prefix alex+fran with superuser- to make tests easier to understand
This commit is contained in:
parent
a3d2dd3db1
commit
3fa02d4a10
@ -72,21 +72,21 @@ If you have at least Docker, the Java JDK and Gradle installed in appropriate ve
|
||||
|
||||
# the following command should return a JSON array with just all customers:
|
||||
curl \
|
||||
-H 'current-user: alex@hostsharing.net' \
|
||||
-H 'current-user: superuser-alex@hostsharing.net' \
|
||||
http://localhost:8080/api/test/customers
|
||||
|
||||
# the following command should return a JSON array with just all packages visible for the admin of the customer yyy:
|
||||
curl \
|
||||
-H 'current-user: alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy.admin' \
|
||||
-H 'current-user: superuser-alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy.admin' \
|
||||
http://localhost:8080/api/test/packages
|
||||
|
||||
# add a new customer
|
||||
curl \
|
||||
-H 'current-user: alex@hostsharing.net' -H "Content-Type: application/json" \
|
||||
-H 'current-user: superuser-alex@hostsharing.net' -H "Content-Type: application/json" \
|
||||
-d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \
|
||||
-X POST http://localhost:8080/api/test/customers
|
||||
|
||||
If you wonder who 'alex@hostsharing.net' and 'fran@hostsharing.net' are and where the data comes from:
|
||||
If you wonder who 'superuser-alex@hostsharing.net' and 'superuser-fran@hostsharing.net' are and where the data comes from:
|
||||
Mike and Sven are just example global admin accounts as part of the example data which is automatically inserted in Testcontainers and Development environments.
|
||||
Also try for example 'admin@xxx.example.com' or 'unknown@example.org'.
|
||||
|
||||
|
@ -9,10 +9,10 @@ select isGranted(findRoleId('test_package#aaa00.owner'), findRoleId('administrat
|
||||
-- call grantRoleToRole(findRoleId('administrators'), findRoleId('test_package#aaa00.owner'));
|
||||
|
||||
select count(*)
|
||||
FROM queryAllPermissionsOfSubjectIdForObjectUuids(findRbacUser('fran@hostsharing.net'),
|
||||
FROM queryAllPermissionsOfSubjectIdForObjectUuids(findRbacUser('superuser-fran@hostsharing.net'),
|
||||
ARRAY(select uuid from customer where reference < 1100000));
|
||||
select count(*)
|
||||
FROM queryAllPermissionsOfSubjectId(findRbacUser('fran@hostsharing.net'));
|
||||
FROM queryAllPermissionsOfSubjectId(findRbacUser('superuser-fran@hostsharing.net'));
|
||||
select *
|
||||
FROM queryAllPermissionsOfSubjectId(findRbacUser('alex@example.com'));
|
||||
select *
|
||||
@ -33,7 +33,7 @@ $$
|
||||
userId uuid;
|
||||
result bool;
|
||||
BEGIN
|
||||
userId = findRbacUser('alex@hostsharing.net');
|
||||
userId = findRbacUser('superuser-alex@hostsharing.net');
|
||||
result = (SELECT * FROM isPermissionGrantedToSubject(findPermissionId('package', 94928, 'add-package'), userId));
|
||||
IF (result) THEN
|
||||
RAISE EXCEPTION 'expected permission NOT to be granted, but it is';
|
||||
|
@ -38,7 +38,7 @@ CREATE OR REPLACE RULE "_RETURN" AS
|
||||
SELECT * FROM customer WHERE isPermissionGrantedToSubject(findPermissionId('test_customer', id, 'view'), currentUserUuid());
|
||||
SELECT * from cust_view LIMIT 10;
|
||||
|
||||
select queryAllPermissionsOfSubjectId(findRbacUser('alex@hostsharing.net'));
|
||||
select queryAllPermissionsOfSubjectId(findRbacUser('superuser-alex@hostsharing.net'));
|
||||
|
||||
-- access control via view-rule with join to recursive permissions - really fast (38ms for 1 million rows)
|
||||
SET SESSION SESSION AUTHORIZATION DEFAULT;
|
||||
@ -73,7 +73,7 @@ GRANT ALL PRIVILEGES ON cust_view TO restricted;
|
||||
|
||||
SET SESSION SESSION AUTHORIZATION restricted;
|
||||
-- SET hsadminng.currentUser TO 'alex@example.com';
|
||||
SET hsadminng.currentUser TO 'alex@hostsharing.net';
|
||||
SET hsadminng.currentUser TO 'superuser-alex@hostsharing.net';
|
||||
-- SET hsadminng.currentUser TO 'aaaaouq@example.com';
|
||||
SELECT * from cust_view where reference=1144150;
|
||||
|
||||
|
@ -122,9 +122,10 @@ do language plpgsql $$
|
||||
call defineContext('creating fake test-realm admin users', null, null, null);
|
||||
|
||||
admins = findRoleId(globalAdmin());
|
||||
call grantRoleToUserUnchecked(admins, admins, createRbacUser('alex@hostsharing.net'));
|
||||
call grantRoleToUserUnchecked(admins, admins, createRbacUser('fran@hostsharing.net'));
|
||||
perform createRbacUser('drew@hostsharing.org');
|
||||
call grantRoleToUserUnchecked(admins, admins, createRbacUser('superuser-alex@hostsharing.net'));
|
||||
call grantRoleToUserUnchecked(admins, admins, createRbacUser('superuser-fran@hostsharing.net'));
|
||||
perform createRbacUser('selfregistered-user-drew@hostsharing.org');
|
||||
perform createRbacUser('selfregistered-test-user@hostsharing.org');
|
||||
end;
|
||||
$$;
|
||||
--//
|
||||
@ -142,15 +143,15 @@ do language plpgsql $$
|
||||
declare
|
||||
userName varchar;
|
||||
begin
|
||||
call defineContext('testing currentUserUuid', null, 'fran@hostsharing.net', null);
|
||||
call defineContext('testing currentUserUuid', null, 'superuser-fran@hostsharing.net', null);
|
||||
select userName from RbacUser where uuid = currentUserUuid() into userName;
|
||||
if userName <> 'fran@hostsharing.net' then
|
||||
if userName <> 'superuser-fran@hostsharing.net' then
|
||||
raise exception 'setting or fetching initial currentUser failed, got: %', userName;
|
||||
end if;
|
||||
|
||||
call defineContext('testing currentUserUuid', null, 'alex@hostsharing.net', null);
|
||||
call defineContext('testing currentUserUuid', null, 'superuser-alex@hostsharing.net', null);
|
||||
select userName from RbacUser where uuid = currentUserUuid() into userName;
|
||||
if userName = 'alex@hostsharing.net' then
|
||||
if userName = 'superuser-alex@hostsharing.net' then
|
||||
raise exception 'currentUser should not change in one transaction, but did change, got: %', userName;
|
||||
end if;
|
||||
end; $$;
|
||||
|
@ -30,7 +30,7 @@ declare
|
||||
custAdminName varchar;
|
||||
begin
|
||||
currentTask = 'creating RBAC test customer #' || custReference || '/' || custPrefix;
|
||||
call defineContext(currentTask, null, 'alex@hostsharing.net', 'global#global.admin');
|
||||
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global.admin');
|
||||
execute format('set local hsadminng.currentTask to %L', currentTask);
|
||||
|
||||
custRowId = uuid_generate_v4();
|
||||
|
@ -18,7 +18,7 @@ declare
|
||||
begin
|
||||
idName := cleanIdentifier( personTradeName|| '-' || contactLabel);
|
||||
currentTask := 'creating RBAC test partner ' || idName;
|
||||
call defineContext(currentTask, null, 'alex@hostsharing.net', 'global#global.admin');
|
||||
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global.admin');
|
||||
execute format('set local hsadminng.currentTask to %L', currentTask);
|
||||
|
||||
select p.* from hs_office_person p where p.tradeName = personTradeName into relatedPerson;
|
||||
|
@ -31,7 +31,7 @@ class ContextIntegrationTests {
|
||||
@Test
|
||||
void defineWithoutHttpServletRequestUsesCallStack() {
|
||||
|
||||
context.define("alex@hostsharing.net", null);
|
||||
context.define("superuser-alex@hostsharing.net", null);
|
||||
|
||||
assertThat(context.getCurrentTask())
|
||||
.isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack");
|
||||
@ -41,11 +41,11 @@ class ContextIntegrationTests {
|
||||
@Transactional
|
||||
void defineWithCurrentUserButWithoutAssumedRoles() {
|
||||
// when
|
||||
context.define("alex@hostsharing.net");
|
||||
context.define("superuser-alex@hostsharing.net");
|
||||
|
||||
// then
|
||||
assertThat(context.getCurrentUser()).
|
||||
isEqualTo("alex@hostsharing.net");
|
||||
isEqualTo("superuser-alex@hostsharing.net");
|
||||
|
||||
assertThat(context.getCurrentUserUUid()).isNotNull();
|
||||
|
||||
@ -85,11 +85,11 @@ class ContextIntegrationTests {
|
||||
@Transactional
|
||||
void defineWithCurrentUserAndAssumedRoles() {
|
||||
// given
|
||||
context.define("alex@hostsharing.net", "test_customer#xxx.owner;test_customer#yyy.owner");
|
||||
context.define("superuser-alex@hostsharing.net", "test_customer#xxx.owner;test_customer#yyy.owner");
|
||||
|
||||
// when
|
||||
final var currentUser = context.getCurrentUser();
|
||||
assertThat(currentUser).isEqualTo("alex@hostsharing.net");
|
||||
assertThat(currentUser).isEqualTo("superuser-alex@hostsharing.net");
|
||||
|
||||
// then
|
||||
assertThat(context.getAssumedRoles())
|
||||
|
@ -61,7 +61,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canCreateNewContact() {
|
||||
// given
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var count = contactRepo.count();
|
||||
|
||||
// when
|
||||
@ -79,7 +79,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void arbitraryUser_canCreateNewContact() {
|
||||
// given
|
||||
context("drew@hostsharing.org");
|
||||
context("selfregistered-user-drew@hostsharing.org");
|
||||
final var count = contactRepo.count();
|
||||
|
||||
// when
|
||||
@ -96,7 +96,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void createsAndGrantsRoles() {
|
||||
// given
|
||||
context("drew@hostsharing.org");
|
||||
context("selfregistered-user-drew@hostsharing.org");
|
||||
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
|
||||
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
|
||||
|
||||
@ -121,7 +121,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
"{ grant perm * on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.owner by system and assume }",
|
||||
"{ grant role hs_office_contact#anothernewcontact.admin to role hs_office_contact#anothernewcontact.owner by system and assume }",
|
||||
"{ grant perm view on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.tenant by system and assume }",
|
||||
"{ grant role hs_office_contact#anothernewcontact.owner to user drew@hostsharing.org by global#global.admin and assume }"
|
||||
"{ grant role hs_office_contact#anothernewcontact.owner to user selfregistered-user-drew@hostsharing.org by global#global.admin and assume }"
|
||||
));
|
||||
}
|
||||
|
||||
@ -137,7 +137,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllContacts() {
|
||||
// given
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
final var result = contactRepo.findContactByOptionalLabelLike(null);
|
||||
@ -149,10 +149,10 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void arbitraryUser_canViewOnlyItsOwnContact() {
|
||||
// given:
|
||||
final var givenContact = givenSomeTemporaryContact("drew@hostsharing.org");
|
||||
final var givenContact = givenSomeTemporaryContact("selfregistered-user-drew@hostsharing.org");
|
||||
|
||||
// when:
|
||||
context("drew@hostsharing.org");
|
||||
context("selfregistered-user-drew@hostsharing.org");
|
||||
final var result = contactRepo.findContactByOptionalLabelLike(null);
|
||||
|
||||
// then:
|
||||
@ -166,7 +166,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllContacts() {
|
||||
// given
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
|
||||
// when
|
||||
final var result = contactRepo.findContactByOptionalLabelLike("second");
|
||||
@ -178,10 +178,10 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void arbitraryUser_withoutAssumedRole_canViewOnlyItsOwnContact() {
|
||||
// given:
|
||||
final var givenContact = givenSomeTemporaryContact("drew@hostsharing.org");
|
||||
final var givenContact = givenSomeTemporaryContact("selfregistered-user-drew@hostsharing.org");
|
||||
|
||||
// when:
|
||||
context("drew@hostsharing.org");
|
||||
context("selfregistered-user-drew@hostsharing.org");
|
||||
final var result = contactRepo.findContactByOptionalLabelLike(givenContact.getLabel());
|
||||
|
||||
// then:
|
||||
@ -195,19 +195,19 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canDeleteAnyContact() {
|
||||
// given
|
||||
context("alex@hostsharing.net", null);
|
||||
final var givenContact = givenSomeTemporaryContact("drew@hostsharing.org");
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
final var givenContact = givenSomeTemporaryContact("selfregistered-user-drew@hostsharing.org");
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
contactRepo.deleteByUuid(givenContact.getUuid());
|
||||
});
|
||||
|
||||
// then
|
||||
result.assertSuccessful();
|
||||
assertThat(jpaAttempt.transacted(() -> {
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
return contactRepo.findContactByOptionalLabelLike(givenContact.getLabel());
|
||||
}).assertSuccessful().returnedValue()).hasSize(0);
|
||||
}
|
||||
@ -215,18 +215,18 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void arbitraryUser_withoutAssumedRole_canDeleteAContactCreatedByItself() {
|
||||
// given
|
||||
final var givenContact = givenSomeTemporaryContact("drew@hostsharing.org");
|
||||
final var givenContact = givenSomeTemporaryContact("selfregistered-user-drew@hostsharing.org");
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("drew@hostsharing.org", null);
|
||||
context("selfregistered-user-drew@hostsharing.org", null);
|
||||
contactRepo.deleteByUuid(givenContact.getUuid());
|
||||
});
|
||||
|
||||
// then
|
||||
result.assertSuccessful();
|
||||
assertThat(jpaAttempt.transacted(() -> {
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
return contactRepo.findContactByOptionalLabelLike(givenContact.getLabel());
|
||||
}).assertSuccessful().returnedValue()).hasSize(0);
|
||||
}
|
||||
@ -234,10 +234,10 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void deletingAContactAlsoDeletesRelatedRolesAndGrants() {
|
||||
// given
|
||||
context("drew@hostsharing.org", null);
|
||||
context("selfregistered-user-drew@hostsharing.org", null);
|
||||
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
|
||||
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
|
||||
final var givenContact = givenSomeTemporaryContact("drew@hostsharing.org");
|
||||
final var givenContact = givenSomeTemporaryContact("selfregistered-user-drew@hostsharing.org");
|
||||
assumeThat(rawRoleRepo.findAll().size()).as("unexpected number of roles created")
|
||||
.isEqualTo(initialRoleNames.size() + 3);
|
||||
assumeThat(rawGrantRepo.findAll().size()).as("unexpected number of grants created")
|
||||
@ -245,7 +245,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("drew@hostsharing.org", null);
|
||||
context("selfregistered-user-drew@hostsharing.org", null);
|
||||
return contactRepo.deleteByUuid(givenContact.getUuid());
|
||||
});
|
||||
|
||||
@ -272,7 +272,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
||||
|
||||
@AfterEach
|
||||
void cleanup() {
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
final var result = contactRepo.findContactByOptionalLabelLike("some temporary contact");
|
||||
result.forEach(tempPerson -> {
|
||||
System.out.println("DELETING temporary contact: " + tempPerson.getLabel());
|
||||
|
@ -59,7 +59,7 @@ class HsOfficePartnerControllerAcceptanceTest {
|
||||
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/hs/office/partners")
|
||||
@ -120,7 +120,7 @@ class HsOfficePartnerControllerAcceptanceTest {
|
||||
|
||||
final var location = RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.contentType(ContentType.JSON)
|
||||
.body(jsonObject(NEW_PARTNER_JSON_WITHOUT_UUID)
|
||||
.with("uuid", givenUUID.toString()).toString())
|
||||
@ -141,7 +141,7 @@ class HsOfficePartnerControllerAcceptanceTest {
|
||||
final var newUserUuid = UUID.fromString(
|
||||
location.substring(location.lastIndexOf('/') + 1));
|
||||
assertThat(newUserUuid).isEqualTo(givenUUID);
|
||||
context.define("alex@hostsharing.net");
|
||||
context.define("superuser-alex@hostsharing.net");
|
||||
assertThat(partnerRepo.findByUuid(newUserUuid))
|
||||
.hasValueSatisfying(c -> assertThat(c.getPerson().getTradeName()).isEqualTo("Test Corp."));
|
||||
}
|
||||
@ -151,7 +151,7 @@ class HsOfficePartnerControllerAcceptanceTest {
|
||||
|
||||
final var location = RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.contentType(ContentType.JSON)
|
||||
.body(NEW_PARTNER_JSON_WITHOUT_UUID)
|
||||
.port(port)
|
||||
@ -179,12 +179,12 @@ class HsOfficePartnerControllerAcceptanceTest {
|
||||
|
||||
@Test
|
||||
void globalAdmin_withoutAssumedRole_canGetArbitraryPartner() {
|
||||
context.define("alex@hostsharing.net");
|
||||
context.define("superuser-alex@hostsharing.net");
|
||||
final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("First").get(0).getUuid();
|
||||
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
|
||||
@ -202,12 +202,12 @@ class HsOfficePartnerControllerAcceptanceTest {
|
||||
@Test
|
||||
@Accepts({ "Partner:X(Access Control)" })
|
||||
void normalUser_canNotGetUnrelatedPartner() {
|
||||
context.define("alex@hostsharing.net");
|
||||
context.define("superuser-alex@hostsharing.net");
|
||||
final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("First").get(0).getUuid();
|
||||
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "drew@hostsharing.org")
|
||||
.header("current-user", "selfregistered-user-drew@hostsharing.org")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
|
||||
@ -218,7 +218,7 @@ class HsOfficePartnerControllerAcceptanceTest {
|
||||
@Test
|
||||
@Accepts({ "Partner:X(Access Control)" })
|
||||
void contactAdminUser_canGetRelatedPartner() {
|
||||
context.define("alex@hostsharing.net");
|
||||
context.define("superuser-alex@hostsharing.net");
|
||||
final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("first contact").get(0).getUuid();
|
||||
|
||||
RestAssured // @formatter:off
|
||||
@ -248,7 +248,7 @@ class HsOfficePartnerControllerAcceptanceTest {
|
||||
void cleanup() {
|
||||
tempPartnerUuids.forEach(uuid -> {
|
||||
jpaAttempt.transacted(() -> {
|
||||
context.define("alex@hostsharing.net", null);
|
||||
context.define("superuser-alex@hostsharing.net", null);
|
||||
System.out.println("DELETING temporary partner: " + uuid);
|
||||
final var count = partnerRepo.deleteByUuid(uuid);
|
||||
assertThat(count).isGreaterThan(0);
|
||||
|
@ -69,7 +69,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void testHostsharingAdmin_withoutAssumedRole_canCreateNewPartner() {
|
||||
// given
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var count = partnerRepo.count();
|
||||
final var givenPerson = personRepo.findPersonByOptionalNameLike("First Impressions GmbH").get(0);
|
||||
final var givenContact = contactRepo.findContactByOptionalLabelLike("first contact").get(0);
|
||||
@ -94,7 +94,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void createsAndGrantsRoles() {
|
||||
// given
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
|
||||
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
|
||||
|
||||
@ -142,7 +142,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllPartners() {
|
||||
// given
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
final var result = partnerRepo.findPartnerByOptionalNameLike(null);
|
||||
@ -170,7 +170,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllPartners() {
|
||||
// given
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
final var result = partnerRepo.findPartnerByOptionalNameLike("Ostfriesische");
|
||||
@ -186,19 +186,19 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canDeleteAnyPartner() {
|
||||
// given
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
final var givenPartner = givenSomeTemporaryPartnerBessler();
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
partnerRepo.deleteByUuid(givenPartner.getUuid());
|
||||
});
|
||||
|
||||
// then
|
||||
result.assertSuccessful();
|
||||
assertThat(jpaAttempt.transacted(() -> {
|
||||
context("fran@hostsharing.net", null);
|
||||
context("superuser-fran@hostsharing.net", null);
|
||||
return partnerRepo.findByUuid(givenPartner.getUuid());
|
||||
}).assertSuccessful().returnedValue()).isEmpty();
|
||||
}
|
||||
@ -206,7 +206,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void nonGlobalAdmin_canNotDeleteTheirRelatedPartner() {
|
||||
// given
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
final var givenPartner = toCleanup(givenSomeTemporaryPartnerBessler());
|
||||
|
||||
// when
|
||||
@ -222,7 +222,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
JpaSystemException.class,
|
||||
"[403] User person-ErbenBesslerMelBessler@example.com not allowed to delete partner");
|
||||
assertThat(jpaAttempt.transacted(() -> {
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
return partnerRepo.findByUuid(givenPartner.getUuid());
|
||||
}).assertSuccessful().returnedValue()).isPresent(); // still there
|
||||
}
|
||||
@ -230,7 +230,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void deletingAPartnerAlsoDeletesRelatedRolesAndGrants() {
|
||||
// given
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var initialRoleNames = Array.from(roleNamesOf(rawRoleRepo.findAll()));
|
||||
final var initialGrantNames = Array.from(grantDisplaysOf(rawGrantRepo.findAll()));
|
||||
final var givenPartner = givenSomeTemporaryPartnerBessler();
|
||||
@ -241,7 +241,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
return partnerRepo.deleteByUuid(givenPartner.getUuid());
|
||||
});
|
||||
|
||||
@ -255,7 +255,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
|
||||
private HsOfficePartnerEntity givenSomeTemporaryPartnerBessler() {
|
||||
return jpaAttempt.transacted(() -> {
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var givenPerson = personRepo.findPersonByOptionalNameLike("Erben Bessler").get(0);
|
||||
final var givenContact = contactRepo.findContactByOptionalLabelLike("forth contact").get(0);
|
||||
final var newPartner = HsOfficePartnerEntity.builder()
|
||||
@ -275,7 +275,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
|
||||
@AfterEach
|
||||
void cleanup() {
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
tempPartners.forEach(tempPartner -> {
|
||||
System.out.println("DELETING temporary partner: " + tempPartner.getDisplayName());
|
||||
final var count = partnerRepo.deleteByUuid(tempPartner.getUuid());
|
||||
|
@ -57,7 +57,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canCreateNewPerson() {
|
||||
// given
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var count = personRepo.count();
|
||||
|
||||
// when
|
||||
@ -75,7 +75,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void arbitraryUser_canCreateNewPerson() {
|
||||
// given
|
||||
context("drew@hostsharing.org");
|
||||
context("selfregistered-user-drew@hostsharing.org");
|
||||
final var count = personRepo.count();
|
||||
|
||||
// when
|
||||
@ -92,7 +92,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void createsAndGrantsRoles() {
|
||||
// given
|
||||
context("drew@hostsharing.org");
|
||||
context("selfregistered-user-drew@hostsharing.org");
|
||||
final var count = personRepo.count();
|
||||
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
|
||||
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
|
||||
@ -119,7 +119,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
"{ grant perm * on hs_office_person#anothernewperson to role hs_office_person#anothernewperson.owner by system and assume }",
|
||||
"{ grant role hs_office_person#anothernewperson.admin to role hs_office_person#anothernewperson.owner by system and assume }",
|
||||
"{ grant perm view on hs_office_person#anothernewperson to role hs_office_person#anothernewperson.tenant by system and assume }",
|
||||
"{ grant role hs_office_person#anothernewperson.owner to user drew@hostsharing.org by global#global.admin and assume }"
|
||||
"{ grant role hs_office_person#anothernewperson.owner to user selfregistered-user-drew@hostsharing.org by global#global.admin and assume }"
|
||||
));
|
||||
}
|
||||
|
||||
@ -135,7 +135,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllPersons() {
|
||||
// given
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
final var result = personRepo.findPersonByOptionalNameLike(null);
|
||||
@ -169,7 +169,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllPersons() {
|
||||
// given
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
|
||||
// when
|
||||
final var result = personRepo.findPersonByOptionalNameLike("Rockshop");
|
||||
@ -181,10 +181,10 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void arbitraryUser_withoutAssumedRole_canViewOnlyItsOwnPerson() {
|
||||
// given:
|
||||
final var givenPerson = givenSomeTemporaryPerson("drew@hostsharing.org");
|
||||
final var givenPerson = givenSomeTemporaryPerson("selfregistered-user-drew@hostsharing.org");
|
||||
|
||||
// when:
|
||||
context("drew@hostsharing.org");
|
||||
context("selfregistered-user-drew@hostsharing.org");
|
||||
final var result = personRepo.findPersonByOptionalNameLike(givenPerson.getTradeName());
|
||||
|
||||
// then:
|
||||
@ -198,18 +198,18 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canDeleteAnyPerson() {
|
||||
// given
|
||||
final var givenPerson = givenSomeTemporaryPerson("drew@hostsharing.org");
|
||||
final var givenPerson = givenSomeTemporaryPerson("selfregistered-user-drew@hostsharing.org");
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
personRepo.deleteByUuid(givenPerson.getUuid());
|
||||
});
|
||||
|
||||
// then
|
||||
result.assertSuccessful();
|
||||
assertThat(jpaAttempt.transacted(() -> {
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
return personRepo.findPersonByOptionalNameLike(givenPerson.getTradeName());
|
||||
}).assertSuccessful().returnedValue()).hasSize(0);
|
||||
}
|
||||
@ -217,18 +217,18 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void arbitraryUser_withoutAssumedRole_canDeleteAPersonCreatedByItself() {
|
||||
// given
|
||||
final var givenPerson = givenSomeTemporaryPerson("drew@hostsharing.org");
|
||||
final var givenPerson = givenSomeTemporaryPerson("selfregistered-user-drew@hostsharing.org");
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("drew@hostsharing.org", null);
|
||||
context("selfregistered-user-drew@hostsharing.org", null);
|
||||
personRepo.deleteByUuid(givenPerson.getUuid());
|
||||
});
|
||||
|
||||
// then
|
||||
result.assertSuccessful();
|
||||
assertThat(jpaAttempt.transacted(() -> {
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
return personRepo.findPersonByOptionalNameLike(givenPerson.getTradeName());
|
||||
}).assertSuccessful().returnedValue()).hasSize(0);
|
||||
}
|
||||
@ -238,10 +238,10 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void deletingAPersonAlsoDeletesRelatedRolesAndGrants() {
|
||||
// given
|
||||
context("drew@hostsharing.org", null);
|
||||
context("selfregistered-user-drew@hostsharing.org", null);
|
||||
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
|
||||
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
|
||||
final var givenPerson = givenSomeTemporaryPerson("drew@hostsharing.org");
|
||||
final var givenPerson = givenSomeTemporaryPerson("selfregistered-user-drew@hostsharing.org");
|
||||
assumeThat(rawRoleRepo.findAll().size()).as("unexpected number of roles created")
|
||||
.isEqualTo(initialRoleNames.size() + 3);
|
||||
assumeThat(rawGrantRepo.findAll().size()).as("unexpected number of grants created")
|
||||
@ -249,7 +249,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("drew@hostsharing.org", null);
|
||||
context("selfregistered-user-drew@hostsharing.org", null);
|
||||
return personRepo.deleteByUuid(givenPerson.getUuid());
|
||||
});
|
||||
|
||||
@ -263,7 +263,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
|
||||
|
||||
@AfterEach
|
||||
void cleanup() {
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
final var result = personRepo.findPersonByOptionalNameLike("some temporary person");
|
||||
result.forEach(tempPerson -> {
|
||||
System.out.println("DELETING temporary person: " + tempPerson.getDisplayName());
|
||||
|
@ -64,7 +64,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
void globalAdmin_withoutAssumedRole_canViewAllGrants() {
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac/grants")
|
||||
@ -89,7 +89,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
allOf(
|
||||
hasEntry("grantedByRoleIdName", "global#global.admin"),
|
||||
hasEntry("grantedRoleIdName", "global#global.admin"),
|
||||
hasEntry("granteeUserName", "fran@hostsharing.net")
|
||||
hasEntry("granteeUserName", "superuser-fran@hostsharing.net")
|
||||
)
|
||||
))
|
||||
.body("", hasItem(
|
||||
@ -115,7 +115,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
void globalAdmin_withAssumedPackageAdminRole_canViewPacketRelatedGrants() {
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_package#yyy00.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
@ -500,14 +500,14 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
|
||||
RbacUserEntity findRbacUserByName(final String userName) {
|
||||
return jpaAttempt.transacted(() -> {
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
return rbacUserRepository.findByName(userName);
|
||||
}).returnedValue();
|
||||
}
|
||||
|
||||
RbacRoleEntity findRbacRoleByName(final String roleName) {
|
||||
return jpaAttempt.transacted(() -> {
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
return rbacRoleRepository.findByRoleName(roleName);
|
||||
}).returnedValue();
|
||||
}
|
||||
|
@ -43,7 +43,7 @@ class RbacRoleControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac/roles")
|
||||
@ -69,7 +69,7 @@ class RbacRoleControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_package#yyy00.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
|
@ -37,7 +37,7 @@ class RbacRoleControllerRestTest {
|
||||
// when
|
||||
mockMvc.perform(MockMvcRequestBuilders
|
||||
.get("/api/rbac/roles")
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.accept(MediaType.APPLICATION_JSON))
|
||||
|
||||
// then
|
||||
|
@ -59,7 +59,7 @@ class RbacRoleRepositoryIntegrationTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllRbacRoles() {
|
||||
// given
|
||||
context.define("alex@hostsharing.net");
|
||||
context.define("superuser-alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
final var result = rbacRoleRepository.findAll();
|
||||
@ -71,7 +71,7 @@ class RbacRoleRepositoryIntegrationTest {
|
||||
@Test
|
||||
public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacRoles() {
|
||||
given:
|
||||
context.define("alex@hostsharing.net", "global#global.admin");
|
||||
context.define("superuser-alex@hostsharing.net", "global#global.admin");
|
||||
|
||||
// when
|
||||
final var result = rbacRoleRepository.findAll();
|
||||
|
@ -88,7 +88,7 @@ class RbacUserControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac/users/" + givenUser.getUuid())
|
||||
@ -107,7 +107,7 @@ class RbacUserControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#yyy.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
@ -166,7 +166,7 @@ class RbacUserControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac/users")
|
||||
@ -176,11 +176,11 @@ class RbacUserControllerAcceptanceTest {
|
||||
.body("", hasItem(hasEntry("name", "customer-admin@xxx.example.com")))
|
||||
.body("", hasItem(hasEntry("name", "customer-admin@yyy.example.com")))
|
||||
.body("", hasItem(hasEntry("name", "customer-admin@zzz.example.com")))
|
||||
.body("", hasItem(hasEntry("name", "alex@hostsharing.net")))
|
||||
.body("", hasItem(hasEntry("name", "superuser-alex@hostsharing.net")))
|
||||
// ...
|
||||
.body("", hasItem(hasEntry("name", "pac-admin-zzz01@zzz.example.com")))
|
||||
.body("", hasItem(hasEntry("name", "pac-admin-zzz02@zzz.example.com")))
|
||||
.body("", hasItem(hasEntry("name", "fran@hostsharing.net")))
|
||||
.body("", hasItem(hasEntry("name", "superuser-fran@hostsharing.net")))
|
||||
.body("size()", greaterThanOrEqualTo(14));
|
||||
// @formatter:on
|
||||
}
|
||||
@ -192,7 +192,7 @@ class RbacUserControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac/users?name=pac-admin-zzz0")
|
||||
@ -213,7 +213,7 @@ class RbacUserControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#yyy.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
@ -282,7 +282,7 @@ class RbacUserControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
|
||||
@ -316,7 +316,7 @@ class RbacUserControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_package#yyy00.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
@ -455,7 +455,7 @@ class RbacUserControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
final var location = RestAssured
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.delete("http://localhost/api/rbac/users/" + givenUser.getUuid())
|
||||
@ -470,7 +470,7 @@ class RbacUserControllerAcceptanceTest {
|
||||
|
||||
RbacUserEntity findRbacUserByName(final String userName) {
|
||||
return jpaAttempt.transacted(() -> {
|
||||
context.define("alex@hostsharing.net");
|
||||
context.define("superuser-alex@hostsharing.net");
|
||||
return rbacUserRepository.findByName(userName);
|
||||
}).returnedValue();
|
||||
}
|
||||
|
@ -99,7 +99,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
|
||||
private static final String[] ALL_TEST_DATA_USERS = Array.of(
|
||||
// @formatter:off
|
||||
"alex@hostsharing.net", "fran@hostsharing.net",
|
||||
"superuser-alex@hostsharing.net", "superuser-fran@hostsharing.net",
|
||||
"customer-admin@xxx.example.com",
|
||||
"pac-admin-xxx00@xxx.example.com", "pac-admin-xxx01@xxx.example.com", "pac-admin-xxx02@xxx.example.com",
|
||||
"customer-admin@yyy.example.com",
|
||||
@ -112,7 +112,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllRbacUsers() {
|
||||
// given
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
final var result = rbacUserRepository.findByOptionalNameLike(null);
|
||||
@ -124,7 +124,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacUsers() {
|
||||
given:
|
||||
context("alex@hostsharing.net", "global#global.admin");
|
||||
context("superuser-alex@hostsharing.net", "global#global.admin");
|
||||
|
||||
// when
|
||||
final var result = rbacUserRepository.findByOptionalNameLike(null);
|
||||
@ -136,7 +136,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withAssumedCustomerAdminRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() {
|
||||
given:
|
||||
context("alex@hostsharing.net", "test_customer#xxx.admin");
|
||||
context("superuser-alex@hostsharing.net", "test_customer#xxx.admin");
|
||||
|
||||
// when
|
||||
final var result = rbacUserRepository.findByOptionalNameLike(null);
|
||||
@ -239,10 +239,10 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canViewTheirOwnPermissions() {
|
||||
// given
|
||||
context("alex@hostsharing.net");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("alex@hostsharing.net"));
|
||||
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("superuser-alex@hostsharing.net"));
|
||||
|
||||
// then
|
||||
allTheseRbacPermissionsAreReturned(result, ALL_USER_PERMISSIONS);
|
||||
@ -294,7 +294,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
||||
public void customerAdmin_withoutAssumedRole_isNotAllowedToViewGlobalAdminsPermissions() {
|
||||
// given
|
||||
context("customer-admin@xxx.example.com");
|
||||
final UUID userUuid = userUUID("alex@hostsharing.net");
|
||||
final UUID userUuid = userUUID("superuser-alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
final var result = attempt(em, () ->
|
||||
|
@ -42,7 +42,7 @@ class TestCustomerControllerAcceptanceTest {
|
||||
void globalAdmin_withoutAssumedRoles_canViewAllCustomers_ifNoCriteriaGiven() {
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/test/customers")
|
||||
@ -60,7 +60,7 @@ class TestCustomerControllerAcceptanceTest {
|
||||
void globalAdmin_withoutAssumedRoles_canViewMatchingCustomers_ifCriteriaGiven() {
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/test/customers?prefix=y")
|
||||
@ -76,7 +76,7 @@ class TestCustomerControllerAcceptanceTest {
|
||||
void globalAdmin_withoutAssumedCustomerAdminRole_canOnlyViewOwnCustomer() {
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#yyy.admin")
|
||||
.port(port)
|
||||
.when()
|
||||
@ -114,7 +114,7 @@ class TestCustomerControllerAcceptanceTest {
|
||||
|
||||
final var location = RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.contentType(ContentType.JSON)
|
||||
.body("""
|
||||
{
|
||||
@ -148,7 +148,7 @@ class TestCustomerControllerAcceptanceTest {
|
||||
|
||||
final var location = RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.contentType(ContentType.JSON)
|
||||
.body("""
|
||||
{
|
||||
@ -184,7 +184,7 @@ class TestCustomerControllerAcceptanceTest {
|
||||
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "alex@hostsharing.net")
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", "test_customer#xxx.admin")
|
||||
.contentType(ContentType.JSON)
|
||||
.body("""
|
||||
@ -205,7 +205,7 @@ class TestCustomerControllerAcceptanceTest {
|
||||
// @formatter:on
|
||||
|
||||
// finally, the new customer was not created
|
||||
context.define("fran@hostsharing.net");
|
||||
context.define("superuser-fran@hostsharing.net");
|
||||
assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
|
||||
}
|
||||
|
||||
@ -234,7 +234,7 @@ class TestCustomerControllerAcceptanceTest {
|
||||
// @formatter:on
|
||||
|
||||
// finally, the new customer was not created
|
||||
context.define("fran@hostsharing.net");
|
||||
context.define("superuser-fran@hostsharing.net");
|
||||
assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
|
||||
}
|
||||
}
|
||||
|
@ -39,7 +39,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canCreateNewCustomer() {
|
||||
// given
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
final var count = testCustomerRepository.count();
|
||||
|
||||
// when
|
||||
@ -60,7 +60,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withAssumedCustomerRole_cannotCreateNewCustomer() {
|
||||
// given
|
||||
context("alex@hostsharing.net", "test_customer#xxx.admin");
|
||||
context("superuser-alex@hostsharing.net", "test_customer#xxx.admin");
|
||||
|
||||
// when
|
||||
final var result = attempt(em, () -> {
|
||||
@ -106,7 +106,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllCustomers() {
|
||||
// given
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
|
||||
// when
|
||||
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null);
|
||||
@ -118,7 +118,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withAssumedglobalAdminRole_canViewAllCustomers() {
|
||||
given:
|
||||
context("alex@hostsharing.net", "global#global.admin");
|
||||
context("superuser-alex@hostsharing.net", "global#global.admin");
|
||||
|
||||
// when
|
||||
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null);
|
||||
@ -155,7 +155,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
|
||||
@Test
|
||||
public void globalAdmin_withoutAssumedRole_canViewAllCustomers() {
|
||||
// given
|
||||
context("alex@hostsharing.net", null);
|
||||
context("superuser-alex@hostsharing.net", null);
|
||||
|
||||
// when
|
||||
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike("yyy");
|
||||
|
@ -43,7 +43,7 @@ class TestPackageControllerAcceptanceTest {
|
||||
// @formatter:off
|
||||
RestAssured
|
||||
.given() |