WIP trying to fix Debitor RBAC system

This commit is contained in:
Michael Hoennig 2024-03-08 14:51:04 +01:00
parent bbcef53b87
commit 7fab1186ed
4 changed files with 9 additions and 6 deletions

View File

@ -62,6 +62,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
final var entityToSave = mapper.map(body, HsOfficeDebitorEntity.class);
final var saved = debitorRepo.save(entityToSave);
em.flush(); // FIXME: remove
final var uri =
MvcUriComponentsBuilder.fromController(getClass())

View File

@ -300,15 +300,17 @@ create or replace function getRoleId(roleDescriptor RbacRoleDescriptor, whenNotE
declare
roleUuid uuid;
begin
roleUuid = findRoleId(roleDescriptor);
roleUuid := findRoleId(roleDescriptor);
assert roleUuid is not null, 'roleUuid must not be null'; -- FIXME: remove
if (roleUuid is null) then
if (whenNotExists = 'fail') then
raise exception 'RbacRole "%#%.%" not found', roleDescriptor.objectTable, roleDescriptor.objectUuid, roleDescriptor.roleType;
end if;
if (whenNotExists = 'create') then
roleUuid = createRole(roleDescriptor);
roleUuid := createRole(roleDescriptor);
end if;
end if;
assert roleUuid is not null, 'roleUuid must not be null'; -- FIXME: remove
return roleUuid;
end;
$$;

View File

@ -47,13 +47,14 @@ begin
foreach superRoleDesc in array incomingSuperRoles
loop
superRoleUuid = getRoleId(superRoleDesc, 'fail');
superRoleUuid := getRoleId(superRoleDesc, 'fail');
call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed);
end loop;
foreach subRoleDesc in array outgoingSubRoles
loop
subRoleUuid = getRoleId(subRoleDesc, 'fail');
subRoleUuid := getRoleId(subRoleDesc, 'fail');
assert subRoleUuid is not null, 'subRoleUuid must not be null'; -- FIXME: remove
call grantRoleToRole(subRoleUuid, roleUuid, subRoleDesc.assumed);
end loop;

View File

@ -145,8 +145,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
}
@Nested
@Accepts({ "Debitor:C(Create)" })
class CreateDebitor {
class AddDebitor {
@Test
void globalAdmin_withoutAssumedRole_canAddDebitorWithBankAccount() {