hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

use customer/package/unixuser only as test data structure (DB part)

Browse Source
This commit is contained in:
Michael Hoennig
2022-08-31 09:42:40 +02:00
parent 817c1a9e58
commit a33cb4ec29
33 changed files with 603 additions and 595 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java
View File

@ -31,7 +31,7 @@ class ContextIntegrationTests {
@Test
void defineWithoutHttpServletRequestUsesCallStack() {
context.define("mike@hostsharing.net", null);
context.define("mike@example.org", null);
assertThat(context.getCurrentTask())
.isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack");
@ -41,11 +41,11 @@ class ContextIntegrationTests {
@Transactional
void defineWithCurrentUserButWithoutAssumedRoles() {
// when
context.define("mike@hostsharing.net");
context.define("mike@example.org");
// then
assertThat(context.getCurrentUser()).
isEqualTo("mike@hostsharing.net");
isEqualTo("mike@example.org");
assertThat(context.getCurrentUserUUid()).isNotNull();
@ -59,41 +59,41 @@ class ContextIntegrationTests {
void defineWithoutCurrentUserButWithAssumedRoles() {
// when
final var result = jpaAttempt.transacted(() ->
context.define(null, "package#yyy00.admin")
context.define(null, "test_package#yyy00.admin")
);
// then
result.assertExceptionWithRootCauseMessage(
javax.persistence.PersistenceException.class,
"ERROR: [403] undefined has no permission to assume role package#yyy00.admin");
"ERROR: [403] undefined has no permission to assume role test_package#yyy00.admin");
}
@Test
void defineWithUnknownCurrentUserButWithAssumedRoles() {
// when
final var result = jpaAttempt.transacted(() ->
context.define("unknown@example.org", "package#yyy00.admin")
context.define("unknown@example.org", "test_package#yyy00.admin")
);
// then
result.assertExceptionWithRootCauseMessage(
javax.persistence.PersistenceException.class,
"ERROR: [403] undefined has no permission to assume role package#yyy00.admin");
"ERROR: [403] undefined has no permission to assume role test_package#yyy00.admin");
}
@Test
@Transactional
void defineWithCurrentUserAndAssumedRoles() {
// given
context.define("mike@hostsharing.net", "customer#xxx.owner;customer#yyy.owner");
context.define("mike@example.org", "test_customer#xxx.owner;test_customer#yyy.owner");
// when
final var currentUser = context.getCurrentUser();
assertThat(currentUser).isEqualTo("mike@hostsharing.net");
assertThat(currentUser).isEqualTo("mike@example.org");
// then
assertThat(context.getAssumedRoles())
.isEqualTo(Array.of("customer#xxx.owner", "customer#yyy.owner"));
.isEqualTo(Array.of("test_customer#xxx.owner", "test_customer#yyy.owner"));
assertThat(context.currentSubjectsUuids()).hasSize(2);
}
@ -101,12 +101,12 @@ class ContextIntegrationTests {
public void defineContextWithCurrentUserAndAssumeInaccessibleRole() {
// when
final var result = jpaAttempt.transacted(() ->
context.define("customer-admin@xxx.example.com", "package#yyy00.admin")
context.define("customer-admin@xxx.example.com", "test_package#yyy00.admin")
);
// then
result.assertExceptionWithRootCauseMessage(
javax.persistence.PersistenceException.class,
"ERROR: [403] user customer-admin@xxx.example.com has no permission to assume role package#yyy00.admin");
"ERROR: [403] user customer-admin@xxx.example.com has no permission to assume role test_package#yyy00.admin");
}
}

34
src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerControllerAcceptanceTest.java
View File

@ -39,10 +39,10 @@ class CustomerControllerAcceptanceTest {
class ListCustomers {
@Test
void hostsharingAdmin_withoutAssumedRoles_canViewAllCustomers_ifNoCriteriaGiven() {
void testGlobalAdmin_withoutAssumedRoles_canViewAllCustomers_ifNoCriteriaGiven() {
RestAssured // @formatter:off
.given()
.header("current-user", "mike@hostsharing.net")
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/customers")
@ -57,10 +57,10 @@ class CustomerControllerAcceptanceTest {
}
@Test
void hostsharingAdmin_withoutAssumedRoles_canViewMatchingCustomers_ifCriteriaGiven() {
void testGlobalAdmin_withoutAssumedRoles_canViewMatchingCustomers_ifCriteriaGiven() {
RestAssured // @formatter:off
.given()
.header("current-user", "mike@hostsharing.net")
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/customers?prefix=y")
@ -73,11 +73,11 @@ class CustomerControllerAcceptanceTest {
}
@Test
void hostsharingAdmin_withoutAssumedCustomerAdminRole_canOnlyViewOwnCustomer() {
void testGlobalAdmin_withoutAssumedCustomerAdminRole_canOnlyViewOwnCustomer() {
RestAssured // @formatter:off
.given()
.header("current-user", "mike@hostsharing.net")
.header("assumed-roles", "customer#yyy.admin")
.header("current-user", "mike@example.org")
.header("assumed-roles", "test_customer#yyy.admin")
.port(port)
.when()
.get("http://localhost/api/customers")
@ -110,11 +110,11 @@ class CustomerControllerAcceptanceTest {
class AddCustomer {
@Test
void hostsharingAdmin_withoutAssumedRole_canAddCustomer() {
void testGlobalAdmin_withoutAssumedRole_canAddCustomer() {
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "mike@hostsharing.net")
.header("current-user", "mike@example.org")
.contentType(ContentType.JSON)
.body("""
{
@ -142,13 +142,13 @@ class CustomerControllerAcceptanceTest {
}
@Test
void hostsharingAdmin_withoutAssumedRole_canAddCustomerWithGivenUuid() {
void testGlobalAdmin_withoutAssumedRole_canAddCustomerWithGivenUuid() {
final var givenUuid = UUID.randomUUID();
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "mike@hostsharing.net")
.header("current-user", "mike@example.org")
.contentType(ContentType.JSON)
.body("""
{
@ -180,12 +180,12 @@ class CustomerControllerAcceptanceTest {
}
@Test
void hostsharingAdmin_withAssumedCustomerAdminRole_canNotAddCustomer() {
void testGlobalAdmin_withAssumedCustomerAdminRole_canNotAddCustomer() {
RestAssured // @formatter:off
.given()
.header("current-user", "mike@hostsharing.net")
.header("assumed-roles", "customer#xxx.admin")
.header("current-user", "mike@example.org")
.header("assumed-roles", "test_customer#xxx.admin")
.contentType(ContentType.JSON)
.body("""
{
@ -201,11 +201,11 @@ class CustomerControllerAcceptanceTest {
.statusCode(403)
.contentType(ContentType.JSON)
.statusCode(403)
.body("message", containsString("add-customer not permitted for customer#xxx.admin"));
.body("message", containsString("add-customer not permitted for test_customer#xxx.admin"));
// @formatter:on
// finally, the new customer was not created
context.define("sven@hostsharing.net");
context.define("sven@example.org");
assertThat(customerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
}
@ -234,7 +234,7 @@ class CustomerControllerAcceptanceTest {
// @formatter:on
// finally, the new customer was not created
context.define("sven@hostsharing.net");
context.define("sven@example.org");
assertThat(customerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
}
}

24
src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerRepositoryIntegrationTest.java
View File

@ -37,9 +37,9 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest {
class CreateCustomer {
@Test
public void hostsharingAdmin_withoutAssumedRole_canCreateNewCustomer() {
public void testGlobalAdmin_withoutAssumedRole_canCreateNewCustomer() {
// given
context("mike@hostsharing.net", null);
context("mike@example.org", null);
final var count = customerRepository.count();
// when
@ -58,9 +58,9 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest {
}
@Test
public void hostsharingAdmin_withAssumedCustomerRole_cannotCreateNewCustomer() {
public void testGlobalAdmin_withAssumedCustomerRole_cannotCreateNewCustomer() {
// given
context("mike@hostsharing.net", "customer#xxx.admin");
context("mike@example.org", "test_customer#xxx.admin");
// when
final var result = attempt(em, () -> {
@ -72,7 +72,7 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest {
// then
result.assertExceptionWithRootCauseMessage(
PersistenceException.class,
"add-customer not permitted for customer#xxx.admin");
"add-customer not permitted for test_customer#xxx.admin");
}
@Test
@ -104,9 +104,9 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest {
class FindAllCustomers {
@Test
public void hostsharingAdmin_withoutAssumedRole_canViewAllCustomers() {
public void testGlobalAdmin_withoutAssumedRole_canViewAllCustomers() {
// given
context("mike@hostsharing.net", null);
context("mike@example.org", null);
// when
final var result = customerRepository.findCustomerByOptionalPrefixLike(null);
@ -116,9 +116,9 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest {
}
@Test
public void hostsharingAdmin_withAssumedHostsharingAdminRole_canViewAllCustomers() {
public void testGlobalAdmin_withAssumedtestGlobalAdminRole_canViewAllCustomers() {
given:
context("mike@hostsharing.net", "global#hostsharing.admin");
context("mike@example.org", "global#test-global.admin");
// when
final var result = customerRepository.findCustomerByOptionalPrefixLike(null);
@ -141,7 +141,7 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnCustomer() {
context("customer-admin@xxx.example.com", "package#xxx00.admin");
context("customer-admin@xxx.example.com", "test_package#xxx00.admin");
final var result = customerRepository.findCustomerByOptionalPrefixLike(null);
@ -153,9 +153,9 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest {
class FindByPrefixLike {
@Test
public void hostsharingAdmin_withoutAssumedRole_canViewAllCustomers() {
public void testGlobalAdmin_withoutAssumedRole_canViewAllCustomers() {
// given
context("mike@hostsharing.net", null);
context("mike@example.org", null);
// when
final var result = customerRepository.findCustomerByOptionalPrefixLike("yyy");

26
src/test/java/net/hostsharing/hsadminng/hs/hspackage/PackageControllerAcceptanceTest.java
View File

@ -43,8 +43,8 @@ class PackageControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("assumed-roles", "customer#xxx.admin")
.header("current-user", "mike@example.org")
.header("assumed-roles", "test_customer#xxx.admin")
.port(port)
.when()
.get("http://localhost/api/packages")
@ -65,8 +65,8 @@ class PackageControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("assumed-roles", "customer#xxx.admin")
.header("current-user", "mike@example.org")
.header("assumed-roles", "test_customer#xxx.admin")
.port(port)
.when()
.get("http://localhost/api/packages?name=xxx01")
@ -93,8 +93,8 @@ class PackageControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("assumed-roles", "customer#xxx.admin")
.header("current-user", "mike@example.org")
.header("assumed-roles", "test_customer#xxx.admin")
.contentType(ContentType.JSON)
.body(format("""
{
@ -123,8 +123,8 @@ class PackageControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("assumed-roles", "customer#xxx.admin")
.header("current-user", "mike@example.org")
.header("assumed-roles", "test_customer#xxx.admin")
.contentType(ContentType.JSON)
.body("""
{
@ -152,8 +152,8 @@ class PackageControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("assumed-roles", "customer#xxx.admin")
.header("current-user", "mike@example.org")
.header("assumed-roles", "test_customer#xxx.admin")
.contentType(ContentType.JSON)
.body("{}")
.port(port)
@ -172,8 +172,8 @@ class PackageControllerAcceptanceTest {
// @formatter:off
return UUID.fromString(RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("assumed-roles", "customer#xxx.admin")
.header("current-user", "mike@example.org")
.header("assumed-roles", "test_customer#xxx.admin")
.port(port)
.when()
.get("http://localhost/api/packages?name={packageName}", packageName)
@ -185,7 +185,7 @@ class PackageControllerAcceptanceTest {
}
String getDescriptionOfPackage(final String packageName) {
context.define("mike@hostsharing.net","customer#xxx.admin");
context.define("mike@example.org","test_customer#xxx.admin");
return packageRepository.findAllByOptionalNameLike(packageName).get(0).getDescription();
}
}

20
src/test/java/net/hostsharing/hsadminng/hs/hspackage/PackageRepositoryIntegrationTest.java
View File

@ -42,9 +42,9 @@ class PackageRepositoryIntegrationTest {
class FindAllByOptionalNameLike {
@Test
public void hostsharingAdmin_withoutAssumedRole_canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() {
public void testGlobalAdmin_withoutAssumedRole_canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() {
// given
context.define("mike@hostsharing.net");
context.define("mike@example.org");
// when
final var result = packageRepository.findAllByOptionalNameLike(null);
@ -54,9 +54,9 @@ class PackageRepositoryIntegrationTest {
}
@Test
public void hostsharingAdmin_withAssumedHostsharingAdminRole__canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() {
public void testGlobalAdmin_withAssumedtestGlobalAdminRole__canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() {
given:
context.define("mike@hostsharing.net", "global#hostsharing.admin");
context.define("mike@example.org", "global#test-global.admin");
// when
final var result = packageRepository.findAllByOptionalNameLike(null);
@ -79,7 +79,7 @@ class PackageRepositoryIntegrationTest {
@Test
public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnPackages() {
context.define("customer-admin@xxx.example.com", "package#xxx00.admin");
context.define("customer-admin@xxx.example.com", "test_package#xxx00.admin");
final var result = packageRepository.findAllByOptionalNameLike(null);
@ -93,17 +93,17 @@ class PackageRepositoryIntegrationTest {
@Test
public void supportsOptimisticLocking() throws InterruptedException {
// given
hostsharingAdminWithAssumedRole("package#xxx00.admin");
testGlobalAdminWithAssumedRole("test_package#xxx00.admin");
final var pac = packageRepository.findAllByOptionalNameLike("%").get(0);
// when
final var result1 = jpaAttempt.transacted(() -> {
hostsharingAdminWithAssumedRole("package#xxx00.admin");
testGlobalAdminWithAssumedRole("test_package#xxx00.admin");
pac.setDescription("description set by thread 1");
packageRepository.save(pac);
});
final var result2 = jpaAttempt.transacted(() -> {
hostsharingAdminWithAssumedRole("package#xxx00.admin");
testGlobalAdminWithAssumedRole("test_package#xxx00.admin");
pac.setDescription("description set by thread 2");
packageRepository.save(pac);
sleep(1500);
@ -125,8 +125,8 @@ class PackageRepositoryIntegrationTest {
}
}
private void hostsharingAdminWithAssumedRole(final String assumedRoles) {
context.define("mike@hostsharing.net", assumedRoles);
private void testGlobalAdminWithAssumedRole(final String assumedRoles) {
context.define("mike@example.org", assumedRoles);
}
void noPackagesAreReturned(final List<PackageEntity> actualResult) {

84
src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java
View File

@ -62,10 +62,10 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
@Test
@Accepts("GRT:L(List)")
void hostsharingAdmin_withoutAssumedRole_canViewAllGrants() {
void testGlobalAdmin_withoutAssumedRole_canViewAllGrants() {
RestAssured // @formatter:off
.given()
.header("current-user", "mike@hostsharing.net")
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/rbac-grants")
@ -74,36 +74,36 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
.contentType("application/json")
.body("", hasItem(
allOf(
hasEntry("grantedByRoleIdName", "global#hostsharing.admin"),
hasEntry("grantedRoleIdName", "customer#xxx.admin"),
hasEntry("grantedByRoleIdName", "global#test-global.admin"),
hasEntry("grantedRoleIdName", "test_customer#xxx.admin"),
hasEntry("granteeUserName", "customer-admin@xxx.example.com")
)
))
.body("", hasItem(
allOf(
hasEntry("grantedByRoleIdName", "global#hostsharing.admin"),
hasEntry("grantedRoleIdName", "customer#yyy.admin"),
hasEntry("grantedByRoleIdName", "global#test-global.admin"),
hasEntry("grantedRoleIdName", "test_customer#yyy.admin"),
hasEntry("granteeUserName", "customer-admin@yyy.example.com")
)
))
.body("", hasItem(
allOf(
hasEntry("grantedByRoleIdName", "global#hostsharing.admin"),
hasEntry("grantedRoleIdName", "global#hostsharing.admin"),
hasEntry("granteeUserName", "sven@hostsharing.net")
hasEntry("grantedByRoleIdName", "global#test-global.admin"),
hasEntry("grantedRoleIdName", "global#test-global.admin"),
hasEntry("granteeUserName", "sven@example.org")
)
))
.body("", hasItem(
allOf(
hasEntry("grantedByRoleIdName", "customer#xxx.admin"),
hasEntry("grantedRoleIdName", "package#xxx00.admin"),
hasEntry("grantedByRoleIdName", "test_customer#xxx.admin"),
hasEntry("grantedRoleIdName", "test_package#xxx00.admin"),
hasEntry("granteeUserName", "pac-admin-xxx00@xxx.example.com")
)
))
.body("", hasItem(
allOf(
hasEntry("grantedByRoleIdName", "customer#zzz.admin"),
hasEntry("grantedRoleIdName", "package#zzz02.admin"),
hasEntry("grantedByRoleIdName", "test_customer#zzz.admin"),
hasEntry("grantedRoleIdName", "test_package#zzz02.admin"),
hasEntry("granteeUserName", "pac-admin-zzz02@zzz.example.com")
)
))
@ -113,11 +113,11 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
@Test
@Accepts({ "GRT:L(List)", "GRT:X(Access Control)" })
void hostsharingAdmin_withAssumedPackageAdminRole_canViewPacketRelatedGrants() {
void testGlobalAdmin_withAssumedPackageAdminRole_canViewPacketRelatedGrants() {
RestAssured // @formatter:off
.given()
.header("current-user", "mike@hostsharing.net")
.header("assumed-roles", "package#yyy00.admin")
.header("current-user", "mike@example.org")
.header("assumed-roles", "test_package#yyy00.admin")
.port(port)
.when()
.get("http://localhost/api/rbac-grants")
@ -126,8 +126,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
.contentType("application/json")
.body("", hasItem(
allOf(
hasEntry("grantedByRoleIdName", "customer#yyy.admin"),
hasEntry("grantedRoleIdName", "package#yyy00.admin"),
hasEntry("grantedByRoleIdName", "test_customer#yyy.admin"),
hasEntry("grantedRoleIdName", "test_package#yyy00.admin"),
hasEntry("granteeUserName", "pac-admin-yyy00@yyy.example.com")
)
))
@ -149,8 +149,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
.contentType("application/json")
.body("", hasItem(
allOf(
hasEntry("grantedByRoleIdName", "customer#yyy.admin"),
hasEntry("grantedRoleIdName", "package#yyy00.admin"),
hasEntry("grantedByRoleIdName", "test_customer#yyy.admin"),
hasEntry("grantedRoleIdName", "test_package#yyy00.admin"),
hasEntry("granteeUserName", "pac-admin-yyy00@yyy.example.com")
)
))
@ -168,7 +168,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// given
final var givenCurrentUserAsPackageAdmin = new Subject("customer-admin@xxx.example.com");
final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
final var givenGrantedRole = findRbacRoleByName("package#xxx00.admin");
final var givenGrantedRole = findRbacRoleByName("test_package#xxx00.admin");
// when
final var grant = givenCurrentUserAsPackageAdmin.getGrantById()
@ -177,8 +177,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// then
grant.assertThat()
.statusCode(200)
.body("grantedByRoleIdName", is("customer#xxx.admin"))
.body("grantedRoleIdName", is("package#xxx00.admin"))
.body("grantedByRoleIdName", is("test_customer#xxx.admin"))
.body("grantedRoleIdName", is("test_package#xxx00.admin"))
.body("granteeUserName", is("pac-admin-xxx00@xxx.example.com"));
}
@ -188,7 +188,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// given
final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com");
final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
final var givenGrantedRole = findRbacRoleByName("package#xxx00.admin");
final var givenGrantedRole = findRbacRoleByName("test_package#xxx00.admin");
// when
final var grant = givenCurrentUserAsPackageAdmin.getGrantById()
@ -197,8 +197,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// then
grant.assertThat()
.statusCode(200)
.body("grantedByRoleIdName", is("customer#xxx.admin"))
.body("grantedRoleIdName", is("package#xxx00.admin"))
.body("grantedByRoleIdName", is("test_customer#xxx.admin"))
.body("grantedRoleIdName", is("test_package#xxx00.admin"))
.body("granteeUserName", is("pac-admin-xxx00@xxx.example.com"));
}
@ -208,9 +208,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// given
final var givenCurrentUserAsPackageAdmin = new Subject(
"pac-admin-xxx00@xxx.example.com",
"package#xxx00.admin");
"test_package#xxx00.admin");
final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
final var givenGrantedRole = findRbacRoleByName("package#xxx00.admin");
final var givenGrantedRole = findRbacRoleByName("test_package#xxx00.admin");
// when
final var grant = givenCurrentUserAsPackageAdmin.getGrantById()
@ -219,8 +219,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// then
grant.assertThat()
.statusCode(200)
.body("grantedByRoleIdName", is("customer#xxx.admin"))
.body("grantedRoleIdName", is("package#xxx00.admin"))
.body("grantedByRoleIdName", is("test_customer#xxx.admin"))
.body("grantedRoleIdName", is("test_package#xxx00.admin"))
.body("granteeUserName", is("pac-admin-xxx00@xxx.example.com"));
}
@ -231,9 +231,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// given
final var givenCurrentUserAsPackageAdmin = new Subject(
"pac-admin-xxx00@xxx.example.com",
"package#xxx00.tenant");
"test_package#xxx00.tenant");
final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
final var givenGrantedRole = findRbacRoleByName("package#xxx00.admin");
final var givenGrantedRole = findRbacRoleByName("test_package#xxx00.admin");
final var grant = givenCurrentUserAsPackageAdmin.getGrantById()
.forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser);
@ -252,7 +252,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// given
final var givenNewUser = createRBacUser();
final var givenRoleToGrant = "package#xxx00.admin";
final var givenRoleToGrant = "test_package#xxx00.admin";
final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
final var givenOwnPackageAdminRole =
findRbacRoleByName(givenCurrentUserAsPackageAdmin.assumedRole);
@ -265,9 +265,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// then
response.assertThat()
.statusCode(201)
.body("grantedByRoleIdName", is("package#xxx00.admin"))
.body("grantedByRoleIdName", is("test_package#xxx00.admin"))
.body("assumed", is(true))
.body("grantedRoleIdName", is("package#xxx00.admin"))
.body("grantedRoleIdName", is("test_package#xxx00.admin"))
.body("granteeUserName", is(givenNewUser.getName()));
assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin))
.extracting(RbacGrantEntity::toDisplay)
@ -282,9 +282,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// given
final var givenNewUser = createRBacUser();
final var givenRoleToGrant = "package#xxx00.admin";
final var givenRoleToGrant = "test_package#xxx00.admin";
final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
final var givenAlienPackageAdminRole = findRbacRoleByName("package#yyy00.admin");
final var givenAlienPackageAdminRole = findRbacRoleByName("test_package#yyy00.admin");
// when
final var result = givenCurrentUserAsPackageAdmin
@ -295,7 +295,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
result.assertThat()
.statusCode(403)
.body("message", containsString("Access to granted role"))
.body("message", containsString("forbidden for {package#xxx00.admin}"));
.body("message", containsString("forbidden for {test_package#xxx00.admin}"));
assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin))
.extracting(RbacGrantEntity::getGranteeUserName)
.doesNotContain(givenNewUser.getName());
@ -312,9 +312,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// given
final var givenArbitraryUser = createRBacUser();
final var givenRoleToGrant = "package#xxx00.admin";
final var givenRoleToGrant = "test_package#xxx00.admin";
final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
final var givenOwnPackageAdminRole = findRbacRoleByName("package#xxx00.admin");
final var givenOwnPackageAdminRole = findRbacRoleByName("test_package#xxx00.admin");
// and given an existing grant
assumeCreated(givenCurrentUserAsPackageAdmin
@ -499,14 +499,14 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
RbacUserEntity findRbacUserByName(final String userName) {
return jpaAttempt.transacted(() -> {
context("mike@hostsharing.net", null);
context("mike@example.org", null);
return rbacUserRepository.findByName(userName);
}).returnedValue();
}
RbacRoleEntity findRbacRoleByName(final String roleName) {
return jpaAttempt.transacted(() -> {
context("mike@hostsharing.net", null);
context("mike@example.org", null);
return rbacRoleRepository.findByRoleName(roleName);
}).returnedValue();
}

52
src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java
View File

@ -68,7 +68,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
// then
exactlyTheseRbacGrantsAreReturned(
result,
"{ grant assumed role package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role customer#xxx.admin }");
"{ grant assumed role test_package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role test_customer#xxx.admin }");
}
@Test
@ -83,17 +83,17 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
// then
exactlyTheseRbacGrantsAreReturned(
result,
"{ grant assumed role customer#xxx.admin to user customer-admin@xxx.example.com by role global#hostsharing.admin }",
"{ grant assumed role package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role customer#xxx.admin }",
"{ grant assumed role package#xxx01.admin to user pac-admin-xxx01@xxx.example.com by role customer#xxx.admin }",
"{ grant assumed role package#xxx02.admin to user pac-admin-xxx02@xxx.example.com by role customer#xxx.admin }");
"{ grant assumed role test_customer#xxx.admin to user customer-admin@xxx.example.com by role global#test-global.admin }",
"{ grant assumed role test_package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role test_customer#xxx.admin }",
"{ grant assumed role test_package#xxx01.admin to user pac-admin-xxx01@xxx.example.com by role test_customer#xxx.admin }",
"{ grant assumed role test_package#xxx02.admin to user pac-admin-xxx02@xxx.example.com by role test_customer#xxx.admin }");
}
@Test
@Accepts({ "GRT:L(List)" })
public void customerAdmin_withAssumedRole_canOnlyViewRbacGrantsVisibleByAssumedRole() {
// given:
context("customer-admin@xxx.example.com", "package#xxx00.admin");
context("customer-admin@xxx.example.com", "test_package#xxx00.admin");
// when
final var result = rbacGrantRepository.findAll();
@ -101,7 +101,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
// then
exactlyTheseRbacGrantsAreReturned(
result,
"{ grant assumed role package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role customer#xxx.admin }");
"{ grant assumed role test_package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role test_customer#xxx.admin }");
}
}
@ -111,9 +111,9 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void customerAdmin_canGrantOwnPackageAdminRole_toArbitraryUser() {
// given
context("customer-admin@xxx.example.com", "customer#xxx.admin");
context("customer-admin@xxx.example.com", "test_customer#xxx.admin");
final var givenArbitraryUserUuid = rbacUserRepository.findByName("pac-admin-zzz00@zzz.example.com").getUuid();
final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("package#xxx00.admin").getUuid();
final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("test_package#xxx00.admin").getUuid();
// when
final var grant = RbacGrantEntity.builder()
@ -129,7 +129,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
assertThat(rbacGrantRepository.findAll())
.extracting(RbacGrantEntity::toDisplay)
.contains(
"{ grant assumed role package#xxx00.admin to user pac-admin-zzz00@zzz.example.com by role customer#xxx.admin }");
"{ grant assumed role test_package#xxx00.admin to user pac-admin-zzz00@zzz.example.com by role test_customer#xxx.admin }");
}
@Test
@ -142,14 +142,14 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
context("customer-admin@xxx.example.com", null);
return new Given(
createNewUser(),
rbacRoleRepository.findByRoleName("package#xxx00.owner").getUuid()
rbacRoleRepository.findByRoleName("test_package#xxx00.owner").getUuid()
);
}).assumeSuccessful().returnedValue();
// when
final var attempt = jpaAttempt.transacted(() -> {
// now we try to use these uuids as a less privileged user
context("pac-admin-xxx00@xxx.example.com", "package#xxx00.admin");
context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00.admin");
final var grant = RbacGrantEntity.builder()
.granteeUserUuid(given.arbitraryUser.getUuid())
.grantedRoleUuid(given.packageOwnerRoleUuid)
@ -162,7 +162,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
attempt.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"ERROR: [403] Access to granted role " + given.packageOwnerRoleUuid
+ " forbidden for {package#xxx00.admin}");
+ " forbidden for {test_package#xxx00.admin}");
jpaAttempt.transacted(() -> {
// finally, we use the new user to make sure, no roles were granted
context(given.arbitraryUser.getName(), null);
@ -180,17 +180,17 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
public void customerAdmin_canRevokeSelfGrantedPackageAdminRole() {
// given
final var grant = create(grant()
.byUser("customer-admin@xxx.example.com").withAssumedRole("customer#xxx.admin")
.grantingRole("package#xxx00.admin").toUser("pac-admin-zzz00@zzz.example.com"));
.byUser("customer-admin@xxx.example.com").withAssumedRole("test_customer#xxx.admin")
.grantingRole("test_package#xxx00.admin").toUser("pac-admin-zzz00@zzz.example.com"));
// when
context("customer-admin@xxx.example.com", "customer#xxx.admin");
context("customer-admin@xxx.example.com", "test_customer#xxx.admin");
final var revokeAttempt = attempt(em, () -> {
rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId());
});
// then
context("customer-admin@xxx.example.com", "customer#xxx.admin");
context("customer-admin@xxx.example.com", "test_customer#xxx.admin");
assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull();
assertThat(rbacGrantRepository.findAll())
.extracting(RbacGrantEntity::getGranteeUserName)
@ -202,18 +202,18 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
// given
final var newUser = createNewUserTransacted();
final var grant = create(grant()
.byUser("customer-admin@xxx.example.com").withAssumedRole("package#xxx00.admin")
.grantingRole("package#xxx00.admin").toUser(newUser.getName()));
.byUser("customer-admin@xxx.example.com").withAssumedRole("test_package#xxx00.admin")
.grantingRole("test_package#xxx00.admin").toUser(newUser.getName()));
// when
context("pac-admin-xxx00@xxx.example.com", "package#xxx00.admin");
context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00.admin");
final var revokeAttempt = attempt(em, () -> {
rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId());
});
// then
assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull();
context("customer-admin@xxx.example.com", "customer#xxx.admin");
context("customer-admin@xxx.example.com", "test_customer#xxx.admin");
assertThat(rbacGrantRepository.findAll())
.extracting(RbacGrantEntity::getGranteeUserName)
.doesNotContain("pac-admin-zzz00@zzz.example.com");
@ -223,12 +223,12 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
public void packageAdmin_canNotRevokeOwnPackageAdminRoleGrantedByOwnerRoleOfThatPackage() {
// given
final var grant = create(grant()
.byUser("customer-admin@xxx.example.com").withAssumedRole("package#xxx00.owner")
.grantingRole("package#xxx00.admin").toUser("pac-admin-zzz00@zzz.example.com"));
final var grantedByRole = rbacRoleRepository.findByRoleName("package#xxx00.owner");
.byUser("customer-admin@xxx.example.com").withAssumedRole("test_package#xxx00.owner")
.grantingRole("test_package#xxx00.admin").toUser("pac-admin-zzz00@zzz.example.com"));
final var grantedByRole = rbacRoleRepository.findByRoleName("test_package#xxx00.owner");
// when
context("pac-admin-xxx00@xxx.example.com", "package#xxx00.admin");
context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00.admin");
final var revokeAttempt = attempt(em, () -> {
rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId());
});
@ -236,7 +236,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
// then
revokeAttempt.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"ERROR: [403] Revoking role created by %s is forbidden for {package#xxx00.admin}.".formatted(
"ERROR: [403] Revoking role created by %s is forbidden for {test_package#xxx00.admin}.".formatted(
grantedByRole.getUuid()
));
}

41
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java
View File

@ -38,39 +38,39 @@ class RbacRoleControllerAcceptanceTest {
@Test
@Accepts({ "ROL:L(List)" })
void hostsharingAdmin_withoutAssumedRole_canViewAllRoles() {
void testGlobalAdmin_withoutAssumedRole_canViewAllRoles() {
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/rbac-roles")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
.body("", hasItem(hasEntry("roleName", "customer#xxx.admin")))
.body("", hasItem(hasEntry("roleName", "customer#xxx.owner")))
.body("", hasItem(hasEntry("roleName", "customer#xxx.tenant")))
.body("", hasItem(hasEntry("roleName", "test_customer#xxx.admin")))
.body("", hasItem(hasEntry("roleName", "test_customer#xxx.owner")))
.body("", hasItem(hasEntry("roleName", "test_customer#xxx.tenant")))
// ...
.body("", hasItem(hasEntry("roleName", "global#hostsharing.admin")))
.body("", hasItem(hasEntry("roleName", "customer#yyy.admin")))
.body("", hasItem(hasEntry("roleName", "package#yyy00.admin")))
.body("", hasItem(hasEntry("roleName", "unixuser#yyy00-aaaa.owner")))
.body("", hasItem(hasEntry("roleName", "global#test-global.admin")))
.body("", hasItem(hasEntry("roleName", "test_customer#yyy.admin")))
.body("", hasItem(hasEntry("roleName", "test_package#yyy00.admin")))
.body("", hasItem(hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner")))
.body( "size()", greaterThanOrEqualTo(73)); // increases with new test data
// @formatter:on
}
@Test
@Accepts({ "ROL:L(List)", "ROL:X(Access Control)" })
void hostsharingAdmin_withAssumedPackageAdminRole_canViewPackageAdminRoles() {
void testGlobalAdmin_withAssumedPackageAdminRole_canViewPackageAdminRoles() {
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("assumed-roles", "package#yyy00.admin")
.header("current-user", "mike@example.org")
.header("assumed-roles", "test_package#yyy00.admin")
.port(port)
.when()
.get("http://localhost/api/rbac-roles")
@ -79,10 +79,10 @@ class RbacRoleControllerAcceptanceTest {
.assertThat()
.statusCode(200)
.contentType("application/json")
.body("[0].roleName", is("customer#yyy.tenant"))
.body("[1].roleName", is("package#yyy00.admin"))
.body("[2].roleName", is("package#yyy00.tenant"))
.body("[3].roleName", is("unixuser#yyy00-aaaa.admin"))
.body("[0].roleName", is("test_customer#yyy.tenant"))
.body("[1].roleName", is("test_package#yyy00.admin"))
.body("[2].roleName", is("test_package#yyy00.tenant"))
.body("[3].roleName", is("test_unixuser#yyy00-aaaa.admin"))
.body("size()", is(7)); // increases with new test data
// @formatter:on
}
@ -101,12 +101,11 @@ class RbacRoleControllerAcceptanceTest {
.then().assertThat()
.statusCode(200)
.contentType("application/json")
.body("[0].roleName", is("customer#zzz.tenant"))
.body("[1].roleName", is("package#zzz00.admin"))
.body("[2].roleName", is("package#zzz00.tenant"))
.body("[3].roleName", is("unixuser#zzz00-aaaa.admin"))
.body("[0].roleName", is("test_customer#zzz.tenant"))
.body("[1].roleName", is("test_package#zzz00.admin"))
.body("[2].roleName", is("test_package#zzz00.tenant"))
.body("[3].roleName", is("test_unixuser#zzz00-aaaa.admin"))
.body("size()", is(7)); // increases with new test data
// @formatter:on
}
}

8
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java
View File

@ -37,15 +37,15 @@ class RbacRoleControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/rbac-roles")
.header("current-user", "mike@hostsharing.net")
.header("current-user", "mike@example.org")
.accept(MediaType.APPLICATION_JSON))
// then
.andExpect(status().isOk())
.andExpect(jsonPath("$", hasSize(3)))
.andExpect(jsonPath("$[0].roleName", is("global#hostsharing.admin")))
.andExpect(jsonPath("$[1].roleName", is("customer#xxx.owner")))
.andExpect(jsonPath("$[2].roleName", is("customer#xxx.admin")))
.andExpect(jsonPath("$[0].roleName", is("global#test-global.admin")))
.andExpect(jsonPath("$[1].roleName", is("test_customer#xxx.owner")))
.andExpect(jsonPath("$[2].roleName", is("test_customer#xxx.admin")))
.andExpect(jsonPath("$[2].uuid", is(customerXxxAdmin.getUuid().toString())))
.andExpect(jsonPath("$[2].objectUuid", is(customerXxxAdmin.getObjectUuid().toString())))
.andExpect(jsonPath("$[2].objectTable", is(customerXxxAdmin.getObjectTable().toString())))

90
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java
View File

@ -40,26 +40,26 @@ class RbacRoleRepositoryIntegrationTest {
private static final String[] ALL_TEST_DATA_ROLES = Array.of(
// @formatter:off
"global#hostsharing.admin",
"customer#xxx.admin", "customer#xxx.owner", "customer#xxx.tenant",
"package#xxx00.admin", "package#xxx00.owner", "package#xxx00.tenant",
"package#xxx01.admin", "package#xxx01.owner", "package#xxx01.tenant",
"package#xxx02.admin", "package#xxx02.owner", "package#xxx02.tenant",
"customer#yyy.admin", "customer#yyy.owner", "customer#yyy.tenant",
"package#yyy00.admin", "package#yyy00.owner", "package#yyy00.tenant",
"package#yyy01.admin", "package#yyy01.owner", "package#yyy01.tenant",
"package#yyy02.admin", "package#yyy02.owner", "package#yyy02.tenant",
"customer#zzz.admin", "customer#zzz.owner", "customer#zzz.tenant",
"package#zzz00.admin", "package#zzz00.owner", "package#zzz00.tenant",
"package#zzz01.admin", "package#zzz01.owner", "package#zzz01.tenant",
"package#zzz02.admin", "package#zzz02.owner", "package#zzz02.tenant"
"global#test-global.admin",
"test_customer#xxx.admin", "test_customer#xxx.owner", "test_customer#xxx.tenant",
"test_package#xxx00.admin", "test_package#xxx00.owner", "test_package#xxx00.tenant",
"test_package#xxx01.admin", "test_package#xxx01.owner", "test_package#xxx01.tenant",
"test_package#xxx02.admin", "test_package#xxx02.owner", "test_package#xxx02.tenant",
"test_customer#yyy.admin", "test_customer#yyy.owner", "test_customer#yyy.tenant",
"test_package#yyy00.admin", "test_package#yyy00.owner", "test_package#yyy00.tenant",
"test_package#yyy01.admin", "test_package#yyy01.owner", "test_package#yyy01.tenant",
"test_package#yyy02.admin", "test_package#yyy02.owner", "test_package#yyy02.tenant",
"test_customer#zzz.admin", "test_customer#zzz.owner", "test_customer#zzz.tenant",
"test_package#zzz00.admin", "test_package#zzz00.owner", "test_package#zzz00.tenant",
"test_package#zzz01.admin", "test_package#zzz01.owner", "test_package#zzz01.tenant",
"test_package#zzz02.admin", "test_package#zzz02.owner", "test_package#zzz02.tenant"
// @formatter:on
);
@Test
public void hostsharingAdmin_withoutAssumedRole_canViewAllRbacRoles() {
public void testGlobalAdmin_withoutAssumedRole_canViewAllRbacRoles() {
// given
context.define("mike@hostsharing.net");
context.define("mike@example.org");
// when
final var result = rbacRoleRepository.findAll();
@ -69,9 +69,9 @@ class RbacRoleRepositoryIntegrationTest {
}
@Test
public void hostsharingAdmin_withAssumedHostsharingAdminRole_canViewAllRbacRoles() {
public void testGlobalAdmin_withAssumedtestGlobalAdminRole_canViewAllRbacRoles() {
given:
context.define("mike@hostsharing.net", "global#hostsharing.admin");
context.define("mike@example.org", "global#test-global.admin");
// when
final var result = rbacRoleRepository.findAll();
@ -92,49 +92,49 @@ class RbacRoleRepositoryIntegrationTest {
allTheseRbacRolesAreReturned(
result,
// @formatter:off
"customer#xxx.admin",
"customer#xxx.tenant",
"package#xxx00.admin",
"package#xxx00.owner",
"package#xxx00.tenant",
"package#xxx01.admin",
"package#xxx01.owner",
"package#xxx01.tenant",
"test_customer#xxx.admin",
"test_customer#xxx.tenant",
"test_package#xxx00.admin",
"test_package#xxx00.owner",
"test_package#xxx00.tenant",
"test_package#xxx01.admin",
"test_package#xxx01.owner",
"test_package#xxx01.tenant",
// ...
"unixuser#xxx00-aaaa.admin",
"unixuser#xxx00-aaaa.owner",
"test_unixuser#xxx00-aaaa.admin",
"test_unixuser#xxx00-aaaa.owner",
// ..
"unixuser#xxx01-aaab.admin",
"unixuser#xxx01-aaab.owner"
"test_unixuser#xxx01-aaab.admin",
"test_unixuser#xxx01-aaab.owner"
// @formatter:on
);
noneOfTheseRbacRolesIsReturned(
result,
// @formatter:off
"global#hostsharing.admin",
"customer#xxx.owner",
"package#yyy00.admin",
"package#yyy00.owner",
"package#yyy00.tenant"
"global#test-global.admin",
"test_customer#xxx.owner",
"test_package#yyy00.admin",
"test_package#yyy00.owner",
"test_package#yyy00.tenant"
// @formatter:on
);
}
@Test
public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnRbacRole() {
context.define("customer-admin@xxx.example.com", "package#xxx00.admin");
context.define("customer-admin@xxx.example.com", "test_package#xxx00.admin");
final var result = rbacRoleRepository.findAll();
exactlyTheseRbacRolesAreReturned(
result,
"customer#xxx.tenant",
"package#xxx00.admin",
"package#xxx00.tenant",
"unixuser#xxx00-aaaa.admin",
"unixuser#xxx00-aaaa.owner",
"unixuser#xxx00-aaab.admin",
"unixuser#xxx00-aaab.owner");
"test_customer#xxx.tenant",
"test_package#xxx00.admin",
"test_package#xxx00.tenant",
"test_unixuser#xxx00-aaaa.admin",
"test_unixuser#xxx00-aaaa.owner",
"test_unixuser#xxx00-aaab.admin",
"test_unixuser#xxx00-aaab.owner");
}
@Test
@ -158,10 +158,10 @@ class RbacRoleRepositoryIntegrationTest {
void customerAdmin_withoutAssumedRole_canFindItsOwnRolesByName() {
context.define("customer-admin@xxx.example.com");
final var result = rbacRoleRepository.findByRoleName("customer#xxx.admin");
final var result = rbacRoleRepository.findByRoleName("test_customer#xxx.admin");
assertThat(result).isNotNull();
assertThat(result.getObjectTable()).isEqualTo("customer");
assertThat(result.getObjectTable()).isEqualTo("test_customer");
assertThat(result.getObjectIdName()).isEqualTo("xxx");
assertThat(result.getRoleType()).isEqualTo(RbacRoleType.admin);
}
@ -170,7 +170,7 @@ class RbacRoleRepositoryIntegrationTest {
void customerAdmin_withoutAssumedRole_canNotFindAlienRolesByName() {
context.define("customer-admin@xxx.example.com");
final var result = rbacRoleRepository.findByRoleName("customer#bbb.admin");
final var result = rbacRoleRepository.findByRoleName("test_customer#bbb.admin");
assertThat(result).isNull();
}

6
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/TestRbacRole.java
View File

@ -4,9 +4,9 @@ import static java.util.UUID.randomUUID;
public class TestRbacRole {
public static final RbacRoleEntity hostmasterRole = rbacRole("global", "hostsharing", RbacRoleType.admin);
static final RbacRoleEntity customerXxxOwner = rbacRole("customer", "xxx", RbacRoleType.owner);
static final RbacRoleEntity customerXxxAdmin = rbacRole("customer", "xxx", RbacRoleType.admin);
public static final RbacRoleEntity hostmasterRole = rbacRole("global", "test-global", RbacRoleType.admin);
static final RbacRoleEntity customerXxxOwner = rbacRole("test_customer", "xxx", RbacRoleType.owner);
static final RbacRoleEntity customerXxxAdmin = rbacRole("test_customer", "xxx", RbacRoleType.admin);
static public RbacRoleEntity rbacRole(final String objectTable, final String objectIdName, final RbacRoleType roleType) {
return new RbacRoleEntity(randomUUID(), randomUUID(), objectTable, objectIdName, roleType, objectTable+'#'+objectIdName+'.'+roleType);

58
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java
View File

@ -82,13 +82,13 @@ class RbacUserControllerAcceptanceTest {
@Test
@Accepts({ "USR:R(Read)" })
void hostsharingAdmin_withoutAssumedRole_canGetArbitraryUser() {
void testGlobalAdmin_withoutAssumedRole_canGetArbitraryUser() {
final var givenUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/rbac-users/" + givenUser.getUuid())
@ -101,14 +101,14 @@ class RbacUserControllerAcceptanceTest {
@Test
@Accepts({ "USR:R(Read)", "USR:X(Access Control)" })
void hostsharingAdmin_withAssumedCustomerAdminRole_canGetUserWithinInItsRealm() {
void testGlobalAdmin_withAssumedCustomerAdminRole_canGetUserWithinInItsRealm() {
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("assumed-roles", "customer#yyy.admin")
.header("current-user", "mike@example.org")
.header("assumed-roles", "test_customer#yyy.admin")
.port(port)
.when()
.get("http://localhost/api/rbac-users/" + givenUser.getUuid())
@ -161,12 +161,12 @@ class RbacUserControllerAcceptanceTest {
@Test
@Accepts({ "USR:L(List)" })
void hostsharingAdmin_withoutAssumedRole_canViewAllUsers() {
void testGlobalAdmin_withoutAssumedRole_canViewAllUsers() {
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/rbac-users")
@ -176,23 +176,23 @@ class RbacUserControllerAcceptanceTest {
.body("", hasItem(hasEntry("name", "customer-admin@xxx.example.com")))
.body("", hasItem(hasEntry("name", "customer-admin@yyy.example.com")))
.body("", hasItem(hasEntry("name", "customer-admin@zzz.example.com")))
.body("", hasItem(hasEntry("name", "mike@hostsharing.net")))
.body("", hasItem(hasEntry("name", "mike@example.org")))
// ...
.body("", hasItem(hasEntry("name", "pac-admin-zzz01@zzz.example.com")))
.body("", hasItem(hasEntry("name", "pac-admin-zzz02@zzz.example.com")))
.body("", hasItem(hasEntry("name", "sven@hostsharing.net")))
.body("", hasItem(hasEntry("name", "sven@example.org")))
.body("size()", greaterThanOrEqualTo(14));
// @formatter:on
}
@Test
@Accepts({ "USR:F(Filter)" })
void hostsharingAdmin_withoutAssumedRole_canViewAllUsersByName() {
void testGlobalAdmin_withoutAssumedRole_canViewAllUsersByName() {
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/rbac-users?name=pac-admin-zzz0")
@ -208,13 +208,13 @@ class RbacUserControllerAcceptanceTest {
@Test
@Accepts({ "USR:L(List)", "USR:X(Access Control)" })
void hostsharingAdmin_withAssumedCustomerAdminRole_canViewUsersInItsRealm() {
void testGlobalAdmin_withAssumedCustomerAdminRole_canViewUsersInItsRealm() {
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("assumed-roles", "customer#yyy.admin")
.header("current-user", "mike@example.org")
.header("assumed-roles", "test_customer#yyy.admin")
.port(port)
.when()
.get("http://localhost/api/rbac-users")
@ -276,13 +276,13 @@ class RbacUserControllerAcceptanceTest {
@Test
@Accepts({ "PRM:L(List)" })
void hostsharingAdmin_withoutAssumedRole_canViewArbitraryUsersPermissions() {
void testGlobalAdmin_withoutAssumedRole_canViewArbitraryUsersPermissions() {
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/rbac-users/" + givenUser.getUuid() + "/permissions")
@ -291,17 +291,17 @@ class RbacUserControllerAcceptanceTest {
.contentType("application/json")
.body("", hasItem(
allOf(
hasEntry("roleName", "customer#yyy.tenant"),
hasEntry("roleName", "test_customer#yyy.tenant"),
hasEntry("op", "view"))
))
.body("", hasItem(
allOf(
hasEntry("roleName", "package#yyy00.admin"),
hasEntry("roleName", "test_package#yyy00.admin"),
hasEntry("op", "add-unixuser"))
))
.body("", hasItem(
allOf(
hasEntry("roleName", "unixuser#yyy00-aaaa.owner"),
hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"),
hasEntry("op", "*"))
))
.body("size()", is(8));
@ -310,14 +310,14 @@ class RbacUserControllerAcceptanceTest {
@Test
@Accepts({ "PRM:L(List)" })
void hostsharingAdmin_withAssumedCustomerAdminRole_canViewArbitraryUsersPermissions() {
void testGlobalAdmin_withAssumedCustomerAdminRole_canViewArbitraryUsersPermissions() {
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
// @formatter:off
RestAssured
.given()
.header("current-user", "mike@hostsharing.net")
.header("assumed-roles", "package#yyy00.admin")
.header("current-user", "mike@example.org")
.header("assumed-roles", "test_package#yyy00.admin")
.port(port)
.when()
.get("http://localhost/api/rbac-users/" + givenUser.getUuid() + "/permissions")
@ -326,17 +326,17 @@ class RbacUserControllerAcceptanceTest {
.contentType("application/json")
.body("", hasItem(
allOf(
hasEntry("roleName", "customer#yyy.tenant"),
hasEntry("roleName", "test_customer#yyy.tenant"),
hasEntry("op", "view"))
))
.body("", hasItem(
allOf(
hasEntry("roleName", "package#yyy00.admin"),
hasEntry("roleName", "test_package#yyy00.admin"),
hasEntry("op", "add-unixuser"))
))
.body("", hasItem(
allOf(
hasEntry("roleName", "unixuser#yyy00-aaaa.owner"),
hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"),
hasEntry("op", "*"))
))
.body("size()", is(8));
@ -360,17 +360,17 @@ class RbacUserControllerAcceptanceTest {
.contentType("application/json")
.body("", hasItem(
allOf(
hasEntry("roleName", "customer#yyy.tenant"),
hasEntry("roleName", "test_customer#yyy.tenant"),
hasEntry("op", "view"))
))
.body("", hasItem(
allOf(
hasEntry("roleName", "package#yyy00.admin"),
hasEntry("roleName", "test_package#yyy00.admin"),
hasEntry("op", "add-unixuser"))
))
.body("", hasItem(
allOf(
hasEntry("roleName", "unixuser#yyy00-aaaa.owner"),
hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"),
hasEntry("op", "*"))
))
.body("size()", is(8));
@ -399,7 +399,7 @@ class RbacUserControllerAcceptanceTest {
RbacUserEntity findRbacUserByName(final String userName) {
return jpaAttempt.transacted(() -> {
context.define("mike@hostsharing.net");
context.define("mike@example.org");
return rbacUserRepository.findByName(userName);
}).returnedValue();
}

198
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
View File

@ -93,7 +93,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
private static final String[] ALL_TEST_DATA_USERS = Array.of(
// @formatter:off
"mike@hostsharing.net", "sven@hostsharing.net",
"mike@example.org", "sven@example.org",
"customer-admin@xxx.example.com",
"pac-admin-xxx00@xxx.example.com", "pac-admin-xxx01@xxx.example.com", "pac-admin-xxx02@xxx.example.com",
"customer-admin@yyy.example.com",
@ -104,9 +104,9 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
);
@Test
public void hostsharingAdmin_withoutAssumedRole_canViewAllRbacUsers() {
public void testGlobalAdmin_withoutAssumedRole_canViewAllRbacUsers() {
// given
context("mike@hostsharing.net");
context("mike@example.org");
// when
final var result = rbacUserRepository.findByOptionalNameLike(null);
@ -116,9 +116,9 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
}
@Test
public void hostsharingAdmin_withAssumedHostsharingAdminRole_canViewAllRbacUsers() {
public void testGlobalAdmin_withAssumedtestGlobalAdminRole_canViewAllRbacUsers() {
given:
context("mike@hostsharing.net", "global#hostsharing.admin");
context("mike@example.org", "global#test-global.admin");
// when
final var result = rbacUserRepository.findByOptionalNameLike(null);
@ -128,9 +128,9 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
}
@Test
public void hostsharingAdmin_withAssumedCustomerAdminRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() {
public void testGlobalAdmin_withAssumedCustomerAdminRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() {
given:
context("mike@hostsharing.net", "customer#xxx.admin");
context("mike@example.org", "test_customer#xxx.admin");
// when
final var result = rbacUserRepository.findByOptionalNameLike(null);
@ -161,7 +161,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyUsersHavingRolesInThatPackage() {
context("customer-admin@xxx.example.com", "package#xxx00.admin");
context("customer-admin@xxx.example.com", "test_package#xxx00.admin");
final var result = rbacUserRepository.findByOptionalNameLike(null);
@ -184,59 +184,59 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
private static final String[] ALL_USER_PERMISSIONS = Array.of(
// @formatter:off
"global#hostsharing.admin -> global#hostsharing: add-customer",
"global#test-global.admin -> global#test-global: add-customer",
"customer#xxx.admin -> customer#xxx: add-package",
"customer#xxx.admin -> customer#xxx: view",
"customer#xxx.owner -> customer#xxx: *",
"customer#xxx.tenant -> customer#xxx: view",
"package#xxx00.admin -> package#xxx00: add-domain",
"package#xxx00.admin -> package#xxx00: add-unixuser",
"package#xxx00.tenant -> package#xxx00: view",
"package#xxx01.admin -> package#xxx01: add-domain",
"package#xxx01.admin -> package#xxx01: add-unixuser",
"package#xxx01.tenant -> package#xxx01: view",
"package#xxx02.admin -> package#xxx02: add-domain",
"package#xxx02.admin -> package#xxx02: add-unixuser",
"package#xxx02.tenant -> package#xxx02: view",
"test_customer#xxx.admin -> test_customer#xxx: add-package",
"test_customer#xxx.admin -> test_customer#xxx: view",
"test_customer#xxx.owner -> test_customer#xxx: *",
"test_customer#xxx.tenant -> test_customer#xxx: view",
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.admin -> test_package#xxx00: add-unixuser",
"test_package#xxx00.tenant -> test_package#xxx00: view",
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
"test_package#xxx01.admin -> test_package#xxx01: add-unixuser",
"test_package#xxx01.tenant -> test_package#xxx01: view",
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
"test_package#xxx02.admin -> test_package#xxx02: add-unixuser",
"test_package#xxx02.tenant -> test_package#xxx02: view",
"customer#yyy.admin -> customer#yyy: add-package",
"customer#yyy.admin -> customer#yyy: view",
"customer#yyy.owner -> customer#yyy: *",
"customer#yyy.tenant -> customer#yyy: view",
"package#yyy00.admin -> package#yyy00: add-domain",
"package#yyy00.admin -> package#yyy00: add-unixuser",
"package#yyy00.tenant -> package#yyy00: view",
"package#yyy01.admin -> package#yyy01: add-domain",
"package#yyy01.admin -> package#yyy01: add-unixuser",
"package#yyy01.tenant -> package#yyy01: view",
"package#yyy02.admin -> package#yyy02: add-domain",
"package#yyy02.admin -> package#yyy02: add-unixuser",
"package#yyy02.tenant -> package#yyy02: view",
"test_customer#yyy.admin -> test_customer#yyy: add-package",
"test_customer#yyy.admin -> test_customer#yyy: view",
"test_customer#yyy.owner -> test_customer#yyy: *",
"test_customer#yyy.tenant -> test_customer#yyy: view",
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.admin -> test_package#yyy00: add-unixuser",
"test_package#yyy00.tenant -> test_package#yyy00: view",
"test_package#yyy01.admin -> test_package#yyy01: add-domain",
"test_package#yyy01.admin -> test_package#yyy01: add-unixuser",
"test_package#yyy01.tenant -> test_package#yyy01: view",
"test_package#yyy02.admin -> test_package#yyy02: add-domain",
"test_package#yyy02.admin -> test_package#yyy02: add-unixuser",
"test_package#yyy02.tenant -> test_package#yyy02: view",
"customer#zzz.admin -> customer#zzz: add-package",
"customer#zzz.admin -> customer#zzz: view",
"customer#zzz.owner -> customer#zzz: *",
"customer#zzz.tenant -> customer#zzz: view",
"package#zzz00.admin -> package#zzz00: add-domain",
"package#zzz00.admin -> package#zzz00: add-unixuser",
"package#zzz00.tenant -> package#zzz00: view",
"package#zzz01.admin -> package#zzz01: add-domain",
"package#zzz01.admin -> package#zzz01: add-unixuser",
"package#zzz01.tenant -> package#zzz01: view",
"package#zzz02.admin -> package#zzz02: add-domain",
"package#zzz02.admin -> package#zzz02: add-unixuser",
"package#zzz02.tenant -> package#zzz02: view"
"test_customer#zzz.admin -> test_customer#zzz: add-package",
"test_customer#zzz.admin -> test_customer#zzz: view",
"test_customer#zzz.owner -> test_customer#zzz: *",
"test_customer#zzz.tenant -> test_customer#zzz: view",
"test_package#zzz00.admin -> test_package#zzz00: add-domain",
"test_package#zzz00.admin -> test_package#zzz00: add-unixuser",
"test_package#zzz00.tenant -> test_package#zzz00: view",
"test_package#zzz01.admin -> test_package#zzz01: add-domain",
"test_package#zzz01.admin -> test_package#zzz01: add-unixuser",
"test_package#zzz01.tenant -> test_package#zzz01: view",
"test_package#zzz02.admin -> test_package#zzz02: add-domain",
"test_package#zzz02.admin -> test_package#zzz02: add-unixuser",
"test_package#zzz02.tenant -> test_package#zzz02: view"
// @formatter:on
);
@Test
public void hostsharingAdmin_withoutAssumedRole_canViewTheirOwnPermissions() {
public void testGlobalAdmin_withoutAssumedRole_canViewTheirOwnPermissions() {
// given
context("mike@hostsharing.net");
context("mike@example.org");
// when
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("mike@hostsharing.net"));
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("mike@example.org"));
// then
allTheseRbacPermissionsAreReturned(result, ALL_USER_PERMISSIONS);
@ -254,32 +254,32 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
allTheseRbacPermissionsAreReturned(
result,
// @formatter:off
"customer#xxx.admin -> customer#xxx: add-package",
"customer#xxx.admin -> customer#xxx: view",
"customer#xxx.tenant -> customer#xxx: view",
"test_customer#xxx.admin -> test_customer#xxx: add-package",
"test_customer#xxx.admin -> test_customer#xxx: view",
"test_customer#xxx.tenant -> test_customer#xxx: view",
"package#xxx00.admin -> package#xxx00: add-domain",
"package#xxx00.admin -> package#xxx00: add-unixuser",
"package#xxx00.tenant -> package#xxx00: view",
"unixuser#xxx00-aaaa.owner -> unixuser#xxx00-aaaa: *",
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.admin -> test_package#xxx00: add-unixuser",
"test_package#xxx00.tenant -> test_package#xxx00: view",
"test_unixuser#xxx00-aaaa.owner -> test_unixuser#xxx00-aaaa: *",
"package#xxx01.admin -> package#xxx01: add-domain",
"package#xxx01.admin -> package#xxx01: add-unixuser",
"package#xxx01.tenant -> package#xxx01: view",
"unixuser#xxx01-aaaa.owner -> unixuser#xxx01-aaaa: *",
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
"test_package#xxx01.admin -> test_package#xxx01: add-unixuser",
"test_package#xxx01.tenant -> test_package#xxx01: view",
"test_unixuser#xxx01-aaaa.owner -> test_unixuser#xxx01-aaaa: *",
"package#xxx02.admin -> package#xxx02: add-domain",
"package#xxx02.admin -> package#xxx02: add-unixuser",
"package#xxx02.tenant -> package#xxx02: view",
"unixuser#xxx02-aaaa.owner -> unixuser#xxx02-aaaa: *"
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
"test_package#xxx02.admin -> test_package#xxx02: add-unixuser",
"test_package#xxx02.tenant -> test_package#xxx02: view",
"test_unixuser#xxx02-aaaa.owner -> test_unixuser#xxx02-aaaa: *"
// @formatter:on
);
noneOfTheseRbacPermissionsAreReturned(
result,
// @formatter:off
"customer#yyy.admin -> customer#yyy: add-package",
"customer#yyy.admin -> customer#yyy: view",
"customer#yyy.tenant -> customer#yyy: view"
"test_customer#yyy.admin -> test_customer#yyy: add-package",
"test_customer#yyy.admin -> test_customer#yyy: view",
"test_customer#yyy.tenant -> test_customer#yyy: view"
// @formatter:on
);
}
@ -288,7 +288,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
public void customerAdmin_withoutAssumedRole_isNotAllowedToViewGlobalAdminsPermissions() {
// given
context("customer-admin@xxx.example.com");
final UUID userUuid = userUUID("mike@hostsharing.net");
final UUID userUuid = userUUID("mike@example.org");
// when
final var result = attempt(em, () ->
@ -314,26 +314,26 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
allTheseRbacPermissionsAreReturned(
result,
// @formatter:off
"customer#xxx.tenant -> customer#xxx: view",
// "customer#xxx.admin -> customer#xxx: view" - Not permissions through the customer admin!
"package#xxx00.admin -> package#xxx00: add-unixuser",
"package#xxx00.admin -> package#xxx00: add-domain",
"package#xxx00.tenant -> package#xxx00: view",
"unixuser#xxx00-aaaa.owner -> unixuser#xxx00-aaaa: *",
"unixuser#xxx00-aaab.owner -> unixuser#xxx00-aaab: *"
"test_customer#xxx.tenant -> test_customer#xxx: view",
// "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin!
"test_package#xxx00.admin -> test_package#xxx00: add-unixuser",
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.tenant -> test_package#xxx00: view",
"test_unixuser#xxx00-aaaa.owner -> test_unixuser#xxx00-aaaa: *",
"test_unixuser#xxx00-aaab.owner -> test_unixuser#xxx00-aaab: *"
// @formatter:on
);
noneOfTheseRbacPermissionsAreReturned(
result,
// @formatter:off
"customer#yyy.admin -> customer#yyy: add-package",
"customer#yyy.admin -> customer#yyy: view",
"customer#yyy.tenant -> customer#yyy: view",
"package#yyy00.admin -> package#yyy00: add-unixuser",
"package#yyy00.admin -> package#yyy00: add-domain",
"package#yyy00.tenant -> package#yyy00: view",
"unixuser#yyy00-aaaa.owner -> unixuser#yyy00-aaaa: *",
"unixuser#yyy00-aaab.owner -> unixuser#yyy00-aaab: *"
"test_customer#yyy.admin -> test_customer#yyy: add-package",
"test_customer#yyy.admin -> test_customer#yyy: view",
"test_customer#yyy.tenant -> test_customer#yyy: view",
"test_package#yyy00.admin -> test_package#yyy00: add-unixuser",
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.tenant -> test_package#yyy00: view",
"test_unixuser#yyy00-aaaa.owner -> test_unixuser#yyy00-aaaa: *",
"test_unixuser#yyy00-aaab.owner -> test_unixuser#yyy00-aaab: *"
// @formatter:on
);
}
@ -362,27 +362,27 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
allTheseRbacPermissionsAreReturned(
result,
// @formatter:off
"customer#xxx.tenant -> customer#xxx: view",
// "customer#xxx.admin -> customer#xxx: view" - Not permissions through the customer admin!
"package#xxx00.admin -> package#xxx00: add-unixuser",
"package#xxx00.admin -> package#xxx00: add-domain",
"package#xxx00.tenant -> package#xxx00: view"
"test_customer#xxx.tenant -> test_customer#xxx: view",
// "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin!
"test_package#xxx00.admin -> test_package#xxx00: add-unixuser",
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.tenant -> test_package#xxx00: view"
// @formatter:on
);
noneOfTheseRbacPermissionsAreReturned(
result,
// @formatter:off
// no customer admin permissions
"customer#xxx.admin -> customer#xxx: add-package",
"test_customer#xxx.admin -> test_customer#xxx: add-package",
// no permissions on other customer's objects
"customer#yyy.admin -> customer#yyy: add-package",
"customer#yyy.admin -> customer#yyy: view",
"customer#yyy.tenant -> customer#yyy: view",
"package#yyy00.admin -> package#yyy00: add-unixuser",
"package#yyy00.admin -> package#yyy00: add-domain",
"package#yyy00.tenant -> package#yyy00: view",
"unixuser#yyy00-aaaa.owner -> unixuser#yyy00-aaaa: *",
"unixuser#yyy00-xxxb.owner -> unixuser#yyy00-xxxb: *"
"test_customer#yyy.admin -> test_customer#yyy: add-package",
"test_customer#yyy.admin -> test_customer#yyy: view",
"test_customer#yyy.tenant -> test_customer#yyy: view",
"test_package#yyy00.admin -> test_package#yyy00: add-unixuser",
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.tenant -> test_package#yyy00: view",
"test_unixuser#yyy00-aaaa.owner -> test_unixuser#yyy00-aaaa: *",
"test_unixuser#yyy00-xxxb.owner -> test_unixuser#yyy00-xxxb: *"
// @formatter:on
);
}