add unixuser prototype as preparation for testability of grants
This commit is contained in:
Michael Hoennig
@ -12,7 +12,7 @@ import org.springframework.boot.test.web.server.LocalServerPort;
|
||||
|
||||
import javax.persistence.EntityManager;
|
||||
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.*;
|
||||
|
||||
@SpringBootTest(
|
||||
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
|
||||
@ -50,14 +50,15 @@ class RbacRoleControllerAcceptanceTest {
|
||||
.then().assertThat()
|
||||
.statusCode(200)
|
||||
.contentType("application/json")
|
||||
.body("[0].roleName", is("customer#aaa.owner"))
|
||||
.body("[1].roleName", is("customer#aaa.admin"))
|
||||
.body("[0].roleName", is("customer#aaa.admin"))
|
||||
.body("[1].roleName", is("customer#aaa.owner"))
|
||||
.body("[2].roleName", is("customer#aaa.tenant"))
|
||||
.body("[3].roleName", is("package#aaa00.owner"))
|
||||
.body("[4].roleName", is("package#aaa00.tenant"))
|
||||
// ...
|
||||
.body("[36].roleName", is("global#hostsharing.admin"))
|
||||
.body( "size()", is(37));
|
||||
.body("", hasItem(hasEntry("roleName", "global#hostsharing.admin")))
|
||||
.body("", hasItem(hasEntry("roleName", "customer#aab.admin")))
|
||||
.body("", hasItem(hasEntry("roleName", "package#aab00.admin")))
|
||||
.body("", hasItem(hasEntry("roleName", "unixuser#aab00-aaaa.owner")))
|
||||
.body( "size()", is(73)); // increases with new test data
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@ -69,17 +70,18 @@ class RbacRoleControllerAcceptanceTest {
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@hostsharing.net")
|
||||
.header("assumed-roles", "package#aaa00.admin")
|
||||
.header("assumed-roles", "package#aab00.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac-roles")
|
||||
.then().assertThat()
|
||||
.statusCode(200)
|
||||
.contentType("application/json")
|
||||
.body("[0].roleName", is("customer#aaa.tenant"))
|
||||
.body("[1].roleName", is("package#aaa00.admin"))
|
||||
.body("[2].roleName", is("package#aaa00.tenant"))
|
||||
.body("size()", is(3));
|
||||
.body("[0].roleName", is("customer#aab.tenant"))
|
||||
.body("[1].roleName", is("package#aab00.admin"))
|
||||
.body("[2].roleName", is("package#aab00.tenant"))
|
||||
.body("[3].roleName", is("unixuser#aab00-aaaa.admin"))
|
||||
.body("size()", is(7)); // increases with new test data
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@ -90,17 +92,18 @@ class RbacRoleControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "aaa00@aaa.example.com")
|
||||
.header("current-user", "aac00@aac.example.com")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac-roles")
|
||||
.then().assertThat()
|
||||
.statusCode(200)
|
||||
.contentType("application/json")
|
||||
.body("[0].roleName", is("customer#aaa.tenant"))
|
||||
.body("[1].roleName", is("package#aaa00.admin"))
|
||||
.body("[2].roleName", is("package#aaa00.tenant"))
|
||||
.body("size()", is(3));;
|
||||
.body("[0].roleName", is("customer#aac.tenant"))
|
||||
.body("[1].roleName", is("package#aac00.admin"))
|
||||
.body("[2].roleName", is("package#aac00.tenant"))
|
||||
.body("[3].roleName", is("unixuser#aac00-aaaa.admin"))
|
||||
.body("size()", is(7)); // increases with new test data
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
|
||||
@ -59,7 +59,7 @@ class RbacRoleRepositoryIntegrationTest {
|
||||
final var result = rbacRoleRepository.findAll();
|
||||
|
||||
// then
|
||||
exactlyTheseRbacRolesAreReturned(result, ALL_TEST_DATA_ROLES);
|
||||
allTheseRbacRolesAreReturned(result, ALL_TEST_DATA_ROLES);
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -72,7 +72,7 @@ class RbacRoleRepositoryIntegrationTest {
|
||||
final var result = rbacRoleRepository.findAll();
|
||||
|
||||
then:
|
||||
exactlyTheseRbacRolesAreReturned(result, ALL_TEST_DATA_ROLES);
|
||||
allTheseRbacRolesAreReturned(result, ALL_TEST_DATA_ROLES);
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -84,13 +84,33 @@ class RbacRoleRepositoryIntegrationTest {
|
||||
final var result = rbacRoleRepository.findAll();
|
||||
|
||||
// then:
|
||||
exactlyTheseRbacRolesAreReturned(
|
||||
allTheseRbacRolesAreReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
"customer#aaa.admin", "customer#aaa.tenant",
|
||||
"package#aaa00.admin", "package#aaa00.owner", "package#aaa00.tenant",
|
||||
"package#aaa01.admin", "package#aaa01.owner", "package#aaa01.tenant",
|
||||
"package#aaa02.admin", "package#aaa02.owner", "package#aaa02.tenant"
|
||||
"customer#aaa.admin",
|
||||
"customer#aaa.tenant",
|
||||
"package#aaa00.admin",
|
||||
"package#aaa00.owner",
|
||||
"package#aaa00.tenant",
|
||||
"package#aaa01.admin",
|
||||
"package#aaa01.owner",
|
||||
"package#aaa01.tenant",
|
||||
// ...
|
||||
"unixuser#aaa00-aaaa.admin",
|
||||
"unixuser#aaa00-aaaa.owner",
|
||||
// ..
|
||||
"unixuser#aaa01-aaaa.admin",
|
||||
"unixuser#aaa01-aaaa.owner"
|
||||
// @formatter:on
|
||||
);
|
||||
noneOfTheseRbacRolesIsReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
"global#hostsharing.admin",
|
||||
"customer#aaa.owner",
|
||||
"package#aab00.admin",
|
||||
"package#aab00.owner",
|
||||
"package#aab00.tenant"
|
||||
// @formatter:on
|
||||
);
|
||||
}
|
||||
@ -102,7 +122,15 @@ class RbacRoleRepositoryIntegrationTest {
|
||||
|
||||
final var result = rbacRoleRepository.findAll();
|
||||
|
||||
exactlyTheseRbacRolesAreReturned(result, "customer#aaa.tenant", "package#aaa00.tenant", "package#aaa00.admin");
|
||||
exactlyTheseRbacRolesAreReturned(
|
||||
result,
|
||||
"customer#aaa.tenant",
|
||||
"package#aaa00.admin",
|
||||
"package#aaa00.tenant",
|
||||
"unixuser#aaa00-aaaa.admin",
|
||||
"unixuser#aaa00-aaaa.owner",
|
||||
"unixuser#aaa00-aaab.admin",
|
||||
"unixuser#aaa00-aaab.owner");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -191,4 +219,16 @@ class RbacRoleRepositoryIntegrationTest {
|
||||
.containsExactlyInAnyOrder(expectedRoleNames);
|
||||
}
|
||||
|
||||
void allTheseRbacRolesAreReturned(final List<RbacRoleEntity> actualResult, final String... expectedRoleNames) {
|
||||
assertThat(actualResult)
|
||||
.extracting(RbacRoleEntity::getRoleName)
|
||||
.contains(expectedRoleNames);
|
||||
}
|
||||
|
||||
void noneOfTheseRbacRolesIsReturned(final List<RbacRoleEntity> actualResult, final String... unexpectedRoleNames) {
|
||||
assertThat(actualResult)
|
||||
.extracting(RbacRoleEntity::getRoleName)
|
||||
.doesNotContain(unexpectedRoleNames);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -237,7 +237,7 @@ class RbacUserRepositoryIntegrationTest {
|
||||
final var result = rbacUserRepository.findPermissionsOfUser("mike@hostsharing.net");
|
||||
|
||||
// then
|
||||
exactlyTheseRbacPermissionsAreReturned(result, ALL_USER_PERMISSIONS);
|
||||
allTheseRbacPermissionsAreReturned(result, ALL_USER_PERMISSIONS);
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -266,7 +266,7 @@ class RbacUserRepositoryIntegrationTest {
|
||||
final var result = rbacUserRepository.findPermissionsOfUser("admin@aaa.example.com");
|
||||
|
||||
// then
|
||||
exactlyTheseRbacPermissionsAreReturned(
|
||||
allTheseRbacPermissionsAreReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
"customer#aaa.admin -> customer#aaa: add-package",
|
||||
@ -276,14 +276,25 @@ class RbacUserRepositoryIntegrationTest {
|
||||
"package#aaa00.admin -> package#aaa00: add-domain",
|
||||
"package#aaa00.admin -> package#aaa00: add-unixuser",
|
||||
"package#aaa00.tenant -> package#aaa00: view",
|
||||
"unixuser#aaa00-aaaa.owner -> unixuser#aaa00-aaaa: *",
|
||||
|
||||
"package#aaa01.admin -> package#aaa01: add-domain",
|
||||
"package#aaa01.admin -> package#aaa01: add-unixuser",
|
||||
"package#aaa01.tenant -> package#aaa01: view",
|
||||
"unixuser#aaa01-aaaa.owner -> unixuser#aaa01-aaaa: *",
|
||||
|
||||
"package#aaa02.admin -> package#aaa02: add-domain",
|
||||
"package#aaa02.admin -> package#aaa02: add-unixuser",
|
||||
"package#aaa02.tenant -> package#aaa02: view"
|
||||
"package#aaa02.tenant -> package#aaa02: view",
|
||||
"unixuser#aaa02-aaaa.owner -> unixuser#aaa02-aaaa: *"
|
||||
// @formatter:on
|
||||
);
|
||||
noneOfTheseRbacPermissionsAreReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
"customer#aab.admin -> customer#aab: add-package",
|
||||
"customer#aab.admin -> customer#aab: view",
|
||||
"customer#aab.tenant -> customer#aab: view"
|
||||
// @formatter:on
|
||||
);
|
||||
}
|
||||
@ -313,14 +324,29 @@ class RbacUserRepositoryIntegrationTest {
|
||||
final var result = rbacUserRepository.findPermissionsOfUser("aaa00@aaa.example.com");
|
||||
|
||||
// then
|
||||
exactlyTheseRbacPermissionsAreReturned(
|
||||
allTheseRbacPermissionsAreReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
"customer#aaa.tenant -> customer#aaa: view",
|
||||
// "customer#aaa.admin -> customer#aaa: view" - Not permissions through the customer admin!
|
||||
"package#aaa00.admin -> package#aaa00: add-unixuser",
|
||||
"package#aaa00.admin -> package#aaa00: add-domain",
|
||||
"package#aaa00.tenant -> package#aaa00: view"
|
||||
"package#aaa00.tenant -> package#aaa00: view",
|
||||
"unixuser#aaa00-aaaa.owner -> unixuser#aaa00-aaaa: *",
|
||||
"unixuser#aaa00-aaab.owner -> unixuser#aaa00-aaab: *"
|
||||
// @formatter:on
|
||||
);
|
||||
noneOfTheseRbacPermissionsAreReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
"customer#aab.admin -> customer#aab: add-package",
|
||||
"customer#aab.admin -> customer#aab: view",
|
||||
"customer#aab.tenant -> customer#aab: view",
|
||||
"package#aab00.admin -> package#aab00: add-unixuser",
|
||||
"package#aab00.admin -> package#aab00: add-domain",
|
||||
"package#aab00.tenant -> package#aab00: view",
|
||||
"unixuser#aab00-aaaa.owner -> unixuser#aab00-aaaa: *",
|
||||
"unixuser#aab00-aaab.owner -> unixuser#aab00-aaab: *"
|
||||
// @formatter:on
|
||||
);
|
||||
}
|
||||
@ -346,7 +372,7 @@ class RbacUserRepositoryIntegrationTest {
|
||||
final var result = rbacUserRepository.findPermissionsOfUser("aaa00@aaa.example.com");
|
||||
|
||||
// then
|
||||
exactlyTheseRbacPermissionsAreReturned(
|
||||
allTheseRbacPermissionsAreReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
"customer#aaa.tenant -> customer#aaa: view",
|
||||
@ -356,6 +382,22 @@ class RbacUserRepositoryIntegrationTest {
|
||||
"package#aaa00.tenant -> package#aaa00: view"
|
||||
// @formatter:on
|
||||
);
|
||||
noneOfTheseRbacPermissionsAreReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
// no customer admin permissions
|
||||
"customer#aaa.admin -> customer#aaa: add-package",
|
||||
// no permissions on other customer's objects
|
||||
"customer#aab.admin -> customer#aab: add-package",
|
||||
"customer#aab.admin -> customer#aab: view",
|
||||
"customer#aab.tenant -> customer#aab: view",
|
||||
"package#aab00.admin -> package#aab00: add-unixuser",
|
||||
"package#aab00.admin -> package#aab00: add-domain",
|
||||
"package#aab00.tenant -> package#aab00: view",
|
||||
"unixuser#aab00-aaaa.owner -> unixuser#aab00-aaaa: *",
|
||||
"unixuser#aab00-aaab.owner -> unixuser#aab00-aaab: *"
|
||||
// @formatter:on
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@ -391,4 +433,20 @@ class RbacUserRepositoryIntegrationTest {
|
||||
.containsExactlyInAnyOrder(expectedRoleNames);
|
||||
}
|
||||
|
||||
void allTheseRbacPermissionsAreReturned(
|
||||
final List<RbacUserPermission> actualResult,
|
||||
final String... expectedRoleNames) {
|
||||
assertThat(actualResult)
|
||||
.extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp())
|
||||
.contains(expectedRoleNames);
|
||||
}
|
||||
|
||||
void noneOfTheseRbacPermissionsAreReturned(
|
||||
final List<RbacUserPermission> actualResult,
|
||||
final String... unexpectedRoleNames) {
|
||||
assertThat(actualResult)
|
||||
.extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp())
|
||||
.doesNotContain(unexpectedRoleNames);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user