diff --git a/README.md b/README.md
index 8bdd9461..4d03a6d3 100644
--- a/README.md
+++ b/README.md
@@ -82,7 +82,7 @@ If you have at least Docker and the Java JDK installed in appropriate versions a
# the following command should return a JSON array with just all packages visible for the admin of the customer yyy:
curl \
- -H 'current-user: superuser-alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy:admin' \
+ -H 'current-user: superuser-alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy:ADMIN' \
http://localhost:8080/api/test/packages
# add a new customer
diff --git a/build.gradle b/build.gradle
index a11d9493..88c59050 100644
--- a/build.gradle
+++ b/build.gradle
@@ -62,7 +62,6 @@ dependencies {
implementation 'org.springdoc:springdoc-openapi:2.4.0'
implementation 'org.postgresql:postgresql:42.7.3'
implementation 'org.liquibase:liquibase-core:4.27.0'
- //implementation 'com.vladmihalcea:hibernate-types-60:2.21.1'
implementation 'io.hypersistence:hypersistence-utils-hibernate-63:3.7.3'
implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.17.0'
implementation 'org.openapitools:jackson-databind-nullable:0.2.6'
diff --git a/doc/rbac.md b/doc/rbac.md
index 3213d740..662bed29 100644
--- a/doc/rbac.md
+++ b/doc/rbac.md
@@ -206,7 +206,7 @@ and the *role-stereotype* describes a role relative to a referenced business-obj
#### owner
The owner-role is granted to the subject which created the business object.
-E.g. for a new *customer* it would be granted to 'administrators' and for a new *package* to the 'customer#...:admin'.
+E.g. for a new *customer* it would be granted to 'administrators' and for a new *package* to the 'customer#...:ADMIN'.
Whoever has the owner-role assigned can do everything with the related business-object, including deleting (or deactivating) it.
@@ -470,14 +470,14 @@ together {
permCustomerXyzSELECT--> boCustXyz
}
-entity "Role customer#xyz:tenant" as roleCustXyzTenant
+entity "Role customer#xyz:TENANT" as roleCustXyzTenant
roleCustXyzTenant --> permCustomerXyzSELECT
-entity "Role customer#xyz:admin" as roleCustXyzAdmin
+entity "Role customer#xyz:ADMIN" as roleCustXyzAdmin
roleCustXyzAdmin --> roleCustXyzTenant
roleCustXyzAdmin --> permCustomerXyzINSERT:package
-entity "Role customer#xyz:owner" as roleCustXyzOwner
+entity "Role customer#xyz:OWNER" as roleCustXyzOwner
roleCustXyzOwner ..> roleCustXyzAdmin
roleCustXyzOwner --> permCustomerXyzDELETE
@@ -493,7 +493,7 @@ actorHostmaster --> roleAdmins
```
As you can see, there something special:
-From the 'Role customer#xyz:owner' to the 'Role customer#xyz:admin' there is a dashed line, whereas all other lines are solid lines.
+From the 'Role customer#xyz:OWNER' to the 'Role customer#xyz:admin' there is a dashed line, whereas all other lines are solid lines.
Solid lines means, that one role is granted to another and automatically assumed in all queries to the restricted views.
The dashed line means that one role is granted to another but not automatically assumed in queries to the restricted views.
@@ -541,15 +541,15 @@ together {
}
package {
- entity "Role customer#xyz:tenant" as roleCustXyzTenant
- entity "Role customer#xyz:admin" as roleCustXyzAdmin
- entity "Role customer#xyz:owner" as roleCustXyzOwner
+ entity "Role customer#xyz:TENANT" as roleCustXyzTenant
+ entity "Role customer#xyz:ADMIN" as roleCustXyzAdmin
+ entity "Role customer#xyz:OWNER" as roleCustXyzOwner
}
package {
- entity "Role package#xyz00:owner" as rolePacXyz00Owner
- entity "Role package#xyz00:admin" as rolePacXyz00Admin
- entity "Role package#xyz00:tenant" as rolePacXyz00Tenant
+ entity "Role package#xyz00:OWNER" as rolePacXyz00Owner
+ entity "Role package#xyz00:ADMIN" as rolePacXyz00Admin
+ entity "Role package#xyz00:TENANT" as rolePacXyz00Tenant
}
rolePacXyz00Tenant --> permPacXyz00SELECT
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
index 32bf8bee..49de8f08 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
@@ -1,7 +1,11 @@
package net.hostsharing.hsadminng.hs.office.coopassets;
-import lombok.*;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
import net.hostsharing.hsadminng.errors.DisplayName;
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity;
import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
@@ -10,7 +14,15 @@ import net.hostsharing.hsadminng.stringify.Stringify;
import net.hostsharing.hsadminng.stringify.Stringifyable;
import org.hibernate.annotations.GenericGenerator;
-import jakarta.persistence.*;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
import java.io.IOException;
import java.math.BigDecimal;
import java.time.LocalDate;
@@ -20,8 +32,11 @@ import java.util.UUID;
import static java.util.Optional.ofNullable;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL;
-import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
+import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
+import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT;
+import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
+import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@@ -109,7 +124,7 @@ public class HsOfficeCoopAssetsTransactionEntity implements Stringifyable, RbacO
.toRole("membership", ADMIN).grantPermission(INSERT)
.toRole("membership", ADMIN).grantPermission(UPDATE)
- .toRole("membership", ADMIN).grantPermission(SELECT);
+ .toRole("membership", AGENT).grantPermission(SELECT);
}
public static void main(String[] args) throws IOException {
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
index 57318afb..8ab19435 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
@@ -1,15 +1,27 @@
package net.hostsharing.hsadminng.hs.office.coopshares;
-import lombok.*;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
import net.hostsharing.hsadminng.errors.DisplayName;
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
+import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
import net.hostsharing.hsadminng.stringify.Stringify;
import net.hostsharing.hsadminng.stringify.Stringifyable;
-import jakarta.persistence.*;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
import java.io.IOException;
import java.time.LocalDate;
import java.util.UUID;
@@ -17,9 +29,11 @@ import java.util.UUID;
import static java.util.Optional.ofNullable;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL;
-import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
-import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
+import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT;
+import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE;
+import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
+import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@@ -105,7 +119,7 @@ public class HsOfficeCoopSharesTransactionEntity implements Stringifyable, RbacO
.toRole("membership", ADMIN).grantPermission(INSERT)
.toRole("membership", ADMIN).grantPermission(UPDATE)
- .toRole("membership", ADMIN).grantPermission(SELECT);
+ .toRole("membership", AGENT).grantPermission(SELECT);
}
public static void main(String[] args) throws IOException {
diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
index 6259b50d..26c5706a 100644
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
@@ -28,7 +28,6 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.OWNER;
-import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.REFERRER;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.TENANT;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.fetchedBySql;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
@@ -148,14 +147,14 @@ public class HsOfficeMembershipEntity implements RbacObject, Stringifyable {
.createRole(OWNER, (with) -> {
with.owningUser(CREATOR);
- with.incomingSuperRole("partnerRel", ADMIN);
- with.permission(DELETE);
})
.createSubRole(ADMIN, (with) -> {
- with.incomingSuperRole("partnerRel", AGENT);
+ with.incomingSuperRole("partnerRel", ADMIN);
+ with.permission(DELETE);
with.permission(UPDATE);
})
- .createSubRole(REFERRER, (with) -> {
+ .createSubRole(AGENT, (with) -> {
+ with.incomingSuperRole("partnerRel", AGENT);
with.outgoingSubRole("partnerRel", TENANT);
with.permission(SELECT);
});
diff --git a/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java b/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java
deleted file mode 100644
index e1e1d056..00000000
--- a/src/main/java/net/hostsharing/hsadminng/mapper/PostgresArray.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package net.hostsharing.hsadminng.mapper;
-
-import lombok.experimental.UtilityClass;
-import org.postgresql.util.PGtokenizer;
-
-import java.lang.reflect.Array;
-import java.nio.charset.StandardCharsets;
-import java.util.function.Function;
-
-@UtilityClass
-public class PostgresArray {
-
- /**
- * Converts a byte[], as returned for a Postgres-array by native queries, to a Java array.
- *
- *
This example code worked with Hibernate 5 (Spring Boot 3.0.x):
- *
- * return (UUID[]) em.createNativeQuery("select currentSubjectsUuids() as uuids", UUID[].class).getSingleResult();
- *
- *
- *
- * With Hibernate 6 (Spring Boot 3.1.x), this utility method can be used like such:
- *
- * final byte[] result = (byte[]) em.createNativeQuery("select * from currentSubjectsUuids() as uuids", UUID[].class)
- * .getSingleResult();
- * return fromPostgresArray(result, UUID.class, UUID::fromString);
- *
- *
- *
- * @param pgArray the byte[] returned by a native query containing as rendered for a Postgres array
- * @param elementClass the class of a single element of the Java array to be returned
- * @param itemParser converts a string element to the specified elementClass
- * @return a Java array containing the data from pgArray
- * @param type of a single element of the Java array
- */
- public static T[] fromPostgresArray(final byte[] pgArray, final Class elementClass, final Function itemParser) {
- final var pgArrayLiteral = new String(pgArray, StandardCharsets.UTF_8);
- if (pgArrayLiteral.length() == 2) {
- return newGenericArray(elementClass, 0);
- }
- final PGtokenizer tokenizer = new PGtokenizer(pgArrayLiteral.substring(1, pgArrayLiteral.length()-1), ',');
- tokenizer.remove("\"", "\"");
- final T[] array = newGenericArray(elementClass, tokenizer.getSize()); // Create a new array of the specified type and length
- for ( int n = 0; n < tokenizer.getSize(); ++n ) {
- final String token = tokenizer.getToken(n);
- if ( !"NULL".equals(token) ) {
- array[n] = itemParser.apply(token.trim().replace("\\\"", "\""));
- }
- }
- return array;
- }
-
- @SuppressWarnings("unchecked")
- private static T[] newGenericArray(final Class elementClass, final int length) {
- return (T[]) Array.newInstance(elementClass, length);
- }
-
-}
diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java
index 98f29973..07d70314 100644
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java
@@ -302,7 +302,7 @@ class RolesGrantsAndPermissionsGenerator {
.replace("${superRoleRef}", roleRef(NEW, grantDef.getSuperRoleDef()));
};
if (grantDef.isConditional()) {
- return "if " + grantDef.getSqlWhere() + " then\n"
+ return "if " + grantDef.getOnlyInCaseOf() + " then\n"
+ " " + grantSql + "\n"
+ "end if;";
}
diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java
index f8746eb5..0cf30dca 100644
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java
@@ -167,7 +167,7 @@ public class RbacGrantsDiagramService {
return "users";
}
if (refType.equals("perm")) {
- return node.idName().split(" ", 4)[3];
+ return node.idName().split(":", 3)[1];
}
if (refType.equals("role")) {
final var withoutRolePrefix = node.idName().substring("role:".length());
diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java
index cf528361..0405fee2 100644
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java
@@ -31,7 +31,7 @@ public class RbacRoleController implements RbacRolesApi {
context.define(currentUser, assumedRoles);
- final List result = rbacRoleRepository.findAll();
+ final List result = rbacRoleRepository.findAll();
return ResponseEntity.ok(mapper.mapList(result, RbacRoleResource.class));
}
diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRvEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleEntity.java
similarity index 96%
rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRvEntity.java
rename to src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleEntity.java
index d174182a..fa21785a 100644
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRvEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleEntity.java
@@ -15,7 +15,7 @@ import java.util.UUID;
@Immutable
@NoArgsConstructor
@AllArgsConstructor
-public class RbacRoleRvEntity {
+public class RbacRoleEntity {
@Id
@GeneratedValue
diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepository.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepository.java
index 2d9d005b..94633d7c 100644
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepository.java
@@ -5,7 +5,7 @@ import org.springframework.data.repository.Repository;
import java.util.List;
import java.util.UUID;
-public interface RbacRoleRepository extends Repository {
+public interface RbacRoleRepository extends Repository {
/**
* @return the number of persistent RbacRoleEntity instances, mostly for testing purposes.
@@ -15,7 +15,7 @@ public interface RbacRoleRepository extends Repository {
/**
* @return all persistent RbacRoleEntity instances, assigned to the current subject (user or assumed roles)
*/
- List findAll();
+ List findAll();
- RbacRoleRvEntity findByRoleName(String roleName);
+ RbacRoleEntity findByRoleName(String roleName);
}
diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
index cf0804a0..958d3afe 100644
--- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
+++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
@@ -73,6 +73,15 @@ begin
return roleDescriptor('%2$s', entity.uuid, 'TENANT', assumed);
end; $f$;
+ -- TODO: remove guest role
+ create or replace function %1$sGuest(entity %2$s, assumed boolean = true)
+ returns RbacRoleDescriptor
+ language plpgsql
+ strict as $f$
+ begin
+ return roleDescriptor('%2$s', entity.uuid, 'GUEST', assumed);
+ end; $f$;
+
create or replace function %1$sReferrer(entity %2$s)
returns RbacRoleDescriptor
language plpgsql
diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
index 7577e88c..c28a464d 100644
--- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
+++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
@@ -139,7 +139,7 @@ select 'global', (select uuid from RbacObject where objectTable = 'global'), 'GU
$$;
begin transaction;
- call defineContext('creating role:global#loba:guest', null, null, null);
+ call defineContext('creating role:global#global:guest', null, null, null);
select createRole(globalGuest());
commit;
--//
diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.md b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.md
index a0caa074..44154df0 100644
--- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.md
+++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.md
@@ -97,12 +97,13 @@ role:global:ADMIN -.-> role:partnerRel.contact:OWNER
role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN
role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER
role:global:ADMIN -.-> role:partnerRel:OWNER
+role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:OWNER
role:partnerRel:OWNER -.-> role:partnerRel:ADMIN
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:ADMIN
+role:partnerRel:ADMIN -.-> role:partnerRel.anchorPerson:OWNER
role:partnerRel:ADMIN -.-> role:partnerRel:AGENT
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
role:partnerRel:AGENT -.-> role:partnerRel:TENANT
-role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:TENANT
role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.md b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.md
index 5c43e03d..084d163b 100644
--- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.md
+++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.md
@@ -150,12 +150,13 @@ role:global:ADMIN -.-> role:debitorRel.contact:OWNER
role:debitorRel.contact:OWNER -.-> role:debitorRel.contact:ADMIN
role:debitorRel.contact:ADMIN -.-> role:debitorRel.contact:REFERRER
role:global:ADMIN -.-> role:debitorRel:OWNER
+role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:OWNER
role:debitorRel:OWNER -.-> role:debitorRel:ADMIN
role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel:ADMIN
+role:debitorRel:ADMIN -.-> role:debitorRel.anchorPerson:OWNER
role:debitorRel:ADMIN -.-> role:debitorRel:AGENT
role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:AGENT
role:debitorRel:AGENT -.-> role:debitorRel:TENANT
-role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:TENANT
role:debitorRel.contact:ADMIN -.-> role:debitorRel:TENANT
role:debitorRel:TENANT -.-> role:debitorRel.anchorPerson:REFERRER
role:debitorRel:TENANT -.-> role:debitorRel.holderPerson:REFERRER
@@ -175,12 +176,13 @@ role:global:ADMIN -.-> role:partnerRel.contact:OWNER
role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN
role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER
role:global:ADMIN -.-> role:partnerRel:OWNER
+role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:OWNER
role:partnerRel:OWNER -.-> role:partnerRel:ADMIN
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:ADMIN
+role:partnerRel:ADMIN -.-> role:partnerRel.anchorPerson:OWNER
role:partnerRel:ADMIN -.-> role:partnerRel:AGENT
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
role:partnerRel:AGENT -.-> role:partnerRel:TENANT
-role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:TENANT
role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.md b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.md
index aa3059f9..3bd2102e 100644
--- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.md
+++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.md
@@ -109,12 +109,13 @@ role:global:ADMIN -.-> role:debitorRel.contact:OWNER
role:debitorRel.contact:OWNER -.-> role:debitorRel.contact:ADMIN
role:debitorRel.contact:ADMIN -.-> role:debitorRel.contact:REFERRER
role:global:ADMIN -.-> role:debitorRel:OWNER
+role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:OWNER
role:debitorRel:OWNER -.-> role:debitorRel:ADMIN
role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel:ADMIN
+role:debitorRel:ADMIN -.-> role:debitorRel.anchorPerson:OWNER
role:debitorRel:ADMIN -.-> role:debitorRel:AGENT
role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:AGENT
role:debitorRel:AGENT -.-> role:debitorRel:TENANT
-role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:TENANT
role:debitorRel.contact:ADMIN -.-> role:debitorRel:TENANT
role:debitorRel:TENANT -.-> role:debitorRel.anchorPerson:REFERRER
role:debitorRel:TENANT -.-> role:debitorRel.holderPerson:REFERRER
diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md
index d458212c..bf205df7 100644
--- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md
+++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md
@@ -42,7 +42,7 @@ subgraph membership["`**membership**`"]
role:membership:OWNER[[membership:OWNER]]
role:membership:ADMIN[[membership:ADMIN]]
- role:membership:REFERRER[[membership:REFERRER]]
+ role:membership:AGENT[[membership:AGENT]]
end
subgraph membership:permissions[ ]
@@ -95,26 +95,27 @@ role:global:ADMIN -.-> role:partnerRel.contact:OWNER
role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN
role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER
role:global:ADMIN -.-> role:partnerRel:OWNER
+role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:OWNER
role:partnerRel:OWNER -.-> role:partnerRel:ADMIN
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:ADMIN
+role:partnerRel:ADMIN -.-> role:partnerRel.anchorPerson:OWNER
role:partnerRel:ADMIN -.-> role:partnerRel:AGENT
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
role:partnerRel:AGENT -.-> role:partnerRel:TENANT
-role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:TENANT
role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER
-role:partnerRel:ADMIN ==> role:membership:OWNER
role:membership:OWNER ==> role:membership:ADMIN
-role:partnerRel:AGENT ==> role:membership:ADMIN
-role:membership:ADMIN ==> role:membership:REFERRER
-role:membership:REFERRER ==> role:partnerRel:TENANT
+role:partnerRel:ADMIN ==> role:membership:ADMIN
+role:membership:ADMIN ==> role:membership:AGENT
+role:partnerRel:AGENT ==> role:membership:AGENT
+role:membership:AGENT ==> role:partnerRel:TENANT
%% granting permissions to roles
role:global:ADMIN ==> perm:membership:INSERT
-role:membership:OWNER ==> perm:membership:DELETE
+role:membership:ADMIN ==> perm:membership:DELETE
role:membership:ADMIN ==> perm:membership:UPDATE
-role:membership:REFERRER ==> perm:membership:SELECT
+role:membership:AGENT ==> perm:membership:SELECT
```
diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
index 9c423ba4..7f8de66b 100644
--- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
@@ -45,23 +45,23 @@ begin
perform createRoleWithGrants(
hsOfficeMembershipOWNER(NEW),
- permissions => array['DELETE'],
- incomingSuperRoles => array[hsOfficeRelationADMIN(newPartnerRel)],
userUuids => array[currentUserUuid()]
);
perform createRoleWithGrants(
hsOfficeMembershipADMIN(NEW),
- permissions => array['UPDATE'],
+ permissions => array['DELETE', 'UPDATE'],
incomingSuperRoles => array[
hsOfficeMembershipOWNER(NEW),
- hsOfficeRelationAGENT(newPartnerRel)]
+ hsOfficeRelationADMIN(newPartnerRel)]
);
perform createRoleWithGrants(
- hsOfficeMembershipREFERRER(NEW),
+ hsOfficeMembershipAGENT(NEW),
permissions => array['SELECT'],
- incomingSuperRoles => array[hsOfficeMembershipADMIN(NEW)],
+ incomingSuperRoles => array[
+ hsOfficeMembershipADMIN(NEW),
+ hsOfficeRelationAGENT(newPartnerRel)],
outgoingSubRoles => array[hsOfficeRelationTENANT(newPartnerRel)]
);
diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md
index 129de47c..e4d45686 100644
--- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md
+++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md
@@ -54,7 +54,7 @@ subgraph membership["`**membership**`"]
role:membership:OWNER[[membership:OWNER]]
role:membership:ADMIN[[membership:ADMIN]]
- role:membership:REFERRER[[membership:REFERRER]]
+ role:membership:AGENT[[membership:AGENT]]
end
end
@@ -96,25 +96,26 @@ role:global:ADMIN -.-> role:membership.partnerRel.contact:OWNER
role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact:ADMIN
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER
role:global:ADMIN -.-> role:membership.partnerRel:OWNER
+role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:OWNER
role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:ADMIN
+role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel.anchorPerson:OWNER
role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT
-role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:TENANT
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER
-role:membership.partnerRel:ADMIN -.-> role:membership:OWNER
role:membership:OWNER -.-> role:membership:ADMIN
-role:membership.partnerRel:AGENT -.-> role:membership:ADMIN
-role:membership:ADMIN -.-> role:membership:REFERRER
-role:membership:REFERRER -.-> role:membership.partnerRel:TENANT
+role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN
+role:membership:ADMIN -.-> role:membership:AGENT
+role:membership.partnerRel:AGENT -.-> role:membership:AGENT
+role:membership:AGENT -.-> role:membership.partnerRel:TENANT
%% granting permissions to roles
role:membership:ADMIN ==> perm:coopSharesTransaction:INSERT
role:membership:ADMIN ==> perm:coopSharesTransaction:UPDATE
-role:membership:ADMIN ==> perm:coopSharesTransaction:SELECT
+role:membership:AGENT ==> perm:coopSharesTransaction:SELECT
```
diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
index 1e894300..f4856f0a 100644
--- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
@@ -38,7 +38,7 @@ begin
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership;
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
- call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipADMIN(newMembership));
+ call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership));
call leaveTriggerForObjectUuid(NEW.uuid);
diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md
index 2b96a199..2f6bc29d 100644
--- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md
+++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md
@@ -54,7 +54,7 @@ subgraph membership["`**membership**`"]
role:membership:OWNER[[membership:OWNER]]
role:membership:ADMIN[[membership:ADMIN]]
- role:membership:REFERRER[[membership:REFERRER]]
+ role:membership:AGENT[[membership:AGENT]]
end
end
@@ -96,25 +96,26 @@ role:global:ADMIN -.-> role:membership.partnerRel.contact:OWNER
role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact:ADMIN
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER
role:global:ADMIN -.-> role:membership.partnerRel:OWNER
+role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:OWNER
role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:ADMIN
+role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel.anchorPerson:OWNER
role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT
-role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:TENANT
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER
-role:membership.partnerRel:ADMIN -.-> role:membership:OWNER
role:membership:OWNER -.-> role:membership:ADMIN
-role:membership.partnerRel:AGENT -.-> role:membership:ADMIN
-role:membership:ADMIN -.-> role:membership:REFERRER
-role:membership:REFERRER -.-> role:membership.partnerRel:TENANT
+role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN
+role:membership:ADMIN -.-> role:membership:AGENT
+role:membership.partnerRel:AGENT -.-> role:membership:AGENT
+role:membership:AGENT -.-> role:membership.partnerRel:TENANT
%% granting permissions to roles
role:membership:ADMIN ==> perm:coopAssetsTransaction:INSERT
role:membership:ADMIN ==> perm:coopAssetsTransaction:UPDATE
-role:membership:ADMIN ==> perm:coopAssetsTransaction:SELECT
+role:membership:AGENT ==> perm:coopAssetsTransaction:SELECT
```
diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
index 2c292436..df1fdd3b 100644
--- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
@@ -38,7 +38,7 @@ begin
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership;
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
- call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipADMIN(newMembership));
+ call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership));
call leaveTriggerForObjectUuid(NEW.uuid);
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java
index 40163eab..978e2081 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java
@@ -112,7 +112,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
.map(s -> s.replace("hs_office_", ""))
.containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames,
- "{ grant perm:coopassetstransaction#temprefB:SELECT to role:membership#M-1000101:ADMIN by system and assume }",
+ "{ grant perm:coopassetstransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }",
"{ grant perm:coopassetstransaction#temprefB:UPDATE to role:membership#M-1000101:ADMIN by system and assume }",
null));
}
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java
index b0b01d65..eff83079 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java
@@ -111,7 +111,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
.map(s -> s.replace("hs_office_", ""))
.containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames,
- "{ grant perm:coopsharestransaction#temprefB:SELECT to role:membership#M-1000101:ADMIN by system and assume }",
+ "{ grant perm:coopsharestransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }",
"{ grant perm:coopsharestransaction#temprefB:UPDATE to role:membership#M-1000101:ADMIN by system and assume }",
null));
}
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java
index 5b59c9cb..5ff5c032 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java
@@ -335,18 +335,18 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
}
@Test
- void partnerRelAgent_canPatchValidityOfRelatedMembership() {
+ void partnerRelAdmin_canPatchValidityOfRelatedMembership() {
// given
- final var givenPartnerAgent = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT";
- context.define("superuser-alex@hostsharing.net", givenPartnerAgent);
+ final var givenPartnerAdmin = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN";
+ context.define("superuser-alex@hostsharing.net", givenPartnerAdmin);
final var givenMembership = givenSomeTemporaryMembershipBessler("First");
// when
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
- .header("assumed-roles", givenPartnerAgent)
+ .header("assumed-roles", givenPartnerAdmin)
.contentType(ContentType.JSON)
.body("""
{
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
index 8ffc9e1b..a6da48c9 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
@@ -110,9 +110,9 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
initialRoleNames,
- "hs_office_membership#M-1000117:ADMIN",
"hs_office_membership#M-1000117:OWNER",
- "hs_office_membership#M-1000117:REFERRER"));
+ "hs_office_membership#M-1000117:ADMIN",
+ "hs_office_membership#M-1000117:AGENT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", ""))
.containsExactlyInAnyOrder(Array.fromFormatted(
@@ -122,21 +122,21 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
"{ grant perm:membership#M-1000117:INSERT>coopsharestransaction to role:membership#M-1000117:ADMIN by system and assume }",
// owner
- "{ grant perm:membership#M-1000117:DELETE to role:membership#M-1000117:OWNER by system and assume }",
+ "{ grant perm:membership#M-1000117:DELETE to role:membership#M-1000117:ADMIN by system and assume }",
+ "{ grant role:membership#M-1000117:OWNER to user:superuser-alex@hostsharing.net by membership#M-1000117:OWNER and assume }",
// admin
- "{ grant perm:membership#M-1000117:UPDATE to role:membership#M-1000117:ADMIN by system and assume }",
- "{ grant role:membership#M-1000117:ADMIN to role:membership#M-1000117:OWNER by system and assume }",
- "{ grant role:membership#M-1000117:OWNER to role:relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN by system and assume }",
- "{ grant role:membership#M-1000117:OWNER to user:superuser-alex@hostsharing.net by membership#M-1000117:OWNER and assume }",
+ "{ grant perm:membership#M-1000117:UPDATE to role:membership#M-1000117:ADMIN by system and assume }",
+ "{ grant role:membership#M-1000117:ADMIN to role:membership#M-1000117:OWNER by system and assume }",
+ "{ grant role:membership#M-1000117:ADMIN to role:relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN by system and assume }",
// agent
- "{ grant role:membership#M-1000117:ADMIN to role:relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT by system and assume }",
+ "{ grant perm:membership#M-1000117:SELECT to role:membership#M-1000117:AGENT by system and assume }",
+ "{ grant role:membership#M-1000117:AGENT to role:membership#M-1000117:ADMIN by system and assume }",
// referrer
- "{ grant perm:membership#M-1000117:SELECT to role:membership#M-1000117:REFERRER by system and assume }",
- "{ grant role:membership#M-1000117:REFERRER to role:membership#M-1000117:ADMIN by system and assume }",
- "{ grant role:relation#HostsharingeG-with-PARTNER-FirstGmbH:TENANT to role:membership#M-1000117:REFERRER by system and assume }",
+ "{ grant role:membership#M-1000117:AGENT to role:relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT by system and assume }",
+ "{ grant role:relation#HostsharingeG-with-PARTNER-FirstGmbH:TENANT to role:membership#M-1000117:AGENT by system and assume }",
null));
}
@@ -224,20 +224,20 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
}
@Test
- public void membershipReferrer_canViewButNotUpdateRelatedMembership() {
+ public void membershipAgent_canViewButNotUpdateRelatedMembership() {
// given
context("superuser-alex@hostsharing.net");
final var givenMembership = givenSomeTemporaryMembership("First", "13");
assertThatMembershipExistsAndIsAccessibleToCurrentContext(givenMembership);
assertThatMembershipIsVisibleForRole(
givenMembership,
- "hs_office_membership#M-1000113:REFERRER");
+ "hs_office_membership#M-1000113:AGENT");
final var newValidityEnd = LocalDate.now();
// when
final var result = jpaAttempt.transacted(() -> {
// TODO: we should test with debitor- and partner-admin as well
- context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000113:REFERRER");
+ context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000113:AGENT");
givenMembership.setValidity(
Range.closedOpen(givenMembership.getValidity().lower(), newValidityEnd));
return membershipRepo.save(givenMembership);
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/test/ContextBasedTestWithCleanup.java b/src/test/java/net/hostsharing/hsadminng/hs/office/test/ContextBasedTestWithCleanup.java
index 81930ee3..fc0b81c3 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/test/ContextBasedTestWithCleanup.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/test/ContextBasedTestWithCleanup.java
@@ -5,8 +5,7 @@ import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantEntity;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
-import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
-import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRvEntity;
+import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity;
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository;
import net.hostsharing.test.JpaAttempt;
import org.jetbrains.annotations.NotNull;
@@ -255,7 +254,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
return rbacRoleRepo.findAll().stream()
- .map(RbacRoleRvEntity::getRoleName)
+ .map(RbacRoleEntity::getRoleName)
.collect(toSet());
}).assertSuccessful().returnedValue();
}
diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java
index 8bcfd28e..15738504 100644
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java
@@ -5,7 +5,7 @@ import io.restassured.http.ContentType;
import io.restassured.response.ValidatableResponse;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.context.ContextBasedTest;
-import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRvEntity;
+import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity;
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository;
import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserEntity;
import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserRepository;
@@ -361,11 +361,11 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
this(currentUser, "");
}
- GrantFixture grantsRole(final RbacRoleRvEntity givenOwnPackageAdminRole) {
+ GrantFixture grantsRole(final RbacRoleEntity givenOwnPackageAdminRole) {
return new GrantFixture(givenOwnPackageAdminRole);
}
- RevokeFixture revokesRole(final RbacRoleRvEntity givenOwnPackageAdminRole) {
+ RevokeFixture revokesRole(final RbacRoleEntity givenOwnPackageAdminRole) {
return new RevokeFixture(givenOwnPackageAdminRole);
}
@@ -376,11 +376,11 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
class GrantFixture {
private Subject grantingSubject = Subject.this;
- private final RbacRoleRvEntity grantedRole;
+ private final RbacRoleEntity grantedRole;
private boolean assumed;
private RbacUserEntity granteeUser;
- public GrantFixture(final RbacRoleRvEntity roleToGrant) {
+ public GrantFixture(final RbacRoleEntity roleToGrant) {
this.grantedRole = roleToGrant;
}
@@ -417,11 +417,11 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
class RevokeFixture {
private Subject currentSubject = Subject.this;
- private final RbacRoleRvEntity grantedRole;
+ private final RbacRoleEntity grantedRole;
private boolean assumed;
private RbacUserEntity granteeUser;
- public RevokeFixture(final RbacRoleRvEntity roleToGrant) {
+ public RevokeFixture(final RbacRoleEntity roleToGrant) {
this.grantedRole = roleToGrant;
}
@@ -455,9 +455,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
private class GetGrantByIdFixture {
private Subject currentSubject = Subject.this;
- private RbacRoleRvEntity grantedRole;
+ private RbacRoleEntity grantedRole;
- GetGrantByIdFixture forGrantedRole(final RbacRoleRvEntity grantedRole) {
+ GetGrantByIdFixture forGrantedRole(final RbacRoleEntity grantedRole) {
this.grantedRole = grantedRole;
return this;
}
@@ -507,7 +507,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
}).assertNotNull().returnedValue();
}
- RbacRoleRvEntity getRbacRoleByName(final String roleName) {
+ RbacRoleEntity getRbacRoleByName(final String roleName) {
return jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", null);
return rbacRoleRepository.findByRoleName(roleName);
diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java
index d94382d7..4d873fa6 100644
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java
@@ -175,21 +175,21 @@ class RbacRoleRepositoryIntegrationTest {
}
}
- void exactlyTheseRbacRolesAreReturned(final List actualResult, final String... expectedRoleNames) {
+ void exactlyTheseRbacRolesAreReturned(final List actualResult, final String... expectedRoleNames) {
assertThat(actualResult)
- .extracting(RbacRoleRvEntity::getRoleName)
+ .extracting(RbacRoleEntity::getRoleName)
.containsExactlyInAnyOrder(expectedRoleNames);
}
- void allTheseRbacRolesAreReturned(final List actualResult, final String... expectedRoleNames) {
+ void allTheseRbacRolesAreReturned(final List actualResult, final String... expectedRoleNames) {
assertThat(actualResult)
- .extracting(RbacRoleRvEntity::getRoleName)
+ .extracting(RbacRoleEntity::getRoleName)
.contains(expectedRoleNames);
}
- void noneOfTheseRbacRolesIsReturned(final List actualResult, final String... unexpectedRoleNames) {
+ void noneOfTheseRbacRolesIsReturned(final List actualResult, final String... unexpectedRoleNames) {
assertThat(actualResult)
- .extracting(RbacRoleRvEntity::getRoleName)
+ .extracting(RbacRoleEntity::getRoleName)
.doesNotContain(unexpectedRoleNames);
}
diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/TestRbacRole.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/TestRbacRole.java
index 9eb0f3c7..73e30a1b 100644
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/TestRbacRole.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/TestRbacRole.java
@@ -4,11 +4,11 @@ import static java.util.UUID.randomUUID;
public class TestRbacRole {
- public static final RbacRoleRvEntity hostmasterRole = rbacRole("global", "global", RbacRoleType.ADMIN);
- static final RbacRoleRvEntity customerXxxOwner = rbacRole("test_customer", "xxx", RbacRoleType.OWNER);
- static final RbacRoleRvEntity customerXxxAdmin = rbacRole("test_customer", "xxx", RbacRoleType.ADMIN);
+ public static final RbacRoleEntity hostmasterRole = rbacRole("global", "global", RbacRoleType.ADMIN);
+ static final RbacRoleEntity customerXxxOwner = rbacRole("test_customer", "xxx", RbacRoleType.OWNER);
+ static final RbacRoleEntity customerXxxAdmin = rbacRole("test_customer", "xxx", RbacRoleType.ADMIN);
- static public RbacRoleRvEntity rbacRole(final String objectTable, final String objectIdName, final RbacRoleType roleType) {
- return new RbacRoleRvEntity(randomUUID(), randomUUID(), objectTable, objectIdName, roleType, objectTable+'#'+objectIdName+':'+roleType);
+ static public RbacRoleEntity rbacRole(final String objectTable, final String objectIdName, final RbacRoleType roleType) {
+ return new RbacRoleEntity(randomUUID(), randomUUID(), objectTable, objectIdName, roleType, objectTable+'#'+objectIdName+':'+roleType);
}
}