hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

RoleUnitTest + special case FINANCIAL_CUSTOMER_CONTACT

Browse Source
This commit is contained in:
Michael Hoennig 2019-04-19 09:13:19 +02:00
parent d5a37ddfae
commit 1ad74907bd
2 changed files with 105 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/main/java/org/hostsharing/hsadminng/service/accessfilter/Role.java
View File

@ -7,6 +7,11 @@ import java.lang.reflect.Field;
/** /**
* These enum values are on the one hand used to define the minimum role required to grant access to resources, * These enum values are on the one hand used to define the minimum role required to grant access to resources,
* but on the other hand also for the roles users can be assigned to. * but on the other hand also for the roles users can be assigned to.
*
* TODO: Maybe splitting it up into UserRole and RequiredRole would make it more clear?
* And maybe instead of a level, we could then add the comprised roles in the constructor?
* This could also be a better way to express that the financial contact has no rights to
* other users resources (see also ACTUAL_CUSTOMER_USEr vs. ANY_CUSTOMER_USER).
*/ */
public enum Role { public enum Role {
/** /**
@ -45,17 +50,32 @@ public enum Role {
/** /**
* This role is for financial contacts of a customer, e.g. for accessing billing data. * This role is for financial contacts of a customer, e.g. for accessing billing data.
*/ */
FINANCIAL_CONTACT(22), FINANCIAL_CONTACT(22) {
@Override
boolean covers(final Role role) {
if (role == ACTUAL_CUSTOMER_USER) {
return false;
}
return super.covers(role);
}
},
/** /**
* This role is for technical contacts of a customer. * This role is for technical contacts of a customer.
*/ */
TECHNICAL_CONTACT(22), TECHNICAL_CONTACT(22),
/** /**
* Any user which belongs to a customer has at least this role. * Any user which belongs to a customer has at least this role.
*/ */
ANY_CUSTOMER_USER(80), ACTUAL_CUSTOMER_USER(80),
/**
* Use this to grant rights to any user, also special function users who have no
* rights on other users resources.
*/
ANY_CUSTOMER_USER(89),
/** /**
* This role is meant to specify that a resources can be accessed by anybody, even without login. * This role is meant to specify that a resources can be accessed by anybody, even without login.

83
src/test/java/org/hostsharing/hsadminng/service/accessfilter/RoleUnitTest.java Normal file
View File

@ -0,0 +1,83 @@
package org.hostsharing.hsadminng.service.accessfilter;
import org.junit.Test;
import static org.assertj.core.api.Assertions.assertThat;
public class RoleUnitTest {
@Test
public void allUserRolesShouldCoverSameRequiredRole() {
assertThat(Role.HOSTMASTER.covers(Role.HOSTMASTER)).isTrue();
assertThat(Role.ADMIN.covers(Role.ADMIN)).isTrue();
assertThat(Role.SUPPORTER.covers(Role.SUPPORTER)).isTrue();
assertThat(Role.CONTRACTUAL_CONTACT.covers(Role.CONTRACTUAL_CONTACT)).isTrue();
assertThat(Role.FINANCIAL_CONTACT.covers(Role.FINANCIAL_CONTACT)).isTrue();
assertThat(Role.TECHNICAL_CONTACT.covers(Role.TECHNICAL_CONTACT)).isTrue();
assertThat(Role.ACTUAL_CUSTOMER_USER.covers((Role.ACTUAL_CUSTOMER_USER))).isTrue();
assertThat(Role.ANY_CUSTOMER_USER.covers((Role.ANY_CUSTOMER_USER))).isTrue();
}
@Test
public void lowerUserRolesShouldNotCoverHigherRequiredRoles() {
assertThat(Role.HOSTMASTER.covers(Role.NOBODY)).isFalse();
assertThat(Role.ADMIN.covers(Role.HOSTMASTER)).isFalse();
assertThat(Role.SUPPORTER.covers(Role.ADMIN)).isFalse();
assertThat(Role.ANY_CUSTOMER_CONTACT.covers(Role.SUPPORTER)).isFalse();
assertThat(Role.CONTRACTUAL_CONTACT.covers(Role.ANY_CUSTOMER_CONTACT)).isFalse();
assertThat(Role.FINANCIAL_CONTACT.covers(Role.CONTRACTUAL_CONTACT)).isFalse();
assertThat(Role.FINANCIAL_CONTACT.covers(Role.TECHNICAL_CONTACT)).isFalse();
assertThat(Role.TECHNICAL_CONTACT.covers(Role.CONTRACTUAL_CONTACT)).isFalse();
assertThat(Role.TECHNICAL_CONTACT.covers(Role.FINANCIAL_CONTACT)).isFalse();
assertThat(Role.ACTUAL_CUSTOMER_USER.covers((Role.ANY_CUSTOMER_CONTACT))).isFalse();
assertThat(Role.ACTUAL_CUSTOMER_USER.covers((Role.CONTRACTUAL_CONTACT))).isFalse();
assertThat(Role.ACTUAL_CUSTOMER_USER.covers((Role.TECHNICAL_CONTACT))).isFalse();
assertThat(Role.ACTUAL_CUSTOMER_USER.covers((Role.FINANCIAL_CONTACT))).isFalse();
assertThat(Role.ANY_CUSTOMER_USER.covers((Role.ACTUAL_CUSTOMER_USER))).isFalse();
assertThat(Role.ANY_CUSTOMER_USER.covers((Role.ANY_CUSTOMER_CONTACT))).isFalse();
assertThat(Role.ANY_CUSTOMER_USER.covers((Role.CONTRACTUAL_CONTACT))).isFalse();
assertThat(Role.ANY_CUSTOMER_USER.covers((Role.TECHNICAL_CONTACT))).isFalse();
assertThat(Role.ANY_CUSTOMER_USER.covers((Role.FINANCIAL_CONTACT))).isFalse();
assertThat(Role.ANYBODY.covers((Role.ANY_CUSTOMER_USER))).isFalse();
}
@Test
public void higherUserRolesShouldCoverLowerRequiredRoles() {
assertThat(Role.HOSTMASTER.covers(Role.SUPPORTER)).isTrue();
assertThat(Role.ADMIN.covers(Role.SUPPORTER)).isTrue();
assertThat(Role.SUPPORTER.covers(Role.ANY_CUSTOMER_CONTACT)).isTrue();
assertThat(Role.ANY_CUSTOMER_CONTACT.covers(Role.CONTRACTUAL_CONTACT)).isTrue();
assertThat(Role.CONTRACTUAL_CONTACT.covers(Role.FINANCIAL_CONTACT)).isTrue();
assertThat(Role.CONTRACTUAL_CONTACT.covers(Role.TECHNICAL_CONTACT)).isTrue();
assertThat(Role.TECHNICAL_CONTACT.covers(Role.ANY_CUSTOMER_USER)).isTrue();
assertThat(Role.ACTUAL_CUSTOMER_USER.covers((Role.ANY_CUSTOMER_USER))).isTrue();
assertThat(Role.ANY_CUSTOMER_USER.covers((Role.ANYBODY))).isTrue();
}
@Test
public void financialContactShouldNotCoverAnyCustomersUsersRoleRequirement() {
assertThat(Role.FINANCIAL_CONTACT.covers(Role.ACTUAL_CUSTOMER_USER)).isFalse();
}
@Test
public void isAllowedToInit() {
}
@Test
public void isAllowedToUpdate() {
}
@Test
public void isAllowedToRead() {
}
}