use /api/rbac/... instead of /api/rbac-... same for /api/test/...

This commit is contained in:
Michael Hoennig 2022-09-02 11:18:09 +02:00
parent fd96bfffb2
commit 3541b0c48c
13 changed files with 62 additions and 60 deletions

View File

@ -66,18 +66,18 @@ If you have at least Docker, the Java JDK and Gradle installed in appropriate ve
# the following command should return a JSON array with just all customers:
curl \
-H 'current-user: mike@example.org' \
http://localhost:8080/api/test-customers
http://localhost:8080/api/test/customers
# the following command should return a JSON array with just all packages visible for the admin of the customer yyy:
curl \
-H 'current-user: mike@example.org' -H 'assumed-roles: test_customer#yyy.admin' \
http://localhost:8080/api/test-packages
http://localhost:8080/api/test/packages
# add a new customer
curl \
-H 'current-user: mike@example.org' -H "Content-Type: application/json" \
-d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \
-X POST http://localhost:8080/api/test-customers
-X POST http://localhost:8080/api/test/customers
If you wonder who 'mike@example.org' and 'sven@example.org' are and where the data comes from:
Mike and Sven are just example global admin accounts as part of the example data which is automatically inserted in Testcontainers and Development environments.

View File

@ -73,7 +73,7 @@ public class RbacGrantController implements RbacgrantsApi {
final var uri =
MvcUriComponentsBuilder.fromController(getClass())
.path("/api/rbac-grants/{roleUuid}")
.path("/api/rbac/grants/{roleUuid}")
.buildAndExpand(body.getGrantedRoleUuid())
.toUri();
return ResponseEntity.created(uri).body(map(granted, RbacGrantResource.class));

View File

@ -39,7 +39,7 @@ public class RbacUserController implements RbacusersApi {
rbacUserRepository.create(saved);
final var uri =
MvcUriComponentsBuilder.fromController(getClass())
.path("/api/rbac-users/{id}")
.path("/api/rbac/users/{id}")
.buildAndExpand(saved.getUuid())
.toUri();
return ResponseEntity.created(uri).body(map(saved, RbacUserResource.class));

View File

@ -56,7 +56,7 @@ public class TestCustomerController implements TestCustomersApi {
final var uri =
MvcUriComponentsBuilder.fromController(getClass())
.path("/api/test-customers/{id}")
.path("/api/test/customers/{id}")
.buildAndExpand(customer.getUuid())
.toUri();
return ResponseEntity.created(uri).body(map(saved, TestCustomerResource.class));

View File

@ -10,35 +10,37 @@ paths:
# RBAC
/api/rbac-users:
/api/rbac/users:
$ref: "./api-definition/rbac-users.yaml"
/api/rbac-users/{userUuid}/permissions:
/api/rbac/users/{userUuid}/permissions:
$ref: "./api-definition/rbac-users-with-id-permissions.yaml"
/api/rbac-users/{userUuid}:
/api/rbac/users/{userUuid}:
$ref: "./api-definition/rbac-users-with-uuid.yaml"
/api/rbac-roles:
/api/rbac/roles:
$ref: "./api-definition/rbac-roles.yaml"
/api/rbac-grants:
/api/rbac/grants:
$ref: "./api-definition/rbac-grants.yaml"
/api/rbac-grants/{grantedRoleUuid}/{granteeUserUuid}:
/api/rbac/grants/{grantedRoleUuid}/{granteeUserUuid}:
$ref: "./api-definition/rbac-grants-with-id.yaml"
# HS
/api/test-customers:
# Test-Entities for RBAC
/api/test/customers:
$ref: "./api-definition/test-customers.yaml"
/api/test-packages:
/api/test/packages:
$ref: "./api-definition/test-packages.yaml"
/api/test-packages/{packageUUID}:
/api/test/packages/{packageUUID}:
$ref: "./api-definition/test-packages-uuid.yaml"
# Other
/api/ping:

View File

@ -12,5 +12,5 @@ map:
- type: string:uuid => java.util.UUID
paths:
/api/test-packages/{packageUUID}:
/api/test/packages/{packageUUID}:
null: org.openapitools.jackson.nullable.JsonNullable

View File

@ -68,7 +68,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/rbac-grants")
.get("http://localhost/api/rbac/grants")
.then().log().all().assertThat()
.statusCode(200)
.contentType("application/json")
@ -120,7 +120,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
.header("assumed-roles", "test_package#yyy00.admin")
.port(port)
.when()
.get("http://localhost/api/rbac-grants")
.get("http://localhost/api/rbac/grants")
.then().log().all().assertThat()
.statusCode(200)
.contentType("application/json")
@ -143,7 +143,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
.header("current-user", "pac-admin-yyy00@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac-grants")
.get("http://localhost/api/rbac/grants")
.then().log().all().assertThat()
.statusCode(200)
.contentType("application/json")
@ -406,7 +406,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
)
.port(port)
.when()
.post("http://localhost/api/rbac-grants")
.post("http://localhost/api/rbac/grants")
.then().log().all(); // @formatter:on
}
}
@ -442,7 +442,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
)
.port(port)
.when()
.delete("http://localhost/api/rbac-grants/%s/%s".formatted(
.delete("http://localhost/api/rbac/grants/%s/%s".formatted(
grantedRole.getUuid(), granteeUser.getUuid()
))
.then().log().all(); // @formatter:on
@ -467,7 +467,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
.header("assumed-roles", currentSubject.assumedRole)
.port(port)
.when()
.get("http://localhost/api/rbac-grants/%s/%s".formatted(
.get("http://localhost/api/rbac/grants/%s/%s".formatted(
grantedRole.getUuid(), granteeUser.getUuid()
))
.then().log().all();

View File

@ -46,7 +46,7 @@ class RbacRoleControllerAcceptanceTest {
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/rbac-roles")
.get("http://localhost/api/rbac/roles")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@ -73,7 +73,7 @@ class RbacRoleControllerAcceptanceTest {
.header("assumed-roles", "test_package#yyy00.admin")
.port(port)
.when()
.get("http://localhost/api/rbac-roles")
.get("http://localhost/api/rbac/roles")
.then()
.log().body()
.assertThat()
@ -97,7 +97,7 @@ class RbacRoleControllerAcceptanceTest {
.header("current-user", "pac-admin-zzz00@zzz.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac-roles")
.get("http://localhost/api/rbac/roles")
.then().assertThat()
.statusCode(200)
.contentType("application/json")

View File

@ -36,7 +36,7 @@ class RbacRoleControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/rbac-roles")
.get("/api/rbac/roles")
.header("current-user", "mike@example.org")
.accept(MediaType.APPLICATION_JSON))

View File

@ -59,7 +59,7 @@ class RbacUserControllerAcceptanceTest {
""")
.port(port)
.when()
.post("http://localhost/api/rbac-users")
.post("http://localhost/api/rbac/users")
.then().assertThat()
.statusCode(201)
.contentType(ContentType.JSON)
@ -91,7 +91,7 @@ class RbacUserControllerAcceptanceTest {
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/rbac-users/" + givenUser.getUuid())
.get("http://localhost/api/rbac/users/" + givenUser.getUuid())
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@ -111,7 +111,7 @@ class RbacUserControllerAcceptanceTest {
.header("assumed-roles", "test_customer#yyy.admin")
.port(port)
.when()
.get("http://localhost/api/rbac-users/" + givenUser.getUuid())
.get("http://localhost/api/rbac/users/" + givenUser.getUuid())
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@ -130,7 +130,7 @@ class RbacUserControllerAcceptanceTest {
.header("current-user", "customer-admin@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac-users/" + givenUser.getUuid())
.get("http://localhost/api/rbac/users/" + givenUser.getUuid())
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@ -149,7 +149,7 @@ class RbacUserControllerAcceptanceTest {
.header("current-user", "customer-admin@xxx.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac-users/" + givenUser.getUuid())
.get("http://localhost/api/rbac/users/" + givenUser.getUuid())
.then().log().body().assertThat()
.statusCode(404);
// @formatter:on
@ -169,7 +169,7 @@ class RbacUserControllerAcceptanceTest {
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/rbac-users")
.get("http://localhost/api/rbac/users")
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@ -195,7 +195,7 @@ class RbacUserControllerAcceptanceTest {
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/rbac-users?name=pac-admin-zzz0")
.get("http://localhost/api/rbac/users?name=pac-admin-zzz0")
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@ -217,7 +217,7 @@ class RbacUserControllerAcceptanceTest {
.header("assumed-roles", "test_customer#yyy.admin")
.port(port)
.when()
.get("http://localhost/api/rbac-users")
.get("http://localhost/api/rbac/users")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@ -239,7 +239,7 @@ class RbacUserControllerAcceptanceTest {
.header("current-user", "customer-admin@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac-users")
.get("http://localhost/api/rbac/users")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@ -261,7 +261,7 @@ class RbacUserControllerAcceptanceTest {
.header("current-user", "pac-admin-xxx01@xxx.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac-users")
.get("http://localhost/api/rbac/users")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@ -285,7 +285,7 @@ class RbacUserControllerAcceptanceTest {
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/rbac-users/" + givenUser.getUuid() + "/permissions")
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@ -320,7 +320,7 @@ class RbacUserControllerAcceptanceTest {
.header("assumed-roles", "test_package#yyy00.admin")
.port(port)
.when()
.get("http://localhost/api/rbac-users/" + givenUser.getUuid() + "/permissions")
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@ -354,7 +354,7 @@ class RbacUserControllerAcceptanceTest {
.header("current-user", "pac-admin-yyy00@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac-users/" + givenUser.getUuid() + "/permissions")
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@ -388,7 +388,7 @@ class RbacUserControllerAcceptanceTest {
.header("current-user", "pac-admin-yyy00@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/rbac-users/" + givenUser.getUuid() + "/permissions")
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
.then().log().body().assertThat()
.statusCode(200)
.contentType("application/json")
@ -413,7 +413,7 @@ class RbacUserControllerAcceptanceTest {
.header("current-user", givenUser.getName())
.port(port)
.when()
.delete("http://localhost/api/rbac-users/" + givenUser.getUuid())
.delete("http://localhost/api/rbac/users/" + givenUser.getUuid())
.then().log().all().assertThat()
.statusCode(204);
// @formatter:on
@ -435,7 +435,7 @@ class RbacUserControllerAcceptanceTest {
.header("current-user", "customer-admin@xxx.example.com")
.port(port)
.when()
.delete("http://localhost/api/rbac-users/" + givenUser.getUuid())
.delete("http://localhost/api/rbac/users/" + givenUser.getUuid())
.then().log().all().assertThat()
// that user cannot even see other users, thus the system won't even try to delete
.statusCode(204);
@ -458,7 +458,7 @@ class RbacUserControllerAcceptanceTest {
.header("current-user", "mike@example.org")
.port(port)
.when()
.delete("http://localhost/api/rbac-users/" + givenUser.getUuid())
.delete("http://localhost/api/rbac/users/" + givenUser.getUuid())
.then().log().all().assertThat()
.statusCode(204);
// @formatter:on

View File

@ -35,7 +35,7 @@ class RbacUserControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/rbac-users")
.post("/api/rbac/users")
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@ -56,7 +56,7 @@ class RbacUserControllerRestTest {
void createUserGeneratesRandomUuidIfNotGiven() throws Exception {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/rbac-users")
.post("/api/rbac/users")
.contentType(MediaType.APPLICATION_JSON)
.content("{}")
.accept(MediaType.APPLICATION_JSON))

View File

@ -45,7 +45,7 @@ class TestCustomerControllerAcceptanceTest {
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/test-customers")
.get("http://localhost/api/test/customers")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@ -63,7 +63,7 @@ class TestCustomerControllerAcceptanceTest {
.header("current-user", "mike@example.org")
.port(port)
.when()
.get("http://localhost/api/test-customers?prefix=y")
.get("http://localhost/api/test/customers?prefix=y")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@ -80,7 +80,7 @@ class TestCustomerControllerAcceptanceTest {
.header("assumed-roles", "test_customer#yyy.admin")
.port(port)
.when()
.get("http://localhost/api/test-customers")
.get("http://localhost/api/test/customers")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@ -96,7 +96,7 @@ class TestCustomerControllerAcceptanceTest {
.header("current-user", "customer-admin@yyy.example.com")
.port(port)
.when()
.get("http://localhost/api/test-customers")
.get("http://localhost/api/test/customers")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@ -125,7 +125,7 @@ class TestCustomerControllerAcceptanceTest {
""")
.port(port)
.when()
.post("http://localhost/api/test-customers")
.post("http://localhost/api/test/customers")
.then().assertThat()
.statusCode(201)
.contentType(ContentType.JSON)
@ -160,7 +160,7 @@ class TestCustomerControllerAcceptanceTest {
""".formatted(givenUuid))
.port(port)
.when()
.post("http://localhost/api/test-customers")
.post("http://localhost/api/test/customers")
.then().assertThat()
.statusCode(201)
.contentType(ContentType.JSON)
@ -196,7 +196,7 @@ class TestCustomerControllerAcceptanceTest {
""")
.port(port)
.when()
.post("http://localhost/api/test-customers")
.post("http://localhost/api/test/customers")
.then().assertThat()
.statusCode(403)
.contentType(ContentType.JSON)
@ -225,7 +225,7 @@ class TestCustomerControllerAcceptanceTest {
""")
.port(port)
.when()
.post("http://localhost/api/test-customers")
.post("http://localhost/api/test/customers")
.then().assertThat()
.statusCode(403)
.contentType(ContentType.JSON)

View File

@ -47,7 +47,7 @@ class TestPackageControllerAcceptanceTest {
.header("assumed-roles", "test_customer#xxx.admin")
.port(port)
.when()
.get("http://localhost/api/test-packages")
.get("http://localhost/api/test/packages")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@ -69,7 +69,7 @@ class TestPackageControllerAcceptanceTest {
.header("assumed-roles", "test_customer#xxx.admin")
.port(port)
.when()
.get("http://localhost/api/test-packages?name=xxx01")
.get("http://localhost/api/test/packages?name=xxx01")
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@ -103,7 +103,7 @@ class TestPackageControllerAcceptanceTest {
""", randomDescription))
.port(port)
.when()
.patch("http://localhost/api/test-packages/{uuidOfPackage}", getUuidOfPackage("xxx00"))
.patch("http://localhost/api/test/packages/{uuidOfPackage}", getUuidOfPackage("xxx00"))
.then()
.assertThat()
.statusCode(200)
@ -133,7 +133,7 @@ class TestPackageControllerAcceptanceTest {
""")
.port(port)
.when()
.patch("http://localhost/api/test-packages/{uuidOfPackage}", getUuidOfPackage("xxx01"))
.patch("http://localhost/api/test/packages/{uuidOfPackage}", getUuidOfPackage("xxx01"))
.then()
.assertThat()
.statusCode(200)
@ -158,7 +158,7 @@ class TestPackageControllerAcceptanceTest {
.body("{}")
.port(port)
.when()
.patch("http://localhost/api/test-packages/{uuidOfPackage}", getUuidOfPackage("xxx02"))
.patch("http://localhost/api/test/packages/{uuidOfPackage}", getUuidOfPackage("xxx02"))
.then().assertThat()
.statusCode(200)
.contentType("application/json")
@ -176,7 +176,7 @@ class TestPackageControllerAcceptanceTest {
.header("assumed-roles", "test_customer#xxx.admin")
.port(port)
.when()
.get("http://localhost/api/test-packages?name={packageName}", packageName)
.get("http://localhost/api/test/packages?name={packageName}", packageName)
.then()
.statusCode(200)
.contentType("application/json")