implements delete rbacuser

2022-09-01 16:57:16 +02:00
parent a06feff42e
commit df48bfc0da
8 changed files with 208 additions and 29 deletions
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java
@@ -397,10 +397,92 @@ class RbacUserControllerAcceptanceTest {
        }
    }

+    @Nested
+    class DeleteRbacUser {
+
+        @Test
+        @Accepts({ "USR:D(Create)" })
+        void anybody_canDeleteTheirOwnUser() {
+
+            // given
+            final var givenUser = givenANewUser();
+
+            // @formatter:off
+            final var location = RestAssured
+                    .given()
+                        .header("current-user", givenUser.getName())
+                        .port(port)
+                    .when()
+                        .delete("http://localhost/api/rbac-users/" + givenUser.getUuid())
+                    .then().log().all().assertThat()
+                        .statusCode(204);
+            // @formatter:on
+
+            // finally, the user is actually deleted
+            assertThat(rbacUserRepository.findByName(givenUser.getName())).isNull();
+        }
+
+        @Test
+        @Accepts({ "USR:D(Create)", "USR:X(Access Control)" })
+        void customerAdmin_canNotDeleteOtherUser() {
+
+            // given
+            final var givenUser = givenANewUser();
+
+            // @formatter:off
+            final var location = RestAssured
+                    .given()
+                        .header("current-user", "customer-admin@xxx.example.com")
+                        .port(port)
+                    .when()
+                        .delete("http://localhost/api/rbac-users/" + givenUser.getUuid())
+                    .then().log().all().assertThat()
+                        // that user cannot even see other users, thus the system won't even try to delete
+                        .statusCode(204);
+            // @formatter:on
+
+            // finally, the user is still there
+            assertThat(rbacUserRepository.findByName(givenUser.getName())).isNotNull();
+        }
+
+        @Test
+        @Accepts({ "USR:D(Create)", "USR:X(Access Control)" })
+        void globalAdmin_canDeleteArbitraryUser() {
+
+            // given
+            final var givenUser = givenANewUser();
+
+            // @formatter:off
+            final var location = RestAssured
+                    .given()
+                        .header("current-user", "mike@example.org")
+                        .port(port)
+                    .when()
+                        .delete("http://localhost/api/rbac-users/" + givenUser.getUuid())
+                    .then().log().all().assertThat()
+                        .statusCode(204);
+            // @formatter:on
+
+            // finally, the user is actually deleted
+            assertThat(rbacUserRepository.findByName(givenUser.getName())).isNull();
+        }
+    }
+
    RbacUserEntity findRbacUserByName(final String userName) {
        return jpaAttempt.transacted(() -> {
            context.define("mike@example.org");
            return rbacUserRepository.findByName(userName);
        }).returnedValue();
    }
+
+    RbacUserEntity givenANewUser() {
+        final var givenUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
+        final var givenUser = jpaAttempt.transacted(() -> {
+            context.define(null);
+            return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), givenUserName));
+        }).assumeSuccessful().returnedValue();
+        assertThat(rbacUserRepository.findByName(givenUser.getName())).isNotNull();
+        return givenUser;
+    }
+
 }
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
@@ -43,28 +43,9 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
    @Nested
    class CreateUser {

-        @Test
-        public void anyoneCanCreateTheirOwnUser() {
-            // given
-            final var givenNewUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
-            context(null);
-
-            // when
-            final var result = rbacUserRepository.create(
-                    new RbacUserEntity(null, givenNewUserName));
-
-            // then the persisted user is returned
-            assertThat(result).isNotNull().extracting(RbacUserEntity::getName).isEqualTo(givenNewUserName);
-
-            // and the new user entity can be fetched by the user itself
-            context(givenNewUserName);
-            assertThat(em.find(RbacUserEntity.class, result.getUuid()))
-                    .isNotNull().extracting(RbacUserEntity::getName).isEqualTo(givenNewUserName);
-        }
-
        @Test
        @Transactional(propagation = Propagation.NEVER)
-        void anyoneCanCreateTheirOwnUser_committed() {
+        void anyoneCanCreateTheirOwnUser() {

            // given:
            final var givenUuid = UUID.randomUUID();
@@ -72,7 +53,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {

            // when:
            final var result = jpaAttempt.transacted(() -> {
-                context("customer-admin@xxx.example.com");
+                context(null);
                return rbacUserRepository.create(new RbacUserEntity(givenUuid, newUserName));
            });

@@ -80,11 +61,36 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
            assertThat(result.wasSuccessful()).isTrue();
            assertThat(result.returnedValue()).isNotNull()
                    .extracting(RbacUserEntity::getUuid).isEqualTo(givenUuid);
-            jpaAttempt.transacted(() -> {
-                context(newUserName);
-                assertThat(em.find(RbacUserEntity.class, givenUuid))
-                        .isNotNull().extracting(RbacUserEntity::getName).isEqualTo(newUserName);
+            assertThat(rbacUserRepository.findByName(result.returnedValue().getName())).isNotNull();
+            //        jpaAttempt.transacted(() -> {
+            //            context(givenUser.getName());
+            //            assertThat(em.find(RbacUserEntity.class, givenUser.getUuid()))
+            //                    .isNotNull().extracting(RbacUserEntity::getName).isEqualTo(givenUser.getName());
+            //        }).assertSuccessful();
+        }
+    }
+
+    @Nested
+    class DeleteUser {
+
+        @Test
+        @Transactional(propagation = Propagation.NEVER)
+        public void anyoneCanDeleteTheirOwnUser() {
+            // given
+            final RbacUserEntity givenUser = givenANewUser();
+
+            // when
+            final var result = jpaAttempt.transacted(() -> {
+                context(givenUser.getName());
+                rbacUserRepository.deleteByUuid(givenUser.getUuid());
            });
+
+            // then the user is deleted
+            result.assertSuccessful();
+            assertThat(rbacUserRepository.findByName(givenUser.getName())).isNull();
+            //        jpaAttempt.transacted(() -> {
+            //            assertThat(rbacUserRepository.findByName(givenUser.getName())).isNull();
+            //        }).assertSuccessful();
        }
    }

@@ -392,6 +398,16 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
        return rbacUserRepository.findByName(userName).getUuid();
    }

+    RbacUserEntity givenANewUser() {
+        final var givenUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
+        final var givenUser = jpaAttempt.transacted(() -> {
+            context(null);
+            return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), givenUserName));
+        }).assumeSuccessful().returnedValue();
+        assertThat(rbacUserRepository.findByName(givenUser.getName())).isNotNull();
+        return givenUser;
+    }
+
    void exactlyTheseRbacUsersAreReturned(final List<RbacUserEntity> actualResult, final String... expectedUserNames) {
        assertThat(actualResult)
                .extracting(RbacUserEntity::getName)
--- a/src/test/java/net/hostsharing/test/JpaAttempt.java
+++ b/src/test/java/net/hostsharing/test/JpaAttempt.java
@@ -11,6 +11,7 @@ import java.util.Optional;
 import java.util.function.Supplier;

 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assumptions.assumeThat;

 /**
 * Wraps the 'when' part of a DataJpaTest to improve readability of tests.
@@ -53,6 +54,7 @@ public class JpaAttempt {

    public <T> JpaResult<T> transacted(final Supplier<T> code) {
        try {
+            transactionTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
            return JpaResult.forValue(
                    transactionTemplate.execute(transactionStatus -> code.get()));
        } catch (final RuntimeException exc) {
@@ -131,11 +133,19 @@ public class JpaAttempt {
        }

        public JpaResult<T> assumeSuccessful() {
-            assertThat(exception).isNull();
-            ;
+            assumeThat(exception).as(getSensibleMessage(exception)).isNull();
            return this;
        }

+        public JpaResult<T> assertSuccessful() {
+            assertThat(exception).as(getSensibleMessage(exception)).isNull();
+            return this;
+        }
+
+        private String getSensibleMessage(final RuntimeException exception) {
+            return exception != null ? NestedExceptionUtils.getRootCause(exception).getMessage() : null;
+        }
+
        private String firstRootCauseMessageLineOf(final RuntimeException exception) {
            final var rootCause = NestedExceptionUtils.getRootCause(exception);
            return Optional.ofNullable(rootCause)