refactor to only a single global admin object global#global.admin
This commit is contained in:
Michael Hoennig
@ -31,7 +31,7 @@ class ContextIntegrationTests {
|
||||
@Test
|
||||
void defineWithoutHttpServletRequestUsesCallStack() {
|
||||
|
||||
context.define("mike@example.org", null);
|
||||
context.define("alex@hostsharing.net", null);
|
||||
|
||||
assertThat(context.getCurrentTask())
|
||||
.isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack");
|
||||
@ -41,11 +41,11 @@ class ContextIntegrationTests {
|
||||
@Transactional
|
||||
void defineWithCurrentUserButWithoutAssumedRoles() {
|
||||
// when
|
||||
context.define("mike@example.org");
|
||||
context.define("alex@hostsharing.net");
|
||||
|
||||
// then
|
||||
assertThat(context.getCurrentUser()).
|
||||
isEqualTo("mike@example.org");
|
||||
isEqualTo("alex@hostsharing.net");
|
||||
|
||||
assertThat(context.getCurrentUserUUid()).isNotNull();
|
||||
|
||||
@ -85,11 +85,11 @@ class ContextIntegrationTests {
|
||||
@Transactional
|
||||
void defineWithCurrentUserAndAssumedRoles() {
|
||||
// given
|
||||
context.define("mike@example.org", "test_customer#xxx.owner;test_customer#yyy.owner");
|
||||
context.define("alex@hostsharing.net", "test_customer#xxx.owner;test_customer#yyy.owner");
|
||||
|
||||
// when
|
||||
final var currentUser = context.getCurrentUser();
|
||||
assertThat(currentUser).isEqualTo("mike@example.org");
|
||||
assertThat(currentUser).isEqualTo("alex@hostsharing.net");
|
||||
|
||||
// then
|
||||
assertThat(context.getAssumedRoles())
|
||||
|
||||
@ -41,7 +41,7 @@ class HsAdminPartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void testHostsharingAdmin_withoutAssumedRole_canCreateNewCustomer() {
|
||||
// given
|
||||
context("mike@example.org", null);
|
||||
context("alex@hostsharing.net", null);
|
||||
final var count = partnerRepository.count();
|
||||
|
||||
// when
|
||||
@ -67,9 +67,9 @@ class HsAdminPartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
class FindAllCustomers {
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withoutAssumedRole_canViewAllCustomers() {
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllCustomers() {
|
||||
// given
|
||||
context("mike@example.org", null);
|
||||
context("alex@hostsharing.net", null);
|
||||
|
||||
// when
|
||||
final var result = partnerRepository.findPartnerByOptionalNameLike(null);
|
||||
@ -84,9 +84,9 @@ class HsAdminPartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
class FindByPrefixLike {
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withoutAssumedRole_canViewAllCustomers() {
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllCustomers() {
|
||||
// given
|
||||
context("mike@example.org", null);
|
||||
context("alex@hostsharing.net", null);
|
||||
|
||||
// when
|
||||
final var result = partnerRepository.findPartnerByOptionalNameLike("Yps");
|
||||
|
||||
@ -61,10 +61,10 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
|
||||
@Test
|
||||
@Accepts("GRT:L(List)")
|
||||
void testGlobalAdmin_withoutAssumedRole_canViewAllGrants() {
|
||||
void globalAdmin_withoutAssumedRole_canViewAllGrants() {
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac/grants")
|
||||
@ -73,23 +73,23 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
.contentType("application/json")
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("grantedByRoleIdName", "global#test-global.admin"),
|
||||
hasEntry("grantedByRoleIdName", "global#global.admin"),
|
||||
hasEntry("grantedRoleIdName", "test_customer#xxx.admin"),
|
||||
hasEntry("granteeUserName", "customer-admin@xxx.example.com")
|
||||
)
|
||||
))
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("grantedByRoleIdName", "global#test-global.admin"),
|
||||
hasEntry("grantedByRoleIdName", "global#global.admin"),
|
||||
hasEntry("grantedRoleIdName", "test_customer#yyy.admin"),
|
||||
hasEntry("granteeUserName", "customer-admin@yyy.example.com")
|
||||
)
|
||||
))
|
||||
.body("", hasItem(
|
||||
allOf(
|
||||
hasEntry("grantedByRoleIdName", "global#test-global.admin"),
|
||||
hasEntry("grantedRoleIdName", "global#test-global.admin"),
|
||||
hasEntry("granteeUserName", "sven@example.org")
|
||||
hasEntry("grantedByRoleIdName", "global#global.admin"),
|
||||
hasEntry("grantedRoleIdName", "global#global.admin"),
|
||||
hasEntry("granteeUserName", "fran@hostsharing.net")
|
||||
)
|
||||
))
|
||||
.body("", hasItem(
|
||||
@ -112,10 +112,10 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
|
||||
@Test
|
||||
@Accepts({ "GRT:L(List)", "GRT:X(Access Control)" })
|
||||
void testGlobalAdmin_withAssumedPackageAdminRole_canViewPacketRelatedGrants() {
|
||||
void globalAdmin_withAssumedPackageAdminRole_canViewPacketRelatedGrants() {
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_package#yyy00.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
@ -498,14 +498,14 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
|
||||
RbacUserEntity findRbacUserByName(final String userName) {
|
||||
return jpaAttempt.transacted(() -> {
|
||||
context("mike@example.org", null);
|
||||
context("alex@hostsharing.net", null);
|
||||
return rbacUserRepository.findByName(userName);
|
||||
}).returnedValue();
|
||||
}
|
||||
|
||||
RbacRoleEntity findRbacRoleByName(final String roleName) {
|
||||
return jpaAttempt.transacted(() -> {
|
||||
context("mike@example.org", null);
|
||||
context("alex@hostsharing.net", null);
|
||||
return rbacRoleRepository.findByRoleName(roleName);
|
||||
}).returnedValue();
|
||||
}
|
||||
|
||||
@ -83,7 +83,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
|
||||
// then
|
||||
exactlyTheseRbacGrantsAreReturned(
|
||||
result,
|
||||
"{ grant assumed role test_customer#xxx.admin to user customer-admin@xxx.example.com by role global#test-global.admin }",
|
||||
"{ grant assumed role test_customer#xxx.admin to user customer-admin@xxx.example.com by role global#global.admin }",
|
||||
"{ grant assumed role test_package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role test_customer#xxx.admin }",
|
||||
"{ grant assumed role test_package#xxx01.admin to user pac-admin-xxx01@xxx.example.com by role test_customer#xxx.admin }",
|
||||
"{ grant assumed role test_package#xxx02.admin to user pac-admin-xxx02@xxx.example.com by role test_customer#xxx.admin }");
|
||||
|
||||
@ -38,12 +38,12 @@ class RbacRoleControllerAcceptanceTest {
|
||||
|
||||
@Test
|
||||
@Accepts({ "ROL:L(List)" })
|
||||
void testGlobalAdmin_withoutAssumedRole_canViewAllRoles() {
|
||||
void globalAdmin_withoutAssumedRole_canViewAllRoles() {
|
||||
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac/roles")
|
||||
@ -54,7 +54,7 @@ class RbacRoleControllerAcceptanceTest {
|
||||
.body("", hasItem(hasEntry("roleName", "test_customer#xxx.owner")))
|
||||
.body("", hasItem(hasEntry("roleName", "test_customer#xxx.tenant")))
|
||||
// ...
|
||||
.body("", hasItem(hasEntry("roleName", "global#test-global.admin")))
|
||||
.body("", hasItem(hasEntry("roleName", "global#global.admin")))
|
||||
.body("", hasItem(hasEntry("roleName", "test_customer#yyy.admin")))
|
||||
.body("", hasItem(hasEntry("roleName", "test_package#yyy00.admin")))
|
||||
.body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa.owner")))
|
||||
@ -64,12 +64,12 @@ class RbacRoleControllerAcceptanceTest {
|
||||
|
||||
@Test
|
||||
@Accepts({ "ROL:L(List)", "ROL:X(Access Control)" })
|
||||
void testGlobalAdmin_withAssumedPackageAdminRole_canViewPackageAdminRoles() {
|
||||
void globalAdmin_withAssumedPackageAdminRole_canViewPackageAdminRoles() {
|
||||
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_package#yyy00.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
|
||||
@ -37,13 +37,13 @@ class RbacRoleControllerRestTest {
|
||||
// when
|
||||
mockMvc.perform(MockMvcRequestBuilders
|
||||
.get("/api/rbac/roles")
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.accept(MediaType.APPLICATION_JSON))
|
||||
|
||||
// then
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", hasSize(3)))
|
||||
.andExpect(jsonPath("$[0].roleName", is("global#test-global.admin")))
|
||||
.andExpect(jsonPath("$[0].roleName", is("global#global.admin")))
|
||||
.andExpect(jsonPath("$[1].roleName", is("test_customer#xxx.owner")))
|
||||
.andExpect(jsonPath("$[2].roleName", is("test_customer#xxx.admin")))
|
||||
.andExpect(jsonPath("$[2].uuid", is(customerXxxAdmin.getUuid().toString())))
|
||||
|
||||
@ -40,7 +40,7 @@ class RbacRoleRepositoryIntegrationTest {
|
||||
|
||||
private static final String[] ALL_TEST_DATA_ROLES = Array.of(
|
||||
// @formatter:off
|
||||
"global#test-global.admin",
|
||||
"global#global.admin",
|
||||
"test_customer#xxx.admin", "test_customer#xxx.owner", "test_customer#xxx.tenant",
|
||||
"test_package#xxx00.admin", "test_package#xxx00.owner", "test_package#xxx00.tenant",
|
||||
"test_package#xxx01.admin", "test_package#xxx01.owner", "test_package#xxx01.tenant",
|
||||
@ -57,9 +57,9 @@ class RbacRoleRepositoryIntegrationTest {
|
||||
);
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withoutAssumedRole_canViewAllRbacRoles() {
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllRbacRoles() {
|
||||
// given
|
||||
context.define("mike@example.org");
|
||||
context.define("alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
final var result = rbacRoleRepository.findAll();
|
||||
@ -69,9 +69,9 @@ class RbacRoleRepositoryIntegrationTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withAssumedtestGlobalAdminRole_canViewAllRbacRoles() {
|
||||
public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacRoles() {
|
||||
given:
|
||||
context.define("mike@example.org", "global#test-global.admin");
|
||||
context.define("alex@hostsharing.net", "global#global.admin");
|
||||
|
||||
// when
|
||||
final var result = rbacRoleRepository.findAll();
|
||||
@ -111,7 +111,7 @@ class RbacRoleRepositoryIntegrationTest {
|
||||
noneOfTheseRbacRolesIsReturned(
|
||||
result,
|
||||
// @formatter:off
|
||||
"global#test-global.admin",
|
||||
"global#global.admin",
|
||||
"test_customer#xxx.owner",
|
||||
"test_package#yyy00.admin",
|
||||
"test_package#yyy00.owner",
|
||||
|
||||
@ -4,7 +4,7 @@ import static java.util.UUID.randomUUID;
|
||||
|
||||
public class TestRbacRole {
|
||||
|
||||
public static final RbacRoleEntity hostmasterRole = rbacRole("global", "test-global", RbacRoleType.admin);
|
||||
public static final RbacRoleEntity hostmasterRole = rbacRole("global", "global", RbacRoleType.admin);
|
||||
static final RbacRoleEntity customerXxxOwner = rbacRole("test_customer", "xxx", RbacRoleType.owner);
|
||||
static final RbacRoleEntity customerXxxAdmin = rbacRole("test_customer", "xxx", RbacRoleType.admin);
|
||||
|
||||
|
||||
@ -82,13 +82,13 @@ class RbacUserControllerAcceptanceTest {
|
||||
|
||||
@Test
|
||||
@Accepts({ "USR:R(Read)" })
|
||||
void testGlobalAdmin_withoutAssumedRole_canGetArbitraryUser() {
|
||||
void globalAdmin_withoutAssumedRole_canGetArbitraryUser() {
|
||||
final var givenUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
|
||||
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac/users/" + givenUser.getUuid())
|
||||
@ -101,13 +101,13 @@ class RbacUserControllerAcceptanceTest {
|
||||
|
||||
@Test
|
||||
@Accepts({ "USR:R(Read)", "USR:X(Access Control)" })
|
||||
void testGlobalAdmin_withAssumedCustomerAdminRole_canGetUserWithinInItsRealm() {
|
||||
void globalAdmin_withAssumedCustomerAdminRole_canGetUserWithinInItsRealm() {
|
||||
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
|
||||
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#yyy.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
@ -161,12 +161,12 @@ class RbacUserControllerAcceptanceTest {
|
||||
|
||||
@Test
|
||||
@Accepts({ "USR:L(List)" })
|
||||
void testGlobalAdmin_withoutAssumedRole_canViewAllUsers() {
|
||||
void globalAdmin_withoutAssumedRole_canViewAllUsers() {
|
||||
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac/users")
|
||||
@ -176,23 +176,23 @@ class RbacUserControllerAcceptanceTest {
|
||||
.body("", hasItem(hasEntry("name", "customer-admin@xxx.example.com")))
|
||||
.body("", hasItem(hasEntry("name", "customer-admin@yyy.example.com")))
|
||||
.body("", hasItem(hasEntry("name", "customer-admin@zzz.example.com")))
|
||||
.body("", hasItem(hasEntry("name", "mike@example.org")))
|
||||
.body("", hasItem(hasEntry("name", "alex@hostsharing.net")))
|
||||
// ...
|
||||
.body("", hasItem(hasEntry("name", "pac-admin-zzz01@zzz.example.com")))
|
||||
.body("", hasItem(hasEntry("name", "pac-admin-zzz02@zzz.example.com")))
|
||||
.body("", hasItem(hasEntry("name", "sven@example.org")))
|
||||
.body("", hasItem(hasEntry("name", "fran@hostsharing.net")))
|
||||
.body("size()", greaterThanOrEqualTo(14));
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Test
|
||||
@Accepts({ "USR:F(Filter)" })
|
||||
void testGlobalAdmin_withoutAssumedRole_canViewAllUsersByName() {
|
||||
void globalAdmin_withoutAssumedRole_canViewAllUsersByName() {
|
||||
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac/users?name=pac-admin-zzz0")
|
||||
@ -208,12 +208,12 @@ class RbacUserControllerAcceptanceTest {
|
||||
|
||||
@Test
|
||||
@Accepts({ "USR:L(List)", "USR:X(Access Control)" })
|
||||
void testGlobalAdmin_withAssumedCustomerAdminRole_canViewUsersInItsRealm() {
|
||||
void globalAdmin_withAssumedCustomerAdminRole_canViewUsersInItsRealm() {
|
||||
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#yyy.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
@ -276,13 +276,13 @@ class RbacUserControllerAcceptanceTest {
|
||||
|
||||
@Test
|
||||
@Accepts({ "PRM:L(List)" })
|
||||
void testGlobalAdmin_withoutAssumedRole_canViewArbitraryUsersPermissions() {
|
||||
void globalAdmin_withoutAssumedRole_canViewArbitraryUsersPermissions() {
|
||||
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
|
||||
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
|
||||
@ -310,13 +310,13 @@ class RbacUserControllerAcceptanceTest {
|
||||
|
||||
@Test
|
||||
@Accepts({ "PRM:L(List)" })
|
||||
void testGlobalAdmin_withAssumedCustomerAdminRole_canViewArbitraryUsersPermissions() {
|
||||
void globalAdmin_withAssumedCustomerAdminRole_canViewArbitraryUsersPermissions() {
|
||||
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
|
||||
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_package#yyy00.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
@ -455,7 +455,7 @@ class RbacUserControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
final var location = RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.delete("http://localhost/api/rbac/users/" + givenUser.getUuid())
|
||||
@ -470,7 +470,7 @@ class RbacUserControllerAcceptanceTest {
|
||||
|
||||
RbacUserEntity findRbacUserByName(final String userName) {
|
||||
return jpaAttempt.transacted(() -> {
|
||||
context.define("mike@example.org");
|
||||
context.define("alex@hostsharing.net");
|
||||
return rbacUserRepository.findByName(userName);
|
||||
}).returnedValue();
|
||||
}
|
||||
|
||||
@ -99,7 +99,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
|
||||
private static final String[] ALL_TEST_DATA_USERS = Array.of(
|
||||
// @formatter:off
|
||||
"mike@example.org", "sven@example.org",
|
||||
"alex@hostsharing.net", "fran@hostsharing.net",
|
||||
"customer-admin@xxx.example.com",
|
||||
"pac-admin-xxx00@xxx.example.com", "pac-admin-xxx01@xxx.example.com", "pac-admin-xxx02@xxx.example.com",
|
||||
"customer-admin@yyy.example.com",
|
||||
@ -110,9 +110,9 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
);
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withoutAssumedRole_canViewAllRbacUsers() {
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllRbacUsers() {
|
||||
// given
|
||||
context("mike@example.org");
|
||||
context("alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
final var result = rbacUserRepository.findByOptionalNameLike(null);
|
||||
@ -122,9 +122,9 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withAssumedtestGlobalAdminRole_canViewAllRbacUsers() {
|
||||
public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacUsers() {
|
||||
given:
|
||||
context("mike@example.org", "global#test-global.admin");
|
||||
context("alex@hostsharing.net", "global#global.admin");
|
||||
|
||||
// when
|
||||
final var result = rbacUserRepository.findByOptionalNameLike(null);
|
||||
@ -134,9 +134,9 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withAssumedCustomerAdminRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() {
|
||||
public void globalAdmin_withAssumedCustomerAdminRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() {
|
||||
given:
|
||||
context("mike@example.org", "test_customer#xxx.admin");
|
||||
context("alex@hostsharing.net", "test_customer#xxx.admin");
|
||||
|
||||
// when
|
||||
final var result = rbacUserRepository.findByOptionalNameLike(null);
|
||||
@ -190,7 +190,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
|
||||
private static final String[] ALL_USER_PERMISSIONS = Array.of(
|
||||
// @formatter:off
|
||||
"global#test-global.admin -> global#test-global: add-customer",
|
||||
"global#global.admin -> global#global: add-customer",
|
||||
|
||||
"test_customer#xxx.admin -> test_customer#xxx: add-package",
|
||||
"test_customer#xxx.admin -> test_customer#xxx: view",
|
||||
@ -237,12 +237,12 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
);
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withoutAssumedRole_canViewTheirOwnPermissions() {
|
||||
public void globalAdmin_withoutAssumedRole_canViewTheirOwnPermissions() {
|
||||
// given
|
||||
context("mike@example.org");
|
||||
context("alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("mike@example.org"));
|
||||
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("alex@hostsharing.net"));
|
||||
|
||||
// then
|
||||
allTheseRbacPermissionsAreReturned(result, ALL_USER_PERMISSIONS);
|
||||
@ -294,7 +294,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
public void customerAdmin_withoutAssumedRole_isNotAllowedToViewGlobalAdminsPermissions() {
|
||||
// given
|
||||
context("customer-admin@xxx.example.com");
|
||||
final UUID userUuid = userUUID("mike@example.org");
|
||||
final UUID userUuid = userUUID("alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
final var result = attempt(em, () ->
|
||||
|
||||
@ -39,10 +39,10 @@ class TestCustomerControllerAcceptanceTest {
|
||||
class ListCustomers {
|
||||
|
||||
@Test
|
||||
void testGlobalAdmin_withoutAssumedRoles_canViewAllCustomers_ifNoCriteriaGiven() {
|
||||
void globalAdmin_withoutAssumedRoles_canViewAllCustomers_ifNoCriteriaGiven() {
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/test/customers")
|
||||
@ -57,10 +57,10 @@ class TestCustomerControllerAcceptanceTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
void testGlobalAdmin_withoutAssumedRoles_canViewMatchingCustomers_ifCriteriaGiven() {
|
||||
void globalAdmin_withoutAssumedRoles_canViewMatchingCustomers_ifCriteriaGiven() {
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/test/customers?prefix=y")
|
||||
@ -73,10 +73,10 @@ class TestCustomerControllerAcceptanceTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
void testGlobalAdmin_withoutAssumedCustomerAdminRole_canOnlyViewOwnCustomer() {
|
||||
void globalAdmin_withoutAssumedCustomerAdminRole_canOnlyViewOwnCustomer() {
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#yyy.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
@ -110,11 +110,11 @@ class TestCustomerControllerAcceptanceTest {
|
||||
class AddCustomer {
|
||||
|
||||
@Test
|
||||
void testGlobalAdmin_withoutAssumedRole_canAddCustomer() {
|
||||
void globalAdmin_withoutAssumedRole_canAddCustomer() {
|
||||
|
||||
final var location = RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.contentType(ContentType.JSON)
|
||||
.body("""
|
||||
{
|
||||
@ -142,13 +142,13 @@ class TestCustomerControllerAcceptanceTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
void testGlobalAdmin_withoutAssumedRole_canAddCustomerWithGivenUuid() {
|
||||
void globalAdmin_withoutAssumedRole_canAddCustomerWithGivenUuid() {
|
||||
|
||||
final var givenUuid = UUID.randomUUID();
|
||||
|
||||
final var location = RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.contentType(ContentType.JSON)
|
||||
.body("""
|
||||
{
|
||||
@ -180,11 +180,11 @@ class TestCustomerControllerAcceptanceTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
void testGlobalAdmin_withAssumedCustomerAdminRole_canNotAddCustomer() {
|
||||
void globalAdmin_withAssumedCustomerAdminRole_canNotAddCustomer() {
|
||||
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#xxx.admin")
|
||||
.contentType(ContentType.JSON)
|
||||
.body("""
|
||||
@ -205,7 +205,7 @@ class TestCustomerControllerAcceptanceTest {
|
||||
// @formatter:on
|
||||
|
||||
// finally, the new customer was not created
|
||||
context.define("sven@example.org");
|
||||
context.define("fran@hostsharing.net");
|
||||
assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
|
||||
}
|
||||
|
||||
@ -234,7 +234,7 @@ class TestCustomerControllerAcceptanceTest {
|
||||
// @formatter:on
|
||||
|
||||
// finally, the new customer was not created
|
||||
context.define("sven@example.org");
|
||||
context.define("fran@hostsharing.net");
|
||||
assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
|
||||
}
|
||||
}
|
||||
|
||||
@ -37,9 +37,9 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
class CreateCustomer {
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withoutAssumedRole_canCreateNewCustomer() {
|
||||
public void globalAdmin_withoutAssumedRole_canCreateNewCustomer() {
|
||||
// given
|
||||
context("mike@example.org", null);
|
||||
context("alex@hostsharing.net", null);
|
||||
final var count = testCustomerRepository.count();
|
||||
|
||||
// when
|
||||
@ -58,9 +58,9 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withAssumedCustomerRole_cannotCreateNewCustomer() {
|
||||
public void globalAdmin_withAssumedCustomerRole_cannotCreateNewCustomer() {
|
||||
// given
|
||||
context("mike@example.org", "test_customer#xxx.admin");
|
||||
context("alex@hostsharing.net", "test_customer#xxx.admin");
|
||||
|
||||
// when
|
||||
final var result = attempt(em, () -> {
|
||||
@ -104,9 +104,9 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
class FindAllCustomers {
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withoutAssumedRole_canViewAllCustomers() {
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllCustomers() {
|
||||
// given
|
||||
context("mike@example.org", null);
|
||||
context("alex@hostsharing.net", null);
|
||||
|
||||
// when
|
||||
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null);
|
||||
@ -116,9 +116,9 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withAssumedtestGlobalAdminRole_canViewAllCustomers() {
|
||||
public void globalAdmin_withAssumedglobalAdminRole_canViewAllCustomers() {
|
||||
given:
|
||||
context("mike@example.org", "global#test-global.admin");
|
||||
context("alex@hostsharing.net", "global#global.admin");
|
||||
|
||||
// when
|
||||
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null);
|
||||
@ -153,9 +153,9 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
class FindByPrefixLike {
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withoutAssumedRole_canViewAllCustomers() {
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllCustomers() {
|
||||
// given
|
||||
context("mike@example.org", null);
|
||||
context("alex@hostsharing.net", null);
|
||||
|
||||
// when
|
||||
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike("yyy");
|
||||
|
||||
@ -43,7 +43,7 @@ class TestPackageControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#xxx.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
@ -65,7 +65,7 @@ class TestPackageControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#xxx.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
@ -93,7 +93,7 @@ class TestPackageControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#xxx.admin")
|
||||
.contentType(ContentType.JSON)
|
||||
.body(format("""
|
||||
@ -123,7 +123,7 @@ class TestPackageControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#xxx.admin")
|
||||
.contentType(ContentType.JSON)
|
||||
.body("""
|
||||
@ -152,7 +152,7 @@ class TestPackageControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#xxx.admin")
|
||||
.contentType(ContentType.JSON)
|
||||
.body("{}")
|
||||
@ -172,7 +172,7 @@ class TestPackageControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
return UUID.fromString(RestAssured
|
||||
.given()
|
||||
.header("current-user", "mike@example.org")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#xxx.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
@ -185,7 +185,7 @@ class TestPackageControllerAcceptanceTest {
|
||||
}
|
||||
|
||||
String getDescriptionOfPackage(final String packageName) {
|
||||
context.define("mike@example.org","test_customer#xxx.admin");
|
||||
context.define("alex@hostsharing.net","test_customer#xxx.admin");
|
||||
return testPackageRepository.findAllByOptionalNameLike(packageName).get(0).getDescription();
|
||||
}
|
||||
}
|
||||
|
||||
@ -42,9 +42,9 @@ class TestPackageRepositoryIntegrationTest {
|
||||
class FindAllByOptionalNameLike {
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withoutAssumedRole_canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() {
|
||||
public void globalAdmin_withoutAssumedRole_canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() {
|
||||
// given
|
||||
context.define("mike@example.org");
|
||||
context.define("alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
final var result = testPackageRepository.findAllByOptionalNameLike(null);
|
||||
@ -54,9 +54,9 @@ class TestPackageRepositoryIntegrationTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGlobalAdmin_withAssumedtestGlobalAdminRole__canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() {
|
||||
public void globalAdmin_withAssumedglobalAdminRole__canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() {
|
||||
given:
|
||||
context.define("mike@example.org", "global#test-global.admin");
|
||||
context.define("alex@hostsharing.net", "global#global.admin");
|
||||
|
||||
// when
|
||||
final var result = testPackageRepository.findAllByOptionalNameLike(null);
|
||||
@ -93,17 +93,17 @@ class TestPackageRepositoryIntegrationTest {
|
||||
@Test
|
||||
public void supportsOptimisticLocking() throws InterruptedException {
|
||||
// given
|
||||
testGlobalAdminWithAssumedRole("test_package#xxx00.admin");
|
||||
globalAdminWithAssumedRole("test_package#xxx00.admin");
|
||||
final var pac = testPackageRepository.findAllByOptionalNameLike("%").get(0);
|
||||
|
||||
// when
|
||||
final var result1 = jpaAttempt.transacted(() -> {
|
||||
testGlobalAdminWithAssumedRole("test_package#xxx00.admin");
|
||||
globalAdminWithAssumedRole("test_package#xxx00.admin");
|
||||
pac.setDescription("description set by thread 1");
|
||||
testPackageRepository.save(pac);
|
||||
});
|
||||
final var result2 = jpaAttempt.transacted(() -> {
|
||||
testGlobalAdminWithAssumedRole("test_package#xxx00.admin");
|
||||
globalAdminWithAssumedRole("test_package#xxx00.admin");
|
||||
pac.setDescription("description set by thread 2");
|
||||
testPackageRepository.save(pac);
|
||||
sleep(1500);
|
||||
@ -125,8 +125,8 @@ class TestPackageRepositoryIntegrationTest {
|
||||
}
|
||||
}
|
||||
|
||||
private void testGlobalAdminWithAssumedRole(final String assumedRoles) {
|
||||
context.define("mike@example.org", assumedRoles);
|
||||
private void globalAdminWithAssumedRole(final String assumedRoles) {
|
||||
context.define("alex@hostsharing.net", assumedRoles);
|
||||
}
|
||||
|
||||
void noPackagesAreReturned(final List<TestPackageEntity> actualResult) {
|
||||
|
||||
Reference in New Issue
Block a user