From 7fab1186ed0914419c7fb3b8bb3dd91061a1d043 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 8 Mar 2024 14:51:04 +0100 Subject: [PATCH] WIP trying to fix Debitor RBAC system --- .../hs/office/debitor/HsOfficeDebitorController.java | 1 + src/main/resources/db/changelog/050-rbac-base.sql | 6 ++++-- src/main/resources/db/changelog/057-rbac-role-builder.sql | 5 +++-- .../debitor/HsOfficeDebitorControllerAcceptanceTest.java | 3 +-- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java index bc4175ca..91e2785c 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java @@ -62,6 +62,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { final var entityToSave = mapper.map(body, HsOfficeDebitorEntity.class); final var saved = debitorRepo.save(entityToSave); + em.flush(); // FIXME: remove final var uri = MvcUriComponentsBuilder.fromController(getClass()) diff --git a/src/main/resources/db/changelog/050-rbac-base.sql b/src/main/resources/db/changelog/050-rbac-base.sql index f3b784c8..2d851197 100644 --- a/src/main/resources/db/changelog/050-rbac-base.sql +++ b/src/main/resources/db/changelog/050-rbac-base.sql @@ -300,15 +300,17 @@ create or replace function getRoleId(roleDescriptor RbacRoleDescriptor, whenNotE declare roleUuid uuid; begin - roleUuid = findRoleId(roleDescriptor); + roleUuid := findRoleId(roleDescriptor); + assert roleUuid is not null, 'roleUuid must not be null'; -- FIXME: remove if (roleUuid is null) then if (whenNotExists = 'fail') then raise exception 'RbacRole "%#%.%" not found', roleDescriptor.objectTable, roleDescriptor.objectUuid, roleDescriptor.roleType; end if; if (whenNotExists = 'create') then - roleUuid = createRole(roleDescriptor); + roleUuid := createRole(roleDescriptor); end if; end if; + assert roleUuid is not null, 'roleUuid must not be null'; -- FIXME: remove return roleUuid; end; $$; diff --git a/src/main/resources/db/changelog/057-rbac-role-builder.sql b/src/main/resources/db/changelog/057-rbac-role-builder.sql index 221919a3..49975123 100644 --- a/src/main/resources/db/changelog/057-rbac-role-builder.sql +++ b/src/main/resources/db/changelog/057-rbac-role-builder.sql @@ -47,13 +47,14 @@ begin foreach superRoleDesc in array incomingSuperRoles loop - superRoleUuid = getRoleId(superRoleDesc, 'fail'); + superRoleUuid := getRoleId(superRoleDesc, 'fail'); call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed); end loop; foreach subRoleDesc in array outgoingSubRoles loop - subRoleUuid = getRoleId(subRoleDesc, 'fail'); + subRoleUuid := getRoleId(subRoleDesc, 'fail'); + assert subRoleUuid is not null, 'subRoleUuid must not be null'; -- FIXME: remove call grantRoleToRole(subRoleUuid, roleUuid, subRoleDesc.assumed); end loop; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java index 839039a2..0616e338 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java @@ -145,8 +145,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu } @Nested - @Accepts({ "Debitor:C(Create)" }) - class CreateDebitor { + class AddDebitor { @Test void globalAdmin_withoutAssumedRole_canAddDebitorWithBankAccount() {