutablePair.of("id", 1111L)));
|
||||
|
||||
// when
|
||||
Throwable exception = catchThrowable(
|
||||
() -> new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenDtoWithMultipleSelfId.class)
|
||||
.deserialize());
|
||||
final Throwable exception = catchThrowable(
|
||||
() -> deserializerForGivenDtoWithMultipleSelfId().deserialize(jsonParser, null));
|
||||
|
||||
// then
|
||||
assertThat(exception).isInstanceOf(AssertionError.class)
|
||||
@ -458,14 +389,8 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
givenJSonTree(asJSon(ImmutablePair.of("unknown", new Arbitrary())));
|
||||
|
||||
// when
|
||||
Throwable exception = catchThrowable(
|
||||
() -> new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
GivenDtoWithUnknownFieldType.class)
|
||||
.deserialize());
|
||||
final Throwable exception = catchThrowable(
|
||||
() -> deserializerForGivenDtoWithUnknownFieldType().deserialize(jsonParser, null));
|
||||
|
||||
// then
|
||||
assertThat(exception).isInstanceOf(NotImplementedException.class)
|
||||
@ -482,4 +407,30 @@ public class JSonDeserializationWithAccessFilterUnitTest {
|
||||
given(codec.readTree(jsonParser)).willReturn(new ObjectMapper().readTree(givenJSon));
|
||||
}
|
||||
|
||||
// We need specialied factories for the deserializer subclasses so that the generic type can be accessed via reflection.
|
||||
// And it's down here to keep the ugly formatting out of the test cases.
|
||||
|
||||
public JsonDeserializerWithAccessFilter<GivenDto> deserializerForGivenDto() throws IOException {
|
||||
return new JsonDeserializerWithAccessFilter<GivenDto>(ctx, userRoleAssignmentService) {
|
||||
// no need to overload any method here
|
||||
};
|
||||
}
|
||||
|
||||
public JsonDeserializerWithAccessFilter<GivenChildDto> deserializerForGivenChildDto() throws IOException {
|
||||
return new JsonDeserializerWithAccessFilter<GivenChildDto>(ctx, userRoleAssignmentService) {
|
||||
// no need to overload any method here
|
||||
};
|
||||
}
|
||||
|
||||
private JsonDeserializer<GivenDtoWithMultipleSelfId> deserializerForGivenDtoWithMultipleSelfId() {
|
||||
return new JsonDeserializerWithAccessFilter<GivenDtoWithMultipleSelfId>(ctx, userRoleAssignmentService) {
|
||||
// no need to overload any method here
|
||||
};
|
||||
}
|
||||
|
||||
private JsonDeserializer<GivenDtoWithUnknownFieldType> deserializerForGivenDtoWithUnknownFieldType() {
|
||||
return new JsonDeserializerWithAccessFilter<GivenDtoWithUnknownFieldType>(ctx, userRoleAssignmentService) {
|
||||
// no need to overload any method here
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@ -66,7 +66,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
@Test
|
||||
public void shouldSerializeStringField() throws IOException {
|
||||
// when
|
||||
new JSonSerializationWithAccessFilter<>(ctx, userRoleAssignmentService, jsonGenerator, null, givenDTO).serialize();
|
||||
serialize(givenDTO);
|
||||
|
||||
// then
|
||||
verify(jsonGenerator).writeStringField("openStringField", givenDTO.openStringField);
|
||||
@ -75,7 +75,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
@Test
|
||||
public void shouldSerializeIntegerField() throws IOException {
|
||||
// when
|
||||
new JSonSerializationWithAccessFilter<>(ctx, userRoleAssignmentService, jsonGenerator, null, givenDTO).serialize();
|
||||
serialize(givenDTO);
|
||||
|
||||
// then
|
||||
verify(jsonGenerator).writeNumberField("openIntegerField", givenDTO.openIntegerField);
|
||||
@ -84,7 +84,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
@Test
|
||||
public void shouldSerializePrimitiveIntField() throws IOException {
|
||||
// when
|
||||
new JSonSerializationWithAccessFilter<>(ctx, userRoleAssignmentService, jsonGenerator, null, givenDTO).serialize();
|
||||
serialize(givenDTO);
|
||||
|
||||
// then
|
||||
verify(jsonGenerator).writeNumberField("openPrimitiveIntField", givenDTO.openPrimitiveIntField);
|
||||
@ -93,7 +93,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
@Test
|
||||
public void shouldSerializeLongField() throws IOException {
|
||||
// when
|
||||
new JSonSerializationWithAccessFilter<>(ctx, userRoleAssignmentService, jsonGenerator, null, givenDTO).serialize();
|
||||
final Throwable actual = catchThrowable(() -> serialize(givenDTO));
|
||||
|
||||
// then
|
||||
verify(jsonGenerator).writeNumberField("openLongField", givenDTO.openLongField);
|
||||
@ -102,7 +102,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
@Test
|
||||
public void shouldSerializePrimitiveLongField() throws IOException {
|
||||
// when
|
||||
new JSonSerializationWithAccessFilter<>(ctx, userRoleAssignmentService, jsonGenerator, null, givenDTO).serialize();
|
||||
serialize(givenDTO);
|
||||
|
||||
// then
|
||||
verify(jsonGenerator).writeNumberField("openPrimitiveLongField", givenDTO.openPrimitiveLongField);
|
||||
@ -111,7 +111,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
@Test
|
||||
public void shouldSerializeBooleanField() throws IOException {
|
||||
// when
|
||||
new JSonSerializationWithAccessFilter<>(ctx, userRoleAssignmentService, jsonGenerator, null, givenDTO).serialize();
|
||||
serialize(givenDTO);
|
||||
|
||||
// then
|
||||
verify(jsonGenerator).writeBooleanField("openBooleanField", givenDTO.openBooleanField);
|
||||
@ -120,7 +120,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
@Test
|
||||
public void shouldSerializePrimitiveBooleanField() throws IOException {
|
||||
// when
|
||||
new JSonSerializationWithAccessFilter<>(ctx, userRoleAssignmentService, jsonGenerator, null, givenDTO).serialize();
|
||||
serialize(givenDTO);
|
||||
|
||||
// then
|
||||
verify(jsonGenerator).writeBooleanField("openPrimitiveBooleanField", givenDTO.openPrimitiveBooleanField);
|
||||
@ -129,7 +129,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
@Test
|
||||
public void shouldSerializeBigDecimalField() throws IOException {
|
||||
// when
|
||||
new JSonSerializationWithAccessFilter<>(ctx, userRoleAssignmentService, jsonGenerator, null, givenDTO).serialize();
|
||||
final Throwable actual = catchThrowable(() -> serialize(givenDTO));
|
||||
|
||||
// then
|
||||
verify(jsonGenerator).writeNumberField("openBigDecimalField", givenDTO.openBigDecimalField);
|
||||
@ -138,7 +138,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
@Test
|
||||
public void shouldSerializeLocalDateField() throws IOException {
|
||||
// when
|
||||
new JSonSerializationWithAccessFilter<>(ctx, userRoleAssignmentService, jsonGenerator, null, givenDTO).serialize();
|
||||
serialize(givenDTO);
|
||||
|
||||
// then
|
||||
verify(jsonGenerator).writeStringField("openLocalDateField", givenDTO.openLocalDateFieldAsString);
|
||||
@ -147,7 +147,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
@Test
|
||||
public void shouldSerializeEnumField() throws IOException {
|
||||
// when
|
||||
new JSonSerializationWithAccessFilter<>(ctx, userRoleAssignmentService, jsonGenerator, null, givenDTO).serialize();
|
||||
serialize(givenDTO);
|
||||
|
||||
// then
|
||||
verify(jsonGenerator).writeStringField("openEnumField", givenDTO.openEnumFieldAsString);
|
||||
@ -160,7 +160,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
securityContext.havingAuthenticatedUser().withRole(GivenCustomerDto.class, 888L, Role.FINANCIAL_CONTACT);
|
||||
|
||||
// when
|
||||
new JSonSerializationWithAccessFilter<>(ctx, userRoleAssignmentService, jsonGenerator, null, givenDTO).serialize();
|
||||
serialize(givenDTO);
|
||||
|
||||
// then
|
||||
verify(jsonGenerator).writeStringField("restrictedField", givenDTO.restrictedField);
|
||||
@ -173,7 +173,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
securityContext.havingAuthenticatedUser().withRole(GivenCustomerDto.class, 888L, Role.ANY_CUSTOMER_USER);
|
||||
|
||||
// when
|
||||
new JSonSerializationWithAccessFilter<>(ctx, userRoleAssignmentService, jsonGenerator, null, givenDTO).serialize();
|
||||
serialize(givenDTO);
|
||||
|
||||
// then
|
||||
verify(jsonGenerator, never()).writeStringField("restrictedField", givenDTO.restrictedField);
|
||||
@ -184,8 +184,9 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
|
||||
// given
|
||||
class Arbitrary {
|
||||
|
||||
}
|
||||
class GivenDtoWithUnimplementedFieldType {
|
||||
class GivenDtoWithUnimplementedFieldType implements AccessMappings {
|
||||
|
||||
@AccessFor(read = Role.ANYBODY)
|
||||
Arbitrary fieldWithUnimplementedType = new Arbitrary();
|
||||
@ -194,14 +195,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
SecurityContextFake.havingAuthenticatedUser();
|
||||
|
||||
// when
|
||||
final Throwable actual = catchThrowable(
|
||||
() -> new JSonSerializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonGenerator,
|
||||
null,
|
||||
givenDtoWithUnimplementedFieldType)
|
||||
.serialize());
|
||||
final Throwable actual = catchThrowable(() -> serialize(givenDtoWithUnimplementedFieldType));
|
||||
|
||||
// then
|
||||
assertThat(actual).isInstanceOf(NotImplementedException.class);
|
||||
@ -209,4 +203,10 @@ public class JSonSerializationWithAccessFilterUnitTest {
|
||||
|
||||
// --- fixture code below ---
|
||||
|
||||
public <T extends AccessMappings> void serialize(final T dto) throws IOException {
|
||||
// @formatter:off
|
||||
new JsonSerializerWithAccessFilter<T>(ctx, userRoleAssignmentService) {}
|
||||
.serialize(dto, jsonGenerator, null);
|
||||
// @formatter:on
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,194 @@
|
||||
// Licensed under Apache-2.0
|
||||
package org.hostsharing.hsadminng.service.dto;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.catchThrowable;
|
||||
import static org.hostsharing.hsadminng.service.dto.MembershipDTOUnitTest.createSampleDTO;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.mockito.BDDMockito.given;
|
||||
|
||||
import org.hostsharing.hsadminng.domain.Customer;
|
||||
import org.hostsharing.hsadminng.domain.Membership;
|
||||
import org.hostsharing.hsadminng.repository.CustomerRepository;
|
||||
import org.hostsharing.hsadminng.repository.MembershipRepository;
|
||||
import org.hostsharing.hsadminng.security.AuthoritiesConstants;
|
||||
import org.hostsharing.hsadminng.service.MembershipService;
|
||||
import org.hostsharing.hsadminng.service.MembershipValidator;
|
||||
import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
|
||||
import org.hostsharing.hsadminng.service.accessfilter.JSonBuilder;
|
||||
import org.hostsharing.hsadminng.service.accessfilter.Role;
|
||||
import org.hostsharing.hsadminng.service.accessfilter.SecurityContextMock;
|
||||
import org.hostsharing.hsadminng.service.mapper.CustomerMapperImpl;
|
||||
import org.hostsharing.hsadminng.service.mapper.MembershipMapper;
|
||||
import org.hostsharing.hsadminng.service.mapper.MembershipMapperImpl;
|
||||
import org.hostsharing.hsadminng.web.rest.errors.BadRequestAlertException;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
import org.apache.commons.lang3.RandomUtils;
|
||||
import org.junit.Before;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.junit.MockitoJUnit;
|
||||
import org.mockito.junit.MockitoRule;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.json.JsonTest;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.mock.mockito.MockBean;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Objects;
|
||||
import java.util.Optional;
|
||||
|
||||
import javax.persistence.EntityManager;
|
||||
|
||||
@JsonTest
|
||||
@SpringBootTest(
|
||||
classes = {
|
||||
CustomerMapperImpl.class,
|
||||
MembershipMapperImpl.class,
|
||||
MembershipMapperImpl.class,
|
||||
MembershipDTO.JsonSerializer.class,
|
||||
MembershipDTO.JsonDeserializer.class
|
||||
})
|
||||
@RunWith(SpringRunner.class)
|
||||
public class MembershipDTOIntTest {
|
||||
|
||||
private static final Long SOME_CUSTOMER_ID = RandomUtils.nextLong(100, 199);
|
||||
private static final Integer SOME_CUSTOMER_REFERENCE = 10001;
|
||||
private static final String SOME_CUSTOMER_PREFIX = "abc";
|
||||
private static final String SOME_CUSTOMER_NAME = "Some Customer Name";
|
||||
private static final String SOME_CUSTOMER_DISPLAY_LABEL = "Some Customer Name [10001:abc]";
|
||||
private static final Customer SOME_CUSTOMER = new Customer().id(SOME_CUSTOMER_ID)
|
||||
.reference(SOME_CUSTOMER_REFERENCE)
|
||||
.prefix(SOME_CUSTOMER_PREFIX)
|
||||
.name(SOME_CUSTOMER_NAME);
|
||||
|
||||
private static final Long SOME_SEPA_MANDATE_ID = RandomUtils.nextLong(300, 399);
|
||||
private static final Membership SOME_SEPA_MANDATE = new Membership().id(SOME_SEPA_MANDATE_ID).customer(SOME_CUSTOMER);
|
||||
|
||||
@Rule
|
||||
public MockitoRule mockito = MockitoJUnit.rule();
|
||||
|
||||
@Autowired
|
||||
private ObjectMapper objectMapper;
|
||||
|
||||
@Autowired
|
||||
private MembershipMapper membershipMapper;
|
||||
|
||||
@MockBean
|
||||
private CustomerRepository customerRepository;
|
||||
|
||||
@MockBean
|
||||
private MembershipRepository membershipRepository;
|
||||
|
||||
@MockBean
|
||||
private MembershipValidator membershipValidator;
|
||||
|
||||
@MockBean
|
||||
private MembershipService MembershipService;
|
||||
|
||||
@MockBean
|
||||
private EntityManager em;
|
||||
|
||||
@MockBean
|
||||
public UserRoleAssignmentService userRoleAssignmentService;
|
||||
|
||||
private SecurityContextMock securityContext;
|
||||
|
||||
@Before
|
||||
public void init() {
|
||||
given(customerRepository.findById(SOME_CUSTOMER_ID)).willReturn(Optional.of(SOME_CUSTOMER));
|
||||
given(membershipRepository.findById(SOME_SEPA_MANDATE_ID)).willReturn((Optional.of(SOME_SEPA_MANDATE)));
|
||||
|
||||
securityContext = SecurityContextMock.usingMock(userRoleAssignmentService);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldSerializePartiallyForFinancialCustomerContact() throws JsonProcessingException {
|
||||
|
||||
// given
|
||||
securityContext.havingAuthenticatedUser().withRole(CustomerDTO.class, SOME_CUSTOMER_ID, Role.FINANCIAL_CONTACT);
|
||||
final MembershipDTO given = createSampleDTO(SOME_SEPA_MANDATE_ID, SOME_CUSTOMER_ID);
|
||||
|
||||
// when
|
||||
final String actual = objectMapper.writeValueAsString(given);
|
||||
|
||||
// then
|
||||
given.setRemark(null);
|
||||
assertEquals(createExpectedJSon(given), actual);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldSerializeCompletelyForSupporter() throws JsonProcessingException {
|
||||
|
||||
// given
|
||||
securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.SUPPORTER);
|
||||
final MembershipDTO given = createSampleDTO(SOME_SEPA_MANDATE_ID, SOME_CUSTOMER_ID);
|
||||
|
||||
// when
|
||||
final String actual = objectMapper.writeValueAsString(given);
|
||||
|
||||
// then
|
||||
assertEquals(createExpectedJSon(given), actual);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldNotDeserializeForContractualCustomerContact() {
|
||||
// given
|
||||
securityContext.havingAuthenticatedUser().withRole(CustomerDTO.class, SOME_CUSTOMER_ID, Role.CONTRACTUAL_CONTACT);
|
||||
final String json = new JSonBuilder()
|
||||
.withFieldValue("id", SOME_SEPA_MANDATE_ID)
|
||||
.withFieldValue("remark", "Updated Remark")
|
||||
.toString();
|
||||
|
||||
// when
|
||||
final Throwable actual = catchThrowable(() -> objectMapper.readValue(json, MembershipDTO.class));
|
||||
|
||||
// then
|
||||
assertThat(actual).isInstanceOfSatisfying(
|
||||
BadRequestAlertException.class,
|
||||
bre -> assertThat(bre.getMessage()).isEqualTo(
|
||||
"Update of field MembershipDTO.remark prohibited for current user role(s): CONTRACTUAL_CONTACT"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldDeserializeForAdminIfRemarkIsChanged() throws IOException {
|
||||
// given
|
||||
securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.ADMIN);
|
||||
final String json = new JSonBuilder()
|
||||
.withFieldValue("id", SOME_SEPA_MANDATE_ID)
|
||||
.withFieldValue("remark", "Updated Remark")
|
||||
.toString();
|
||||
|
||||
// when
|
||||
final MembershipDTO actual = objectMapper.readValue(json, MembershipDTO.class);
|
||||
|
||||
// then
|
||||
final MembershipDTO expected = new MembershipDTO();
|
||||
expected.setId(SOME_SEPA_MANDATE_ID);
|
||||
expected.setCustomerId(SOME_CUSTOMER_ID);
|
||||
expected.setRemark("Updated Remark");
|
||||
assertThat(actual).isEqualToIgnoringGivenFields(expected, "customerPrefix", "customerDisplayLabel", "displayLabel");
|
||||
}
|
||||
|
||||
// --- only test fixture below ---
|
||||
|
||||
private String createExpectedJSon(MembershipDTO dto) {
|
||||
return new JSonBuilder()
|
||||
.withFieldValueIfPresent("id", dto.getId())
|
||||
.withFieldValueIfPresent("admissionDocumentDate", Objects.toString(dto.getAdmissionDocumentDate()))
|
||||
.withFieldValueIfPresent("cancellationDocumentDate", Objects.toString(dto.getCancellationDocumentDate()))
|
||||
.withFieldValueIfPresent("memberFromDate", Objects.toString(dto.getMemberFromDate()))
|
||||
.withFieldValueIfPresent("memberUntilDate", Objects.toString(dto.getMemberUntilDate()))
|
||||
.withFieldValueIfPresent("remark", dto.getRemark())
|
||||
.withFieldValueIfPresent("customerId", dto.getCustomerId())
|
||||
.withFieldValue("customerPrefix", dto.getCustomerPrefix())
|
||||
.withFieldValue("customerDisplayLabel", dto.getCustomerDisplayLabel())
|
||||
.withFieldValue("displayLabel", dto.getDisplayLabel())
|
||||
.toString();
|
||||
}
|
||||
}
|
||||
@ -1,16 +0,0 @@
|
||||
// Licensed under Apache-2.0
|
||||
package org.hostsharing.hsadminng.service.dto;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
public class MembershipDTOTest {
|
||||
|
||||
@Test
|
||||
public void withShouldApplyCallback() {
|
||||
final MembershipDTO actual = new MembershipDTO().with(m -> m.setRemark("Some Remark"));
|
||||
|
||||
assertThat(actual.getRemark()).isEqualTo("Some Remark");
|
||||
}
|
||||
}
|
||||
@ -1,127 +1,104 @@
|
||||
// Licensed under Apache-2.0
|
||||
package org.hostsharing.hsadminng.service.dto;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.catchThrowable;
|
||||
import static org.hostsharing.hsadminng.service.accessfilter.JSonBuilder.asJSon;
|
||||
import static org.mockito.BDDMockito.given;
|
||||
|
||||
import org.hostsharing.hsadminng.security.AuthoritiesConstants;
|
||||
import org.hostsharing.hsadminng.service.CustomerService;
|
||||
import org.hostsharing.hsadminng.service.MembershipService;
|
||||
import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
|
||||
import org.hostsharing.hsadminng.service.accessfilter.JSonDeserializationWithAccessFilter;
|
||||
import org.hostsharing.hsadminng.service.accessfilter.Role;
|
||||
import org.hostsharing.hsadminng.service.accessfilter.SecurityContextMock;
|
||||
import org.hostsharing.hsadminng.web.rest.errors.BadRequestAlertException;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonParser;
|
||||
import com.fasterxml.jackson.core.ObjectCodec;
|
||||
import com.fasterxml.jackson.core.TreeNode;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
import org.apache.commons.lang3.tuple.ImmutablePair;
|
||||
import org.junit.Before;
|
||||
import org.junit.Rule;
|
||||
import org.apache.commons.lang3.RandomStringUtils;
|
||||
import org.apache.commons.lang3.RandomUtils;
|
||||
import org.junit.Test;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.MockitoJUnit;
|
||||
import org.mockito.junit.MockitoRule;
|
||||
import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Optional;
|
||||
import java.time.LocalDate;
|
||||
|
||||
public class MembershipDTOUnitTest {
|
||||
public class MembershipDTOUnitTest extends AccessMappingsUnitTestBase<MembershipDTO> {
|
||||
|
||||
@Rule
|
||||
public MockitoRule mockitoRule = MockitoJUnit.rule();
|
||||
|
||||
@Mock
|
||||
private ApplicationContext ctx;
|
||||
|
||||
@Mock
|
||||
private AutowireCapableBeanFactory autowireCapableBeanFactory;
|
||||
|
||||
@Mock
|
||||
private JsonParser jsonParser;
|
||||
|
||||
@Mock
|
||||
private ObjectCodec codec;
|
||||
|
||||
@Mock
|
||||
private TreeNode treeNode;
|
||||
|
||||
@Mock
|
||||
private UserRoleAssignmentService userRoleAssignmentService;
|
||||
|
||||
@Mock
|
||||
private MembershipService membershipService;
|
||||
|
||||
@Mock
|
||||
private CustomerService customerService;
|
||||
|
||||
private SecurityContextMock securityContext;
|
||||
|
||||
@Before
|
||||
public void init() {
|
||||
given(jsonParser.getCodec()).willReturn(codec);
|
||||
|
||||
given(ctx.getAutowireCapableBeanFactory()).willReturn(autowireCapableBeanFactory);
|
||||
given(autowireCapableBeanFactory.createBean(MembershipService.class)).willReturn(membershipService);
|
||||
given(autowireCapableBeanFactory.createBean(CustomerService.class)).willReturn(customerService);
|
||||
given(customerService.findOne(1234L)).willReturn(
|
||||
Optional.of(
|
||||
new CustomerDTO()
|
||||
.with(dto -> dto.setId(1234L))));
|
||||
|
||||
securityContext = SecurityContextMock.usingMock(userRoleAssignmentService);
|
||||
public MembershipDTOUnitTest() {
|
||||
super(MembershipDTO.class, MembershipDTOUnitTest::createSampleDTO, MembershipDTOUnitTest::createRandomDTO);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void adminShouldHaveRightToCreate() throws IOException {
|
||||
securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.ADMIN);
|
||||
givenJSonTree(asJSon(ImmutablePair.of("customerId", 1234L)));
|
||||
|
||||
// when
|
||||
final MembershipDTO actualDto = new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
MembershipDTO.class)
|
||||
.deserialize();
|
||||
|
||||
// then
|
||||
assertThat(actualDto.getCustomerId()).isEqualTo(1234L);
|
||||
public void shouldHaveProperAccessForAdmin() {
|
||||
initAccessFor(MembershipDTO.class, Role.ADMIN).shouldBeExactlyFor(
|
||||
"admissionDocumentDate",
|
||||
"cancellationDocumentDate",
|
||||
"memberFromDate",
|
||||
"memberUntilDate",
|
||||
"customerId",
|
||||
"remark");
|
||||
updateAccessFor(MembershipDTO.class, Role.ADMIN).shouldBeExactlyFor(
|
||||
"cancellationDocumentDate",
|
||||
"memberUntilDate",
|
||||
"remark");
|
||||
readAccessFor(MembershipDTO.class, Role.ADMIN).shouldBeForAllFields();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void contractualContactShouldNotHaveRightToCreate() throws IOException {
|
||||
securityContext.havingAuthenticatedUser().withRole(CustomerDTO.class, 1234L, Role.CONTRACTUAL_CONTACT);
|
||||
givenJSonTree(asJSon(ImmutablePair.of("customerId", 1234L)));
|
||||
|
||||
// when
|
||||
Throwable exception = catchThrowable(
|
||||
() -> new JSonDeserializationWithAccessFilter<>(
|
||||
ctx,
|
||||
userRoleAssignmentService,
|
||||
jsonParser,
|
||||
null,
|
||||
MembershipDTO.class).deserialize());
|
||||
|
||||
// then
|
||||
assertThat(exception).isInstanceOfSatisfying(BadRequestAlertException.class, badRequestAlertException -> {
|
||||
assertThat(badRequestAlertException.getParam()).isEqualTo("MembershipDTO.customerId");
|
||||
assertThat(badRequestAlertException.getErrorKey()).isEqualTo("referencingProhibited");
|
||||
});
|
||||
public void shouldHaveProperAccessForSupporter() {
|
||||
initAccessFor(MembershipDTO.class, Role.SUPPORTER).shouldBeForNothing();
|
||||
updateAccessFor(MembershipDTO.class, Role.SUPPORTER).shouldBeForNothing();
|
||||
readAccessFor(MembershipDTO.class, Role.SUPPORTER).shouldBeForAllFields();
|
||||
}
|
||||
|
||||
// --- only fixture code below ---
|
||||
|
||||
private void givenJSonTree(String givenJSon) throws IOException {
|
||||
given(codec.readTree(jsonParser)).willReturn(new ObjectMapper().readTree(givenJSon));
|
||||
@Test
|
||||
public void shouldHaveProperAccessForContractualContact() {
|
||||
initAccessFor(MembershipDTO.class, Role.CONTRACTUAL_CONTACT).shouldBeForNothing();
|
||||
updateAccessFor(MembershipDTO.class, Role.CONTRACTUAL_CONTACT).shouldBeForNothing();
|
||||
readAccessFor(MembershipDTO.class, Role.CONTRACTUAL_CONTACT).shouldBeExactlyFor(
|
||||
"id",
|
||||
"admissionDocumentDate",
|
||||
"cancellationDocumentDate",
|
||||
"memberFromDate",
|
||||
"memberUntilDate",
|
||||
"customerId",
|
||||
"customerPrefix",
|
||||
"customerDisplayLabel",
|
||||
"displayLabel");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldHaveNoAccessForTechnicalContact() {
|
||||
initAccessFor(MembershipDTO.class, Role.TECHNICAL_CONTACT).shouldBeForNothing();
|
||||
updateAccessFor(MembershipDTO.class, Role.TECHNICAL_CONTACT).shouldBeForNothing();
|
||||
readAccessFor(MembershipDTO.class, Role.TECHNICAL_CONTACT).shouldBeForNothing();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldHaveNoAccessForNormalUsersWithinCustomerRealm() {
|
||||
initAccessFor(MembershipDTO.class, Role.ANY_CUSTOMER_USER).shouldBeForNothing();
|
||||
updateAccessFor(MembershipDTO.class, Role.ANY_CUSTOMER_USER).shouldBeForNothing();
|
||||
readAccessFor(MembershipDTO.class, Role.ANY_CUSTOMER_USER).shouldBeForNothing();
|
||||
}
|
||||
|
||||
// --- only test fixture below ---
|
||||
|
||||
public static MembershipDTO createSampleDTO(final Long id, final Long parentId) {
|
||||
final MembershipDTO dto = new MembershipDTO();
|
||||
dto.setId(id);
|
||||
final LocalDate referenceDate = LocalDate.parse("2000-12-07");
|
||||
dto.setAdmissionDocumentDate(referenceDate);
|
||||
dto.setCancellationDocumentDate(referenceDate.plusDays(3500));
|
||||
dto.setMemberFromDate(referenceDate.plusDays(4));
|
||||
dto.setMemberUntilDate(referenceDate.plusDays(3500).plusDays(400).withDayOfYear(1).minusDays(1));
|
||||
dto.setRemark("Some Remark");
|
||||
dto.setCustomerId(parentId);
|
||||
dto.setCustomerPrefix("abc");
|
||||
dto.setCustomerDisplayLabel("ABC GmbH [abc:10001]");
|
||||
dto.setDisplayLabel("ABC GmbH [abc:10001] 2000-12-11 - 2011-12-31");
|
||||
return dto;
|
||||
}
|
||||
|
||||
public static MembershipDTO createRandomDTO(final Long id, final Long parentId) {
|
||||
final MembershipDTO dto = new MembershipDTO();
|
||||
dto.setId(id);
|
||||
final LocalDate randomDate = LocalDate.parse("2000-12-07").plusDays(RandomUtils.nextInt(1, 999));
|
||||
dto.setAdmissionDocumentDate(randomDate);
|
||||
dto.setCancellationDocumentDate(randomDate.plusDays(3500));
|
||||
dto.setMemberFromDate(randomDate.plusDays(4));
|
||||
dto.setMemberUntilDate(randomDate.plusDays(3500).plusDays(400).withDayOfYear(1).minusDays(1));
|
||||
dto.setRemark(RandomStringUtils.randomAlphanumeric(20).toUpperCase());
|
||||
dto.setCustomerId(parentId);
|
||||
dto.setCustomerPrefix(RandomStringUtils.randomAlphabetic(3).toLowerCase());
|
||||
dto.setCustomerDisplayLabel(RandomStringUtils.randomAlphabetic(13));
|
||||
dto.setDisplayLabel(dto.getCustomerDisplayLabel() + dto.getMemberFromDate() + " - " + dto.getMemberUntilDate());
|
||||
return dto;
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,154 @@
|
||||
// Licensed under Apache-2.0
|
||||
package org.hostsharing.hsadminng.service.dto;
|
||||
|
||||
import static org.apache.commons.lang3.tuple.ImmutablePair.of;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.mockito.BDDMockito.given;
|
||||
|
||||
import org.hostsharing.hsadminng.domain.Customer;
|
||||
import org.hostsharing.hsadminng.domain.User;
|
||||
import org.hostsharing.hsadminng.domain.UserRoleAssignment;
|
||||
import org.hostsharing.hsadminng.repository.UserRepository;
|
||||
import org.hostsharing.hsadminng.repository.UserRoleAssignmentRepository;
|
||||
import org.hostsharing.hsadminng.security.AuthoritiesConstants;
|
||||
import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
|
||||
import org.hostsharing.hsadminng.service.accessfilter.JSonBuilder;
|
||||
import org.hostsharing.hsadminng.service.accessfilter.Role;
|
||||
import org.hostsharing.hsadminng.service.accessfilter.SecurityContextMock;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.junit.MockitoJUnit;
|
||||
import org.mockito.junit.MockitoRule;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.json.JsonTest;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.mock.mockito.MockBean;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Optional;
|
||||
|
||||
@JsonTest
|
||||
@SpringBootTest(
|
||||
classes = {
|
||||
UserRoleAssignmentRepository.class,
|
||||
UserRoleAssignmentService.class,
|
||||
UserRoleAssignment.UserRoleAssignmentJsonSerializer.class,
|
||||
UserRoleAssignment.UserRoleAssignmentJsonDeserializer.class })
|
||||
@RunWith(SpringRunner.class)
|
||||
public class UserRoleAssignmentUnitTest {
|
||||
|
||||
public static final long USER_ROLE_ASSIGNMENT_ID = 1234L;
|
||||
public static final long CUSTOMER_ID = 888L;
|
||||
public static final long USER_ID = 42L;
|
||||
|
||||
@Rule
|
||||
public MockitoRule mockito = MockitoJUnit.rule();
|
||||
|
||||
@Autowired
|
||||
private ObjectMapper objectMapper;
|
||||
|
||||
@MockBean
|
||||
private UserRepository userRepository;
|
||||
|
||||
@MockBean
|
||||
private UserRoleAssignmentRepository userRoleAssignmentRepository;
|
||||
|
||||
@MockBean
|
||||
private UserRoleAssignmentService userRoleAssignmentService;
|
||||
|
||||
private SecurityContextMock securityContext;
|
||||
|
||||
@Before
|
||||
public void init() {
|
||||
securityContext = SecurityContextMock.usingMock(userRoleAssignmentService);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSerializationAsContractualCustomerContact() throws JsonProcessingException {
|
||||
|
||||
// given
|
||||
securityContext.havingAuthenticatedUser().withRole(CustomerDTO.class, CUSTOMER_ID, Role.CONTRACTUAL_CONTACT);
|
||||
UserRoleAssignment given = createSomeUserRoleAssignment(USER_ROLE_ASSIGNMENT_ID);
|
||||
|
||||
// when
|
||||
String actual = objectMapper.writeValueAsString(given);
|
||||
|
||||
// then
|
||||
assertEquals("{}", actual); // dependent rights not yet implemented for UserRoleAssignments
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSerializationAsSupporter() throws JsonProcessingException {
|
||||
|
||||
// given
|
||||
securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.SUPPORTER);
|
||||
UserRoleAssignment given = createSomeUserRoleAssignment(USER_ROLE_ASSIGNMENT_ID);
|
||||
|
||||
// when
|
||||
String actual = objectMapper.writeValueAsString(given);
|
||||
|
||||
// then
|
||||
assertThat(actual).isEqualTo(createExpectedJSon(given));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDeserializeAsAdmin() throws IOException {
|
||||
// given
|
||||
securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.ADMIN);
|
||||
given(userRoleAssignmentRepository.findById(USER_ROLE_ASSIGNMENT_ID))
|
||||
.willReturn(Optional.of(new UserRoleAssignment().id(USER_ROLE_ASSIGNMENT_ID)));
|
||||
final User expectedUser = new User().id(USER_ID);
|
||||
given(userRepository.getOne(USER_ID)).willReturn(expectedUser);
|
||||
String json = JSonBuilder.asJSon(
|
||||
of("id", USER_ROLE_ASSIGNMENT_ID),
|
||||
of("entityTypeId", Customer.ENTITY_TYPE_ID),
|
||||
of("entityObjectId", CUSTOMER_ID),
|
||||
of(
|
||||
"user",
|
||||
JSonBuilder.asJSon(
|
||||
of("id", USER_ID))),
|
||||
of("assignedRole", Role.TECHNICAL_CONTACT.name()));
|
||||
|
||||
// when
|
||||
UserRoleAssignment actual = objectMapper.readValue(json, UserRoleAssignment.class);
|
||||
|
||||
// then
|
||||
UserRoleAssignment expected = new UserRoleAssignment();
|
||||
expected.setId(USER_ROLE_ASSIGNMENT_ID);
|
||||
expected.setEntityTypeId(Customer.ENTITY_TYPE_ID);
|
||||
expected.setEntityObjectId(CUSTOMER_ID);
|
||||
expected.setAssignedRole(Role.TECHNICAL_CONTACT);
|
||||
expected.setUser(expectedUser);
|
||||
assertThat(actual).isEqualToComparingFieldByField(expected);
|
||||
}
|
||||
|
||||
// --- only test fixture below ---
|
||||
|
||||
public static String createExpectedJSon(UserRoleAssignment dto) {
|
||||
return new JSonBuilder()
|
||||
.withFieldValueIfPresent("id", dto.getId())
|
||||
.withFieldValueIfPresent("entityTypeId", dto.getEntityTypeId())
|
||||
.withFieldValueIfPresent("entityObjectId", dto.getEntityObjectId())
|
||||
.withFieldValueIfPresent("assignedRole", dto.getAssignedRole())
|
||||
.withFieldValueIfPresent("user", dto.getUser().getId())
|
||||
.toString();
|
||||
}
|
||||
|
||||
public static UserRoleAssignment createSomeUserRoleAssignment(final Long id) {
|
||||
final UserRoleAssignment given = new UserRoleAssignment();
|
||||
given.setId(id);
|
||||
given.setEntityTypeId(Customer.ENTITY_TYPE_ID);
|
||||
given.setEntityObjectId(CUSTOMER_ID);
|
||||
given.setUser(new User().id(USER_ID));
|
||||
given.setAssignedRole(Role.TECHNICAL_CONTACT);
|
||||
return given;
|
||||
}
|
||||
}
|
||||
@ -180,6 +180,9 @@ public class MembershipResourceIntTest {
|
||||
|
||||
// Create the Membership
|
||||
MembershipDTO membershipDTO = membershipMapper.toDto(membership);
|
||||
membershipDTO.setCustomerPrefix(null);
|
||||
membershipDTO.setCustomerDisplayLabel(null);
|
||||
membershipDTO.setDisplayLabel(null);
|
||||
restMembershipMockMvc.perform(
|
||||
post("/api/memberships")
|
||||
.contentType(TestUtil.APPLICATION_JSON_UTF8)
|
||||
|
||||
@ -0,0 +1,58 @@
|
||||
// Licensed under Apache-2.0
|
||||
package org.hostsharing.hsadminng.web.rest;
|
||||
|
||||
import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
|
||||
import static org.assertj.core.api.ThrowableAssert.catchThrowable;
|
||||
|
||||
import org.hostsharing.hsadminng.service.dto.MembershipDTO;
|
||||
import org.hostsharing.hsadminng.service.dto.MembershipDTOUnitTest;
|
||||
import org.hostsharing.hsadminng.web.rest.errors.BadRequestAlertException;
|
||||
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.junit.MockitoJUnit;
|
||||
import org.mockito.junit.MockitoRule;
|
||||
|
||||
// Currently this class tests mostly special 'bad paths'
|
||||
// which make little sense to test in *ResourceIntTest.
|
||||
public class MembershipResourceUnitTest {
|
||||
|
||||
@Rule
|
||||
public MockitoRule mockitoRule = MockitoJUnit.rule();
|
||||
|
||||
@InjectMocks
|
||||
private MembershipResource membershipResource;
|
||||
|
||||
@Test
|
||||
public void createSepaMandateWithoutIdThrowsBadRequestException() {
|
||||
|
||||
// given
|
||||
final MembershipDTO givenDto = MembershipDTOUnitTest.createRandomDTO(null, 1L);
|
||||
|
||||
// when
|
||||
final Throwable actual = catchThrowable(() -> membershipResource.updateMembership(givenDto));
|
||||
|
||||
// then
|
||||
assertThat(actual).isInstanceOfSatisfying(BadRequestAlertException.class, bre -> {
|
||||
assertThat(bre.getErrorKey()).isEqualTo("idnull");
|
||||
assertThat(bre.getParam()).isEqualTo("membership");
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void createSepaMandateWithIdThrowsBadRequestException() {
|
||||
|
||||
// given
|
||||
final MembershipDTO givenDto = MembershipDTOUnitTest.createRandomDTO(2L, 1L);
|
||||
|
||||
// when
|
||||
final Throwable actual = catchThrowable(() -> membershipResource.createMembership(givenDto));
|
||||
|
||||
// then
|
||||
assertThat(actual).isInstanceOfSatisfying(BadRequestAlertException.class, bre -> {
|
||||
assertThat(bre.getErrorKey()).isEqualTo("idexists");
|
||||
assertThat(bre.getParam()).isEqualTo("membership");
|
||||
});
|
||||
}
|
||||
}
|
||||
@ -11,9 +11,11 @@ import org.hostsharing.hsadminng.HsadminNgApp;
|
||||
import org.hostsharing.hsadminng.domain.User;
|
||||
import org.hostsharing.hsadminng.domain.UserRoleAssignment;
|
||||
import org.hostsharing.hsadminng.repository.UserRoleAssignmentRepository;
|
||||
import org.hostsharing.hsadminng.security.AuthoritiesConstants;
|
||||
import org.hostsharing.hsadminng.service.UserRoleAssignmentQueryService;
|
||||
import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
|
||||
import org.hostsharing.hsadminng.service.accessfilter.Role;
|
||||
import org.hostsharing.hsadminng.service.accessfilter.SecurityContextFake;
|
||||
import org.hostsharing.hsadminng.web.rest.errors.ExceptionTranslator;
|
||||
|
||||
import org.junit.Before;
|
||||
@ -94,6 +96,8 @@ public class UserRoleAssignmentResourceIntTest {
|
||||
.setMessageConverters(jacksonMessageConverter)
|
||||
.setValidator(validator)
|
||||
.build();
|
||||
|
||||
SecurityContextFake.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.SUPPORTER);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -103,9 +107,13 @@ public class UserRoleAssignmentResourceIntTest {
|
||||
* if they test an entity which requires the current entity.
|
||||
*/
|
||||
public static UserRoleAssignment createEntity(EntityManager em) {
|
||||
User user = UserResourceIntTest.createEntity(em);
|
||||
em.persist(user);
|
||||
em.flush();
|
||||
UserRoleAssignment userRoleAssignment = new UserRoleAssignment()
|
||||
.entityTypeId(DEFAULT_ENTITY_TYPE_ID)
|
||||
.entityObjectId(DEFAULT_ENTITY_OBJECT_ID)
|
||||
.user(user)
|
||||
.assignedRole(DEFAULT_ASSIGNED_ROLE);
|
||||
return userRoleAssignment;
|
||||
}
|
||||
@ -121,6 +129,7 @@ public class UserRoleAssignmentResourceIntTest {
|
||||
int databaseSizeBeforeCreate = userRoleAssignmentRepository.findAll().size();
|
||||
|
||||
// Create the UserRoleAssignment
|
||||
SecurityContextFake.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.ADMIN);
|
||||
restUserRoleAssignmentMockMvc.perform(
|
||||
post("/api/user-role-assignments")
|
||||
.contentType(TestUtil.APPLICATION_JSON_UTF8)
|
||||
@ -460,6 +469,7 @@ public class UserRoleAssignmentResourceIntTest {
|
||||
int databaseSizeBeforeUpdate = userRoleAssignmentRepository.findAll().size();
|
||||
|
||||
// Update the userRoleAssignment
|
||||
SecurityContextFake.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.ADMIN);
|
||||
UserRoleAssignment updatedUserRoleAssignment = userRoleAssignmentRepository.findById(userRoleAssignment.getId()).get();
|
||||
// Disconnect from session so that the updates on updatedUserRoleAssignment are not directly saved in db
|
||||
em.detach(updatedUserRoleAssignment);
|
||||
|
||||
@ -0,0 +1,58 @@
|
||||
// Licensed under Apache-2.0
|
||||
package org.hostsharing.hsadminng.web.rest;
|
||||
|
||||
import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
|
||||
import static org.assertj.core.api.ThrowableAssert.catchThrowable;
|
||||
|
||||
import org.hostsharing.hsadminng.domain.UserRoleAssignment;
|
||||
import org.hostsharing.hsadminng.service.dto.UserRoleAssignmentUnitTest;
|
||||
import org.hostsharing.hsadminng.web.rest.errors.BadRequestAlertException;
|
||||
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.junit.MockitoJUnit;
|
||||
import org.mockito.junit.MockitoRule;
|
||||
|
||||
// Currently this class tests mostly special 'bad paths'
|
||||
// which make little sense to test in *ResourceIntTest.
|
||||
public class UserRoleAssignmentResourceUnitTest {
|
||||
|
||||
@Rule
|
||||
public MockitoRule mockitoRule = MockitoJUnit.rule();
|
||||
|
||||
@InjectMocks
|
||||
private UserRoleAssignmentResource userRoleAssignmentResource;
|
||||
|
||||
@Test
|
||||
public void createUserRoleAssignmentWithoutIdThrowsBadRequestException() {
|
||||
|
||||
// given
|
||||
final UserRoleAssignment givenEntity = UserRoleAssignmentUnitTest.createSomeUserRoleAssignment(null);
|
||||
|
||||
// when
|
||||
final Throwable actual = catchThrowable(() -> userRoleAssignmentResource.updateUserRoleAssignment(givenEntity));
|
||||
|
||||
// then
|
||||
assertThat(actual).isInstanceOfSatisfying(BadRequestAlertException.class, bre -> {
|
||||
assertThat(bre.getErrorKey()).isEqualTo("idnull");
|
||||
assertThat(bre.getParam()).isEqualTo("userRoleAssignment");
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void createUserRoleAssignmentWithIdThrowsBadRequestException() {
|
||||
|
||||
// given
|
||||
final UserRoleAssignment givenEntity = UserRoleAssignmentUnitTest.createSomeUserRoleAssignment(1L);
|
||||
|
||||
// when
|
||||
final Throwable actual = catchThrowable(() -> userRoleAssignmentResource.createUserRoleAssignment(givenEntity));
|
||||
|
||||
// then
|
||||
assertThat(actual).isInstanceOfSatisfying(BadRequestAlertException.class, bre -> {
|
||||
assertThat(bre.getErrorKey()).isEqualTo("idexists");
|
||||
assertThat(bre.getParam()).isEqualTo("userRoleAssignment");
|
||||
});
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user