prefix alex+fran with superuser- to make tests easier to understand

This commit is contained in:
Michael Hoennig 2022-09-14 09:56:22 +02:00
parent a3d2dd3db1
commit 3fa02d4a10
21 changed files with 137 additions and 136 deletions

View File

@ -72,21 +72,21 @@ If you have at least Docker, the Java JDK and Gradle installed in appropriate ve
# the following command should return a JSON array with just all customers:
curl \
-H 'current-user: alex@hostsharing.net' \
-H 'current-user: superuser-alex@hostsharing.net' \
http://localhost:8080/api/test/customers
# the following command should return a JSON array with just all packages visible for the admin of the customer yyy:
curl \
-H 'current-user: alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy.admin' \
-H 'current-user: superuser-alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy.admin' \
http://localhost:8080/api/test/packages
# add a new customer
curl \
-H 'current-user: alex@hostsharing.net' -H "Content-Type: application/json" \
-H 'current-user: superuser-alex@hostsharing.net' -H "Content-Type: application/json" \
-d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \
-X POST http://localhost:8080/api/test/customers
If you wonder who 'alex@hostsharing.net' and 'fran@hostsharing.net' are and where the data comes from:
If you wonder who 'superuser-alex@hostsharing.net' and 'superuser-fran@hostsharing.net' are and where the data comes from:
Mike and Sven are just example global admin accounts as part of the example data which is automatically inserted in Testcontainers and Development environments.
Also try for example 'admin@xxx.example.com' or 'unknown@example.org'.

View File

@ -9,10 +9,10 @@ select isGranted(findRoleId('test_package#aaa00.owner'), findRoleId('administrat
-- call grantRoleToRole(findRoleId('administrators'), findRoleId('test_package#aaa00.owner'));
select count(*)
FROM queryAllPermissionsOfSubjectIdForObjectUuids(findRbacUser('fran@hostsharing.net'),
FROM queryAllPermissionsOfSubjectIdForObjectUuids(findRbacUser('superuser-fran@hostsharing.net'),
ARRAY(select uuid from customer where reference < 1100000));
select count(*)
FROM queryAllPermissionsOfSubjectId(findRbacUser('fran@hostsharing.net'));
FROM queryAllPermissionsOfSubjectId(findRbacUser('superuser-fran@hostsharing.net'));
select *
FROM queryAllPermissionsOfSubjectId(findRbacUser('alex@example.com'));
select *
@ -33,7 +33,7 @@ $$
userId uuid;
result bool;
BEGIN
userId = findRbacUser('alex@hostsharing.net');
userId = findRbacUser('superuser-alex@hostsharing.net');
result = (SELECT * FROM isPermissionGrantedToSubject(findPermissionId('package', 94928, 'add-package'), userId));
IF (result) THEN
RAISE EXCEPTION 'expected permission NOT to be granted, but it is';

View File

@ -38,7 +38,7 @@ CREATE OR REPLACE RULE "_RETURN" AS
SELECT * FROM customer WHERE isPermissionGrantedToSubject(findPermissionId('test_customer', id, 'view'), currentUserUuid());
SELECT * from cust_view LIMIT 10;
select queryAllPermissionsOfSubjectId(findRbacUser('alex@hostsharing.net'));
select queryAllPermissionsOfSubjectId(findRbacUser('superuser-alex@hostsharing.net'));
-- access control via view-rule with join to recursive permissions - really fast (38ms for 1 million rows)
SET SESSION SESSION AUTHORIZATION DEFAULT;
@ -73,7 +73,7 @@ GRANT ALL PRIVILEGES ON cust_view TO restricted;
SET SESSION SESSION AUTHORIZATION restricted;
-- SET hsadminng.currentUser TO 'alex@example.com';
SET hsadminng.currentUser TO 'alex@hostsharing.net';
SET hsadminng.currentUser TO 'superuser-alex@hostsharing.net';
-- SET hsadminng.currentUser TO 'aaaaouq@example.com';
SELECT * from cust_view where reference=1144150;

View File

@ -122,9 +122,10 @@ do language plpgsql $$
call defineContext('creating fake test-realm admin users', null, null, null);
admins = findRoleId(globalAdmin());
call grantRoleToUserUnchecked(admins, admins, createRbacUser('alex@hostsharing.net'));
call grantRoleToUserUnchecked(admins, admins, createRbacUser('fran@hostsharing.net'));
perform createRbacUser('drew@hostsharing.org');
call grantRoleToUserUnchecked(admins, admins, createRbacUser('superuser-alex@hostsharing.net'));
call grantRoleToUserUnchecked(admins, admins, createRbacUser('superuser-fran@hostsharing.net'));
perform createRbacUser('selfregistered-user-drew@hostsharing.org');
perform createRbacUser('selfregistered-test-user@hostsharing.org');
end;
$$;
--//
@ -142,15 +143,15 @@ do language plpgsql $$
declare
userName varchar;
begin
call defineContext('testing currentUserUuid', null, 'fran@hostsharing.net', null);
call defineContext('testing currentUserUuid', null, 'superuser-fran@hostsharing.net', null);
select userName from RbacUser where uuid = currentUserUuid() into userName;
if userName <> 'fran@hostsharing.net' then
if userName <> 'superuser-fran@hostsharing.net' then
raise exception 'setting or fetching initial currentUser failed, got: %', userName;
end if;
call defineContext('testing currentUserUuid', null, 'alex@hostsharing.net', null);
call defineContext('testing currentUserUuid', null, 'superuser-alex@hostsharing.net', null);
select userName from RbacUser where uuid = currentUserUuid() into userName;
if userName = 'alex@hostsharing.net' then
if userName = 'superuser-alex@hostsharing.net' then
raise exception 'currentUser should not change in one transaction, but did change, got: %', userName;
end if;
end; $$;

View File

@ -30,7 +30,7 @@ declare
custAdminName varchar;
begin
currentTask = 'creating RBAC test customer #' || custReference || '/' || custPrefix;
call defineContext(currentTask, null, 'alex@hostsharing.net', 'global#global.admin');
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global.admin');
execute format('set local hsadminng.currentTask to %L', currentTask);
custRowId = uuid_generate_v4();

View File

@ -18,7 +18,7 @@ declare
begin
idName := cleanIdentifier( personTradeName|| '-' || contactLabel);
currentTask := 'creating RBAC test partner ' || idName;
call defineContext(currentTask, null, 'alex@hostsharing.net', 'global#global.admin');
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global.admin');
execute format('set local hsadminng.currentTask to %L', currentTask);
select p.* from hs_office_person p where p.tradeName = personTradeName into relatedPerson;

View File

@ -31,7 +31,7 @@ class ContextIntegrationTests {
@Test
void defineWithoutHttpServletRequestUsesCallStack() {
context.define("alex@hostsharing.net", null);
context.define("superuser-alex@hostsharing.net", null);
assertThat(context.getCurrentTask())
.isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack");
@ -41,11 +41,11 @@ class ContextIntegrationTests {
@Transactional
void defineWithCurrentUserButWithoutAssumedRoles() {
// when
context.define("alex@hostsharing.net");
context.define("superuser-alex@hostsharing.net");
// then
assertThat(context.getCurrentUser()).
isEqualTo("alex@hostsharing.net");
isEqualTo("superuser-alex@hostsharing.net");
assertThat(context.getCurrentUserUUid()).isNotNull();
@ -85,11 +85,11 @@ class ContextIntegrationTests {
@Transactional
void defineWithCurrentUserAndAssumedRoles() {
// given
context.define("alex@hostsharing.net", "test_customer#xxx.owner;test_customer#yyy.owner");
context.define("superuser-alex@hostsharing.net", "test_customer#xxx.owner;test_customer#yyy.owner");
// when
final var currentUser = context.getCurrentUser();
assertThat(currentUser).isEqualTo("alex@hostsharing.net");
assertThat(currentUser).isEqualTo("superuser-alex@hostsharing.net");
// then
assertThat(context.getAssumedRoles())

View File

@ -61,7 +61,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canCreateNewContact() {
// given
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
final var count = contactRepo.count();
// when
@ -79,7 +79,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void arbitraryUser_canCreateNewContact() {
// given
context("drew@hostsharing.org");
context("selfregistered-user-drew@hostsharing.org");
final var count = contactRepo.count();
// when
@ -96,7 +96,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void createsAndGrantsRoles() {
// given
context("drew@hostsharing.org");
context("selfregistered-user-drew@hostsharing.org");
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
@ -121,7 +121,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
"{ grant perm * on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.owner by system and assume }",
"{ grant role hs_office_contact#anothernewcontact.admin to role hs_office_contact#anothernewcontact.owner by system and assume }",
"{ grant perm view on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.tenant by system and assume }",
"{ grant role hs_office_contact#anothernewcontact.owner to user drew@hostsharing.org by global#global.admin and assume }"
"{ grant role hs_office_contact#anothernewcontact.owner to user selfregistered-user-drew@hostsharing.org by global#global.admin and assume }"
));
}
@ -137,7 +137,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canViewAllContacts() {
// given
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
// when
final var result = contactRepo.findContactByOptionalLabelLike(null);
@ -149,10 +149,10 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void arbitraryUser_canViewOnlyItsOwnContact() {
// given:
final var givenContact = givenSomeTemporaryContact("drew@hostsharing.org");
final var givenContact = givenSomeTemporaryContact("selfregistered-user-drew@hostsharing.org");
// when:
context("drew@hostsharing.org");
context("selfregistered-user-drew@hostsharing.org");
final var result = contactRepo.findContactByOptionalLabelLike(null);
// then:
@ -166,7 +166,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canViewAllContacts() {
// given
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
// when
final var result = contactRepo.findContactByOptionalLabelLike("second");
@ -178,10 +178,10 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void arbitraryUser_withoutAssumedRole_canViewOnlyItsOwnContact() {
// given:
final var givenContact = givenSomeTemporaryContact("drew@hostsharing.org");
final var givenContact = givenSomeTemporaryContact("selfregistered-user-drew@hostsharing.org");
// when:
context("drew@hostsharing.org");
context("selfregistered-user-drew@hostsharing.org");
final var result = contactRepo.findContactByOptionalLabelLike(givenContact.getLabel());
// then:
@ -195,19 +195,19 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canDeleteAnyContact() {
// given
context("alex@hostsharing.net", null);
final var givenContact = givenSomeTemporaryContact("drew@hostsharing.org");
context("superuser-alex@hostsharing.net", null);
final var givenContact = givenSomeTemporaryContact("selfregistered-user-drew@hostsharing.org");
// when
final var result = jpaAttempt.transacted(() -> {
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
contactRepo.deleteByUuid(givenContact.getUuid());
});
// then
result.assertSuccessful();
assertThat(jpaAttempt.transacted(() -> {
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
return contactRepo.findContactByOptionalLabelLike(givenContact.getLabel());
}).assertSuccessful().returnedValue()).hasSize(0);
}
@ -215,18 +215,18 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void arbitraryUser_withoutAssumedRole_canDeleteAContactCreatedByItself() {
// given
final var givenContact = givenSomeTemporaryContact("drew@hostsharing.org");
final var givenContact = givenSomeTemporaryContact("selfregistered-user-drew@hostsharing.org");
// when
final var result = jpaAttempt.transacted(() -> {
context("drew@hostsharing.org", null);
context("selfregistered-user-drew@hostsharing.org", null);
contactRepo.deleteByUuid(givenContact.getUuid());
});
// then
result.assertSuccessful();
assertThat(jpaAttempt.transacted(() -> {
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
return contactRepo.findContactByOptionalLabelLike(givenContact.getLabel());
}).assertSuccessful().returnedValue()).hasSize(0);
}
@ -234,10 +234,10 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void deletingAContactAlsoDeletesRelatedRolesAndGrants() {
// given
context("drew@hostsharing.org", null);
context("selfregistered-user-drew@hostsharing.org", null);
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
final var givenContact = givenSomeTemporaryContact("drew@hostsharing.org");
final var givenContact = givenSomeTemporaryContact("selfregistered-user-drew@hostsharing.org");
assumeThat(rawRoleRepo.findAll().size()).as("unexpected number of roles created")
.isEqualTo(initialRoleNames.size() + 3);
assumeThat(rawGrantRepo.findAll().size()).as("unexpected number of grants created")
@ -245,7 +245,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
// when
final var result = jpaAttempt.transacted(() -> {
context("drew@hostsharing.org", null);
context("selfregistered-user-drew@hostsharing.org", null);
return contactRepo.deleteByUuid(givenContact.getUuid());
});
@ -272,7 +272,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
@AfterEach
void cleanup() {
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
final var result = contactRepo.findContactByOptionalLabelLike("some temporary contact");
result.forEach(tempPerson -> {
System.out.println("DELETING temporary contact: " + tempPerson.getLabel());

View File

@ -59,7 +59,7 @@ class HsOfficePartnerControllerAcceptanceTest {
RestAssured // @formatter:off
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/partners")
@ -120,7 +120,7 @@ class HsOfficePartnerControllerAcceptanceTest {
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body(jsonObject(NEW_PARTNER_JSON_WITHOUT_UUID)
.with("uuid", givenUUID.toString()).toString())
@ -141,7 +141,7 @@ class HsOfficePartnerControllerAcceptanceTest {
final var newUserUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
assertThat(newUserUuid).isEqualTo(givenUUID);
context.define("alex@hostsharing.net");
context.define("superuser-alex@hostsharing.net");
assertThat(partnerRepo.findByUuid(newUserUuid))
.hasValueSatisfying(c -> assertThat(c.getPerson().getTradeName()).isEqualTo("Test Corp."));
}
@ -151,7 +151,7 @@ class HsOfficePartnerControllerAcceptanceTest {
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body(NEW_PARTNER_JSON_WITHOUT_UUID)
.port(port)
@ -179,12 +179,12 @@ class HsOfficePartnerControllerAcceptanceTest {
@Test
void globalAdmin_withoutAssumedRole_canGetArbitraryPartner() {
context.define("alex@hostsharing.net");
context.define("superuser-alex@hostsharing.net");
final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("First").get(0).getUuid();
RestAssured // @formatter:off
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@ -202,12 +202,12 @@ class HsOfficePartnerControllerAcceptanceTest {
@Test
@Accepts({ "Partner:X(Access Control)" })
void normalUser_canNotGetUnrelatedPartner() {
context.define("alex@hostsharing.net");
context.define("superuser-alex@hostsharing.net");
final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("First").get(0).getUuid();
RestAssured // @formatter:off
.given()
.header("current-user", "drew@hostsharing.org")
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@ -218,7 +218,7 @@ class HsOfficePartnerControllerAcceptanceTest {
@Test
@Accepts({ "Partner:X(Access Control)" })
void contactAdminUser_canGetRelatedPartner() {
context.define("alex@hostsharing.net");
context.define("superuser-alex@hostsharing.net");
final var givenPartnerUuid = partnerRepo.findPartnerByOptionalNameLike("first contact").get(0).getUuid();
RestAssured // @formatter:off
@ -248,7 +248,7 @@ class HsOfficePartnerControllerAcceptanceTest {
void cleanup() {
tempPartnerUuids.forEach(uuid -> {
jpaAttempt.transacted(() -> {
context.define("alex@hostsharing.net", null);
context.define("superuser-alex@hostsharing.net", null);
System.out.println("DELETING temporary partner: " + uuid);
final var count = partnerRepo.deleteByUuid(uuid);
assertThat(count).isGreaterThan(0);

View File

@ -69,7 +69,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void testHostsharingAdmin_withoutAssumedRole_canCreateNewPartner() {
// given
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
final var count = partnerRepo.count();
final var givenPerson = personRepo.findPersonByOptionalNameLike("First Impressions GmbH").get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike("first contact").get(0);
@ -94,7 +94,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void createsAndGrantsRoles() {
// given
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
@ -142,7 +142,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canViewAllPartners() {
// given
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
// when
final var result = partnerRepo.findPartnerByOptionalNameLike(null);
@ -170,7 +170,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canViewAllPartners() {
// given
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
// when
final var result = partnerRepo.findPartnerByOptionalNameLike("Ostfriesische");
@ -186,19 +186,19 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canDeleteAnyPartner() {
// given
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
final var givenPartner = givenSomeTemporaryPartnerBessler();
// when
final var result = jpaAttempt.transacted(() -> {
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
partnerRepo.deleteByUuid(givenPartner.getUuid());
});
// then
result.assertSuccessful();
assertThat(jpaAttempt.transacted(() -> {
context("fran@hostsharing.net", null);
context("superuser-fran@hostsharing.net", null);
return partnerRepo.findByUuid(givenPartner.getUuid());
}).assertSuccessful().returnedValue()).isEmpty();
}
@ -206,7 +206,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void nonGlobalAdmin_canNotDeleteTheirRelatedPartner() {
// given
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
final var givenPartner = toCleanup(givenSomeTemporaryPartnerBessler());
// when
@ -222,7 +222,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
JpaSystemException.class,
"[403] User person-ErbenBesslerMelBessler@example.com not allowed to delete partner");
assertThat(jpaAttempt.transacted(() -> {
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
return partnerRepo.findByUuid(givenPartner.getUuid());
}).assertSuccessful().returnedValue()).isPresent(); // still there
}
@ -230,7 +230,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void deletingAPartnerAlsoDeletesRelatedRolesAndGrants() {
// given
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
final var initialRoleNames = Array.from(roleNamesOf(rawRoleRepo.findAll()));
final var initialGrantNames = Array.from(grantDisplaysOf(rawGrantRepo.findAll()));
final var givenPartner = givenSomeTemporaryPartnerBessler();
@ -241,7 +241,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
// when
final var result = jpaAttempt.transacted(() -> {
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
return partnerRepo.deleteByUuid(givenPartner.getUuid());
});
@ -255,7 +255,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
private HsOfficePartnerEntity givenSomeTemporaryPartnerBessler() {
return jpaAttempt.transacted(() -> {
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
final var givenPerson = personRepo.findPersonByOptionalNameLike("Erben Bessler").get(0);
final var givenContact = contactRepo.findContactByOptionalLabelLike("forth contact").get(0);
final var newPartner = HsOfficePartnerEntity.builder()
@ -275,7 +275,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
@AfterEach
void cleanup() {
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
tempPartners.forEach(tempPartner -> {
System.out.println("DELETING temporary partner: " + tempPartner.getDisplayName());
final var count = partnerRepo.deleteByUuid(tempPartner.getUuid());

View File

@ -57,7 +57,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canCreateNewPerson() {
// given
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
final var count = personRepo.count();
// when
@ -75,7 +75,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void arbitraryUser_canCreateNewPerson() {
// given
context("drew@hostsharing.org");
context("selfregistered-user-drew@hostsharing.org");
final var count = personRepo.count();
// when
@ -92,7 +92,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void createsAndGrantsRoles() {
// given
context("drew@hostsharing.org");
context("selfregistered-user-drew@hostsharing.org");
final var count = personRepo.count();
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
@ -119,7 +119,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
"{ grant perm * on hs_office_person#anothernewperson to role hs_office_person#anothernewperson.owner by system and assume }",
"{ grant role hs_office_person#anothernewperson.admin to role hs_office_person#anothernewperson.owner by system and assume }",
"{ grant perm view on hs_office_person#anothernewperson to role hs_office_person#anothernewperson.tenant by system and assume }",
"{ grant role hs_office_person#anothernewperson.owner to user drew@hostsharing.org by global#global.admin and assume }"
"{ grant role hs_office_person#anothernewperson.owner to user selfregistered-user-drew@hostsharing.org by global#global.admin and assume }"
));
}
@ -135,7 +135,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canViewAllPersons() {
// given
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
// when
final var result = personRepo.findPersonByOptionalNameLike(null);
@ -169,7 +169,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canViewAllPersons() {
// given
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
// when
final var result = personRepo.findPersonByOptionalNameLike("Rockshop");
@ -181,10 +181,10 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void arbitraryUser_withoutAssumedRole_canViewOnlyItsOwnPerson() {
// given:
final var givenPerson = givenSomeTemporaryPerson("drew@hostsharing.org");
final var givenPerson = givenSomeTemporaryPerson("selfregistered-user-drew@hostsharing.org");
// when:
context("drew@hostsharing.org");
context("selfregistered-user-drew@hostsharing.org");
final var result = personRepo.findPersonByOptionalNameLike(givenPerson.getTradeName());
// then:
@ -198,18 +198,18 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canDeleteAnyPerson() {
// given
final var givenPerson = givenSomeTemporaryPerson("drew@hostsharing.org");
final var givenPerson = givenSomeTemporaryPerson("selfregistered-user-drew@hostsharing.org");
// when
final var result = jpaAttempt.transacted(() -> {
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
personRepo.deleteByUuid(givenPerson.getUuid());
});
// then
result.assertSuccessful();
assertThat(jpaAttempt.transacted(() -> {
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
return personRepo.findPersonByOptionalNameLike(givenPerson.getTradeName());
}).assertSuccessful().returnedValue()).hasSize(0);
}
@ -217,18 +217,18 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void arbitraryUser_withoutAssumedRole_canDeleteAPersonCreatedByItself() {
// given
final var givenPerson = givenSomeTemporaryPerson("drew@hostsharing.org");
final var givenPerson = givenSomeTemporaryPerson("selfregistered-user-drew@hostsharing.org");
// when
final var result = jpaAttempt.transacted(() -> {
context("drew@hostsharing.org", null);
context("selfregistered-user-drew@hostsharing.org", null);
personRepo.deleteByUuid(givenPerson.getUuid());
});
// then
result.assertSuccessful();
assertThat(jpaAttempt.transacted(() -> {
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
return personRepo.findPersonByOptionalNameLike(givenPerson.getTradeName());
}).assertSuccessful().returnedValue()).hasSize(0);
}
@ -238,10 +238,10 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void deletingAPersonAlsoDeletesRelatedRolesAndGrants() {
// given
context("drew@hostsharing.org", null);
context("selfregistered-user-drew@hostsharing.org", null);
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
final var givenPerson = givenSomeTemporaryPerson("drew@hostsharing.org");
final var givenPerson = givenSomeTemporaryPerson("selfregistered-user-drew@hostsharing.org");
assumeThat(rawRoleRepo.findAll().size()).as("unexpected number of roles created")
.isEqualTo(initialRoleNames.size() + 3);
assumeThat(rawGrantRepo.findAll().size()).as("unexpected number of grants created")
@ -249,7 +249,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
// when
final var result = jpaAttempt.transacted(() -> {
context("drew@hostsharing.org", null);
context("selfregistered-user-drew@hostsharing.org", null);
return personRepo.deleteByUuid(givenPerson.getUuid());
});
@ -263,7 +263,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTest {
@AfterEach
void cleanup() {
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
final var result = personRepo.findPersonByOptionalNameLike("some temporary person");
result.forEach(tempPerson -> {
System.out.println("DELETING temporary person: " + tempPerson.getDisplayName());

View File

@ -64,7 +64,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
void globalAdmin_withoutAssumedRole_canViewAllGrants() {
RestAssured // @formatter:off
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/grants")
@ -89,7 +89,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
allOf(
hasEntry("grantedByRoleIdName", "global#global.admin"),
hasEntry("grantedRoleIdName", "global#global.admin"),
hasEntry("granteeUserName", "fran@hostsharing.net")
hasEntry("granteeUserName", "superuser-fran@hostsharing.net")
)
))
.body("", hasItem(
@ -115,7 +115,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
void globalAdmin_withAssumedPackageAdminRole_canViewPacketRelatedGrants() {
RestAssured // @formatter:off
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_package#yyy00.admin")
.port(port)
.when()
@ -500,14 +500,14 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
RbacUserEntity findRbacUserByName(final String userName) {
return jpaAttempt.transacted(() -> {
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
return rbacUserRepository.findByName(userName);
}).returnedValue();
}
RbacRoleEntity findRbacRoleByName(final String roleName) {
return jpaAttempt.transacted(() -> {
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
return rbacRoleRepository.findByRoleName(roleName);
}).returnedValue();
}

View File

@ -43,7 +43,7 @@ class RbacRoleControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/roles")
@ -69,7 +69,7 @@ class RbacRoleControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_package#yyy00.admin")
.port(port)
.when()

View File

@ -37,7 +37,7 @@ class RbacRoleControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/rbac/roles")
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.accept(MediaType.APPLICATION_JSON))
// then

View File

@ -59,7 +59,7 @@ class RbacRoleRepositoryIntegrationTest {
@Test
public void globalAdmin_withoutAssumedRole_canViewAllRbacRoles() {
// given
context.define("alex@hostsharing.net");
context.define("superuser-alex@hostsharing.net");
// when
final var result = rbacRoleRepository.findAll();
@ -71,7 +71,7 @@ class RbacRoleRepositoryIntegrationTest {
@Test
public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacRoles() {
given:
context.define("alex@hostsharing.net", "global#global.admin");
context.define("superuser-alex@hostsharing.net", "global#global.admin");
// when
final var result = rbacRoleRepository.findAll();

View File

@ -88,7 +88,7 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/users/" + givenUser.getUuid())
@ -107,7 +107,7 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#yyy.admin")
.port(port)
.when()
@ -166,7 +166,7 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/users")
@ -176,11 +176,11 @@ class RbacUserControllerAcceptanceTest {
.body("", hasItem(hasEntry("name", "customer-admin@xxx.example.com")))
.body("", hasItem(hasEntry("name", "customer-admin@yyy.example.com")))
.body("", hasItem(hasEntry("name", "customer-admin@zzz.example.com")))
.body("", hasItem(hasEntry("name", "alex@hostsharing.net")))
.body("", hasItem(hasEntry("name", "superuser-alex@hostsharing.net")))
// ...
.body("", hasItem(hasEntry("name", "pac-admin-zzz01@zzz.example.com")))
.body("", hasItem(hasEntry("name", "pac-admin-zzz02@zzz.example.com")))
.body("", hasItem(hasEntry("name", "fran@hostsharing.net")))
.body("", hasItem(hasEntry("name", "superuser-fran@hostsharing.net")))
.body("size()", greaterThanOrEqualTo(14));
// @formatter:on
}
@ -192,7 +192,7 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/users?name=pac-admin-zzz0")
@ -213,7 +213,7 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#yyy.admin")
.port(port)
.when()
@ -282,7 +282,7 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
@ -316,7 +316,7 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_package#yyy00.admin")
.port(port)
.when()
@ -455,7 +455,7 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
final var location = RestAssured
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/rbac/users/" + givenUser.getUuid())
@ -470,7 +470,7 @@ class RbacUserControllerAcceptanceTest {
RbacUserEntity findRbacUserByName(final String userName) {
return jpaAttempt.transacted(() -> {
context.define("alex@hostsharing.net");
context.define("superuser-alex@hostsharing.net");
return rbacUserRepository.findByName(userName);
}).returnedValue();
}

View File

@ -99,7 +99,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
private static final String[] ALL_TEST_DATA_USERS = Array.of(
// @formatter:off
"alex@hostsharing.net", "fran@hostsharing.net",
"superuser-alex@hostsharing.net", "superuser-fran@hostsharing.net",
"customer-admin@xxx.example.com",
"pac-admin-xxx00@xxx.example.com", "pac-admin-xxx01@xxx.example.com", "pac-admin-xxx02@xxx.example.com",
"customer-admin@yyy.example.com",
@ -112,7 +112,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canViewAllRbacUsers() {
// given
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
// when
final var result = rbacUserRepository.findByOptionalNameLike(null);
@ -124,7 +124,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacUsers() {
given:
context("alex@hostsharing.net", "global#global.admin");
context("superuser-alex@hostsharing.net", "global#global.admin");
// when
final var result = rbacUserRepository.findByOptionalNameLike(null);
@ -136,7 +136,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withAssumedCustomerAdminRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() {
given:
context("alex@hostsharing.net", "test_customer#xxx.admin");
context("superuser-alex@hostsharing.net", "test_customer#xxx.admin");
// when
final var result = rbacUserRepository.findByOptionalNameLike(null);
@ -239,10 +239,10 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canViewTheirOwnPermissions() {
// given
context("alex@hostsharing.net");
context("superuser-alex@hostsharing.net");
// when
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("alex@hostsharing.net"));
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("superuser-alex@hostsharing.net"));
// then
allTheseRbacPermissionsAreReturned(result, ALL_USER_PERMISSIONS);
@ -294,7 +294,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
public void customerAdmin_withoutAssumedRole_isNotAllowedToViewGlobalAdminsPermissions() {
// given
context("customer-admin@xxx.example.com");
final UUID userUuid = userUUID("alex@hostsharing.net");
final UUID userUuid = userUUID("superuser-alex@hostsharing.net");
// when
final var result = attempt(em, () ->

View File

@ -42,7 +42,7 @@ class TestCustomerControllerAcceptanceTest {
void globalAdmin_withoutAssumedRoles_canViewAllCustomers_ifNoCriteriaGiven() {
RestAssured // @formatter:off
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/test/customers")
@ -60,7 +60,7 @@ class TestCustomerControllerAcceptanceTest {
void globalAdmin_withoutAssumedRoles_canViewMatchingCustomers_ifCriteriaGiven() {
RestAssured // @formatter:off
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/test/customers?prefix=y")
@ -76,7 +76,7 @@ class TestCustomerControllerAcceptanceTest {
void globalAdmin_withoutAssumedCustomerAdminRole_canOnlyViewOwnCustomer() {
RestAssured // @formatter:off
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#yyy.admin")
.port(port)
.when()
@ -114,7 +114,7 @@ class TestCustomerControllerAcceptanceTest {
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -148,7 +148,7 @@ class TestCustomerControllerAcceptanceTest {
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
@ -184,7 +184,7 @@ class TestCustomerControllerAcceptanceTest {
RestAssured // @formatter:off
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx.admin")
.contentType(ContentType.JSON)
.body("""
@ -205,7 +205,7 @@ class TestCustomerControllerAcceptanceTest {
// @formatter:on
// finally, the new customer was not created
context.define("fran@hostsharing.net");
context.define("superuser-fran@hostsharing.net");
assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
}
@ -234,7 +234,7 @@ class TestCustomerControllerAcceptanceTest {
// @formatter:on
// finally, the new customer was not created
context.define("fran@hostsharing.net");
context.define("superuser-fran@hostsharing.net");
assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
}
}

View File

@ -39,7 +39,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canCreateNewCustomer() {
// given
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
final var count = testCustomerRepository.count();
// when
@ -60,7 +60,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withAssumedCustomerRole_cannotCreateNewCustomer() {
// given
context("alex@hostsharing.net", "test_customer#xxx.admin");
context("superuser-alex@hostsharing.net", "test_customer#xxx.admin");
// when
final var result = attempt(em, () -> {
@ -106,7 +106,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canViewAllCustomers() {
// given
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
// when
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null);
@ -118,7 +118,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withAssumedglobalAdminRole_canViewAllCustomers() {
given:
context("alex@hostsharing.net", "global#global.admin");
context("superuser-alex@hostsharing.net", "global#global.admin");
// when
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null);
@ -155,7 +155,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
@Test
public void globalAdmin_withoutAssumedRole_canViewAllCustomers() {
// given
context("alex@hostsharing.net", null);
context("superuser-alex@hostsharing.net", null);
// when
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike("yyy");

View File

@ -43,7 +43,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx.admin")
.port(port)
.when()
@ -65,7 +65,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off
RestAssured
.given()
.header("current-user", "alex@hostsharing.net")
.header("current-user", "superuser-alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx.admin")