From 5ea80696081cbc3fa9c86bdeecb5b96cfe8f8f1c Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 19 Aug 2022 17:39:41 +0200 Subject: [PATCH] implements rbac-grants get-by-id --- .../rbac/rbacgrant/RbacGrantController.java | 47 +++++--- .../rbac/rbacgrant/RbacGrantEntity.java | 3 +- .../rbac/rbacgrant/RbacGrantRepository.java | 15 ++- .../rbac/rbacuser/RbacUserController.java | 34 +++--- .../rbac/rbacuser/RbacUserRepository.java | 16 +-- src/main/resources/api-definition.yaml | 9 +- .../api-definition/rbac-grant-schemas.yaml | 9 ++ .../api-definition/rbac-grants-id.yaml | 30 ----- .../api-definition/rbac-grants-with-id.yaml | 65 +++++++++++ .../resources/api-definition/rbac-grants.yaml | 2 +- ...ml => rbac-users-with-id-permissions.yaml} | 0 .../api-definition/rbac-users-with-id.yaml | 27 +++++ .../RbacGrantControllerAcceptanceTest.java | 105 ++++++++++++++++++ .../RbacGrantRepositoryIntegrationTest.java | 8 +- 14 files changed, 292 insertions(+), 78 deletions(-) delete mode 100644 src/main/resources/api-definition/rbac-grants-id.yaml create mode 100644 src/main/resources/api-definition/rbac-grants-with-id.yaml rename src/main/resources/api-definition/{rbac-users-permissions.yaml => rbac-users-with-id-permissions.yaml} (100%) create mode 100644 src/main/resources/api-definition/rbac-users-with-id.yaml diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java index 89fe83e1..9bf51819 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java @@ -25,11 +25,32 @@ public class RbacGrantController implements RbacgrantsApi { @Autowired private RbacGrantRepository rbacGrantRepository; + @Override + @Transactional(readOnly = true) + public ResponseEntity getGrantById( + final String currentUser, + final String assumedRoles, + final UUID grantedRoleUuid, + final UUID granteeUserUuid) { + + context.setCurrentUser(currentUser); + if (assumedRoles != null && !assumedRoles.isBlank()) { + context.assumeRoles(assumedRoles); + } + + final var id = new RbacGrantId(granteeUserUuid, grantedRoleUuid); + final var result = rbacGrantRepository.findById(id); + if (result == null) { + return ResponseEntity.notFound().build(); + } + return ResponseEntity.ok(map(result, RbacGrantResource.class)); + } + @Override @Transactional(readOnly = true) public ResponseEntity> listUserGrants( - final String currentUser, - final String assumedRoles) { + final String currentUser, + final String assumedRoles) { context.setCurrentUser(currentUser); if (assumedRoles != null && !assumedRoles.isBlank()) { @@ -41,9 +62,9 @@ public class RbacGrantController implements RbacgrantsApi { @Override @Transactional public ResponseEntity grantRoleToUser( - final String currentUser, - final String assumedRoles, - final RbacGrantResource body) { + final String currentUser, + final String assumedRoles, + final RbacGrantResource body) { context.setCurrentUser(currentUser); if (assumedRoles != null && !assumedRoles.isBlank()) { @@ -53,20 +74,20 @@ public class RbacGrantController implements RbacgrantsApi { rbacGrantRepository.save(map(body, RbacGrantEntity.class)); final var uri = - MvcUriComponentsBuilder.fromController(getClass()) - .path("/api/rbac-grants/{roleUuid}") - .buildAndExpand(body.getGrantedRoleUuid()) - .toUri(); + MvcUriComponentsBuilder.fromController(getClass()) + .path("/api/rbac-grants/{roleUuid}") + .buildAndExpand(body.getGrantedRoleUuid()) + .toUri(); return ResponseEntity.created(uri).build(); } @Override @Transactional public ResponseEntity revokeRoleFromUser( - final String currentUser, - final String assumedRoles, - final UUID grantedRoleUuid, - final UUID granteeUserUuid) { + final String currentUser, + final String assumedRoles, + final UUID grantedRoleUuid, + final UUID granteeUserUuid) { context.setCurrentUser(currentUser); if (assumedRoles != null && !assumedRoles.isBlank()) { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java index 5520f396..fa4aa034 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java @@ -18,6 +18,7 @@ import java.util.UUID; @NoArgsConstructor @AllArgsConstructor public class RbacGrantEntity { + @Column(name = "grantedbyroleidname", updatable = false, insertable = false) private String grantedByRoleIdName; @@ -59,6 +60,6 @@ public class RbacGrantEntity { public String toDisplay() { return "{ grant " + (assumed ? "assumed " : "") + - "role " + grantedRoleIdName + " to user " + granteeUserName + " by role " + grantedByRoleIdName + " }"; + "role " + grantedRoleIdName + " to user " + granteeUserName + " by role " + grantedByRoleIdName + " }"; } } diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepository.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepository.java index 079beb09..cb226ba0 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepository.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepository.java @@ -8,15 +8,22 @@ import java.util.List; public interface RbacGrantRepository extends Repository { + @Query(value = """ + select g from RbacGrantEntity as g + where g.grantedRoleUuid=:#{#rbacGrantId.grantedRoleUuid} + and g.granteeUserUuid=:#{#rbacGrantId.granteeUserUuid} + """) + RbacGrantEntity findById(RbacGrantId rbacGrantId); + List findAll(); void save(final RbacGrantEntity grant); @Modifying @Query(value = """ - delete from RbacGrantEntity as g - where g.grantedRoleUuid=:#{#rbacGrantId.grantedRoleUuid} - and g.granteeUserUuid=:#{#rbacGrantId.granteeUserUuid} - """) + delete from RbacGrantEntity as g + where g.grantedRoleUuid=:#{#rbacGrantId.grantedRoleUuid} + and g.granteeUserUuid=:#{#rbacGrantId.granteeUserUuid} + """) void deleteByRbacGrantId(RbacGrantId rbacGrantId); } diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java index cc8dd3db..a00f30cf 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java @@ -32,7 +32,7 @@ public class RbacUserController implements RbacusersApi { @Override @Transactional public ResponseEntity createUser( - @RequestBody final RbacUserResource body + @RequestBody final RbacUserResource body ) { if (body.getUuid() == null) { body.setUuid(UUID.randomUUID()); @@ -40,19 +40,27 @@ public class RbacUserController implements RbacusersApi { final var saved = map(body, RbacUserEntity.class); rbacUserRepository.create(saved); final var uri = - MvcUriComponentsBuilder.fromController(getClass()) - .path("/api/rbac-users/{id}") - .buildAndExpand(saved.getUuid()) - .toUri(); + MvcUriComponentsBuilder.fromController(getClass()) + .path("/api/rbac-users/{id}") + .buildAndExpand(saved.getUuid()) + .toUri(); return ResponseEntity.created(uri).body(map(saved, RbacUserResource.class)); } @Override - @Transactional(readOnly=true) + public ResponseEntity> getUserById( + final String currentUser, + final String assumedRoles, + final String userName) { + return null; + } + + @Override + @Transactional(readOnly = true) public ResponseEntity> listUsers( - @RequestHeader(name = "current-user") final String currentUserName, - @RequestHeader(name = "assumed-roles", required = false) final String assumedRoles, - @RequestParam(name = "name", required = false) final String userName + @RequestHeader(name = "current-user") final String currentUserName, + @RequestHeader(name = "assumed-roles", required = false) final String assumedRoles, + @RequestParam(name = "name", required = false) final String userName ) { context.setCurrentUser(currentUserName); if (assumedRoles != null && !assumedRoles.isBlank()) { @@ -62,11 +70,11 @@ public class RbacUserController implements RbacusersApi { } @Override - @Transactional(readOnly=true) + @Transactional(readOnly = true) public ResponseEntity> listUserPermissions( - @RequestHeader(name = "current-user") final String currentUserName, - @RequestHeader(name = "assumed-roles", required = false) final String assumedRoles, - @PathVariable(name = "userName") final String userName + @RequestHeader(name = "current-user") final String currentUserName, + @RequestHeader(name = "assumed-roles", required = false) final String assumedRoles, + @PathVariable(name = "userName") final String userName ) { context.setCurrentUser(currentUserName); if (assumedRoles != null && !assumedRoles.isBlank()) { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java index ec1c9da2..03c99afa 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java @@ -3,7 +3,6 @@ package net.hostsharing.hsadminng.rbac.rbacuser; import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Query; import org.springframework.data.repository.Repository; -import org.springframework.data.repository.query.Param; import java.util.List; import java.util.UUID; @@ -11,14 +10,15 @@ import java.util.UUID; public interface RbacUserRepository extends Repository { @Query(""" - select u from RbacUserEntity u - where :userName is null or u.name like concat(:userName, '%') - order by u.name - """) + select u from RbacUserEntity u + where :userName is null or u.name like concat(:userName, '%') + order by u.name + """) List findByOptionalNameLike(String userName); - @Query(value = "select uuid from rbacuser where name=:userName", nativeQuery = true) - UUID findUuidByName(String userName); + // bypasses the restricted view, to be able to grant rights to arbitrary user + @Query(value = "select * from rbacuser where name=:userName", nativeQuery = true) + RbacUserEntity findByName(String userName); RbacUserEntity findByUuid(UUID uuid); @@ -32,7 +32,7 @@ public interface RbacUserRepository extends Repository { */ @Modifying @Query(value = "insert into RBacUser_RV (uuid, name) values( :#{#newUser.uuid}, :#{#newUser.name})", nativeQuery = true) - void insert(@Param("newUser") final RbacUserEntity newUser); + void insert(final RbacUserEntity newUser); default RbacUserEntity create(final RbacUserEntity rbacUserEntity) { if (rbacUserEntity.getUuid() == null) { diff --git a/src/main/resources/api-definition.yaml b/src/main/resources/api-definition.yaml index da1d10f5..db7cbcde 100644 --- a/src/main/resources/api-definition.yaml +++ b/src/main/resources/api-definition.yaml @@ -13,8 +13,11 @@ paths: /api/rbac-users: $ref: "./api-definition/rbac-users.yaml" - /api/rbac-users/{userName}/permissions: - $ref: "./api-definition/rbac-users-permissions.yaml" + /api/rbac-users/{userUuid}: + $ref: "./api-definition/rbac-users-with-id.yaml" + + /api/rbac-users/{userUuid}/permissions: + $ref: "./api-definition/rbac-users-with-id-permissions.yaml" /api/rbac-roles: $ref: "./api-definition/rbac-roles.yaml" @@ -23,7 +26,7 @@ paths: $ref: "./api-definition/rbac-grants.yaml" /api/rbac-grants/{grantedRoleUuid}/{granteeUserUuid}: - $ref: "./api-definition/rbac-grants-id.yaml" + $ref: "./api-definition/rbac-grants-with-id.yaml" # HS diff --git a/src/main/resources/api-definition/rbac-grant-schemas.yaml b/src/main/resources/api-definition/rbac-grant-schemas.yaml index 77774624..12a2cbbd 100644 --- a/src/main/resources/api-definition/rbac-grant-schemas.yaml +++ b/src/main/resources/api-definition/rbac-grant-schemas.yaml @@ -6,11 +6,20 @@ components: RbacGrant: type: object properties: + grantedByRoleIdName: + type: string + grantedByRoleUuid: + type: string + format: uuid assumed: type: boolean + grantedRoleIdName: + type: string grantedRoleUuid: type: string format: uuid + granteeUserName: + type: string granteeUserUuid: type: string format: uuid diff --git a/src/main/resources/api-definition/rbac-grants-id.yaml b/src/main/resources/api-definition/rbac-grants-id.yaml deleted file mode 100644 index 50558a83..00000000 --- a/src/main/resources/api-definition/rbac-grants-id.yaml +++ /dev/null @@ -1,30 +0,0 @@ -delete: - tags: - - rbacgrants - operationId: revokeRoleFromUser - parameters: - - $ref: './api-definition/auth.yaml#/components/parameters/currentUser' - - $ref: './api-definition/auth.yaml#/components/parameters/assumedRoles' - - name: grantedRoleUuid - in: path - required: true - schema: - type: string - format: uuid - description: UUID of the granted role. - - name: granteeUserUuid - in: path - required: true - schema: - type: string - format: uuid - description: UUID of the user to whom the role was granted. - responses: - "204": - description: No Content - "401": - $ref: './api-definition/error-responses.yaml#/components/responses/Unauthorized' - "403": - $ref: './api-definition/error-responses.yaml#/components/responses/Forbidden' - "404": - $ref: './api-definition/error-responses.yaml#/components/responses/NotFound' diff --git a/src/main/resources/api-definition/rbac-grants-with-id.yaml b/src/main/resources/api-definition/rbac-grants-with-id.yaml new file mode 100644 index 00000000..74e6cc09 --- /dev/null +++ b/src/main/resources/api-definition/rbac-grants-with-id.yaml @@ -0,0 +1,65 @@ +get: + tags: + - rbacgrants + operationId: getGrantById + parameters: + - $ref: './api-definition/auth.yaml#/components/parameters/currentUser' + - $ref: './api-definition/auth.yaml#/components/parameters/assumedRoles' + - name: grantedRoleUuid + in: path + required: true + schema: + type: string + format: uuid + description: UUID of the granted role. + - name: granteeUserUuid + in: path + required: true + schema: + type: string + format: uuid + description: UUID of the user to whom the role was granted. + responses: + "200": + description: OK + content: + 'application/json': + schema: + $ref: './api-definition/rbac-grant-schemas.yaml#/components/schemas/RbacGrant' + "401": + $ref: './api-definition/error-responses.yaml#/components/responses/Unauthorized' + "403": + $ref: './api-definition/error-responses.yaml#/components/responses/Forbidden' + "404": + $ref: './api-definition/error-responses.yaml#/components/responses/NotFound' + +delete: + tags: + - rbacgrants + operationId: revokeRoleFromUser + parameters: + - $ref: './api-definition/auth.yaml#/components/parameters/currentUser' + - $ref: './api-definition/auth.yaml#/components/parameters/assumedRoles' + - name: grantedRoleUuid + in: path + required: true + schema: + type: string + format: uuid + description: UUID of the granted role. + - name: granteeUserUuid + in: path + required: true + schema: + type: string + format: uuid + description: UUID of the user to whom the role was granted. + responses: + "204": + description: No Content + "401": + $ref: './api-definition/error-responses.yaml#/components/responses/Unauthorized' + "403": + $ref: './api-definition/error-responses.yaml#/components/responses/Forbidden' + "404": + $ref: './api-definition/error-responses.yaml#/components/responses/NotFound' diff --git a/src/main/resources/api-definition/rbac-grants.yaml b/src/main/resources/api-definition/rbac-grants.yaml index 9487bfb3..52e7b4cc 100644 --- a/src/main/resources/api-definition/rbac-grants.yaml +++ b/src/main/resources/api-definition/rbac-grants.yaml @@ -13,7 +13,7 @@ get: schema: type: array items: - $ref: './api-definition/rbac-grant-schemas.yaml#/components/schemas/RbacGrant' + $ref: './rbac-grant-schemas.yaml#/components/schemas/RbacGrant' post: tags: diff --git a/src/main/resources/api-definition/rbac-users-permissions.yaml b/src/main/resources/api-definition/rbac-users-with-id-permissions.yaml similarity index 100% rename from src/main/resources/api-definition/rbac-users-permissions.yaml rename to src/main/resources/api-definition/rbac-users-with-id-permissions.yaml diff --git a/src/main/resources/api-definition/rbac-users-with-id.yaml b/src/main/resources/api-definition/rbac-users-with-id.yaml new file mode 100644 index 00000000..6e8d0f28 --- /dev/null +++ b/src/main/resources/api-definition/rbac-users-with-id.yaml @@ -0,0 +1,27 @@ +get: + tags: + - rbacusers + description: 'Fetch a single user by its id, if visible for the current subject.' + operationId: getUserById + parameters: + - $ref: './api-definition/auth.yaml#/components/parameters/currentUser' + - $ref: './api-definition/auth.yaml#/components/parameters/assumedRoles' + - name: userName + in: path + required: true + schema: + type: string + responses: + "200": + description: OK + content: + 'application/json': + schema: + type: array + items: + $ref: './api-definition/rbac-user-schemas.yaml#/components/schemas/RbacUserPermission' + + "401": + $ref: './api-definition/error-responses.yaml#/components/responses/Unauthorized' + "403": + $ref: './api-definition/error-responses.yaml#/components/responses/Forbidden' diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java index 75367af5..b3fe77f2 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java @@ -27,6 +27,7 @@ import java.util.UUID; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assumptions.assumeThat; import static org.hamcrest.CoreMatchers.containsString; +import static org.hamcrest.CoreMatchers.is; @SpringBootTest( webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, @@ -57,6 +58,67 @@ class RbacGrantControllerAcceptanceTest { @Autowired JpaAttempt jpaAttempt; + @Nested + class GetGrantById { + + @Test + @Accepts({ "GRT:R(Read)" }) + void customerAdmin_withAssumedPacketAdminRole_canReadPacketAdminsGrantById() { + // given + final var givenCurrentUserAsPackageAdmin = new Subject("admin@aaa.example.com"); + final var givenGranteeUser = findRbacUserByName("aaa00@aaa.example.com"); + final var givenGrantedRole = findRbacRoleByName("package#aaa00.admin"); + + // when + final var grant = givenCurrentUserAsPackageAdmin.getGrantById() + .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); + + // then + grant.assertThat() + .statusCode(200) + .body("grantedByRoleIdName", is("customer#aaa.admin")) + .body("grantedRoleIdName", is("package#aaa00.admin")) + .body("granteeUserName", is("aaa00@aaa.example.com")); + } + + @Test + @Accepts({ "GRT:R(Read)" }) + void packageAdmin_withoutAssumedRole_canReadItsOwnGrantById() { + // given + final var givenCurrentUserAsPackageAdmin = new Subject("aaa00@aaa.example.com"); + final var givenGranteeUser = findRbacUserByName("aaa00@aaa.example.com"); + final var givenGrantedRole = findRbacRoleByName("package#aaa00.admin"); + + // when + final var grant = givenCurrentUserAsPackageAdmin.getGrantById() + .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); + + // then + grant.assertThat() + .statusCode(200) + .body("grantedByRoleIdName", is("customer#aaa.admin")) + .body("grantedRoleIdName", is("package#aaa00.admin")) + .body("granteeUserName", is("aaa00@aaa.example.com")); + } + + @Test + @Accepts({ "GRT:R(Read)" }) + void packageAdmin_withAssumedUnixUserAdmin_canNotReadItsOwnGrantById() { + // given + final var givenCurrentUserAsPackageAdmin = new Subject("aaa00@aaa.example.com", "unixuser#aaa00-aaaa.admin"); + final var givenGranteeUser = findRbacUserByName("aaa00@aaa.example.com"); + final var givenGrantedRole = findRbacRoleByName("package#aaa00.admin"); + + // when + final var grant = givenCurrentUserAsPackageAdmin.getGrantById() + .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); + + // then + grant.assertThat() + .statusCode(404); + } + } + @Nested class GrantRoleToUser { @@ -166,6 +228,10 @@ class RbacGrantControllerAcceptanceTest { this.assumedRole = assumedRole; } + public Subject(final String currentUser) { + this(currentUser, ""); + } + GrantFixture grantsRole(final RbacRoleEntity givenOwnPackageAdminRole) { return new GrantFixture(givenOwnPackageAdminRole); } @@ -174,6 +240,10 @@ class RbacGrantControllerAcceptanceTest { return new RevokeFixture(givenOwnPackageAdminRole); } + GetGrantByIdFixture getGrantById() { + return new GetGrantByIdFixture(); + } + class GrantFixture { private Subject grantingSubject = Subject.this; @@ -252,6 +322,34 @@ class RbacGrantControllerAcceptanceTest { .then(); // @formatter:on } } + + private class GetGrantByIdFixture { + + private Subject currentSubject = Subject.this; + private RbacRoleEntity grantedRole; + private boolean assumed; + private RbacUserEntity granteeUser; + + GetGrantByIdFixture forGrantedRole(final RbacRoleEntity grantedRole) { + this.grantedRole = grantedRole; + return this; + } + + ValidatableResponse toGranteeUser(final RbacUserEntity granteeUser) { + this.granteeUser = granteeUser; + + return RestAssured // @formatter:ff + .given() + .header("current-user", currentSubject.currentUser) + .header("assumed-roles", currentSubject.assumedRole) + .port(port) + .when() + .get("http://localhost/api/rbac-grants/%s/%s".formatted( + grantedRole.getUuid(), granteeUser.getUuid() + )) + .then(); // @formatter:on + } + } } private void assumeGrantExists(final Subject grantingSubject, final String expectedGrant) { @@ -275,6 +373,13 @@ class RbacGrantControllerAcceptanceTest { ).returnedValue(); } + RbacUserEntity findRbacUserByName(final String userName) { + return jpaAttempt.transacted(() -> { + context.setCurrentUser("mike@hostsharing.net"); + return rbacUserRepository.findByName(userName); + }).returnedValue(); + } + RbacRoleEntity findRbacRoleByName(final String roleName) { return jpaAttempt.transacted(() -> { context.setCurrentUser("mike@hostsharing.net"); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java index 5364d1b1..41ff47a8 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java @@ -108,7 +108,7 @@ class RbacGrantRepositoryIntegrationTest { // given currentUser("admin@aaa.example.com"); assumedRoles("customer#aaa.admin"); - final var givenArbitraryUserUuid = rbacUserRepository.findUuidByName("aac00@aac.example.com"); + final var givenArbitraryUserUuid = rbacUserRepository.findByName("aac00@aac.example.com").getUuid(); final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("package#aaa00.admin").getUuid(); // when @@ -132,9 +132,7 @@ class RbacGrantRepositoryIntegrationTest { @Transactional(propagation = Propagation.NEVER) public void packageAdmin_canNotGrantPackageOwnerRole() { // given - record Given(RbacUserEntity arbitraryUser, UUID packageOwnerRoleUuid) { - - } + record Given(RbacUserEntity arbitraryUser, UUID packageOwnerRoleUuid) {} final var given = jpaAttempt.transacted(() -> { // to find the uuids of we need to have access rights to these currentUser("admin@aaa.example.com"); @@ -247,7 +245,7 @@ class RbacGrantRepositoryIntegrationTest { private RbacGrantEntity create(GrantBuilder with) { currentUser(with.byUserName); assumedRoles(with.assumedRole); - final var givenArbitraryUserUuid = rbacUserRepository.findUuidByName(with.granteeUserName); + final var givenArbitraryUserUuid = rbacUserRepository.findByName(with.granteeUserName).getUuid(); final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName(with.grantedRole).getUuid(); final var grant = RbacGrantEntity.builder()