WIP trying to fix Debitor RBAC system

This commit is contained in:
Michael Hoennig 2024-03-08 14:51:04 +01:00
parent bbcef53b87
commit 7fab1186ed
4 changed files with 9 additions and 6 deletions

View File

@ -62,6 +62,7 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
final var entityToSave = mapper.map(body, HsOfficeDebitorEntity.class); final var entityToSave = mapper.map(body, HsOfficeDebitorEntity.class);
final var saved = debitorRepo.save(entityToSave); final var saved = debitorRepo.save(entityToSave);
em.flush(); // FIXME: remove
final var uri = final var uri =
MvcUriComponentsBuilder.fromController(getClass()) MvcUriComponentsBuilder.fromController(getClass())

View File

@ -300,15 +300,17 @@ create or replace function getRoleId(roleDescriptor RbacRoleDescriptor, whenNotE
declare declare
roleUuid uuid; roleUuid uuid;
begin begin
roleUuid = findRoleId(roleDescriptor); roleUuid := findRoleId(roleDescriptor);
assert roleUuid is not null, 'roleUuid must not be null'; -- FIXME: remove
if (roleUuid is null) then if (roleUuid is null) then
if (whenNotExists = 'fail') then if (whenNotExists = 'fail') then
raise exception 'RbacRole "%#%.%" not found', roleDescriptor.objectTable, roleDescriptor.objectUuid, roleDescriptor.roleType; raise exception 'RbacRole "%#%.%" not found', roleDescriptor.objectTable, roleDescriptor.objectUuid, roleDescriptor.roleType;
end if; end if;
if (whenNotExists = 'create') then if (whenNotExists = 'create') then
roleUuid = createRole(roleDescriptor); roleUuid := createRole(roleDescriptor);
end if; end if;
end if; end if;
assert roleUuid is not null, 'roleUuid must not be null'; -- FIXME: remove
return roleUuid; return roleUuid;
end; end;
$$; $$;

View File

@ -47,13 +47,14 @@ begin
foreach superRoleDesc in array incomingSuperRoles foreach superRoleDesc in array incomingSuperRoles
loop loop
superRoleUuid = getRoleId(superRoleDesc, 'fail'); superRoleUuid := getRoleId(superRoleDesc, 'fail');
call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed); call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed);
end loop; end loop;
foreach subRoleDesc in array outgoingSubRoles foreach subRoleDesc in array outgoingSubRoles
loop loop
subRoleUuid = getRoleId(subRoleDesc, 'fail'); subRoleUuid := getRoleId(subRoleDesc, 'fail');
assert subRoleUuid is not null, 'subRoleUuid must not be null'; -- FIXME: remove
call grantRoleToRole(subRoleUuid, roleUuid, subRoleDesc.assumed); call grantRoleToRole(subRoleUuid, roleUuid, subRoleDesc.assumed);
end loop; end loop;

View File

@ -145,8 +145,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
} }
@Nested @Nested
@Accepts({ "Debitor:C(Create)" }) class AddDebitor {
class CreateDebitor {
@Test @Test
void globalAdmin_withoutAssumedRole_canAddDebitorWithBankAccount() { void globalAdmin_withoutAssumedRole_canAddDebitorWithBankAccount() {