From 5ac616e4252b39b43284058f83f2a63de59193a9 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sun, 25 Feb 2024 13:19:27 +0100 Subject: [PATCH] improve RBAC definition DSL --- .../HsOfficeBankAccountEntity.java | 23 ++++---- .../office/contact/HsOfficeContactEntity.java | 24 ++++---- .../office/debitor/HsOfficeDebitorEntity.java | 56 +++++++++---------- .../office/person/HsOfficePersonEntity.java | 23 ++++---- .../HsOfficeRelationshipEntity.java | 47 ++++++++-------- .../hsadminng/rbac/rbacdef/RbacView.java | 53 +++++++++++------- .../rbacdef/RbacViewMermaidFlowchart.java | 1 + .../test/cust/TestCustomerEntity.java | 26 +++++---- .../test/cust/TestCustomerEntityTest.java | 4 +- 9 files changed, 135 insertions(+), 122 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java index 40b0a3d2..7f5a0185 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java @@ -16,6 +16,7 @@ import java.util.UUID; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @@ -56,19 +57,19 @@ public class HsOfficeBankAccountEntity implements HasUuid, Stringifyable { } public static RbacView rbac() { - // @formatter:off return rbacViewFor("bankAccount", HsOfficeBankAccountEntity.class) .withIdentityView(SQL.query("target.iban || ':' || target.holder")) .withUpdatableColumns("holder", "iban", "bic") - .createRole(OWNER) - .withCurrentUserAsOwner() - .withPermission(ALL) - .withIncomingSuperRole(GLOBAL, ADMIN) - .createSubRole(ADMIN) - .withPermission(EDIT) - .createSubRole(REFERRER) - .withPermission(VIEW) - .pop(); - // @formatter:on + .createRole(OWNER, (with) -> { + with.owningUser(CREATOR); + with.incomingSuperRole(GLOBAL, ADMIN); + with.permission(ALL); + }) + .createSubRole(ADMIN, (with) -> { + with.permission(EDIT); + }) + .createSubRole(REFERRER, (with) -> { + with.permission(VIEW); + }); } } diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactEntity.java index 922d3065..b9522d0d 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactEntity.java @@ -14,6 +14,7 @@ import java.util.UUID; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @@ -33,7 +34,6 @@ public class HsOfficeContactEntity implements Stringifyable, HasUuid { .withProp(Fields.label, HsOfficeContactEntity::getLabel) .withProp(Fields.emailAddresses, HsOfficeContactEntity::getEmailAddresses); - @Id @GeneratedValue(generator = "UUID") @GenericGenerator(name = "UUID", strategy = "org.hibernate.id.UUIDGenerator") @@ -60,19 +60,19 @@ public class HsOfficeContactEntity implements Stringifyable, HasUuid { } public static RbacView rbac() { - // @formatter:off return rbacViewFor("contact", HsOfficeContactEntity.class) .withIdentityView(RbacView.SQL.query("target.label")) .withUpdatableColumns("label", "postalAddress", "emailAddresses", "phoneNumbers") - .createRole(OWNER) - .withPermission(ALL) - .withCurrentUserAsOwner() - .withIncomingSuperRole(GLOBAL, ADMIN) - .createSubRole(ADMIN) - .withPermission(EDIT) - .createSubRole(REFERRER) - .withPermission(VIEW) - .pop(); - // @formatter:on + .createRole(OWNER, (with) -> { + with.owningUser(CREATOR); + with.incomingSuperRole(GLOBAL, ADMIN); + with.permission(ALL); + }) + .createSubRole(ADMIN, (with) -> { + with.permission(EDIT); + }) + .createSubRole(REFERRER, (with) -> { + with.permission(VIEW); + }); } } diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java index d4dbecda..8905a34f 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java @@ -4,9 +4,9 @@ import lombok.*; import net.hostsharing.hsadminng.errors.DisplayName; import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity; import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactEntity; +import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity; import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity; import net.hostsharing.hsadminng.persistence.HasUuid; -import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity; import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; @@ -18,9 +18,7 @@ import java.util.UUID; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.VIEW; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.REFERRER; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.fetchedBySql; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @@ -87,7 +85,7 @@ public class HsOfficeDebitorEntity implements HasUuid, Stringifyable { private String defaultPrefix; private String getDebitorNumberString() { - if (partner == null || partner.getPartnerNumber() == null || debitorNumberSuffix == null ) { + if (partner == null || partner.getPartnerNumber() == null || debitorNumberSuffix == null) { return null; } return partner.getPartnerNumber() + String.format("%02d", debitorNumberSuffix); @@ -108,20 +106,19 @@ public class HsOfficeDebitorEntity implements HasUuid, Stringifyable { } public static RbacView rbac() { - // @formatter:off return rbacViewFor("debitor", HsOfficeDebitorEntity.class) .withIdentityView(RbacView.SQL.query(""" - SELECT debitor.uuid, - 'D-' || (SELECT partner.partnerNumber - FROM hs_office_partner partner - JOIN hs_office_relationship partnerRel - ON partnerRel.uuid = partner.partnerRoleUUid AND partnerRel.relType = 'PARTNER' - JOIN hs_office_relationship debitorRel - ON debitorRel.relAnchorUuid = partnerRel.relHolderUuid AND partnerRel.relType = 'ACCOUNTING' - WHERE debitorRel.uuid = debitor.debitorRelUuid) - || to_char(debitorNumberSuffix, 'fm00') - from hs_office_debitor as debitor; - """)) + SELECT debitor.uuid, + 'D-' || (SELECT partner.partnerNumber + FROM hs_office_partner partner + JOIN hs_office_relationship partnerRel + ON partnerRel.uuid = partner.partnerRoleUUid AND partnerRel.relType = 'PARTNER' + JOIN hs_office_relationship debitorRel + ON debitorRel.relAnchorUuid = partnerRel.relHolderUuid AND partnerRel.relType = 'ACCOUNTING' + WHERE debitorRel.uuid = debitor.debitorRelUuid) + || to_char(debitorNumberSuffix, 'fm00') + from hs_office_debitor as debitor; + """)) .withUpdatableColumns( "debitorRel", "billable", @@ -131,15 +128,15 @@ public class HsOfficeDebitorEntity implements HasUuid, Stringifyable { "vatCountryCode", "vatBusiness", "vatReverseCharge", - "defaultPrefix" /* TODO: do we want that updatable? */ ) + "defaultPrefix" /* TODO: do we want that updatable? */) .createPermission(custom("new-debitor")).grantedTo("global", ADMIN).pop() .importProxyEntity("debitorRel", HsOfficeRelationshipEntity.class, fetchedBySql(""" - SELECT * - FROM hs_office_relationship AS r - WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid; - """), + SELECT * + FROM hs_office_relationship AS r + WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid; + """), dependsOnColumn("debitorRelUuid")) .createPermission(ALL).grantedTo("debitorRel", OWNER).pop() .createPermission(EDIT).grantedTo("debitorRel", ADMIN).pop() @@ -147,20 +144,20 @@ public class HsOfficeDebitorEntity implements HasUuid, Stringifyable { .importEntityAlias("refundBankAccount", HsOfficeBankAccountEntity.class, fetchedBySql(""" - SELECT * - FROM hs_office_relationship AS r - WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid; - """), + SELECT * + FROM hs_office_relationship AS r + WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid; + """), dependsOnColumn("bankAccountUuid")) .toRole("refundBankAccount", ADMIN).grantRole("debitorRel", AGENT) .toRole("debitorRel", AGENT).grantRole("refundBankAccount", REFERRER) .importEntityAlias("partnerRel", HsOfficeRelationshipEntity.class, fetchedBySql(""" - SELECT * - FROM hs_office_relationship AS partnerRel - WHERE ${debitorRel}.relAnchorUuid = partnerRel.relHolderUuid; - """), + SELECT * + FROM hs_office_relationship AS partnerRel + WHERE ${debitorRel}.relAnchorUuid = partnerRel.relHolderUuid; + """), dependsOnColumn("debitorRelUuid")) .toRole("partnerRel", ADMIN).grantRole("debitorRel", ADMIN) .toRole("partnerRel", AGENT).grantRole("debitorRel", AGENT) @@ -169,6 +166,5 @@ public class HsOfficeDebitorEntity implements HasUuid, Stringifyable { .forExampleRole("partnerPerson", ADMIN).wouldBeGrantedTo("partnerRel", ADMIN) .forExampleRole("operationalPerson", ADMIN).wouldBeGrantedTo("partnerRel", ADMIN) .forExampleRole("partnerRel", TENANT).wouldBeGrantedTo("partnerPerson", REFERRER); - // @formatter:on } } diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java index ad3cfc02..83c9c94c 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java @@ -14,6 +14,7 @@ import java.util.UUID; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.query; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; @@ -64,19 +65,19 @@ public class HsOfficePersonEntity implements HasUuid, Stringifyable { } public static RbacView rbac() { - // @formatter:off return rbacViewFor("person", HsOfficePersonEntity.class) .withIdentityView(query("concat(target.tradeName, target.familyName, target.givenName)")) .withUpdatableColumns("personType", "tradeName", "givenName", "familyName") - .createRole(OWNER) - .withPermission(ALL) - .withCurrentUserAsOwner() - .withIncomingSuperRole(GLOBAL, ADMIN) - .createSubRole(ADMIN) - .withPermission(EDIT) - .createSubRole(REFERRER) - .withPermission(VIEW) - .pop(); - // @formatter:on + .createRole(OWNER, (with) -> { + with.permission(ALL); + with.owningUser(CREATOR); + with.incomingSuperRole(GLOBAL, ADMIN); + }) + .createSubRole(ADMIN, (with) -> { + with.permission(EDIT); + }) + .createSubRole(REFERRER, (with) -> { + with.permission(VIEW); + }); } } diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java index ebb17d58..3637a0ac 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java @@ -3,8 +3,8 @@ package net.hostsharing.hsadminng.hs.office.relationship; import lombok.*; import lombok.experimental.FieldNameConstants; import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactEntity; -import net.hostsharing.hsadminng.persistence.HasUuid; import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity; +import net.hostsharing.hsadminng.persistence.HasUuid; import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; import net.hostsharing.hsadminng.stringify.Stringify; @@ -16,6 +16,7 @@ import java.util.UUID; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.fetchedBySql; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; @@ -77,13 +78,12 @@ public class HsOfficeRelationshipEntity implements HasUuid, Stringifyable { } public static RbacView rbac() { - // @formatter:off return rbacViewFor("relationship", HsOfficeRelationshipEntity.class) .withIdentityView(SQL.query(""" - (select idName from hs_office_person_iv p where p.uuid = target.relAnchorUuid) - || '-with-' || target.relType || '-' - || (select idName from hs_office_person_iv p where p.uuid = target.relHolderUuid) - """)) + (select idName from hs_office_person_iv p where p.uuid = target.relAnchorUuid) + || '-with-' || target.relType || '-' + || (select idName from hs_office_person_iv p where p.uuid = target.relHolderUuid) + """)) .withUpdatableColumns("contactUuid") .importEntityAlias("anchorPerson", HsOfficePersonEntity.class, fetchedBySql("select * from hs_office_person as p where p.uuid = ${REF}.relAnchorUuid"), @@ -94,23 +94,24 @@ public class HsOfficeRelationshipEntity implements HasUuid, Stringifyable { .importEntityAlias("contact", HsOfficeContactEntity.class, fetchedBySql("select * from hs_office_contact as c where c.uuid = ${REF}.contactUuid"), dependsOnColumn("contactUuid")) - .createRole(OWNER) - .withCurrentUserAsOwner() - .withPermission(ALL) - .withIncomingSuperRole(GLOBAL, ADMIN) - .withIncomingSuperRole("anchorPerson", ADMIN) - .createSubRole(ADMIN) - .withPermission(EDIT) + .createRole(OWNER, (with) -> { + with.owningUser(CREATOR); + with.incomingSuperRole(GLOBAL, ADMIN); + with.incomingSuperRole("anchorPerson", ADMIN); + with.permission(ALL); + }) + .createSubRole(ADMIN, (with) -> { + with.permission(EDIT); + }) .createSubRole(AGENT) - .createSubRole(TENANT) - .withPermission(VIEW) - .withIncomingSuperRole("anchorPerson", ADMIN) - .withIncomingSuperRole("holderPerson", ADMIN) - .withIncomingSuperRole("contact", ADMIN) - .withOutgoingSubRole("anchorPerson", REFERRER) - .withOutgoingSubRole("holderPerson", REFERRER) - .withOutgoingSubRole("contact", REFERRER) - .pop(); - // @formatter:on + .createSubRole(TENANT, (with) -> { + with.incomingSuperRole("anchorPerson", ADMIN); + with.incomingSuperRole("holderPerson", ADMIN); + with.incomingSuperRole("contact", ADMIN); + with.outgoingSubRole("anchorPerson", REFERRER); + with.outgoingSubRole("holderPerson", REFERRER); + with.outgoingSubRole("contact", REFERRER); + with.permission(VIEW); + }); } } diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java index 628e3c03..33fb29fa 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java @@ -1,5 +1,7 @@ package net.hostsharing.hsadminng.rbac.rbacdef; +import java.util.function.Consumer; + import lombok.EqualsAndHashCode; import lombok.Getter; import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity; @@ -37,6 +39,7 @@ public class RbacView { private SQL identityViewSqlQuery; private EntityAlias entityAliasProxy; + private RbacRoleDefinition previousRoleDef; public static RbacView rbacViewFor(final String alias, final Class entityClass) { return new RbacView(alias, entityClass); @@ -59,8 +62,26 @@ public class RbacView { return this; } - public RbacRoleDefinition createRole(final Role role) { - return findRbacRole(entityAlias, role).toCreate(); + public RbacView createRole(final Role role, final Consumer with) { + final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate(); + with.accept(newRoleDef); + previousRoleDef = newRoleDef; + return this; + } + + public RbacView createSubRole(final Role role) { + final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate(); + new RbacGrantDefinition(newRoleDef, previousRoleDef).toCreate(); + previousRoleDef = newRoleDef; + return this; + } + + public RbacView createSubRole(final Role role, final Consumer with) { + final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate(); + new RbacGrantDefinition(newRoleDef, previousRoleDef).toCreate(); + with.accept(newRoleDef); + previousRoleDef = newRoleDef; + return this; } public RbacPermissionDefinition createPermission(final Permission permission) { @@ -143,8 +164,8 @@ public class RbacView { } - private RbacGrantDefinition grantRoleToCurrentUser(final RbacRoleDefinition roleDefinition) { - return new RbacGrantDefinition(roleDefinition, currentUser()).toCreate(); + private RbacGrantDefinition grantRoleToUser(final RbacRoleDefinition roleDefinition, final RbacUserReference user) { + return new RbacGrantDefinition(roleDefinition, user).toCreate(); } private RbacGrantDefinition grantPermissionToRole(final RbacPermissionDefinition permDef , final RbacRoleDefinition roleDef) { @@ -325,46 +346,36 @@ public class RbacView { return this; } - public RbacRoleDefinition withCurrentUserAsOwner() { - addGrant(grantRoleToCurrentUser(this)); + public RbacRoleDefinition owningUser(final RbacUserReference.UserRole userRole) { + addGrant(grantRoleToUser(this, findUserRef(userRole))); return this; } - public RbacRoleDefinition withPermission(final Permission permission) { + public RbacRoleDefinition permission(final Permission permission) { addGrant(grantPermissionToRole( createPermission(entityAlias, permission) , this)); return this; } - public RbacRoleDefinition withIncomingSuperRole(final String entityAlias, final Role role) { + public RbacRoleDefinition incomingSuperRole(final String entityAlias, final Role role) { final var incomingSuperRole = findRbacRole(entityAlias, role); addGrant(grantSubRoleToSuperRole(this, incomingSuperRole)); return this; } - public RbacRoleDefinition withOutgoingSubRole(final String entityAlias, final Role role) { + public RbacRoleDefinition outgoingSubRole(final String entityAlias, final Role role) { final var outgoingSubRole = findRbacRole(entityAlias, role); addGrant(grantSubRoleToSuperRole(outgoingSubRole, this)); return this; } - public RbacRoleDefinition createSubRole(final Role role) { - final var roleDef = findRbacRole(entityAlias, role).toCreate(); - new RbacGrantDefinition(roleDef, this).toCreate(); - return roleDef; - } - - public RbacView pop() { - return RbacView.this; - } - @Override public String toString() { return "role:" + entityAlias.aliasName + role; } } - public RbacUserReference currentUser() { - return userDefs.stream().filter(u -> u.role == CREATOR).findFirst().orElseThrow(); + public RbacUserReference findUserRef(final RbacUserReference.UserRole userRole) { + return userDefs.stream().filter(u -> u.role == userRole).findFirst().orElseThrow(); } @EqualsAndHashCode diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewMermaidFlowchart.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewMermaidFlowchart.java index f7286316..b6c71024 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewMermaidFlowchart.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewMermaidFlowchart.java @@ -22,6 +22,7 @@ public class RbacViewMermaidFlowchart { %%{init:{'flowchart':{'htmlLabels':false}}}%% flowchart TB """); + flowchart.writeLn(); renderEntitySubgraphs(); renderGrants(); } diff --git a/src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerEntity.java b/src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerEntity.java index 3d5e6f19..fecee7b7 100644 --- a/src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerEntity.java @@ -11,7 +11,9 @@ import jakarta.persistence.*; import java.util.UUID; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.ALL; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.VIEW; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; @@ -36,19 +38,19 @@ public class TestCustomerEntity implements RbacObject { public static RbacView rbac() { - // @formatter:off return rbacViewFor("contact", TestCustomerEntity.class) .withIdentityView(RbacView.SQL.query("target.prefix")) .withUpdatableColumns("reference", "prefix", "adminUserName") - .createRole(OWNER) - .withPermission(ALL) - .withCurrentUserAsOwner() - .withIncomingSuperRole(GLOBAL, ADMIN) - .createSubRole(ADMIN) - .withPermission(RbacView.Permission.custom("add-package")) - .createSubRole(TENANT) - .withPermission(VIEW) - .pop(); - // @formatter:on + .createRole(OWNER, (with) -> { + with.owningUser(CREATOR); + with.incomingSuperRole(GLOBAL, ADMIN); + with.permission(ALL); + }) + .createSubRole(ADMIN, (with) -> { + with.permission(RbacView.Permission.custom("add-package")); + }) + .createSubRole(TENANT, (with) -> { + with.permission(VIEW); + }); } } diff --git a/src/test/java/net/hostsharing/hsadminng/test/cust/TestCustomerEntityTest.java b/src/test/java/net/hostsharing/hsadminng/test/cust/TestCustomerEntityTest.java index 9bdbafc6..faf126a3 100644 --- a/src/test/java/net/hostsharing/hsadminng/test/cust/TestCustomerEntityTest.java +++ b/src/test/java/net/hostsharing/hsadminng/test/cust/TestCustomerEntityTest.java @@ -35,11 +35,11 @@ class TestCustomerEntityTest { end end - role:contact:owner ==> perm:contact:* - role:contact:owner ==> perm:contact:* user:creator ==> role:contact:owner role:global:admin ==> role:contact:owner role:global:admin ==> role:contact:owner + role:contact:owner ==> perm:contact:* + role:contact:owner ==> perm:contact:* role:contact:owner ==> role:contact:admin role:contact:admin ==> perm:contact:add-package role:contact:admin ==> perm:contact:add-package