From 1f9ee517e48fae90f9cc44d081b1a38bc63cd7e8 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 12:44:56 +0200 Subject: [PATCH] rbacuser->rbac.subject, tx_journal_tg, rbac.referenceType, rbac.reference, rbac.create_subject, rbac.find_subject_id, rbac.insert_related_object tc. --- README.md | 6 +- ...2022-07-18.row-level-security-mechanism.md | 18 +-- doc/rbac-performance-analysis.md | 4 +- doc/rbac.md | 10 +- sql/historization.sql | 2 +- sql/rbac-view-option-experiments.sql | 18 +-- ...e-cte-experiments-for-accessible-uuids.sql | 2 +- .../hsadminng/context/Context.java | 32 ++--- .../booking/item/HsBookingItemController.java | 20 +-- .../project/HsBookingProjectController.java | 20 +-- .../asset/HsHostingAssetController.java | 20 +-- .../HsOfficeBankAccountController.java | 16 +-- .../contact/HsOfficeContactController.java | 20 +-- ...OfficeCoopAssetsTransactionController.java | 12 +- ...OfficeCoopSharesTransactionController.java | 12 +- .../debitor/HsOfficeDebitorController.java | 20 +-- .../HsOfficeMembershipController.java | 20 +-- .../partner/HsOfficePartnerController.java | 20 +-- .../person/HsOfficePersonController.java | 20 +-- .../relation/HsOfficeRelationController.java | 20 +-- .../HsOfficeSepaMandateController.java | 20 +-- .../rbac/rbacdef/InsertTriggerGenerator.java | 2 +- .../RolesGrantsAndPermissionsGenerator.java | 2 +- .../rbac/rbacgrant/RbacGrantController.java | 20 +-- .../rbacgrant/RbacGrantsDiagramService.java | 4 +- .../rbac/rbacrole/RbacRoleController.java | 4 +- .../rbac/rbacuser/RbacUserController.java | 16 +-- .../rbac/rbacuser/RbacUserRepository.java | 4 +- .../test/cust/TestCustomerController.java | 8 +- .../rbac/test/pac/TestPackageController.java | 8 +- src/main/resources/api-definition/auth.yaml | 4 +- .../api-definition/hs-booking/auth.yaml | 4 +- .../hs-booking-items-with-uuid.yaml | 6 +- .../hs-booking/hs-booking-items.yaml | 4 +- .../hs-booking-projects-with-uuid.yaml | 6 +- .../hs-booking/hs-booking-projects.yaml | 4 +- .../api-definition/hs-hosting/auth.yaml | 4 +- .../hs-hosting-assets-with-uuid.yaml | 6 +- .../hs-hosting/hs-hosting-assets.yaml | 4 +- .../hs-office-bankaccounts-with-uuid.yaml | 4 +- .../hs-office/hs-office-bankaccounts.yaml | 4 +- .../hs-office-contacts-with-uuid.yaml | 6 +- .../hs-office/hs-office-contacts.yaml | 4 +- .../hs-office-coopassets-with-uuid.yaml | 2 +- .../hs-office/hs-office-coopassets.yaml | 4 +- .../hs-office-coopshares-with-uuid.yaml | 2 +- .../hs-office/hs-office-coopshares.yaml | 4 +- .../hs-office-debitors-with-uuid.yaml | 6 +- .../hs-office/hs-office-debitors.yaml | 4 +- .../hs-office-memberships-with-uuid.yaml | 6 +- .../hs-office/hs-office-memberships.yaml | 4 +- .../hs-office-partners-with-uuid.yaml | 6 +- .../hs-office/hs-office-partners.yaml | 4 +- .../hs-office-persons-with-uuid.yaml | 6 +- .../hs-office/hs-office-persons.yaml | 4 +- .../hs-office-relations-with-uuid.yaml | 6 +- .../hs-office/hs-office-relations.yaml | 4 +- .../hs-office-sepamandates-with-uuid.yaml | 6 +- .../hs-office/hs-office-sepamandates.yaml | 4 +- .../rbac/rbac-grants-with-id.yaml | 4 +- .../api-definition/rbac/rbac-grants.yaml | 4 +- .../api-definition/rbac/rbac-roles.yaml | 2 +- .../rbac/rbac-users-with-id-permissions.yaml | 2 +- .../rbac/rbac-users-with-uuid.yaml | 4 +- .../api-definition/rbac/rbac-users.yaml | 2 +- .../api-definition/test/test-customers.yaml | 4 +- .../test/test-packages-uuid.yaml | 2 +- .../api-definition/test/test-packages.yaml | 2 +- .../db/changelog/0-basis/000-basis-schema.sql | 2 +- .../db/changelog/0-basis/010-context.sql | 26 ++-- .../db/changelog/0-basis/020-audit-log.sql | 8 +- .../changelog/0-basis/030-historization.sql | 12 +- .../db/changelog/1-rbac/1000-rbac-schema.sql | 8 ++ .../db/changelog/1-rbac/1050-rbac-base.sql | 134 +++++++++--------- .../changelog/1-rbac/1051-rbac-user-grant.sql | 34 ++--- .../db/changelog/1-rbac/1054-rbac-context.sql | 92 ++++++------ .../db/changelog/1-rbac/1055-rbac-views.sql | 72 +++++----- .../changelog/1-rbac/1058-rbac-generators.sql | 14 +- .../changelog/1-rbac/1059-rbac-statistics.sql | 6 +- .../db/changelog/1-rbac/1080-rbac-global.sql | 36 ++--- .../201-test-customer/2010-test-customer.sql | 2 +- .../2013-test-customer-rbac.sql | 4 +- .../2018-test-customer-test-data.sql | 2 +- .../202-test-package/2020-test-package.sql | 2 +- .../2023-test-package-rbac.sql | 2 +- .../2028-test-package-test-data.sql | 2 +- .../203-test-domain/2030-test-domain.sql | 2 +- .../203-test-domain/2033-test-domain-rbac.sql | 2 +- .../501-contact/5010-hs-office-contact.sql | 2 +- .../5013-hs-office-contact-rbac.sql | 2 +- .../5018-hs-office-contact-test-data.sql | 2 +- .../502-person/5020-hs-office-person.sql | 2 +- .../502-person/5023-hs-office-person-rbac.sql | 2 +- .../5028-hs-office-person-test-data.sql | 2 +- .../503-relation/5030-hs-office-relation.sql | 2 +- .../5033-hs-office-relation-rbac.sql | 4 +- .../504-partner/5040-hs-office-partner.sql | 4 +- .../5043-hs-office-partner-rbac.sql | 2 +- .../5044-hs-office-partner-details-rbac.sql | 2 +- .../5050-hs-office-bankaccount.sql | 2 +- .../5053-hs-office-bankaccount-rbac.sql | 2 +- .../5058-hs-office-bankaccount-test-data.sql | 2 +- .../506-debitor/5060-hs-office-debitor.sql | 2 +- .../5063-hs-office-debitor-rbac.sql | 2 +- .../5070-hs-office-sepamandate.sql | 2 +- .../5073-hs-office-sepamandate-rbac.sql | 4 +- .../5100-hs-office-membership.sql | 2 +- .../5103-hs-office-membership-rbac.sql | 4 +- .../5110-hs-office-coopshares.sql | 2 +- .../5113-hs-office-coopshares-rbac.sql | 2 +- .../5120-hs-office-coopassets.sql | 2 +- .../5123-hs-office-coopassets-rbac.sql | 2 +- .../6200-hs-booking-project.sql | 2 +- .../6203-hs-booking-project-rbac.sql | 2 +- .../630-booking-item/6200-hs-booking-item.sql | 2 +- .../6203-hs-booking-item-rbac.sql | 2 +- .../6303-hs-booking-item-rbac.sql | 2 +- .../7010-hs-hosting-asset.sql | 2 +- .../7013-hs-hosting-asset-rbac.sql | 2 +- .../changelog/9-hs-global/9000-statistics.sql | 2 +- .../db/changelog/db.changelog-master.yaml | 2 + .../hsadminng/arch/ArchitectureTest.java | 4 +- ...HsBookingItemControllerAcceptanceTest.java | 16 +-- .../item/HsBookingItemControllerRestTest.java | 4 +- ...ookingProjectControllerAcceptanceTest.java | 16 +-- ...sHostingAssetControllerAcceptanceTest.java | 28 ++-- .../HsHostingAssetControllerRestTest.java | 4 +- ...ceBankAccountControllerAcceptanceTest.java | 18 +-- ...HsOfficeBankAccountControllerRestTest.java | 4 +- ...OfficeContactControllerAcceptanceTest.java | 20 +-- ...tsTransactionControllerAcceptanceTest.java | 18 +-- ...opAssetsTransactionControllerRestTest.java | 2 +- ...esTransactionControllerAcceptanceTest.java | 18 +-- ...opSharesTransactionControllerRestTest.java | 2 +- ...OfficeDebitorControllerAcceptanceTest.java | 28 ++-- ...iceMembershipControllerAcceptanceTest.java | 24 ++-- .../HsOfficeMembershipControllerRestTest.java | 6 +- ...OfficePartnerControllerAcceptanceTest.java | 26 ++-- .../HsOfficePartnerControllerRestTest.java | 6 +- ...sOfficePersonControllerAcceptanceTest.java | 20 +-- ...fficeRelationControllerAcceptanceTest.java | 24 ++-- ...ceSepaMandateControllerAcceptanceTest.java | 28 ++-- .../rbac/context/ContextBasedTest.java | 10 +- .../rbac/context/ContextIntegrationTests.java | 34 ++--- .../rbac/context/ContextUnitTest.java | 22 +-- .../RbacGrantControllerAcceptanceTest.java | 66 ++++----- ...acGrantsDiagramServiceIntegrationTest.java | 20 +-- .../rbac/rbacrole/RawRbacObjectEntity.java | 2 +- .../RbacRoleControllerAcceptanceTest.java | 6 +- .../rbacrole/RbacRoleControllerRestTest.java | 2 +- .../RbacRoleRepositoryIntegrationTest.java | 4 +- .../RbacUserControllerAcceptanceTest.java | 32 ++--- .../test/ContextBasedTestWithCleanup.java | 7 +- .../TestCustomerControllerAcceptanceTest.java | 16 +-- .../TestPackageControllerAcceptanceTest.java | 12 +- 155 files changed, 827 insertions(+), 816 deletions(-) create mode 100644 src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql diff --git a/README.md b/README.md index 4d03a6d3..9cca4fc4 100644 --- a/README.md +++ b/README.md @@ -77,17 +77,17 @@ If you have at least Docker and the Java JDK installed in appropriate versions a # the following command should return a JSON array with just all customers: curl \ - -H 'current-user: superuser-alex@hostsharing.net' \ + -H 'current-subject: superuser-alex@hostsharing.net' \ http://localhost:8080/api/test/customers # the following command should return a JSON array with just all packages visible for the admin of the customer yyy: curl \ - -H 'current-user: superuser-alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy:ADMIN' \ + -H 'current-subject: superuser-alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy:ADMIN' \ http://localhost:8080/api/test/packages # add a new customer curl \ - -H 'current-user: superuser-alex@hostsharing.net' -H "Content-Type: application/json" \ + -H 'current-subject: superuser-alex@hostsharing.net' -H "Content-Type: application/json" \ -d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \ -X POST http://localhost:8080/api/test/customers diff --git a/doc/adr/2022-07-18.row-level-security-mechanism.md b/doc/adr/2022-07-18.row-level-security-mechanism.md index 6276bd4d..e59c7f8a 100644 --- a/doc/adr/2022-07-18.row-level-security-mechanism.md +++ b/doc/adr/2022-07-18.row-level-security-mechanism.md @@ -14,9 +14,9 @@ The core problem here is, that in our RBAC system, determining the permissions o ### Technical Background -The session variable `hsadminng.currentUser` contains the accessing (domain-level) user, which is unrelated to the PostgreSQL user). +The session variable `hsadminng.currentSubject` contains the accessing (domain-level) user, which is unrelated to the PostgreSQL user). -Given is a stored function `isPermissionGrantedToSubject` which detects if the accessing user has a given permission (e.g. 'view'). +Given is a stored function `isPermissionGrantedToSubject` which detects if the accessing subject has a given permission (e.g. 'view'). Given is also a stored function `queryAllPermissionsOfSubjectId` which returns the flattened view to all permissions assigned to the given accessing user. @@ -38,7 +38,7 @@ In this solution, the database ignores row level visibility and returns all rows Very flexible access, programmatic, rules could be implemented. -The role-hierarchy and permissions for currently logged-in users user could be cached in the backend. +The role-hierarchy and permissions for currently logged-in sujects could be cached in the backend. The access logic can be tested in pure Java unit tests. @@ -74,11 +74,11 @@ For restricted DB-users, which are used by the backend, access to rows is filter FOR SELECT TO restricted USING ( - isPermissionGrantedToSubject(findEffectivePermissionId('customer', id, 'view'), currentUserUuid()) + isPermissionGrantedToSubject(findEffectivePermissionId('customer', id, 'view'), currentSubjectUuid()) ); SET SESSION AUTHORIZATION restricted; - SET hsadminng.currentUser TO 'alex@example.com'; + SET hsadminng.currentSubject TO 'alex@example.com'; SELECT * from customer; -- will only return visible rows #### Advantages @@ -101,10 +101,10 @@ We are bound to PostgreSQL, including integration tests and testing the RBAC sys CREATE OR REPLACE RULE "_RETURN" AS ON SELECT TO cust_view DO INSTEAD - SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('customer', id, 'view'), currentUserUuid()); + SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('customer', id, 'view'), currentSubjectUuid()); SET SESSION AUTHORIZATION restricted; - SET hsadminng.currentUser TO 'alex@example.com'; + SET hsadminng.currentSubject TO 'alex@example.com'; SELECT * from customer; -- will only return visible rows #### Advantages @@ -130,12 +130,12 @@ We do not access the tables directly from the backend, but via views which join CREATE OR REPLACE VIEW cust_view AS SELECT c.id, c.reference, c.prefix FROM customer AS c - JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p + JOIN queryAllPermissionsOfSubjectId(currentSubjectUuid()) AS p ON p.tableName='customer' AND p.rowId=c.id AND p.op='view'; GRANT ALL PRIVILEGES ON cust_view TO restricted; SET SESSION SESSION AUTHORIZATION restricted; - SET hsadminng.currentUser TO 'alex@example.com'; + SET hsadminng.currentSubject TO 'alex@example.com'; SELECT * from cust_view; -- will only return visible rows Alternatively the JOIN could also be applied in a "ON SELECT DO INSTEAD"-RULE, if there is any advantage for later features. diff --git a/doc/rbac-performance-analysis.md b/doc/rbac-performance-analysis.md index fa80dde4..10ec6593 100644 --- a/doc/rbac-performance-analysis.md +++ b/doc/rbac-performance-analysis.md @@ -392,9 +392,9 @@ We found some solution approaches: 3. Inverting the recursion of the CTE-query, combined with the type condition. - Instead of starting the recursion with `currentsubjectsuuids()`, + Instead of starting the recursion with `currentSubjectOrAssumedRolesUuids()`, we could start it with the target table name and row-type, - then recurse down to the `currentsubjectsuuids()`. + then recurse down to the `currentSubjectOrAssumedRolesUuids()`. In the end, we need the object UUIDs, though. But if we start with the join of `rbacObject` with `rbacPermission`, diff --git a/doc/rbac.md b/doc/rbac.md index 662bed29..e7cb12d3 100644 --- a/doc/rbac.md +++ b/doc/rbac.md @@ -364,10 +364,10 @@ This way, each user can only select the data they have 'SELECT'-permission for, ### Current User -The current use is taken from the session variable `hsadminng.currentUser` which contains the name of the user as stored in the +The current use is taken from the session variable `hsadminng.currentSubject` which contains the name of the user as stored in the *RbacUser*s table. Example: - SET LOCAL hsadminng.currentUser = 'mike@hostsharing.net'; + SET LOCAL hsadminng.currentSubject = 'mike@hostsharing.net'; That user is also used for historicization and audit log, but which is a different topic. @@ -388,7 +388,7 @@ A full example is shown here: BEGIN TRANSACTION; SET SESSION SESSION AUTHORIZATION restricted; - SET LOCAL hsadminng.currentUser = 'mike@hostsharing.net'; + SET LOCAL hsadminng.currentSubject = 'mike@hostsharing.net'; SET LOCAL hsadminng.assumedRoles = 'customer#aab:admin;customer#aac:admin'; SELECT c.prefix, p.name as "package", ema.localPart || '@' || dom.name as "email-address" @@ -624,7 +624,7 @@ Let's have a look at the two view queries: WHERE target.uuid IN ( SELECT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( - 'SELECT, 'customer', currentSubjectsUuids())); + 'SELECT, 'customer', currentSubjectOrAssumedRolesUuids())); This view should be automatically updatable. Where, for updates, we actually have to check for 'UPDATE' instead of 'SELECT' operation, which makes it a bit more complicated. @@ -642,7 +642,7 @@ Looks like the query optimizer needed some statistics to find the best path. SELECT DISTINCT target.* FROM customer AS target JOIN queryAccessibleObjectUuidsOfSubjectIds( - 'SELECT, 'customer', currentSubjectsUuids()) AS allowedObjId + 'SELECT, 'customer', currentSubjectOrAssumedRolesUuids()) AS allowedObjId ON target.uuid = allowedObjId; This view cannot is not updatable automatically, diff --git a/sql/historization.sql b/sql/historization.sql index a240b30b..89dfbe62 100644 --- a/sql/historization.sql +++ b/sql/historization.sql @@ -28,7 +28,7 @@ commit; set hsadminng.tx_history_txid to ''; set hsadminng.tx_history_timestamp to '2024-08-29 12:42'; -- all versions -select tx_history_txid(), txc.txtimestamp, txc.currentUser, txc.currentTask, haex.* +select tx_history_txid(), txc.txtimestamp, txc.currentSubject, txc.currentTask, haex.* from hs_hosting_asset_ex haex join basis.tx_context txc on haex.txid=txc.txid where haex.identifier = 'test@thi.example.org'; diff --git a/sql/rbac-view-option-experiments.sql b/sql/rbac-view-option-experiments.sql index c5c04487..d058ac49 100644 --- a/sql/rbac-view-option-experiments.sql +++ b/sql/rbac-view-option-experiments.sql @@ -20,11 +20,11 @@ CREATE POLICY customer_policy ON customer TO restricted USING ( -- id=1000 - isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), currentUserUuid()) + isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), rbac.currentSubjectUuid()) ); SET SESSION AUTHORIZATION restricted; -SET hsadminng.currentUser TO 'alex@example.com'; +SET hsadminng.currentSubject TO 'alex@example.com'; SELECT * from customer; -- access control via view-rule and isPermissionGrantedToSubject - way too slow (35 s 580 ms for 1 million rows) @@ -35,7 +35,7 @@ SELECT * FROM customer; CREATE OR REPLACE RULE "_RETURN" AS ON SELECT TO cust_view DO INSTEAD - SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), currentUserUuid()); + SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), rbac.currentSubjectUuid()); SELECT * from cust_view LIMIT 10; select queryAllPermissionsOfSubjectId(findRbacUser('superuser-alex@hostsharing.net')); @@ -51,12 +51,12 @@ CREATE OR REPLACE RULE "_RETURN" AS ON SELECT TO cust_view DO INSTEAD SELECT c.uuid, c.reference, c.prefix FROM customer AS c - JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p + JOIN queryAllPermissionsOfSubjectId(rbac.currentSubjectUuid()) AS p ON p.objectTable='test_customer' AND p.objectUuid=c.uuid; GRANT ALL PRIVILEGES ON cust_view TO restricted; SET SESSION SESSION AUTHORIZATION restricted; -SET hsadminng.currentUser TO 'alex@example.com'; +SET hsadminng.currentSubject TO 'alex@example.com'; SELECT * from cust_view; @@ -67,14 +67,14 @@ DROP VIEW IF EXISTS cust_view; CREATE OR REPLACE VIEW cust_view AS SELECT c.uuid, c.reference, c.prefix FROM customer AS c - JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p + JOIN queryAllPermissionsOfSubjectId(rbac.currentSubjectUuid()) AS p ON p.objectUuid=c.uuid; GRANT ALL PRIVILEGES ON cust_view TO restricted; SET SESSION SESSION AUTHORIZATION restricted; --- SET hsadminng.currentUser TO 'alex@example.com'; -SET hsadminng.currentUser TO 'superuser-alex@hostsharing.net'; --- SET hsadminng.currentUser TO 'aaaaouq@example.com'; +-- SET hsadminng.currentSubject TO 'alex@example.com'; +SET hsadminng.currentSubject TO 'superuser-alex@hostsharing.net'; +-- SET hsadminng.currentSubject TO 'aaaaouq@example.com'; SELECT * from cust_view where reference=1144150; select rr.uuid, rr.type from RbacGrants g diff --git a/sql/recursive-cte-experiments-for-accessible-uuids.sql b/sql/recursive-cte-experiments-for-accessible-uuids.sql index 5e9a7be5..669a6f24 100644 --- a/sql/recursive-cte-experiments-for-accessible-uuids.sql +++ b/sql/recursive-cte-experiments-for-accessible-uuids.sql @@ -17,7 +17,7 @@ with recursive 1 as level, true from rbacgrants - where (rbacgrants.ascendantuuid = any (currentsubjectsuuids())) + where (rbacgrants.ascendantuuid = any (rbac.currentSubjectOrAssumedRolesUuids())) and rbacgrants.assumed union all select distinct g.descendantuuid, diff --git a/src/main/java/net/hostsharing/hsadminng/context/Context.java b/src/main/java/net/hostsharing/hsadminng/context/Context.java index 9c3b6a3f..cf2cf4c4 100644 --- a/src/main/java/net/hostsharing/hsadminng/context/Context.java +++ b/src/main/java/net/hostsharing/hsadminng/context/Context.java @@ -38,53 +38,53 @@ public class Context { private HttpServletRequest request; @Transactional(propagation = MANDATORY) - public void define(final String currentUser) { - define(currentUser, null); + public void define(final String currentSubject) { + define(currentSubject, null); } @Transactional(propagation = MANDATORY) - public void define(final String currentUser, final String assumedRoles) { - define(toTask(request), toCurl(request), currentUser, assumedRoles); + public void define(final String currentSubject, final String assumedRoles) { + define(toTask(request), toCurl(request), currentSubject, assumedRoles); } @Transactional(propagation = MANDATORY) public void define( final String currentTask, final String currentRequest, - final String currentUser, + final String currentSubject, final String assumedRoles) { final var query = em.createNativeQuery(""" call basis.defineContext( cast(:currentTask as varchar(127)), cast(:currentRequest as text), - cast(:currentUser as varchar(63)), + cast(:currentSubject as varchar(63)), cast(:assumedRoles as varchar(1023))); """); query.setParameter("currentTask", shortenToMaxLength(currentTask, 127)); query.setParameter("currentRequest", currentRequest); - query.setParameter("currentUser", currentUser); + query.setParameter("currentSubject", currentSubject); query.setParameter("assumedRoles", assumedRoles != null ? assumedRoles : ""); query.executeUpdate(); } - public String getCurrentTask() { + public String fetchCurrentTask() { return (String) em.createNativeQuery("select current_setting('hsadminng.currentTask');").getSingleResult(); } - public String getCurrentUser() { - return String.valueOf(em.createNativeQuery("select currentUser()").getSingleResult()); + public String fetchCurrentSubject() { + return String.valueOf(em.createNativeQuery("select basis.currentSubject()").getSingleResult()); } - public UUID getCurrentUserUUid() { - return (UUID) em.createNativeQuery("select currentUserUUid()", UUID.class).getSingleResult(); + public UUID fetchCurrentSubjectUuid() { + return (UUID) em.createNativeQuery("select rbac.currentSubjectUuid()", UUID.class).getSingleResult(); } - public String[] getAssumedRoles() { - return (String[]) em.createNativeQuery("select assumedRoles() as roles", String[].class).getSingleResult(); + public String[] fetchAssumedRoles() { + return (String[]) em.createNativeQuery("select basis.assumedRoles() as roles", String[].class).getSingleResult(); } - public UUID[] currentSubjectsUuids() { - return (UUID[]) em.createNativeQuery("select currentSubjectsUuids() as uuids", UUID[].class).getSingleResult(); + public UUID[] fetchCurrentSubjectOrAssumedRolesUuids() { + return (UUID[]) em.createNativeQuery("select rbac.currentSubjectOrAssumedRolesUuids() as uuids", UUID[].class).getSingleResult(); } public static String getCallerMethodNameFromStackFrame(final int skipFrames) { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java index 01d2e6a5..6afd5219 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java @@ -41,10 +41,10 @@ public class HsBookingItemController implements HsBookingItemsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listBookingItemsByProjectUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID projectUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = bookingItemRepo.findAllByProjectUuid(projectUuid); @@ -55,11 +55,11 @@ public class HsBookingItemController implements HsBookingItemsApi { @Override @Transactional public ResponseEntity addBookingItem( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsBookingItemInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = mapper.map(body, HsBookingItemRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -77,11 +77,11 @@ public class HsBookingItemController implements HsBookingItemsApi { @Override @Transactional(readOnly = true) public ResponseEntity getBookingItemByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bookingItemUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = bookingItemRepo.findByUuid(bookingItemUuid); result.ifPresent(entity -> em.detach(entity)); // prevent further LAZY-loading @@ -94,10 +94,10 @@ public class HsBookingItemController implements HsBookingItemsApi { @Override @Transactional public ResponseEntity deleteBookingIemByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bookingItemUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = bookingItemRepo.deleteByUuid(bookingItemUuid); return result == 0 @@ -108,12 +108,12 @@ public class HsBookingItemController implements HsBookingItemsApi { @Override @Transactional public ResponseEntity patchBookingItem( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bookingItemUuid, final HsBookingItemPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = bookingItemRepo.findByUuid(bookingItemUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectController.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectController.java index 9247ff83..55d26b36 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectController.java @@ -36,10 +36,10 @@ public class HsBookingProjectController implements HsBookingProjectsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listBookingProjectsByDebitorUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID debitorUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = bookingProjectRepo.findAllByDebitorUuid(debitorUuid); @@ -50,11 +50,11 @@ public class HsBookingProjectController implements HsBookingProjectsApi { @Override @Transactional public ResponseEntity addBookingProject( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsBookingProjectInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = mapper.map(body, HsBookingProjectRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -72,11 +72,11 @@ public class HsBookingProjectController implements HsBookingProjectsApi { @Override @Transactional(readOnly = true) public ResponseEntity getBookingProjectByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bookingProjectUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = bookingProjectRepo.findByUuid(bookingProjectUuid); return result @@ -88,10 +88,10 @@ public class HsBookingProjectController implements HsBookingProjectsApi { @Override @Transactional public ResponseEntity deleteBookingIemByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bookingProjectUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = bookingProjectRepo.deleteByUuid(bookingProjectUuid); return result == 0 @@ -102,12 +102,12 @@ public class HsBookingProjectController implements HsBookingProjectsApi { @Override @Transactional public ResponseEntity patchBookingProject( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bookingProjectUuid, final HsBookingProjectPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = bookingProjectRepo.findByUuid(bookingProjectUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java index 26636eb4..8973d0cc 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java @@ -49,12 +49,12 @@ public class HsHostingAssetController implements HsHostingAssetsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listAssets( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID debitorUuid, final UUID parentAssetUuid, final HsHostingAssetTypeResource type) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = rbacAssetRepo.findAllByCriteria(debitorUuid, parentAssetUuid, HsHostingAssetType.of(type)); @@ -66,11 +66,11 @@ public class HsHostingAssetController implements HsHostingAssetsApi { @Override @Transactional public ResponseEntity addAsset( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsHostingAssetInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entity = mapper.map(body, HsHostingAssetRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -94,11 +94,11 @@ public class HsHostingAssetController implements HsHostingAssetsApi { @Override @Transactional(readOnly = true) public ResponseEntity getAssetByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID assetUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = rbacAssetRepo.findByUuid(assetUuid); return result @@ -110,10 +110,10 @@ public class HsHostingAssetController implements HsHostingAssetsApi { @Override @Transactional public ResponseEntity deleteAssetUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID assetUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = rbacAssetRepo.deleteByUuid(assetUuid); return result == 0 @@ -124,12 +124,12 @@ public class HsHostingAssetController implements HsHostingAssetsApi { @Override @Transactional public ResponseEntity patchAsset( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID assetUuid, final HsHostingAssetPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entity = rbacAssetRepo.findByUuid(assetUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java index 9f39767f..50183bf7 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java @@ -32,10 +32,10 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listBankAccounts( - final String currentUser, + final String currentSubject, final String assumedRoles, final String holder) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = bankAccountRepo.findByOptionalHolderLike(holder); @@ -46,11 +46,11 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi { @Override @Transactional public ResponseEntity addBankAccount( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeBankAccountInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); IbanUtil.validate(body.getIban()); BicUtil.validate(body.getBic()); @@ -72,11 +72,11 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi { @Override @Transactional(readOnly = true) public ResponseEntity getBankAccountByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bankAccountUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = bankAccountRepo.findByUuid(bankAccountUuid); if (result.isEmpty()) { @@ -88,10 +88,10 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi { @Override @Transactional public ResponseEntity deleteBankAccountByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID BankAccountUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = bankAccountRepo.deleteByUuid(BankAccountUuid); if (result == 0) { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java index cee7e28a..17d39b7f 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java @@ -34,10 +34,10 @@ public class HsOfficeContactController implements HsOfficeContactsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listContacts( - final String currentUser, + final String currentSubject, final String assumedRoles, final String caption) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = contactRepo.findContactByOptionalCaptionLike(caption); @@ -48,11 +48,11 @@ public class HsOfficeContactController implements HsOfficeContactsApi { @Override @Transactional public ResponseEntity addContact( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeContactInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = mapper.map(body, HsOfficeContactRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -70,11 +70,11 @@ public class HsOfficeContactController implements HsOfficeContactsApi { @Override @Transactional(readOnly = true) public ResponseEntity getContactByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID contactUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = contactRepo.findByUuid(contactUuid); if (result.isEmpty()) { @@ -86,10 +86,10 @@ public class HsOfficeContactController implements HsOfficeContactsApi { @Override @Transactional public ResponseEntity deleteContactByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID contactUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = contactRepo.deleteByUuid(contactUuid); if (result == 0) { @@ -102,12 +102,12 @@ public class HsOfficeContactController implements HsOfficeContactsApi { @Override @Transactional public ResponseEntity patchContact( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID contactUuid, final HsOfficeContactPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = contactRepo.findByUuid(contactUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java index 8ec1d956..f4cb28a3 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java @@ -37,12 +37,12 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse @Override @Transactional(readOnly = true) public ResponseEntity> listCoopAssets( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID membershipUuid, final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate, final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange( membershipUuid, @@ -56,11 +56,11 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse @Override @Transactional public ResponseEntity addCoopAssetsTransaction( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeCoopAssetsTransactionInsertResource requestBody) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); validate(requestBody); final var entityToSave = mapper.map(requestBody, HsOfficeCoopAssetsTransactionEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -79,9 +79,9 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse @Transactional(readOnly = true) public ResponseEntity getCoopAssetTransactionByUuid( - final String currentUser, final String assumedRoles, final UUID assetTransactionUuid) { + final String currentSubject, final String assumedRoles, final UUID assetTransactionUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = coopAssetsTransactionRepo.findByUuid(assetTransactionUuid); if (result.isEmpty()) { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java index 78b41c9f..1616568d 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java @@ -39,12 +39,12 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar @Override @Transactional(readOnly = true) public ResponseEntity> listCoopShares( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID membershipUuid, final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate, final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange( membershipUuid, @@ -58,11 +58,11 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar @Override @Transactional public ResponseEntity addCoopSharesTransaction( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeCoopSharesTransactionInsertResource requestBody) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); validate(requestBody); final var entityToSave = mapper.map(requestBody, HsOfficeCoopSharesTransactionEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -81,9 +81,9 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar @Override @Transactional(readOnly = true) public ResponseEntity getCoopShareTransactionByUuid( - final String currentUser, final String assumedRoles, final UUID shareTransactionUuid) { + final String currentSubject, final String assumedRoles, final UUID shareTransactionUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = coopSharesTransactionRepo.findByUuid(shareTransactionUuid); if (result.isEmpty()) { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java index 73fe78af..17ab0e70 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java @@ -48,11 +48,11 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listDebitors( - final String currentUser, + final String currentSubject, final String assumedRoles, final String name, final Integer debitorNumber) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = debitorNumber != null ? debitorRepo.findDebitorByDebitorNumber(debitorNumber) @@ -65,11 +65,11 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { @Override @Transactional public ResponseEntity addDebitor( - String currentUser, + String currentSubject, String assumedRoles, HsOfficeDebitorInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); Validate.isTrue(body.getDebitorRel() == null || body.getDebitorRelUuid() == null, "ERROR: [400] exactly one of debitorRel and debitorRelUuid must be supplied, but found both"); @@ -112,11 +112,11 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { @Override @Transactional(readOnly = true) public ResponseEntity getDebitorByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID debitorUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = debitorRepo.findByUuid(debitorUuid); if (result.isEmpty()) { @@ -128,10 +128,10 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { @Override @Transactional public ResponseEntity deleteDebitorByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID debitorUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = debitorRepo.deleteByUuid(debitorUuid); if (result == 0) { @@ -144,12 +144,12 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { @Override @Transactional public ResponseEntity patchDebitor( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID debitorUuid, final HsOfficeDebitorPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = debitorRepo.findByUuid(debitorUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java index 3c783aae..8c87e5fa 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java @@ -32,11 +32,11 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listMemberships( - final String currentUser, + final String currentSubject, final String assumedRoles, UUID partnerUuid, Integer memberNumber) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = ( memberNumber != null) ? List.of(membershipRepo.findMembershipByMemberNumber(memberNumber)) @@ -50,11 +50,11 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { @Override @Transactional public ResponseEntity addMembership( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeMembershipInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = mapper.map(body, HsOfficeMembershipEntity.class); @@ -73,11 +73,11 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { @Override @Transactional(readOnly = true) public ResponseEntity getMembershipByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID membershipUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = membershipRepo.findByUuid(membershipUuid); if (result.isEmpty()) { @@ -90,10 +90,10 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { @Override @Transactional public ResponseEntity deleteMembershipByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID membershipUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = membershipRepo.deleteByUuid(membershipUuid); if (result == 0) { @@ -106,12 +106,12 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { @Override @Transactional public ResponseEntity patchMembership( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID membershipUuid, final HsOfficeMembershipPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = membershipRepo.findByUuid(membershipUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java index 5965d990..e4da02b8 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java @@ -50,10 +50,10 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { @Override @Transactional(readOnly = true) public ResponseEntity> listPartners( - final String currentUser, + final String currentSubject, final String assumedRoles, final String name) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = partnerRepo.findPartnerByOptionalNameLike(name); @@ -64,11 +64,11 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { @Override @Transactional public ResponseEntity addPartner( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficePartnerInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = createPartnerEntity(body); @@ -86,11 +86,11 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { @Override @Transactional(readOnly = true) public ResponseEntity getPartnerByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID partnerUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = partnerRepo.findByUuid(partnerUuid); if (result.isEmpty()) { @@ -102,10 +102,10 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { @Override @Transactional public ResponseEntity deletePartnerByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID partnerUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var partnerToDelete = partnerRepo.findByUuid(partnerUuid); if (partnerToDelete.isEmpty()) { @@ -122,12 +122,12 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { @Override @Transactional public ResponseEntity patchPartner( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID partnerUuid, final HsOfficePartnerPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = partnerRepo.findByUuid(partnerUuid).orElseThrow(); final var previousPartnerRel = current.getPartnerRel(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java index c3a52c50..41d9d441 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java @@ -31,10 +31,10 @@ public class HsOfficePersonController implements HsOfficePersonsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listPersons( - final String currentUser, + final String currentSubject, final String assumedRoles, final String caption) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = personRepo.findPersonByOptionalNameLike(caption); @@ -45,11 +45,11 @@ public class HsOfficePersonController implements HsOfficePersonsApi { @Override @Transactional public ResponseEntity addPerson( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficePersonInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = mapper.map(body, HsOfficePersonEntity.class); @@ -67,11 +67,11 @@ public class HsOfficePersonController implements HsOfficePersonsApi { @Override @Transactional(readOnly = true) public ResponseEntity getPersonByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID personUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = personRepo.findByUuid(personUuid); if (result.isEmpty()) { @@ -83,10 +83,10 @@ public class HsOfficePersonController implements HsOfficePersonsApi { @Override @Transactional public ResponseEntity deletePersonByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID personUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = personRepo.deleteByUuid(personUuid); if (result == 0) { @@ -99,12 +99,12 @@ public class HsOfficePersonController implements HsOfficePersonsApi { @Override @Transactional public ResponseEntity patchPerson( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID personUuid, final HsOfficePersonPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = personRepo.findByUuid(personUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java index a3f4d136..f054e563 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java @@ -45,11 +45,11 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listRelations( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID personUuid, final HsOfficeRelationTypeResource relationType) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = relationRbacRepo.findRelationRelatedToPersonUuidAndRelationType(personUuid, mapper.map(relationType, HsOfficeRelationType.class)); @@ -62,11 +62,11 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { @Override @Transactional public ResponseEntity addRelation( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeRelationInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = new HsOfficeRelationRbacEntity(); entityToSave.setType(HsOfficeRelationType.valueOf(body.getType())); @@ -96,11 +96,11 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { @Override @Transactional(readOnly = true) public ResponseEntity getRelationByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID relationUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = relationRbacRepo.findByUuid(relationUuid); if (result.isEmpty()) { @@ -112,10 +112,10 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { @Override @Transactional public ResponseEntity deleteRelationByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID relationUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = relationRbacRepo.deleteByUuid(relationUuid); if (result == 0) { @@ -128,12 +128,12 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { @Override @Transactional public ResponseEntity patchRelation( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID relationUuid, final HsOfficeRelationPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = relationRbacRepo.findByUuid(relationUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java index 115b8948..9511bdd6 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java @@ -39,10 +39,10 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { @Override @Transactional(readOnly = true) public ResponseEntity> listSepaMandatesByIban( - final String currentUser, + final String currentSubject, final String assumedRoles, final String iban) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = sepaMandateRepo.findSepaMandateByOptionalIban(iban); @@ -54,11 +54,11 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { @Override @Transactional public ResponseEntity addSepaMandate( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeSepaMandateInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = mapper.map(body, HsOfficeSepaMandateEntity.class, SEPA_MANDATE_RESOURCE_TO_ENTITY_POSTMAPPER); @@ -77,11 +77,11 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { @Override @Transactional(readOnly = true) public ResponseEntity getSepaMandateByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID sepaMandateUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = sepaMandateRepo.findByUuid(sepaMandateUuid); if (result.isEmpty()) { @@ -94,10 +94,10 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { @Override @Transactional public ResponseEntity deleteSepaMandateByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID sepaMandateUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = sepaMandateRepo.deleteByUuid(sepaMandateUuid); if (result == 0) { @@ -110,12 +110,12 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { @Override @Transactional public ResponseEntity patchSepaMandate( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID sepaMandateUuid, final HsOfficeSepaMandatePatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = sepaMandateRepo.findByUuid(sepaMandateUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java index 521ba66b..41e9bfc6 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java @@ -255,7 +255,7 @@ public class InsertTriggerGenerator { plPgSql.writeLn(); plPgSql.writeLn(""" raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), currentSubjectOrAssumedRolesUuids(); end; $$; create trigger ${rawSubTable}_insert_permission_check_tg diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java index 2089d4d9..238e1208 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java @@ -580,7 +580,7 @@ class RolesGrantsAndPermissionsGenerator { private String toPlPgSqlReference(final RbacView.RbacUserReference userRef) { return switch (userRef.role) { - case CREATOR -> "currentUserUuid()"; + case CREATOR -> "currentSubjectUuid()"; default -> throw new IllegalArgumentException("unknown user role: " + userRef); }; } diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java index 9dfaea74..ccdfb38b 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java @@ -33,12 +33,12 @@ public class RbacGrantController implements RbacGrantsApi { @Override @Transactional(readOnly = true) public ResponseEntity getGrantById( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID grantedRoleUuid, final UUID granteeUserUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var id = new RbacGrantId(granteeUserUuid, grantedRoleUuid); final var result = rbacGrantRepository.findById(id); @@ -51,10 +51,10 @@ public class RbacGrantController implements RbacGrantsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listUserGrants( - final String currentUser, + final String currentSubject, final String assumedRoles) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); return ResponseEntity.ok(mapper.mapList(rbacGrantRepository.findAll(), RbacGrantResource.class)); } @@ -62,11 +62,11 @@ public class RbacGrantController implements RbacGrantsApi { @Override @Transactional public ResponseEntity grantRoleToUser( - final String currentUser, + final String currentSubject, final String assumedRoles, final RbacGrantResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var granted = rbacGrantRepository.save(mapper.map(body, RbacGrantEntity.class)); em.flush(); @@ -83,12 +83,12 @@ public class RbacGrantController implements RbacGrantsApi { @Override @Transactional public ResponseEntity revokeRoleFromUser( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID grantedRoleUuid, final UUID granteeUserUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); rbacGrantRepository.deleteByRbacGrantId(new RbacGrantId(granteeUserUuid, grantedRoleUuid)); @@ -101,9 +101,9 @@ public class RbacGrantController implements RbacGrantsApi { // produces = {"text/vnd.mermaid"}) // @Transactional(readOnly = true) // public ResponseEntity allGrantsOfUserAsMermaid( -// @RequestHeader(name = "current-user") String currentUser, +// @RequestHeader(name = "current-subject") String currentSubject, // @RequestHeader(name = "assumed-roles", required = false) String assumedRoles) { -// final var graph = RbacGrantsDiagramService.allGrantsToUser(currentUser); +// final var graph = RbacGrantsDiagramService.allGrantsToUser(currentSubject); // return ResponseEntity.ok(graph); // } diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java index f1369067..39ee73aa 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java @@ -64,9 +64,9 @@ public class RbacGrantsDiagramService { private Map> descendantsByUuid = new HashMap<>(); - public String allGrantsToCurrentUser(final EnumSet includes) { + public String allGrantsTocurrentSubject(final EnumSet includes) { final var graph = new LimitedHashSet(); - for ( UUID subjectUuid: context.currentSubjectsUuids() ) { + for ( UUID subjectUuid: context.fetchCurrentSubjectOrAssumedRolesUuids() ) { traverseGrantsTo(graph, subjectUuid, includes); } return toMermaidFlowchart(graph, includes); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java index 0405fee2..1a5d8108 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java @@ -26,10 +26,10 @@ public class RbacRoleController implements RbacRolesApi { @Override @Transactional(readOnly = true) public ResponseEntity> listRoles( - final String currentUser, + final String currentSubject, final String assumedRoles) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final List result = rbacRoleRepository.findAll(); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java index bcc7844b..e0885a16 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java @@ -49,11 +49,11 @@ public class RbacUserController implements RbacUsersApi { @Override @Transactional public ResponseEntity deleteUserByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID userUuid ) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); rbacUserRepository.deleteByUuid(userUuid); @@ -63,11 +63,11 @@ public class RbacUserController implements RbacUsersApi { @Override @Transactional(readOnly = true) public ResponseEntity getUserById( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID userUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = rbacUserRepository.findByUuid(userUuid); if (result == null) { @@ -79,11 +79,11 @@ public class RbacUserController implements RbacUsersApi { @Override @Transactional(readOnly = true) public ResponseEntity> listUsers( - final String currentUser, + final String currentSubject, final String assumedRoles, final String userName ) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); return ResponseEntity.ok(mapper.mapList(rbacUserRepository.findByOptionalNameLike(userName), RbacUserResource.class)); } @@ -91,11 +91,11 @@ public class RbacUserController implements RbacUsersApi { @Override @Transactional(readOnly = true) public ResponseEntity> listUserPermissions( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID userUuid ) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); return ResponseEntity.ok(mapper.mapList( rbacUserRepository.findPermissionsOfUserByUuid(userUuid), diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java index 0c1a168b..3560741e 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java @@ -17,7 +17,7 @@ public interface RbacUserRepository extends Repository { List findByOptionalNameLike(String userName); // bypasses the restricted view, to be able to grant rights to arbitrary user - @Query(value = "select * from rbacuser where name=:userName", nativeQuery = true) + @Query(value = "select * from rbac.subject where name=:userName", nativeQuery = true) RbacUserEntity findByName(String userName); RbacUserEntity findByUuid(UUID uuid); @@ -28,7 +28,7 @@ public interface RbacUserRepository extends Repository { /* Can't use save/saveAndFlush from SpringData because the uuid is not generated on the entity level, but explicitly, and then SpringData check's if it exists using an SQL SELECT. - And SQL SELECT needs a currentUser which we don't yet have in the case of self registration. + And SQL SELECT needs a currentSubject which we don't yet have in the case of self registration. */ @Modifying @Query(value = "insert into RBacUser_RV (uuid, name) values( :#{#newUser.uuid}, :#{#newUser.name})", nativeQuery = true) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java b/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java index d0ab74bf..c6bbc115 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java @@ -32,11 +32,11 @@ public class TestCustomerController implements TestCustomersApi { @Override @Transactional(readOnly = true) public ResponseEntity> listCustomers( - String currentUser, + String currentSubject, String assumedRoles, String prefix ) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(prefix); @@ -46,11 +46,11 @@ public class TestCustomerController implements TestCustomersApi { @Override @Transactional public ResponseEntity addCustomer( - final String currentUser, + final String currentSubject, final String assumedRoles, final TestCustomerResource customer) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var saved = testCustomerRepository.save(mapper.map(customer, TestCustomerEntity.class)); final var uri = diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java b/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java index 8bb94971..c6ecc7e0 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java @@ -29,11 +29,11 @@ public class TestPackageController implements TestPackagesApi { @Override @Transactional(readOnly = true) public ResponseEntity> listPackages( - String currentUser, + String currentSubject, String assumedRoles, String name ) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = testPackageRepository.findAllByOptionalNameLike(name); return ResponseEntity.ok(mapper.mapList(result, TestPackageResource.class)); @@ -42,12 +42,12 @@ public class TestPackageController implements TestPackagesApi { @Override @Transactional public ResponseEntity updatePackage( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID packageUuid, final TestPackageUpdateResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = testPackageRepository.findByUuid(packageUuid); OptionalFromJson.of(body.getDescription()).ifPresent(current::setDescription); diff --git a/src/main/resources/api-definition/auth.yaml b/src/main/resources/api-definition/auth.yaml index 65d491fb..e46f0f38 100644 --- a/src/main/resources/api-definition/auth.yaml +++ b/src/main/resources/api-definition/auth.yaml @@ -3,8 +3,8 @@ components: parameters: - currentUser: - name: current-user + currentSubject: + name: current-subject in: header required: true schema: diff --git a/src/main/resources/api-definition/hs-booking/auth.yaml b/src/main/resources/api-definition/hs-booking/auth.yaml index 65d491fb..e46f0f38 100644 --- a/src/main/resources/api-definition/hs-booking/auth.yaml +++ b/src/main/resources/api-definition/hs-booking/auth.yaml @@ -3,8 +3,8 @@ components: parameters: - currentUser: - name: current-user + currentSubject: + name: current-subject in: header required: true schema: diff --git a/src/main/resources/api-definition/hs-booking/hs-booking-items-with-uuid.yaml b/src/main/resources/api-definition/hs-booking/hs-booking-items-with-uuid.yaml index 3d7567c8..e93cb7b6 100644 --- a/src/main/resources/api-definition/hs-booking/hs-booking-items-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-booking/hs-booking-items-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single booking item its uuid, if visible for the current subject.' operationId: getBookingItemByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bookingItemUuid in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single booking item identified by its uuid, if permitted for the current subject.' operationId: patchBookingItem parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bookingItemUuid in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single booking item identified by its uuid, if permitted for the current subject.' operationId: deleteBookingIemByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bookingItemUuid in: path diff --git a/src/main/resources/api-definition/hs-booking/hs-booking-items.yaml b/src/main/resources/api-definition/hs-booking/hs-booking-items.yaml index 40a3d010..fca2209a 100644 --- a/src/main/resources/api-definition/hs-booking/hs-booking-items.yaml +++ b/src/main/resources/api-definition/hs-booking/hs-booking-items.yaml @@ -5,7 +5,7 @@ get: - hs-booking-items operationId: listBookingItemsByProjectUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: projectUuid in: query @@ -34,7 +34,7 @@ post: - hs-booking-items operationId: addBookingItem parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new booking item. diff --git a/src/main/resources/api-definition/hs-booking/hs-booking-projects-with-uuid.yaml b/src/main/resources/api-definition/hs-booking/hs-booking-projects-with-uuid.yaml index 085205a7..4c41d51c 100644 --- a/src/main/resources/api-definition/hs-booking/hs-booking-projects-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-booking/hs-booking-projects-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single booking project its uuid, if visible for the current subject.' operationId: getBookingProjectByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bookingProjectUuid in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single booking project identified by its uuid, if permitted for the current subject.' operationId: patchBookingProject parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bookingProjectUuid in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single booking project identified by its uuid, if permitted for the current subject.' operationId: deleteBookingIemByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bookingProjectUuid in: path diff --git a/src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml b/src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml index bccb7443..e5081a6f 100644 --- a/src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml +++ b/src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml @@ -5,7 +5,7 @@ get: - hs-booking-projects operationId: listBookingProjectsByDebitorUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: debitorUuid in: query @@ -34,7 +34,7 @@ post: - hs-booking-projects operationId: addBookingProject parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new booking project. diff --git a/src/main/resources/api-definition/hs-hosting/auth.yaml b/src/main/resources/api-definition/hs-hosting/auth.yaml index 65d491fb..e46f0f38 100644 --- a/src/main/resources/api-definition/hs-hosting/auth.yaml +++ b/src/main/resources/api-definition/hs-hosting/auth.yaml @@ -3,8 +3,8 @@ components: parameters: - currentUser: - name: current-user + currentSubject: + name: current-subject in: header required: true schema: diff --git a/src/main/resources/api-definition/hs-hosting/hs-hosting-assets-with-uuid.yaml b/src/main/resources/api-definition/hs-hosting/hs-hosting-assets-with-uuid.yaml index 6630d245..625afdd0 100644 --- a/src/main/resources/api-definition/hs-hosting/hs-hosting-assets-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-hosting/hs-hosting-assets-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single managed asset by its uuid, if visible for the current subject.' operationId: getAssetByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: assetUuid in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single hosting asset identified by its uuid, if permitted for the current subject.' operationId: patchAsset parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: assetUuid in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single hosting asset identified by its uuid, if permitted for the current subject.' operationId: deleteAssetUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: assetUuid in: path diff --git a/src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml b/src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml index 8a208c68..6396d2a7 100644 --- a/src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml +++ b/src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml @@ -5,7 +5,7 @@ get: - hs-hosting-assets operationId: listAssets parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: projectUuid in: query @@ -47,7 +47,7 @@ post: - hs-hosting-assets operationId: addAsset parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new hosting asset. diff --git a/src/main/resources/api-definition/hs-office/hs-office-bankaccounts-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-bankaccounts-with-uuid.yaml index 44f89fa1..cdef972a 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-bankaccounts-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-bankaccounts-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single bank account by its uuid, if visible for the current subject.' operationId: getBankAccountByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bankAccountUUID in: path @@ -31,7 +31,7 @@ delete: description: 'Delete a single bank account by its uuid, if permitted for the current subject.' operationId: deleteBankAccountByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bankAccountUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml b/src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml index 75380d5d..2207fd9c 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml @@ -5,7 +5,7 @@ get: - hs-office-bank-accounts operationId: listBankAccounts parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: holder in: query @@ -33,7 +33,7 @@ post: - hs-office-bank-accounts operationId: addBankAccount parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/hs-office/hs-office-contacts-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-contacts-with-uuid.yaml index 13e96f39..a6561e8d 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-contacts-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-contacts-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single business contact by its uuid, if visible for the current subject.' operationId: getContactByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: contactUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single contact by its uuid, if permitted for the current subject.' operationId: patchContact parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: contactUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single business contact by its uuid, if permitted for the current subject.' operationId: deleteContactByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: contactUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-contacts.yaml b/src/main/resources/api-definition/hs-office/hs-office-contacts.yaml index 52d54a87..03a6ff70 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-contacts.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-contacts.yaml @@ -5,7 +5,7 @@ get: - hs-office-contacts operationId: listContacts parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query @@ -33,7 +33,7 @@ post: - hs-office-contacts operationId: addContact parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/hs-office/hs-office-coopassets-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-coopassets-with-uuid.yaml index 7fd6d243..51d51c2c 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-coopassets-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-coopassets-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single asset transaction by its uuid, if visible for the current subject.' operationId: getCoopAssetTransactionByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: assetTransactionUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml b/src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml index aa0ae953..24ffd3d1 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml @@ -5,7 +5,7 @@ get: - hs-office-coopAssets operationId: listCoopAssets parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: membershipUuid in: query @@ -48,7 +48,7 @@ post: - hs-office-coopAssets operationId: addCoopAssetsTransaction parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new cooperative assets transaction. diff --git a/src/main/resources/api-definition/hs-office/hs-office-coopshares-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-coopshares-with-uuid.yaml index cd7ff827..a37dbf7e 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-coopshares-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-coopshares-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single share transaction by its uuid, if visible for the current subject.' operationId: getCoopShareTransactionByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: shareTransactionUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml b/src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml index 338018ad..a886ab82 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml @@ -5,7 +5,7 @@ get: - hs-office-coopShares operationId: listCoopShares parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: membershipUuid in: query @@ -48,7 +48,7 @@ post: - hs-office-coopShares operationId: addCoopSharesTransaction parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new cooperative shares transaction. diff --git a/src/main/resources/api-definition/hs-office/hs-office-debitors-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-debitors-with-uuid.yaml index 09c6d42d..feb8e473 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-debitors-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-debitors-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single debitor by its uuid, if visible for the current subject.' operationId: getDebitorByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: debitorUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single debitor by its uuid, if permitted for the current subject.' operationId: patchDebitor parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: debitorUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single debitor by its uuid, if permitted for the current subject.' operationId: deleteDebitorByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: debitorUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-debitors.yaml b/src/main/resources/api-definition/hs-office/hs-office-debitors.yaml index 5936198b..e0327d2f 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-debitors.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-debitors.yaml @@ -5,7 +5,7 @@ get: - hs-office-debitors operationId: listDebitors parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query @@ -39,7 +39,7 @@ post: - hs-office-debitors operationId: addDebitor parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/hs-office/hs-office-memberships-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-memberships-with-uuid.yaml index 4bd1b3fb..1511e09f 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-memberships-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-memberships-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single membership by its uuid, if visible for the current subject.' operationId: getMembershipByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: membershipUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single membership by its uuid, if permitted for the current subject.' operationId: patchMembership parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: membershipUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single membership by its uuid, if permitted for the current subject.' operationId: deleteMembershipByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: membershipUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-memberships.yaml b/src/main/resources/api-definition/hs-office/hs-office-memberships.yaml index 260dee51..e394faf0 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-memberships.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-memberships.yaml @@ -6,7 +6,7 @@ get: - hs-office-memberships operationId: listMemberships parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: partnerUuid in: query @@ -41,7 +41,7 @@ post: - hs-office-memberships operationId: addMembership parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new membership. diff --git a/src/main/resources/api-definition/hs-office/hs-office-partners-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-partners-with-uuid.yaml index 914df66b..e19e6cd2 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-partners-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-partners-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single business partner by its uuid, if visible for the current subject.' operationId: getPartnerByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: partnerUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single business partner by its uuid, if permitted for the current subject.' operationId: patchPartner parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: partnerUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single business partner by its uuid, if permitted for the current subject.' operationId: deletePartnerByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: partnerUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-partners.yaml b/src/main/resources/api-definition/hs-office/hs-office-partners.yaml index 1f6ee36e..1936a7cb 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-partners.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-partners.yaml @@ -5,7 +5,7 @@ get: - hs-office-partners operationId: listPartners parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query @@ -33,7 +33,7 @@ post: - hs-office-partners operationId: addPartner parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/hs-office/hs-office-persons-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-persons-with-uuid.yaml index 1b90c777..fe63c509 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-persons-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-persons-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single business person by its uuid, if visible for the current subject.' operationId: getPersonByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: personUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single person by its uuid, if permitted for the current subject.' operationId: patchPerson parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: personUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single business person by its uuid, if permitted for the current subject.' operationId: deletePersonByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: personUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-persons.yaml b/src/main/resources/api-definition/hs-office/hs-office-persons.yaml index f7cba51a..71471c83 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-persons.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-persons.yaml @@ -5,7 +5,7 @@ get: - hs-office-persons operationId: listPersons parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query @@ -33,7 +33,7 @@ post: - hs-office-persons operationId: addPerson parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml index 4e8010e7..3dbe1391 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single person relation by its uuid, if visible for the current subject.' operationId: getRelationByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: relationUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single person relation by its uuid, if permitted for the current subject.' operationId: patchRelation parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: relationUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single person relation by its uuid, if permitted for the current subject.' operationId: deleteRelationByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: relationUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-relations.yaml b/src/main/resources/api-definition/hs-office/hs-office-relations.yaml index 94131df5..0bcb9145 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-relations.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-relations.yaml @@ -5,7 +5,7 @@ get: - hs-office-relations operationId: listRelations parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: personUuid in: query @@ -40,7 +40,7 @@ post: - hs-office-relations operationId: addRelation parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/hs-office/hs-office-sepamandates-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-sepamandates-with-uuid.yaml index 52d050ee..1e14a235 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-sepamandates-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-sepamandates-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single SEPA Mandate by its uuid, if visible for the current subject.' operationId: getSepaMandateByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: sepaMandateUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single SEPA Mandate by its uuid, if permitted for the current subject.' operationId: patchSepaMandate parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: sepaMandateUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single SEPA Mandate by its uuid, if permitted for the current subject.' operationId: deleteSepaMandateByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: sepaMandateUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml b/src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml index 82f8f154..76f28092 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml @@ -5,7 +5,7 @@ get: - hs-office-sepaMandates operationId: listSepaMandatesByIBAN parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query @@ -33,7 +33,7 @@ post: - hs-office-sepaMandates operationId: addSepaMandate parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new SEPA-Mandate. diff --git a/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml b/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml index b45ebb4e..5bdcd29e 100644 --- a/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml +++ b/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml @@ -3,7 +3,7 @@ get: - rbac-grants operationId: getGrantById parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: grantedRoleUuid in: path @@ -38,7 +38,7 @@ delete: - rbac-grants operationId: revokeRoleFromUser parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: grantedRoleUuid in: path diff --git a/src/main/resources/api-definition/rbac/rbac-grants.yaml b/src/main/resources/api-definition/rbac/rbac-grants.yaml index 16011bcd..1452b8c6 100644 --- a/src/main/resources/api-definition/rbac/rbac-grants.yaml +++ b/src/main/resources/api-definition/rbac/rbac-grants.yaml @@ -3,7 +3,7 @@ get: - rbac-grants operationId: listUserGrants parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' responses: "200": @@ -20,7 +20,7 @@ post: - rbac-grants operationId: grantRoleToUser parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: required: true diff --git a/src/main/resources/api-definition/rbac/rbac-roles.yaml b/src/main/resources/api-definition/rbac/rbac-roles.yaml index b97aa387..e35ee44e 100644 --- a/src/main/resources/api-definition/rbac/rbac-roles.yaml +++ b/src/main/resources/api-definition/rbac/rbac-roles.yaml @@ -3,7 +3,7 @@ get: - rbac-roles operationId: listRoles parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' responses: "200": diff --git a/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml b/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml index ba6eb3fe..34ea9fcc 100644 --- a/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml +++ b/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml @@ -4,7 +4,7 @@ get: description: 'List all visible permissions granted to the given user; reduced ' operationId: listUserPermissions parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: userUuid in: path diff --git a/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml b/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml index 058fc5cd..974faa3c 100644 --- a/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml +++ b/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single user by its id, if visible for the current subject.' operationId: getUserById parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: userUuid in: path @@ -31,7 +31,7 @@ delete: - rbac-users operationId: deleteUserByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: userUuid in: path diff --git a/src/main/resources/api-definition/rbac/rbac-users.yaml b/src/main/resources/api-definition/rbac/rbac-users.yaml index 4acb729e..e447f25d 100644 --- a/src/main/resources/api-definition/rbac/rbac-users.yaml +++ b/src/main/resources/api-definition/rbac/rbac-users.yaml @@ -4,7 +4,7 @@ get: description: List accessible RBAC users with optional filter by name. operationId: listUsers parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query diff --git a/src/main/resources/api-definition/test/test-customers.yaml b/src/main/resources/api-definition/test/test-customers.yaml index 89a8fb6b..25800099 100644 --- a/src/main/resources/api-definition/test/test-customers.yaml +++ b/src/main/resources/api-definition/test/test-customers.yaml @@ -5,7 +5,7 @@ get: - testCustomers operationId: listCustomers parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: prefix in: query @@ -33,7 +33,7 @@ post: - testCustomers operationId: addCustomer parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/test/test-packages-uuid.yaml b/src/main/resources/api-definition/test/test-packages-uuid.yaml index 4fc8ef80..994810df 100644 --- a/src/main/resources/api-definition/test/test-packages-uuid.yaml +++ b/src/main/resources/api-definition/test/test-packages-uuid.yaml @@ -3,7 +3,7 @@ patch: - testPackages operationId: updatePackage parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: packageUUID in: path diff --git a/src/main/resources/api-definition/test/test-packages.yaml b/src/main/resources/api-definition/test/test-packages.yaml index 6a3e0e7f..98190e30 100644 --- a/src/main/resources/api-definition/test/test-packages.yaml +++ b/src/main/resources/api-definition/test/test-packages.yaml @@ -3,7 +3,7 @@ get: - testPackages operationId: listPackages parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query diff --git a/src/main/resources/db/changelog/0-basis/000-basis-schema.sql b/src/main/resources/db/changelog/0-basis/000-basis-schema.sql index 689a94ba..a20d690f 100644 --- a/src/main/resources/db/changelog/0-basis/000-basis-schema.sql +++ b/src/main/resources/db/changelog/0-basis/000-basis-schema.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset basis-schema:1 endDelimiter:--// +--changeset basis-SCHEMA:1 endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE SCHEMA basis; --// diff --git a/src/main/resources/db/changelog/0-basis/010-context.sql b/src/main/resources/db/changelog/0-basis/010-context.sql index e0ff1818..d6e14ee6 100644 --- a/src/main/resources/db/changelog/0-basis/010-context.sql +++ b/src/main/resources/db/changelog/0-basis/010-context.sql @@ -12,7 +12,7 @@ create procedure basis.contextDefined( currentTask varchar(127), currentRequest text, - currentUser varchar(63), + currentSubject varchar(63), assumedRoles varchar(1023) ) language plpgsql as $$ @@ -25,7 +25,7 @@ end; $$; create or replace procedure basis.defineContext( currentTask varchar(127), currentRequest text = null, - currentUser varchar(63) = null, + currentSubject varchar(63) = null, assumedRoles varchar(1023) = null ) language plpgsql as $$ @@ -38,15 +38,15 @@ begin currentRequest := coalesce(currentRequest, ''); execute format('set local hsadminng.currentRequest to %L', currentRequest); - currentUser := coalesce(currentUser, ''); - assert length(currentUser) <= 63, FORMAT('currentUser must not be longer than 63 characters: "%s"', currentUser); - execute format('set local hsadminng.currentUser to %L', currentUser); + currentSubject := coalesce(currentSubject, ''); + assert length(currentSubject) <= 63, FORMAT('currentSubject must not be longer than 63 characters: "%s"', currentSubject); + execute format('set local hsadminng.currentSubject to %L', currentSubject); assumedRoles := coalesce(assumedRoles, ''); assert length(assumedRoles) <= 1023, FORMAT('assumedRoles must not be longer than 1023 characters: "%s"', assumedRoles); execute format('set local hsadminng.assumedRoles to %L', assumedRoles); - call basis.contextDefined(currentTask, currentRequest, currentUser, assumedRoles); + call basis.contextDefined(currentTask, currentRequest, currentSubject, assumedRoles); end; $$; --// @@ -105,25 +105,25 @@ end; $$; -- ============================================================================ ---changeset context-CURRENT-USER:1 endDelimiter:--// +--changeset context-current-subject:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns the current user as defined by `basis.defineContext(...)`. */ -create or replace function basis.currentUser() +create or replace function basis.currentSubject() -- FIXME: move to schema rbac? returns varchar(63) stable -- leakproof language plpgsql as $$ declare - currentUser varchar(63); + currentSubject varchar(63); begin begin - currentUser := current_setting('hsadminng.currentUser'); + currentSubject := current_setting('hsadminng.currentSubject'); exception when others then - currentUser := null; + currentSubject := null; end; - return currentUser; + return currentSubject; end; $$; --// @@ -217,7 +217,7 @@ begin if array_length(assumedRoles, 1) > 0 then return assumedRoles; else - return array [basis.currentUser()]::varchar(1023)[]; + return array [basis.currentSubject()]::varchar(1023)[]; end if; end; $$; diff --git a/src/main/resources/db/changelog/0-basis/020-audit-log.sql b/src/main/resources/db/changelog/0-basis/020-audit-log.sql index 51efc301..b1835fff 100644 --- a/src/main/resources/db/changelog/0-basis/020-audit-log.sql +++ b/src/main/resources/db/changelog/0-basis/020-audit-log.sql @@ -25,7 +25,7 @@ create table basis.tx_context ( txId xid8 primary key not null, txTimestamp timestamp not null, - currentUser varchar(63) not null, -- not the uuid, because users can be deleted + currentSubject varchar(63) not null, -- not the uuid, because users can be deleted assumedRoles varchar(1023) not null, -- not the uuids, because roles can be deleted currentTask varchar(127) not null, currentRequest text not null @@ -82,9 +82,9 @@ begin curTxId := pg_current_xact_id(); insert - into basis.tx_context (txId, txTimestamp, currentUser, assumedRoles, currentTask, currentRequest) + into basis.tx_context (txId, txTimestamp, currentSubject, assumedRoles, currentTask, currentRequest) values ( curTxId, now(), - basis.currentUser(), basis.assumedRoles(), curTask, basis.currentRequest()) + basis.currentSubject(), basis.assumedRoles(), curTask, basis.currentRequest()) on conflict do nothing; case tg_op @@ -123,7 +123,7 @@ declare begin targetTable := lower(targetTable); - createTriggerSQL = 'CREATE TRIGGER ' || targetTable || '_journal' || + createTriggerSQL = 'CREATE TRIGGER tx_journal_tg' || ' AFTER INSERT OR UPDATE OR DELETE ON ' || targetTable || ' FOR EACH ROW EXECUTE PROCEDURE basis.tx_journal_trigger()'; execute createTriggerSQL; diff --git a/src/main/resources/db/changelog/0-basis/030-historization.sql b/src/main/resources/db/changelog/0-basis/030-historization.sql index 6368df06..dd523006 100644 --- a/src/main/resources/db/changelog/0-basis/030-historization.sql +++ b/src/main/resources/db/changelog/0-basis/030-historization.sql @@ -47,7 +47,7 @@ create or replace function tx_historicize_tf() language plpgsql strict as $$ declare - currentUser varchar(63); + currentSubject varchar(63); currentTask varchar(127); "row" record; "alive" boolean; @@ -55,15 +55,15 @@ declare begin -- determine user_id begin - currentUser := current_setting('hsadminng.currentUser'); + currentSubject := current_setting('hsadminng.currentSubject'); exception when others then - currentUser := null; + currentSubject := null; end; - if (currentUser is null or currentUser = '') then - raise exception 'hsadminng.currentUser must be defined, please use "SET LOCAL ...;"'; + if (currentSubject is null or currentSubject = '') then + raise exception 'hsadminng.currentSubject must be defined, please use "SET LOCAL ...;"'; end if; - raise notice 'currentUser: %', currentUser; + raise notice 'currentSubject: %', currentSubject; -- determine task currentTask = current_setting('hsadminng.currentTask'); diff --git a/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql b/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql new file mode 100644 index 00000000..14f3ba93 --- /dev/null +++ b/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql @@ -0,0 +1,8 @@ +--liquibase formatted sql + + +-- ============================================================================ +--changeset rbac-SCHEMA:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- +CREATE SCHEMA rbac; +--// diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 695719be..99665c18 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -6,25 +6,25 @@ /* */ -create type ReferenceType as enum ('RbacUser', 'RbacRole', 'RbacPermission'); +create type rbac.referenceType as enum ('rbac.subject', 'RbacRole', 'RbacPermission'); -create table RbacReference +create table rbac.reference ( uuid uuid unique default uuid_generate_v4(), - type ReferenceType not null + type rbac.referenceType not null ); -create or replace function assertReferenceType(argument varchar, referenceId uuid, expectedType ReferenceType) - returns ReferenceType +create or replace function rbac.assertReferenceType(argument varchar, referenceId uuid, expectedType rbac.referenceType) + returns rbac.referenceType language plpgsql as $$ declare - actualType ReferenceType; + actualType rbac.referenceType; begin if referenceId is null then raise exception '% must be a % and not null', argument, expectedType; end if; - actualType = (select type from RbacReference where uuid = referenceId); + actualType = (select type from rbac.reference where uuid = referenceId); if (actualType <> expectedType) then raise exception '% must reference a %, but got a %', argument, expectedType, actualType; end if; @@ -33,20 +33,20 @@ end; $$; --// -- ============================================================================ ---changeset rbac-base-USER:1 endDelimiter:--// +--changeset rbac-base-SUBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* */ -create table RbacUser +create table rbac.subject ( - uuid uuid primary key references RbacReference (uuid) on delete cascade, + uuid uuid primary key references rbac.reference (uuid) on delete cascade, name varchar(63) not null unique ); -call basis.create_journal('RbacUser'); +call basis.create_journal('rbac.subject'); -create or replace function createRbacUser(userName varchar) +create or replace function rbac.create_subject(subjectName varchar) returns uuid returns null on null input language plpgsql as $$ @@ -54,37 +54,37 @@ declare objectId uuid; begin insert - into RbacReference (type) - values ('RbacUser') + into rbac.reference (type) + values ('rbac.subject') returning uuid into objectId; insert - into RbacUser (uuid, name) - values (objectid, userName); + into rbac.subject (uuid, name) + values (objectid, subjectName); return objectId; end; $$; -create or replace function createRbacUser(refUuid uuid, userName varchar) +create or replace function rbac.create_subject(refUuid uuid, subjectName varchar) returns uuid called on null input language plpgsql as $$ begin insert - into RbacReference as r (uuid, type) - values (coalesce(refUuid, uuid_generate_v4()), 'RbacUser') + into rbac.reference as r (uuid, type) + values (coalesce(refUuid, uuid_generate_v4()), 'rbac.subject') returning r.uuid into refUuid; insert - into RbacUser (uuid, name) - values (refUuid, userName); + into rbac.subject (uuid, name) + values (refUuid, subjectName); return refUuid; end; $$; -create or replace function findRbacUserId(userName varchar) +create or replace function rbac.find_subject_id(subjectName varchar) returns uuid returns null on null input language sql as $$ -select uuid from RbacUser where name = userName +select uuid from rbac.subject where name = subjectName $$; --// @@ -94,7 +94,7 @@ $$; /* */ -create table RbacObject +create table rbac.object ( uuid uuid primary key default uuid_generate_v4(), serialId serial, -- TODO.perf: only needed for reverse deletion of temp test data @@ -102,7 +102,7 @@ create table RbacObject unique (objectTable, uuid) ); -call basis.create_journal('RbacObject'); +call basis.create_journal('rbac.object'); --// @@ -112,9 +112,9 @@ call basis.create_journal('RbacObject'); -- ---------------------------------------------------------------------------- /* - Inserts related RbacObject for use in the BEFORE ONSERT TRIGGERs on the business objects. + Inserts related rbac.object for use in the BEFORE INSERT TRIGGERs on the business objects. */ -create or replace function insertRelatedRbacObject() +create or replace function rbac.insert_related_object() returns trigger language plpgsql strict as $$ @@ -124,13 +124,13 @@ begin if TG_OP = 'INSERT' then if NEW.uuid is null then insert - into RbacObject (objectTable) + into rbac.object (objectTable) values (TG_TABLE_NAME) returning uuid into objectUuid; NEW.uuid = objectUuid; else insert - into RbacObject (uuid, objectTable) + into rbac.object (uuid, objectTable) values (NEW.uuid, TG_TABLE_NAME) returning uuid into objectUuid; end if; @@ -141,7 +141,7 @@ begin end; $$; /* - Deletes related RbacObject for use in the BEFORE DELETE TRIGGERs on the business objects. + Deletes related rbac.object for use in the BEFORE DELETE TRIGGERs on the business objects. */ create or replace function deleteRelatedRbacObject() returns trigger @@ -149,7 +149,7 @@ create or replace function deleteRelatedRbacObject() strict as $$ begin if TG_OP = 'DELETE' then - delete from RbacObject where rbacobject.uuid = old.uuid; + delete from rbac.object where rbac.object.uuid = old.uuid; else raise exception 'invalid usage of TRIGGER BEFORE DELETE'; end if; @@ -168,8 +168,8 @@ create type RbacRoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', create table RbacRole ( - uuid uuid primary key references RbacReference (uuid) on delete cascade initially deferred, -- initially deferred - objectUuid uuid not null references RbacObject (uuid) initially deferred, + uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred + objectUuid uuid not null references rbac.object (uuid) initially deferred, roleType RbacRoleType not null, unique (objectUuid, roleType) ); @@ -217,7 +217,7 @@ declare referenceId uuid; begin insert - into RbacReference (type) + into rbac.reference (type) values ('RbacRole') returning uuid into referenceId; insert @@ -231,7 +231,7 @@ $$; create or replace procedure deleteRole(roleUUid uuid) language plpgsql as $$ begin - --raise exception '% deleting role uuid %', currentsubjectsuuids(), roleUUid; + --raise exception '% deleting role uuid %', rbac.currentSubjectOrAssumedRolesUuids(), roleUUid; delete from RbacRole where uuid = roleUUid; end; $$; @@ -323,7 +323,7 @@ execute procedure deleteRbacGrantsOfRbacRole(); -- ---------------------------------------------------------------------------- /* - RbacObject BEFORE DELETE TRIGGER function which deletes all related roles. + rbac.object BEFORE DELETE TRIGGER function which deletes all related roles. */ create or replace function deleteRbacRolesOfRbacObject() returns trigger @@ -344,7 +344,7 @@ end; $$; */ create trigger deleteRbacRolesOfRbacObject_Trigger before delete - on RbacObject + on rbac.object for each row execute procedure deleteRbacRolesOfRbacObject(); --// @@ -367,8 +367,8 @@ create domain RbacOp as varchar(6) create table RbacPermission ( - uuid uuid primary key references RbacReference (uuid) on delete cascade, - objectUuid uuid not null references RbacObject, + uuid uuid primary key references rbac.reference (uuid) on delete cascade, + objectUuid uuid not null references rbac.object, op RbacOp not null, opTableName varchar(60) ); @@ -402,7 +402,7 @@ begin where objectUuid = forObjectUuid and op = forOp and opTableName is not distinct from forOpTableName); if (permissionUuid is null) then - insert into RbacReference ("type") + insert into rbac.reference ("type") values ('RbacPermission') returning uuid into permissionUuid; begin @@ -482,15 +482,15 @@ $$; --changeset rbac-base-GRANTS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Table to store grants / role- or permission assignments to users or roles. + Table to store grants / role- or permission assignments to subjects or roles. */ create table RbacGrants ( uuid uuid primary key default uuid_generate_v4(), - grantedByTriggerOf uuid references RbacObject (uuid) on delete cascade initially deferred , + grantedByTriggerOf uuid references rbac.object (uuid) on delete cascade initially deferred , grantedByRoleUuid uuid references RbacRole (uuid), - ascendantUuid uuid references RbacReference (uuid), - descendantUuid uuid references RbacReference (uuid), + ascendantUuid uuid references rbac.reference (uuid), + descendantUuid uuid references rbac.reference (uuid), assumed boolean not null default true, -- auto assumed (true) vs. needs assumeRoles (false) unique (ascendantUuid, descendantUuid), constraint rbacGrant_createdBy check ( grantedByRoleUuid is null or grantedByTriggerOf is null) ); @@ -499,7 +499,7 @@ create index on RbacGrants (descendantUuid); call basis.create_journal('RbacGrants'); create or replace function findGrantees(grantedId uuid) - returns setof RbacReference + returns setof rbac.reference returns null on null input language sql as $$ with recursive grants as ( @@ -513,7 +513,7 @@ with recursive grants as ( ) select ref.* from grants - join RbacReference ref on ref.uuid = grants.ascendantUuid; + join rbac.reference ref on ref.uuid = grants.ascendantUuid; $$; create or replace function isGranted(granteeIds uuid[], grantedId uuid) @@ -574,7 +574,7 @@ begin end; $$; -create or replace function hasGlobalRoleGranted(userUuid uuid) +create or replace function hasGlobalRoleGranted(forAscendantUuid uuid) returns bool stable -- leakproof language sql as $$ @@ -582,8 +582,8 @@ select exists( select r.uuid from RbacGrants as g join RbacRole as r on r.uuid = g.descendantuuid - join RbacObject as o on o.uuid = r.objectuuid - where g.ascendantuuid = userUuid + join rbac.object as o on o.uuid = r.objectuuid + where g.ascendantuuid = forAscendantUuid and o.objecttable = 'global' ); $$; @@ -591,8 +591,8 @@ $$; create or replace procedure grantPermissionToRole(permissionUuid uuid, roleUuid uuid) language plpgsql as $$ begin - perform assertReferenceType('roleId (ascendant)', roleUuid, 'RbacRole'); - perform assertReferenceType('permissionId (descendant)', permissionUuid, 'RbacPermission'); + perform rbac.assertReferenceType('roleId (ascendant)', roleUuid, 'RbacRole'); + perform rbac.assertReferenceType('permissionId (descendant)', permissionUuid, 'RbacPermission'); insert into RbacGrants (grantedByTriggerOf, ascendantUuid, descendantUuid, assumed) @@ -611,8 +611,8 @@ $$; create or replace procedure grantRoleToRole(subRoleId uuid, superRoleId uuid, doAssume bool = true) language plpgsql as $$ begin - perform assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); - perform assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); + perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); + perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); if isGranted(subRoleId, superRoleId) then call raiseDuplicateRoleGrantException(subRoleId, superRoleId); @@ -639,8 +639,8 @@ begin superRoleId := findRoleId(superRole); subRoleId := findRoleId(subRole); - perform assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); - perform assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); + perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); + perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); if isGranted(subRoleId, superRoleId) then call raiseDuplicateRoleGrantException(subRoleId, superRoleId); @@ -661,8 +661,8 @@ begin superRoleId := findRoleId(superRole); subRoleId := findRoleId(subRole); - perform assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); - perform assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); + perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); + perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); if (isGranted(superRoleId, subRoleId)) then delete from RbacGrants where ascendantUuid = superRoleId and descendantUuid = subRoleId; @@ -682,8 +682,8 @@ declare begin superRoleId := findRoleId(superRole); - perform assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); - perform assertReferenceType('permission (descendant)', permissionId, 'RbacPermission'); + perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); + perform rbac.assertReferenceType('permission (descendant)', permissionId, 'RbacPermission'); if (isGranted(superRoleId, permissionId)) then delete from RbacGrants where ascendantUuid = superRoleId and descendantUuid = permissionId; @@ -691,7 +691,7 @@ begin select p.op, o.objectTable, o.uuid from rbacGrants g join rbacPermission p on p.uuid=g.descendantUuid - join rbacobject o on o.uuid=p.objectUuid + join rbac.object o on o.uuid=p.objectUuid where g.uuid=permissionId into permissionOp, objectTable, objectUuid; @@ -736,7 +736,7 @@ begin SELECT DISTINCT perm.objectUuid FROM granted JOIN RbacPermission perm ON granted.descendantUuid = perm.uuid - JOIN RbacObject obj ON obj.uuid = perm.objectUuid + JOIN rbac.object obj ON obj.uuid = perm.objectUuid WHERE (requiredOp = 'SELECT' OR perm.op = requiredOp) AND obj.objectTable = forObjectTable LIMIT maxObjects+1; @@ -756,7 +756,7 @@ $$; --changeset rbac-base-QUERY-GRANTED-PERMISSIONS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns all permissions accessible to the given subject UUID (user or role). + Returns all permissions accessible to the given subject UUID (subject or role). */ create or replace function queryPermissionsGrantedToSubjectId(subjectId uuid) returns setof RbacPermission @@ -782,18 +782,18 @@ $$; --// -- ============================================================================ ---changeset rbac-base-QUERY-USERS-WITH-PERMISSION-FOR-OBJECT:1 endDelimiter:--// +--changeset rbac-base-QUERY-SUBJECTS-WITH-PERMISSION-FOR-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns all user UUIDs which have any permission for the given object UUID. + Returns all subject UUIDs which have any permission for the given object UUID. */ -create or replace function queryAllRbacUsersWithPermissionsFor(objectId uuid) - returns setof RbacUser +create or replace function queryAllRbacSubjectsWithPermissionsFor(objectId uuid) + returns setof rbac.subject returns null on null input language sql as $$ select * - from RbacUser + from rbac.subject where uuid in ( -- @formatter:off with recursive grants as ( diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql index 99a0b349..087a2e2f 100644 --- a/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql +++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql @@ -9,23 +9,23 @@ create or replace function assumedRoleUuid() stable -- leakproof language plpgsql as $$ declare - currentSubjectsUuids uuid[]; + currentSubjectOrAssumedRolesUuids uuid[]; begin -- exactly one role must be assumed, not none not more than one if cardinality(basis.assumedRoles()) <> 1 then raise exception '[400] Granting roles to user is only possible if exactly one role is assumed, given: %', basis.assumedRoles(); end if; - currentSubjectsUuids := currentSubjectsUuids(); - return currentSubjectsUuids[1]; + currentSubjectOrAssumedRolesUuids := rbac.currentSubjectOrAssumedRolesUuids(); + return currentSubjectOrAssumedRolesUuids[1]; end; $$; create or replace procedure grantRoleToUserUnchecked(grantedByRoleUuid uuid, grantedRoleUuid uuid, userUuid uuid, doAssume boolean = true) language plpgsql as $$ begin - perform assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole'); - perform assertReferenceType('roleId (descendant)', grantedRoleUuid, 'RbacRole'); - perform assertReferenceType('userId (ascendant)', userUuid, 'RbacUser'); + perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('roleId (descendant)', grantedRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('userId (ascendant)', userUuid, 'rbac.subject'); insert into RbacGrants (grantedByRoleUuid, ascendantUuid, descendantUuid, assumed) @@ -40,18 +40,18 @@ declare grantedByRoleIdName text; grantedRoleIdName text; begin - perform assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole'); - perform assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole'); - perform assertReferenceType('userUuid (ascendant)', userUuid, 'RbacUser'); + perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('userUuid (ascendant)', userUuid, 'rbac.subject'); assert grantedByRoleUuid is not null, 'grantedByRoleUuid must not be null'; assert grantedRoleUuid is not null, 'grantedRoleUuid must not be null'; assert userUuid is not null, 'userUuid must not be null'; - if NOT isGranted(currentSubjectsUuids(), grantedByRoleUuid) then + if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then select roleIdName from rbacRole_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)', - grantedByRoleIdName, grantedByRoleUuid, currentSubjects(), currentSubjectsUuids(); + grantedByRoleIdName, grantedByRoleUuid, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end if; if NOT isGranted(grantedByRoleUuid, grantedRoleUuid) then select roleIdName from rbacRole_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; @@ -77,11 +77,11 @@ end; $$; create or replace procedure checkRevokeRoleFromUserPreconditions(grantedByRoleUuid uuid, grantedRoleUuid uuid, userUuid uuid) language plpgsql as $$ begin - perform assertReferenceType('grantedByRoleUuid', grantedByRoleUuid, 'RbacRole'); - perform assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole'); - perform assertReferenceType('userUuid (ascendant)', userUuid, 'RbacUser'); + perform rbac.assertReferenceType('grantedByRoleUuid', grantedByRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('userUuid (ascendant)', userUuid, 'rbac.subject'); - if NOT isGranted(currentSubjectsUuids(), grantedByRoleUuid) then + if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, currentSubjects(); end if; @@ -89,8 +89,8 @@ begin raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, currentSubjects(); end if; - --raise exception 'isGranted(%, %)', currentSubjectsUuids(), grantedByRoleUuid; - if NOT isGranted(currentSubjectsUuids(), grantedByRoleUuid) then + --raise exception 'isGranted(%, %)', rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid; + if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, currentSubjects(); end if; diff --git a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql index 552bcd22..2380c84d 100644 --- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql @@ -5,25 +5,25 @@ --changeset rbac-context-DETERMINE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace function determineCurrentUserUuid(currentUser varchar) +create or replace function determineCurrentSubjectUuid(currentSubject varchar) returns uuid stable -- leakproof language plpgsql as $$ declare - currentUserUuid uuid; + currentSubjectUuid uuid; begin - if currentUser = '' then + if currentSubject = '' then return null; end if; - select uuid from RbacUser where name = currentUser into currentUserUuid; - if currentUserUuid is null then - raise exception '[401] user % given in `basis.defineContext(...)` does not exist', currentUser; + select uuid from rbac.subject where name = currentSubject into currentSubjectUuid; + if currentSubjectUuid is null then + raise exception '[401] subject % given in `basis.defineContext(...)` does not exist', currentSubject; end if; - return currentUserUuid; + return currentSubjectUuid; end; $$; -create or replace function determineCurrentSubjectsUuids(currentUserUuid uuid, assumedRoles varchar) +create or replace function determineCurrentSubjectOrAssumedRolesUuids(currentSubjectOrAssumedRolesUuids uuid, assumedRoles varchar) returns uuid[] stable -- leakproof language plpgsql as $$ @@ -37,7 +37,7 @@ declare roleIdsToAssume uuid[]; roleUuidToAssume uuid; begin - if currentUserUuid is null then + if currentSubjectOrAssumedRolesUuids is null then if length(coalesce(assumedRoles, '')) > 0 then raise exception '[403] undefined has no permission to assume role %', assumedRoles; else @@ -45,7 +45,7 @@ begin end if; end if; if length(coalesce(assumedRoles, '')) = 0 then - return array [currentUserUuid]; + return array [currentSubjectOrAssumedRolesUuids]; end if; foreach roleName in array string_to_array(assumedRoles, ';') @@ -66,10 +66,10 @@ begin and r.roleType = roleTypeToAssume into roleUuidToAssume; if roleUuidToAssume is null then - raise exception '[403] role % does not exist or is not accessible for user %', roleName, basis.currentUser(); + raise exception '[403] role % does not exist or is not accessible for subject %', roleName, basis.currentSubject(); end if; - if not isGranted(currentUserUuid, roleUuidToAssume) then - raise exception '[403] user % has no permission to assume role %', basis.currentUser(), roleName; + if not isGranted(currentSubjectOrAssumedRolesUuids, roleUuidToAssume) then + raise exception '[403] subject % has no permission to assume role %', basis.currentSubject(), roleName; end if; roleIdsToAssume := roleIdsToAssume || roleUuidToAssume; end loop; @@ -87,59 +87,59 @@ end; $$; create or replace procedure basis.contextDefined( currentTask varchar(127), currentRequest text, - currentUser varchar(63), + currentSubject varchar(63), assumedRoles varchar(1023) ) language plpgsql as $$ declare - currentUserUuid uuid; + currentSubjectUuid uuid; begin execute format('set local hsadminng.currentTask to %L', currentTask); execute format('set local hsadminng.currentRequest to %L', currentRequest); - execute format('set local hsadminng.currentUser to %L', currentUser); - select determineCurrentUserUuid(currentUser) into currentUserUuid; - execute format('set local hsadminng.currentUserUuid to %L', coalesce(currentUserUuid::text, '')); + execute format('set local hsadminng.currentSubject to %L', currentSubject); + select determineCurrentSubjectUuid(currentSubject) into currentSubjectUuid; + execute format('set local hsadminng.currentSubjectUuid to %L', coalesce(currentSubjectUuid::text, '')); execute format('set local hsadminng.assumedRoles to %L', assumedRoles); - execute format('set local hsadminng.currentSubjectsUuids to %L', - (select array_to_string(determinecurrentSubjectsUuids(currentUserUuid, assumedRoles), ';'))); + execute format('set local hsadminng.currentSubjectOrAssumedRolesUuids to %L', + (select array_to_string(determineCurrentSubjectOrAssumedRolesUuids(currentSubjectUuid, assumedRoles), ';'))); - raise notice 'Context defined as: %, %, %, [%]', currentTask, currentRequest, currentUser, assumedRoles; + raise notice 'Context defined as: %, %, %, [%]', currentTask, currentRequest, currentSubject, assumedRoles; end; $$; -- ============================================================================ ---changeset rbac-context-CURRENT-USER-ID:1 endDelimiter:--// +--changeset rbac-context-current-subject-ID:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the uuid of the current user as set via `basis.defineContext(...)`. + Returns the uuid of the current subject as set via `basis.defineContext(...)`. */ -create or replace function currentUserUuid() +create or replace function rbac.currentSubjectUuid() returns uuid stable -- leakproof language plpgsql as $$ declare - currentUserUuid text; - currentUserName text; + currentSubjectUuid text; + currentSubjectName text; begin begin - currentUserUuid := current_setting('hsadminng.currentUserUuid'); + currentSubjectUuid := current_setting('hsadminng.currentSubjectUuid'); exception when others then - currentUserUuid := null; + currentSubjectUuid := null; end; - if (currentUserUuid is null or currentUserUuid = '') then - currentUserName := basis.currentUser(); - if (length(currentUserName) > 0) then - raise exception '[401] currentUserUuid cannot be determined, unknown user name "%"', currentUserName; + if (currentSubjectUuid is null or currentSubjectUuid = '') then + currentSubjectName := basis.currentSubject(); + if (length(currentSubjectName) > 0) then + raise exception '[401] currentSubjectUuid cannot be determined, unknown subject name "%"', currentSubjectName; else - raise exception '[401] currentUserUuid cannot be determined, please call `basis.defineContext(...)` first;"'; + raise exception '[401] currentSubjectUuid cannot be determined, please call `basis.defineContext(...)` first;"'; end if; end if; - return currentUserUuid::uuid; + return currentSubjectUuid::uuid; end; $$; --// @@ -147,33 +147,33 @@ end; $$; --changeset rbac-context-CURRENT-SUBJECT-UUIDS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the uuid of the current user as set via `basis.defineContext(...)`, + Returns the uuid of the current subject as set via `basis.defineContext(...)`, or, if any, the uuids of all assumed roles as set via `basis.defineContext(...)` or empty array, if context is not defined. */ -create or replace function currentSubjectsUuids() +create or replace function rbac.currentSubjectOrAssumedRolesUuids() returns uuid[] stable -- leakproof language plpgsql as $$ declare - currentSubjectsUuids text; - currentUserName text; + currentSubjectOrAssumedRolesUuids text; + currentSubjectName text; begin begin - currentSubjectsUuids := current_setting('hsadminng.currentSubjectsUuids'); + currentSubjectOrAssumedRolesUuids := current_setting('hsadminng.currentSubjectOrAssumedRolesUuids'); exception when others then - currentSubjectsUuids := null; + currentSubjectOrAssumedRolesUuids := null; end; - if (currentSubjectsUuids is null or length(currentSubjectsUuids) = 0 ) then - currentUserName := basis.currentUser(); - if (length(currentUserName) > 0) then - raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName; + if (currentSubjectOrAssumedRolesUuids is null or length(currentSubjectOrAssumedRolesUuids) = 0 ) then + currentSubjectName := basis.currentSubject(); + if (length(currentSubjectName) > 0) then + raise exception '[401] currentSubjectOrAssumedRolesUuids (%) cannot be determined, unknown subject name "%"', currentSubjectOrAssumedRolesUuids, currentSubjectName; else - raise exception '[401] currentSubjectsUuids cannot be determined, please call `basis.defineContext(...)` with a valid user;"'; + raise exception '[401] currentSubjectOrAssumedRolesUuids cannot be determined, please call `basis.defineContext(...)` with a valid subject;"'; end if; end if; - return string_to_array(currentSubjectsUuids, ';'); + return string_to_array(currentSubjectOrAssumedRolesUuids, ';'); end; $$; --// diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index 38530ba7..e753798e 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -15,7 +15,7 @@ select (objectTable || '#' || objectIdName || ':' || roleType) as roleIdName, * select r.*, o.objectTable, findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName from rbacrole as r - join rbacobject as o on o.uuid = r.objectuuid + join rbac.object as o on o.uuid = r.objectuuid ) as unordered -- @formatter:on order by roleIdName; @@ -36,8 +36,8 @@ select * select r.*, o.objectTable, findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName from rbacrole as r - join rbacobject as o on o.uuid = r.objectuuid - where isGranted(currentSubjectsUuids(), r.uuid) + join rbac.object as o on o.uuid = r.objectuuid + where isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid) ) as unordered -- @formatter:on order by objectTable || '#' || objectIdName || ':' || roleType; @@ -88,17 +88,17 @@ create or replace view rbacgrants_ev as from rbacgrants as g left outer join rbacrole as ar on ar.uuid = g.ascendantUuid - left outer join rbacobject as aro on aro.uuid = ar.objectuuid - left outer join rbacuser as au on au.uuid = g.ascendantUuid + left outer join rbac.object as aro on aro.uuid = ar.objectuuid + left outer join rbac.subject as au on au.uuid = g.ascendantUuid left outer join rbacrole as dr on dr.uuid = g.descendantUuid - left outer join rbacobject as dro on dro.uuid = dr.objectuuid + left outer join rbac.object as dro on dro.uuid = dr.objectuuid left outer join rbacpermission dp on dp.uuid = g.descendantUuid - left outer join rbacobject as dpo on dpo.uuid = dp.objectUuid + left outer join rbac.object as dpo on dpo.uuid = dp.objectUuid ) as x left outer join rbacrole as r on r.uuid = grantedByRoleUuid - left outer join rbacuser u on u.uuid = x.ascendantuuid - left outer join rbacobject go on go.uuid = r.objectuuid + left outer join rbac.subject u on u.uuid = x.ascendantuuid + left outer join rbac.object go on go.uuid = r.objectuuid order by x.ascendingIdName, x.descendingIdName; -- @formatter:on @@ -125,12 +125,12 @@ select o.objectTable || '#' || findIdNameByObjectUuid(o.objectTable, o.uuid) || findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName from rbacgrants as g join rbacrole as r on r.uuid = g.descendantUuid - join rbacobject o on o.uuid = r.objectuuid - left outer join rbacuser u on u.uuid = g.ascendantuuid - where isGranted(currentSubjectsUuids(), r.uuid) + join rbac.object o on o.uuid = r.objectuuid + left outer join rbac.subject u on u.uuid = g.ascendantuuid + where isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid) ) as g join RbacRole as r on r.uuid = grantedByRoleUuid - join RbacObject as o on o.uuid = r.objectUuid + join rbac.object as o on o.uuid = r.objectUuid order by grantedRoleIdName; -- @formatter:on grant all privileges on rbacrole_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; @@ -209,13 +209,13 @@ create or replace view RbacUser_ev as select distinct * -- @formatter:off from ( - select usersInRolesOfCurrentUser.* - from RbacUser as usersInRolesOfCurrentUser - join RbacGrants as g on g.ascendantuuid = usersInRolesOfCurrentUser.uuid + select usersInRolesOfcurrentSubject.* + from rbac.subject as usersInRolesOfcurrentSubject + join RbacGrants as g on g.ascendantuuid = usersInRolesOfcurrentSubject.uuid join rbacrole_ev as r on r.uuid = g.descendantuuid union select users.* - from RbacUser as users + from rbac.subject as users ) as unordered -- @formatter:on order by unordered.name; @@ -234,15 +234,15 @@ create or replace view RbacUser_rv as select distinct * -- @formatter:off from ( - select usersInRolesOfCurrentUser.* - from RbacUser as usersInRolesOfCurrentUser - join RbacGrants as g on g.ascendantuuid = usersInRolesOfCurrentUser.uuid + select usersInRolesOfcurrentSubject.* + from rbac.subject as usersInRolesOfcurrentSubject + join RbacGrants as g on g.ascendantuuid = usersInRolesOfcurrentSubject.uuid join rbacrole_rv as r on r.uuid = g.descendantuuid union select users.* - from RbacUser as users + from rbac.subject as users where cardinality(basis.assumedRoles()) = 0 and - (currentUserUuid() = users.uuid or hasGlobalRoleGranted(currentUserUuid())) + (rbac.currentSubjectUuid() = users.uuid or hasGlobalRoleGranted(rbac.currentSubjectUuid())) ) as unordered -- @formatter:on @@ -262,14 +262,14 @@ create or replace function insertRbacUser() language plpgsql as $$ declare refUuid uuid; - newUser RbacUser; + newUser rbac.subject; begin insert - into RbacReference as r (uuid, type) - values( new.uuid, 'RbacUser') + into rbac.reference as r (uuid, type) + values( new.uuid, 'rbac.subject') returning r.uuid into refUuid; insert - into RbacUser (uuid, name) + into rbac.subject (uuid, name) values (refUuid, new.name) returning * into newUser; return newUser; @@ -299,11 +299,11 @@ create or replace function deleteRbacUser() returns trigger language plpgsql as $$ begin - if currentUserUuid() = old.uuid or hasGlobalRoleGranted(currentUserUuid()) then - delete from RbacUser where uuid = old.uuid; + if rbac.currentSubjectUuid() = old.uuid or hasGlobalRoleGranted(rbac.currentSubjectUuid()) then + delete from rbac.subject where uuid = old.uuid; return old; end if; - raise exception '[403] User % not allowed to delete user uuid %', basis.currentUser(), old.uuid; + raise exception '[403] User % not allowed to delete user uuid %', basis.currentSubject(), old.uuid; end; $$; /* @@ -332,7 +332,7 @@ select r.uuid as roleuuid, p.uuid as permissionUuid, from rbacrole_rv r join rbacgrants g on g.ascendantuuid = r.uuid join rbacpermission p on p.uuid = g.descendantuuid - join rbacobject o on o.uuid = p.objectuuid; + join rbac.object o on o.uuid = p.objectuuid; grant all privileges on RbacOwnGrantedPermissions_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; -- @formatter:om @@ -348,13 +348,13 @@ create or replace function grantedPermissionsRaw(targetUserUuid uuid) returns null on null input language plpgsql as $$ declare - currentUserUuid uuid; + currentSubjectUuid uuid; begin -- @formatter:off - currentUserUuid := currentUserUuid(); + currentSubjectUuid := rbac.currentSubjectUuid(); - if hasGlobalRoleGranted(targetUserUuid) and not hasGlobalRoleGranted(currentUserUuid) then - raise exception '[403] permissions of user "%" are not accessible to user "%"', targetUserUuid, basis.currentUser(); + if hasGlobalRoleGranted(targetUserUuid) and not hasGlobalRoleGranted(currentSubjectUuid) then + raise exception '[403] permissions of user "%" are not accessible to user "%"', targetUserUuid, basis.currentSubject(); end if; return query select @@ -371,9 +371,9 @@ begin po.uuid as permissionObjectUuid from queryPermissionsGrantedToSubjectId( targetUserUuid) as p join rbacgrants as g on g.descendantUuid = p.uuid - join rbacobject as po on po.uuid = p.objectUuid + join rbac.object as po on po.uuid = p.objectUuid join rbacrole_rv as r on r.uuid = g.ascendantUuid - join rbacobject as ro on ro.uuid = r.objectUuid + join rbac.object as ro on ro.uuid = r.objectUuid where isGranted(targetUserUuid, r.uuid) ) xp; -- @formatter:on diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index 233cc316..a1fd2e52 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -15,7 +15,7 @@ begin create trigger createRbacObjectFor_%s_Trigger before insert on %s for each row - execute procedure insertRelatedRbacObject(); + execute procedure rbac.insert_related_object(); $sql$, targetTable, targetTable); execute createInsertTriggerSQL; @@ -185,7 +185,7 @@ begin true from rbacgrants where rbacgrants.assumed - and (rbacgrants.ascendantuuid = any (currentsubjectsuuids())) + and (rbacgrants.ascendantuuid = any (rbac.currentSubjectOrAssumedRolesUuids())) union all select distinct g.descendantuuid, g.ascendantuuid, @@ -203,7 +203,7 @@ begin select distinct perm.objectuuid from recursive_grants join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid - join rbacobject obj on obj.uuid = perm.objectuuid + join rbac.object obj on obj.uuid = perm.objectuuid join count_check cc on cc.valid where obj.objectTable = '%1$s' -- 'SELECT' permission is included in all other permissions ) @@ -256,11 +256,11 @@ begin returns trigger language plpgsql as $f$ begin - if old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('DELETE', '%1$s', currentSubjectsUuids())) then + if old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('DELETE', '%1$s', rbac.currentSubjectOrAssumedRolesUuids())) then delete from %1$s p where p.uuid = old.uuid; return old; end if; - raise exception '[403] Subject %% is not allowed to delete %1$s uuid %%', currentSubjectsUuids(), old.uuid; + raise exception '[403] Subject %% is not allowed to delete %1$s uuid %%', rbac.currentSubjectOrAssumedRolesUuids(), old.uuid; end; $f$; $sql$, targetTable); execute sql; @@ -287,13 +287,13 @@ begin returns trigger language plpgsql as $f$ begin - if old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('UPDATE', '%1$s', currentSubjectsUuids())) then + if old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('UPDATE', '%1$s', rbac.currentSubjectOrAssumedRolesUuids())) then update %1$s set %2$s where uuid = old.uuid; return old; end if; - raise exception '[403] Subject %% is not allowed to update %1$s uuid %%', currentSubjectsUuids(), old.uuid; + raise exception '[403] Subject %% is not allowed to update %1$s uuid %%', rbac.currentSubjectOrAssumedRolesUuids(), old.uuid; end; $f$; $sql$, targetTable, columnUpdates); execute sql; diff --git a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql index 1ef6283a..4cb5ff19 100644 --- a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql +++ b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql @@ -8,7 +8,7 @@ create view RbacStatisticsView as select no, to_char("count", '9 999 999 999') as "count", "table" from (select 1 as no, count(*) as "count", 'login users' as "table" - from RbacUser + from rbac.subject union select 2 as no, count(*) as "count", 'roles' as "table" from RbacRole @@ -17,12 +17,12 @@ select no, to_char("count", '9 999 999 999') as "count", "table" from RbacPermission union select 4 as no, count(*) as "count", 'references' as "table" - from RbacReference + from rbac.reference union select 5 as no, count(*) as "count", 'grants' as "table" from RbacGrants union select 6 as no, count(*) as "count", 'objects' as "table" - from RbacObject) as totals + from rbac.object) as totals order by totals.no; --// diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index c20238c7..8fb1f19e 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -13,7 +13,7 @@ */ create table Global ( - uuid uuid primary key references RbacObject (uuid) on delete cascade, + uuid uuid primary key references rbac.object (uuid) on delete cascade, name varchar(63) unique ); create unique index Global_Singleton on Global ((0)); @@ -30,7 +30,7 @@ create or replace function isGlobalAdmin() returns boolean language plpgsql as $$ begin - return isGranted(currentSubjectsUuids(), findRoleId(globalAdmin())); + return isGranted(rbac.currentSubjectOrAssumedRolesUuids(), findRoleId(globalAdmin())); end; $$; --// @@ -45,7 +45,7 @@ create or replace function hasGlobalPermission(op RbacOp) $$ -- TODO.perf: this could to be optimized select (select uuid from global) in - (select queryAccessibleObjectUuidsOfSubjectIds(op, 'global', currentSubjectsUuids())); + (select queryAccessibleObjectUuidsOfSubjectIds(op, 'global', rbac.currentSubjectOrAssumedRolesUuids())); $$; --// @@ -96,9 +96,9 @@ $$; begin transaction; call basis.defineContext('initializing table "global"', null, null, null); insert - into RbacObject (objecttable) values ('global'); + into rbac.object (objecttable) values ('global'); insert - into Global (uuid, name) values ((select uuid from RbacObject where objectTable = 'global'), 'global'); + into Global (uuid, name) values ((select uuid from rbac.object where objectTable = 'global'), 'global'); commit; --// @@ -114,7 +114,7 @@ create or replace function globalAdmin(assumed boolean = true) returns null on null input stable -- leakproof language sql as $$ -select 'global', (select uuid from RbacObject where objectTable = 'global'), 'ADMIN'::RbacRoleType, assumed; +select 'global', (select uuid from rbac.object where objectTable = 'global'), 'ADMIN'::RbacRoleType, assumed; $$; begin transaction; @@ -135,7 +135,7 @@ create or replace function globalGuest(assumed boolean = true) returns null on null input stable -- leakproof language sql as $$ -select 'global', (select uuid from RbacObject where objectTable = 'global'), 'GUEST'::RbacRoleType, assumed; +select 'global', (select uuid from rbac.object where objectTable = 'global'), 'GUEST'::RbacRoleType, assumed; $$; begin transaction; @@ -158,10 +158,10 @@ do language plpgsql $$ call basis.defineContext('creating fake test-realm admin users', null, null, null); admins = findRoleId(globalAdmin()); - call grantRoleToUserUnchecked(admins, admins, createRbacUser('superuser-alex@hostsharing.net')); - call grantRoleToUserUnchecked(admins, admins, createRbacUser('superuser-fran@hostsharing.net')); - perform createRbacUser('selfregistered-user-drew@hostsharing.org'); - perform createRbacUser('selfregistered-test-user@hostsharing.org'); + call grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net')); + call grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net')); + perform rbac.create_subject('selfregistered-user-drew@hostsharing.org'); + perform rbac.create_subject('selfregistered-test-user@hostsharing.org'); end; $$; --// @@ -172,23 +172,23 @@ $$; -- ---------------------------------------------------------------------------- /* - Tests if currentUserUuid() can fetch the user from the session variable. + Tests if rbac.currentSubjectUuid() can fetch the user from the session variable. */ do language plpgsql $$ declare userName varchar; begin - call basis.defineContext('testing currentUserUuid', null, 'superuser-fran@hostsharing.net', null); - select userName from RbacUser where uuid = currentUserUuid() into userName; + call basis.defineContext('testing currentSubjectUuid', null, 'superuser-fran@hostsharing.net', null); + select userName from rbac.subject where uuid = rbac.currentSubjectUuid() into userName; if userName <> 'superuser-fran@hostsharing.net' then - raise exception 'setting or fetching initial currentUser failed, got: %', userName; + raise exception 'setting or fetching initial currentSubject failed, got: %', userName; end if; - call basis.defineContext('testing currentUserUuid', null, 'superuser-alex@hostsharing.net', null); - select userName from RbacUser where uuid = currentUserUuid() into userName; + call basis.defineContext('testing currentSubjectUuid', null, 'superuser-alex@hostsharing.net', null); + select userName from rbac.subject where uuid = rbac.currentSubjectUuid() into userName; if userName = 'superuser-alex@hostsharing.net' then - raise exception 'currentUser should not change in one transaction, but did change, got: %', userName; + raise exception 'currentSubject should not change in one transaction, but did change, got: %', userName; end if; end; $$; --// diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql index 559ba51a..f956cb1d 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql @@ -6,7 +6,7 @@ create table if not exists test_customer ( - uuid uuid unique references RbacObject (uuid), + uuid uuid unique references rbac.object (uuid), version int not null default 0, reference int not null unique check (reference between 10000 and 99999), prefix character(3) unique, diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index 6e084160..f1ebb9dd 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -38,7 +38,7 @@ begin testCustomerOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN(unassumed())], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( @@ -143,7 +143,7 @@ begin end if; raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_customer_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql index a05835f8..e9a63044 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql @@ -32,7 +32,7 @@ declare begin custRowId = uuid_generate_v4(); custAdminName = 'customer-admin@' || custPrefix || '.example.com'; - custAdminUuid = createRbacUser(custAdminName); + custAdminUuid = rbac.create_subject(custAdminName); insert into test_customer (reference, prefix, adminUserName) diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql b/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql index 30739cd3..794f558f 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql @@ -6,7 +6,7 @@ create table if not exists test_package ( - uuid uuid unique references RbacObject (uuid), + uuid uuid unique references rbac.object (uuid), version int not null default 0, customerUuid uuid references test_customer (uuid), name varchar(5), diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index 4cc51b27..af51c791 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -208,7 +208,7 @@ begin end if; raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_package_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql index d471a421..d8c64916 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql @@ -32,7 +32,7 @@ begin call grantRoleToUser( getRoleId(testCustomerAdmin(cust)), findRoleId(testPackageAdmin(pac)), - createRbacUser('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'), + rbac.create_subject('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'), true); end loop; diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql index 6b50dcae..c4318617 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql @@ -6,7 +6,7 @@ create table if not exists test_domain ( - uuid uuid unique references RbacObject (uuid), + uuid uuid unique references rbac.object (uuid), packageUuid uuid references test_package (uuid), name character varying(253), description character varying(96) diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index ab12d7fd..1b4a0421 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -207,7 +207,7 @@ begin end if; raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_domain_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql index 9c187d11..d1694eb6 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql @@ -6,7 +6,7 @@ create table if not exists hs_office_contact ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, caption varchar(128) not null, postalAddress text, diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql index d1fabf3e..bfd66de5 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql @@ -38,7 +38,7 @@ begin hsOfficeContactOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql index d8bbcd74..cb431d26 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql @@ -16,7 +16,7 @@ declare begin emailAddr = 'contact-admin@' || cleanIdentifier(contCaption) || '.example.com'; call basis.defineContext('creating contact test-data'); - perform createRbacUser(emailAddr); + perform rbac.create_subject(emailAddr); call basis.defineContext('creating contact test-data', null, emailAddr); postalAddr := E'Vorname Nachname\nStraße Hnr\nPLZ Stadt'; diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql index 97435390..f73696c0 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql @@ -16,7 +16,7 @@ CREATE CAST (character varying as HsOfficePersonType) WITH INOUT AS IMPLICIT; create table if not exists hs_office_person ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, personType HsOfficePersonType not null, tradeName varchar(96), diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql index bdaca63c..4fb80622 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql @@ -38,7 +38,7 @@ begin hsOfficePersonOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql index 4040ceb4..f04b2d5c 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql @@ -22,7 +22,7 @@ begin fullName := concat_ws(', ', newTradeName, newFamilyName, newGivenName); emailAddr = 'person-' || left(cleanIdentifier(fullName), 32) || '@example.com'; call basis.defineContext('creating person test-data'); - perform createRbacUser(emailAddr); + perform rbac.create_subject(emailAddr); call basis.defineContext('creating person test-data', null, emailAddr); raise notice 'creating test person: % by %', fullName, emailAddr; diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql index e4d6d166..ee02668d 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql @@ -18,7 +18,7 @@ CREATE CAST (character varying as HsOfficeRelationType) WITH INOUT AS IMPLICIT; create table if not exists hs_office_relation ( - uuid uuid unique references RbacObject (uuid) initially deferred, -- on delete cascade + uuid uuid unique references rbac.object (uuid) initially deferred, -- on delete cascade version int not null default 0, anchorUuid uuid not null references hs_office_person(uuid), holderUuid uuid not null references hs_office_person(uuid), diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index 84ae494c..3941456a 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -51,7 +51,7 @@ begin hsOfficeRelationOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( @@ -217,7 +217,7 @@ begin end if; raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)', - currentSubjects(), currentSubjectsUuids(); + currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_relation_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql index aac22c5b..8dc99bf3 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql @@ -7,7 +7,7 @@ create table hs_office_partner_details ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, registrationOffice varchar(96), registrationNumber varchar(96), @@ -32,7 +32,7 @@ call basis.create_journal('hs_office_partner_details'); create table hs_office_partner ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, partnerNumber numeric(5) unique not null, partnerRelUuid uuid not null references hs_office_relation(uuid), -- deleted in after delete trigger diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 9bc7f773..36040336 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -220,7 +220,7 @@ begin end if; raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_partner_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index 09ed6dc5..7810f838 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -124,7 +124,7 @@ begin end if; raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_partner_details_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql index 1dec8bc3..a1c577c6 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql @@ -5,7 +5,7 @@ create table hs_office_bankaccount ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, holder varchar(64) not null, iban varchar(34) not null, diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql index 724dd658..4d05ae0c 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql @@ -38,7 +38,7 @@ begin hsOfficeBankAccountOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql index ed00ca3a..20891c37 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql @@ -14,7 +14,7 @@ declare emailAddr varchar; begin emailAddr = 'bankaccount-admin@' || cleanIdentifier(givenHolder) || '.example.com'; - perform createRbacUser(emailAddr); + perform rbac.create_subject(emailAddr); call basis.defineContext('creating bankaccount test-data', null, emailAddr); raise notice 'creating test bankaccount: %', givenHolder; diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql index 462a9dbd..6d680d49 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql @@ -6,7 +6,7 @@ create table hs_office_debitor ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, debitorNumberSuffix char(2) not null check (debitorNumberSuffix::text ~ '^[0-9][0-9]$'), debitorRelUuid uuid not null references hs_office_relation(uuid), diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index b0c77c67..130f4d95 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -193,7 +193,7 @@ begin end if; raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_debitor_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql index ff020fb3..35aad65a 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql @@ -6,7 +6,7 @@ create table if not exists hs_office_sepamandate ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, debitorUuid uuid not null references hs_office_debitor(uuid), bankAccountUuid uuid not null references hs_office_bankaccount(uuid), diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index e794d97a..ea2fe7c0 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -51,7 +51,7 @@ begin hsOfficeSepaMandateOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( @@ -174,7 +174,7 @@ begin end if; raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_sepamandate_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql index ab9d3e43..26d1a0d2 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql @@ -19,7 +19,7 @@ CREATE CAST (character varying as HsOfficeMembershipStatus) WITH INOUT AS IMPLIC create table if not exists hs_office_membership ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, partnerUuid uuid not null references hs_office_partner(uuid), memberNumberSuffix char(2) not null check (memberNumberSuffix::text ~ '^[0-9][0-9]$'), diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index ec39c6d3..ad90b0c2 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -45,7 +45,7 @@ begin perform createRoleWithGrants( hsOfficeMembershipOWNER(NEW), - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( @@ -155,7 +155,7 @@ begin end if; raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_membership_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql index 1adf48d6..1cb9dd72 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql @@ -10,7 +10,7 @@ CREATE CAST (character varying as HsOfficeCoopSharesTransactionType) WITH INOUT create table if not exists hs_office_coopsharestransaction ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, membershipUuid uuid not null references hs_office_membership(uuid), transactionType HsOfficeCoopSharesTransactionType not null, diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index e632b648..f440dd83 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -131,7 +131,7 @@ begin end if; raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_coopsharestransaction_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql index 3b93e61e..65adf724 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql @@ -17,7 +17,7 @@ CREATE CAST (character varying as HsOfficeCoopAssetsTransactionType) WITH INOUT create table if not exists hs_office_coopassetstransaction ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, membershipUuid uuid not null references hs_office_membership(uuid), transactionType HsOfficeCoopAssetsTransactionType not null, diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index 4ef072a1..edaf816e 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -131,7 +131,7 @@ begin end if; raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_coopassetstransaction_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql index 8ea0cc68..d8471d71 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql @@ -6,7 +6,7 @@ create table if not exists hs_booking_project ( - uuid uuid unique references RbacObject (uuid), + uuid uuid unique references rbac.object (uuid), version int not null default 0, debitorUuid uuid not null references hs_office_debitor(uuid), caption varchar(80) not null diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index 7137f162..7079ea11 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -168,7 +168,7 @@ begin end if; raise exception '[403] insert into hs_booking_project values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_project_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql index 6cb8808a..215a5eb1 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql @@ -16,7 +16,7 @@ CREATE CAST (character varying as HsBookingItemType) WITH INOUT AS IMPLICIT; create table if not exists hs_booking_item ( - uuid uuid unique references RbacObject (uuid), + uuid uuid unique references rbac.object (uuid), version int not null default 0, projectUuid uuid null references hs_booking_project(uuid), type HsBookingItemType not null, diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index e9ce4c33..9e7c8a8d 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -239,7 +239,7 @@ begin end if; raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_item_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index e9ce4c33..9e7c8a8d 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -239,7 +239,7 @@ begin end if; raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_item_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql index 34a79af5..5c1bd781 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql @@ -30,7 +30,7 @@ CREATE CAST (character varying as HsHostingAssetType) WITH INOUT AS IMPLICIT; create table if not exists hs_hosting_asset ( - uuid uuid unique references RbacObject (uuid), + uuid uuid unique references rbac.object (uuid), version int not null default 0, bookingItemUuid uuid null references hs_booking_item(uuid), type HsHostingAssetType not null, diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index 5ec3e044..b237a18a 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -53,7 +53,7 @@ begin globalADMIN(unassumed()), hsBookingItemADMIN(newBookingItem), hsHostingAssetADMIN(newParentAsset)], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql b/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql index 7c4304b3..7265d2cc 100644 --- a/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql +++ b/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql @@ -9,7 +9,7 @@ select * from rbacstatisticsview union all select to_char(count(*)::int, '9 999 999 999') as "count", 'objects' as "rbac-table", objecttable as "hs-table", '' as "type" - from rbacobject + from rbac.object group by objecttable union all select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_hosting_asset', type::text diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml index f30020ae..82ab190e 100644 --- a/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/src/main/resources/db/changelog/db.changelog-master.yaml @@ -27,6 +27,8 @@ databaseChangeLog: file: db/changelog/0-basis/030-historization.sql - include: file: db/changelog/0-basis/090-log-slow-queries-extensions.sql + - include: + file: db/changelog/1-rbac/1000-rbac-schema.sql - include: file: db/changelog/1-rbac/1050-rbac-base.sql - include: diff --git a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java index 8a51a3f2..cb214959 100644 --- a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java +++ b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java @@ -71,7 +71,7 @@ public class ArchitectureTest { "..rbac.rbacuser", "..rbac.rbacgrant", "..rbac.rbacrole", - "..rbac.rbacobject", + "..rbac.object", "..rbac.rbacdef", "..stringify" // ATTENTION: Don't simply add packages here, also add arch rules for the new package! @@ -160,7 +160,7 @@ public class ArchitectureTest { "..hs.booking.(*)..", "..hs.hosting.(*)..", "..hs.migration", - "..rbac.rbacgrant" // TODO.test: just because of RbacGrantsDiagramServiceIntegrationTest + "..rbacgrant" // TODO.test: just because of RbacGrantsDiagramServiceIntegrationTest ); @ArchTest diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java index 539df3e5..25222f6c 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java @@ -72,7 +72,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/booking/items?projectUuid=" + givenProject.getUuid()) @@ -140,7 +140,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -198,7 +198,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/booking/items/" + givenBookingItemUuid) @@ -232,7 +232,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/booking/items/" + givenBookingItemUuid) @@ -250,7 +250,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:ADMIN") .port(port) .when() @@ -294,7 +294,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT") .contentType(ContentType.JSON) .body(""" @@ -350,7 +350,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid()) @@ -369,7 +369,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerRestTest.java index 55893753..e28f4d38 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerRestTest.java @@ -83,7 +83,7 @@ class HsBookingItemControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/booking/items") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { @@ -133,7 +133,7 @@ class HsBookingItemControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/booking/items") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java index c4bc8e2e..ba182483 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java @@ -57,7 +57,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/booking/projects?debitorUuid=" + givenDebitor.getUuid()) @@ -88,7 +88,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -128,7 +128,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid) @@ -151,7 +151,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid) @@ -167,7 +167,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "person-TuckerJack@example.com") + .header("current-subject", "person-TuckerJack@example.com") .header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:AGENT") .port(port) .when() @@ -193,7 +193,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -232,7 +232,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/booking/projects/" + givenBookingProject.getUuid()) @@ -250,7 +250,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/booking/projects/" + givenBookingProject.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java index 81f3192e..23eecaf2 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java @@ -85,7 +85,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/hosting/assets?projectUuid=" + givenProject.getUuid() + "&type=MANAGED_WEBSPACE") @@ -113,7 +113,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_hosting_asset#fir01:AGENT") .port(port) .when() @@ -160,7 +160,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -217,7 +217,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_hosting_asset#vm1011:ADMIN") .contentType(ContentType.JSON) .body(""" @@ -271,7 +271,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -317,7 +317,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -372,7 +372,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -411,7 +411,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid) @@ -436,7 +436,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid) @@ -453,7 +453,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "person-TuckerJack@example.com") + .header("current-subject", "person-TuckerJack@example.com") .header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:AGENT") .port(port) .when() @@ -499,7 +499,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -573,7 +573,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") //.header("assumed-roles", "hs_hosting_asset#vm2001:ADMIN") .contentType(ContentType.JSON) .body(""" @@ -657,7 +657,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup .build()); RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid()) @@ -690,7 +690,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup .build()); RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java index ff2da459..0d9dd87b 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java @@ -590,7 +590,7 @@ public class HsHostingAssetControllerRestTest { // when final var result = mockMvc.perform(MockMvcRequestBuilders .get("/api/hs/hosting/assets?type="+testCase.name()) - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .accept(MediaType.APPLICATION_JSON)) // then @@ -660,7 +660,7 @@ public class HsHostingAssetControllerRestTest { // when final var result = mockMvc.perform(MockMvcRequestBuilders .patch("/api/hs/hosting/assets/" + givenDomainHttpSetupUuid) - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java index 540fd2c7..3e43ea3a 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java @@ -54,7 +54,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/bankaccounts") @@ -120,7 +120,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -159,7 +159,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid) @@ -180,7 +180,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid) @@ -196,7 +196,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "bankaccount-admin@firstbankaccount.example.com") + .header("current-subject", "bankaccount-admin@firstbankaccount.example.com") .port(port) .when() .get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid) @@ -224,7 +224,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -262,7 +262,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid()) @@ -279,7 +279,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-test-user@hostsharing.org") + .header("current-subject", "selfregistered-test-user@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid()) @@ -300,7 +300,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java index 37f85f83..6dcd1cb5 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java @@ -62,7 +62,7 @@ class HsOfficeBankAccountControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/bankaccounts") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { @@ -109,7 +109,7 @@ class HsOfficeBankAccountControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/bankaccounts") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java index 4bd2a4be..ba959ad5 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java @@ -61,7 +61,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/contacts") @@ -99,7 +99,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -138,7 +138,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/contacts/" + givenContactUuid) @@ -159,7 +159,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/contacts/" + givenContactUuid) @@ -174,7 +174,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@firstcontact.example.com") + .header("current-subject", "contact-admin@firstcontact.example.com") .port(port) .when() .get("http://localhost/api/hs/office/contacts/" + givenContactUuid) @@ -206,7 +206,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -253,7 +253,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -301,7 +301,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid()) @@ -321,7 +321,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-test-user@hostsharing.org") + .header("current-subject", "selfregistered-test-user@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid()) @@ -342,7 +342,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java index cb2b937b..9358e9ba 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java @@ -62,7 +62,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/coopassetstransactions") @@ -80,7 +80,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/coopassetstransactions?membershipUuid="+givenMembership.getUuid()) @@ -143,7 +143,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/coopassetstransactions?membershipUuid=" @@ -176,7 +176,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -233,7 +233,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -289,7 +289,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -329,7 +329,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased LocalDate.of(2010, 3, 15)).get(0).getUuid(); RestAssured // @formatter:off - .given().header("current-user", "superuser-alex@hostsharing.net") + .given().header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid) @@ -352,7 +352,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased LocalDate.of(2010, 3, 15)).get(0).getUuid(); RestAssured // @formatter:off - .given().header("current-user", "selfregistered-user-drew@hostsharing.org") + .given().header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid) @@ -370,7 +370,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "person-FirstGmbH@example.com") + .header("current-subject", "person-FirstGmbH@example.com") .port(port) .when() .get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerRestTest.java index 8176df09..0e4716d4 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerRestTest.java @@ -115,7 +115,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/coopassetstransactions") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(testCase.givenRequestBody()) .accept(MediaType.APPLICATION_JSON)) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java index bdd9a34a..83fd3917 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java @@ -69,7 +69,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/coopsharestransactions") @@ -86,7 +86,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202); RestAssured // @formatter:off - .given().header("current-user", "superuser-alex@hostsharing.net").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid()).then().log().all().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals(""" + .given().header("current-subject", "superuser-alex@hostsharing.net").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid()).then().log().all().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals(""" [ { "transactionType": "SUBSCRIPTION", @@ -141,7 +141,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202); RestAssured // @formatter:off - .given().header("current-user", "superuser-alex@hostsharing.net").port(port).when() + .given().header("current-subject", "superuser-alex@hostsharing.net").port(port).when() .get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid() + "&fromValueDate=2020-01-01&toValueDate=2021-12-31").then().log().all().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals(""" [ { @@ -166,7 +166,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101); final var location = RestAssured // @formatter:off - .given().header("current-user", "superuser-alex@hostsharing.net").contentType(ContentType.JSON).body(""" + .given().header("current-subject", "superuser-alex@hostsharing.net").contentType(ContentType.JSON).body(""" { "membershipUuid": "%s", "transactionType": "SUBSCRIPTION", @@ -210,7 +210,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -265,7 +265,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101); RestAssured // @formatter:off - .given().header("current-user", "superuser-alex@hostsharing.net").contentType(ContentType.JSON).body(""" + .given().header("current-subject", "superuser-alex@hostsharing.net").contentType(ContentType.JSON).body(""" { "membershipUuid": "%s", "transactionType": "CANCELLATION", @@ -293,7 +293,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid(); RestAssured // @formatter:off - .given().header("current-user", "superuser-alex@hostsharing.net").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid).then().log().body().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals(""" + .given().header("current-subject", "superuser-alex@hostsharing.net").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid).then().log().body().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals(""" { "transactionType": "SUBSCRIPTION" } @@ -306,7 +306,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid(); RestAssured // @formatter:off - .given().header("current-user", "selfregistered-user-drew@hostsharing.org").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid).then().log().body().assertThat().statusCode(404); // @formatter:on + .given().header("current-subject", "selfregistered-user-drew@hostsharing.org").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid).then().log().body().assertThat().statusCode(404); // @formatter:on } @Test @@ -316,7 +316,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "person-FirstGmbH@example.com") + .header("current-subject", "person-FirstGmbH@example.com") .port(port) .when() .get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerRestTest.java index 6c126978..4d44c0fb 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerRestTest.java @@ -111,7 +111,7 @@ class HsOfficeCoopSharesTransactionControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/coopsharestransactions") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(testCase.givenRequestBody()) .accept(MediaType.APPLICATION_JSON)) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java index 68545a78..7c531fa2 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java @@ -80,7 +80,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/debitors") @@ -235,7 +235,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/debitors?debitorNumber=1000212") @@ -284,7 +284,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -329,7 +329,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -381,7 +381,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -417,7 +417,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -448,7 +448,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid) @@ -509,7 +509,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid) @@ -524,7 +524,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@firstcontact.example.com") + .header("current-subject", "contact-admin@firstcontact.example.com") .port(port) .when() .get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid) @@ -554,7 +554,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -637,7 +637,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu // @formatter:on RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_office_contact#fourthcontact:ADMIN") .contentType(ContentType.JSON) .body(""" @@ -666,7 +666,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid()) @@ -685,7 +685,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@fourthcontact.example.com") + .header("current-subject", "contact-admin@fourthcontact.example.com") .port(port) .when() .delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid()) @@ -704,7 +704,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java index f0e108dc..88e35268 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java @@ -67,7 +67,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/memberships") @@ -113,7 +113,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .queryParam("partnerUuid", partner.getUuid() ) @@ -141,7 +141,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .queryParam("memberNumber", 1000202 ) @@ -178,7 +178,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -221,7 +221,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid) @@ -247,7 +247,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid) @@ -262,7 +262,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT") .port(port) .when() @@ -294,7 +294,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -338,7 +338,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle // when RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", givenPartnerAdmin) .contentType(ContentType.JSON) .body(""" @@ -373,7 +373,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid()) @@ -391,7 +391,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT") .port(port) .when() @@ -410,7 +410,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerRestTest.java index 7c62859b..2a5005e6 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerRestTest.java @@ -69,7 +69,7 @@ public class HsOfficeMembershipControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/memberships") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { @@ -99,7 +99,7 @@ public class HsOfficeMembershipControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/memberships") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { @@ -125,7 +125,7 @@ public class HsOfficeMembershipControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/memberships") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java index fc7287e4..c293e59a 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java @@ -62,7 +62,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/partners") @@ -96,7 +96,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -155,7 +155,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -193,7 +193,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -238,7 +238,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/partners/" + givenPartnerUuid) @@ -270,7 +270,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/partners/" + givenPartnerUuid) @@ -285,7 +285,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@firstcontact.example.com") + .header("current-subject", "contact-admin@firstcontact.example.com") .port(port) .when() .get("http://localhost/api/hs/office/partners/" + givenPartnerUuid) @@ -316,7 +316,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -383,7 +383,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -421,7 +421,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -469,7 +469,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid()) @@ -489,7 +489,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@fourthcontact.example.com") + .header("current-subject", "contact-admin@fourthcontact.example.com") .port(port) .when() .delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid()) @@ -508,7 +508,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerRestTest.java index 97b56052..a42a4780 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerRestTest.java @@ -95,7 +95,7 @@ class HsOfficePartnerControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/partners") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { @@ -132,7 +132,7 @@ class HsOfficePartnerControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/partners") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { @@ -184,7 +184,7 @@ class HsOfficePartnerControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .delete("/api/hs/office/partners/" + givenPartnerUuid) - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .accept(MediaType.APPLICATION_JSON)) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java index 4a136331..1bce926c 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java @@ -56,7 +56,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/persons") @@ -76,7 +76,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -116,7 +116,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/persons/" + givenPersonUuid) @@ -139,7 +139,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/persons/" + givenPersonUuid) @@ -156,7 +156,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "person-ErbenBesslerMelBessler@example.com") + .header("current-subject", "person-ErbenBesslerMelBessler@example.com") .port(port) .when() .get("http://localhost/api/hs/office/persons/" + givenPersonUuid) @@ -185,7 +185,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -227,7 +227,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -271,7 +271,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid()) @@ -290,7 +290,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-test-user@hostsharing.org") + .header("current-subject", "selfregistered-test-user@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid()) @@ -310,7 +310,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java index 265a65e3..bf80c3ff 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java @@ -66,7 +66,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/relations?personUuid=%s&relationType=%s" @@ -129,7 +129,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -176,7 +176,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -208,7 +208,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -241,7 +241,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -275,7 +275,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/relations/" + givenRelationUuid) @@ -298,7 +298,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/relations/" + givenRelationUuid) @@ -314,7 +314,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@firstcontact.example.com") + .header("current-subject", "contact-admin@firstcontact.example.com") .port(port) .when() .get("http://localhost/api/hs/office/relations/" + givenRelation.getUuid()) @@ -357,7 +357,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -400,7 +400,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid()) @@ -419,7 +419,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@seventhcontact.example.com") + .header("current-subject", "contact-admin@seventhcontact.example.com") .port(port) .when() .delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid()) @@ -438,7 +438,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java index 7d7e2c3a..ebcb817a 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java @@ -62,7 +62,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/sepamandates") @@ -111,7 +111,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -153,7 +153,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -178,7 +178,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -208,7 +208,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -242,7 +242,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid) @@ -272,7 +272,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid) @@ -289,7 +289,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "bankaccount-admin@FirstGmbH.example.com") + .header("current-subject", "bankaccount-admin@FirstGmbH.example.com") .port(port) .when() .get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid) @@ -321,7 +321,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -367,7 +367,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -407,7 +407,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -441,7 +441,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid()) @@ -459,7 +459,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "bankaccount-admin@FirstGmbH.example.com") + .header("current-subject", "bankaccount-admin@FirstGmbH.example.com") .port(port) .when() .delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid()) @@ -477,7 +477,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java index 1ba06236..dbe873c3 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java @@ -26,7 +26,7 @@ public abstract class ContextBasedTest {
      RbacGrantsDiagramService.writeToFile(
          "title",
-         diagramService.allGrantsToCurrentUser(of(RbacGrantsDiagramService.Include.USERS, RbacGrantsDiagramService.Include.TEST_ENTITIES, RbacGrantsDiagramService.Include.NOT_ASSUMED, RbacGrantsDiagramService.Include.DETAILS, RbacGrantsDiagramService.Include.PERMISSIONS)),
+         diagramService.allGrantsTocurrentSubject(of(RbacGrantsDiagramService.Include.USERS, RbacGrantsDiagramService.Include.TEST_ENTITIES, RbacGrantsDiagramService.Include.NOT_ASSUMED, RbacGrantsDiagramService.Include.DETAILS, RbacGrantsDiagramService.Include.PERMISSIONS)),
          "filename.md
      );
     
@@ -41,12 +41,12 @@ public abstract class ContextBasedTest { this.test = testInfo; } - protected void context(final String currentUser, final String assumedRoles) { - context.define(test.getDisplayName(), null, currentUser, assumedRoles); + protected void context(final String currentSubject, final String assumedRoles) { + context.define(test.getDisplayName(), null, currentSubject, assumedRoles); } - protected void context(final String currentUser) { - context(currentUser, null); + protected void context(final String currentSubject) { + context(currentSubject, null); } protected void historicalContext(final Long txId) { diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java index 1838958e..1bace68c 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java @@ -36,30 +36,30 @@ class ContextIntegrationTests { context.define("superuser-alex@hostsharing.net", null); - assertThat(context.getCurrentTask()) + assertThat(context.fetchCurrentTask()) .isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack"); } @Test @Transactional - void defineWithCurrentUserButWithoutAssumedRoles() { + void defineWithcurrentSubjectButWithoutAssumedRoles() { // when context.define("superuser-alex@hostsharing.net"); // then - assertThat(context.getCurrentUser()). + assertThat(context.fetchCurrentSubject()). isEqualTo("superuser-alex@hostsharing.net"); - assertThat(context.getCurrentUserUUid()).isNotNull(); + assertThat(context.fetchCurrentSubjectUuid()).isNotNull(); - assertThat(context.getAssumedRoles()).isEmpty(); + assertThat(context.fetchAssumedRoles()).isEmpty(); - assertThat(context.currentSubjectsUuids()) - .containsExactly(context.getCurrentUserUUid()); + assertThat(context.fetchCurrentSubjectOrAssumedRolesUuids()) + .containsExactly(context.fetchCurrentSubjectUuid()); } @Test - void defineWithoutCurrentUserButWithAssumedRoles() { + void defineWithoutcurrentSubjectButWithAssumedRoles() { // when final var result = jpaAttempt.transacted(() -> context.define(null, "test_package#yyy00:ADMIN") @@ -72,7 +72,7 @@ class ContextIntegrationTests { } @Test - void defineWithUnknownCurrentUser() { + void defineWithUnknowncurrentSubject() { // when final var result = jpaAttempt.transacted(() -> context.define("unknown@example.org") @@ -81,27 +81,27 @@ class ContextIntegrationTests { // then result.assertExceptionWithRootCauseMessage( jakarta.persistence.PersistenceException.class, - "[401] user unknown@example.org given in `basis.defineContext(...)` does not exist"); + "[401] subject unknown@example.org given in `basis.defineContext(...)` does not exist"); } @Test @Transactional - void defineWithCurrentUserAndAssumedRoles() { + void defineWithcurrentSubjectAndAssumedRoles() { // given context.define("superuser-alex@hostsharing.net", "test_customer#xxx:OWNER;test_customer#yyy:OWNER"); // when - final var currentUser = context.getCurrentUser(); - assertThat(currentUser).isEqualTo("superuser-alex@hostsharing.net"); + final var currentSubject = context.fetchCurrentSubject(); + assertThat(currentSubject).isEqualTo("superuser-alex@hostsharing.net"); // then - assertThat(context.getAssumedRoles()) + assertThat(context.fetchAssumedRoles()) .isEqualTo(Array.of("test_customer#xxx:OWNER", "test_customer#yyy:OWNER")); - assertThat(context.currentSubjectsUuids()).hasSize(2); + assertThat(context.fetchCurrentSubjectOrAssumedRolesUuids()).hasSize(2); } @Test - public void defineContextWithCurrentUserAndAssumeInaccessibleRole() { + public void defineContextWithcurrentSubjectAndAssumeInaccessibleRole() { // when final var result = jpaAttempt.transacted(() -> context.define("customer-admin@xxx.example.com", "test_package#yyy00:ADMIN") @@ -110,6 +110,6 @@ class ContextIntegrationTests { // then result.assertExceptionWithRootCauseMessage( jakarta.persistence.PersistenceException.class, - "ERROR: [403] user customer-admin@xxx.example.com has no permission to assume role test_package#yyy00:ADMIN"); + "ERROR: [403] subject customer-admin@xxx.example.com has no permission to assume role test_package#yyy00:ADMIN"); } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java index 3b1f6cf5..1a9f9140 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java @@ -31,7 +31,7 @@ class ContextUnitTest { call basis.defineContext( cast(:currentTask as varchar(127)), cast(:currentRequest as text), - cast(:currentUser as varchar(63)), + cast(:currentSubject as varchar(63)), cast(:assumedRoles as varchar(1023))); """; @@ -57,7 +57,7 @@ class ContextUnitTest { void registerWithoutHttpServletRequestUsesCallStackForTask() { given(em.createNativeQuery(any())).willReturn(nativeQuery); - context.define("current-user"); + context.define("current-subject"); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter( @@ -69,7 +69,7 @@ class ContextUnitTest { void registerWithoutHttpServletRequestUsesEmptyStringForRequest() { given(em.createNativeQuery(any())).willReturn(nativeQuery); - context.define("current-user"); + context.define("current-subject"); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter("currentRequest", null); @@ -109,12 +109,12 @@ class ContextUnitTest { @Test void registerWithHttpServletRequestUsesRequest() throws IOException { givenRequest("POST", "http://localhost:9999/api/endpoint", Map.ofEntries( - Map.entry("current-user", "given-user"), + Map.entry("current-subject", "given-user"), Map.entry("content-type", "application/json"), Map.entry("user-agent", "given-user-agent")), "{}"); - context.define("current-user"); + context.define("current-subject"); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter("currentTask", "POST http://localhost:9999/api/endpoint"); @@ -123,20 +123,20 @@ class ContextUnitTest { @Test void registerWithHttpServletRequestForwardsRequestAsCurl() throws IOException { givenRequest("POST", "http://localhost:9999/api/endpoint", Map.ofEntries( - Map.entry("current-user", "given-user"), + Map.entry("current-subject", "given-user"), Map.entry("content-type", "application/json"), Map.entry("user-agent", "given-user-agent")), "{}"); - context.define("current-user"); + context.define("current-subject"); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter("currentRequest", """ curl -0 -v -X POST http://localhost:9999/api/endpoint \\ - -H 'current-user:given-user' \\ -H 'content-type:application/json' \\ + -H 'current-subject:given-user' \\ --data-binary @- << EOF - + {} EOF """.trim()); @@ -146,12 +146,12 @@ class ContextUnitTest { void shortensCurrentTaskToMaxLength() throws IOException { givenRequest("GET", "http://localhost:9999/api/endpoint/" + "0123456789".repeat(13), Map.ofEntries( - Map.entry("current-user", "given-user"), + Map.entry("current-subject", "given-user"), Map.entry("content-type", "application/json"), Map.entry("user-agent", "given-user-agent")), "{}"); - context.define("current-user"); + context.define("current-subject"); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter(eq("currentTask"), argThat((String t) -> t.length() == 127)); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java index aa2f0afb..4dbbde15 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java @@ -61,7 +61,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { void globalAdmin_withoutAssumedRole_canViewAllGrants() { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/rbac/grants") @@ -113,7 +113,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { void globalAdmin_withAssumedPackageAdminRole_canViewPacketRelatedGrants() { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_package#yyy00:ADMIN") .port(port) .when() @@ -136,7 +136,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { void packageAdmin_withoutAssumedRole_canViewPacketRelatedGrants() { RestAssured // @formatter:off .given() - .header("current-user", "pac-admin-yyy00@yyy.example.com") + .header("current-subject", "pac-admin-yyy00@yyy.example.com") .port(port) .when() .get("http://localhost/api/rbac/grants") @@ -163,12 +163,12 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { @Test void customerAdmin_withAssumedPacketAdminRole_canReadPacketAdminsGrantById() { // given - final var givenCurrentUserAsPackageAdmin = new Subject("customer-admin@xxx.example.com"); + final var givencurrentSubjectAsPackageAdmin = new Subject("customer-admin@xxx.example.com"); final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); // when - final var grant = givenCurrentUserAsPackageAdmin.getGrantById() + final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); // then @@ -182,12 +182,12 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { @Test void packageAdmin_withoutAssumedRole_canReadItsOwnGrantById() { // given - final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com"); + final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com"); final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); // when - final var grant = givenCurrentUserAsPackageAdmin.getGrantById() + final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); // then @@ -201,14 +201,14 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { @Test void packageAdmin_withAssumedPackageAdmin_canStillReadItsOwnGrantById() { // given - final var givenCurrentUserAsPackageAdmin = new Subject( + final var givencurrentSubjectAsPackageAdmin = new Subject( "pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN"); final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); // when - final var grant = givenCurrentUserAsPackageAdmin.getGrantById() + final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); // then @@ -223,12 +223,12 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { void packageAdmin_withAssumedPackageTenantRole_canNotReadItsOwnGrantByIdAnymore() { // given - final var givenCurrentUserAsPackageAdmin = new Subject( + final var givencurrentSubjectAsPackageAdmin = new Subject( "pac-admin-xxx00@xxx.example.com", "test_package#xxx00:TENANT"); final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); - final var grant = givenCurrentUserAsPackageAdmin.getGrantById() + final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); // then @@ -246,12 +246,12 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenNewUser = createRBacUser(); final var givenRoleToGrant = "test_package#xxx00:ADMIN"; - final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); + final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenOwnPackageAdminRole = - getRbacRoleByName(givenCurrentUserAsPackageAdmin.assumedRole); + getRbacRoleByName(givencurrentSubjectAsPackageAdmin.assumedRole); // when - final var response = givenCurrentUserAsPackageAdmin + final var response = givencurrentSubjectAsPackageAdmin .grantsRole(givenOwnPackageAdminRole).assumed() .toUser(givenNewUser); @@ -262,7 +262,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .body("assumed", is(true)) .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) .body("granteeUserName", is(givenNewUser.getName())); - assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin)) + assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) .extracting(RbacGrantEntity::toDisplay) .contains("{ grant role:" + givenOwnPackageAdminRole.getRoleName() + " to user:" + givenNewUser.getName() + @@ -275,11 +275,11 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenNewUser = createRBacUser(); final var givenRoleToGrant = "test_package#xxx00:ADMIN"; - final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); + final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenAlienPackageAdminRole = getRbacRoleByName("test_package#yyy00:ADMIN"); // when - final var result = givenCurrentUserAsPackageAdmin + final var result = givencurrentSubjectAsPackageAdmin .grantsRole(givenAlienPackageAdminRole).assumed() .toUser(givenNewUser); @@ -288,7 +288,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .statusCode(403) .body("message", containsString("Access to granted role")) .body("message", containsString("forbidden for test_package#xxx00:ADMIN")); - assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin)) + assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) .extracting(RbacGrantEntity::getGranteeUserName) .doesNotContain(givenNewUser.getName()); } @@ -304,28 +304,28 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenArbitraryUser = createRBacUser(); final var givenRoleToGrant = "test_package#xxx00:ADMIN"; - final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); + final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenOwnPackageAdminRole = getRbacRoleByName("test_package#xxx00:ADMIN"); // and given an existing grant - assumeCreated(givenCurrentUserAsPackageAdmin + assumeCreated(givencurrentSubjectAsPackageAdmin .grantsRole(givenOwnPackageAdminRole).assumed() .toUser(givenArbitraryUser)); assumeGrantExists( - givenCurrentUserAsPackageAdmin, + givencurrentSubjectAsPackageAdmin, "{ grant role:%s to user:%s by role:%s and assume }".formatted( givenOwnPackageAdminRole.getRoleName(), givenArbitraryUser.getName(), - givenCurrentUserAsPackageAdmin.assumedRole)); + givencurrentSubjectAsPackageAdmin.assumedRole)); // when - final var revokeResponse = givenCurrentUserAsPackageAdmin + final var revokeResponse = givencurrentSubjectAsPackageAdmin .revokesRole(givenOwnPackageAdminRole) .fromUser(givenArbitraryUser); // then revokeResponse.assertThat().statusCode(204); - assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin)) + assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) .extracting(RbacGrantEntity::getGranteeUserName) .doesNotContain(givenArbitraryUser.getName()); } @@ -337,16 +337,16 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { class Subject { - final String currentUser; + final String currentSubject; final String assumedRole; - public Subject(final String currentUser, final String assumedRole) { - this.currentUser = currentUser; + public Subject(final String currentSubject, final String assumedRole) { + this.currentSubject = currentSubject; this.assumedRole = assumedRole; } - public Subject(final String currentUser) { - this(currentUser, ""); + public Subject(final String currentSubject) { + this(currentSubject, ""); } GrantFixture grantsRole(final RbacRoleEntity givenOwnPackageAdminRole) { @@ -382,7 +382,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { return RestAssured // @formatter:ff .given() - .header("current-user", grantingSubject.currentUser) + .header("current-subject", grantingSubject.currentSubject) .header("assumed-roles", grantingSubject.assumedRole) .contentType(ContentType.JSON) .body(""" @@ -418,7 +418,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { return RestAssured // @formatter:ff .given() - .header("current-user", currentSubject.currentUser) + .header("current-subject", currentSubject.currentSubject) .header("assumed-roles", currentSubject.assumedRole) .contentType(ContentType.JSON) .body(""" @@ -454,7 +454,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { return RestAssured // @formatter:ff .given() - .header("current-user", currentSubject.currentUser) + .header("current-subject", currentSubject.currentSubject) .header("assumed-roles", currentSubject.assumedRole) .port(port) .when() @@ -475,7 +475,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { List findAllGrantsOf(final Subject grantingSubject) { return jpaAttempt.transacted(() -> { - context(grantingSubject.currentUser, null); + context(grantingSubject.currentSubject, null); return rbacGrantRepository.findAll(); }).returnedValue(); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java index 7f183ba3..7c7dccee 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java @@ -44,18 +44,18 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu this.test = testInfo; } - protected void context(final String currentUser, final String assumedRoles) { - context.define(test.getDisplayName(), null, currentUser, assumedRoles); + protected void context(final String currentSubject, final String assumedRoles) { + context.define(test.getDisplayName(), null, currentSubject, assumedRoles); } - protected void context(final String currentUser) { - context(currentUser, null); + protected void context(final String currentSubject) { + context(currentSubject, null); } @Test - void allGrantsToCurrentUser() { + void allGrantsTocurrentSubject() { context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa:OWNER"); - final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.TEST_ENTITIES)); + final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.TEST_ENTITIES)); assertThat(graph).isEqualTo(""" flowchart TB @@ -68,9 +68,9 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu } @Test - void allGrantsToCurrentUserIncludingPermissions() { + void allGrantsTocurrentSubjectIncludingPermissions() { context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa:OWNER"); - final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.TEST_ENTITIES, Include.PERMISSIONS)); + final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.TEST_ENTITIES, Include.PERMISSIONS)); assertThat(graph).isEqualTo(""" flowchart TB @@ -93,11 +93,11 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu //context("superuser-alex@hostsharing.net", "hs_office_person#FirbySusan:ADMIN"); context("superuser-alex@hostsharing.net"); - //final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS)); + //final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS)); final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office_coopassetstransaction WHERE reference='ref 1000101-1'").getSingleResult(); final var graph = grantsMermaidService.allGrantsFrom(targetObject, "view", EnumSet.of(Include.USERS)); - RbacGrantsDiagramService.writeToFile(join(";", context.getAssumedRoles()), graph, "doc/all-grants.md"); + RbacGrantsDiagramService.writeToFile(join(";", context.fetchAssumedRoles()), graph, "doc/all-grants.md"); } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectEntity.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectEntity.java index d4256e56..dedda7c2 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectEntity.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectEntity.java @@ -9,7 +9,7 @@ import java.util.List; import java.util.UUID; @Entity -@Table(name = "rbacobject") // TODO: create view rbacobject_ev +@Table(schema = "rbac", name = "object") // TODO.impl: create view rbacobject_ev @Getter @Setter @ToString diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java index 5f20b0ab..2b710bfb 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java @@ -35,7 +35,7 @@ class RbacRoleControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/rbac/roles") @@ -60,7 +60,7 @@ class RbacRoleControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_package#yyy00:ADMIN") .port(port) .when() @@ -93,7 +93,7 @@ class RbacRoleControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "pac-admin-zzz00@zzz.example.com") + .header("current-subject", "pac-admin-zzz00@zzz.example.com") .port(port) .when() .get("http://localhost/api/rbac/roles") diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java index 44b3885e..2686ade7 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java @@ -67,7 +67,7 @@ class RbacRoleControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .get("/api/rbac/roles") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .accept(MediaType.APPLICATION_JSON)) // then diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java index 092ac91a..71182cd1 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java @@ -38,7 +38,7 @@ class RbacRoleRepositoryIntegrationTest { class FindAllRbacRoles { private static final String[] ALL_TEST_DATA_ROLES = Array.of( - // @formatter:off + // @formatter:off "global#global:ADMIN", "test_customer#xxx:ADMIN", "test_customer#xxx:OWNER", "test_customer#xxx:TENANT", "test_package#xxx00:ADMIN", "test_package#xxx00:OWNER", "test_package#xxx00:TENANT", @@ -146,7 +146,7 @@ class RbacRoleRepositoryIntegrationTest { result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[401] currentSubjectsUuids cannot be determined, please call `basis.defineContext(...)` with a valid user"); + "[401] currentSubjectOrAssumedRolesUuids cannot be determined, please call `basis.defineContext(...)` with a valid subject"); } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java index 601fadad..f5abca18 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java @@ -81,7 +81,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/rbac/users/" + givenUser.getUuid()) @@ -99,7 +99,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#yyy:ADMIN") .port(port) .when() @@ -118,7 +118,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "customer-admin@yyy.example.com") + .header("current-subject", "customer-admin@yyy.example.com") .port(port) .when() .get("http://localhost/api/rbac/users/" + givenUser.getUuid()) @@ -136,7 +136,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "customer-admin@xxx.example.com") + .header("current-subject", "customer-admin@xxx.example.com") .port(port) .when() .get("http://localhost/api/rbac/users/" + givenUser.getUuid()) @@ -155,7 +155,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/rbac/users") @@ -180,7 +180,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/rbac/users?name=pac-admin-zzz0") @@ -200,7 +200,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#yyy:ADMIN") .port(port) .when() @@ -222,7 +222,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "customer-admin@yyy.example.com") + .header("current-subject", "customer-admin@yyy.example.com") .port(port) .when() .get("http://localhost/api/rbac/users") @@ -243,7 +243,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "pac-admin-xxx01@xxx.example.com") + .header("current-subject", "pac-admin-xxx01@xxx.example.com") .port(port) .when() .get("http://localhost/api/rbac/users") @@ -266,7 +266,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions") @@ -295,7 +295,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#yyy:ADMIN") .port(port) .when() @@ -325,7 +325,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "pac-admin-yyy00@yyy.example.com") + .header("current-subject", "pac-admin-yyy00@yyy.example.com") .port(port) .when() .get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions") @@ -354,7 +354,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "pac-admin-yyy00@yyy.example.com") + .header("current-subject", "pac-admin-yyy00@yyy.example.com") .port(port) .when() .get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions") @@ -378,7 +378,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off final var location = RestAssured .given() - .header("current-user", givenUser.getName()) + .header("current-subject", givenUser.getName()) .port(port) .when() .delete("http://localhost/api/rbac/users/" + givenUser.getUuid()) @@ -399,7 +399,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off final var location = RestAssured .given() - .header("current-user", "customer-admin@xxx.example.com") + .header("current-subject", "customer-admin@xxx.example.com") .port(port) .when() .delete("http://localhost/api/rbac/users/" + givenUser.getUuid()) @@ -421,7 +421,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off final var location = RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/rbac/users/" + givenUser.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java index 366e79d7..ac285a45 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java @@ -18,6 +18,7 @@ import org.springframework.data.repository.Repository; import org.springframework.transaction.PlatformTransactionManager; import jakarta.persistence.*; +import jakarta.transaction.Transactional; import java.util.*; import java.util.concurrent.atomic.AtomicBoolean; import java.util.function.Supplier; @@ -200,7 +201,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { }); }).caughtException(); - // ... and in case of foreign key violations, we rely on the RbacObject cleanup. + // ... and in case of foreign key violations, we rely on the rbac.object cleanup. if (exception != null) { System.err.println(exception); } @@ -322,7 +323,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { protected void generateRbacDiagramForCurrentSubjects(final EnumSet include, final String name) { RbacGrantsDiagramService.writeToFile( name, - diagramService.allGrantsToCurrentUser(include), + diagramService.allGrantsTocurrentSubject(include), "doc/temp/" + name + ".md" ); } @@ -362,7 +363,7 @@ interface RbacObjectRepository extends Repository { } @Entity -@Table(name = "rbacobject") +@Table(schema ="rbac", name = "object") class RbacObjectEntity { @Id diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java index 2d6d5a70..60b7148d 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java @@ -54,7 +54,7 @@ class TestCustomerControllerAcceptanceTest { void globalAdmin_withoutAssumedRoles_canViewAllCustomers_ifNoCriteriaGiven() { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/test/customers") @@ -72,7 +72,7 @@ class TestCustomerControllerAcceptanceTest { void globalAdmin_withoutAssumedRoles_canViewMatchingCustomers_ifCriteriaGiven() { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/test/customers?prefix=y") @@ -88,7 +88,7 @@ class TestCustomerControllerAcceptanceTest { void globalAdmin_withoutAssumedCustomerAdminRole_canOnlyViewOwnCustomer() { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#yyy:ADMIN") .port(port) .when() @@ -105,7 +105,7 @@ class TestCustomerControllerAcceptanceTest { void customerAdmin_withoutAssumedRole_canOnlyViewOwnCustomer() { RestAssured // @formatter:off .given() - .header("current-user", "customer-admin@yyy.example.com") + .header("current-subject", "customer-admin@yyy.example.com") .port(port) .when() .get("http://localhost/api/test/customers") @@ -126,7 +126,7 @@ class TestCustomerControllerAcceptanceTest { final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -158,7 +158,7 @@ class TestCustomerControllerAcceptanceTest { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .contentType(ContentType.JSON) .body(""" @@ -189,7 +189,7 @@ class TestCustomerControllerAcceptanceTest { RestAssured // @formatter:off .given() - .header("current-user", "customer-admin@yyy.example.com") + .header("current-subject", "customer-admin@yyy.example.com") .contentType(ContentType.JSON) .body(""" { @@ -219,7 +219,7 @@ class TestCustomerControllerAcceptanceTest { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body("{]") // deliberately invalid JSON .port(port) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java index a5e89330..fd9ec9a0 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java @@ -43,7 +43,7 @@ class TestPackageControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .port(port) .when() @@ -65,7 +65,7 @@ class TestPackageControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .port(port) .when() @@ -94,7 +94,7 @@ class TestPackageControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .contentType(ContentType.JSON) .body(format(""" @@ -125,7 +125,7 @@ class TestPackageControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .contentType(ContentType.JSON) .body(""" @@ -155,7 +155,7 @@ class TestPackageControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .contentType(ContentType.JSON) .body("{}") @@ -175,7 +175,7 @@ class TestPackageControllerAcceptanceTest { // @formatter:off return UUID.fromString(RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .port(port) .when()