RBAC object scope to replace serialID (WIP)

src/main/java/net/hostsharing/hsadminng/context/Context.java

@@ -24,6 +24,10 @@ import static org.springframework.transaction.annotation.Propagation.MANDATORY;
 @AllArgsConstructor
 public class Context {
 
+    public enum Scope {
+        BASE, TEST, TEMP, PROD;
+    }
+
     private static final Set<String> HEADERS_TO_IGNORE = Set.of(
             "accept-encoding",
             "connection",
@@ -38,28 +42,31 @@ public class Context {
     private HttpServletRequest request;
 
     @Transactional(propagation = MANDATORY)
-    public void define(final String currentUser) {
+    public void define(final Scope scope, final String currentUser) {
-        define(currentUser, null);
+        define(scope, currentUser, null);
     }
 
     @Transactional(propagation = MANDATORY)
-    public void define(final String currentUser, final String assumedRoles) {
+    public void define(final Scope scope, final String currentUser, final String assumedRoles) {
-        define(toTask(request), toCurl(request), currentUser, assumedRoles);
+        define(scope, toTask(request), toCurl(request), currentUser, assumedRoles);
     }
 
     @Transactional(propagation = MANDATORY)
     public void define(
+            final Scope currentScope,
             final String currentTask,
             final String currentRequest,
             final String currentUser,
             final String assumedRoles) {
         final var query = em.createNativeQuery("""
                 call defineContext(
+                    cast(:currentScope as RbacObjectScope),
                     cast(:currentTask as varchar(127)),
                     cast(:currentRequest as text),
                     cast(:currentUser as varchar(63)),
                     cast(:assumedRoles as varchar(1023)));
                 """);
+        query.setParameter("currentScope", currentScope.name());
         query.setParameter("currentTask", shortenToMaxLength(currentTask, 127));
         query.setParameter("currentRequest", currentRequest);
         query.setParameter("currentUser", currentUser);

src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java

@@ -17,6 +17,7 @@ import java.util.List;
 import java.util.UUID;
 import java.util.function.BiConsumer;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
 import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateRange;
 
 @RestController
@@ -37,7 +38,7 @@ public class HsBookingItemController implements HsBookingItemsApi {
             final String currentUser,
             final String assumedRoles,
             final UUID debitorUuid) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entities = bookingItemRepo.findAllByDebitorUuid(debitorUuid);
 
@@ -52,7 +53,7 @@ public class HsBookingItemController implements HsBookingItemsApi {
             final String assumedRoles,
             final HsBookingItemInsertResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entityToSave = mapper.map(body, HsBookingItemEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
 
@@ -74,7 +75,7 @@ public class HsBookingItemController implements HsBookingItemsApi {
             final String assumedRoles,
             final UUID bookingItemUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = bookingItemRepo.findByUuid(bookingItemUuid);
         return result
@@ -89,7 +90,7 @@ public class HsBookingItemController implements HsBookingItemsApi {
             final String currentUser,
             final String assumedRoles,
             final UUID bookingItemUuid) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = bookingItemRepo.deleteByUuid(bookingItemUuid);
         return result == 0
@@ -105,7 +106,7 @@ public class HsBookingItemController implements HsBookingItemsApi {
             final UUID bookingItemUuid,
             final HsBookingItemPatchResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var current = bookingItemRepo.findByUuid(bookingItemUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java

@@ -18,6 +18,7 @@ import java.util.List;
 import java.util.UUID;
 import java.util.function.BiConsumer;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
 
 @RestController
 public class HsHostingAssetController implements HsHostingAssetsApi {
@@ -37,7 +38,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
             final String currentUser,
             final String assumedRoles,
             final UUID debitorUuid) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entities = assetRepo.findAllByDebitorUuid(debitorUuid);
 
@@ -53,7 +54,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
             final String assumedRoles,
             final HsHostingAssetInsertResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entityToSave = mapper.map(body, HsHostingAssetEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
 
@@ -75,7 +76,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
             final String assumedRoles,
             final UUID serverUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = assetRepo.findByUuid(serverUuid);
         return result
@@ -90,7 +91,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
             final String currentUser,
             final String assumedRoles,
             final UUID serverUuid) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = assetRepo.deleteByUuid(serverUuid);
         return result == 0
@@ -106,7 +107,7 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
             final UUID serverUuid,
             final HsHostingAssetPatchResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var current = assetRepo.findByUuid(serverUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java

@@ -16,6 +16,8 @@ import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBui
 import java.util.List;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
+
 @RestController
 
 public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
@@ -35,7 +37,7 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
             final String currentUser,
             final String assumedRoles,
             final String holder) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entities = bankAccountRepo.findByOptionalHolderLike(holder);
 
@@ -50,7 +52,7 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
             final String assumedRoles,
             final HsOfficeBankAccountInsertResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         IbanUtil.validate(body.getIban());
         BicUtil.validate(body.getBic());
@@ -76,7 +78,7 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
             final String assumedRoles,
             final UUID bankAccountUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = bankAccountRepo.findByUuid(bankAccountUuid);
         if (result.isEmpty()) {
@@ -91,7 +93,7 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
             final String currentUser,
             final String assumedRoles,
             final UUID BankAccountUuid) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = bankAccountRepo.deleteByUuid(BankAccountUuid);
         if (result == 0) {

src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java

@@ -16,6 +16,7 @@ import java.util.List;
 import java.util.UUID;
 import java.util.function.BiConsumer;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
 import static net.hostsharing.hsadminng.mapper.KeyValueMap.from;
 
 @RestController
@@ -37,7 +38,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
             final String currentUser,
             final String assumedRoles,
             final String label) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entities = contactRepo.findContactByOptionalLabelLike(label);
 
@@ -52,7 +53,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
             final String assumedRoles,
             final HsOfficeContactInsertResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entityToSave = mapper.map(body, HsOfficeContactEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
 
@@ -74,7 +75,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
             final String assumedRoles,
             final UUID contactUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = contactRepo.findByUuid(contactUuid);
         if (result.isEmpty()) {
@@ -89,7 +90,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
             final String currentUser,
             final String assumedRoles,
             final UUID contactUuid) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = contactRepo.deleteByUuid(contactUuid);
         if (result == 0) {
@@ -107,7 +108,7 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
             final UUID contactUuid,
             final HsOfficeContactPatchResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var current = contactRepo.findByUuid(contactUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java

@@ -21,6 +21,7 @@ import java.util.UUID;
 import java.util.function.BiConsumer;
 
 import static java.lang.String.join;
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
 import static net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeCoopAssetsTransactionTypeResource.*;
 
 @RestController
@@ -43,7 +44,7 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse
             final UUID membershipUuid,
             final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate,
             final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entities = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
                 membershipUuid,
@@ -61,7 +62,7 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse
             final String assumedRoles,
             final HsOfficeCoopAssetsTransactionInsertResource requestBody) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
         validate(requestBody);
 
         final var entityToSave = mapper.map(requestBody, HsOfficeCoopAssetsTransactionEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
@@ -82,7 +83,7 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse
     public ResponseEntity<HsOfficeCoopAssetsTransactionResource> getCoopAssetTransactionByUuid(
         final String currentUser, final String assumedRoles, final UUID assetTransactionUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = coopAssetsTransactionRepo.findByUuid(assetTransactionUuid);
         if (result.isEmpty()) {

src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java

@@ -22,6 +22,7 @@ import java.util.UUID;
 import java.util.function.BiConsumer;
 
 import static java.lang.String.join;
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
 import static net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeCoopSharesTransactionTypeResource.CANCELLATION;
 import static net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeCoopSharesTransactionTypeResource.SUBSCRIPTION;
 
@@ -45,7 +46,7 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar
             final UUID membershipUuid,
             final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate,
             final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entities = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(
                 membershipUuid,
@@ -63,7 +64,7 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar
             final String assumedRoles,
             final HsOfficeCoopSharesTransactionInsertResource requestBody) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
         validate(requestBody);
 
         final var entityToSave = mapper.map(requestBody, HsOfficeCoopSharesTransactionEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
@@ -84,7 +85,7 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar
     public ResponseEntity<HsOfficeCoopSharesTransactionResource> getCoopShareTransactionByUuid(
         final String currentUser, final String assumedRoles, final UUID shareTransactionUuid) {
 
-            context.define(currentUser, assumedRoles);
+            context.define(PROD, currentUser, assumedRoles);
 
             final var result = coopSharesTransactionRepo.findByUuid(shareTransactionUuid);
             if (result.isEmpty()) {

src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java

@@ -22,6 +22,7 @@ import jakarta.persistence.PersistenceContext;
 import java.util.List;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
 import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR;
 
 @RestController
@@ -50,7 +51,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
             final String assumedRoles,
             final String name,
             final Integer debitorNumber) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entities = debitorNumber != null
                 ? debitorRepo.findDebitorByDebitorNumber(debitorNumber)
@@ -67,7 +68,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
             String assumedRoles,
             HsOfficeDebitorInsertResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         Validate.isTrue(body.getDebitorRel() == null || body.getDebitorRelUuid() == null,
                 "ERROR: [400] exactly one of debitorRel and debitorRelUuid must be supplied, but found both");
@@ -111,7 +112,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
             final String assumedRoles,
             final UUID debitorUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = debitorRepo.findByUuid(debitorUuid);
         if (result.isEmpty()) {
@@ -126,7 +127,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
             final String currentUser,
             final String assumedRoles,
             final UUID debitorUuid) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = debitorRepo.deleteByUuid(debitorUuid);
         if (result == 0) {
@@ -144,7 +145,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
             final UUID debitorUuid,
             final HsOfficeDebitorPatchResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var current = debitorRepo.findByUuid(debitorUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java

@@ -16,6 +16,8 @@ import java.util.List;
 import java.util.UUID;
 import java.util.function.BiConsumer;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
+
 @RestController
 
 public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
@@ -36,7 +38,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
             final String assumedRoles,
             UUID partnerUuid,
             Integer memberNumber) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entities = ( memberNumber != null)
                     ? List.of(membershipRepo.findMembershipByMemberNumber(memberNumber))
@@ -54,7 +56,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
             final String assumedRoles,
             final HsOfficeMembershipInsertResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entityToSave = mapper.map(body, HsOfficeMembershipEntity.class);
 
@@ -77,7 +79,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
             final String assumedRoles,
             final UUID membershipUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = membershipRepo.findByUuid(membershipUuid);
         if (result.isEmpty()) {
@@ -93,7 +95,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
             final String currentUser,
             final String assumedRoles,
             final UUID membershipUuid) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = membershipRepo.deleteByUuid(membershipUuid);
         if (result == 0) {
@@ -111,7 +113,7 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
             final UUID membershipUuid,
             final HsOfficeMembershipPatchResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var current = membershipRepo.findByUuid(membershipUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java

@@ -26,6 +26,7 @@ import jakarta.persistence.PersistenceContext;
 import java.util.List;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
 import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.EX_PARTNER;
 
 @RestController
@@ -53,7 +54,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
             final String currentUser,
             final String assumedRoles,
             final String name) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entities = partnerRepo.findPartnerByOptionalNameLike(name);
 
@@ -68,7 +69,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
             final String assumedRoles,
             final HsOfficePartnerInsertResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entityToSave = createPartnerEntity(body);
 
@@ -90,7 +91,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
             final String assumedRoles,
             final UUID partnerUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = partnerRepo.findByUuid(partnerUuid);
         if (result.isEmpty()) {
@@ -105,7 +106,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
             final String currentUser,
             final String assumedRoles,
             final UUID partnerUuid) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var partnerToDelete = partnerRepo.findByUuid(partnerUuid);
         if (partnerToDelete.isEmpty()) {
@@ -127,7 +128,7 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
             final UUID partnerUuid,
             final HsOfficePartnerPatchResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var current = partnerRepo.findByUuid(partnerUuid).orElseThrow();
         final var previousPartnerRel = current.getPartnerRel();

src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java

@@ -15,6 +15,8 @@ import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBui
 import java.util.List;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
+
 @RestController
 
 public class HsOfficePersonController implements HsOfficePersonsApi {
@@ -34,7 +36,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
             final String currentUser,
             final String assumedRoles,
             final String label) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entities = personRepo.findPersonByOptionalNameLike(label);
 
@@ -49,7 +51,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
             final String assumedRoles,
             final HsOfficePersonInsertResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entityToSave = mapper.map(body, HsOfficePersonEntity.class);
 
@@ -71,7 +73,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
             final String assumedRoles,
             final UUID personUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = personRepo.findByUuid(personUuid);
         if (result.isEmpty()) {
@@ -86,7 +88,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
             final String currentUser,
             final String assumedRoles,
             final UUID personUuid) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = personRepo.deleteByUuid(personUuid);
         if (result == 0) {
@@ -104,7 +106,7 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
             final UUID personUuid,
             final HsOfficePersonPatchResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var current = personRepo.findByUuid(personUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java

@@ -19,6 +19,7 @@ import java.util.NoSuchElementException;
 import java.util.UUID;
 import java.util.function.BiConsumer;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
 
 @RestController
 
@@ -49,7 +50,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
             final String assumedRoles,
             final UUID personUuid,
             final HsOfficeRelationTypeResource relationType) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entities = relationRepo.findRelationRelatedToPersonUuidAndRelationType(personUuid,
                 mapper.map(relationType, HsOfficeRelationType.class));
@@ -66,7 +67,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
             final String assumedRoles,
             final HsOfficeRelationInsertResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entityToSave = new HsOfficeRelationEntity();
         entityToSave.setType(HsOfficeRelationType.valueOf(body.getType()));
@@ -100,7 +101,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
             final String assumedRoles,
             final UUID relationUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = relationRepo.findByUuid(relationUuid);
         if (result.isEmpty()) {
@@ -115,7 +116,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
             final String currentUser,
             final String assumedRoles,
             final UUID relationUuid) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = relationRepo.deleteByUuid(relationUuid);
         if (result == 0) {
@@ -133,7 +134,7 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
             final UUID relationUuid,
             final HsOfficeRelationPatchResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var current = relationRepo.findByUuid(relationUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java

@@ -18,6 +18,7 @@ import java.util.List;
 import java.util.UUID;
 import java.util.function.BiConsumer;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
 import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateRange;
 
 @RestController
@@ -42,7 +43,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
             final String currentUser,
             final String assumedRoles,
             final String iban) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entities = sepaMandateRepo.findSepaMandateByOptionalIban(iban);
 
@@ -58,7 +59,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
             final String assumedRoles,
             final HsOfficeSepaMandateInsertResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var entityToSave = mapper.map(body, HsOfficeSepaMandateEntity.class, SEPA_MANDATE_RESOURCE_TO_ENTITY_POSTMAPPER);
 
@@ -81,7 +82,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
             final String assumedRoles,
             final UUID sepaMandateUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = sepaMandateRepo.findByUuid(sepaMandateUuid);
         if (result.isEmpty()) {
@@ -97,7 +98,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
             final String currentUser,
             final String assumedRoles,
             final UUID sepaMandateUuid) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = sepaMandateRepo.deleteByUuid(sepaMandateUuid);
         if (result == 0) {
@@ -115,7 +116,7 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
             final UUID sepaMandateUuid,
             final HsOfficeSepaMandatePatchResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var current = sepaMandateRepo.findByUuid(sepaMandateUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java

@@ -67,7 +67,7 @@ public class InsertTriggerGenerator {
                         declare
                             row ${rawSuperTable};
                         begin
-                            call defineContext('create INSERT INTO ${rawSubTable} permissions for pre-exising ${rawSuperTable} rows');
+                            call defineContext('PROD', 'create INSERT INTO ${rawSubTable} permissions for pre-exising ${rawSuperTable} rows');
                                 
                             FOR row IN SELECT * FROM ${rawSuperTable}
                                 ${whenCondition}

src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java

@@ -15,6 +15,8 @@ import jakarta.persistence.PersistenceContext;
 import java.util.List;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
+
 @RestController
 public class RbacGrantController implements RbacGrantsApi {
 
@@ -38,7 +40,7 @@ public class RbacGrantController implements RbacGrantsApi {
             final UUID grantedRoleUuid,
             final UUID granteeUserUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var id = new RbacGrantId(granteeUserUuid, grantedRoleUuid);
         final var result = rbacGrantRepository.findById(id);
@@ -54,7 +56,7 @@ public class RbacGrantController implements RbacGrantsApi {
             final String currentUser,
             final String assumedRoles) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         return ResponseEntity.ok(mapper.mapList(rbacGrantRepository.findAll(), RbacGrantResource.class));
     }
@@ -66,7 +68,7 @@ public class RbacGrantController implements RbacGrantsApi {
             final String assumedRoles,
             final RbacGrantResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var granted = rbacGrantRepository.save(mapper.map(body, RbacGrantEntity.class));
         em.flush();
@@ -88,7 +90,7 @@ public class RbacGrantController implements RbacGrantsApi {
             final UUID grantedRoleUuid,
             final UUID granteeUserUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         rbacGrantRepository.deleteByRbacGrantId(new RbacGrantId(granteeUserUuid, grantedRoleUuid));
 

src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java

@@ -11,6 +11,8 @@ import org.springframework.web.bind.annotation.RestController;
 
 import java.util.List;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
+
 @RestController
 public class RbacRoleController implements RbacRolesApi {
 
@@ -29,7 +31,7 @@ public class RbacRoleController implements RbacRolesApi {
             final String currentUser,
             final String assumedRoles) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final List<RbacRoleEntity> result = rbacRoleRepository.findAll();
 

src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java

@@ -14,6 +14,8 @@ import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBui
 import java.util.List;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
+
 @RestController
 public class RbacUserController implements RbacUsersApi {
 
@@ -31,7 +33,7 @@ public class RbacUserController implements RbacUsersApi {
     public ResponseEntity<RbacUserResource> createUser(
             final RbacUserResource body
     ) {
-        context.define(null);
+        context.define(PROD, null);
 
         if (body.getUuid() == null) {
             body.setUuid(UUID.randomUUID());
@@ -53,7 +55,7 @@ public class RbacUserController implements RbacUsersApi {
             final String assumedRoles,
             final UUID userUuid
     ) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         rbacUserRepository.deleteByUuid(userUuid);
 
@@ -67,7 +69,7 @@ public class RbacUserController implements RbacUsersApi {
             final String assumedRoles,
             final UUID userUuid) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = rbacUserRepository.findByUuid(userUuid);
         if (result == null) {
@@ -83,7 +85,7 @@ public class RbacUserController implements RbacUsersApi {
             final String assumedRoles,
             final String userName
     ) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         return ResponseEntity.ok(mapper.mapList(rbacUserRepository.findByOptionalNameLike(userName), RbacUserResource.class));
     }
@@ -95,7 +97,7 @@ public class RbacUserController implements RbacUsersApi {
             final String assumedRoles,
             final UUID userUuid
     ) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         return ResponseEntity.ok(mapper.mapList(
                 rbacUserRepository.findPermissionsOfUserByUuid(userUuid),

src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java

@@ -14,6 +14,8 @@ import jakarta.persistence.EntityManager;
 import jakarta.persistence.PersistenceContext;
 import java.util.List;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
+
 @RestController
 public class TestCustomerController implements TestCustomersApi {
 
@@ -36,7 +38,7 @@ public class TestCustomerController implements TestCustomersApi {
             String assumedRoles,
             String prefix
     ) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(prefix);
 
@@ -50,7 +52,7 @@ public class TestCustomerController implements TestCustomersApi {
             final String assumedRoles,
             final TestCustomerResource customer) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var saved = testCustomerRepository.save(mapper.map(customer, TestCustomerEntity.class));
         final var uri =

src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java

@@ -14,6 +14,8 @@ import org.springframework.web.bind.annotation.RestController;
 import java.util.List;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.PROD;
+
 @RestController
 public class TestPackageController implements TestPackagesApi {
 
@@ -33,7 +35,7 @@ public class TestPackageController implements TestPackagesApi {
             String assumedRoles,
             String name
     ) {
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var result = testPackageRepository.findAllByOptionalNameLike(name);
         return ResponseEntity.ok(mapper.mapList(result, TestPackageResource.class));
@@ -47,7 +49,7 @@ public class TestPackageController implements TestPackagesApi {
             final UUID packageUuid,
             final TestPackageUpdateResource body) {
 
-        context.define(currentUser, assumedRoles);
+        context.define(PROD, currentUser, assumedRoles);
 
         final var current = testPackageRepository.findByUuid(packageUuid);
         OptionalFromJson.of(body.getDescription()).ifPresent(current::setDescription);

src/main/resources/db/changelog/0-basis/010-context.sql

@@ -5,11 +5,23 @@
 --changeset context-DEFINE:1 endDelimiter:--//
 -- ----------------------------------------------------------------------------
 
+
+/**
+  Determines the purpose and therefore the life span of an RbacObject.
+ */
+CREATE TYPE RbacObjectScope AS ENUM (
+    'BASE', -- initial data which needs to be kept in production systems
+    'TEST', -- initial test data created via Liquibase, should be removed in production systems
+    'TEMP', -- temporary test data created by test scripts, should be removed in production systems
+    'PROD'  -- production data which was added after system initialization
+    );
+
 /*
     Callback which is called after the context has been (re-) defined.
     This function will be overwritten by later changesets.
  */
 create procedure contextDefined(
+    currentScope RbacObjectScope,
     currentTask varchar(127),
     currentRequest text,
     currentUser varchar(63),
@@ -23,6 +35,7 @@ end; $$;
     Defines the transaction context.
  */
 create or replace procedure defineContext(
+    currentScope RbacObjectScope,
     currentTask varchar(127),
     currentRequest text = null,
     currentUser varchar(63) = null,
@@ -30,6 +43,8 @@ create or replace procedure defineContext(
 )
     language plpgsql as $$
 begin
+    execute format('set local hsadminng.currentScope to %L', currentScope);
+
     currentTask := coalesce(currentTask, '');
     assert length(currentTask) <= 127, FORMAT('currentTask must not be longer than 127 characters: "%s"', currentTask);
     assert length(currentTask) >= 12, FORMAT('currentTask must be at least 12 characters long: "%s""', currentTask);
@@ -46,7 +61,35 @@ begin
     assert length(assumedRoles) <= 1023, FORMAT('assumedRoles must not be longer than 1023 characters: "%s"', assumedRoles);
     execute format('set local hsadminng.assumedRoles to %L', assumedRoles);
 
-    call contextDefined(currentTask, currentRequest, currentUser, assumedRoles);
+    call contextDefined(currentScope, currentTask, currentRequest, currentUser, assumedRoles);
+end; $$;
+--//
+
+
+-- ============================================================================
+--changeset context-CURRENT-SCOPE:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+/*
+    Returns the current scope as set via defineContext(...) to `hsadminng.currentScope`.
+    Raises exception if not set.
+ */
+create or replace function currentScope()
+    returns RbacObjectScope
+    stable -- leakproof
+    language plpgsql as $$
+declare
+    currentScope varchar;
+begin
+    begin
+        currentScope := current_setting('hsadminng.currentScope');
+    exception
+        when others then
+            currentScope := null;
+    end;
+    if (currentScope is null or currentScope = '') then
+        raise exception '[401] currentScope must be defined, please call `defineContext(...)`';
+    end if;
+    return currentScope::RbacObjectScope;
 end; $$;
 --//
 
@@ -55,7 +98,7 @@ end; $$;
 --changeset context-CURRENT-TASK:1 endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
-    Returns the current task as set by `hsadminng.currentTask`.
+    Returns the current task as set set via defineContext(...) to `hsadminng.currentTask`.
     Raises exception if not set.
  */
 create or replace function currentTask()

src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql

@@ -91,13 +91,17 @@ $$;
 -- ============================================================================
 --changeset rbac-base-OBJECT:1 endDelimiter:--//
 -- ----------------------------------------------------------------------------
-/*
 
+/*
+    Represents database row under RBAC control within the RBAC-system.
+
+    The actual row resists in the database table referenced by  `objectTable`.
  */
 create table RbacObject
 (
     uuid        uuid primary key default uuid_generate_v4(),
-    serialId    serial, -- TODO: we might want to remove this once test data deletion works properly
+    scope       RbacObjectScope not null,
+    serialId    serial, -- only set for TEMP scope to clean up temp test data in reverse order
     objectTable varchar(64) not null,
     unique (objectTable, uuid)
 );
@@ -120,18 +124,21 @@ create or replace function insertRelatedRbacObject()
     strict as $$
 declare
     objectUuid uuid;
+    scope RbacObjectScope;
 begin
+    scope := currentScope();
+
     if TG_OP = 'INSERT' then
         if NEW.uuid is null then
             insert
-                into RbacObject (objectTable)
+                into RbacObject (scope, objectTable)
-                values (TG_TABLE_NAME)
+                values (scope, TG_TABLE_NAME)
                 returning uuid into objectUuid;
             NEW.uuid = objectUuid;
         else
             insert
-                into RbacObject (uuid, objectTable)
+                into RbacObject (uuid, scope, objectTable)
-                values (NEW.uuid, TG_TABLE_NAME)
+                values (NEW.uuid, scope, TG_TABLE_NAME)
                 returning uuid into objectUuid;
         end if;
         return NEW;

src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql

@@ -85,6 +85,7 @@ end; $$;
     This function will be overwritten by later changesets.
  */
 create or replace procedure contextDefined(
+    currentScope RbacObjectScope,
     currentTask varchar(127),
     currentRequest text,
     currentUser varchar(63),
@@ -94,6 +95,8 @@ create or replace procedure contextDefined(
 declare
     currentUserUuid uuid;
 begin
+    execute format('set local hsadminng.currentScope to %L', currentScope);
+
     execute format('set local hsadminng.currentTask to %L', currentTask);
 
     execute format('set local hsadminng.currentRequest to %L', currentRequest);

src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql

@@ -94,9 +94,9 @@ $$;
   A single row to be referenced as a global object.
  */
 begin transaction;
-call defineContext('initializing table "global"', null, null, null);
+call defineContext('BASE'::RbacObjectScope, 'initializing table "global"', null, null, null);
 insert
-    into RbacObject (objecttable) values ('global');
+    into RbacObject (scope, objecttable) values (currentScope(), 'global');
 insert
     into Global (uuid, name) values ((select uuid from RbacObject where objectTable = 'global'), 'global');
 commit;
@@ -118,7 +118,7 @@ select 'global', (select uuid from RbacObject where objectTable = 'global'), 'AD
 $$;
 
 begin transaction;
-    call defineContext('creating role:global#global:ADMIN', null, null, null);
+    call defineContext('BASE'::RbacObjectScope, 'creating role:global#global:ADMIN', null, null, null);
     select createRole(globalAdmin());
 commit;
 --//
@@ -139,7 +139,7 @@ select 'global', (select uuid from RbacObject where objectTable = 'global'), 'GU
 $$;
 
 begin transaction;
-    call defineContext('creating role:global#global:guest', null, null, null);
+    call defineContext('BASE'::RbacObjectScope, 'creating role:global#global:guest', null, null, null);
     select createRole(globalGuest());
 commit;
 --//
@@ -155,7 +155,7 @@ do language plpgsql $$
     declare
         admins uuid ;
     begin
-        call defineContext('creating fake test-realm admin users', null, null, null);
+        call defineContext('TEST'::RbacObjectScope, 'creating fake test-realm admin users', null, null, null);
 
         admins = findRoleId(globalAdmin());
         call grantRoleToUserUnchecked(admins, admins, createRbacUser('superuser-alex@hostsharing.net'));
@@ -179,13 +179,13 @@ do language plpgsql $$
     declare
         userName varchar;
     begin
-        call defineContext('testing currentUserUuid', null, 'superuser-fran@hostsharing.net', null);
+        call defineContext('TEST'::RbacObjectScope, 'testing currentUserUuid', null, 'superuser-fran@hostsharing.net', null);
         select userName from RbacUser where uuid = currentUserUuid() into userName;
         if userName <> 'superuser-fran@hostsharing.net' then
             raise exception 'setting or fetching initial currentUser failed, got: %', userName;
         end if;
 
-        call defineContext('testing currentUserUuid', null, 'superuser-alex@hostsharing.net', null);
+        call defineContext('TEST'::RbacObjectScope, 'testing currentUserUuid', null, 'superuser-alex@hostsharing.net', null);
         select userName from RbacUser where uuid = currentUserUuid() into userName;
         if userName = 'superuser-alex@hostsharing.net' then
             raise exception 'currentUser should not change in one transaction, but did change, got: %', userName;

src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql

@@ -89,7 +89,7 @@ do language plpgsql $$
     declare
         row global;
     begin
-        call defineContext('create INSERT INTO test_customer permissions for pre-exising global rows');
+        call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO test_customer permissions for pre-exising global rows');
 
         FOR row IN SELECT * FROM global
             -- unconditional for all rows in that table

src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql

@@ -32,7 +32,7 @@ declare
     newCust       test_customer;
 begin
     currentTask = 'creating RBAC test customer #' || custReference || '/' || custPrefix;
-    call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
+    call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
     execute format('set local hsadminng.currentTask to %L', currentTask);
 
     custRowId = uuid_generate_v4();

src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql

@@ -154,7 +154,7 @@ do language plpgsql $$
     declare
         row test_customer;
     begin
-        call defineContext('create INSERT INTO test_package permissions for pre-exising test_customer rows');
+        call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO test_package permissions for pre-exising test_customer rows');
 
         FOR row IN SELECT * FROM test_customer
             -- unconditional for all rows in that table

src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql

@@ -26,7 +26,7 @@ begin
 
             custAdminUser = 'customer-admin@' || cust.prefix || '.example.com';
             custAdminRole = 'test_customer#' || cust.prefix || ':ADMIN';
-            call defineContext(currentTask, null, 'superuser-fran@hostsharing.net', custAdminRole);
+            call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-fran@hostsharing.net', custAdminRole);
             raise notice 'task: % by % as %', currentTask, custAdminUser, custAdminRole;
 
             insert

src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql

@@ -153,7 +153,7 @@ do language plpgsql $$
     declare
         row test_package;
     begin
-        call defineContext('create INSERT INTO test_domain permissions for pre-exising test_package rows');
+        call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO test_domain permissions for pre-exising test_package rows');
 
         FOR row IN SELECT * FROM test_package
             -- unconditional for all rows in that table

src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql

@@ -24,7 +24,7 @@ begin
             currentTask = 'creating RBAC test domain #' || t || ' for package ' || pac.name || ' #' || pac.uuid;
             raise notice 'task: %', currentTask;
             pacAdmin = 'pac-admin-' || pac.name || '@' || pac.custPrefix || '.example.com';
-            call defineContext(currentTask, null, pacAdmin, null);
+            call defineContext('TEST'::RbacObjectScope, currentTask, null, pacAdmin, null);
 
             insert
                 into test_domain (name, packageUuid)

src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql

@@ -40,7 +40,8 @@ ALTER TABLE hs_office_contact_legacy_id
 --changeset hs-office-contact-MIGRATION-insert:1 endDelimiter:--//
 -- ----------------------------------------------------------------------------
 
-CALL defineContext('schema-migration');
+-- at this point only contact rows in scope TEST exist
+CALL defineContext('TEST'::RbacObjectScope, 'schema-migration');
 INSERT INTO hs_office_contact_legacy_id(uuid, contact_id)
     SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact;
 --/

src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql

@@ -19,9 +19,9 @@ begin
     execute format('set local hsadminng.currentTask to %L', currentTask);
 
     emailAddr = 'contact-admin@' || cleanIdentifier(contLabel) || '.example.com';
-    call defineContext(currentTask);
+    call defineContext('TEST'::RbacObjectScope, currentTask);
     perform createRbacUser(emailAddr);
-    call defineContext(currentTask, null, emailAddr);
+    call defineContext('TEST'::RbacObjectScope, currentTask, null, emailAddr);
 
     postalAddr := E'Vorname Nachname\nStraße Hnr\nPLZ Stadt';
 

src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql

@@ -23,9 +23,9 @@ begin
     fullName := concat_ws(', ', newTradeName, newFamilyName, newGivenName);
     currentTask = 'creating person test-data ' || fullName;
     emailAddr = 'person-' || left(cleanIdentifier(fullName), 32) || '@example.com';
-    call defineContext(currentTask);
+    call defineContext('TEST'::RbacObjectScope, currentTask);
     perform createRbacUser(emailAddr);
-    call defineContext(currentTask, null, emailAddr);
+    call defineContext('TEST'::RbacObjectScope, currentTask, null, emailAddr);
     execute format('set local hsadminng.currentTask to %L', currentTask);
 
     raise notice 'creating test person: % by %', fullName, emailAddr;

src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql

@@ -163,7 +163,8 @@ do language plpgsql $$
     declare
         row hs_office_person;
     begin
-        call defineContext('create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows');
+        -- at this point, all existing relation rows are in scope TEST
+        call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows');
 
         FOR row IN SELECT * FROM hs_office_person
             -- unconditional for all rows in that table

src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql

@@ -25,7 +25,7 @@ declare
 begin
     idName := cleanIdentifier( anchorPersonName || '-' || holderPersonName);
     currentTask := 'creating relation test-data ' || idName;
-    call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
+    call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
     execute format('set local hsadminng.currentTask to %L', currentTask);
 
     select p.*

src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql

@@ -166,7 +166,8 @@ do language plpgsql $$
     declare
         row global;
     begin
-        call defineContext('create INSERT INTO hs_office_partner permissions for pre-exising global rows');
+        -- global rows are in scope BASE, therefore also this is run in scope BASE
+        call defineContext('BASE'::RbacObjectScope, 'create INSERT INTO hs_office_partner permissions for pre-exising global rows');
 
         FOR row IN SELECT * FROM global
             -- unconditional for all rows in that table

src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql

@@ -70,7 +70,8 @@ do language plpgsql $$
     declare
         row global;
     begin
-        call defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising global rows');
+        -- at this point, all existing partner rows are in scope TEST
+        call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_partner_details permissions for pre-exising global rows');
 
         FOR row IN SELECT * FROM global
             -- unconditional for all rows in that table

src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql

@@ -39,7 +39,8 @@ ALTER TABLE hs_office_partner_legacy_id
 --changeset hs-office-partner-MIGRATION-insert:1 endDelimiter:--//
 -- ----------------------------------------------------------------------------
 
-CALL defineContext('schema-migration');
+-- at this point, only partner rows in scope TEST exist
+CALL defineContext('TEST'::RbacObjectScope, 'schema-migration');
 INSERT INTO hs_office_partner_legacy_id(uuid, bp_id)
     SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner;
 --/

src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql

@@ -24,7 +24,7 @@ declare
 begin
     idName := cleanIdentifier( partnerPersonName|| '-' || contactLabel);
     currentTask := 'creating partner test-data ' || idName;
-    call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
+    call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
     execute format('set local hsadminng.currentTask to %L', currentTask);
 
     select p.* from hs_office_person p

src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql

@@ -18,9 +18,9 @@ begin
     execute format('set local hsadminng.currentTask to %L', currentTask);
 
     emailAddr = 'bankaccount-admin@' || cleanIdentifier(givenHolder) || '.example.com';
-    call defineContext(currentTask);
+    call defineContext('TEST'::RbacObjectScope, currentTask);
     perform createRbacUser(emailAddr);
-    call defineContext(currentTask, null, emailAddr);
+    call defineContext('TEST'::RbacObjectScope, currentTask, null, emailAddr);
 
     raise notice 'creating test bankaccount: %', givenHolder;
     insert

src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql

@@ -139,7 +139,8 @@ do language plpgsql $$
     declare
         row global;
     begin
-        call defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising global rows');
+        -- at this point, all existing debitor rows are in scope TEST
+        call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_debitor permissions for pre-exising global rows');
 
         FOR row IN SELECT * FROM global
             -- unconditional for all rows in that table

src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql

@@ -23,7 +23,7 @@ declare
 begin
     idName := cleanIdentifier( forPartnerPersonName|| '-' || forBillingContactLabel);
     currentTask := 'creating debitor test-data ' || idName;
-    call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
+    call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
     execute format('set local hsadminng.currentTask to %L', currentTask);
 
     select debitorRel.uuid

src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql

@@ -114,7 +114,8 @@ do language plpgsql $$
     declare
         row hs_office_relation;
     begin
-        call defineContext('create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows');
+        -- at this point, all existing sepamandate rows are in scope TEST
+        call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows');
 
         FOR row IN SELECT * FROM hs_office_relation
             WHERE type = 'DEBITOR'

src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql

@@ -41,7 +41,8 @@ ALTER TABLE hs_office_sepamandate_legacy_id
 --changeset hs-office-sepamandate-MIGRATION-insert:1 endDelimiter:--//
 -- ----------------------------------------------------------------------------
 
-CALL defineContext('schema-migration');
+-- at this point, all existing sepamandate rows are in scope TEST
+CALL defineContext('TEST'::RbacObjectScope, 'schema-migration');
 INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandate_id)
     SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate;
 --/

src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql

@@ -20,7 +20,7 @@ declare
     relatedBankAccount  hs_office_bankAccount;
 begin
     currentTask := 'creating SEPA-mandate test-data ' || forPartnerNumber::text || forDebitorSuffix::text;
-    call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
+    call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
     execute format('set local hsadminng.currentTask to %L', currentTask);
 
     select debitor.* into relatedDebitor

src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql

@@ -101,7 +101,8 @@ do language plpgsql $$
     declare
         row global;
     begin
-        call defineContext('create INSERT INTO hs_office_membership permissions for pre-exising global rows');
+        -- at this point, all existing membership rows are in scope TEST
+        call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_membership permissions for pre-exising global rows');
 
         FOR row IN SELECT * FROM global
             -- unconditional for all rows in that table

src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql

@@ -19,7 +19,7 @@ begin
     currentTask := 'creating Membership test-data ' ||
                     'P-' || forPartnerNumber::text ||
                     'M-...' || newMemberNumberSuffix;
-    call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
+    call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
     execute format('set local hsadminng.currentTask to %L', currentTask);
 
     select partner.* from hs_office_partner partner

src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql

@@ -77,7 +77,8 @@ do language plpgsql $$
     declare
         row hs_office_membership;
     begin
-        call defineContext('create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows');
+        -- at this point, all existing coopshares rows are in scope TEST
+        call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows');
 
         FOR row IN SELECT * FROM hs_office_membership
             -- unconditional for all rows in that table

src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql

@@ -40,7 +40,8 @@ ALTER TABLE hs_office_coopsharestransaction_legacy_id
 --changeset hs-office-coopshares-MIGRATION-insert:1 endDelimiter:--//
 -- ----------------------------------------------------------------------------
 
-CALL defineContext('schema-migration');
+-- at this point, all existing coopshares rows are in scope TEST
+CALL defineContext('TEST'::RbacObjectScope, 'schema-migration');
 INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id)
     SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction;
 --/

src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql

@@ -22,7 +22,7 @@ begin
     execute format('set local hsadminng.currentTask to %L', currentTask);
     SET CONSTRAINTS ALL DEFERRED;
 
-    call defineContext(currentTask);
+    call defineContext('TEST'::RbacObjectScope, currentTask);
     select m.uuid
         from hs_office_membership m
         join hs_office_partner p on p.uuid = m.partneruuid

src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql

@@ -77,7 +77,8 @@ do language plpgsql $$
     declare
         row hs_office_membership;
     begin
-        call defineContext('create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows');
+        -- at this point, all existing coopassettransaction rows are in scope TEST
+        call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows');
 
         FOR row IN SELECT * FROM hs_office_membership
             -- unconditional for all rows in that table

src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql

@@ -40,7 +40,8 @@ ALTER TABLE hs_office_coopassetstransaction_legacy_id
 --changeset hs-office-coopassets-MIGRATION-insert:1 endDelimiter:--//
 -- ----------------------------------------------------------------------------
 
-CALL defineContext('schema-migration');
+-- at this point, all existing coopassettransaction rows are in scope TEST
+CALL defineContext('TEST'::RbacObjectScope, 'schema-migration');
 INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asset_id)
     SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction;
 --/

src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql

@@ -22,7 +22,7 @@ begin
     execute format('set local hsadminng.currentTask to %L', currentTask);
     SET CONSTRAINTS ALL DEFERRED;
 
-    call defineContext(currentTask);
+    call defineContext('TEST'::RbacObjectScope, currentTask);
     select m.uuid
         from hs_office_membership m
                  join hs_office_partner p on p.uuid = m.partneruuid

src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.sql

@@ -110,7 +110,8 @@ do language plpgsql $$
     declare
         row hs_office_relation;
     begin
-        call defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_office_relation rows');
+        -- at this point, all existing booking_item rows are in scope TEST
+        call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_booking_item permissions for pre-exising hs_office_relation rows');
 
         FOR row IN SELECT * FROM hs_office_relation
             WHERE type = 'DEBITOR'

src/main/resources/db/changelog/6-hs-booking/601-booking-item/6018-hs-booking-item-test-data.sql

@@ -18,7 +18,7 @@ declare
     relatedDebitor      hs_office_debitor;
 begin
     currentTask := 'creating booking-item test-data ' || givenPartnerNumber::text || givenDebitorSuffix;
-    call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
+    call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
     execute format('set local hsadminng.currentTask to %L', currentTask);
 
     select debitor.* into relatedDebitor

src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql

@@ -103,7 +103,8 @@ do language plpgsql $$
     declare
         row hs_booking_item;
     begin
-        call defineContext('create INSERT INTO hs_hosting_asset permissions for pre-exising hs_booking_item rows');
+        -- at this point, all existing hosting_asset rows are in scope TEST
+        call defineContext('TEST'::RbacObjectScope, 'create INSERT INTO hs_hosting_asset permissions for pre-exising hs_booking_item rows');
 
         FOR row IN SELECT * FROM hs_booking_item
             -- unconditional for all rows in that table

src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql

@@ -21,7 +21,7 @@ declare
     managedServerUuid   uuid;
 begin
     currentTask := 'creating hosting-asset test-data ' || givenPartnerNumber::text || givenDebitorSuffix;
-    call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
+    call defineContext('TEST'::RbacObjectScope, currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
     execute format('set local hsadminng.currentTask to %L', currentTask);
 
     select debitor.* into relatedDebitor

src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java

@@ -21,6 +21,7 @@ import java.util.Map;
 import java.util.UUID;
 
 import static java.util.Map.entry;
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.matchesRegex;
@@ -111,7 +112,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
         @Test
         void globalAdmin_canAddBookingItem() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenDebitor = debitorRepo.findDebitorByDebitorNumber(1000111).get(0);
 
             final var location = RestAssured // @formatter:off
@@ -155,7 +156,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
         @Test
         void globalAdmin_canGetArbitraryBookingItem() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenBookingItemUuid = bookingItemRepo.findAll().stream()
                             .filter(bi -> bi.getDebitor().getDebitorNumber() == 1000111)
                             .filter(item -> item.getCaption().equals("some CloudServer"))
@@ -182,7 +183,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
         @Test
         void normalUser_canNotGetUnrelatedBookingItem() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenBookingItemUuid = bookingItemRepo.findAll().stream()
                     .filter(bi -> bi.getDebitor().getDebitorNumber() == 1000212)
                     .map(HsBookingItemEntity::getUuid)
@@ -200,7 +201,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
         @Test
         void debitorAgentUser_canGetRelatedBookingItem() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenBookingItemUuid = bookingItemRepo.findAll().stream()
                     .filter(bi -> bi.getDebitor().getDebitorNumber() == 1000313)
                     .filter(item -> item.getCaption().equals("some CloudServer"))
@@ -269,7 +270,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
                     """)); // @formatter:on
 
             // finally, the bookingItem is actually updated
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             assertThat(bookingItemRepo.findByUuid(givenBookingItem.getUuid())).isPresent().get()
                     .matches(mandate -> {
                         assertThat(mandate.getDebitor().toString()).isEqualTo("debitor(D-1000111: rel(anchor='LP First GmbH', type='DEBITOR', holder='LP First GmbH'), fir)");
@@ -285,7 +286,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
         @Test
         void globalAdmin_canDeleteArbitraryBookingItem() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenBookingItem = givenSomeTemporaryBookingItemForDebitorNumber(1000111, entry("something", 1));
 
             RestAssured // @formatter:off
@@ -303,7 +304,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
         @Test
         void normalUser_canNotDeleteUnrelatedBookingItem() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenBookingItem = givenSomeTemporaryBookingItemForDebitorNumber(1000111, entry("something", 1));
 
             RestAssured // @formatter:off
@@ -323,7 +324,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
     private HsBookingItemEntity givenSomeTemporaryBookingItemForDebitorNumber(final int debitorNumber,
             final Map.Entry<String, Integer> resources) {
         return jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenDebitor = debitorRepo.findDebitorByDebitorNumber(debitorNumber).get(0);
             final var newBookingItem = HsBookingItemEntity.builder()
                     .uuid(UUID.randomUUID())

src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java

@@ -19,6 +19,7 @@ import java.util.Map;
 import java.util.UUID;
 
 import static java.util.Map.entry;
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.matchesRegex;
@@ -109,7 +110,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
         @Test
         void globalAdmin_canAddAsset() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenBookingItem = givenBookingItem("First", "some PrivateCloud");
 
             final var location = RestAssured // @formatter:off
@@ -154,7 +155,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
         @Test
         void globalAdmin_canGetArbitraryAsset() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenAssetUuid = assetRepo.findAll().stream()
                             .filter(bi -> bi.getBookingItem().getDebitor().getDebitorNumber() == 1000111)
                             .filter(item -> item.getCaption().equals("some ManagedServer"))
@@ -183,7 +184,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
         @Test
         void normalUser_canNotGetUnrelatedAsset() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenAssetUuid = assetRepo.findAll().stream()
                     .filter(bi -> bi.getBookingItem().getDebitor().getDebitorNumber() == 1000212)
                     .map(HsHostingAssetEntity::getUuid)
@@ -201,7 +202,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
         @Test
         void debitorAgentUser_canGetRelatedAsset() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenAssetUuid = assetRepo.findAll().stream()
                     .filter(bi -> bi.getBookingItem().getDebitor().getDebitorNumber() == 1000313)
                     .filter(bi -> bi.getCaption().equals("some ManagedServer"))
@@ -271,7 +272,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
                     """)); // @formatter:on
 
             // finally, the asset is actually updated
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             assertThat(assetRepo.findByUuid(givenAsset.getUuid())).isPresent().get()
                     .matches(asset -> {
                         assertThat(asset.toString()).isEqualTo("HsHostingAssetEntity(D-1000111:some CloudServer, CLOUD_SERVER, vm2001, some test-asset, { CPU: 4, SSD: 4096, something: 1 })");
@@ -285,7 +286,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
         @Test
         void globalAdmin_canDeleteArbitraryAsset() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenAsset = givenSomeTemporaryAssetForDebitorNumber("2002", entry("something", 1));
 
             RestAssured // @formatter:off
@@ -303,7 +304,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
         @Test
         void normalUser_canNotDeleteUnrelatedAsset() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenAsset = givenSomeTemporaryAssetForDebitorNumber("2003", entry("something", 1));
 
             RestAssured // @formatter:off
@@ -330,7 +331,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
     private HsHostingAssetEntity givenSomeTemporaryAssetForDebitorNumber(final String identifierSuffix,
             final Map.Entry<String, Integer> resources) {
         return jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var newAsset = HsHostingAssetEntity.builder()
                     .uuid(UUID.randomUUID())
                     .bookingItem(givenBookingItem("First", "some CloudServer"))

src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java

@@ -18,6 +18,7 @@ import jakarta.persistence.EntityManager;
 import jakarta.persistence.PersistenceContext;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
 import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
@@ -116,7 +117,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
         @Test
         void globalAdmin_withoutAssumedRole_canAddBankAccount() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
 
             final var location = RestAssured // @formatter:off
                     .given()
@@ -154,7 +155,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
         @Test
         void globalAdmin_withoutAssumedRole_canGetArbitraryBankAccount() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenBankAccountUuid = bankAccountRepo.findByOptionalHolderLike("first").get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -175,7 +176,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
         @Test
         void normalUser_canNotGetUnrelatedBankAccount() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenBankAccountUuid = bankAccountRepo.findByOptionalHolderLike("first").get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -191,7 +192,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
         @Test
         @Disabled("TODO: not implemented yet - also add Accepts annotation when done")
         void bankaccountAdminUser_canGetRelatedBankAccount() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenBankAccountUuid = bankAccountRepo.findByOptionalHolderLike("first").get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -219,7 +220,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
         @Test
         void patchIsNotImplemented() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenBankAccount = givenSomeTemporaryBankAccountCreatedBy("selfregistered-test-user@hostsharing.org");
 
             final var location = RestAssured // @formatter:off
@@ -241,7 +242,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
                 // @formatter:on
 
             // and the bankaccount is unchanged
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             assertThat(bankAccountRepo.findByUuid(givenBankAccount.getUuid())).isPresent().get()
                     .matches(person -> {
                         assertThat(person.getHolder()).isEqualTo(givenBankAccount.getHolder());
@@ -257,7 +258,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
         @Test
         void globalAdmin_withoutAssumedRole_canDeleteArbitraryBankAccount() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenBankAccount = givenSomeTemporaryBankAccountCreatedBy("selfregistered-test-user@hostsharing.org");
 
             RestAssured // @formatter:off
@@ -292,7 +293,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
         @Test
         void normalUser_canNotDeleteUnrelatedBankAccount() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenBankAccount = givenSomeTemporaryBankAccountCreatedBy("selfregistered-test-user@hostsharing.org");
 
             RestAssured // @formatter:off
@@ -312,7 +313,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
     private HsOfficeBankAccountEntity givenSomeTemporaryBankAccountCreatedBy(final String creatingUser) {
         return jpaAttempt.transacted(() -> {
-            context.define(creatingUser);
+            context.define(TEMP, creatingUser);
             final var newBankAccount = HsOfficeBankAccountEntity.builder()
                     .holder("temp acc #" + RandomStringUtils.randomAlphabetic(3))
                     .iban("DE93500105179473626226")
@@ -327,7 +328,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
     @AfterEach
     void cleanup() {
         jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net", null);
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             em.createQuery("DELETE FROM HsOfficeBankAccountEntity b WHERE b.holder LIKE 'temp %'").executeUpdate();
         });
     }

src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java

@@ -22,6 +22,7 @@ import jakarta.persistence.PersistenceContext;
 import java.util.Map;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
 import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
@@ -95,7 +96,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void globalAdmin_withoutAssumedRole_canAddContact() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
 
             final var location = RestAssured // @formatter:off
                     .given()
@@ -133,7 +134,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void globalAdmin_withoutAssumedRole_canGetArbitraryContact() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenContactUuid = contactRepo.findContactByOptionalLabelLike("first").get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -154,7 +155,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void normalUser_canNotGetUnrelatedContact() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenContactUuid = contactRepo.findContactByOptionalLabelLike("first").get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -169,7 +170,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void contactAdminUser_canGetRelatedContact() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenContactUuid = contactRepo.findContactByOptionalLabelLike("first").get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -201,7 +202,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void globalAdmin_withoutAssumedRole_canPatchAllPropertiesOfArbitraryContact() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org");
 
             final var location = RestAssured // @formatter:off
@@ -234,7 +235,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
                 // @formatter:on
 
             // finally, the contact is actually updated
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             assertThat(contactRepo.findByUuid(givenContact.getUuid())).isPresent().get()
                     .matches(person -> {
                         assertThat(person.getLabel()).isEqualTo("Temp patched contact");
@@ -248,7 +249,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void globalAdmin_withoutAssumedRole_canPatchPartialPropertiesOfArbitraryContact() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org");
 
             final var location = RestAssured // @formatter:off
@@ -296,7 +297,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void globalAdmin_withoutAssumedRole_canDeleteArbitraryContact() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org");
 
             RestAssured // @formatter:off
@@ -331,7 +332,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void normalUser_canNotDeleteUnrelatedContact() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenContact = givenSomeTemporaryContactCreatedBy("selfregistered-test-user@hostsharing.org");
 
             RestAssured // @formatter:off
@@ -351,7 +352,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
     private HsOfficeContactEntity givenSomeTemporaryContactCreatedBy(final String creatingUser) {
         return jpaAttempt.transacted(() -> {
-            context.define(creatingUser);
+            context.define(TEMP, creatingUser, null);
             final var newContact = HsOfficeContactEntity.builder()
                     .uuid(UUID.randomUUID())
                     .label("Temp from " + Context.getCallerMethodNameFromStackFrame(1) )
@@ -368,7 +369,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
     @AfterEach
     void cleanup() {
         jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net", null);
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             em.createQuery("DELETE FROM HsOfficeContactEntity c WHERE c.label LIKE 'Temp %'").executeUpdate();
         }).assertSuccessful();
     }

src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java

@@ -22,6 +22,7 @@ import java.math.BigDecimal;
 import java.time.LocalDate;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsTransactionType.DEPOSIT;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
 import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
@@ -75,7 +76,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
         @Test
         void globalAdmin_canFindCoopAssetsTransactionsByMemberNumber() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202);
 
             RestAssured // @formatter:off
@@ -138,7 +139,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
         @Test
         void globalAdmin_canFindCoopAssetsTransactionsByMembershipUuidAndDateRange() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202);
 
             RestAssured // @formatter:off
@@ -171,7 +172,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
         @Test
         void globalAdmin_canAddCoopAssetsTransaction() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
 
             final var location = RestAssured // @formatter:off
@@ -216,11 +217,11 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
         @Test
         void globalAdmin_canAddCoopAssetsAdjustmentTransaction() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
             final var givenTransaction = jpaAttempt.transacted(() -> {
                 // TODO.impl: introduce something like transactedAsSuperuser / transactedAs("...", ...)
-                context.define("superuser-alex@hostsharing.net");
+                context.define(TEMP, "superuser-alex@hostsharing.net", null);
                 return coopAssetsTransactionRepo.save(HsOfficeCoopAssetsTransactionEntity.builder()
                                 .transactionType(DEPOSIT)
                                 .valueDate(LocalDate.of(2022, 10, 20))
@@ -284,7 +285,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
         @Test
         void globalAdmin_canNotCancelMoreAssetsThanCurrentlySubscribed() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
 
             RestAssured // @formatter:off
@@ -322,7 +323,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
 
         @Test
         void globalAdmin_withoutAssumedRole_canGetArbitraryCoopAssetTransaction() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenCoopAssetTransactionUuid = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
                     null,
                     LocalDate.of(2010, 3, 15),
@@ -345,7 +346,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
 
         @Test
         void normalUser_canNotGetUnrelatedCoopAssetTransaction() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenCoopAssetTransactionUuid = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
                     null,
                     LocalDate.of(2010, 3, 15),
@@ -362,7 +363,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
 
         @Test
         void partnerPersonUser_canGetRelatedCoopAssetTransaction() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenCoopAssetTransactionUuid = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
                     null,
                     LocalDate.of(2010, 3, 15),
@@ -390,7 +391,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
     @AfterEach
     void cleanup() {
         jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net", null);
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             // HsOfficeCoopAssetsTransactionEntity respectively hs_office_coopassetstransaction_rv
             // cannot be deleted at all, but the underlying table record can be deleted.
             em.createNativeQuery("delete from hs_office_coopassetstransaction where reference like 'temp %'")

src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java

@@ -22,6 +22,7 @@ import jakarta.persistence.PersistenceContext;
 import java.time.LocalDate;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
 import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
@@ -54,7 +55,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
     @AfterEach
     void cleanup() {
         jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net", null);
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             // HsOfficeCoopSharesTransactionEntity respectively hs_office_coopsharestransaction_rv
             // cannot be deleted at all, but the underlying table record can be deleted.
             em.createNativeQuery("delete from hs_office_coopsharestransaction where reference like 'temp %'").executeUpdate();
@@ -82,7 +83,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
         @Test
         void globalAdmin_canFindCoopSharesTransactionsByMemberNumber() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202);
 
             RestAssured // @formatter:off
@@ -137,7 +138,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
         @Test
         void globalAdmin_canFindCoopSharesTransactionsByMembershipUuidAndDateRange() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202);
 
             RestAssured // @formatter:off
@@ -162,7 +163,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
         @Test
         void globalAdmin_canAddCoopSharesTransaction() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
 
             final var location = RestAssured // @formatter:off
@@ -193,11 +194,11 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
         @Test
         void globalAdmin_canAddCoopSharesAdjustmentTransaction() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
             final var givenTransaction = jpaAttempt.transacted(() -> {
                 // TODO.impl: introduce something like transactedAsSuperuser / transactedAs("...", ...)
-                context.define("superuser-alex@hostsharing.net");
+                context.define(TEMP, "superuser-alex@hostsharing.net", null);
                 return coopSharesTransactionRepo.save(HsOfficeCoopSharesTransactionEntity.builder()
                     .transactionType(HsOfficeCoopSharesTransactionType.SUBSCRIPTION)
                     .valueDate(LocalDate.of(2022, 10, 20))
@@ -261,7 +262,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
         @Test
         void globalAdmin_canNotCancelMoreSharesThanCurrentlySubscribed() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101);
 
             RestAssured // @formatter:off
@@ -289,7 +290,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
 
         @Test
         void globalAdmin_withoutAssumedRole_canGetArbitraryCoopShareTransaction() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -302,7 +303,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
 
         @Test
         void normalUser_canNotGetUnrelatedCoopShareTransaction() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -311,7 +312,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
 
         @Test
         void partnerPersonUser_canGetRelatedCoopShareTransaction() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid();
 
             RestAssured // @formatter:off

src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java

@@ -26,6 +26,7 @@ import jakarta.persistence.EntityManager;
 import jakarta.persistence.PersistenceContext;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
 import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
@@ -266,14 +267,14 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void globalAdmin_withoutAssumedRole_canAddDebitorWithBankAccount() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Third").get(0);
             final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
             final var givenBankAccount = bankAccountRepo.findByOptionalHolderLike("Fourth").get(0);
             final var givenBillingPerson = personRepo.findPersonByOptionalNameLike("Fourth").get(0);
 
             final var givenDebitorRelUUid = jpaAttempt.transacted(() -> {
-                context.define("superuser-alex@hostsharing.net");
+                context.define(TEMP, "superuser-alex@hostsharing.net", null);
                 return relRepo.save(HsOfficeRelationEntity.builder()
                         .type(DEBITOR)
                         .anchor(givenPartner.getPartnerRel().getHolder())
@@ -323,7 +324,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void globalAdmin_canAddDebitorWithoutJustRequiredData() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Third").get(0);
             final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
 
@@ -375,7 +376,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void globalAdmin_canNotAddDebitor_ifContactDoesNotExist() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Third").get(0);
             final var givenContactUuid = UUID.fromString("00000000-0000-0000-0000-000000000000");
 
@@ -412,7 +413,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void globalAdmin_canNotAddDebitor_ifDebitorRelDoesNotExist() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenDebitorRelUuid = UUID.fromString("00000000-0000-0000-0000-000000000000");
             final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
 
@@ -444,7 +445,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void globalAdmin_withoutAssumedRole_canGetArbitraryDebitor() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenDebitorUuid = debitorRepo.findDebitorByOptionalNameLike("First").get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -505,7 +506,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void normalUser_canNotGetUnrelatedDebitor() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenDebitorUuid = debitorRepo.findDebitorByOptionalNameLike("First").get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -520,7 +521,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void contactAdminUser_canGetRelatedDebitorExceptRefundBankAccount() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenDebitorUuid = debitorRepo.findDebitorByOptionalNameLike("first contact").get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -549,7 +550,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void globalAdmin_withoutAssumedRole_canPatchArbitraryDebitor() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenDebitor = givenSomeTemporaryDebitor();
             final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
 
@@ -614,7 +615,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
                 // @formatter:on
 
             // finally, the debitor is actually updated
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             assertThat(debitorRepo.findByUuid(givenDebitor.getUuid())).isPresent().get()
                     .matches(debitor -> {
                         assertThat(debitor.getDebitorRel().getHolder().getTradeName())
@@ -630,7 +631,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void theContactOwner_canNotPatchARelatedDebitor() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenDebitor = givenSomeTemporaryDebitor();
 
             // @formatter:on
@@ -660,8 +661,8 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void globalAdmin_withoutAssumedRole_canDeleteArbitraryDebitor() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
-            final var givenDebitor = givenSomeTemporaryDebitor();
+    final var givenDebitor = givenSomeTemporaryDebitor();
 
             RestAssured // @formatter:off
                 .given()
@@ -678,7 +679,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void contactAdminUser_canNotDeleteRelatedDebitor() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenDebitor = givenSomeTemporaryDebitor();
             assertThat(givenDebitor.getDebitorRel().getContact().getLabel()).isEqualTo("fourth contact");
 
@@ -697,7 +698,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void normalUser_canNotDeleteUnrelatedDebitor() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenDebitor = givenSomeTemporaryDebitor();
             assertThat(givenDebitor.getDebitorRel().getContact().getLabel()).isEqualTo("fourth contact");
 
@@ -717,7 +718,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
     private HsOfficeDebitorEntity givenSomeTemporaryDebitor() {
         return jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Fourth").get(0);
             final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth contact").get(0);
             final var newDebitor = HsOfficeDebitorEntity.builder()
@@ -743,7 +744,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
     @AfterEach
     void cleanup() {
         jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var count = em.createQuery(
                             "DELETE FROM HsOfficeDebitorEntity d WHERE d.debitorNumberSuffix >= " + LOWEST_TEMP_DEBITOR_SUFFIX)
                     .executeUpdate();

src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java

@@ -22,6 +22,7 @@ import jakarta.persistence.PersistenceContext;
 import java.time.LocalDate;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipStatus.ACTIVE;
 import static net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipStatus.CANCELLED;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
@@ -108,7 +109,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
         @Test
         void globalAdmin_canViewMembershipsByPartnerUuid() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var partner = partnerRepo.findPartnerByPartnerNumber(10001);
 
             RestAssured // @formatter:off
@@ -171,7 +172,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
         @Test
         void globalAdmin_canAddMembership() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenPartner = partnerRepo.findPartnerByOptionalNameLike("Third").get(0);
             final var givenMemberSuffix = TEMP_MEMBER_NUMBER_SUFFIX;
             final var expectedMemberNumber = Integer.parseInt(givenPartner.getPartnerNumber() + TEMP_MEMBER_NUMBER_SUFFIX);
@@ -216,7 +217,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
         @Test
         void globalAdmin_canGetArbitraryMembership() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembershipUuid = membershipRepo.findMembershipByMemberNumber(1000101).getUuid();
 
             RestAssured // @formatter:off
@@ -242,7 +243,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
         @Test
         void normalUser_canNotGetUnrelatedMembership() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembershipUuid = membershipRepo.findMembershipByMemberNumber(1000101).getUuid();
 
             RestAssured // @formatter:off
@@ -257,7 +258,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
         @Test
         void parnerRelAgent_canGetRelatedMembership() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembershipUuid = membershipRepo.findMembershipByMemberNumber(1000303).getUuid();
 
             RestAssured // @formatter:off
@@ -289,7 +290,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
         @Test
         void globalAdmin_canPatchValidToOfArbitraryMembership() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = givenSomeTemporaryMembershipBessler("First");
 
             final var location = RestAssured // @formatter:off
@@ -332,7 +333,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
             // given
             final var givenPartnerAdmin = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN";
-            context.define("superuser-alex@hostsharing.net", givenPartnerAdmin);
+            context.define(TEMP, "superuser-alex@hostsharing.net", givenPartnerAdmin);
             final var givenMembership = givenSomeTemporaryMembershipBessler("First");
 
             // when
@@ -368,7 +369,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
         @Test
         void globalAdmin_canDeleteArbitraryMembership() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = givenSomeTemporaryMembershipBessler("First");
 
             RestAssured // @formatter:off
@@ -386,7 +387,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
         @Test
         void partnerAgentUser_canNotDeleteRelatedMembership() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = givenSomeTemporaryMembershipBessler("First");
 
             RestAssured // @formatter:off
@@ -405,7 +406,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
         @Test
         void normalUser_canNotDeleteUnrelatedMembership() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenMembership = givenSomeTemporaryMembershipBessler("First");
 
             RestAssured // @formatter:off
@@ -424,7 +425,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
     private HsOfficeMembershipEntity givenSomeTemporaryMembershipBessler(final String partnerName) {
         return jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenPartner = partnerRepo.findPartnerByOptionalNameLike(partnerName).get(0);
             final var newMembership = HsOfficeMembershipEntity.builder()
                     .uuid(UUID.randomUUID())
@@ -442,7 +443,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
     @AfterEach
     void cleanup() {
         jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net", null);
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var query = em.createQuery(
                     "DELETE FROM HsOfficeMembershipEntity m WHERE m.memberNumberSuffix >= '%s'"
                             .formatted(TEMP_MEMBER_NUMBER_SUFFIX)

src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java

@@ -20,6 +20,7 @@ import org.springframework.transaction.annotation.Transactional;
 
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.EX_PARTNER;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
 import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
@@ -88,7 +89,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void globalAdmin_withoutAssumedRole_canAddPartner() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenMandantPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").stream().findFirst().orElseThrow();
             final var givenPerson = personRepo.findPersonByOptionalNameLike("Third").stream().findFirst().orElseThrow();
             final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").stream().findFirst().orElseThrow();
@@ -148,7 +149,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void globalAdmin_canNotAddPartner_ifContactDoesNotExist() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenMandantPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").get(0);
             final var givenPerson = personRepo.findPersonByOptionalNameLike("Third").get(0);
 
@@ -186,7 +187,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void globalAdmin_canNotAddPartner_ifPersonDoesNotExist() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var mandantPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").get(0);
             final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
 
@@ -228,7 +229,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void globalAdmin_withoutAssumedRole_canGetArbitraryPartner() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var partners = partnerRepo.findAll();
             final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("First").get(0).getUuid();
 
@@ -261,7 +262,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void normalUser_canNotGetUnrelatedPartner() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("First").get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -276,7 +277,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void contactAdminUser_canGetRelatedPartner() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("first contact").get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -306,7 +307,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void globalAdmin_withoutAssumedRole_canPatchAllPropertiesOfArbitraryPartner() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenPartner = givenSomeTemporaryPartnerBessler(20011);
             final var givenPartnerRel = givenSomeTemporaryPartnerRel("Third OHG", "third contact");
 
@@ -355,7 +356,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
                 // @formatter:on
 
             // finally, the partner is actually updated
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             assertThat(partnerRepo.findByUuid(givenPartner.getUuid())).isPresent().get()
                     .matches(partner -> {
                         assertThat(partner.getPartnerNumber()).isEqualTo(givenPartner.getPartnerNumber());
@@ -373,7 +374,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void patchingThePartnerRelCreatesExPartnerRel() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenPartner = givenSomeTemporaryPartnerBessler(20011);
             final var givenPartnerRel = givenSomeTemporaryPartnerRel("Third OHG", "third contact");
 
@@ -394,7 +395,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
             // @formatter:on
 
             // then the partner got actually updated
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             assertThat(partnerRepo.findByUuid(givenPartner.getUuid())).isPresent().get()
                     .matches(partner -> {
                         assertThat(partner.getPartnerRel().getHolder().getTradeName()).isEqualTo("Third OHG");
@@ -412,7 +413,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
         @Test
         void globalAdmin_withoutAssumedRole_canPatchPartialPropertiesOfArbitraryPartner() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenPartner = givenSomeTemporaryPartnerBessler(20012);
 
             final var location = RestAssured // @formatter:off
@@ -460,7 +461,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void globalAdmin_withoutAssumedRole_canDeleteArbitraryPartner() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenPartner = givenSomeTemporaryPartnerBessler(20013);
 
             RestAssured // @formatter:off
@@ -479,7 +480,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void contactAdminUser_canNotDeleteRelatedPartner() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenPartner = givenSomeTemporaryPartnerBessler(20014);
             assertThat(givenPartner.getPartnerRel().getContact().getLabel()).isEqualTo("fourth contact");
 
@@ -498,7 +499,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
         @Test
         void normalUser_canNotDeleteUnrelatedPartner() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenPartner = givenSomeTemporaryPartnerBessler(20015);
             assertThat(givenPartner.getPartnerRel().getContact().getLabel()).isEqualTo("fourth contact");
 
@@ -520,7 +521,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
             final String partnerHolderName,
             final String contactName) {
         return jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenMandantPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").stream().findFirst().orElseThrow();
             final var givenPerson = personRepo.findPersonByOptionalNameLike(partnerHolderName).stream().findFirst().orElseThrow();
             final var givenContact = contactRepo.findContactByOptionalLabelLike(contactName).stream().findFirst().orElseThrow();
@@ -536,7 +537,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
     }
     private HsOfficePartnerEntity givenSomeTemporaryPartnerBessler(final Integer partnerNumber) {
         return jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var partnerRel = em.merge(givenSomeTemporaryPartnerRel("Erben Bessler", "fourth contact"));
 
             final var newPartner = HsOfficePartnerEntity.builder()

src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java

@@ -19,6 +19,7 @@ import jakarta.persistence.EntityManager;
 import jakarta.persistence.PersistenceContext;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
 import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
@@ -111,7 +112,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
         @Test
         void globalAdmin_canGetArbitraryPerson() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenPersonUuid = personRepo.findPersonByOptionalNameLike("Erben").get(0).getUuid();
 
             RestAssured // @formatter:off
@@ -133,7 +134,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
         @Test
         void normalUser_canNotGetUnrelatedPerson() {
             final var givenPersonUuid = jpaAttempt.transacted(() -> {
-                context.define("superuser-alex@hostsharing.net");
+                context.define(TEMP, "superuser-alex@hostsharing.net");
                 return personRepo.findPersonByOptionalNameLike("Erben").get(0).getUuid();
             }).returnedValue();
 
@@ -150,7 +151,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
         @Test
         void personOwnerUser_canGetRelatedPerson() {
             final var givenPersonUuid = jpaAttempt.transacted(() -> {
-                context.define("superuser-alex@hostsharing.net");
+                context.define(TEMP, "superuser-alex@hostsharing.net");
                 return personRepo.findPersonByOptionalNameLike("Erben").get(0).getUuid();
             }).returnedValue();
 
@@ -209,7 +210,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
                 // @formatter:on
 
             // finally, the person is actually updated
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             assertThat(personRepo.findByUuid(givenPerson.getUuid())).isPresent().get()
                     .matches(person -> {
                         assertThat(person.getPersonType()).isEqualTo(HsOfficePersonType.UNINCORPORATED_FIRM);
@@ -249,7 +250,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
             // @formatter:on
 
             // finally, the person is actually updated
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             assertThat(personRepo.findByUuid(givenPerson.getUuid())).isPresent().get()
                     .matches(person -> {
                         assertThat(person.getPersonType()).isEqualTo(givenPerson.getPersonType());
@@ -280,7 +281,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             // then the given person is gone
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             assertThat(personRepo.findByUuid(givenPerson.getUuid())).isEmpty();
         }
 
@@ -316,14 +317,14 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
             // @formatter:on
 
             // then the given person is still there
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             assertThat(personRepo.findByUuid(givenPerson.getUuid())).isNotEmpty();
         }
     }
 
     private HsOfficePersonEntity givenSomeTemporaryPersonCreatedBy(final String creatingUser) {
         return jpaAttempt.transacted(() -> {
-            context.define(creatingUser);
+            context.define(TEMP, creatingUser);
             final var newPerson = HsOfficePersonEntity.builder()
                     .uuid(UUID.randomUUID())
                     .personType(HsOfficePersonType.LEGAL_PERSON)
@@ -339,7 +340,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
     @AfterEach
     void cleanup() {
         jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net", null);
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             em.createQuery("""
                     DELETE FROM HsOfficePersonEntity p 
                         WHERE p.tradeName LIKE 'Temp %' OR p.givenName LIKE 'Temp %'

src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java

@@ -19,6 +19,7 @@ import org.springframework.transaction.annotation.Transactional;
 
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
 import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
@@ -61,7 +62,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
         void globalAdmin_withoutAssumedRoles_canViewAllRelationsOfGivenPersonAndType_ifNoCriteriaGiven() throws JSONException {
 
             // given
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenPerson = personRepo.findPersonByOptionalNameLike("Hostsharing eG").get(0);
 
             RestAssured // @formatter:off
@@ -122,7 +123,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
         @Test
         void globalAdmin_withoutAssumedRole_canAddRelation() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Third").get(0);
             final var givenHolderPerson = personRepo.findPersonByOptionalNameLike("Paul").get(0);
             final var givenContact = contactRepo.findContactByOptionalLabelLike("second").get(0);
@@ -169,7 +170,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
         @Test
         void globalAdmin_canNotAddRelation_ifAnchorPersonDoesNotExist() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenAnchorPersonUuid = GIVEN_NON_EXISTING_HOLDER_PERSON_UUID;
             final var givenHolderPerson = personRepo.findPersonByOptionalNameLike("Smith").get(0);
             final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
@@ -202,7 +203,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
         @Test
         void globalAdmin_canNotAddRelation_ifHolderPersonDoesNotExist() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Third").get(0);
             final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
 
@@ -234,7 +235,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
         @Test
         void globalAdmin_canNotAddRelation_ifContactDoesNotExist() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Third").get(0);
             final var givenHolderPerson = personRepo.findPersonByOptionalNameLike("Paul").get(0);
             final var givenContactUuid = UUID.fromString("00000000-0000-0000-0000-000000000000");
@@ -270,7 +271,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
         @Test
         void globalAdmin_withoutAssumedRole_canGetArbitraryRelation() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final UUID givenRelationUuid = findRelation("First", "Firby").getUuid();
 
             RestAssured // @formatter:off
@@ -293,7 +294,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
         @Test
         void normalUser_canNotGetUnrelatedRelation() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final UUID givenRelationUuid = findRelation("First", "Firby").getUuid();
 
             RestAssured // @formatter:off
@@ -308,7 +309,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
         @Test
         void contactAdminUser_canGetRelatedRelation() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenRelation = findRelation("First", "Firby");
             assertThat(givenRelation.getContact().getLabel()).isEqualTo("first contact");
 
@@ -350,7 +351,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
         @Test
         void globalAdmin_withoutAssumedRole_canPatchContactOfArbitraryRelation() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenRelation = givenSomeTemporaryRelationBessler();
             assertThat(givenRelation.getContact().getLabel()).isEqualTo("seventh contact");
             final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0);
@@ -378,7 +379,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
                 // @formatter:on
 
             // finally, the relation is actually updated
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             assertThat(relationRepo.findByUuid(givenRelation.getUuid())).isPresent().get()
                     .matches(rel -> {
                         assertThat(rel.getAnchor().getTradeName()).contains("Bessler");
@@ -395,7 +396,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
         @Test
         void globalAdmin_withoutAssumedRole_canDeleteArbitraryRelation() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenRelation = givenSomeTemporaryRelationBessler();
 
             RestAssured // @formatter:off
@@ -413,7 +414,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
         @Test
         void contactAdminUser_canNotDeleteRelatedRelation() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenRelation = givenSomeTemporaryRelationBessler();
             assertThat(givenRelation.getContact().getLabel()).isEqualTo("seventh contact");
 
@@ -432,7 +433,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
         @Test
         void normalUser_canNotDeleteUnrelatedRelation() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenRelation = givenSomeTemporaryRelationBessler();
             assertThat(givenRelation.getContact().getLabel()).isEqualTo("seventh contact");
 
@@ -452,7 +453,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
     private HsOfficeRelationEntity givenSomeTemporaryRelationBessler() {
         return jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Erben Bessler").get(0);
             final var givenHolderPerson = personRepo.findPersonByOptionalNameLike("Winkler").get(0);
             final var givenContact = contactRepo.findContactByOptionalLabelLike("seventh contact").get(0);

src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java

@@ -24,6 +24,7 @@ import java.time.LocalDate;
 import java.util.UUID;
 
 import static java.util.Optional.ofNullable;
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
 import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
@@ -105,7 +106,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
         @Test
         void globalAdmin_canAddSepaMandate() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("Third").get(0);
             final var givenBankAccount = bankAccountRepo.findByIbanOrderByIbanAsc("DE02200505501015871393").get(0);
 
@@ -147,7 +148,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
         @Test
         void globalAdmin_canNotAddSepaMandateWhenDebitorUuidIsMissing() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("Third").get(0);
             final var givenBankAccount = bankAccountRepo.findByIbanOrderByIbanAsc("DE02200505501015871393").get(0);
 
@@ -172,7 +173,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
         @Test
         void globalAdmin_canNotAddSepaMandate_ifBankAccountDoesNotExist() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike("Third").get(0);
             final var givenBankAccountUuid = UUID.fromString("00000000-0000-0000-0000-000000000000");
 
@@ -202,7 +203,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
         @Test
         void globalAdmin_canNotAddSepaMandate_ifPersonDoesNotExist() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenDebitorUuid = UUID.fromString("00000000-0000-0000-0000-000000000000");
             final var givenBankAccount = bankAccountRepo.findByIbanOrderByIbanAsc("DE02200505501015871393").get(0);
 
@@ -235,7 +236,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
         @Test
         void globalAdmin_canGetArbitrarySepaMandate() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenSepaMandateUuid = sepaMandateRepo.findSepaMandateByOptionalIban("DE02120300000000202051")
                     .get(0)
                     .getUuid();
@@ -265,7 +266,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
         @Test
         void normalUser_canNotGetUnrelatedSepaMandate() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenSepaMandateUuid = sepaMandateRepo.findSepaMandateByOptionalIban("DE02120300000000202051")
                     .get(0)
                     .getUuid();
@@ -282,7 +283,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
         @Test
         void bankAccountAdminUser_canGetRelatedSepaMandate() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenSepaMandateUuid = sepaMandateRepo.findSepaMandateByOptionalIban("DE02120300000000202051")
                     .get(0)
                     .getUuid();
@@ -347,7 +348,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
             // @formatter:on
 
             // finally, the sepaMandate is actually updated
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             assertThat(sepaMandateRepo.findByUuid(givenSepaMandate.getUuid())).isPresent().get()
                     .matches(mandate -> {
                         assertThat(mandate.getDebitor().toString()).isEqualTo("debitor(D-1000111: rel(anchor='LP First GmbH', type='DEBITOR', holder='LP First GmbH'), fir)");
@@ -362,7 +363,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
         @Test
         void globalAdmin_canPatchJustValidToOfArbitrarySepaMandate() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
 
             final var location = RestAssured // @formatter:off
@@ -402,7 +403,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
         @Test
         void globalAdmin_canNotPatchReferenceOfArbitrarySepaMandate() {
 
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
 
             final var location = RestAssured // @formatter:off
@@ -436,7 +437,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
         @Test
         void globalAdmin_canDeleteArbitrarySepaMandate() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
 
             RestAssured // @formatter:off
@@ -454,7 +455,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
         @Test
         void bankAccountAdminUser_canNotDeleteRelatedSepaMandate() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
 
             RestAssured // @formatter:off
@@ -472,7 +473,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
         @Test
         void normalUser_canNotDeleteUnrelatedSepaMandate() {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenSepaMandate = givenSomeTemporarySepaMandateForDebitorNumber(1000111);
 
             RestAssured // @formatter:off
@@ -491,7 +492,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
     private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandateForDebitorNumber(final int debitorNumber) {
         return jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var givenDebitor = debitorRepo.findDebitorByDebitorNumber(debitorNumber).get(0);
             final var bankAccountHolder = ofNullable(givenDebitor.getPartner().getPartnerRel().getHolder().getTradeName())
                     .orElse(givenDebitor.getPartner().getPartnerRel().getHolder().getFamilyName());
@@ -514,7 +515,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
     @AfterEach
     void cleanup() {
         jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net", null);
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             final var count = em.createQuery("DELETE FROM HsOfficeSepaMandateEntity s WHERE s.reference like 'temp %'")
                     .executeUpdate();
             if (count == 0) {

src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java

@@ -10,6 +10,8 @@ import org.springframework.context.annotation.Import;
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.PersistenceContext;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
+
 @Import(RbacGrantsDiagramService.class)
 public abstract class ContextBasedTest {
 
@@ -41,7 +43,7 @@ public abstract class ContextBasedTest {
     }
 
     protected void context(final String currentUser, final String assumedRoles) {
-        context.define(test.getDisplayName(), null, currentUser, assumedRoles);
+        context.define(TEMP, test.getDisplayName(), null, currentUser, assumedRoles);
     }
 
     protected void context(final String currentUser) {

src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java

@@ -14,6 +14,7 @@ import org.springframework.transaction.annotation.Transactional;
 
 import jakarta.servlet.http.HttpServletRequest;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static org.assertj.core.api.Assertions.assertThat;
 
 @DataJpaTest
@@ -34,7 +35,7 @@ class ContextIntegrationTests {
     @Test
     void defineWithoutHttpServletRequestUsesCallStack() {
 
-        context.define("superuser-alex@hostsharing.net", null);
+        context.define(TEMP, "superuser-alex@hostsharing.net", null);
 
         assertThat(context.getCurrentTask())
                 .isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack");
@@ -44,7 +45,7 @@ class ContextIntegrationTests {
     @Transactional
     void defineWithCurrentUserButWithoutAssumedRoles() {
         // when
-        context.define("superuser-alex@hostsharing.net");
+        context.define(TEMP, "superuser-alex@hostsharing.net", null);
 
         // then
         assertThat(context.getCurrentUser()).
@@ -62,7 +63,7 @@ class ContextIntegrationTests {
     void defineWithoutCurrentUserButWithAssumedRoles() {
         // when
         final var result = jpaAttempt.transacted(() ->
-                context.define(null, "test_package#yyy00:ADMIN")
+                context.define(TEMP, null, "test_package#yyy00:ADMIN")
         );
 
         // then
@@ -75,7 +76,7 @@ class ContextIntegrationTests {
     void defineWithUnknownCurrentUser() {
         // when
         final var result = jpaAttempt.transacted(() ->
-                context.define("unknown@example.org")
+                context.define(TEMP, "unknown@example.org", null)
         );
 
         // then
@@ -88,7 +89,7 @@ class ContextIntegrationTests {
     @Transactional
     void defineWithCurrentUserAndAssumedRoles() {
         // given
-        context.define("superuser-alex@hostsharing.net", "test_customer#xxx:OWNER;test_customer#yyy:OWNER");
+        context.define(TEMP, "superuser-alex@hostsharing.net", "test_customer#xxx:OWNER;test_customer#yyy:OWNER");
 
         // when
         final var currentUser = context.getCurrentUser();
@@ -104,7 +105,7 @@ class ContextIntegrationTests {
     public void defineContextWithCurrentUserAndAssumeInaccessibleRole() {
         // when
         final var result = jpaAttempt.transacted(() ->
-                context.define("customer-admin@xxx.example.com", "test_package#yyy00:ADMIN")
+                context.define(TEMP, "customer-admin@xxx.example.com", "test_package#yyy00:ADMIN")
         );
 
         // then

src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java

@@ -20,6 +20,7 @@ import java.util.Collections;
 import java.util.Map;
 import java.util.stream.Stream;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static org.mockito.ArgumentMatchers.*;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
@@ -29,6 +30,7 @@ class ContextUnitTest {
 
     private static final String DEFINE_CONTEXT_QUERY_STRING = """
            call defineContext(
+               cast(:currentScope as RbacObjectScope),
                cast(:currentTask as varchar(127)),
                cast(:currentRequest as text),
                cast(:currentUser as varchar(63)),
@@ -57,7 +59,7 @@ class ContextUnitTest {
         void registerWithoutHttpServletRequestUsesCallStackForTask() {
             given(em.createNativeQuery(any())).willReturn(nativeQuery);
 
-            context.define("current-user");
+            context.define(TEMP, "current-user", null);
 
             verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
             verify(nativeQuery).setParameter(
@@ -69,7 +71,7 @@ class ContextUnitTest {
         void registerWithoutHttpServletRequestUsesEmptyStringForRequest() {
             given(em.createNativeQuery(any())).willReturn(nativeQuery);
 
-            context.define("current-user");
+            context.define(TEMP, "current-user", null);
 
             verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
             verify(nativeQuery).setParameter("currentRequest", null);
@@ -114,7 +116,7 @@ class ContextUnitTest {
                             Map.entry("user-agent", "given-user-agent")),
                     "{}");
 
-            context.define("current-user");
+            context.define(TEMP, "current-user", null);
 
             verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
             verify(nativeQuery).setParameter("currentTask", "POST http://localhost:9999/api/endpoint");
@@ -128,7 +130,7 @@ class ContextUnitTest {
                             Map.entry("user-agent", "given-user-agent")),
                     "{}");
 
-            context.define("current-user");
+            context.define(TEMP, "current-user", null);
 
             verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
             verify(nativeQuery).setParameter("currentRequest", """
@@ -151,7 +153,7 @@ class ContextUnitTest {
                             Map.entry("user-agent", "given-user-agent")),
                     "{}");
 
-            context.define("current-user");
+            context.define(TEMP, "current-user", null);
 
             verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING);
             verify(nativeQuery).setParameter(eq("currentTask"), argThat((String t) -> t.length() == 127));

src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java

@@ -19,6 +19,7 @@ import java.util.EnumSet;
 import java.util.UUID;
 
 import static java.lang.String.join;
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static org.assertj.core.api.Assertions.assertThat;
 
 @DataJpaTest
@@ -45,7 +46,7 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu
     }
 
     protected void context(final String currentUser, final String assumedRoles) {
-        context.define(test.getDisplayName(), null, currentUser, assumedRoles);
+        context.define(TEMP, test.getDisplayName(), null, currentUser, assumedRoles);
     }
 
     protected void context(final String currentUser) {

src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java

@@ -15,6 +15,7 @@ import jakarta.persistence.EntityManager;
 import jakarta.servlet.http.HttpServletRequest;
 import java.util.List;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -58,7 +59,7 @@ class RbacRoleRepositoryIntegrationTest {
         @Test
         public void globalAdmin_withoutAssumedRole_canViewAllRbacRoles() {
             // given
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
 
             // when
             final var result = rbacRoleRepository.findAll();
@@ -69,20 +70,20 @@ class RbacRoleRepositoryIntegrationTest {
 
         @Test
         public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacRoles() {
-            given:
+            // given
-            context.define("superuser-alex@hostsharing.net", "global#global:ADMIN");
+            context.define(TEMP, "superuser-alex@hostsharing.net", "global#global:ADMIN");
 
             // when
             final var result = rbacRoleRepository.findAll();
 
-            then:
+            // then
             allTheseRbacRolesAreReturned(result, ALL_TEST_DATA_ROLES);
         }
 
         @Test
         public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnRbacRole() {
             // given:
-            context.define("customer-admin@xxx.example.com");
+            context.define(TEMP, "customer-admin@xxx.example.com", null);
 
             // when:
             final var result = rbacRoleRepository.findAll();
@@ -121,7 +122,7 @@ class RbacRoleRepositoryIntegrationTest {
 
         @Test
         public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnRbacRole() {
-            context.define("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN");
+            context.define(TEMP, "customer-admin@xxx.example.com", "test_package#xxx00:ADMIN");
 
             final var result = rbacRoleRepository.findAll();
 
@@ -138,7 +139,7 @@ class RbacRoleRepositoryIntegrationTest {
 
         @Test
         void anonymousUser_withoutAssumedRole_cannotViewAnyRbacRoles() {
-            context.define(null);
+            context.define(TEMP, null);
 
             final var result = attempt(
                     em,
@@ -155,7 +156,7 @@ class RbacRoleRepositoryIntegrationTest {
 
         @Test
         void customerAdmin_withoutAssumedRole_canFindItsOwnRolesByName() {
-            context.define("customer-admin@xxx.example.com");
+            context.define(TEMP, "customer-admin@xxx.example.com", null);
 
             final var result = rbacRoleRepository.findByRoleName("test_customer#xxx:ADMIN");
 
@@ -167,7 +168,7 @@ class RbacRoleRepositoryIntegrationTest {
 
         @Test
         void customerAdmin_withoutAssumedRole_canNotFindAlienRolesByName() {
-            context.define("customer-admin@xxx.example.com");
+            context.define(TEMP, "customer-admin@xxx.example.com", null);
 
             final var result = rbacRoleRepository.findByRoleName("test_customer#bbb:ADMIN");
 

src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java

@@ -14,6 +14,7 @@ import org.springframework.transaction.annotation.Transactional;
 
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.*;
 
@@ -65,7 +66,7 @@ class RbacUserControllerAcceptanceTest {
             // finally, the user can view its own record
             final var newUserUuid = UUID.fromString(
                     location.substring(location.lastIndexOf('/') + 1));
-            context.define("new-user@example.com");
+            context.define(TEMP, "new-user@example.com", null);
             assertThat(rbacUserRepository.findByUuid(newUserUuid))
                     .extracting(RbacUserEntity::getName).isEqualTo("new-user@example.com");
         }
@@ -436,7 +437,7 @@ class RbacUserControllerAcceptanceTest {
 
     RbacUserEntity findRbacUserByName(final String userName) {
         return jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             return rbacUserRepository.findByName(userName);
         }).returnedValue();
     }
@@ -444,7 +445,7 @@ class RbacUserControllerAcceptanceTest {
     RbacUserEntity givenANewUser() {
         final var givenUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
         final var givenUser = jpaAttempt.transacted(() -> {
-            context.define(null);
+            context.define(TEMP, null);
             return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), givenUserName));
         }).assumeSuccessful().returnedValue();
         assertThat(rbacUserRepository.findByName(givenUser.getName())).isNotNull();

src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java

@@ -1,5 +1,6 @@
 package net.hostsharing.hsadminng.rbac.test;
 
+import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.rbac.context.ContextBasedTest;
 import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
 import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantEntity;
@@ -12,7 +13,6 @@ import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.TestInfo;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.Repository;
 
 import jakarta.persistence.*;
@@ -21,6 +21,7 @@ import java.util.*;
 import static java.lang.System.out;
 import static java.util.Comparator.comparing;
 import static java.util.stream.Collectors.toSet;
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static org.apache.commons.collections4.SetUtils.difference;
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -45,7 +46,6 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
 
     private TreeMap<UUID, Class<? extends RbacObject>> entitiesToCleanup = new TreeMap<>();
 
-    private static Long latestIntialTestDataSerialId;
     private static boolean countersInitialized = false;
     private static boolean initialTestDataValidated = false;
     private static Long initialRbacObjectCount = null;
@@ -99,7 +99,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
                     final UUID uuid = UUID.fromString(o.split(":")[1]);
 
                     final var exception = jpaAttempt.transacted(() -> {
-                        context.define("superuser-alex@hostsharing.net", null);
+                        context.define(TEMP, "superuser-alex@hostsharing.net", null);
                         em.remove(em.getReference(entityClass, uuid));
                         out.println("DELETING new " + entityClass.getSimpleName() + "#" + uuid + " SUCCEEDED");
                     }).caughtException();
@@ -115,10 +115,6 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
     void retrieveInitialTestData(final TestInfo testInfo) {
         out.println(ContextBasedTestWithCleanup.class.getSimpleName() + ".retrieveInitialTestData");
 
-        if (latestIntialTestDataSerialId == null ) {
-            latestIntialTestDataSerialId = rbacObjectRepo.findLatestSerialId();
-        }
-
         if (initialRbacObjects != null){
             assertNoNewRbacObjectsRolesAndGrantsLeaked();
         }
@@ -126,7 +122,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
         initialTestDataValidated = false;
 
         jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net", null);
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             if (initialRbacObjects == null) {
 
                 initialRbacObjects = allRbacObjects();
@@ -177,7 +173,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
 
     private void cleanupTemporaryTestData() {
         jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net", null);
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             entitiesToCleanup.reversed().forEach((uuid, entityClass) -> {
                 final var rvTableName = entityClass.getAnnotation(Table.class).name();
                 if ( !rvTableName.endsWith("_rv") ) {
@@ -193,7 +189,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
 
     private long assertNoNewRbacObjectsRolesAndGrantsLeaked() {
         return jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net");
+            context.define(TEMP, "superuser-alex@hostsharing.net");
             assertEqual(initialRbacObjects, allRbacObjects());
             if (DETAILED_BUT_SLOW_CHECK) {
                 assertEqual(initialRbacRoles, allRbacRoles());
@@ -215,11 +211,11 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
 
     private void deleteLeakedRbacObjects() {
         jpaAttempt.transacted(() -> rbacObjectRepo.findAll()).returnedValue().stream()
-                .filter(o -> o.serialId > latestIntialTestDataSerialId)
+                .filter(o -> o.scope == TEMP)
                 .sorted(comparing(o -> o.serialId))
                 .forEach(o -> {
                     final var exception = jpaAttempt.transacted(() -> {
-                        context.define("superuser-alex@hostsharing.net", null);
+                        context.define(TEMP, "superuser-alex@hostsharing.net", null);
 
                         em.createNativeQuery("DELETE FROM " + o.objectTable + " WHERE uuid=:uuid")
                                 .setParameter("uuid", o.uuid)
@@ -244,7 +240,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
     @NotNull
     private Set<String> allRbacGrants() {
         return jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net", null);
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             return rbacGrantRepo.findAll().stream()
                     .map(RbacGrantEntity::toDisplay)
                     .collect(toSet());
@@ -254,7 +250,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
     @NotNull
     private Set<String> allRbacRoles() {
         return jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net", null);
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             return rbacRoleRepo.findAll().stream()
                     .map(RbacRoleEntity::getRoleName)
                     .collect(toSet());
@@ -264,7 +260,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
     @NotNull
     private Set<String> allRbacObjects() {
         return jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net", null);
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             return rbacObjectRepo.findAll().stream()
                     .map(RbacObjectEntity::toString)
                     .collect(toSet());
@@ -299,9 +295,6 @@ interface RbacObjectRepository extends Repository<RbacObjectEntity, UUID> {
     long count();
 
     List<RbacObjectEntity> findAll();
-
-    @Query("SELECT max(r.serialId) FROM RbacObjectEntity r")
-    Long findLatestSerialId();
 }
 
 @Entity
@@ -312,6 +305,10 @@ class RbacObjectEntity {
     @GeneratedValue
     UUID uuid;
 
+    @Column(name = "scope")
+    @Enumerated(EnumType.STRING)
+    Context.Scope scope;
+
     @Column(name = "serialid")
     long serialId;
 
@@ -320,6 +317,6 @@ class RbacObjectEntity {
 
     @Override
     public String toString() {
-        return objectTable + ":" + uuid + ":" + serialId;
+        return objectTable + ":" + uuid + ":" + scope;
     }
 }

src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java

@@ -18,6 +18,7 @@ import jakarta.persistence.EntityManager;
 import jakarta.persistence.PersistenceContext;
 import java.util.UUID;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.Matchers.*;
@@ -148,7 +149,7 @@ class TestCustomerControllerAcceptanceTest {
             // finally, the new customer can be viewed by its own admin
             final var newUserUuid = UUID.fromString(
                     location.substring(location.lastIndexOf('/') + 1));
-            context.define("superuser-fran@hostsharing.net", "test_customer#uuu:ADMIN");
+            context.define(TEMP, "superuser-fran@hostsharing.net", "test_customer#uuu:ADMIN");
             assertThat(testCustomerRepository.findByUuid(newUserUuid))
                     .hasValueSatisfying(c -> assertThat(c.getPrefix()).isEqualTo("uuu"));
         }
@@ -179,7 +180,7 @@ class TestCustomerControllerAcceptanceTest {
             // @formatter:on
 
             // finally, the new customer was not created
-            context.define("superuser-fran@hostsharing.net");
+            context.define(TEMP, "superuser-fran@hostsharing.net", null);
             assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
         }
 
@@ -208,7 +209,7 @@ class TestCustomerControllerAcceptanceTest {
                 // @formatter:on
 
             // finally, the new customer was not created
-            context.define("superuser-fran@hostsharing.net");
+            context.define(TEMP, "superuser-fran@hostsharing.net", null);
             assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
         }
 
@@ -236,7 +237,7 @@ class TestCustomerControllerAcceptanceTest {
     @AfterEach
     void cleanup() {
         jpaAttempt.transacted(() -> {
-            context.define("superuser-alex@hostsharing.net", null);
+            context.define(TEMP, "superuser-alex@hostsharing.net", null);
             em.createQuery("DELETE FROM TestCustomerEntity c WHERE c.reference < 99900").executeUpdate();
         }).assertSuccessful();
     }

src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java

@@ -16,6 +16,7 @@ import org.springframework.transaction.annotation.Transactional;
 import java.util.UUID;
 
 import static java.lang.String.format;
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
@@ -188,7 +189,7 @@ class TestPackageControllerAcceptanceTest {
     }
 
     String getDescriptionOfPackage(final String packageName) {
-        context.define("superuser-alex@hostsharing.net","test_customer#xxx:ADMIN");
+        context.define(TEMP, "superuser-alex@hostsharing.net","test_customer#xxx:ADMIN");
         return testPackageRepository.findAllByOptionalNameLike(packageName).get(0).getDescription();
     }
 }

src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java

@@ -16,6 +16,7 @@ import jakarta.persistence.PersistenceContext;
 import jakarta.servlet.http.HttpServletRequest;
 import java.util.List;
 
+import static net.hostsharing.hsadminng.context.Context.Scope.TEMP;
 import static org.assertj.core.api.Assertions.assertThat;
 
 @DataJpaTest
@@ -41,7 +42,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest {
         public void globalAdmin_withoutAssumedRole_canNotViewAnyPackages_becauseThoseGrantsAreNotAssumed() {
             // given
             // alex is not just global-admin but lso the creating user, thus we use fran
-            context.define("superuser-fran@hostsharing.net");
+            context.define(TEMP, "superuser-fran@hostsharing.net", null);
 
             // when
             final var result = testPackageRepository.findAllByOptionalNameLike(null);
@@ -52,20 +53,20 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest {
 
         @Test
         public void globalAdmin_withAssumedglobalAdminRole__canNotViewAnyPackages_becauseThoseGrantsAreNotAssumed() {
-            given:
+            // given
-            context.define("superuser-alex@hostsharing.net", "global#global:ADMIN");
+            context.define(TEMP, "superuser-alex@hostsharing.net", "global#global:ADMIN");
 
             // when
             final var result = testPackageRepository.findAllByOptionalNameLike(null);
 
-            then:
+            // then
             noPackagesAreReturned(result);
         }
 
         @Test
         public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnPackages() {
             // given:
-            context.define("customer-admin@xxx.example.com");
+            context.define(TEMP, "customer-admin@xxx.example.com", null);
 
             // when:
             final var result = testPackageRepository.findAllByOptionalNameLike(null);
@@ -76,7 +77,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest {
 
         @Test
         public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnPackages() {
-            context.define("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN");
+            context.define(TEMP, "customer-admin@xxx.example.com", "test_package#xxx00:ADMIN");
 
             final var result = testPackageRepository.findAllByOptionalNameLike(null);
 
@@ -123,7 +124,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest {
     }
 
     private void globalAdminWithAssumedRole(final String assumedRoles) {
-        context.define("superuser-alex@hostsharing.net", assumedRoles);
+        context.define(TEMP, "superuser-alex@hostsharing.net", assumedRoles);
     }
 
     void noPackagesAreReturned(final List<TestPackageEntity> actualResult) {