minor fixes

2024-03-25 09:13:37 +01:00 · 2024-03-25 09:13:37 +01:00 · 66af0def5b
commit 66af0def5b
parent 670ba8e9c9
5 changed files with 39 additions and 12 deletions
--- a/src/main/java/net/hostsharing/hsadminng/test/dom/TestDomainEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/test/dom/TestDomainEntity.java
@ -14,7 +14,7 @@ import java.io.IOException;
 import java.util.UUID;

 import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
-import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NULLABLE;
+import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL;
 import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
 import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
 import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn;
@ -51,7 +51,7 @@ public class TestDomainEntity implements HasUuid {
                .importEntityAlias("package", TestPackageEntity.class,
                        dependsOnColumn("packageUuid"),
                        directlyFetchedByDependsOnColumn(),
-                        NULLABLE)
+                        NOT_NULL)
                .toRole("package", ADMIN).grantPermission(INSERT)

                .createRole(OWNER, (with) -> {
--- a/src/main/resources/db/changelog/133-test-domain-rbac.sql
+++ b/src/main/resources/db/changelog/133-test-domain-rbac.sql
@ -36,6 +36,8 @@ begin
    call enterTriggerForObjectUuid(NEW.uuid);

    SELECT * FROM test_package WHERE uuid = NEW.packageUuid    INTO newPackage;
+    assert newPackage.uuid is not null, format('newPackage must not be null for NEW.packageUuid = %s', NEW.packageUuid);
+

    perform createRoleWithGrants(
        testDomainOwner(NEW),
@ -87,12 +89,37 @@ create or replace procedure updateRbacRulesForTestDomain(
    NEW test_domain
 )
    language plpgsql as $$
-begin

-    if NEW.packageUuid is distinct from OLD.packageUuid then
-        delete from rbacgrants g where g.grantedbytriggerof = OLD.uuid;
-        call buildRbacSystemForTestDomain(NEW);
+declare
+    oldPackage test_package;
+    newPackage test_package;
+
+begin
+    call enterTriggerForObjectUuid(NEW.uuid);
+
+    SELECT * FROM test_package WHERE uuid = OLD.packageUuid    INTO oldPackage;
+    assert oldPackage.uuid is not null, format('oldPackage must not be null for OLD.packageUuid = %s', OLD.packageUuid);
+
+    SELECT * FROM test_package WHERE uuid = NEW.packageUuid    INTO newPackage;
+    assert newPackage.uuid is not null, format('newPackage must not be null for NEW.packageUuid = %s', NEW.packageUuid);
+
+
+    if NEW.packageUuid <> OLD.packageUuid then
+
+        call revokePermissionFromRole(getPermissionId(OLD.uuid, 'INSERT'), testPackageAdmin(oldPackage));
+
+        call revokeRoleFromRole(testDomainOwner(OLD), testPackageAdmin(oldPackage));
+        call grantRoleToRole(testDomainOwner(NEW), testPackageAdmin(newPackage));
+
+        call revokeRoleFromRole(testPackageTenant(oldPackage), testDomainOwner(OLD));
+        call grantRoleToRole(testPackageTenant(newPackage), testDomainOwner(NEW));
+
+        call revokeRoleFromRole(testPackageTenant(oldPackage), testDomainAdmin(OLD));
+        call grantRoleToRole(testPackageTenant(newPackage), testDomainAdmin(NEW));
+
    end if;
+
+    call leaveTriggerForObjectUuid(NEW.uuid);
 end; $$;

 /*
--- a/src/main/resources/db/changelog/223-hs-office-relation-rbac-generated.sql
+++ b/src/main/resources/db/changelog/223-hs-office-relation-rbac-generated.sql
@ -54,8 +54,8 @@ begin
        hsOfficeRelationAdmin(NEW),
            permissions => array['UPDATE'],
            incomingSuperRoles => array[
-            	hsOfficeRelationOwner(NEW),
-            	hsOfficePersonAdmin(newAnchorPerson)]
+            	hsOfficePersonAdmin(newAnchorPerson),
+            	hsOfficeRelationOwner(NEW)]
    );

    perform createRoleWithGrants(
@ -74,8 +74,8 @@ begin
            	hsOfficePersonAdmin(newHolderPerson)],
            outgoingSubRoles => array[
            	hsOfficePersonReferrer(newAnchorPerson),
-            	hsOfficePersonReferrer(newHolderPerson),
-            	hsOfficeContactReferrer(newContact)]
+            	hsOfficeContactReferrer(newContact),
+            	hsOfficePersonReferrer(newHolderPerson)]
    );

    call leaveTriggerForObjectUuid(NEW.uuid);
--- a/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac-generated.sql
+++ b/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac-generated.sql
@ -65,8 +65,8 @@ begin
        hsOfficeSepaMandateReferrer(NEW),
            permissions => array['SELECT'],
            incomingSuperRoles => array[
-            	hsOfficeBankAccountAdmin(newBankAccount),
            	hsOfficeRelationAgent(newDebitorRel),
+            	hsOfficeBankAccountAdmin(newBankAccount),
            	hsOfficeSepaMandateAgent(NEW)],
            outgoingSubRoles => array[hsOfficeRelationTenant(newDebitorRel)]
    );
--- a/src/test/java/net/hostsharing/hsadminng/test/cust/TestCustomerControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/test/cust/TestCustomerControllerAcceptanceTest.java
@ -204,7 +204,7 @@ class TestCustomerControllerAcceptanceTest {
                    .statusCode(403)
                    .contentType(ContentType.JSON)
                    .statusCode(403)
-                    .body("message", containsString("insert into test_customer not allowed for current subjects {customer-admin@yyy.example.com}"));
+                    .body("message", containsString("ERROR: [403] insert into test_customer not allowed for current subjects {customer-admin@yyy.example.com}"));
                // @formatter:on

            // finally, the new customer was not created