From 349b9ddae08258fb35d9824d87fe206b981a1a47 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Thu, 2 May 2024 13:31:18 +0200 Subject: [PATCH] RBAC object scope to replace serialID (WIP) --- .../hsadminng/context/Context.java | 15 ++++-- .../booking/item/HsBookingItemController.java | 11 +++-- .../asset/HsHostingAssetController.java | 11 +++-- .../HsOfficeBankAccountController.java | 10 ++-- .../contact/HsOfficeContactController.java | 11 +++-- ...OfficeCoopAssetsTransactionController.java | 7 +-- ...OfficeCoopSharesTransactionController.java | 7 +-- .../debitor/HsOfficeDebitorController.java | 11 +++-- .../HsOfficeMembershipController.java | 12 +++-- .../partner/HsOfficePartnerController.java | 11 +++-- .../person/HsOfficePersonController.java | 12 +++-- .../relation/HsOfficeRelationController.java | 11 +++-- .../HsOfficeSepaMandateController.java | 11 +++-- .../rbac/rbacdef/InsertTriggerGenerator.java | 2 +- .../rbac/rbacgrant/RbacGrantController.java | 10 ++-- .../rbac/rbacrole/RbacRoleController.java | 4 +- .../rbac/rbacuser/RbacUserController.java | 12 +++-- .../test/cust/TestCustomerController.java | 6 ++- .../rbac/test/pac/TestPackageController.java | 6 ++- .../db/changelog/0-basis/010-context.sql | 47 ++++++++++++++++++- .../db/changelog/1-rbac/1050-rbac-base.sql | 19 +++++--- .../db/changelog/1-rbac/1054-rbac-context.sql | 3 ++ .../db/changelog/1-rbac/1080-rbac-global.sql | 14 +++--- .../2013-test-customer-rbac.sql | 2 +- .../2018-test-customer-test-data.sql | 2 +- .../2023-test-package-rbac.sql | 2 +- .../2028-test-package-test-data.sql | 2 +- .../203-test-domain/2033-test-domain-rbac.sql | 2 +- .../2038-test-domain-test-data.sql | 2 +- .../5016-hs-office-contact-migration.sql | 3 +- .../5018-hs-office-contact-test-data.sql | 4 +- .../5028-hs-office-person-test-data.sql | 4 +- .../5033-hs-office-relation-rbac.sql | 3 +- .../5038-hs-office-relation-test-data.sql | 2 +- .../5043-hs-office-partner-rbac.sql | 3 +- .../5044-hs-office-partner-details-rbac.sql | 3 +- .../5046-hs-office-partner-migration.sql | 3 +- .../5048-hs-office-partner-test-data.sql | 2 +- .../5058-hs-office-bankaccount-test-data.sql | 4 +- .../5063-hs-office-debitor-rbac.sql | 3 +- .../5068-hs-office-debitor-test-data.sql | 2 +- .../5073-hs-office-sepamandate-rbac.sql | 3 +- .../5076-hs-office-sepamandate-migration.sql | 3 +- .../5078-hs-office-sepamandate-test-data.sql | 2 +- .../5103-hs-office-membership-rbac.sql | 3 +- .../5108-hs-office-membership-test-data.sql | 2 +- .../5113-hs-office-coopshares-rbac.sql | 3 +- .../5116-hs-office-coopshares-migration.sql | 3 +- .../5118-hs-office-coopshares-test-data.sql | 2 +- .../5123-hs-office-coopassets-rbac.sql | 3 +- .../5126-hs-office-coopassets-migration.sql | 3 +- .../5128-hs-office-coopassets-test-data.sql | 2 +- .../6013-hs-booking-item-rbac.sql | 3 +- .../6018-hs-booking-item-test-data.sql | 2 +- .../7013-hs-hosting-asset-rbac.sql | 3 +- .../7018-hs-hosting-asset-test-data.sql | 2 +- ...HsBookingItemControllerAcceptanceTest.java | 17 +++---- ...sHostingAssetControllerAcceptanceTest.java | 17 +++---- ...ceBankAccountControllerAcceptanceTest.java | 21 +++++---- ...OfficeContactControllerAcceptanceTest.java | 23 ++++----- ...tsTransactionControllerAcceptanceTest.java | 21 +++++---- ...esTransactionControllerAcceptanceTest.java | 21 +++++---- ...OfficeDebitorControllerAcceptanceTest.java | 35 +++++++------- ...iceMembershipControllerAcceptanceTest.java | 25 +++++----- ...OfficePartnerControllerAcceptanceTest.java | 33 ++++++------- ...sOfficePersonControllerAcceptanceTest.java | 19 ++++---- ...fficeRelationControllerAcceptanceTest.java | 29 ++++++------ ...ceSepaMandateControllerAcceptanceTest.java | 31 ++++++------ .../rbac/context/ContextBasedTest.java | 4 +- .../rbac/context/ContextIntegrationTests.java | 13 ++--- .../rbac/context/ContextUnitTest.java | 12 +++-- ...acGrantsDiagramServiceIntegrationTest.java | 3 +- .../RbacRoleRepositoryIntegrationTest.java | 19 ++++---- .../RbacUserControllerAcceptanceTest.java | 7 +-- .../test/ContextBasedTestWithCleanup.java | 35 +++++++------- .../TestCustomerControllerAcceptanceTest.java | 9 ++-- .../TestPackageControllerAcceptanceTest.java | 3 +- .../TestPackageRepositoryIntegrationTest.java | 15 +++--- 78 files changed, 441 insertions(+), 321 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/context/Context.java b/src/main/java/net/hostsharing/hsadminng/context/Context.java index b3dac96b..b64f3f2c 100644 --- a/src/main/java/net/hostsharing/hsadminng/context/Context.java +++ b/src/main/java/net/hostsharing/hsadminng/context/Context.java @@ -24,6 +24,10 @@ import static org.springframework.transaction.annotation.Propagation.MANDATORY; @AllArgsConstructor public class Context { + public enum Scope { + BASE, TEST, TEMP, PROD; + } + private static final Set HEADERS_TO_IGNORE = Set.of( "accept-encoding", "connection", @@ -38,28 +42,31 @@ public class Context { private HttpServletRequest request; @Transactional(propagation = MANDATORY) - public void define(final String currentUser) { - define(currentUser, null); + public void define(final Scope scope, final String currentUser) { + define(scope, currentUser, null); } @Transactional(propagation = MANDATORY) - public void define(final String currentUser, final String assumedRoles) { - define(toTask(request), toCurl(request), currentUser, assumedRoles); + public void define(final Scope scope, final String currentUser, final String assumedRoles) { + define(scope, toTask(request), toCurl(request), currentUser, assumedRoles); } @Transactional(propagation = MANDATORY) public void define( + final Scope currentScope, final String currentTask, final String currentRequest, final String currentUser, final String assumedRoles) { final var query = em.createNativeQuery(""" call defineContext( + cast(:currentScope as RbacObjectScope), cast(:currentTask as varchar(127)), cast(:currentRequest as text), cast(:currentUser as varchar(63)), cast(:assumedRoles as varchar(1023))); """); + query.setParameter("currentScope", currentScope.name()); query.setParameter("currentTask", shortenToMaxLength(currentTask, 127)); query.setParameter("currentRequest", currentRequest); query.setParameter("currentUser", currentUser); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java index bd05ad66..d3216e64 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java @@ -17,6 +17,7 @@ import java.util.List; import java.util.UUID; import java.util.function.BiConsumer; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateRange; @RestController @@ -37,7 +38,7 @@ public class HsBookingItemController implements HsBookingItemsApi { final String currentUser, final String assumedRoles, final UUID debitorUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entities = bookingItemRepo.findAllByDebitorUuid(debitorUuid); @@ -52,7 +53,7 @@ public class HsBookingItemController implements HsBookingItemsApi { final String assumedRoles, final HsBookingItemInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entityToSave = mapper.map(body, HsBookingItemEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -74,7 +75,7 @@ public class HsBookingItemController implements HsBookingItemsApi { final String assumedRoles, final UUID bookingItemUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = bookingItemRepo.findByUuid(bookingItemUuid); return result @@ -89,7 +90,7 @@ public class HsBookingItemController implements HsBookingItemsApi { final String currentUser, final String assumedRoles, final UUID bookingItemUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = bookingItemRepo.deleteByUuid(bookingItemUuid); return result == 0 @@ -105,7 +106,7 @@ public class HsBookingItemController implements HsBookingItemsApi { final UUID bookingItemUuid, final HsBookingItemPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var current = bookingItemRepo.findByUuid(bookingItemUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java index 78606936..36913329 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java @@ -18,6 +18,7 @@ import java.util.List; import java.util.UUID; import java.util.function.BiConsumer; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; @RestController public class HsHostingAssetController implements HsHostingAssetsApi { @@ -37,7 +38,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi { final String currentUser, final String assumedRoles, final UUID debitorUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entities = assetRepo.findAllByDebitorUuid(debitorUuid); @@ -53,7 +54,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi { final String assumedRoles, final HsHostingAssetInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entityToSave = mapper.map(body, HsHostingAssetEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -75,7 +76,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi { final String assumedRoles, final UUID serverUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = assetRepo.findByUuid(serverUuid); return result @@ -90,7 +91,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi { final String currentUser, final String assumedRoles, final UUID serverUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = assetRepo.deleteByUuid(serverUuid); return result == 0 @@ -106,7 +107,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi { final UUID serverUuid, final HsHostingAssetPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var current = assetRepo.findByUuid(serverUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java index 9f39767f..4be1f15c 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java @@ -16,6 +16,8 @@ import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBui import java.util.List; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; + @RestController public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi { @@ -35,7 +37,7 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi { final String currentUser, final String assumedRoles, final String holder) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entities = bankAccountRepo.findByOptionalHolderLike(holder); @@ -50,7 +52,7 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi { final String assumedRoles, final HsOfficeBankAccountInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); IbanUtil.validate(body.getIban()); BicUtil.validate(body.getBic()); @@ -76,7 +78,7 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi { final String assumedRoles, final UUID bankAccountUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = bankAccountRepo.findByUuid(bankAccountUuid); if (result.isEmpty()) { @@ -91,7 +93,7 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi { final String currentUser, final String assumedRoles, final UUID BankAccountUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = bankAccountRepo.deleteByUuid(BankAccountUuid); if (result == 0) { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java index 90449ce7..5dcbd816 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java @@ -16,6 +16,7 @@ import java.util.List; import java.util.UUID; import java.util.function.BiConsumer; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; import static net.hostsharing.hsadminng.mapper.KeyValueMap.from; @RestController @@ -37,7 +38,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi { final String currentUser, final String assumedRoles, final String label) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entities = contactRepo.findContactByOptionalLabelLike(label); @@ -52,7 +53,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi { final String assumedRoles, final HsOfficeContactInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entityToSave = mapper.map(body, HsOfficeContactEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -74,7 +75,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi { final String assumedRoles, final UUID contactUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = contactRepo.findByUuid(contactUuid); if (result.isEmpty()) { @@ -89,7 +90,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi { final String currentUser, final String assumedRoles, final UUID contactUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = contactRepo.deleteByUuid(contactUuid); if (result == 0) { @@ -107,7 +108,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi { final UUID contactUuid, final HsOfficeContactPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var current = contactRepo.findByUuid(contactUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java index a22065c0..27ac1a47 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java @@ -21,6 +21,7 @@ import java.util.UUID; import java.util.function.BiConsumer; import static java.lang.String.join; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; import static net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeCoopAssetsTransactionTypeResource.*; @RestController @@ -43,7 +44,7 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse final UUID membershipUuid, final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate, final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entities = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange( membershipUuid, @@ -61,7 +62,7 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse final String assumedRoles, final HsOfficeCoopAssetsTransactionInsertResource requestBody) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); validate(requestBody); final var entityToSave = mapper.map(requestBody, HsOfficeCoopAssetsTransactionEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -82,7 +83,7 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse public ResponseEntity getCoopAssetTransactionByUuid( final String currentUser, final String assumedRoles, final UUID assetTransactionUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = coopAssetsTransactionRepo.findByUuid(assetTransactionUuid); if (result.isEmpty()) { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java index 9a3295a2..f7446e1d 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java @@ -22,6 +22,7 @@ import java.util.UUID; import java.util.function.BiConsumer; import static java.lang.String.join; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; import static net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeCoopSharesTransactionTypeResource.CANCELLATION; import static net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeCoopSharesTransactionTypeResource.SUBSCRIPTION; @@ -45,7 +46,7 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar final UUID membershipUuid, final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate, final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entities = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange( membershipUuid, @@ -63,7 +64,7 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar final String assumedRoles, final HsOfficeCoopSharesTransactionInsertResource requestBody) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); validate(requestBody); final var entityToSave = mapper.map(requestBody, HsOfficeCoopSharesTransactionEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -84,7 +85,7 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar public ResponseEntity getCoopShareTransactionByUuid( final String currentUser, final String assumedRoles, final UUID shareTransactionUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = coopSharesTransactionRepo.findByUuid(shareTransactionUuid); if (result.isEmpty()) { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java index 5455b99b..56620a8b 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java @@ -22,6 +22,7 @@ import jakarta.persistence.PersistenceContext; import java.util.List; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR; @RestController @@ -50,7 +51,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { final String assumedRoles, final String name, final Integer debitorNumber) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entities = debitorNumber != null ? debitorRepo.findDebitorByDebitorNumber(debitorNumber) @@ -67,7 +68,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { String assumedRoles, HsOfficeDebitorInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); Validate.isTrue(body.getDebitorRel() == null || body.getDebitorRelUuid() == null, "ERROR: [400] exactly one of debitorRel and debitorRelUuid must be supplied, but found both"); @@ -111,7 +112,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { final String assumedRoles, final UUID debitorUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = debitorRepo.findByUuid(debitorUuid); if (result.isEmpty()) { @@ -126,7 +127,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { final String currentUser, final String assumedRoles, final UUID debitorUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = debitorRepo.deleteByUuid(debitorUuid); if (result == 0) { @@ -144,7 +145,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { final UUID debitorUuid, final HsOfficeDebitorPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var current = debitorRepo.findByUuid(debitorUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java index 3c783aae..e2531dbe 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java @@ -16,6 +16,8 @@ import java.util.List; import java.util.UUID; import java.util.function.BiConsumer; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; + @RestController public class HsOfficeMembershipController implements HsOfficeMembershipsApi { @@ -36,7 +38,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { final String assumedRoles, UUID partnerUuid, Integer memberNumber) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entities = ( memberNumber != null) ? List.of(membershipRepo.findMembershipByMemberNumber(memberNumber)) @@ -54,7 +56,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { final String assumedRoles, final HsOfficeMembershipInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entityToSave = mapper.map(body, HsOfficeMembershipEntity.class); @@ -77,7 +79,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { final String assumedRoles, final UUID membershipUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = membershipRepo.findByUuid(membershipUuid); if (result.isEmpty()) { @@ -93,7 +95,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { final String currentUser, final String assumedRoles, final UUID membershipUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = membershipRepo.deleteByUuid(membershipUuid); if (result == 0) { @@ -111,7 +113,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { final UUID membershipUuid, final HsOfficeMembershipPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var current = membershipRepo.findByUuid(membershipUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java index 1b9707f7..9fb270b0 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java @@ -26,6 +26,7 @@ import jakarta.persistence.PersistenceContext; import java.util.List; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.EX_PARTNER; @RestController @@ -53,7 +54,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { final String currentUser, final String assumedRoles, final String name) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entities = partnerRepo.findPartnerByOptionalNameLike(name); @@ -68,7 +69,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { final String assumedRoles, final HsOfficePartnerInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entityToSave = createPartnerEntity(body); @@ -90,7 +91,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { final String assumedRoles, final UUID partnerUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = partnerRepo.findByUuid(partnerUuid); if (result.isEmpty()) { @@ -105,7 +106,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { final String currentUser, final String assumedRoles, final UUID partnerUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var partnerToDelete = partnerRepo.findByUuid(partnerUuid); if (partnerToDelete.isEmpty()) { @@ -127,7 +128,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { final UUID partnerUuid, final HsOfficePartnerPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var current = partnerRepo.findByUuid(partnerUuid).orElseThrow(); final var previousPartnerRel = current.getPartnerRel(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java index 409ef07d..74ac3052 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java @@ -15,6 +15,8 @@ import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBui import java.util.List; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; + @RestController public class HsOfficePersonController implements HsOfficePersonsApi { @@ -34,7 +36,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi { final String currentUser, final String assumedRoles, final String label) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entities = personRepo.findPersonByOptionalNameLike(label); @@ -49,7 +51,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi { final String assumedRoles, final HsOfficePersonInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entityToSave = mapper.map(body, HsOfficePersonEntity.class); @@ -71,7 +73,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi { final String assumedRoles, final UUID personUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = personRepo.findByUuid(personUuid); if (result.isEmpty()) { @@ -86,7 +88,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi { final String currentUser, final String assumedRoles, final UUID personUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = personRepo.deleteByUuid(personUuid); if (result == 0) { @@ -104,7 +106,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi { final UUID personUuid, final HsOfficePersonPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var current = personRepo.findByUuid(personUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java index e1f80148..60601cd3 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java @@ -19,6 +19,7 @@ import java.util.NoSuchElementException; import java.util.UUID; import java.util.function.BiConsumer; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; @RestController @@ -49,7 +50,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { final String assumedRoles, final UUID personUuid, final HsOfficeRelationTypeResource relationType) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entities = relationRepo.findRelationRelatedToPersonUuidAndRelationType(personUuid, mapper.map(relationType, HsOfficeRelationType.class)); @@ -66,7 +67,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { final String assumedRoles, final HsOfficeRelationInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entityToSave = new HsOfficeRelationEntity(); entityToSave.setType(HsOfficeRelationType.valueOf(body.getType())); @@ -100,7 +101,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { final String assumedRoles, final UUID relationUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = relationRepo.findByUuid(relationUuid); if (result.isEmpty()) { @@ -115,7 +116,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { final String currentUser, final String assumedRoles, final UUID relationUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = relationRepo.deleteByUuid(relationUuid); if (result == 0) { @@ -133,7 +134,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { final UUID relationUuid, final HsOfficeRelationPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var current = relationRepo.findByUuid(relationUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java index 115b8948..236e4116 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java @@ -18,6 +18,7 @@ import java.util.List; import java.util.UUID; import java.util.function.BiConsumer; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateRange; @RestController @@ -42,7 +43,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { final String currentUser, final String assumedRoles, final String iban) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entities = sepaMandateRepo.findSepaMandateByOptionalIban(iban); @@ -58,7 +59,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { final String assumedRoles, final HsOfficeSepaMandateInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var entityToSave = mapper.map(body, HsOfficeSepaMandateEntity.class, SEPA_MANDATE_RESOURCE_TO_ENTITY_POSTMAPPER); @@ -81,7 +82,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { final String assumedRoles, final UUID sepaMandateUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = sepaMandateRepo.findByUuid(sepaMandateUuid); if (result.isEmpty()) { @@ -97,7 +98,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { final String currentUser, final String assumedRoles, final UUID sepaMandateUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = sepaMandateRepo.deleteByUuid(sepaMandateUuid); if (result == 0) { @@ -115,7 +116,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { final UUID sepaMandateUuid, final HsOfficeSepaMandatePatchResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var current = sepaMandateRepo.findByUuid(sepaMandateUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java index b3c37bad..e30c01ef 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java @@ -67,7 +67,7 @@ public class InsertTriggerGenerator { declare row ${rawSuperTable}; begin - call defineContext('create INSERT INTO ${rawSubTable} permissions for pre-exising ${rawSuperTable} rows'); + call defineContext('PROD', 'create INSERT INTO ${rawSubTable} permissions for pre-exising ${rawSuperTable} rows'); FOR row IN SELECT * FROM ${rawSuperTable} ${whenCondition} diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java index 9dfaea74..d5654ad0 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java @@ -15,6 +15,8 @@ import jakarta.persistence.PersistenceContext; import java.util.List; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; + @RestController public class RbacGrantController implements RbacGrantsApi { @@ -38,7 +40,7 @@ public class RbacGrantController implements RbacGrantsApi { final UUID grantedRoleUuid, final UUID granteeUserUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var id = new RbacGrantId(granteeUserUuid, grantedRoleUuid); final var result = rbacGrantRepository.findById(id); @@ -54,7 +56,7 @@ public class RbacGrantController implements RbacGrantsApi { final String currentUser, final String assumedRoles) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); return ResponseEntity.ok(mapper.mapList(rbacGrantRepository.findAll(), RbacGrantResource.class)); } @@ -66,7 +68,7 @@ public class RbacGrantController implements RbacGrantsApi { final String assumedRoles, final RbacGrantResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var granted = rbacGrantRepository.save(mapper.map(body, RbacGrantEntity.class)); em.flush(); @@ -88,7 +90,7 @@ public class RbacGrantController implements RbacGrantsApi { final UUID grantedRoleUuid, final UUID granteeUserUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); rbacGrantRepository.deleteByRbacGrantId(new RbacGrantId(granteeUserUuid, grantedRoleUuid)); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java index 0405fee2..ca8b53f6 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java @@ -11,6 +11,8 @@ import org.springframework.web.bind.annotation.RestController; import java.util.List; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; + @RestController public class RbacRoleController implements RbacRolesApi { @@ -29,7 +31,7 @@ public class RbacRoleController implements RbacRolesApi { final String currentUser, final String assumedRoles) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final List result = rbacRoleRepository.findAll(); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java index bcc7844b..7196fd00 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java @@ -14,6 +14,8 @@ import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBui import java.util.List; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; + @RestController public class RbacUserController implements RbacUsersApi { @@ -31,7 +33,7 @@ public class RbacUserController implements RbacUsersApi { public ResponseEntity createUser( final RbacUserResource body ) { - context.define(null); + context.define(PROD, null); if (body.getUuid() == null) { body.setUuid(UUID.randomUUID()); @@ -53,7 +55,7 @@ public class RbacUserController implements RbacUsersApi { final String assumedRoles, final UUID userUuid ) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); rbacUserRepository.deleteByUuid(userUuid); @@ -67,7 +69,7 @@ public class RbacUserController implements RbacUsersApi { final String assumedRoles, final UUID userUuid) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = rbacUserRepository.findByUuid(userUuid); if (result == null) { @@ -83,7 +85,7 @@ public class RbacUserController implements RbacUsersApi { final String assumedRoles, final String userName ) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); return ResponseEntity.ok(mapper.mapList(rbacUserRepository.findByOptionalNameLike(userName), RbacUserResource.class)); } @@ -95,7 +97,7 @@ public class RbacUserController implements RbacUsersApi { final String assumedRoles, final UUID userUuid ) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); return ResponseEntity.ok(mapper.mapList( rbacUserRepository.findPermissionsOfUserByUuid(userUuid), diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java b/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java index d0ab74bf..70d8384d 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java @@ -14,6 +14,8 @@ import jakarta.persistence.EntityManager; import jakarta.persistence.PersistenceContext; import java.util.List; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; + @RestController public class TestCustomerController implements TestCustomersApi { @@ -36,7 +38,7 @@ public class TestCustomerController implements TestCustomersApi { String assumedRoles, String prefix ) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(prefix); @@ -50,7 +52,7 @@ public class TestCustomerController implements TestCustomersApi { final String assumedRoles, final TestCustomerResource customer) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var saved = testCustomerRepository.save(mapper.map(customer, TestCustomerEntity.class)); final var uri = diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java b/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java index 8bb94971..c38ebb3e 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java @@ -14,6 +14,8 @@ import org.springframework.web.bind.annotation.RestController; import java.util.List; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.PROD; + @RestController public class TestPackageController implements TestPackagesApi { @@ -33,7 +35,7 @@ public class TestPackageController implements TestPackagesApi { String assumedRoles, String name ) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var result = testPackageRepository.findAllByOptionalNameLike(name); return ResponseEntity.ok(mapper.mapList(result, TestPackageResource.class)); @@ -47,7 +49,7 @@ public class TestPackageController implements TestPackagesApi { final UUID packageUuid, final TestPackageUpdateResource body) { - context.define(currentUser, assumedRoles); + context.define(PROD, currentUser, assumedRoles); final var current = testPackageRepository.findByUuid(packageUuid); OptionalFromJson.of(body.getDescription()).ifPresent(current::setDescription); diff --git a/src/main/resources/db/changelog/0-basis/010-context.sql b/src/main/resources/db/changelog/0-basis/010-context.sql index 8ea73f45..629dfbc0 100644 --- a/src/main/resources/db/changelog/0-basis/010-context.sql +++ b/src/main/resources/db/changelog/0-basis/010-context.sql @@ -5,11 +5,23 @@ --changeset context-DEFINE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- + +/** + Determines the purpose and therefore the life span of an RbacObject. + */ +CREATE TYPE RbacObjectScope AS ENUM ( + 'BASE', -- initial data which needs to be kept in production systems + 'TEST', -- initial test data created via Liquibase, should be removed in production systems + 'TEMP', -- temporary test data created by test scripts, should be removed in production systems + 'PROD' -- production data which was added after system initialization + ); + /* Callback which is called after the context has been (re-) defined. This function will be overwritten by later changesets. */ create procedure contextDefined( + currentScope RbacObjectScope, currentTask varchar(127), currentRequest text, currentUser varchar(63), @@ -23,6 +35,7 @@ end; $$; Defines the transaction context. */ create or replace procedure defineContext( + currentScope RbacObjectScope, currentTask varchar(127), currentRequest text = null, currentUser varchar(63) = null, @@ -30,6 +43,8 @@ create or replace procedure defineContext( ) language plpgsql as $$ begin + execute format('set local hsadminng.currentScope to %L', currentScope); + currentTask := coalesce(currentTask, ''); assert length(currentTask) <= 127, FORMAT('currentTask must not be longer than 127 characters: "%s"', currentTask); assert length(currentTask) >= 12, FORMAT('currentTask must be at least 12 characters long: "%s""', currentTask); @@ -46,7 +61,35 @@ begin assert length(assumedRoles) <= 1023, FORMAT('assumedRoles must not be longer than 1023 characters: "%s"', assumedRoles); execute format('set local hsadminng.assumedRoles to %L', assumedRoles); - call contextDefined(currentTask, currentRequest, currentUser, assumedRoles); + call contextDefined(currentScope, currentTask, currentRequest, currentUser, assumedRoles); +end; $$; +--// + + +-- ============================================================================ +--changeset context-CURRENT-SCOPE:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- +/* + Returns the current scope as set via defineContext(...) to `hsadminng.currentScope`. + Raises exception if not set. + */ +create or replace function currentScope() + returns RbacObjectScope + stable -- leakproof + language plpgsql as $$ +declare + currentScope varchar; +begin + begin + currentScope := current_setting('hsadminng.currentScope'); + exception + when others then + currentScope := null; + end; + if (currentScope is null or currentScope = '') then + raise exception '[401] currentScope must be defined, please call `defineContext(...)`'; + end if; + return currentScope::RbacObjectScope; end; $$; --// @@ -55,7 +98,7 @@ end; $$; --changeset context-CURRENT-TASK:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the current task as set by `hsadminng.currentTask`. + Returns the current task as set set via defineContext(...) to `hsadminng.currentTask`. Raises exception if not set. */ create or replace function currentTask() diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index cf49baee..db3d2f0c 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -91,13 +91,17 @@ $$; -- ============================================================================ --changeset rbac-base-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -/* +/* + Represents database row under RBAC control within the RBAC-system. + + The actual row resists in the database table referenced by `objectTable`. */ create table RbacObject ( uuid uuid primary key default uuid_generate_v4(), - serialId serial, -- TODO: we might want to remove this once test data deletion works properly + scope RbacObjectScope not null, + serialId serial, -- only set for TEMP scope to clean up temp test data in reverse order objectTable varchar(64) not null, unique (objectTable, uuid) ); @@ -120,18 +124,21 @@ create or replace function insertRelatedRbacObject() strict as $$ declare objectUuid uuid; + scope RbacObjectScope; begin + scope := currentScope(); + if TG_OP = 'INSERT' then if NEW.uuid is null then insert - into RbacObject (objectTable) - values (TG_TABLE_NAME) + into RbacObject (scope, objectTable) + values (scope, TG_TABLE_NAME) returning uuid into objectUuid; NEW.uuid = objectUuid; else insert - into RbacObject (uuid, objectTable) - values (NEW.uuid, TG_TABLE_NAME) + into RbacObject (uuid, scope, objectTable) + values (NEW.uuid, scope, TG_TABLE_NAME) returning uuid into objectUuid; end if; return NEW; diff --git a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql index ab3a9bd5..fdba502f 100644 --- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql @@ -85,6 +85,7 @@ end; $$; This function will be overwritten by later changesets. */ create or replace procedure contextDefined( + currentScope RbacObjectScope, currentTask varchar(127), currentRequest text, currentUser varchar(63), @@ -94,6 +95,8 @@ create or replace procedure contextDefined( declare currentUserUuid uuid; begin + execute format('set local hsadminng.currentScope to %L', currentScope); + execute format('set local hsadminng.currentTask to %L', currentTask); execute format('set local hsadminng.currentRequest to %L', currentRequest); diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index c28a464d..436f906a 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -94,9 +94,9 @@ $$; A single row to be referenced as a global object. */ begin transaction; -call defineContext('initializing table "global"', null, null, null); +call defineContext('BASE'::RbacObjectScope, 'initializing table "global"', null, null, null); insert - into RbacObject (objecttable) values ('global'); + into RbacObject (scope, objecttable) values (currentScope(), 'global'); insert into Global (uuid, name) values ((select uuid from RbacObject where objectTable = 'global'), 'global'); commit; @@ -118,7 +118,7 @@ select 'global', (select uuid from RbacObject where objectTable = 'global'), 'AD $$; begin transaction; - call defineContext('creating role:global#global:ADMIN', null, null, null); + call defineContext('BASE'::RbacObjectScope, 'creating role:global#global:ADMIN', null, null, null); select createRole(globalAdmin()); commit; --// @@ -139,7 +139,7 @@ select 'global', (select uuid from RbacObject where objectTable = 'global'), 'GU $$; begin transaction; - call defineContext('creating role:global#global:guest', null, null, null); + call defineContext('BASE'::RbacObjectScope, 'creating role:global#global:guest', null, null, null); select createRole(globalGuest()); commit; --// @@ -155,7 +155,7 @@ do language plpgsql $$ declare admins uuid ; begin - call defineContext('creating fake test-realm admin users', null, null, null); + call defineContext('TEST'::RbacObjectScope, 'creating fake test-realm admin users', null, null, null); admins = findRoleId(globalAdmin()); call grantRoleToUserUnchecked(admins, admins, createRbacUser('superuser-alex@hostsharing.net')); @@ -179,13 +179,13 @@ do language plpgsql $$ declare userName varchar; begin - call defineContext('testing currentUserUuid', null, 'superuser-fran@hostsharing.net', null); + call defineContext('TEST'::RbacObjectScope, 'testing currentUserUuid', null, 'superuser-fran@hostsharing.net', null); select userName from RbacUser where uuid = currentUserUuid() into userName; if userName <> 'superuser-fran@hostsharing.net' then raise exception 'setting or fetching initial currentUser failed, got: %', userName; end if; - call defineContext('testing currentUserUuid', null, 'superuser-alex@hostsharing.net', null); + call defineContext('TEST'::RbacObjectScope, 'testing currentUserUuid', null, 'superuser-alex@hostsharing.net', null); select userName from RbacUser where uuid = currentUserUuid() into userName; if userName = 'superuser-alex@hostsharing.net' then raise exception 'currentUser should not change in one transaction, but did change, got: %', userName; diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index 14767c4b..26901c0c 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -89,7 +89,7 @@ do language plpgsql $$ declare row global; begin - call defineContext('create INSERT INTO test_customer permissions for pre-exising global rows'); + call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO test_customer permissions for pre-exising global rows'); FOR row IN SELECT * FROM global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql index 73c8e535..d81a8489 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql @@ -32,7 +32,7 @@ declare newCust test_customer; begin currentTask = 'creating RBAC test customer #' || custReference || '/' || custPrefix; - call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); execute format('set local hsadminng.currentTask to %L', currentTask); custRowId = uuid_generate_v4(); diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index fd832ccf..6f5679e5 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -154,7 +154,7 @@ do language plpgsql $$ declare row test_customer; begin - call defineContext('create INSERT INTO test_package permissions for pre-exising test_customer rows'); + call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO test_package permissions for pre-exising test_customer rows'); FOR row IN SELECT * FROM test_customer -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql index f50ad480..67d939be 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql @@ -26,7 +26,7 @@ begin custAdminUser = 'customer-admin@' || cust.prefix || '.example.com'; custAdminRole = 'test_customer#' || cust.prefix || ':ADMIN'; - call defineContext(currentTask, null, 'superuser-fran@hostsharing.net', custAdminRole); + call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-fran@hostsharing.net', custAdminRole); raise notice 'task: % by % as %', currentTask, custAdminUser, custAdminRole; insert diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index d6f32001..81f81fc4 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -153,7 +153,7 @@ do language plpgsql $$ declare row test_package; begin - call defineContext('create INSERT INTO test_domain permissions for pre-exising test_package rows'); + call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO test_domain permissions for pre-exising test_package rows'); FOR row IN SELECT * FROM test_package -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql index 47326f49..a695e054 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql @@ -24,7 +24,7 @@ begin currentTask = 'creating RBAC test domain #' || t || ' for package ' || pac.name || ' #' || pac.uuid; raise notice 'task: %', currentTask; pacAdmin = 'pac-admin-' || pac.name || '@' || pac.custPrefix || '.example.com'; - call defineContext(currentTask, null, pacAdmin, null); + call defineContext('TEST'::RbacObjectScope, currentTask, null, pacAdmin, null); insert into test_domain (name, packageUuid) diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql index 79cdd3bf..cce28c32 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql @@ -40,7 +40,8 @@ ALTER TABLE hs_office_contact_legacy_id --changeset hs-office-contact-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL defineContext('schema-migration'); +-- at this point only contact rows in scope TEST exist +CALL defineContext('TEST'::RbacObjectScope, 'schema-migration'); INSERT INTO hs_office_contact_legacy_id(uuid, contact_id) SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql index e9e7a9e0..6fcf1b76 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql @@ -19,9 +19,9 @@ begin execute format('set local hsadminng.currentTask to %L', currentTask); emailAddr = 'contact-admin@' || cleanIdentifier(contLabel) || '.example.com'; - call defineContext(currentTask); + call defineContext('TEST'::RbacObjectScope, currentTask); perform createRbacUser(emailAddr); - call defineContext(currentTask, null, emailAddr); + call defineContext('TEST'::RbacObjectScope, currentTask, null, emailAddr); postalAddr := E'Vorname Nachname\nStraße Hnr\nPLZ Stadt'; diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql index 775ecaa6..12b4504f 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql @@ -23,9 +23,9 @@ begin fullName := concat_ws(', ', newTradeName, newFamilyName, newGivenName); currentTask = 'creating person test-data ' || fullName; emailAddr = 'person-' || left(cleanIdentifier(fullName), 32) || '@example.com'; - call defineContext(currentTask); + call defineContext('TEST'::RbacObjectScope, currentTask); perform createRbacUser(emailAddr); - call defineContext(currentTask, null, emailAddr); + call defineContext('TEST'::RbacObjectScope, currentTask, null, emailAddr); execute format('set local hsadminng.currentTask to %L', currentTask); raise notice 'creating test person: % by %', fullName, emailAddr; diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index 63c2061a..9d7abbb2 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -163,7 +163,8 @@ do language plpgsql $$ declare row hs_office_person; begin - call defineContext('create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows'); + -- at this point, all existing relation rows are in scope TEST + call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows'); FOR row IN SELECT * FROM hs_office_person -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql index 61691d6f..8e759bca 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql @@ -25,7 +25,7 @@ declare begin idName := cleanIdentifier( anchorPersonName || '-' || holderPersonName); currentTask := 'creating relation test-data ' || idName; - call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); execute format('set local hsadminng.currentTask to %L', currentTask); select p.* diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 520ef180..9af640e3 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -166,7 +166,8 @@ do language plpgsql $$ declare row global; begin - call defineContext('create INSERT INTO hs_office_partner permissions for pre-exising global rows'); + -- global rows are in scope BASE, therefore also this is run in scope BASE + call defineContext('BASE'::RbacObjectScope, 'create INSERT INTO hs_office_partner permissions for pre-exising global rows'); FOR row IN SELECT * FROM global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index bf0fe164..bc6f4ca4 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -70,7 +70,8 @@ do language plpgsql $$ declare row global; begin - call defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising global rows'); + -- at this point, all existing partner rows are in scope TEST + call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_partner_details permissions for pre-exising global rows'); FOR row IN SELECT * FROM global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql index f48e99d5..56c7b552 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql @@ -39,7 +39,8 @@ ALTER TABLE hs_office_partner_legacy_id --changeset hs-office-partner-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL defineContext('schema-migration'); +-- at this point, only partner rows in scope TEST exist +CALL defineContext('TEST'::RbacObjectScope, 'schema-migration'); INSERT INTO hs_office_partner_legacy_id(uuid, bp_id) SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql index 65017b18..3615d75d 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql @@ -24,7 +24,7 @@ declare begin idName := cleanIdentifier( partnerPersonName|| '-' || contactLabel); currentTask := 'creating partner test-data ' || idName; - call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); execute format('set local hsadminng.currentTask to %L', currentTask); select p.* from hs_office_person p diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql index 1fe73c71..b918f9b1 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql @@ -18,9 +18,9 @@ begin execute format('set local hsadminng.currentTask to %L', currentTask); emailAddr = 'bankaccount-admin@' || cleanIdentifier(givenHolder) || '.example.com'; - call defineContext(currentTask); + call defineContext('TEST'::RbacObjectScope, currentTask); perform createRbacUser(emailAddr); - call defineContext(currentTask, null, emailAddr); + call defineContext('TEST'::RbacObjectScope, currentTask, null, emailAddr); raise notice 'creating test bankaccount: %', givenHolder; insert diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index 12f4f09d..e1cc35be 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -139,7 +139,8 @@ do language plpgsql $$ declare row global; begin - call defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising global rows'); + -- at this point, all existing debitor rows are in scope TEST + call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_debitor permissions for pre-exising global rows'); FOR row IN SELECT * FROM global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql index ed965104..aa4bd25f 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql @@ -23,7 +23,7 @@ declare begin idName := cleanIdentifier( forPartnerPersonName|| '-' || forBillingContactLabel); currentTask := 'creating debitor test-data ' || idName; - call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); execute format('set local hsadminng.currentTask to %L', currentTask); select debitorRel.uuid diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index 3fb20baf..c21cb2cb 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -114,7 +114,8 @@ do language plpgsql $$ declare row hs_office_relation; begin - call defineContext('create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows'); + -- at this point, all existing sepamandate rows are in scope TEST + call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows'); FOR row IN SELECT * FROM hs_office_relation WHERE type = 'DEBITOR' diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql index 4b483c6b..fab22ea4 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql @@ -41,7 +41,8 @@ ALTER TABLE hs_office_sepamandate_legacy_id --changeset hs-office-sepamandate-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL defineContext('schema-migration'); +-- at this point, all existing sepamandate rows are in scope TEST +CALL defineContext('TEST'::RbacObjectScope, 'schema-migration'); INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandate_id) SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql index e664d8c5..5e81df8b 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql @@ -20,7 +20,7 @@ declare relatedBankAccount hs_office_bankAccount; begin currentTask := 'creating SEPA-mandate test-data ' || forPartnerNumber::text || forDebitorSuffix::text; - call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); execute format('set local hsadminng.currentTask to %L', currentTask); select debitor.* into relatedDebitor diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index bc998fa3..7b132546 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -101,7 +101,8 @@ do language plpgsql $$ declare row global; begin - call defineContext('create INSERT INTO hs_office_membership permissions for pre-exising global rows'); + -- at this point, all existing membership rows are in scope TEST + call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_membership permissions for pre-exising global rows'); FOR row IN SELECT * FROM global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql index b8cbb45b..556491f0 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql @@ -19,7 +19,7 @@ begin currentTask := 'creating Membership test-data ' || 'P-' || forPartnerNumber::text || 'M-...' || newMemberNumberSuffix; - call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); execute format('set local hsadminng.currentTask to %L', currentTask); select partner.* from hs_office_partner partner diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index 1270fd69..fe8f6502 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -77,7 +77,8 @@ do language plpgsql $$ declare row hs_office_membership; begin - call defineContext('create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows'); + -- at this point, all existing coopshares rows are in scope TEST + call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows'); FOR row IN SELECT * FROM hs_office_membership -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql index dd64356e..b2bba70e 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql @@ -40,7 +40,8 @@ ALTER TABLE hs_office_coopsharestransaction_legacy_id --changeset hs-office-coopshares-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL defineContext('schema-migration'); +-- at this point, all existing coopshares rows are in scope TEST +CALL defineContext('TEST'::RbacObjectScope, 'schema-migration'); INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id) SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql index 21d266ac..e1d13223 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql @@ -22,7 +22,7 @@ begin execute format('set local hsadminng.currentTask to %L', currentTask); SET CONSTRAINTS ALL DEFERRED; - call defineContext(currentTask); + call defineContext('TEST'::RbacObjectScope, currentTask); select m.uuid from hs_office_membership m join hs_office_partner p on p.uuid = m.partneruuid diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index ce9926b2..b525b46f 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -77,7 +77,8 @@ do language plpgsql $$ declare row hs_office_membership; begin - call defineContext('create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows'); + -- at this point, all existing coopassettransaction rows are in scope TEST + call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows'); FOR row IN SELECT * FROM hs_office_membership -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql index 8c346566..5f76c54a 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql @@ -40,7 +40,8 @@ ALTER TABLE hs_office_coopassetstransaction_legacy_id --changeset hs-office-coopassets-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL defineContext('schema-migration'); +-- at this point, all existing coopassettransaction rows are in scope TEST +CALL defineContext('TEST'::RbacObjectScope, 'schema-migration'); INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asset_id) SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql index 1eda1de6..778c4c85 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql @@ -22,7 +22,7 @@ begin execute format('set local hsadminng.currentTask to %L', currentTask); SET CONSTRAINTS ALL DEFERRED; - call defineContext(currentTask); + call defineContext('TEST'::RbacObjectScope, currentTask); select m.uuid from hs_office_membership m join hs_office_partner p on p.uuid = m.partneruuid diff --git a/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.sql index e26edbbb..41dcf7a8 100644 --- a/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.sql @@ -110,7 +110,8 @@ do language plpgsql $$ declare row hs_office_relation; begin - call defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_office_relation rows'); + -- at this point, all existing booking_item rows are in scope TEST + call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_booking_item permissions for pre-exising hs_office_relation rows'); FOR row IN SELECT * FROM hs_office_relation WHERE type = 'DEBITOR' diff --git a/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6018-hs-booking-item-test-data.sql b/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6018-hs-booking-item-test-data.sql index 38b80d6b..adf7c1cf 100644 --- a/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6018-hs-booking-item-test-data.sql +++ b/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6018-hs-booking-item-test-data.sql @@ -18,7 +18,7 @@ declare relatedDebitor hs_office_debitor; begin currentTask := 'creating booking-item test-data ' || givenPartnerNumber::text || givenDebitorSuffix; - call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); execute format('set local hsadminng.currentTask to %L', currentTask); select debitor.* into relatedDebitor diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index 4924f25e..8a085e14 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -103,7 +103,8 @@ do language plpgsql $$ declare row hs_booking_item; begin - call defineContext('create INSERT INTO hs_hosting_asset permissions for pre-exising hs_booking_item rows'); + -- at this point, all existing hosting_asset rows are in scope TEST + call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_hosting_asset permissions for pre-exising hs_booking_item rows'); FOR row IN SELECT * FROM hs_booking_item -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql index 519ef395..7215148d 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql @@ -21,7 +21,7 @@ declare managedServerUuid uuid; begin currentTask := 'creating hosting-asset test-data ' || givenPartnerNumber::text || givenDebitorSuffix; - call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); execute format('set local hsadminng.currentTask to %L', currentTask); select debitor.* into relatedDebitor diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java index 126aa966..0fb97142 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java @@ -21,6 +21,7 @@ import java.util.Map; import java.util.UUID; import static java.util.Map.entry; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals; import static org.assertj.core.api.Assertions.assertThat; import static org.hamcrest.Matchers.matchesRegex; @@ -111,7 +112,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void globalAdmin_canAddBookingItem() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenDebitor = debitorRepo.findDebitorByDebitorNumber(1000111).get(0); final var location = RestAssured // @formatter:off @@ -155,7 +156,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void globalAdmin_canGetArbitraryBookingItem() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenBookingItemUuid = bookingItemRepo.findAll().stream() .filter(bi -> bi.getDebitor().getDebitorNumber() == 1000111) .filter(item -> item.getCaption().equals("some CloudServer")) @@ -182,7 +183,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void normalUser_canNotGetUnrelatedBookingItem() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenBookingItemUuid = bookingItemRepo.findAll().stream() .filter(bi -> bi.getDebitor().getDebitorNumber() == 1000212) .map(HsBookingItemEntity::getUuid) @@ -200,7 +201,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void debitorAgentUser_canGetRelatedBookingItem() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenBookingItemUuid = bookingItemRepo.findAll().stream() .filter(bi -> bi.getDebitor().getDebitorNumber() == 1000313) .filter(item -> item.getCaption().equals("some CloudServer")) @@ -269,7 +270,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup """)); // @formatter:on // finally, the bookingItem is actually updated - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); assertThat(bookingItemRepo.findByUuid(givenBookingItem.getUuid())).isPresent().get() .matches(mandate -> { assertThat(mandate.getDebitor().toString()).isEqualTo("debitor(D-1000111: rel(anchor='LP First GmbH', type='DEBITOR', holder='LP First GmbH'), fir)"); @@ -285,7 +286,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void globalAdmin_canDeleteArbitraryBookingItem() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenBookingItem = givenSomeTemporaryBookingItemForDebitorNumber(1000111, entry("something", 1)); RestAssured // @formatter:off @@ -303,7 +304,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void normalUser_canNotDeleteUnrelatedBookingItem() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenBookingItem = givenSomeTemporaryBookingItemForDebitorNumber(1000111, entry("something", 1)); RestAssured // @formatter:off @@ -323,7 +324,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup private HsBookingItemEntity givenSomeTemporaryBookingItemForDebitorNumber(final int debitorNumber, final Map.Entry resources) { return jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenDebitor = debitorRepo.findDebitorByDebitorNumber(debitorNumber).get(0); final var newBookingItem = HsBookingItemEntity.builder() .uuid(UUID.randomUUID()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java index d2c73b7c..9a995c52 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java @@ -19,6 +19,7 @@ import java.util.Map; import java.util.UUID; import static java.util.Map.entry; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals; import static org.assertj.core.api.Assertions.assertThat; import static org.hamcrest.Matchers.matchesRegex; @@ -109,7 +110,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void globalAdmin_canAddAsset() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenBookingItem = givenBookingItem("First", "some PrivateCloud"); final var location = RestAssured // @formatter:off @@ -154,7 +155,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void globalAdmin_canGetArbitraryAsset() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenAssetUuid = assetRepo.findAll().stream() .filter(bi -> bi.getBookingItem().getDebitor().getDebitorNumber() == 1000111) .filter(item -> item.getCaption().equals("some ManagedServer")) @@ -183,7 +184,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void normalUser_canNotGetUnrelatedAsset() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenAssetUuid = assetRepo.findAll().stream() .filter(bi -> bi.getBookingItem().getDebitor().getDebitorNumber() == 1000212) .map(HsHostingAssetEntity::getUuid) @@ -201,7 +202,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void debitorAgentUser_canGetRelatedAsset() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenAssetUuid = assetRepo.findAll().stream() .filter(bi -> bi.getBookingItem().getDebitor().getDebitorNumber() == 1000313) .filter(bi -> bi.getCaption().equals("some ManagedServer")) @@ -271,7 +272,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup """)); // @formatter:on // finally, the asset is actually updated - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); assertThat(assetRepo.findByUuid(givenAsset.getUuid())).isPresent().get() .matches(asset -> { assertThat(asset.toString()).isEqualTo("HsHostingAssetEntity(D-1000111:some CloudServer, CLOUD_SERVER, vm2001, some test-asset, { CPU: 4, SSD: 4096, something: 1 })"); @@ -285,7 +286,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void globalAdmin_canDeleteArbitraryAsset() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenAsset = givenSomeTemporaryAssetForDebitorNumber("2002", entry("something", 1)); RestAssured // @formatter:off @@ -303,7 +304,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void normalUser_canNotDeleteUnrelatedAsset() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenAsset = givenSomeTemporaryAssetForDebitorNumber("2003", entry("something", 1)); RestAssured // @formatter:off @@ -330,7 +331,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup private HsHostingAssetEntity givenSomeTemporaryAssetForDebitorNumber(final String identifierSuffix, final Map.Entry resources) { return jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var newAsset = HsHostingAssetEntity.builder() .uuid(UUID.randomUUID()) .bookingItem(givenBookingItem("First", "some CloudServer")) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java index c24a88d3..b5f81928 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java @@ -18,6 +18,7 @@ import jakarta.persistence.EntityManager; import jakarta.persistence.PersistenceContext; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid; import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals; import static org.assertj.core.api.Assertions.assertThat; @@ -116,7 +117,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl @Test void globalAdmin_withoutAssumedRole_canAddBankAccount() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var location = RestAssured // @formatter:off .given() @@ -154,7 +155,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl @Test void globalAdmin_withoutAssumedRole_canGetArbitraryBankAccount() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenBankAccountUuid = bankAccountRepo.findByOptionalHolderLike("first").get(0).getUuid(); RestAssured // @formatter:off @@ -175,7 +176,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl @Test void normalUser_canNotGetUnrelatedBankAccount() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenBankAccountUuid = bankAccountRepo.findByOptionalHolderLike("first").get(0).getUuid(); RestAssured // @formatter:off @@ -191,7 +192,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl @Test @Disabled("TODO: not implemented yet - also add Accepts annotation when done") void bankaccountAdminUser_canGetRelatedBankAccount() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenBankAccountUuid = bankAccountRepo.findByOptionalHolderLike("first").get(0).getUuid(); RestAssured // @formatter:off @@ -219,7 +220,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl @Test void patchIsNotImplemented() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenBankAccount = givenSomeTemporaryBankAccountCreatedBy("selfregistered-test-user@hostsharing.org"); final var location = RestAssured // @formatter:off @@ -241,7 +242,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl // @formatter:on // and the bankaccount is unchanged - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); assertThat(bankAccountRepo.findByUuid(givenBankAccount.getUuid())).isPresent().get() .matches(person -> { assertThat(person.getHolder()).isEqualTo(givenBankAccount.getHolder()); @@ -257,7 +258,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl @Test void globalAdmin_withoutAssumedRole_canDeleteArbitraryBankAccount() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenBankAccount = givenSomeTemporaryBankAccountCreatedBy("selfregistered-test-user@hostsharing.org"); RestAssured // @formatter:off @@ -292,7 +293,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl @Test void normalUser_canNotDeleteUnrelatedBankAccount() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenBankAccount = givenSomeTemporaryBankAccountCreatedBy("selfregistered-test-user@hostsharing.org"); RestAssured // @formatter:off @@ -312,7 +313,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl private HsOfficeBankAccountEntity givenSomeTemporaryBankAccountCreatedBy(final String creatingUser) { return jpaAttempt.transacted(() -> { - context.define(creatingUser); + context.define(TEMP, creatingUser); final var newBankAccount = HsOfficeBankAccountEntity.builder() .holder("temp acc #" + RandomStringUtils.randomAlphabetic(3)) .iban("DE93500105179473626226") @@ -327,7 +328,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl @AfterEach void cleanup() { jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); em.createQuery("DELETE FROM HsOfficeBankAccountEntity b WHERE b.holder LIKE 'temp %'").executeUpdate(); }); } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java index 1b209737..4d530b53 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java @@ -22,6 +22,7 @@ import jakarta.persistence.PersistenceContext; import java.util.Map; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid; import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals; import static org.assertj.core.api.Assertions.assertThat; @@ -95,7 +96,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canAddContact() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var location = RestAssured // @formatter:off .given() @@ -133,7 +134,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canGetArbitraryContact() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenContactUuid = contactRepo.findContactByOptionalLabelLike("first").get(0).getUuid(); RestAssured // @formatter:off @@ -154,7 +155,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void normalUser_canNotGetUnrelatedContact() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenContactUuid = contactRepo.findContactByOptionalLabelLike("first").get(0).getUuid(); RestAssured // @formatter:off @@ -169,7 +170,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void contactAdminUser_canGetRelatedContact() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenContactUuid = contactRepo.findContactByOptionalLabelLike("first").get(0).getUuid(); RestAssured // @formatter:off @@ -201,7 +202,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canPatchAllPropertiesOfArbitraryContact() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org"); final var location = RestAssured // @formatter:off @@ -234,7 +235,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu // @formatter:on // finally, the contact is actually updated - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); assertThat(contactRepo.findByUuid(givenContact.getUuid())).isPresent().get() .matches(person -> { assertThat(person.getLabel()).isEqualTo("Temp patched contact"); @@ -248,7 +249,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canPatchPartialPropertiesOfArbitraryContact() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org"); final var location = RestAssured // @formatter:off @@ -296,7 +297,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canDeleteArbitraryContact() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org"); RestAssured // @formatter:off @@ -331,7 +332,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void normalUser_canNotDeleteUnrelatedContact() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org"); RestAssured // @formatter:off @@ -351,7 +352,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu private HsOfficeContactEntity givenSomeTemporaryContactCreatedBy(final String creatingUser) { return jpaAttempt.transacted(() -> { - context.define(creatingUser); + context.define(TEMP, creatingUser, null); final var newContact = HsOfficeContactEntity.builder() .uuid(UUID.randomUUID()) .label("Temp from " + Context.getCallerMethodNameFromStackFrame(1) ) @@ -368,7 +369,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu @AfterEach void cleanup() { jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); em.createQuery("DELETE FROM HsOfficeContactEntity c WHERE c.label LIKE 'Temp %'").executeUpdate(); }).assertSuccessful(); } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java index cb2b937b..90d03feb 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java @@ -22,6 +22,7 @@ import java.math.BigDecimal; import java.time.LocalDate; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsTransactionType.DEPOSIT; import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid; import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals; @@ -75,7 +76,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased @Test void globalAdmin_canFindCoopAssetsTransactionsByMemberNumber() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202); RestAssured // @formatter:off @@ -138,7 +139,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased @Test void globalAdmin_canFindCoopAssetsTransactionsByMembershipUuidAndDateRange() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202); RestAssured // @formatter:off @@ -171,7 +172,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased @Test void globalAdmin_canAddCoopAssetsTransaction() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101); final var location = RestAssured // @formatter:off @@ -216,11 +217,11 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased @Test void globalAdmin_canAddCoopAssetsAdjustmentTransaction() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101); final var givenTransaction = jpaAttempt.transacted(() -> { // TODO.impl: introduce something like transactedAsSuperuser / transactedAs("...", ...) - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); return coopAssetsTransactionRepo.save(HsOfficeCoopAssetsTransactionEntity.builder() .transactionType(DEPOSIT) .valueDate(LocalDate.of(2022, 10, 20)) @@ -284,7 +285,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased @Test void globalAdmin_canNotCancelMoreAssetsThanCurrentlySubscribed() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101); RestAssured // @formatter:off @@ -322,7 +323,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased @Test void globalAdmin_withoutAssumedRole_canGetArbitraryCoopAssetTransaction() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenCoopAssetTransactionUuid = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange( null, LocalDate.of(2010, 3, 15), @@ -345,7 +346,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased @Test void normalUser_canNotGetUnrelatedCoopAssetTransaction() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenCoopAssetTransactionUuid = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange( null, LocalDate.of(2010, 3, 15), @@ -362,7 +363,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased @Test void partnerPersonUser_canGetRelatedCoopAssetTransaction() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenCoopAssetTransactionUuid = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange( null, LocalDate.of(2010, 3, 15), @@ -390,7 +391,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased @AfterEach void cleanup() { jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); // HsOfficeCoopAssetsTransactionEntity respectively hs_office_coopassetstransaction_rv // cannot be deleted at all, but the underlying table record can be deleted. em.createNativeQuery("delete from hs_office_coopassetstransaction where reference like 'temp %'") diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java index bdd9a34a..02cd81b7 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java @@ -22,6 +22,7 @@ import jakarta.persistence.PersistenceContext; import java.time.LocalDate; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid; import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals; import static org.assertj.core.api.Assertions.assertThat; @@ -54,7 +55,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased @AfterEach void cleanup() { jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); // HsOfficeCoopSharesTransactionEntity respectively hs_office_coopsharestransaction_rv // cannot be deleted at all, but the underlying table record can be deleted. em.createNativeQuery("delete from hs_office_coopsharestransaction where reference like 'temp %'").executeUpdate(); @@ -82,7 +83,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased @Test void globalAdmin_canFindCoopSharesTransactionsByMemberNumber() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202); RestAssured // @formatter:off @@ -137,7 +138,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased @Test void globalAdmin_canFindCoopSharesTransactionsByMembershipUuidAndDateRange() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202); RestAssured // @formatter:off @@ -162,7 +163,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased @Test void globalAdmin_canAddCoopSharesTransaction() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101); final var location = RestAssured // @formatter:off @@ -193,11 +194,11 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased @Test void globalAdmin_canAddCoopSharesAdjustmentTransaction() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101); final var givenTransaction = jpaAttempt.transacted(() -> { // TODO.impl: introduce something like transactedAsSuperuser / transactedAs("...", ...) - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); return coopSharesTransactionRepo.save(HsOfficeCoopSharesTransactionEntity.builder() .transactionType(HsOfficeCoopSharesTransactionType.SUBSCRIPTION) .valueDate(LocalDate.of(2022, 10, 20)) @@ -261,7 +262,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased @Test void globalAdmin_canNotCancelMoreSharesThanCurrentlySubscribed() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101); RestAssured // @formatter:off @@ -289,7 +290,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased @Test void globalAdmin_withoutAssumedRole_canGetArbitraryCoopShareTransaction() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid(); RestAssured // @formatter:off @@ -302,7 +303,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased @Test void normalUser_canNotGetUnrelatedCoopShareTransaction() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid(); RestAssured // @formatter:off @@ -311,7 +312,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased @Test void partnerPersonUser_canGetRelatedCoopShareTransaction() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid(); RestAssured // @formatter:off diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java index 9bda7ec4..1e527298 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java @@ -26,6 +26,7 @@ import jakarta.persistence.EntityManager; import jakarta.persistence.PersistenceContext; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR; import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid; import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals; @@ -266,14 +267,14 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canAddDebitorWithBankAccount() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Third").get(0); final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0); final var givenBankAccount = bankAccountRepo.findByOptionalHolderLike("Fourth").get(0); final var givenBillingPerson = personRepo.findPersonByOptionalNameLike("Fourth").get(0); final var givenDebitorRelUUid = jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); return relRepo.save(HsOfficeRelationEntity.builder() .type(DEBITOR) .anchor(givenPartner.getPartnerRel().getHolder()) @@ -323,7 +324,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_canAddDebitorWithoutJustRequiredData() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Third").get(0); final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0); @@ -375,7 +376,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_canNotAddDebitor_ifContactDoesNotExist() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Third").get(0); final var givenContactUuid = UUID.fromString("00000000-0000-0000-0000-000000000000"); @@ -412,7 +413,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_canNotAddDebitor_ifDebitorRelDoesNotExist() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenDebitorRelUuid = UUID.fromString("00000000-0000-0000-0000-000000000000"); final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0); @@ -444,7 +445,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canGetArbitraryDebitor() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenDebitorUuid = debitorRepo.findDebitorByOptionalNameLike("First").get(0).getUuid(); RestAssured // @formatter:off @@ -505,7 +506,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void normalUser_canNotGetUnrelatedDebitor() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenDebitorUuid = debitorRepo.findDebitorByOptionalNameLike("First").get(0).getUuid(); RestAssured // @formatter:off @@ -520,7 +521,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void contactAdminUser_canGetRelatedDebitorExceptRefundBankAccount() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenDebitorUuid = debitorRepo.findDebitorByOptionalNameLike("first contact").get(0).getUuid(); RestAssured // @formatter:off @@ -549,7 +550,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canPatchArbitraryDebitor() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenDebitor = givenSomeTemporaryDebitor(); final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0); @@ -614,7 +615,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu // @formatter:on // finally, the debitor is actually updated - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); assertThat(debitorRepo.findByUuid(givenDebitor.getUuid())).isPresent().get() .matches(debitor -> { assertThat(debitor.getDebitorRel().getHolder().getTradeName()) @@ -630,7 +631,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void theContactOwner_canNotPatchARelatedDebitor() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenDebitor = givenSomeTemporaryDebitor(); // @formatter:on @@ -660,8 +661,8 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canDeleteArbitraryDebitor() { - context.define("superuser-alex@hostsharing.net"); - final var givenDebitor = givenSomeTemporaryDebitor(); + context.define(TEMP, "superuser-alex@hostsharing.net", null); + final var givenDebitor = givenSomeTemporaryDebitor(); RestAssured // @formatter:off .given() @@ -678,7 +679,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void contactAdminUser_canNotDeleteRelatedDebitor() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenDebitor = givenSomeTemporaryDebitor(); assertThat(givenDebitor.getDebitorRel().getContact().getLabel()).isEqualTo("fourth contact"); @@ -697,7 +698,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void normalUser_canNotDeleteUnrelatedDebitor() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenDebitor = givenSomeTemporaryDebitor(); assertThat(givenDebitor.getDebitorRel().getContact().getLabel()).isEqualTo("fourth contact"); @@ -717,7 +718,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu private HsOfficeDebitorEntity givenSomeTemporaryDebitor() { return jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Fourth").get(0); final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth contact").get(0); final var newDebitor = HsOfficeDebitorEntity.builder() @@ -743,7 +744,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu @AfterEach void cleanup() { jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var count = em.createQuery( "DELETE FROM HsOfficeDebitorEntity d WHERE d.debitorNumberSuffix >= " + LOWEST_TEMP_DEBITOR_SUFFIX) .executeUpdate(); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java index f0e108dc..ce5be81e 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java @@ -22,6 +22,7 @@ import jakarta.persistence.PersistenceContext; import java.time.LocalDate; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipStatus.ACTIVE; import static net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipStatus.CANCELLED; import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid; @@ -108,7 +109,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle @Test void globalAdmin_canViewMembershipsByPartnerUuid() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var partner = partnerRepo.findPartnerByPartnerNumber(10001); RestAssured // @formatter:off @@ -171,7 +172,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle @Test void globalAdmin_canAddMembership() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Third").get(0); final var givenMemberSuffix = TEMP_MEMBER_NUMBER_SUFFIX; final var expectedMemberNumber = Integer.parseInt(givenPartner.getPartnerNumber() + TEMP_MEMBER_NUMBER_SUFFIX); @@ -216,7 +217,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle @Test void globalAdmin_canGetArbitraryMembership() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembershipUuid = membershipRepo.findMembershipByMemberNumber(1000101).getUuid(); RestAssured // @formatter:off @@ -242,7 +243,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle @Test void normalUser_canNotGetUnrelatedMembership() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembershipUuid = membershipRepo.findMembershipByMemberNumber(1000101).getUuid(); RestAssured // @formatter:off @@ -257,7 +258,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle @Test void parnerRelAgent_canGetRelatedMembership() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembershipUuid = membershipRepo.findMembershipByMemberNumber(1000303).getUuid(); RestAssured // @formatter:off @@ -289,7 +290,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle @Test void globalAdmin_canPatchValidToOfArbitraryMembership() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = givenSomeTemporaryMembershipBessler("First"); final var location = RestAssured // @formatter:off @@ -332,7 +333,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle // given final var givenPartnerAdmin = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN"; - context.define("superuser-alex@hostsharing.net", givenPartnerAdmin); + context.define(TEMP, "superuser-alex@hostsharing.net", givenPartnerAdmin); final var givenMembership = givenSomeTemporaryMembershipBessler("First"); // when @@ -368,7 +369,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle @Test void globalAdmin_canDeleteArbitraryMembership() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = givenSomeTemporaryMembershipBessler("First"); RestAssured // @formatter:off @@ -386,7 +387,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle @Test void partnerAgentUser_canNotDeleteRelatedMembership() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = givenSomeTemporaryMembershipBessler("First"); RestAssured // @formatter:off @@ -405,7 +406,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle @Test void normalUser_canNotDeleteUnrelatedMembership() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenMembership = givenSomeTemporaryMembershipBessler("First"); RestAssured // @formatter:off @@ -424,7 +425,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle private HsOfficeMembershipEntity givenSomeTemporaryMembershipBessler(final String partnerName) { return jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenPartner = partnerRepo.findPartnerByOptionalNameLike(partnerName).get(0); final var newMembership = HsOfficeMembershipEntity.builder() .uuid(UUID.randomUUID()) @@ -442,7 +443,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle @AfterEach void cleanup() { jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var query = em.createQuery( "DELETE FROM HsOfficeMembershipEntity m WHERE m.memberNumberSuffix >= '%s'" .formatted(TEMP_MEMBER_NUMBER_SUFFIX) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java index 9340db3a..2e0ca42a 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java @@ -20,6 +20,7 @@ import org.springframework.transaction.annotation.Transactional; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.EX_PARTNER; import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid; import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals; @@ -88,7 +89,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canAddPartner() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenMandantPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").stream().findFirst().orElseThrow(); final var givenPerson = personRepo.findPersonByOptionalNameLike("Third").stream().findFirst().orElseThrow(); final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").stream().findFirst().orElseThrow(); @@ -148,7 +149,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_canNotAddPartner_ifContactDoesNotExist() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenMandantPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").get(0); final var givenPerson = personRepo.findPersonByOptionalNameLike("Third").get(0); @@ -186,7 +187,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_canNotAddPartner_ifPersonDoesNotExist() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var mandantPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").get(0); final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0); @@ -228,7 +229,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canGetArbitraryPartner() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var partners = partnerRepo.findAll(); final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("First").get(0).getUuid(); @@ -261,7 +262,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void normalUser_canNotGetUnrelatedPartner() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("First").get(0).getUuid(); RestAssured // @formatter:off @@ -276,7 +277,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void contactAdminUser_canGetRelatedPartner() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("first contact").get(0).getUuid(); RestAssured // @formatter:off @@ -306,7 +307,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canPatchAllPropertiesOfArbitraryPartner() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenPartner = givenSomeTemporaryPartnerBessler(20011); final var givenPartnerRel = givenSomeTemporaryPartnerRel("Third OHG", "third contact"); @@ -355,7 +356,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu // @formatter:on // finally, the partner is actually updated - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); assertThat(partnerRepo.findByUuid(givenPartner.getUuid())).isPresent().get() .matches(partner -> { assertThat(partner.getPartnerNumber()).isEqualTo(givenPartner.getPartnerNumber()); @@ -373,7 +374,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void patchingThePartnerRelCreatesExPartnerRel() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenPartner = givenSomeTemporaryPartnerBessler(20011); final var givenPartnerRel = givenSomeTemporaryPartnerRel("Third OHG", "third contact"); @@ -394,7 +395,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu // @formatter:on // then the partner got actually updated - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); assertThat(partnerRepo.findByUuid(givenPartner.getUuid())).isPresent().get() .matches(partner -> { assertThat(partner.getPartnerRel().getHolder().getTradeName()).isEqualTo("Third OHG"); @@ -412,7 +413,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canPatchPartialPropertiesOfArbitraryPartner() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenPartner = givenSomeTemporaryPartnerBessler(20012); final var location = RestAssured // @formatter:off @@ -460,7 +461,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void globalAdmin_withoutAssumedRole_canDeleteArbitraryPartner() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenPartner = givenSomeTemporaryPartnerBessler(20013); RestAssured // @formatter:off @@ -479,7 +480,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void contactAdminUser_canNotDeleteRelatedPartner() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenPartner = givenSomeTemporaryPartnerBessler(20014); assertThat(givenPartner.getPartnerRel().getContact().getLabel()).isEqualTo("fourth contact"); @@ -498,7 +499,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu @Test void normalUser_canNotDeleteUnrelatedPartner() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenPartner = givenSomeTemporaryPartnerBessler(20015); assertThat(givenPartner.getPartnerRel().getContact().getLabel()).isEqualTo("fourth contact"); @@ -520,7 +521,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu final String partnerHolderName, final String contactName) { return jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenMandantPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").stream().findFirst().orElseThrow(); final var givenPerson = personRepo.findPersonByOptionalNameLike(partnerHolderName).stream().findFirst().orElseThrow(); final var givenContact = contactRepo.findContactByOptionalLabelLike(contactName).stream().findFirst().orElseThrow(); @@ -536,7 +537,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu } private HsOfficePartnerEntity givenSomeTemporaryPartnerBessler(final Integer partnerNumber) { return jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var partnerRel = em.merge(givenSomeTemporaryPartnerRel("Erben Bessler", "fourth contact")); final var newPartner = HsOfficePartnerEntity.builder() diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java index b193e97c..6edf0069 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java @@ -19,6 +19,7 @@ import jakarta.persistence.EntityManager; import jakarta.persistence.PersistenceContext; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid; import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals; import static org.assertj.core.api.Assertions.assertThat; @@ -111,7 +112,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void globalAdmin_canGetArbitraryPerson() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenPersonUuid = personRepo.findPersonByOptionalNameLike("Erben").get(0).getUuid(); RestAssured // @formatter:off @@ -133,7 +134,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void normalUser_canNotGetUnrelatedPerson() { final var givenPersonUuid = jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); return personRepo.findPersonByOptionalNameLike("Erben").get(0).getUuid(); }).returnedValue(); @@ -150,7 +151,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup @Test void personOwnerUser_canGetRelatedPerson() { final var givenPersonUuid = jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); return personRepo.findPersonByOptionalNameLike("Erben").get(0).getUuid(); }).returnedValue(); @@ -209,7 +210,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup // @formatter:on // finally, the person is actually updated - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); assertThat(personRepo.findByUuid(givenPerson.getUuid())).isPresent().get() .matches(person -> { assertThat(person.getPersonType()).isEqualTo(HsOfficePersonType.UNINCORPORATED_FIRM); @@ -249,7 +250,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup // @formatter:on // finally, the person is actually updated - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); assertThat(personRepo.findByUuid(givenPerson.getUuid())).isPresent().get() .matches(person -> { assertThat(person.getPersonType()).isEqualTo(givenPerson.getPersonType()); @@ -280,7 +281,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup // then the given person is gone - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); assertThat(personRepo.findByUuid(givenPerson.getUuid())).isEmpty(); } @@ -316,14 +317,14 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup // @formatter:on // then the given person is still there - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); assertThat(personRepo.findByUuid(givenPerson.getUuid())).isNotEmpty(); } } private HsOfficePersonEntity givenSomeTemporaryPersonCreatedBy(final String creatingUser) { return jpaAttempt.transacted(() -> { - context.define(creatingUser); + context.define(TEMP, creatingUser); final var newPerson = HsOfficePersonEntity.builder() .uuid(UUID.randomUUID()) .personType(HsOfficePersonType.LEGAL_PERSON) @@ -339,7 +340,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup @AfterEach void cleanup() { jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); em.createQuery(""" DELETE FROM HsOfficePersonEntity p WHERE p.tradeName LIKE 'Temp %' OR p.givenName LIKE 'Temp %' diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java index 33d407d9..3caffc54 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java @@ -19,6 +19,7 @@ import org.springframework.transaction.annotation.Transactional; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid; import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals; import static org.assertj.core.api.Assertions.assertThat; @@ -61,7 +62,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean void globalAdmin_withoutAssumedRoles_canViewAllRelationsOfGivenPersonAndType_ifNoCriteriaGiven() throws JSONException { // given - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").get(0); RestAssured // @formatter:off @@ -122,7 +123,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean @Test void globalAdmin_withoutAssumedRole_canAddRelation() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Third").get(0); final var givenHolderPerson = personRepo.findPersonByOptionalNameLike("Paul").get(0); final var givenContact = contactRepo.findContactByOptionalLabelLike("second").get(0); @@ -169,7 +170,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean @Test void globalAdmin_canNotAddRelation_ifAnchorPersonDoesNotExist() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenAnchorPersonUuid = GIVEN_NON_EXISTING_HOLDER_PERSON_UUID; final var givenHolderPerson = personRepo.findPersonByOptionalNameLike("Smith").get(0); final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0); @@ -202,7 +203,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean @Test void globalAdmin_canNotAddRelation_ifHolderPersonDoesNotExist() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Third").get(0); final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0); @@ -234,7 +235,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean @Test void globalAdmin_canNotAddRelation_ifContactDoesNotExist() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Third").get(0); final var givenHolderPerson = personRepo.findPersonByOptionalNameLike("Paul").get(0); final var givenContactUuid = UUID.fromString("00000000-0000-0000-0000-000000000000"); @@ -270,7 +271,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean @Test void globalAdmin_withoutAssumedRole_canGetArbitraryRelation() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final UUID givenRelationUuid = findRelation("First", "Firby").getUuid(); RestAssured // @formatter:off @@ -293,7 +294,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean @Test void normalUser_canNotGetUnrelatedRelation() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final UUID givenRelationUuid = findRelation("First", "Firby").getUuid(); RestAssured // @formatter:off @@ -308,7 +309,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean @Test void contactAdminUser_canGetRelatedRelation() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenRelation = findRelation("First", "Firby"); assertThat(givenRelation.getContact().getLabel()).isEqualTo("first contact"); @@ -350,7 +351,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean @Test void globalAdmin_withoutAssumedRole_canPatchContactOfArbitraryRelation() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenRelation = givenSomeTemporaryRelationBessler(); assertThat(givenRelation.getContact().getLabel()).isEqualTo("seventh contact"); final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0); @@ -378,7 +379,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean // @formatter:on // finally, the relation is actually updated - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); assertThat(relationRepo.findByUuid(givenRelation.getUuid())).isPresent().get() .matches(rel -> { assertThat(rel.getAnchor().getTradeName()).contains("Bessler"); @@ -395,7 +396,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean @Test void globalAdmin_withoutAssumedRole_canDeleteArbitraryRelation() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenRelation = givenSomeTemporaryRelationBessler(); RestAssured // @formatter:off @@ -413,7 +414,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean @Test void contactAdminUser_canNotDeleteRelatedRelation() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenRelation = givenSomeTemporaryRelationBessler(); assertThat(givenRelation.getContact().getLabel()).isEqualTo("seventh contact"); @@ -432,7 +433,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean @Test void normalUser_canNotDeleteUnrelatedRelation() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenRelation = givenSomeTemporaryRelationBessler(); assertThat(givenRelation.getContact().getLabel()).isEqualTo("seventh contact"); @@ -452,7 +453,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean private HsOfficeRelationEntity givenSomeTemporaryRelationBessler() { return jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Erben Bessler").get(0); final var givenHolderPerson = personRepo.findPersonByOptionalNameLike("Winkler").get(0); final var givenContact = contactRepo.findContactByOptionalLabelLike("seventh contact").get(0); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java index c0f68451..98be9bfb 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java @@ -24,6 +24,7 @@ import java.time.LocalDate; import java.util.UUID; import static java.util.Optional.ofNullable; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid; import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals; import static org.assertj.core.api.Assertions.assertThat; @@ -105,7 +106,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl @Test void globalAdmin_canAddSepaMandate() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("Third").get(0); final var givenBankAccount = bankAccountRepo.findByIbanOrderByIbanAsc("DE02200505501015871393").get(0); @@ -147,7 +148,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl @Test void globalAdmin_canNotAddSepaMandateWhenDebitorUuidIsMissing() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("Third").get(0); final var givenBankAccount = bankAccountRepo.findByIbanOrderByIbanAsc("DE02200505501015871393").get(0); @@ -172,7 +173,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl @Test void globalAdmin_canNotAddSepaMandate_ifBankAccountDoesNotExist() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("Third").get(0); final var givenBankAccountUuid = UUID.fromString("00000000-0000-0000-0000-000000000000"); @@ -202,7 +203,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl @Test void globalAdmin_canNotAddSepaMandate_ifPersonDoesNotExist() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenDebitorUuid = UUID.fromString("00000000-0000-0000-0000-000000000000"); final var givenBankAccount = bankAccountRepo.findByIbanOrderByIbanAsc("DE02200505501015871393").get(0); @@ -235,7 +236,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl @Test void globalAdmin_canGetArbitrarySepaMandate() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenSepaMandateUuid = sepaMandateRepo.findSepaMandateByOptionalIban("DE02120300000000202051") .get(0) .getUuid(); @@ -265,7 +266,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl @Test void normalUser_canNotGetUnrelatedSepaMandate() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenSepaMandateUuid = sepaMandateRepo.findSepaMandateByOptionalIban("DE02120300000000202051") .get(0) .getUuid(); @@ -282,7 +283,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl @Test void bankAccountAdminUser_canGetRelatedSepaMandate() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenSepaMandateUuid = sepaMandateRepo.findSepaMandateByOptionalIban("DE02120300000000202051") .get(0) .getUuid(); @@ -347,7 +348,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl // @formatter:on // finally, the sepaMandate is actually updated - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); assertThat(sepaMandateRepo.findByUuid(givenSepaMandate.getUuid())).isPresent().get() .matches(mandate -> { assertThat(mandate.getDebitor().toString()).isEqualTo("debitor(D-1000111: rel(anchor='LP First GmbH', type='DEBITOR', holder='LP First GmbH'), fir)"); @@ -362,7 +363,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl @Test void globalAdmin_canPatchJustValidToOfArbitrarySepaMandate() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111); final var location = RestAssured // @formatter:off @@ -402,7 +403,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl @Test void globalAdmin_canNotPatchReferenceOfArbitrarySepaMandate() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111); final var location = RestAssured // @formatter:off @@ -436,7 +437,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl @Test void globalAdmin_canDeleteArbitrarySepaMandate() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111); RestAssured // @formatter:off @@ -454,7 +455,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl @Test void bankAccountAdminUser_canNotDeleteRelatedSepaMandate() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111); RestAssured // @formatter:off @@ -472,7 +473,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl @Test void normalUser_canNotDeleteUnrelatedSepaMandate() { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111); RestAssured // @formatter:off @@ -491,7 +492,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandateForDebitorNumber(final int debitorNumber) { return jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var givenDebitor = debitorRepo.findDebitorByDebitorNumber(debitorNumber).get(0); final var bankAccountHolder = ofNullable(givenDebitor.getPartner().getPartnerRel().getHolder().getTradeName()) .orElse(givenDebitor.getPartner().getPartnerRel().getHolder().getFamilyName()); @@ -514,7 +515,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl @AfterEach void cleanup() { jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); final var count = em.createQuery("DELETE FROM HsOfficeSepaMandateEntity s WHERE s.reference like 'temp %'") .executeUpdate(); if (count == 0) { diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java index 2e14c267..d158953e 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java @@ -10,6 +10,8 @@ import org.springframework.context.annotation.Import; import jakarta.persistence.EntityManager; import jakarta.persistence.PersistenceContext; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; + @Import(RbacGrantsDiagramService.class) public abstract class ContextBasedTest { @@ -41,7 +43,7 @@ public abstract class ContextBasedTest { } protected void context(final String currentUser, final String assumedRoles) { - context.define(test.getDisplayName(), null, currentUser, assumedRoles); + context.define(TEMP, test.getDisplayName(), null, currentUser, assumedRoles); } protected void context(final String currentUser) { diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java index 11cda37f..b3f5565e 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java @@ -14,6 +14,7 @@ import org.springframework.transaction.annotation.Transactional; import jakarta.servlet.http.HttpServletRequest; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static org.assertj.core.api.Assertions.assertThat; @DataJpaTest @@ -34,7 +35,7 @@ class ContextIntegrationTests { @Test void defineWithoutHttpServletRequestUsesCallStack() { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); assertThat(context.getCurrentTask()) .isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack"); @@ -44,7 +45,7 @@ class ContextIntegrationTests { @Transactional void defineWithCurrentUserButWithoutAssumedRoles() { // when - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); // then assertThat(context.getCurrentUser()). @@ -62,7 +63,7 @@ class ContextIntegrationTests { void defineWithoutCurrentUserButWithAssumedRoles() { // when final var result = jpaAttempt.transacted(() -> - context.define(null, "test_package#yyy00:ADMIN") + context.define(TEMP, null, "test_package#yyy00:ADMIN") ); // then @@ -75,7 +76,7 @@ class ContextIntegrationTests { void defineWithUnknownCurrentUser() { // when final var result = jpaAttempt.transacted(() -> - context.define("unknown@example.org") + context.define(TEMP, "unknown@example.org", null) ); // then @@ -88,7 +89,7 @@ class ContextIntegrationTests { @Transactional void defineWithCurrentUserAndAssumedRoles() { // given - context.define("superuser-alex@hostsharing.net", "test_customer#xxx:OWNER;test_customer#yyy:OWNER"); + context.define(TEMP, "superuser-alex@hostsharing.net", "test_customer#xxx:OWNER;test_customer#yyy:OWNER"); // when final var currentUser = context.getCurrentUser(); @@ -104,7 +105,7 @@ class ContextIntegrationTests { public void defineContextWithCurrentUserAndAssumeInaccessibleRole() { // when final var result = jpaAttempt.transacted(() -> - context.define("customer-admin@xxx.example.com", "test_package#yyy00:ADMIN") + context.define(TEMP, "customer-admin@xxx.example.com", "test_package#yyy00:ADMIN") ); // then diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java index ae64d8c1..d770720b 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java @@ -20,6 +20,7 @@ import java.util.Collections; import java.util.Map; import java.util.stream.Stream; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static org.mockito.ArgumentMatchers.*; import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.verify; @@ -29,6 +30,7 @@ class ContextUnitTest { private static final String DEFINE_CONTEXT_QUERY_STRING = """ call defineContext( + cast(:currentScope as RbacObjectScope), cast(:currentTask as varchar(127)), cast(:currentRequest as text), cast(:currentUser as varchar(63)), @@ -57,7 +59,7 @@ class ContextUnitTest { void registerWithoutHttpServletRequestUsesCallStackForTask() { given(em.createNativeQuery(any())).willReturn(nativeQuery); - context.define("current-user"); + context.define(TEMP, "current-user", null); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter( @@ -69,7 +71,7 @@ class ContextUnitTest { void registerWithoutHttpServletRequestUsesEmptyStringForRequest() { given(em.createNativeQuery(any())).willReturn(nativeQuery); - context.define("current-user"); + context.define(TEMP, "current-user", null); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter("currentRequest", null); @@ -114,7 +116,7 @@ class ContextUnitTest { Map.entry("user-agent", "given-user-agent")), "{}"); - context.define("current-user"); + context.define(TEMP, "current-user", null); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter("currentTask", "POST http://localhost:9999/api/endpoint"); @@ -128,7 +130,7 @@ class ContextUnitTest { Map.entry("user-agent", "given-user-agent")), "{}"); - context.define("current-user"); + context.define(TEMP, "current-user", null); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter("currentRequest", """ @@ -151,7 +153,7 @@ class ContextUnitTest { Map.entry("user-agent", "given-user-agent")), "{}"); - context.define("current-user"); + context.define(TEMP, "current-user", null); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter(eq("currentTask"), argThat((String t) -> t.length() == 127)); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java index 7f183ba3..750fe0a8 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java @@ -19,6 +19,7 @@ import java.util.EnumSet; import java.util.UUID; import static java.lang.String.join; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static org.assertj.core.api.Assertions.assertThat; @DataJpaTest @@ -45,7 +46,7 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu } protected void context(final String currentUser, final String assumedRoles) { - context.define(test.getDisplayName(), null, currentUser, assumedRoles); + context.define(TEMP, test.getDisplayName(), null, currentUser, assumedRoles); } protected void context(final String currentUser) { diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java index 536d748c..caa14ed6 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java @@ -15,6 +15,7 @@ import jakarta.persistence.EntityManager; import jakarta.servlet.http.HttpServletRequest; import java.util.List; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; @@ -58,7 +59,7 @@ class RbacRoleRepositoryIntegrationTest { @Test public void globalAdmin_withoutAssumedRole_canViewAllRbacRoles() { // given - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); // when final var result = rbacRoleRepository.findAll(); @@ -69,20 +70,20 @@ class RbacRoleRepositoryIntegrationTest { @Test public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacRoles() { - given: - context.define("superuser-alex@hostsharing.net", "global#global:ADMIN"); + // given + context.define(TEMP, "superuser-alex@hostsharing.net", "global#global:ADMIN"); // when final var result = rbacRoleRepository.findAll(); - then: + // then allTheseRbacRolesAreReturned(result, ALL_TEST_DATA_ROLES); } @Test public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnRbacRole() { // given: - context.define("customer-admin@xxx.example.com"); + context.define(TEMP, "customer-admin@xxx.example.com", null); // when: final var result = rbacRoleRepository.findAll(); @@ -121,7 +122,7 @@ class RbacRoleRepositoryIntegrationTest { @Test public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnRbacRole() { - context.define("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN"); + context.define(TEMP, "customer-admin@xxx.example.com", "test_package#xxx00:ADMIN"); final var result = rbacRoleRepository.findAll(); @@ -138,7 +139,7 @@ class RbacRoleRepositoryIntegrationTest { @Test void anonymousUser_withoutAssumedRole_cannotViewAnyRbacRoles() { - context.define(null); + context.define(TEMP, null); final var result = attempt( em, @@ -155,7 +156,7 @@ class RbacRoleRepositoryIntegrationTest { @Test void customerAdmin_withoutAssumedRole_canFindItsOwnRolesByName() { - context.define("customer-admin@xxx.example.com"); + context.define(TEMP, "customer-admin@xxx.example.com", null); final var result = rbacRoleRepository.findByRoleName("test_customer#xxx:ADMIN"); @@ -167,7 +168,7 @@ class RbacRoleRepositoryIntegrationTest { @Test void customerAdmin_withoutAssumedRole_canNotFindAlienRolesByName() { - context.define("customer-admin@xxx.example.com"); + context.define(TEMP, "customer-admin@xxx.example.com", null); final var result = rbacRoleRepository.findByRoleName("test_customer#bbb:ADMIN"); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java index 601fadad..83a42d13 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java @@ -14,6 +14,7 @@ import org.springframework.transaction.annotation.Transactional; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static org.assertj.core.api.Assertions.assertThat; import static org.hamcrest.Matchers.*; @@ -65,7 +66,7 @@ class RbacUserControllerAcceptanceTest { // finally, the user can view its own record final var newUserUuid = UUID.fromString( location.substring(location.lastIndexOf('/') + 1)); - context.define("new-user@example.com"); + context.define(TEMP, "new-user@example.com", null); assertThat(rbacUserRepository.findByUuid(newUserUuid)) .extracting(RbacUserEntity::getName).isEqualTo("new-user@example.com"); } @@ -436,7 +437,7 @@ class RbacUserControllerAcceptanceTest { RbacUserEntity findRbacUserByName(final String userName) { return jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net", null); return rbacUserRepository.findByName(userName); }).returnedValue(); } @@ -444,7 +445,7 @@ class RbacUserControllerAcceptanceTest { RbacUserEntity givenANewUser() { final var givenUserName = "test-user-" + System.currentTimeMillis() + "@example.com"; final var givenUser = jpaAttempt.transacted(() -> { - context.define(null); + context.define(TEMP, null); return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), givenUserName)); }).assumeSuccessful().returnedValue(); assertThat(rbacUserRepository.findByName(givenUser.getName())).isNotNull(); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java index 154dbb11..ab173582 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java @@ -1,5 +1,6 @@ package net.hostsharing.hsadminng.rbac.test; +import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.rbac.context.ContextBasedTest; import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject; import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantEntity; @@ -12,7 +13,6 @@ import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.TestInfo; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.data.jpa.repository.Query; import org.springframework.data.repository.Repository; import jakarta.persistence.*; @@ -21,6 +21,7 @@ import java.util.*; import static java.lang.System.out; import static java.util.Comparator.comparing; import static java.util.stream.Collectors.toSet; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static org.apache.commons.collections4.SetUtils.difference; import static org.assertj.core.api.Assertions.assertThat; @@ -45,7 +46,6 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { private TreeMap> entitiesToCleanup = new TreeMap<>(); - private static Long latestIntialTestDataSerialId; private static boolean countersInitialized = false; private static boolean initialTestDataValidated = false; private static Long initialRbacObjectCount = null; @@ -99,7 +99,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { final UUID uuid = UUID.fromString(o.split(":")[1]); final var exception = jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); em.remove(em.getReference(entityClass, uuid)); out.println("DELETING new " + entityClass.getSimpleName() + "#" + uuid + " SUCCEEDED"); }).caughtException(); @@ -115,10 +115,6 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { void retrieveInitialTestData(final TestInfo testInfo) { out.println(ContextBasedTestWithCleanup.class.getSimpleName() + ".retrieveInitialTestData"); - if (latestIntialTestDataSerialId == null ) { - latestIntialTestDataSerialId = rbacObjectRepo.findLatestSerialId(); - } - if (initialRbacObjects != null){ assertNoNewRbacObjectsRolesAndGrantsLeaked(); } @@ -126,7 +122,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { initialTestDataValidated = false; jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); if (initialRbacObjects == null) { initialRbacObjects = allRbacObjects(); @@ -177,7 +173,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { private void cleanupTemporaryTestData() { jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); entitiesToCleanup.reversed().forEach((uuid, entityClass) -> { final var rvTableName = entityClass.getAnnotation(Table.class).name(); if ( !rvTableName.endsWith("_rv") ) { @@ -193,7 +189,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { private long assertNoNewRbacObjectsRolesAndGrantsLeaked() { return jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net"); + context.define(TEMP, "superuser-alex@hostsharing.net"); assertEqual(initialRbacObjects, allRbacObjects()); if (DETAILED_BUT_SLOW_CHECK) { assertEqual(initialRbacRoles, allRbacRoles()); @@ -215,11 +211,11 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { private void deleteLeakedRbacObjects() { jpaAttempt.transacted(() -> rbacObjectRepo.findAll()).returnedValue().stream() - .filter(o -> o.serialId > latestIntialTestDataSerialId) + .filter(o -> o.scope == TEMP) .sorted(comparing(o -> o.serialId)) .forEach(o -> { final var exception = jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); em.createNativeQuery("DELETE FROM " + o.objectTable + " WHERE uuid=:uuid") .setParameter("uuid", o.uuid) @@ -244,7 +240,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { @NotNull private Set allRbacGrants() { return jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); return rbacGrantRepo.findAll().stream() .map(RbacGrantEntity::toDisplay) .collect(toSet()); @@ -254,7 +250,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { @NotNull private Set allRbacRoles() { return jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); return rbacRoleRepo.findAll().stream() .map(RbacRoleEntity::getRoleName) .collect(toSet()); @@ -264,7 +260,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { @NotNull private Set allRbacObjects() { return jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); return rbacObjectRepo.findAll().stream() .map(RbacObjectEntity::toString) .collect(toSet()); @@ -299,9 +295,6 @@ interface RbacObjectRepository extends Repository { long count(); List findAll(); - - @Query("SELECT max(r.serialId) FROM RbacObjectEntity r") - Long findLatestSerialId(); } @Entity @@ -312,6 +305,10 @@ class RbacObjectEntity { @GeneratedValue UUID uuid; + @Column(name = "scope") + @Enumerated(EnumType.STRING) + Context.Scope scope; + @Column(name = "serialid") long serialId; @@ -320,6 +317,6 @@ class RbacObjectEntity { @Override public String toString() { - return objectTable + ":" + uuid + ":" + serialId; + return objectTable + ":" + uuid + ":" + scope; } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java index 7d0d8e51..d2797cfd 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java @@ -18,6 +18,7 @@ import jakarta.persistence.EntityManager; import jakarta.persistence.PersistenceContext; import java.util.UUID; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static org.assertj.core.api.Assertions.assertThat; import static org.hamcrest.CoreMatchers.containsString; import static org.hamcrest.Matchers.*; @@ -148,7 +149,7 @@ class TestCustomerControllerAcceptanceTest { // finally, the new customer can be viewed by its own admin final var newUserUuid = UUID.fromString( location.substring(location.lastIndexOf('/') + 1)); - context.define("superuser-fran@hostsharing.net", "test_customer#uuu:ADMIN"); + context.define(TEMP, "superuser-fran@hostsharing.net", "test_customer#uuu:ADMIN"); assertThat(testCustomerRepository.findByUuid(newUserUuid)) .hasValueSatisfying(c -> assertThat(c.getPrefix()).isEqualTo("uuu")); } @@ -179,7 +180,7 @@ class TestCustomerControllerAcceptanceTest { // @formatter:on // finally, the new customer was not created - context.define("superuser-fran@hostsharing.net"); + context.define(TEMP, "superuser-fran@hostsharing.net", null); assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0); } @@ -208,7 +209,7 @@ class TestCustomerControllerAcceptanceTest { // @formatter:on // finally, the new customer was not created - context.define("superuser-fran@hostsharing.net"); + context.define(TEMP, "superuser-fran@hostsharing.net", null); assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0); } @@ -236,7 +237,7 @@ class TestCustomerControllerAcceptanceTest { @AfterEach void cleanup() { jpaAttempt.transacted(() -> { - context.define("superuser-alex@hostsharing.net", null); + context.define(TEMP, "superuser-alex@hostsharing.net", null); em.createQuery("DELETE FROM TestCustomerEntity c WHERE c.reference < 99900").executeUpdate(); }).assertSuccessful(); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java index a5e89330..9d1d52c2 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java @@ -16,6 +16,7 @@ import org.springframework.transaction.annotation.Transactional; import java.util.UUID; import static java.lang.String.format; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static org.assertj.core.api.Assertions.assertThat; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.is; @@ -188,7 +189,7 @@ class TestPackageControllerAcceptanceTest { } String getDescriptionOfPackage(final String packageName) { - context.define("superuser-alex@hostsharing.net","test_customer#xxx:ADMIN"); + context.define(TEMP, "superuser-alex@hostsharing.net","test_customer#xxx:ADMIN"); return testPackageRepository.findAllByOptionalNameLike(packageName).get(0).getDescription(); } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java index a8fd8a50..387a9a53 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java @@ -16,6 +16,7 @@ import jakarta.persistence.PersistenceContext; import jakarta.servlet.http.HttpServletRequest; import java.util.List; +import static net.hostsharing.hsadminng.context.Context.Scope.TEMP; import static org.assertj.core.api.Assertions.assertThat; @DataJpaTest @@ -41,7 +42,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest { public void globalAdmin_withoutAssumedRole_canNotViewAnyPackages_becauseThoseGrantsAreNotAssumed() { // given // alex is not just global-admin but lso the creating user, thus we use fran - context.define("superuser-fran@hostsharing.net"); + context.define(TEMP, "superuser-fran@hostsharing.net", null); // when final var result = testPackageRepository.findAllByOptionalNameLike(null); @@ -52,20 +53,20 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest { @Test public void globalAdmin_withAssumedglobalAdminRole__canNotViewAnyPackages_becauseThoseGrantsAreNotAssumed() { - given: - context.define("superuser-alex@hostsharing.net", "global#global:ADMIN"); + // given + context.define(TEMP, "superuser-alex@hostsharing.net", "global#global:ADMIN"); // when final var result = testPackageRepository.findAllByOptionalNameLike(null); - then: + // then noPackagesAreReturned(result); } @Test public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnPackages() { // given: - context.define("customer-admin@xxx.example.com"); + context.define(TEMP, "customer-admin@xxx.example.com", null); // when: final var result = testPackageRepository.findAllByOptionalNameLike(null); @@ -76,7 +77,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest { @Test public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnPackages() { - context.define("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN"); + context.define(TEMP, "customer-admin@xxx.example.com", "test_package#xxx00:ADMIN"); final var result = testPackageRepository.findAllByOptionalNameLike(null); @@ -123,7 +124,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest { } private void globalAdminWithAssumedRole(final String assumedRoles) { - context.define("superuser-alex@hostsharing.net", assumedRoles); + context.define(TEMP, "superuser-alex@hostsharing.net", assumedRoles); } void noPackagesAreReturned(final List actualResult) {