WIP trying to fix Debitor RBAC system

2024-03-08 14:51:04 +01:00 · 2024-03-08 14:51:04 +01:00 · 7fab1186ed
commit 7fab1186ed
parent bbcef53b87
4 changed files with 9 additions and 6 deletions
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java
@ -62,6 +62,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
        final var entityToSave = mapper.map(body, HsOfficeDebitorEntity.class);

        final var saved = debitorRepo.save(entityToSave);
+        em.flush(); // FIXME: remove

        final var uri =
                MvcUriComponentsBuilder.fromController(getClass())
--- a/src/main/resources/db/changelog/050-rbac-base.sql
+++ b/src/main/resources/db/changelog/050-rbac-base.sql
@ -300,15 +300,17 @@ create or replace function getRoleId(roleDescriptor RbacRoleDescriptor, whenNotE
 declare
    roleUuid uuid;
 begin
-    roleUuid = findRoleId(roleDescriptor);
+    roleUuid := findRoleId(roleDescriptor);
+    assert roleUuid is not null, 'roleUuid must not be null'; -- FIXME: remove
    if (roleUuid is null) then
        if (whenNotExists = 'fail') then
            raise exception 'RbacRole "%#%.%" not found', roleDescriptor.objectTable, roleDescriptor.objectUuid, roleDescriptor.roleType;
        end if;
        if (whenNotExists = 'create') then
-            roleUuid = createRole(roleDescriptor);
+            roleUuid := createRole(roleDescriptor);
        end if;
    end if;
+    assert roleUuid is not null, 'roleUuid must not be null'; -- FIXME: remove
    return roleUuid;
 end;
 $$;
--- a/src/main/resources/db/changelog/057-rbac-role-builder.sql
+++ b/src/main/resources/db/changelog/057-rbac-role-builder.sql
@ -47,13 +47,14 @@ begin

    foreach superRoleDesc in array incomingSuperRoles
        loop
-            superRoleUuid = getRoleId(superRoleDesc, 'fail');
+            superRoleUuid := getRoleId(superRoleDesc, 'fail');
            call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed);
        end loop;

    foreach subRoleDesc in array outgoingSubRoles
        loop
-            subRoleUuid = getRoleId(subRoleDesc, 'fail');
+            subRoleUuid := getRoleId(subRoleDesc, 'fail');
+            assert subRoleUuid is not null, 'subRoleUuid must not be null'; -- FIXME: remove
            call grantRoleToRole(subRoleUuid, roleUuid, subRoleDesc.assumed);
        end loop;

--- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java
@ -145,8 +145,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
    }

    @Nested
-    @Accepts({ "Debitor:C(Create)" })
-    class CreateDebitor {
+    class AddDebitor {

        @Test
        void globalAdmin_withoutAssumedRole_canAddDebitorWithBankAccount() {