hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code

remove current-subject from OpenAPI header specs, use Authorization instead (#164)

Browse Source 
Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/164
Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>
This commit is contained in:
Michael Hoennig 2025-03-18 11:52:29 +01:00
parent 5ca0638319
commit eb9edf1cb1
100 changed files with 404 additions and 590 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -91,17 +91,15 @@ Next, compile and run the application on `localhost:8080` and the management ser
export HSADMINNG_CAS_SERVER=
# this runs the application with test-data and all modules:
gw bootRun --args='--spring.profiles.active=dev,complete,test-data'
gw bootRun --args='--spring.profiles.active=dev,fakeCasAuthenticator,complete,test-data'
The meaning of these profiles is:
- **dev**: the PostgreSQL users are created via Liquibase
- **fakeCasAuthenticator**: The username is simply taken from whatever is after "Bearer " in the "Authorization" header.
- **complete**: all modules are started
- **test-data**: some test data inserted
Running just `gw bootRun` would just run the *office* module, not insert any test-data and
require the PostgreSQL users created in the database (see env-vars in `.aliases`).
Now we can access the REST API, e.g. using curl:
# the following command should reply with "pong":
@ -109,19 +107,19 @@ Now we can access the REST API, e.g. using curl:
# the following command should return a JSON array with just all customers:
curl -f -s\
-H 'current-subject: superuser-alex@hostsharing.net' \
-H 'Authorization: Bearer superuser-alex@hostsharing.net' \
http://localhost:8080/api/test/customers \
| jq # just if `jq` is installed, to prettyprint the output
# the following command should return a JSON array with just all packages visible for the admin of the customer yyy:
curl -f -s\
-H 'current-subject: superuser-alex@hostsharing.net' -H 'assumed-roles: rbactest.customer#yyy:ADMIN' \
-H 'Authorization: Bearer superuser-alex@hostsharing.net' -H 'assumed-roles: rbactest.customer#yyy:ADMIN' \
http://localhost:8080/api/test/packages \
| jq
# add a new customer
curl -f -s\
-H 'current-subject: superuser-alex@hostsharing.net' -H "Content-Type: application/json" \
-H 'Authorization: Bearer superuser-alex@hostsharing.net' -H "Content-Type: application/json" \
-d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \
-X POST http://localhost:8080/api/test/customers \
| jq
@ -137,6 +135,14 @@ For a locally running app without CAS-authentication (export HSADMINNG_CAS_SERVE
authorize using the name of the subject (e.g. "superuser-alex@hostsharing.net" in case of test-data).
Otherwise, use a valid CAS-ticket.
If you want to run the application with real CAS-Authentication:
# set the CAS-SERVER-Root, also see `bin/cas-curl`.
export HSADMINNG_CAS_SERVER=https://login.hostsharing.net # or whatever your CAS-Server-URL you want to use
# run the application against the real CAS authenticator
gw bootRun --args='--spring.profiles.active=dev,realCasAuthenticator,complete,test-data'
### PostgreSQL Server
@ -657,7 +663,7 @@ howto
Add `--args='--spring.profiles.active=...` with the wanted profile selector:
```sh
gw bootRun --args='--spring.profiles.active=external-db,only -office,without-test-data'
gw bootRun --args='--spring.profiles.active=external-db,only-office,without-test-data'
```
These profiles mean:
@ -673,7 +679,7 @@ Add `' --debug-jvm` to the command line:
```sh
gw bootRun --debug-jvm
gw bootRun ... --debug-jvm
```
At the very beginning, the application is going to wait for a debugger with a message like this:

12
bin/cas-curl
View File

@ -131,6 +131,15 @@ function casTicket() {
echo $HSADMINNG_CAS_TICKET
}
function casTgt() {
HSADMINNG_CAS_TGT=$(<~/.cas-login-tgt)
if [[ -z "$HSADMINNG_CAS_TGT" ]]; then
echo "ERROR: cannot get CAS ticket granting ticket for $HSADMINNG_CAS_USERNAME" >&2
exit 1
fi
echo "CAS-TGT: $HSADMINNG_CAS_TGT"
}
function casValidate() {
HSADMINNG_CAS_TICKET=`casTicket`
@ -191,6 +200,9 @@ case "${1,,}" in
"unassume") ## do not assume any particular role anymore, use the plain user as RBAC subject
rm ~/.cas-curl-assume
;;
"tgt") ## prints the current ticket granting ticket
casTgt
;;
"validate") ## validates current ticket granting ticket and prints currently logged in user
casValidate
;;

5
src/main/java/net/hostsharing/hsadminng/config/CasAuthenticationFilter.java
View File

@ -2,6 +2,8 @@ package net.hostsharing.hsadminng.config;
import lombok.AllArgsConstructor;
import lombok.SneakyThrows;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;
import jakarta.servlet.FilterChain;
@ -24,7 +26,8 @@ public class CasAuthenticationFilter extends OncePerRequestFilter {
if (request.getHeader("authorization") != null) {
final var authenticatedRequest = new AuthenticatedHttpServletRequestWrapper(request);
final var currentSubject = authenticator.authenticate(request);
authenticatedRequest.addHeader("current-subject", currentSubject);
final var authentication = new UsernamePasswordAuthenticationToken(currentSubject, null, null);
SecurityContextHolder.getContext().setAuthentication(authentication);
filterChain.doFilter(authenticatedRequest, response);
} else {
filterChain.doFilter(request, response);

2
src/test/java/net/hostsharing/hsadminng/config/FakeCasAuthenticator.java → src/main/java/net/hostsharing/hsadminng/config/FakeCasAuthenticator.java
View File

@ -9,6 +9,6 @@ public class FakeCasAuthenticator implements CasAuthenticator {
@Override
@SneakyThrows
public String authenticate(final HttpServletRequest httpRequest) {
return httpRequest.getHeader("current-subject");
return httpRequest.getHeader("Authorization").replaceAll("^Bearer ", "");
}
}

26
src/main/java/net/hostsharing/hsadminng/config/RealCasAuthenticator.java
View File

@ -2,11 +2,8 @@ package net.hostsharing.hsadminng.config;
import io.micrometer.core.annotation.Timed;
import lombok.SneakyThrows;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.client.RestTemplate;
import org.w3c.dom.Document;
@ -16,7 +13,6 @@ import jakarta.servlet.http.HttpServletRequest;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import java.io.IOException;
import java.util.function.Supplier;
public class RealCasAuthenticator implements CasAuthenticator {
@ -31,23 +27,6 @@ public class RealCasAuthenticator implements CasAuthenticator {
@SneakyThrows
@Timed("app.cas.authenticate")
public String authenticate(final HttpServletRequest httpRequest) {
final var userName = StringUtils.isBlank(casServerUrl)
? bypassCurrentSubject(httpRequest)
: casAuthentication(httpRequest);
final var authentication = new UsernamePasswordAuthenticationToken(userName, null, null);
SecurityContextHolder.getContext().setAuthentication(authentication);
return authentication.getName();
}
private static String bypassCurrentSubject(final HttpServletRequest httpRequest) {
final var userName = httpRequest.getHeader("authorization").replaceAll("^Bearer ", "");
System.err.println("CasAuthenticator.bypassCurrentSubject: " + userName);
return userName;
}
private String casAuthentication(final HttpServletRequest httpRequest)
throws SAXException, IOException, ParserConfigurationException {
final var ticket = httpRequest.getHeader("authorization").replaceAll("^Bearer ", "");
final var serviceTicket = ticket.startsWith("TGT-")
? fetchServiceTicket(ticket)
@ -76,7 +55,7 @@ public class RealCasAuthenticator implements CasAuthenticator {
"?service=" + serviceUrl +
"&ticket=" + serviceTicket;
final var response = ((Supplier<String>) () -> restTemplate.getForObject(url, String.class)).get();
final var response = restTemplate.getForObject(url, String.class);
return DocumentBuilderFactory.newInstance().newDocumentBuilder()
.parse(new java.io.ByteArrayInputStream(response.getBytes()));
@ -93,8 +72,7 @@ public class RealCasAuthenticator implements CasAuthenticator {
return verification.getElementsByTagName("cas:user").item(0).getTextContent();
}
private String throwBadCredentialsException(final String message) {
private void throwBadCredentialsException(final String message) {
throw new BadCredentialsException(message);
}
}

22
src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java
View File

@ -22,9 +22,6 @@ import jakarta.servlet.http.HttpServletResponse;
@SecurityScheme(type = SecuritySchemeType.HTTP, name = "casTicket", scheme = "bearer", bearerFormat = "CAS ticket", description = "CAS ticket", in = SecuritySchemeIn.HEADER)
public class WebSecurityConfig {
private static final String[] PERMITTED_PATHS = new String[] { "/swagger-ui/**", "/v3/api-docs/**", "/actuator/**" };
private static final String[] AUTHENTICATED_PATHS = new String[] { "/api/**" };
@Lazy
@Autowired
private CasAuthenticationFilter authenticationFilter;
@ -34,8 +31,13 @@ public class WebSecurityConfig {
public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
return http
.authorizeHttpRequests(authorize -> authorize
.requestMatchers(PERMITTED_PATHS).permitAll()
.requestMatchers(AUTHENTICATED_PATHS).authenticated()
.requestMatchers(
"/swagger-ui/**",
"/v3/api-docs/**",
"/actuator/**",
"/api/hs/hosting/asset-types/**"
).permitAll()
.requestMatchers("/api/**").authenticated()
.anyRequest().denyAll()
)
.addFilterBefore(authenticationFilter, AuthenticationFilter.class)
@ -51,11 +53,17 @@ public class WebSecurityConfig {
}
@Bean
@Profile("!test")
public CasAuthenticator casServiceTicketValidator() {
@Profile("realCasAuthenticator")
public CasAuthenticator realCasServiceTicketValidator() {
return new RealCasAuthenticator();
}
@Bean
@Profile("fakeCasAuthenticator")
public CasAuthenticator fakeCasServiceTicketValidator() {
return new FakeCasAuthenticator();
}
@Bean
public CasAuthenticationFilter authenticationFilter(final CasAuthenticator authenticator) {
return new CasAuthenticationFilter(authenticator);

7
src/main/java/net/hostsharing/hsadminng/context/Context.java
View File

@ -4,6 +4,7 @@ import lombok.AllArgsConstructor;
import lombok.SneakyThrows;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.context.request.RequestContextHolder;
@ -47,6 +48,12 @@ public class Context {
define(toTask(request), toCurl(request), currentSubject, assumedRoles);
}
@Transactional(propagation = MANDATORY)
public void assumeRoles(final String assumedRoles) {
final var currentSubject = SecurityContextHolder.getContext().getAuthentication().getName();
define(toTask(request), toCurl(request), currentSubject, assumedRoles);
}
@Transactional(propagation = MANDATORY)
public void define(
final String currentTask,

4
src/main/java/net/hostsharing/hsadminng/context/HttpServletRequestWithCachedBody.java
View File

@ -21,12 +21,12 @@ public class HttpServletRequestWithCachedBody extends HttpServletRequestWrapper
}
@Override
public ServletInputStream getInputStream() throws IOException {
public ServletInputStream getInputStream() {
return new HttpServletRequestBodyCache(this.cachedBody);
}
@Override
public BufferedReader getReader() throws IOException {
public BufferedReader getReader() {
ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.cachedBody);
return new BufferedReader(new InputStreamReader(byteArrayInputStream));
}

15
src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java
View File

@ -58,10 +58,9 @@ public class HsBookingItemController implements HsBookingItemsApi {
@Transactional(readOnly = true)
@Timed("app.bookingItems.api.getListOfBookingItemsByProjectUuid")
public ResponseEntity<List<HsBookingItemResource>> getListOfBookingItemsByProjectUuid(
final String currentSubject,
final String assumedRoles,
final UUID projectUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entities = bookingItemRepo.findAllByProjectUuid(projectUuid);
@ -73,11 +72,10 @@ public class HsBookingItemController implements HsBookingItemsApi {
@Transactional
@Timed("app.bookingItems.api.postNewBookingItem")
public ResponseEntity<HsBookingItemResource> postNewBookingItem(
final String currentSubject,
final String assumedRoles,
final HsBookingItemInsertResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entityToSave = mapper.map(body, HsBookingItemRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
final var saveProcessor = new BookingItemEntitySaveProcessor(em, entityToSave);
@ -103,11 +101,10 @@ public class HsBookingItemController implements HsBookingItemsApi {
@Transactional(readOnly = true)
@Timed("app.bookingItems.api.getSingleBookingItemByUuid")
public ResponseEntity<HsBookingItemResource> getSingleBookingItemByUuid(
final String currentSubject,
final String assumedRoles,
final UUID bookingItemUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = bookingItemRepo.findByUuid(bookingItemUuid);
result.ifPresent(entity -> em.detach(entity)); // prevent further LAZY-loading
@ -121,10 +118,9 @@ public class HsBookingItemController implements HsBookingItemsApi {
@Transactional
@Timed("app.bookingItems.api.deleteBookingIemByUuid")
public ResponseEntity<Void> deleteBookingIemByUuid(
final String currentSubject,
final String assumedRoles,
final UUID bookingItemUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = bookingItemRepo.deleteByUuid(bookingItemUuid);
return result == 0
@ -136,12 +132,11 @@ public class HsBookingItemController implements HsBookingItemsApi {
@Transactional
@Timed("app.bookingItems.api.patchBookingItem")
public ResponseEntity<HsBookingItemResource> patchBookingItem(
final String currentSubject,
final String assumedRoles,
final UUID bookingItemUuid,
final HsBookingItemPatchResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var current = bookingItemRepo.findByUuid(bookingItemUuid).orElseThrow();

15
src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectController.java
View File

@ -42,10 +42,9 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
@Transactional(readOnly = true)
@Timed("app.bookingProjects.api.getListOfBookingProjectsByDebitorUuid")
public ResponseEntity<List<HsBookingProjectResource>> getListOfBookingProjectsByDebitorUuid(
final String currentSubject,
final String assumedRoles,
final UUID debitorUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entities = bookingProjectRepo.findAllByDebitorUuid(debitorUuid);
@ -57,11 +56,10 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
@Transactional
@Timed("app.bookingProjects.api.postNewBookingProject")
public ResponseEntity<HsBookingProjectResource> postNewBookingProject(
final String currentSubject,
final String assumedRoles,
final HsBookingProjectInsertResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entityToSave = mapper.map(body, HsBookingProjectRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
@ -80,11 +78,10 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
@Transactional(readOnly = true)
@Timed("app.bookingProjects.api.getBookingProjectByUuid")
public ResponseEntity<HsBookingProjectResource> getBookingProjectByUuid(
final String currentSubject,
final String assumedRoles,
final UUID bookingProjectUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = bookingProjectRepo.findByUuid(bookingProjectUuid);
return result
@ -97,10 +94,9 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
@Transactional
@Timed("app.bookingProjects.api.deleteBookingIemByUuid")
public ResponseEntity<Void> deleteBookingIemByUuid(
final String currentSubject,
final String assumedRoles,
final UUID bookingProjectUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = bookingProjectRepo.deleteByUuid(bookingProjectUuid);
return result == 0
@ -112,12 +108,11 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
@Transactional
@Timed("app.bookingProjects.api.patchBookingProject")
public ResponseEntity<HsBookingProjectResource> patchBookingProject(
final String currentSubject,
final String assumedRoles,
final UUID bookingProjectUuid,
final HsBookingProjectPatchResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var current = bookingProjectRepo.findByUuid(bookingProjectUuid).orElseThrow();

15
src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java
View File

@ -55,12 +55,11 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
@Transactional(readOnly = true)
@Timed("app.hosting.assets.api.getListOfHostingAssets")
public ResponseEntity<List<HsHostingAssetResource>> getListOfHostingAssets(
final String currentSubject,
final String assumedRoles,
final UUID debitorUuid,
final UUID parentAssetUuid,
final HsHostingAssetTypeResource type) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entities = rbacAssetRepo.findAllByCriteria(debitorUuid, parentAssetUuid, HsHostingAssetType.of(type));
@ -73,11 +72,10 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
@Transactional
@Timed("app.hosting.assets.api.postNewHostingAsset")
public ResponseEntity<HsHostingAssetResource> postNewHostingAsset(
final String currentSubject,
final String assumedRoles,
final HsHostingAssetInsertResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entity = mapper.map(body, HsHostingAssetRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
@ -102,11 +100,10 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
@Transactional(readOnly = true)
@Timed("app.hosting.assets.api.getSingleHostingAssetByUuid")
public ResponseEntity<HsHostingAssetResource> getSingleHostingAssetByUuid(
final String currentSubject,
final String assumedRoles,
final UUID assetUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = rbacAssetRepo.findByUuid(assetUuid);
return result
@ -119,10 +116,9 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
@Transactional
@Timed("app.hosting.assets.api.deleteHostingAssetByUuid")
public ResponseEntity<Void> deleteHostingAssetByUuid(
final String currentSubject,
final String assumedRoles,
final UUID assetUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = rbacAssetRepo.deleteByUuid(assetUuid);
return result == 0
@ -134,12 +130,11 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
@Transactional
@Timed("app.hosting.assets.api.patchHostingAsset")
public ResponseEntity<HsHostingAssetResource> patchHostingAsset(
final String currentSubject,
final String assumedRoles,
final UUID assetUuid,
final HsHostingAssetPatchResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entity = rbacAssetRepo.findByUuid(assetUuid).orElseThrow();

12
src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java
View File

@ -35,10 +35,9 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
@Transactional(readOnly = true)
@Timed("app.office.bankAccounts.api.patchDebitor")
public ResponseEntity<List<HsOfficeBankAccountResource>> getListOfBankAccounts(
final String currentSubject,
final String assumedRoles,
final String holder) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entities = bankAccountRepo.findByOptionalHolderLike(holder);
@ -50,11 +49,10 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
@Transactional
@Timed("app.office.bankAccounts.api.postNewBankAccount")
public ResponseEntity<HsOfficeBankAccountResource> postNewBankAccount(
final String currentSubject,
final String assumedRoles,
final HsOfficeBankAccountInsertResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
IbanUtil.validate(body.getIban());
BicUtil.validate(body.getBic());
@ -77,11 +75,10 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
@Transactional(readOnly = true)
@Timed("app.office.bankAccounts.api.getSingleBankAccountByUuid")
public ResponseEntity<HsOfficeBankAccountResource> getSingleBankAccountByUuid(
final String currentSubject,
final String assumedRoles,
final UUID bankAccountUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = bankAccountRepo.findByUuid(bankAccountUuid);
if (result.isEmpty()) {
@ -94,10 +91,9 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
@Transactional
@Timed("app.office.bankAccounts.api.deleteBankAccountByUuid")
public ResponseEntity<Void> deleteBankAccountByUuid(
final String currentSubject,
final String assumedRoles,
final UUID BankAccountUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = bankAccountRepo.deleteByUuid(BankAccountUuid);
if (result == 0) {

15
src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java
View File

@ -48,11 +48,10 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
@Transactional(readOnly = true)
@Timed("app.office.contacts.api.getListOfContacts")
public ResponseEntity<List<HsOfficeContactResource>> getListOfContacts(
final String currentSubject,
final String assumedRoles,
final String caption,
final String emailAddress) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
validate("caption, emailAddress").atMaxOne(caption, emailAddress);
final var entities = emailAddress != null
@ -67,11 +66,10 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
@Transactional
@Timed("app.office.contacts.api.postNewContact")
public ResponseEntity<HsOfficeContactResource> postNewContact(
final String currentSubject,
final String assumedRoles,
final HsOfficeContactInsertResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entityToSave = mapper.map(body, HsOfficeContactRbacEntity.class);
@ -90,11 +88,10 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
@Transactional(readOnly = true)
@Timed("app.office.contacts.api.getSingleContactByUuid")
public ResponseEntity<HsOfficeContactResource> getSingleContactByUuid(
final String currentSubject,
final String assumedRoles,
final UUID contactUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = contactRepo.findByUuid(contactUuid);
if (result.isEmpty()) {
@ -107,10 +104,9 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
@Transactional
@Timed("app.office.contacts.api.deleteContactByUuid")
public ResponseEntity<Void> deleteContactByUuid(
final String currentSubject,
final String assumedRoles,
final UUID contactUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = contactRepo.deleteByUuid(contactUuid);
if (result == 0) {
@ -124,12 +120,11 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
@Transactional
@Timed("app.office.contacts.api.patchContact")
public ResponseEntity<HsOfficeContactResource> patchContact(
final String currentSubject,
final String assumedRoles,
final UUID contactUuid,
final HsOfficeContactPatchResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var current = contactRepo.findByUuid(contactUuid).orElseThrow();

10
src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java
View File

@ -60,12 +60,11 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse
@Transactional(readOnly = true)
@Timed("app.office.coopAssets.api.getListOfCoopAssets")
public ResponseEntity<List<HsOfficeCoopAssetsTransactionResource>> getListOfCoopAssets(
final String currentSubject,
final String assumedRoles,
final UUID membershipUuid,
final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate,
final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entities = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
membershipUuid,
@ -83,11 +82,10 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse
@Transactional
@Timed("app.office.coopAssets.api.postNewCoopAssetTransaction")
public ResponseEntity<HsOfficeCoopAssetsTransactionResource> postNewCoopAssetTransaction(
final String currentSubject,
final String assumedRoles,
final HsOfficeCoopAssetsTransactionInsertResource requestBody) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
validate(requestBody);
final var entityToSave = mapper.map(
@ -109,9 +107,9 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse
@Transactional(readOnly = true)
@Timed("app.office.coopAssets.api.getSingleCoopAssetTransactionByUuid")
public ResponseEntity<HsOfficeCoopAssetsTransactionResource> getSingleCoopAssetTransactionByUuid(
final String currentSubject, final String assumedRoles, final UUID assetTransactionUuid) {
final String assumedRoles, final UUID assetTransactionUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = coopAssetsTransactionRepo.findByUuid(assetTransactionUuid);
if (result.isEmpty()) {

10
src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java
View File

@ -47,12 +47,11 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar
@Transactional(readOnly = true)
@Timed("app.office.coopShares.api.getListOfCoopShares")
public ResponseEntity<List<HsOfficeCoopSharesTransactionResource>> getListOfCoopShares(
final String currentSubject,
final String assumedRoles,
final UUID membershipUuid,
final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate,
final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entities = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(
membershipUuid,
@ -70,11 +69,10 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar
@Transactional
@Timed("app.office.coopShares.repo.postNewCoopSharesTransaction")
public ResponseEntity<HsOfficeCoopSharesTransactionResource> postNewCoopSharesTransaction(
final String currentSubject,
final String assumedRoles,
final HsOfficeCoopSharesTransactionInsertResource requestBody) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
validate(requestBody);
final var entityToSave = mapper.map(
@ -97,9 +95,9 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar
@Transactional(readOnly = true)
@Timed("app.office.coopShares.repo.getSingleCoopShareTransactionByUuid")
public ResponseEntity<HsOfficeCoopSharesTransactionResource> getSingleCoopShareTransactionByUuid(
final String currentSubject, final String assumedRoles, final UUID shareTransactionUuid) {
final String assumedRoles, final UUID shareTransactionUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = coopSharesTransactionRepo.findByUuid(shareTransactionUuid);
if (result.isEmpty()) {

18
src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java
View File

@ -64,12 +64,11 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
@Transactional(readOnly = true)
@Timed("app.office.debitors.api.getListOfDebitors")
public ResponseEntity<List<HsOfficeDebitorResource>> getListOfDebitors(
final String currentSubject,
final String assumedRoles,
final String name,
final UUID partnerUuid,
final String partnerNumber) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entities = partnerNumber != null
? debitorRepo.findDebitorsByPartnerNumber(cropTag("P-", partnerNumber))
@ -85,11 +84,10 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
@Transactional
@Timed("app.office.debitors.api.postNewDebitor")
public ResponseEntity<HsOfficeDebitorResource> postNewDebitor(
String currentSubject,
String assumedRoles,
HsOfficeDebitorInsertResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
Validate.isTrue(
body.getDebitorRel() == null || body.getDebitorRelUuid() == null,
@ -118,11 +116,10 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
@Transactional(readOnly = true)
@Timed("app.office.debitors.api.getSingleDebitorByUuid")
public ResponseEntity<HsOfficeDebitorResource> getSingleDebitorByUuid(
final String currentSubject,
final String assumedRoles,
final UUID debitorUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = debitorRepo.findByUuid(debitorUuid);
if (result.isEmpty()) {
@ -135,11 +132,10 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
@Transactional(readOnly = true)
@Timed("app.office.debitors.api.getSingleDebitorByDebitorNumber")
public ResponseEntity<HsOfficeDebitorResource> getSingleDebitorByDebitorNumber(
final String currentSubject,
final String assumedRoles,
final Integer debitorNumber) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = debitorRepo.findDebitorByDebitorNumber(debitorNumber);
if (result.isEmpty()) {
@ -152,10 +148,9 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
@Transactional
@Timed("app.office.debitors.api.deleteDebitorByUuid")
public ResponseEntity<Void> deleteDebitorByUuid(
final String currentSubject,
final String assumedRoles,
final UUID debitorUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = debitorRepo.deleteByUuid(debitorUuid);
if (result == 0) {
@ -169,12 +164,11 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
@Transactional
@Timed("app.office.debitors.api.patchDebitor")
public ResponseEntity<HsOfficeDebitorResource> patchDebitor(
final String currentSubject,
final String assumedRoles,
final UUID debitorUuid,
final HsOfficeDebitorPatchResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var current = debitorRepo.findByUuid(debitorUuid).orElseThrow().reload(em);

18
src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java
View File

@ -44,11 +44,10 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
@Transactional(readOnly = true)
@Timed("app.office.membership.api.getListOfMemberships")
public ResponseEntity<List<HsOfficeMembershipResource>> getListOfMemberships(
final String currentSubject,
final String assumedRoles,
final UUID partnerUuid,
final String partnerNumber) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
validate("partnerUuid, partnerNumber").atMaxOne(partnerUuid, partnerNumber);
@ -69,11 +68,10 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
@Transactional
@Timed("app.office.membership.api.postNewMembership")
public ResponseEntity<HsOfficeMembershipResource> postNewMembership(
final String currentSubject,
final String assumedRoles,
final HsOfficeMembershipInsertResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entityToSave = mapper.map(body, HsOfficeMembershipEntity.class, SEPA_MANDATE_RESOURCE_TO_ENTITY_POSTMAPPER);
@ -94,11 +92,10 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
@Transactional(readOnly = true)
@Timed("app.office.membership.api.getSingleMembershipByUuid")
public ResponseEntity<HsOfficeMembershipResource> getSingleMembershipByUuid(
final String currentSubject,
final String assumedRoles,
final UUID membershipUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = membershipRepo.findByUuid(membershipUuid);
if (result.isEmpty()) {
@ -113,11 +110,10 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
@Transactional(readOnly = true)
@Timed("app.office.membership.api.getSingleMembershipByMembershipNumber")
public ResponseEntity<HsOfficeMembershipResource> getSingleMembershipByMembershipNumber(
final String currentSubject,
final String assumedRoles,
final Integer membershipNumber) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = membershipRepo.findMembershipByMemberNumber(membershipNumber);
if (result.isEmpty()) {
@ -132,10 +128,9 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
@Transactional
@Timed("app.office.membership.api.deleteMembershipByUuid")
public ResponseEntity<Void> deleteMembershipByUuid(
final String currentSubject,
final String assumedRoles,
final UUID membershipUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = membershipRepo.deleteByUuid(membershipUuid);
if (result == 0) {
@ -149,12 +144,11 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
@Transactional
@Timed("app.office.membership.api.patchMembership")
public ResponseEntity<HsOfficeMembershipResource> patchMembership(
final String currentSubject,
final String assumedRoles,
final UUID membershipUuid,
final HsOfficeMembershipPatchResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var current = membershipRepo.findByUuid(membershipUuid).orElseThrow();

18
src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java
View File

@ -66,10 +66,9 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
@Transactional(readOnly = true)
@Timed("app.office.partners.api.getListOfPartners")
public ResponseEntity<List<HsOfficePartnerResource>> getListOfPartners(
final String currentSubject,
final String assumedRoles,
final String name) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entities = rbacPartnerRepo.findPartnerByOptionalNameLike(name);
@ -81,11 +80,10 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
@Transactional
@Timed("app.office.partners.api.postNewPartner")
public ResponseEntity<HsOfficePartnerResource> postNewPartner(
final String currentSubject,
final String assumedRoles,
final HsOfficePartnerInsertResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entityToSave = createPartnerEntity(body);
@ -104,11 +102,10 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
@Transactional(readOnly = true)
@Timed("app.office.partners.api.getSinglePartnerByUuid")
public ResponseEntity<HsOfficePartnerResource> getSinglePartnerByUuid(
final String currentSubject,
final String assumedRoles,
final UUID partnerUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = rbacPartnerRepo.findByUuid(partnerUuid);
if (result.isEmpty()) {
@ -122,11 +119,10 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
@Transactional(readOnly = true)
@Timed("app.office.partners.api.getSinglePartnerByPartnerNumber")
public ResponseEntity<HsOfficePartnerResource> getSinglePartnerByPartnerNumber(
final String currentSubject,
final String assumedRoles,
final Integer partnerNumber) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = rbacPartnerRepo.findPartnerByPartnerNumber(partnerNumber);
if (result.isEmpty()) {
@ -140,10 +136,9 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
@Transactional
@Timed("app.office.partners.api.deletePartnerByUuid")
public ResponseEntity<Void> deletePartnerByUuid(
final String currentSubject,
final String assumedRoles,
final UUID partnerUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var partnerToDelete = rbacPartnerRepo.findByUuid(partnerUuid);
if (partnerToDelete.isEmpty()) {
@ -161,12 +156,11 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
@Transactional
@Timed("app.office.partners.api.patchPartner")
public ResponseEntity<HsOfficePartnerResource> patchPartner(
final String currentSubject,
final String assumedRoles,
final UUID partnerUuid,
final HsOfficePartnerPatchResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var current = rbacPartnerRepo.findByUuid(partnerUuid).orElseThrow();
final var previousPartnerPerson = current.getPartnerRel().getHolder();

15
src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java
View File

@ -34,10 +34,9 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
@Transactional(readOnly = true)
@Timed("app.office.persons.api.getListOfPersons")
public ResponseEntity<List<HsOfficePersonResource>> getListOfPersons(
final String currentSubject,
final String assumedRoles,
final String name) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entities = personRepo.findPersonByOptionalNameLike(name);
@ -49,11 +48,10 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
@Transactional
@Timed("app.office.persons.api.postNewPerson")
public ResponseEntity<HsOfficePersonResource> postNewPerson(
final String currentSubject,
final String assumedRoles,
final HsOfficePersonInsertResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entityToSave = mapper.map(body, HsOfficePersonRbacEntity.class);
@ -72,11 +70,10 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
@Transactional(readOnly = true)
@Timed("app.office.persons.api.getSinglePersonByUuid")
public ResponseEntity<HsOfficePersonResource> getSinglePersonByUuid(
final String currentSubject,
final String assumedRoles,
final UUID personUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = personRepo.findByUuid(personUuid);
if (result.isEmpty()) {
@ -89,10 +86,9 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
@Transactional
@Timed("app.office.persons.api.deletePersonByUuid")
public ResponseEntity<Void> deletePersonByUuid(
final String currentSubject,
final String assumedRoles,
final UUID personUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = personRepo.deleteByUuid(personUuid);
if (result == 0) {
@ -106,12 +102,11 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
@Transactional
@Timed("app.office.persons.api.patchPerson")
public ResponseEntity<HsOfficePersonResource> patchPerson(
final String currentSubject,
final String assumedRoles,
final UUID personUuid,
final HsOfficePersonPatchResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var current = personRepo.findByUuid(personUuid).orElseThrow();

15
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java
View File

@ -52,14 +52,13 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
@Transactional(readOnly = true)
@Timed("app.office.relations.api.getListOfRelations")
public ResponseEntity<List<HsOfficeRelationResource>> getListOfRelations(
final String currentSubject,
final String assumedRoles,
final UUID personUuid,
final HsOfficeRelationTypeResource relationType,
final String mark,
final String personData,
final String contactData) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final List<HsOfficeRelationRbacEntity> entities =
rbacRelationRepo.findRelationRelatedToPersonUuidRelationTypeMarkPersonAndContactData(
@ -76,11 +75,10 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
@Transactional
@Timed("app.office.relations.api.postNewRelation")
public ResponseEntity<HsOfficeRelationResource> postNewRelation(
final String currentSubject,
final String assumedRoles,
final HsOfficeRelationInsertResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entityToSave = new HsOfficeRelationRbacEntity();
entityToSave.setType(HsOfficeRelationType.valueOf(body.getType()));
@ -128,11 +126,10 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
@Transactional(readOnly = true)
@Timed("app.office.relations.api.getSingleRelationByUuid")
public ResponseEntity<HsOfficeRelationResource> getSingleRelationByUuid(
final String currentSubject,
final String assumedRoles,
final UUID relationUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = rbacRelationRepo.findByUuid(relationUuid);
if (result.isEmpty()) {
@ -145,10 +142,9 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
@Transactional
@Timed("apprelations.api..deleteRelationByUuid")
public ResponseEntity<Void> deleteRelationByUuid(
final String currentSubject,
final String assumedRoles,
final UUID relationUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = rbacRelationRepo.deleteByUuid(relationUuid);
if (result == 0) {
@ -162,12 +158,11 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
@Transactional
@Timed("app.office.relations.api.patchRelation")
public ResponseEntity<HsOfficeRelationResource> patchRelation(
final String currentSubject,
final String assumedRoles,
final UUID relationUuid,
final HsOfficeRelationContactPatchResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var current = rbacRelationRepo.findByUuid(relationUuid).orElseThrow();

15
src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java
View File

@ -52,10 +52,9 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
@Transactional(readOnly = true)
@Timed("app.office.sepaMandates.api.getListOfSepaMandates")
public ResponseEntity<List<HsOfficeSepaMandateResource>> getListOfSepaMandates(
final String currentSubject,
final String assumedRoles,
final String iban) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entities = sepaMandateRepo.findSepaMandateByOptionalIban(iban);
@ -68,11 +67,10 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
@Transactional
@Timed("app.office.sepaMandates.api.postNewSepaMandate")
public ResponseEntity<HsOfficeSepaMandateResource> postNewSepaMandate(
final String currentSubject,
final String assumedRoles,
final HsOfficeSepaMandateInsertResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var entityToSave = mapper.map(body, HsOfficeSepaMandateEntity.class, SEPA_MANDATE_RESOURCE_TO_ENTITY_POSTMAPPER);
@ -92,11 +90,10 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
@Transactional(readOnly = true)
@Timed("app.office.sepaMandates.api.getSingleSepaMandateByUuid")
public ResponseEntity<HsOfficeSepaMandateResource> getSingleSepaMandateByUuid(
final String currentSubject,
final String assumedRoles,
final UUID sepaMandateUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = sepaMandateRepo.findByUuid(sepaMandateUuid);
if (result.isEmpty()) {
@ -110,10 +107,9 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
@Transactional
@Timed("app.office.sepaMandates.api.deleteSepaMandateByUuid")
public ResponseEntity<Void> deleteSepaMandateByUuid(
final String currentSubject,
final String assumedRoles,
final UUID sepaMandateUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = sepaMandateRepo.deleteByUuid(sepaMandateUuid);
if (result == 0) {
@ -127,12 +123,11 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
@Transactional
@Timed("app.office.sepaMandates.api.patchSepaMandate")
public ResponseEntity<HsOfficeSepaMandateResource> patchSepaMandate(
final String currentSubject,
final String assumedRoles,
final UUID sepaMandateUuid,
final HsOfficeSepaMandatePatchResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var current = sepaMandateRepo.findByUuid(sepaMandateUuid).orElseThrow();

5
src/main/java/net/hostsharing/hsadminng/ping/PingController.java
View File

@ -1,12 +1,12 @@
package net.hostsharing.hsadminng.ping;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import jakarta.validation.constraints.NotNull;
@Controller
public class PingController {
@ -14,9 +14,8 @@ public class PingController {
@ResponseBody
@RequestMapping(value = "/api/ping", method = RequestMethod.GET)
public String ping(
@RequestHeader(name = "current-subject") @NotNull String currentSubject,
@RequestHeader(name = "assumed-roles", required = false) String assumedRoles
) {
return "pong " + currentSubject + "\n";
return "pong " + SecurityContextHolder.getContext().getAuthentication().getName() + "\n";
}
}

12
src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantController.java
View File

@ -37,12 +37,11 @@ public class RbacGrantController implements RbacGrantsApi {
@Transactional(readOnly = true)
@Timed("app.rbac.grants.api.getListOfGrantsByUuid")
public ResponseEntity<RbacGrantResource> getListOfGrantsByUuid(
final String currentSubject,
final String assumedRoles,
final UUID grantedRoleUuid,
final UUID granteeSubjectUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var id = new RbacGrantId(granteeSubjectUuid, grantedRoleUuid);
final var result = rbacGrantRepository.findById(id);
@ -56,10 +55,9 @@ public class RbacGrantController implements RbacGrantsApi {
@Transactional(readOnly = true)
@Timed("app.rbac.grants.api.getListOfSubjectGrants")
public ResponseEntity<List<RbacGrantResource>> getListOfSubjectGrants(
final String currentSubject,
final String assumedRoles) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
return ResponseEntity.ok(mapper.mapList(rbacGrantRepository.findAll(), RbacGrantResource.class));
}
@ -68,11 +66,10 @@ public class RbacGrantController implements RbacGrantsApi {
@Transactional
@Timed("app.rbac.grants.api.postNewRoleGrantToSubject")
public ResponseEntity<RbacGrantResource> postNewRoleGrantToSubject(
final String currentSubject,
final String assumedRoles,
final RbacGrantResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var granted = rbacGrantRepository.save(mapper.map(body, RbacGrantEntity.class));
em.flush();
@ -90,12 +87,11 @@ public class RbacGrantController implements RbacGrantsApi {
@Transactional
@Timed("app.rbac.grants.api.deleteRoleGrantFromSubject")
public ResponseEntity<Void> deleteRoleGrantFromSubject(
final String currentSubject,
final String assumedRoles,
final UUID grantedRoleUuid,
final UUID granteeSubjectUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
rbacGrantRepository.deleteByRbacGrantId(new RbacGrantId(granteeSubjectUuid, grantedRoleUuid));

3
src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleController.java
View File

@ -30,10 +30,9 @@ public class RbacRoleController implements RbacRolesApi {
@Transactional(readOnly = true)
@Timed("app.rbac.roles.api.getListOfRoles")
public ResponseEntity<List<RbacRoleResource>> getListOfRoles(
final String currentSubject,
final String assumedRoles) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final List<RbacRoleEntity> result = rbacRoleRepository.findAll();

14
src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectController.java
View File

@ -44,7 +44,7 @@ public class RbacSubjectController implements RbacSubjectsApi {
rbacSubjectRepository.create(saved);
final var uri =
MvcUriComponentsBuilder.fromController(getClass())
.path("/api/rbac.yaml/users/{id}")
.path("/api/rbac/subjects/{id}")
.buildAndExpand(saved.getUuid())
.toUri();
return ResponseEntity.created(uri).body(mapper.map(saved, RbacSubjectResource.class));
@ -54,11 +54,10 @@ public class RbacSubjectController implements RbacSubjectsApi {
@Transactional
@Timed("app.rbac.subjects.api.deleteSubjectByUuid")
public ResponseEntity<Void> deleteSubjectByUuid(
final String currentSubject,
final String assumedRoles,
final UUID subjectUuid
) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
rbacSubjectRepository.deleteByUuid(subjectUuid);
@ -69,11 +68,10 @@ public class RbacSubjectController implements RbacSubjectsApi {
@Transactional(readOnly = true)
@Timed("app.rbac.subjects.api.getSingleSubjectByUuid")
public ResponseEntity<RbacSubjectResource> getSingleSubjectByUuid(
final String currentSubject,
final String assumedRoles,
final UUID subjectUuid) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = rbacSubjectRepository.findByUuid(subjectUuid);
if (result == null) {
@ -86,11 +84,10 @@ public class RbacSubjectController implements RbacSubjectsApi {
@Transactional(readOnly = true)
@Timed("app.rbac.subjects.api.getListOfSubjects")
public ResponseEntity<List<RbacSubjectResource>> getListOfSubjects(
final String currentSubject,
final String assumedRoles,
final String userName
) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
return ResponseEntity.ok(mapper.mapList(rbacSubjectRepository.findByOptionalNameLike(userName), RbacSubjectResource.class));
}
@ -99,11 +96,10 @@ public class RbacSubjectController implements RbacSubjectsApi {
@Transactional(readOnly = true)
@Timed("app.rbac.subjects.api.getListOfSubjectPermissions")
public ResponseEntity<List<RbacSubjectPermissionResource>> getListOfSubjectPermissions(
final String currentSubject,
final String assumedRoles,
final UUID subjectUuid
) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
return ResponseEntity.ok(mapper.mapList(
rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid),

6
src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java
View File

@ -34,11 +34,10 @@ public class TestCustomerController implements TestCustomersApi {
@Override
@Transactional(readOnly = true)
public ResponseEntity<List<TestCustomerResource>> listCustomers(
String currentSubject,
String assumedRoles,
String prefix
) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(prefix);
@ -48,11 +47,10 @@ public class TestCustomerController implements TestCustomersApi {
@Override
@Transactional
public ResponseEntity<TestCustomerResource> addCustomer(
final String currentSubject,
final String assumedRoles,
final TestCustomerResource customer) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var saved = testCustomerRepository.save(mapper.map(customer, TestCustomerEntity.class));
final var uri =

6
src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java
View File

@ -31,11 +31,10 @@ public class TestPackageController implements TestPackagesApi {
@Override
@Transactional(readOnly = true)
public ResponseEntity<List<TestPackageResource>> listPackages(
String currentSubject,
String assumedRoles,
String name
) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var result = testPackageRepository.findAllByOptionalNameLike(name);
return ResponseEntity.ok(mapper.mapList(result, TestPackageResource.class));
@ -44,12 +43,11 @@ public class TestPackageController implements TestPackagesApi {
@Override
@Transactional
public ResponseEntity<TestPackageResource> updatePackage(
final String currentSubject,
final String assumedRoles,
final UUID packageUuid,
final TestPackageUpdateResource body) {
context.define(currentSubject, assumedRoles);
context.assumeRoles(assumedRoles);
final var current = testPackageRepository.findByUuid(packageUuid);
OptionalFromJson.of(body.getDescription()).ifPresent(current::setDescription);

8
src/main/resources/api-definition/auth.yaml
View File

@ -3,14 +3,6 @@ components:
parameters:
currentSubject:
name: current-subject
in: header
required: false
schema:
type: string
description: Identifying name of the current subject (e.g. user).
assumedRoles:
name: assumed-roles
in: header

20
src/main/resources/api-definition/hs-booking/auth.yaml
View File

@ -1,20 +0,0 @@
components:
parameters:
currentSubject:
name: current-subject
in: header
required: true
schema:
type: string
description: Identifying name of the currently logged in subject.
assumedRoles:
name: assumed-roles
in: header
required: false
schema:
type: string
description: Semicolon-separated list of roles to assume. The current subject needs to have the right to assume these roles.

1
src/main/resources/api-definition/hs-booking/auth.yaml Symbolic link
View File

@ -0,0 +1 @@
../auth.yaml

3
src/main/resources/api-definition/hs-booking/hs-booking-items-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single booking item its uuid, if visible for the current subject.'
operationId: getSingleBookingItemByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: bookingItemUuid
in: path
@ -32,7 +31,6 @@ patch:
description: 'Updates a single booking item identified by its uuid, if permitted for the current subject.'
operationId: patchBookingItem
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: bookingItemUuid
in: path
@ -63,7 +61,6 @@ delete:
description: 'Delete a single booking item identified by its uuid, if permitted for the current subject.'
operationId: deleteBookingIemByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: bookingItemUuid
in: path

2
src/main/resources/api-definition/hs-booking/hs-booking-items.yaml
View File

@ -5,7 +5,6 @@ get:
- hs-booking-items
operationId: getListOfBookingItemsByProjectUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: projectUuid
in: query
@ -34,7 +33,6 @@ post:
- hs-booking-items
operationId: postNewBookingItem
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
description: A JSON object describing the new booking item.

3
src/main/resources/api-definition/hs-booking/hs-booking-projects-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single booking project its uuid, if visible for the current subject.'
operationId: getBookingProjectByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: bookingProjectUuid
in: path
@ -32,7 +31,6 @@ patch:
description: 'Updates a single booking project identified by its uuid, if permitted for the current subject.'
operationId: patchBookingProject
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: bookingProjectUuid
in: path
@ -63,7 +61,6 @@ delete:
description: 'Delete a single booking project identified by its uuid, if permitted for the current subject.'
operationId: deleteBookingIemByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: bookingProjectUuid
in: path

2
src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml
View File

@ -5,7 +5,6 @@ get:
- hs-booking-projects
operationId: getListOfBookingProjectsByDebitorUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: debitorUuid
in: query
@ -34,7 +33,6 @@ post:
- hs-booking-projects
operationId: postNewBookingProject
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
description: A JSON object describing the new booking project.

20
src/main/resources/api-definition/hs-hosting/auth.yaml
View File

@ -1,20 +0,0 @@
components:
parameters:
currentSubject:
name: current-subject
in: header
required: true
schema:
type: string
description: Identifying name of the currently logged in subject.
assumedRoles:
name: assumed-roles
in: header
required: false
schema:
type: string
description: Semicolon-separated list of roles to assume. The current subject needs to have the right to assume these roles.

1
src/main/resources/api-definition/hs-hosting/auth.yaml Symbolic link
View File

@ -0,0 +1 @@
../auth.yaml

3
src/main/resources/api-definition/hs-hosting/hs-hosting-assets-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single managed asset by its uuid, if visible for the current subject.'
operationId: getSingleHostingAssetByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: assetUuid
in: path
@ -32,7 +31,6 @@ patch:
description: 'Updates a single hosting asset identified by its uuid, if permitted for the current subject.'
operationId: patchHostingAsset
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: assetUuid
in: path
@ -63,7 +61,6 @@ delete:
description: 'Delete a single hosting asset identified by its uuid, if permitted for the current subject.'
operationId: deleteHostingAssetByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: assetUuid
in: path

2
src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml
View File

@ -5,7 +5,6 @@ get:
- hs-hosting-assets
operationId: getListOfHostingAssets
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: projectUuid
in: query
@ -47,7 +46,6 @@ post:
- hs-hosting-assets
operationId: postNewHostingAsset
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
description: A JSON object describing the new hosting asset.

2
src/main/resources/api-definition/hs-office/hs-office-bankaccounts-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single bank account by its uuid, if visible for the current subject.'
operationId: getSingleBankAccountByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: bankAccountUUID
in: path
@ -31,7 +30,6 @@ delete:
description: 'Delete a single bank account by its uuid, if permitted for the current subject.'
operationId: deleteBankAccountByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: bankAccountUUID
in: path

2
src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml
View File

@ -5,7 +5,6 @@ get:
- hs-office-bank-accounts
operationId: getListOfBankAccounts
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: holder
in: query
@ -33,7 +32,6 @@ post:
- hs-office-bank-accounts
operationId: postNewBankAccount
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
content:

3
src/main/resources/api-definition/hs-office/hs-office-contacts-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single business contact by its uuid, if visible for the current subject.'
operationId: getSingleContactByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: contactUUID
in: path
@ -32,7 +31,6 @@ patch:
description: 'Updates a single contact by its uuid, if permitted for the current subject.'
operationId: patchContact
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: contactUUID
in: path
@ -63,7 +61,6 @@ delete:
description: 'Delete a single business contact by its uuid, if permitted for the current subject.'
operationId: deleteContactByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: contactUUID
in: path

2
src/main/resources/api-definition/hs-office/hs-office-contacts.yaml
View File

@ -5,7 +5,6 @@ get:
- hs-office-contacts
operationId: getListOfContacts
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: caption
in: query
@ -40,7 +39,6 @@ post:
- hs-office-contacts
operationId: postNewContact
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
content:

1
src/main/resources/api-definition/hs-office/hs-office-coopassets-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single asset transaction by its uuid, if visible for the current subject.'
operationId: getSingleCoopAssetTransactionByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: assetTransactionUUID
in: path

2
src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml
View File

@ -5,7 +5,6 @@ get:
- hs-office-coopAssets
operationId: getListOfCoopAssets
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: membershipUuid
in: query
@ -48,7 +47,6 @@ post:
- hs-office-coopAssets
operationId: postNewCoopAssetTransaction
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
description: A JSON object describing the new cooperative assets transaction.

1
src/main/resources/api-definition/hs-office/hs-office-coopshares-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single share transaction by its uuid, if visible for the current subject.'
operationId: getSingleCoopShareTransactionByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: shareTransactionUUID
in: path

2
src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml
View File

@ -5,7 +5,6 @@ get:
- hs-office-coopShares
operationId: getListOfCoopShares
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: membershipUuid
in: query
@ -48,7 +47,6 @@ post:
- hs-office-coopShares
operationId: postNewCoopSharesTransaction
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
description: A JSON object describing the new cooperative shares transaction.

1
src/main/resources/api-definition/hs-office/hs-office-debitors-with-debitorNumber.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single debitor by its debitorNumber, if visible for the current subject.'
operationId: getSingleDebitorByDebitorNumber
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: debitorNumber
in: path

3
src/main/resources/api-definition/hs-office/hs-office-debitors-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single debitor by its uuid, if visible for the current subject.'
operationId: getSingleDebitorByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: debitorUUID
in: path
@ -32,7 +31,6 @@ patch:
description: 'Updates a single debitor by its uuid, if permitted for the current subject.'
operationId: patchDebitor
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: debitorUUID
in: path
@ -63,7 +61,6 @@ delete:
description: 'Delete a single debitor by its uuid, if permitted for the current subject.'
operationId: deleteDebitorByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: debitorUUID
in: path

2
src/main/resources/api-definition/hs-office/hs-office-debitors.yaml
View File

@ -5,7 +5,6 @@ get:
- hs-office-debitors
operationId: getListOfDebitors
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: name
in: query
@ -47,7 +46,6 @@ post:
- hs-office-debitors
operationId: postNewDebitor
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
content:

1
src/main/resources/api-definition/hs-office/hs-office-memberships-with-membershipNumber.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single membership by its membershipNumber, if visible for the current subject.'
operationId: getSingleMembershipByMembershipNumber
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: membershipNumber
in: path

3
src/main/resources/api-definition/hs-office/hs-office-memberships-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single membership by its uuid, if visible for the current subject.'
operationId: getSingleMembershipByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: membershipUUID
in: path
@ -32,7 +31,6 @@ patch:
description: 'Updates a single membership by its uuid, if permitted for the current subject.'
operationId: patchMembership
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: membershipUUID
in: path
@ -63,7 +61,6 @@ delete:
description: 'Delete a single membership by its uuid, if permitted for the current subject.'
operationId: deleteMembershipByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: membershipUUID
in: path

2
src/main/resources/api-definition/hs-office/hs-office-memberships.yaml
View File

@ -6,7 +6,6 @@ get:
- hs-office-memberships
operationId: getListOfMemberships
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: partnerUuid
in: query
@ -42,7 +41,6 @@ post:
- hs-office-memberships
operationId: postNewMembership
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
description: A JSON object describing the new membership.

1
src/main/resources/api-definition/hs-office/hs-office-partners-with-partnerNumber.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single business partner by its partner-number (prefixed with "P-"), if visible for the current subject.'
operationId: getSinglePartnerByPartnerNumber
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: partnerNumber
in: path

3
src/main/resources/api-definition/hs-office/hs-office-partners-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single business partner by its uuid, if visible for the current subject.'
operationId: getSinglePartnerByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: partnerUUID
in: path
@ -32,7 +31,6 @@ patch:
description: 'Updates a single business partner by its uuid, if permitted for the current subject.'
operationId: patchPartner
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: partnerUUID
in: path
@ -63,7 +61,6 @@ delete:
description: 'Delete a single business partner by its uuid, if permitted for the current subject.'
operationId: deletePartnerByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: partnerUUID
in: path

2
src/main/resources/api-definition/hs-office/hs-office-partners.yaml
View File

@ -5,7 +5,6 @@ get:
- hs-office-partners
operationId: getListOfPartners
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: name
in: query
@ -33,7 +32,6 @@ post:
- hs-office-partners
operationId: postNewPartner
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
content:

3
src/main/resources/api-definition/hs-office/hs-office-persons-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single business person by its uuid, if visible for the current subject.'
operationId: getSinglePersonByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: personUUID
in: path
@ -32,7 +31,6 @@ patch:
description: 'Updates a single person by its uuid, if permitted for the current subject.'
operationId: patchPerson
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: personUUID
in: path
@ -63,7 +61,6 @@ delete:
description: 'Delete a single business person by its uuid, if permitted for the current subject.'
operationId: deletePersonByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: personUUID
in: path

2
src/main/resources/api-definition/hs-office/hs-office-persons.yaml
View File

@ -5,7 +5,6 @@ get:
- hs-office-persons
operationId: getListOfPersons
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: name
in: query
@ -33,7 +32,6 @@ post:
- hs-office-persons
operationId: postNewPerson
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
content:

3
src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single person relation by its uuid, if visible for the current subject.'
operationId: getSingleRelationByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: relationUUID
in: path
@ -32,7 +31,6 @@ patch:
description: 'Updates a single person relation by its uuid, if permitted for the current subject.'
operationId: patchRelation
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: relationUUID
in: path
@ -63,7 +61,6 @@ delete:
description: 'Delete a single person relation by its uuid, if permitted for the current subject.'
operationId: deleteRelationByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: relationUUID
in: path

2
src/main/resources/api-definition/hs-office/hs-office-relations.yaml
View File

@ -7,7 +7,6 @@ get:
- hs-office-relations
operationId: getListOfRelations
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: personUuid
in: query
@ -60,7 +59,6 @@ post:
- hs-office-relations
operationId: postNewRelation
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
content:

3
src/main/resources/api-definition/hs-office/hs-office-sepamandates-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single SEPA Mandate by its uuid, if visible for the current subject.'
operationId: getSingleSepaMandateByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: sepaMandateUUID
in: path
@ -32,7 +31,6 @@ patch:
description: 'Updates a single SEPA Mandate by its uuid, if permitted for the current subject.'
operationId: patchSepaMandate
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: sepaMandateUUID
in: path
@ -63,7 +61,6 @@ delete:
description: 'Delete a single SEPA Mandate by its uuid, if permitted for the current subject.'
operationId: deleteSepaMandateByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: sepaMandateUUID
in: path

2
src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml
View File

@ -5,7 +5,6 @@ get:
- hs-office-sepaMandates
operationId: getListOfSepaMandates
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: iban
in: query
@ -33,7 +32,6 @@ post:
- hs-office-sepaMandates
operationId: postNewSepaMandate
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
description: A JSON object describing the new SEPA-Mandate.

2
src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml
View File

@ -3,7 +3,6 @@ get:
- rbac-grants
operationId: getListOfGrantsByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: grantedRoleUuid
in: path
@ -38,7 +37,6 @@ delete:
- rbac-grants
operationId: deleteRoleGrantFromSubject
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: grantedRoleUuid
in: path

2
src/main/resources/api-definition/rbac/rbac-grants.yaml
View File

@ -3,7 +3,6 @@ get:
- rbac-grants
operationId: getListOfSubjectGrants
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
responses:
"200":
@ -20,7 +19,6 @@ post:
- rbac-grants
operationId: postNewRoleGrantToSubject
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
required: true

1
src/main/resources/api-definition/rbac/rbac-roles.yaml
View File

@ -3,7 +3,6 @@ get:
- rbac-roles
operationId: getListOfRoles
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
responses:
"200":

1
src/main/resources/api-definition/rbac/rbac-subjects-with-id-permissions.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'List all visible permissions granted to the given subject; reduced '
operationId: getListOfSubjectPermissions
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: subjectUuid
in: path

2
src/main/resources/api-definition/rbac/rbac-subjects-with-uuid.yaml
View File

@ -4,7 +4,6 @@ get:
description: 'Fetch a single subject by its id, if visible for the current subject.'
operationId: getSingleSubjectByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: subjectUuid
in: path
@ -31,7 +30,6 @@ delete:
- rbac-subjects
operationId: deleteSubjectByUuid
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: subjectUuid
in: path

1
src/main/resources/api-definition/rbac/rbac-subjects.yaml
View File

@ -4,7 +4,6 @@ get:
description: List accessible RBAC subjects with optional filter by name.
operationId: getListOfSubjects
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: name
in: query

2
src/main/resources/api-definition/test/test-customers.yaml
View File

@ -6,7 +6,6 @@ get:
operationId: listCustomers
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: prefix
in: query
@ -34,7 +33,6 @@ post:
- testCustomers
operationId: addCustomer
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
requestBody:
content:

1
src/main/resources/api-definition/test/test-packages-uuid.yaml
View File

@ -3,7 +3,6 @@ patch:
- testPackages
operationId: updatePackage
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: packageUUID
in: path

1
src/main/resources/api-definition/test/test-packages.yaml
View File

@ -3,7 +3,6 @@ get:
- testPackages
operationId: listPackages
parameters:
- $ref: 'auth.yaml#/components/parameters/currentSubject'
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
- name: name
in: query

2
src/test/java/net/hostsharing/hsadminng/config/CasAuthenticationFilterIntegrationTest.java
View File

@ -20,7 +20,7 @@ import static com.github.tomakehurst.wiremock.client.WireMock.*;
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@TestPropertySource(properties = {"server.port=0", "hsadminng.cas.server=http://localhost:8088"})
@ActiveProfiles("wiremock") // IMPORTANT: To test prod config, do not use test profile!
@ActiveProfiles({"wiremock", "realCasAuthenticator"}) // IMPORTANT: To test prod config, do NOT use test profile!
@Tag("generalIntegrationTest")
class CasAuthenticationFilterIntegrationTest {

29
src/test/java/net/hostsharing/hsadminng/config/CasAuthenticatorUnitTest.java
View File

@ -1,29 +0,0 @@
package net.hostsharing.hsadminng.config;
import org.junit.jupiter.api.Test;
import jakarta.servlet.http.HttpServletRequest;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
class CasAuthenticatorUnitTest {
final RealCasAuthenticator casAuthenticator = new RealCasAuthenticator();
@Test
void bypassesAuthenticationIfNoCasServerIsConfigured() {
// given
final var request = mock(HttpServletRequest.class);
// bypassing the CAS-server HTTP-request fakes the user from the authorization header's fake CAS-ticket
given(request.getHeader("authorization")).willReturn("Bearer given-user");
// when
final var userName = casAuthenticator.authenticate(request);
// then
assertThat(userName).isEqualTo("given-user");
}
}

2
src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java
View File

@ -29,7 +29,7 @@ import static org.assertj.core.api.Assertions.assertThat;
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@TestPropertySource(properties = {"management.port=0", "server.port=0", "hsadminng.cas.server=http://localhost:8088"})
@ActiveProfiles("wiremock") // IMPORTANT: To test prod config, do not use test profile!
@ActiveProfiles({"wiremock", "realCasAuthenticator"}) // IMPORTANT: To test prod config, do NOT use test profile!
@Tag("generalIntegrationTest")
class WebSecurityConfigIntegrationTest {

22
src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java
View File

@ -87,7 +87,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/booking/items?projectUuid=" + givenProject.getUuid())
@ -151,7 +151,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -201,7 +201,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -271,7 +271,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -361,7 +361,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -454,7 +454,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/booking/items/" + givenBookingItemUuid)
@ -488,7 +488,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/booking/items/" + givenBookingItemUuid)
@ -506,7 +506,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_booking.project#D-1000313-D-1000313defaultproject:ADMIN")
.port(port)
.when()
@ -550,7 +550,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_booking.project#D-1000111-D-1000111defaultproject:AGENT")
.contentType(ContentType.JSON)
.body("""
@ -606,7 +606,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid())
@ -625,7 +625,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid())

4
src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerRestTest.java
View File

@ -104,7 +104,7 @@ class HsBookingItemControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/booking/items")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@ -154,7 +154,7 @@ class HsBookingItemControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/booking/items")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{

16
src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java
View File

@ -62,7 +62,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/booking/projects?debitorUuid=" + givenDebitor.getUuid())
@ -93,7 +93,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -133,7 +133,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid)
@ -156,7 +156,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid)
@ -172,7 +172,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "person-TuckerJack@example.com")
.header("Authorization", "Bearer person-TuckerJack@example.com")
.header("assumed-roles", "hs_booking.project#D-1000313-D-1000313defaultproject:AGENT")
.port(port)
.when()
@ -198,7 +198,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -237,7 +237,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/booking/projects/" + givenBookingProject.getUuid())
@ -255,7 +255,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/booking/projects/" + givenBookingProject.getUuid())

28
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java
View File

@ -90,7 +90,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/hosting/assets?projectUuid=" + givenProject.getUuid() + "&type=MANAGED_WEBSPACE")
@ -118,7 +118,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_hosting.asset#fir01:AGENT")
.port(port)
.when()
@ -166,7 +166,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -227,7 +227,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_hosting.asset#vm1011:ADMIN")
.contentType(ContentType.JSON)
.body("""
@ -281,7 +281,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -327,7 +327,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -382,7 +382,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -421,7 +421,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)
@ -446,7 +446,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)
@ -463,7 +463,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "person-TuckerJack@example.com")
.header("Authorization", "Bearer person-TuckerJack@example.com")
.header("assumed-roles", "hs_booking.project#D-1000313-D-1000313defaultproject:AGENT")
.port(port)
.when()
@ -508,7 +508,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -581,7 +581,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
//.header("assumed-roles", "hs_hosting.asset#vm2001:ADMIN")
.contentType(ContentType.JSON)
.body("""
@ -664,7 +664,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
.build());
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())
@ -696,7 +696,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
.build());
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())

4
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java
View File

@ -593,7 +593,7 @@ public class HsHostingAssetControllerRestTest {
// when
final var result = mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/hosting/assets?type="+testCase.name())
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.accept(MediaType.APPLICATION_JSON))
// then
@ -663,7 +663,7 @@ public class HsHostingAssetControllerRestTest {
// when
final var result = mockMvc.perform(MockMvcRequestBuilders
.patch("/api/hs/hosting/assets/" + givenDomainHttpSetupUuid)
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{

18
src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java
View File

@ -58,7 +58,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/bankaccounts")
@ -124,7 +124,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -163,7 +163,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid)
@ -184,7 +184,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid)
@ -200,7 +200,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "bankaccount-admin@firstbankaccount.example.com")
.header("Authorization", "Bearer bankaccount-admin@firstbankaccount.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid)
@ -228,7 +228,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -266,7 +266,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid())
@ -283,7 +283,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-test-user@hostsharing.org")
.header("Authorization", "Bearer selfregistered-test-user@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid())
@ -304,7 +304,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid())

4
src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java
View File

@ -68,7 +68,7 @@ class HsOfficeBankAccountControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/bankaccounts")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@ -115,7 +115,7 @@ class HsOfficeBankAccountControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/bankaccounts")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{

20
src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java
View File

@ -69,7 +69,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts")
@ -107,7 +107,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -156,7 +156,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
@ -177,7 +177,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
@ -192,7 +192,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "contact-admin@firstcontact.example.com")
.header("Authorization", "Bearer contact-admin@firstcontact.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
@ -224,7 +224,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -282,7 +282,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -328,7 +328,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
@ -348,7 +348,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-test-user@hostsharing.org")
.header("Authorization", "Bearer selfregistered-test-user@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
@ -369,7 +369,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())

18
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java
View File

@ -67,7 +67,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions")
@ -85,7 +85,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions?membershipUuid="+givenMembership.getUuid())
@ -208,7 +208,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions?membershipUuid="
@ -241,7 +241,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -298,7 +298,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -354,7 +354,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -394,7 +394,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off
.given().header("current-subject", "superuser-alex@hostsharing.net")
.given().header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid)
@ -417,7 +417,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off
.given().header("current-subject", "selfregistered-user-drew@hostsharing.org")
.given().header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid)
@ -435,7 +435,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-subject", "person-FirstGmbH@example.com")
.header("Authorization", "Bearer person-FirstGmbH@example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid)

10
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerRestTest.java
View File

@ -657,7 +657,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/coopassetstransactions")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content(testCase.givenRequestBody())
.accept(MediaType.APPLICATION_JSON))
@ -832,7 +832,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/coopassetstransactions")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content(testCase.givenRequestBody())
.accept(MediaType.APPLICATION_JSON))
@ -851,7 +851,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/coopassetstransactions/" + SOME_REVERTED_TRANSFER_ASSET_TX_ENTITY.getUuid())
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON))
// then
@ -867,7 +867,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/coopassetstransactions/" + UNAVAILABLE_UUID)
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON))
// then
@ -893,7 +893,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/coopassetstransactions")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON))
// then

18
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java
View File

@ -75,7 +75,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopsharestransactions")
@ -93,7 +93,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid())
@ -157,7 +157,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid() + "&fromValueDate=2020-01-01&toValueDate=2021-12-31")
@ -190,7 +190,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON).body("""
{
"membership.uuid": "%s",
@ -249,7 +249,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -305,7 +305,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -345,7 +345,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid)
@ -367,7 +367,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid)
.then().log().body()
@ -382,7 +382,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("current-subject", "person-FirstGmbH@example.com")
.header("Authorization", "Bearer person-FirstGmbH@example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid)

2
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerRestTest.java
View File

@ -121,7 +121,7 @@ class HsOfficeCoopSharesTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/coopsharestransactions")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content(testCase.givenRequestBody())
.accept(MediaType.APPLICATION_JSON))

32
src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java
View File

@ -93,7 +93,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())
@ -120,7 +120,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors/D-1000212")
@ -151,7 +151,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors")
@ -306,7 +306,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors?partnerNumber=P-10002")
@ -351,7 +351,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -396,7 +396,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -447,7 +447,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -482,7 +482,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -513,7 +513,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid)
@ -578,7 +578,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid)
@ -593,7 +593,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "contact-admin@firstcontact.example.com")
.header("Authorization", "Bearer contact-admin@firstcontact.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid)
@ -623,7 +623,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -706,7 +706,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
// @formatter:on
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", givenDebitor.getDebitorRel().getContact().roleId(ADMIN) )
.contentType(ContentType.JSON)
.body("""
@ -735,7 +735,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())
@ -754,7 +754,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "contact-admin@tenthcontact.example.com")
.header("Authorization", "Bearer contact-admin@tenthcontact.example.com")
.port(port)
.when()
.delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())
@ -773,7 +773,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())

24
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java
View File

@ -72,7 +72,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/memberships")
@ -118,7 +118,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.queryParam("partnerUuid", partner.getUuid() )
@ -146,7 +146,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.queryParam("partnerNumber", "P-10002" )
@ -183,7 +183,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -226,7 +226,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid)
@ -252,7 +252,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid)
@ -267,7 +267,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT")
.port(port)
.when()
@ -299,7 +299,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -343,7 +343,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
// when
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", givenPartnerAdmin)
.contentType(ContentType.JSON)
.body("""
@ -378,7 +378,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid())
@ -396,7 +396,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT")
.port(port)
.when()
@ -415,7 +415,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid())

18
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerRestTest.java
View File

@ -95,7 +95,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/memberships?partnerNumber=P-12345")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@ -125,7 +125,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/memberships?partnerNumber=P-12345")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@ -158,7 +158,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/memberships/" + givenUuid)
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.accept(MediaType.APPLICATION_JSON))
// then
@ -177,7 +177,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/memberships/" + UUID.randomUUID())
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.accept(MediaType.APPLICATION_JSON))
// then
@ -195,7 +195,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/memberships/M-1234501")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.accept(MediaType.APPLICATION_JSON))
// then
@ -214,7 +214,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/memberships/M-0000000")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.accept(MediaType.APPLICATION_JSON))
// then
@ -232,7 +232,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/memberships")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@ -262,7 +262,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/memberships")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@ -290,7 +290,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/memberships")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{

26
src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java
View File

@ -66,7 +66,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/partners")
@ -100,7 +100,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -159,7 +159,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -197,7 +197,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -242,7 +242,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@ -274,7 +274,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@ -289,7 +289,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "contact-admin@firstcontact.example.com")
.header("Authorization", "Bearer contact-admin@firstcontact.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@ -320,7 +320,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -389,7 +389,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -429,7 +429,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -477,7 +477,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid())
@ -497,7 +497,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "contact-admin@fourthcontact.example.com")
.header("Authorization", "Bearer contact-admin@fourthcontact.example.com")
.port(port)
.when()
.delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid())
@ -516,7 +516,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid())

10
src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerRestTest.java
View File

@ -99,7 +99,7 @@ class HsOfficePartnerControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/partners")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@ -132,7 +132,7 @@ class HsOfficePartnerControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/partners")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@ -174,7 +174,7 @@ class HsOfficePartnerControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/partners/P-12345")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.accept(MediaType.APPLICATION_JSON))
@ -191,7 +191,7 @@ class HsOfficePartnerControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/partners/P-12345")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.accept(MediaType.APPLICATION_JSON))
@ -219,7 +219,7 @@ class HsOfficePartnerControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.delete("/api/hs/office/partners/" + givenPartnerUuid)
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(MediaType.APPLICATION_JSON)
.accept(MediaType.APPLICATION_JSON))

20
src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java
View File

@ -61,7 +61,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/persons")
@ -81,7 +81,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -119,7 +119,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/persons/" + givenPersonUuid)
@ -142,7 +142,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/persons/" + givenPersonUuid)
@ -159,7 +159,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "person-ErbenBesslerMelBessler@example.com")
.header("Authorization", "Bearer person-ErbenBesslerMelBessler@example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/persons/" + givenPersonUuid)
@ -188,7 +188,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -230,7 +230,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -274,7 +274,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid())
@ -293,7 +293,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-test-user@hostsharing.org")
.header("Authorization", "Bearer selfregistered-test-user@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid())
@ -313,7 +313,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid())

30
src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java
View File

@ -68,7 +68,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/relations?personUuid=%s&relationType=%s"
@ -126,7 +126,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/relations?personUuid=%s"
@ -183,7 +183,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/relations?personData=firby&contactData=Contact-Admin@FirstContact.Example.COM")
@ -235,7 +235,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -280,7 +280,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -348,7 +348,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -380,7 +380,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -413,7 +413,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -447,7 +447,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/relations/" + givenRelationUuid)
@ -470,7 +470,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/relations/" + givenRelationUuid)
@ -486,7 +486,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "contact-admin@firstcontact.example.com")
.header("Authorization", "Bearer contact-admin@firstcontact.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
@ -529,7 +529,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -572,7 +572,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
@ -591,7 +591,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "contact-admin@seventhcontact.example.com")
.header("Authorization", "Bearer contact-admin@seventhcontact.example.com")
.port(port)
.when()
.delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
@ -610,7 +610,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())

30
src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java
View File

@ -66,7 +66,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates")
@ -107,7 +107,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates?iban=DE02120300000000202051")
@ -145,7 +145,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -186,7 +186,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -211,7 +211,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -241,7 +241,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -275,7 +275,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid)
@ -305,7 +305,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid)
@ -322,7 +322,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "bankaccount-admin@FirstGmbH.example.com")
.header("Authorization", "Bearer bankaccount-admin@FirstGmbH.example.com")
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid)
@ -354,7 +354,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -400,7 +400,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -440,7 +440,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -474,7 +474,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid())
@ -492,7 +492,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "bankaccount-admin@FirstGmbH.example.com")
.header("Authorization", "Bearer bankaccount-admin@FirstGmbH.example.com")
.port(port)
.when()
.delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid())
@ -510,7 +510,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("current-subject", "selfregistered-user-drew@hostsharing.org")
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid())

8
src/test/java/net/hostsharing/hsadminng/hs/scenarios/UseCase.java
View File

@ -159,7 +159,7 @@ public abstract class UseCase<T extends UseCase<?>> {
final var request = HttpRequest.newBuilder()
.GET()
.uri(new URI("http://localhost:" + testSuite.port + uriPath))
.header("current-subject", ScenarioTest.RUN_AS_USER)
.header("Authorization", "Bearer " + ScenarioTest.RUN_AS_USER)
.timeout(seconds(10))
.build();
final var response = client.send(request, BodyHandlers.ofString());
@ -174,7 +174,7 @@ public abstract class UseCase<T extends UseCase<?>> {
.POST(BodyPublishers.ofString(requestBody))
.uri(new URI("http://localhost:" + testSuite.port + uriPath))
.header("Content-Type", "application/json")
.header("current-subject", ScenarioTest.RUN_AS_USER)
.header("Authorization", "Bearer " + ScenarioTest.RUN_AS_USER)
.timeout(seconds(10))
.build();
final var response = client.send(request, BodyHandlers.ofString());
@ -189,7 +189,7 @@ public abstract class UseCase<T extends UseCase<?>> {
.method(HttpMethod.PATCH.toString(), BodyPublishers.ofString(requestBody))
.uri(new URI("http://localhost:" + testSuite.port + uriPath))
.header("Content-Type", "application/json")
.header("current-subject", ScenarioTest.RUN_AS_USER)
.header("Authorization", "Bearer " + ScenarioTest.RUN_AS_USER)
.timeout(seconds(10))
.build();
final var response = client.send(request, BodyHandlers.ofString());
@ -203,7 +203,7 @@ public abstract class UseCase<T extends UseCase<?>> {
.DELETE()
.uri(new URI("http://localhost:" + testSuite.port + uriPath))
.header("Content-Type", "application/json")
.header("current-subject", ScenarioTest.RUN_AS_USER)
.header("Authorization", "Bearer " + ScenarioTest.RUN_AS_USER)
.timeout(seconds(10))
.build();
final var response = client.send(request, BodyHandlers.ofString());

24
src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java
View File

@ -9,6 +9,8 @@ import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.context.bean.override.mockito.MockitoBean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.test.annotation.DirtiesContext;
@ -66,6 +68,28 @@ class ContextIntegrationTests {
.containsExactly(context.fetchCurrentSubjectUuid());
}
@Test
@Transactional
void assumeRoles() {
// given
final var authentication = new UsernamePasswordAuthenticationToken("superuser-fran@hostsharing.net", null, null);
SecurityContextHolder.getContext().setAuthentication(authentication);
// when
context.assumeRoles("rbactest.package#yyy00:ADMIN");
// then
assertThat(context.fetchCurrentSubject()).
isEqualTo("superuser-fran@hostsharing.net");
assertThat(context.fetchCurrentSubjectUuid()).isNotNull();
assertThat(context.fetchAssumedRoles()).isEqualTo(Array.of("rbactest.package#yyy00:ADMIN"));
assertThat(context.fetchCurrentSubjectOrAssumedRolesUuids())
.containsExactly(context.fetchCurrentSubjectOrAssumedRolesUuids());
}
@Test
void defineWithoutCurrentSubjectButWithAssumedRoles() {
// when

40
src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java
View File

@ -66,7 +66,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
void globalAdmin_withoutAssumedRole_canViewAllGrants() {
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/grants")
@ -118,7 +118,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
void globalAdmin_withAssumedPackageAdminRole_canViewPacketRelatedGrants() {
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", "rbactest.package#yyy00:ADMIN")
.port(port)
.when()
@ -141,7 +141,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
void packageAdmin_withoutAssumedRole_canViewPacketRelatedGrants() {
RestAssured // @formatter:off
.given()
.header("current-subject", "pac-admin-yyy00@yyy.example.com")
.header("Authorization", "Bearer pac-admin-yyy00@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/grants")
@ -387,22 +387,22 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
return RestAssured // @formatter:ff
.given()
.header("current-subject", grantingSubject.currentSubject)
.header("assumed-roles", grantingSubject.assumedRole)
.contentType(ContentType.JSON)
.body("""
{
"assumed": true,
"grantedRole.uuid": "%s",
"granteeSubject.uuid": "%s"
}
""".formatted(
grantedRole.getUuid(),
granteeUser.getUuid())
)
.port(port)
.header("Authorization", "Bearer " + grantingSubject.currentSubject)
.header("assumed-roles", grantingSubject.assumedRole)
.contentType(ContentType.JSON)
.body("""
{
"assumed": true,
"grantedRole.uuid": "%s",
"granteeSubject.uuid": "%s"
}
""".formatted(
grantedRole.getUuid(),
granteeUser.getUuid())
)
.port(port)
.when()
.post("http://localhost/api/rbac/grants")
.post("http://localhost/api/rbac/grants")
.then().log().all(); // @formatter:on
}
}
@ -423,7 +423,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
return RestAssured // @formatter:ff
.given()
.header("current-subject", currentSubject.currentSubject)
.header("Authorization", "Bearer " + currentSubject.currentSubject)
.header("assumed-roles", currentSubject.assumedRole)
.contentType(ContentType.JSON)
.body("""
@ -459,7 +459,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
return RestAssured // @formatter:ff
.given()
.header("current-subject", currentSubject.currentSubject)
.header("Authorization", "Bearer " + currentSubject.currentSubject)
.header("assumed-roles", currentSubject.assumedRole)
.port(port)
.when()

6
src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java
View File

@ -40,7 +40,7 @@ class RbacRoleControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/roles")
@ -65,7 +65,7 @@ class RbacRoleControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", "rbactest.package#yyy00:ADMIN")
.port(port)
.when()
@ -98,7 +98,7 @@ class RbacRoleControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "pac-admin-zzz00@zzz.example.com")
.header("Authorization", "Bearer pac-admin-zzz00@zzz.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/roles")

2
src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java
View File

@ -69,7 +69,7 @@ class RbacRoleControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/rbac/roles")
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.accept(MediaType.APPLICATION_JSON))
// then

32
src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java
View File

@ -86,7 +86,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
@ -104,7 +104,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", "rbactest.customer#yyy:ADMIN")
.port(port)
.when()
@ -123,7 +123,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "customer-admin@yyy.example.com")
.header("Authorization", "Bearer customer-admin@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
@ -141,7 +141,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "customer-admin@xxx.example.com")
.header("Authorization", "Bearer customer-admin@xxx.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
@ -160,7 +160,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/subjects")
@ -185,7 +185,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/subjects?name=pac-admin-zzz0")
@ -205,7 +205,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", "rbactest.customer#yyy:ADMIN")
.port(port)
.when()
@ -227,7 +227,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "customer-admin@yyy.example.com")
.header("Authorization", "Bearer customer-admin@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/subjects")
@ -248,7 +248,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "pac-admin-xxx01@xxx.example.com")
.header("Authorization", "Bearer pac-admin-xxx01@xxx.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/subjects")
@ -271,7 +271,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions")
@ -300,7 +300,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", "rbactest.customer#yyy:ADMIN")
.port(port)
.when()
@ -330,7 +330,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "pac-admin-yyy00@yyy.example.com")
.header("Authorization", "Bearer pac-admin-yyy00@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions")
@ -359,7 +359,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-subject", "pac-admin-yyy00@yyy.example.com")
.header("Authorization", "Bearer pac-admin-yyy00@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions")
@ -383,7 +383,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
final var location = RestAssured
.given()
.header("current-subject", givenUser.getName())
.header("Authorization", "Bearer " + givenUser.getName())
.port(port)
.when()
.delete("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
@ -404,7 +404,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
final var location = RestAssured
.given()
.header("current-subject", "customer-admin@xxx.example.com")
.header("Authorization", "Bearer customer-admin@xxx.example.com")
.port(port)
.when()
.delete("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
@ -426,7 +426,7 @@ class RbacSubjectControllerAcceptanceTest {
// @formatter:off
final var location = RestAssured
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/rbac/subjects/" + givenUser.getUuid())

2
src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerRestTest.java
View File

@ -22,6 +22,7 @@ import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid
import static org.hamcrest.Matchers.is;
import static org.mockito.ArgumentMatchers.argThat;
import static org.mockito.Mockito.verify;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@ -62,6 +63,7 @@ class RbacSubjectControllerRestTest {
// then
.andExpect(status().isCreated())
.andExpect(header().string("Location", "http://localhost/api/rbac/subjects/" + givenUuid))
.andExpect(jsonPath("uuid", is(givenUuid.toString())));
// then

Some files were not shown because too many files have changed in this diff Show More