always use role+grant names in create+delete role+grants tests
This commit is contained in:
parent
4e90f53bf3
commit
8041553734
@ -21,7 +21,7 @@ public interface HsOfficeContactRepository extends Repository<HsOfficeContactEnt
|
|||||||
|
|
||||||
HsOfficeContactEntity save(final HsOfficeContactEntity entity);
|
HsOfficeContactEntity save(final HsOfficeContactEntity entity);
|
||||||
|
|
||||||
void deleteByUuid(final UUID uuid);
|
int deleteByUuid(final UUID uuid);
|
||||||
|
|
||||||
long count();
|
long count();
|
||||||
}
|
}
|
||||||
|
@ -2,8 +2,8 @@ package net.hostsharing.hsadminng.hs.office.contact;
|
|||||||
|
|
||||||
import net.hostsharing.hsadminng.context.Context;
|
import net.hostsharing.hsadminng.context.Context;
|
||||||
import net.hostsharing.hsadminng.context.ContextBasedTest;
|
import net.hostsharing.hsadminng.context.ContextBasedTest;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantRepository;
|
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository;
|
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
|
||||||
import net.hostsharing.test.Array;
|
import net.hostsharing.test.Array;
|
||||||
import net.hostsharing.test.JpaAttempt;
|
import net.hostsharing.test.JpaAttempt;
|
||||||
import org.junit.jupiter.api.AfterEach;
|
import org.junit.jupiter.api.AfterEach;
|
||||||
@ -23,8 +23,8 @@ import java.util.List;
|
|||||||
import java.util.function.Supplier;
|
import java.util.function.Supplier;
|
||||||
|
|
||||||
import static net.hostsharing.hsadminng.hs.office.contact.TestHsOfficeContact.hsOfficeContact;
|
import static net.hostsharing.hsadminng.hs.office.contact.TestHsOfficeContact.hsOfficeContact;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantDisplayExtractor.grantDisplaysOf;
|
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantDisplayExtractor.grantDisplaysOf;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleNameExtractor.roleNamesOf;
|
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleNameExtractor.roleNamesOf;
|
||||||
import static net.hostsharing.test.JpaAttempt.attempt;
|
import static net.hostsharing.test.JpaAttempt.attempt;
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
import static org.assertj.core.api.Assumptions.assumeThat;
|
import static org.assertj.core.api.Assumptions.assumeThat;
|
||||||
@ -38,10 +38,10 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
HsOfficeContactRepository contactRepo;
|
HsOfficeContactRepository contactRepo;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
RbacRoleRepository roleRepo;
|
RawRbacRoleRepository rawRoleRepo;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
RbacGrantRepository grantRepo;
|
RawRbacGrantRepository rawGrantRepo;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
EntityManager em;
|
EntityManager em;
|
||||||
@ -97,9 +97,8 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
public void createsAndGrantsRoles() {
|
public void createsAndGrantsRoles() {
|
||||||
// given
|
// given
|
||||||
context("drew@hostsharing.org");
|
context("drew@hostsharing.org");
|
||||||
final var count = contactRepo.count();
|
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
|
||||||
final var initialRoleNames = roleNamesOf(roleRepo.findAll());
|
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
|
||||||
final var initialGrantCount = grantRepo.findAll().size();
|
|
||||||
|
|
||||||
// when
|
// when
|
||||||
attempt(em, () -> contactRepo.save(
|
attempt(em, () -> contactRepo.save(
|
||||||
@ -107,18 +106,23 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
).assumeSuccessful();
|
).assumeSuccessful();
|
||||||
|
|
||||||
// then
|
// then
|
||||||
final var roles = roleRepo.findAll();
|
final var roles = rawRoleRepo.findAll();
|
||||||
assertThat(roleNamesOf(roles)).containsExactlyInAnyOrder(
|
assertThat(roleNamesOf(roles)).containsExactlyInAnyOrder(Array.from(
|
||||||
Array.from(
|
initialRoleNames,
|
||||||
initialRoleNames,
|
"hs_office_contact#anothernewcontact.owner",
|
||||||
"hs_office_contact#anothernewcontact.owner",
|
"hs_office_contact#anothernewcontact.admin",
|
||||||
"hs_office_contact#anothernewcontact.admin",
|
"hs_office_contact#anothernewcontact.tenant"
|
||||||
"hs_office_contact#anothernewcontact.tenant"));
|
));
|
||||||
final var grants = grantRepo.findAll();
|
assertThat(grantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.from(
|
||||||
assertThat(grantDisplaysOf(grants)).containsAll(List.of(
|
initialGrantNames,
|
||||||
"{ grant assumed role hs_office_contact#anothernewcontact.owner to user drew@hostsharing.org by role global#global.admin }"));
|
"{ grant role hs_office_contact#anothernewcontact.owner to role global#global.admin by system and assume }",
|
||||||
assertThat(grants.size()).as("invalid number of grants created")
|
"{ grant perm edit on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.admin by system and assume }",
|
||||||
.isEqualTo(initialGrantCount + 1);
|
"{ grant role hs_office_contact#anothernewcontact.tenant to role hs_office_contact#anothernewcontact.admin by system and assume }",
|
||||||
|
"{ grant perm * on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.owner by system and assume }",
|
||||||
|
"{ grant role hs_office_contact#anothernewcontact.admin to role hs_office_contact#anothernewcontact.owner by system and assume }",
|
||||||
|
"{ grant perm view on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.tenant by system and assume }",
|
||||||
|
"{ grant role hs_office_contact#anothernewcontact.owner to user drew@hostsharing.org by global#global.admin and assume }"
|
||||||
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
private void assertThatContactIsPersisted(final HsOfficeContactEntity saved) {
|
private void assertThatContactIsPersisted(final HsOfficeContactEntity saved) {
|
||||||
@ -231,25 +235,29 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
public void deletingAContactAlsoDeletesRelatedRolesAndGrants() {
|
public void deletingAContactAlsoDeletesRelatedRolesAndGrants() {
|
||||||
// given
|
// given
|
||||||
context("drew@hostsharing.org", null);
|
context("drew@hostsharing.org", null);
|
||||||
final var initialRoleCount = roleRepo.findAll().size();
|
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
|
||||||
final var initialGrantCount = grantRepo.findAll().size();
|
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
|
||||||
final var givenContact = givenSomeTemporaryContact("drew@hostsharing.org");
|
final var givenContact = givenSomeTemporaryContact("drew@hostsharing.org");
|
||||||
assumeThat(roleRepo.findAll().size()).as("unexpected number of roles created")
|
assumeThat(rawRoleRepo.findAll().size()).as("unexpected number of roles created")
|
||||||
.isEqualTo(initialRoleCount + 2);
|
.isEqualTo(initialRoleNames.size() + 3);
|
||||||
assumeThat(grantRepo.findAll().size()).as("unexpected number of grants created")
|
assumeThat(rawGrantRepo.findAll().size()).as("unexpected number of grants created")
|
||||||
.isEqualTo(initialGrantCount + 1);
|
.isEqualTo(initialGrantNames.size() + 7);
|
||||||
|
|
||||||
// when
|
// when
|
||||||
final var result = jpaAttempt.transacted(() -> {
|
final var result = jpaAttempt.transacted(() -> {
|
||||||
context("drew@hostsharing.org", null);
|
context("drew@hostsharing.org", null);
|
||||||
contactRepo.deleteByUuid(givenContact.getUuid());
|
return contactRepo.deleteByUuid(givenContact.getUuid());
|
||||||
}).assumeSuccessful();
|
});
|
||||||
|
|
||||||
// then
|
// then
|
||||||
assertThat(roleRepo.findAll().size()).as("invalid number of roles deleted")
|
result.assertSuccessful();
|
||||||
.isEqualTo(initialRoleCount);
|
assertThat(result.returnedValue()).isEqualTo(1);
|
||||||
assertThat(grantRepo.findAll().size()).as("invalid number of grants revoked")
|
assertThat(roleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from(
|
||||||
.isEqualTo(initialGrantCount);
|
initialRoleNames
|
||||||
|
));
|
||||||
|
assertThat(grantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.from(
|
||||||
|
initialGrantNames
|
||||||
|
));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -96,8 +96,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
// given
|
// given
|
||||||
context("alex@hostsharing.net");
|
context("alex@hostsharing.net");
|
||||||
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
|
final var initialRoleNames = roleNamesOf(rawRoleRepo.findAll());
|
||||||
final var initialGrantCount = rawGrantRepo.findAll().size();
|
final var initialGrantNames = grantDisplaysOf(rawGrantRepo.findAll());
|
||||||
final var initialGrantsDisplayNames = grantDisplaysOf(rawGrantRepo.findAll()); // TODO
|
|
||||||
|
|
||||||
// when
|
// when
|
||||||
attempt(em, () -> {
|
attempt(em, () -> {
|
||||||
@ -117,18 +116,18 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
"hs_office_partner#ErbenBesslerMelBessler-forthcontact.admin",
|
"hs_office_partner#ErbenBesslerMelBessler-forthcontact.admin",
|
||||||
"hs_office_partner#ErbenBesslerMelBessler-forthcontact.owner",
|
"hs_office_partner#ErbenBesslerMelBessler-forthcontact.owner",
|
||||||
"hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant"));
|
"hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant"));
|
||||||
assertThat(grantDisplaysOf(rawGrantRepo.findAll())).containsAll(List.of(
|
assertThat(grantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.from(
|
||||||
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.owner to role global#global.admin by system and assume }",
|
initialGrantNames,
|
||||||
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant to role hs_office_contact#forthcontact.admin by system and assume }",
|
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.owner to role global#global.admin by system and assume }",
|
||||||
"{ grant perm edit on hs_office_partner#ErbenBesslerMelBessler-forthcontact to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.admin by system and assume }",
|
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant to role hs_office_contact#forthcontact.admin by system and assume }",
|
||||||
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.admin by system and assume }",
|
"{ grant perm edit on hs_office_partner#ErbenBesslerMelBessler-forthcontact to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.admin by system and assume }",
|
||||||
"{ grant perm * on hs_office_partner#ErbenBesslerMelBessler-forthcontact to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.owner by system and assume }",
|
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.admin by system and assume }",
|
||||||
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.admin to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.owner by system and assume }",
|
"{ grant perm * on hs_office_partner#ErbenBesslerMelBessler-forthcontact to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.owner by system and assume }",
|
||||||
"{ grant perm view on hs_office_partner#ErbenBesslerMelBessler-forthcontact to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant by system and assume }",
|
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.admin to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.owner by system and assume }",
|
||||||
"{ grant role hs_office_contact#forthcontact.tenant to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant by system and assume }",
|
"{ grant perm view on hs_office_partner#ErbenBesslerMelBessler-forthcontact to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant by system and assume }",
|
||||||
"{ grant role hs_office_person#ErbenBesslerMelBessler.tenant to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant by system and assume }",
|
"{ grant role hs_office_contact#forthcontact.tenant to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant by system and assume }",
|
||||||
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant to role hs_office_person#ErbenBesslerMelBessler.admin by system and assume }"))
|
"{ grant role hs_office_person#ErbenBesslerMelBessler.tenant to role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant by system and assume }",
|
||||||
.as("invalid number of grants created").hasSize(initialGrantCount + 10);
|
"{ grant role hs_office_partner#ErbenBesslerMelBessler-forthcontact.tenant to role hs_office_person#ErbenBesslerMelBessler.admin by system and assume }"));
|
||||||
}
|
}
|
||||||
|
|
||||||
private void assertThatPartnerIsPersisted(final HsOfficePartnerEntity saved) {
|
private void assertThatPartnerIsPersisted(final HsOfficePartnerEntity saved) {
|
||||||
@ -243,30 +242,14 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
// when
|
// when
|
||||||
final var result = jpaAttempt.transacted(() -> {
|
final var result = jpaAttempt.transacted(() -> {
|
||||||
context("alex@hostsharing.net");
|
context("alex@hostsharing.net");
|
||||||
partnerRepo.deleteByUuid(givenPartner.getUuid());
|
return partnerRepo.deleteByUuid(givenPartner.getUuid());
|
||||||
});
|
});
|
||||||
|
|
||||||
// then
|
// then
|
||||||
result.assertSuccessful();
|
result.assertSuccessful();
|
||||||
jpaAttempt.transacted(() -> {
|
assertThat(result.returnedValue()).isEqualTo(1);
|
||||||
final var remainingPartner = em.createNativeQuery("select p.uuid from hs_office_partner p where p.uuid=?1")
|
assertThat(roleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(initialRoleNames);
|
||||||
.setParameter(1, givenPartner.getUuid()).getResultList();
|
assertThat(grantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(initialGrantNames);
|
||||||
assertThat(remainingPartner).isEmpty();
|
|
||||||
final var remainingObject = em.createNativeQuery("select o.uuid from RbacObject o where o.uuid=?1")
|
|
||||||
.setParameter(1, givenPartner.getUuid())
|
|
||||||
.getResultList();
|
|
||||||
assertThat(remainingObject).isEmpty();
|
|
||||||
|
|
||||||
assertThat(roleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(initialRoleNames);
|
|
||||||
|
|
||||||
context("customer-admin@forthcontact.example.com");
|
|
||||||
assertThat(grantDisplaysOf(rawGrantRepo.findAll())).doesNotContain(
|
|
||||||
"{ grant assumed role hs_office_contact#forthcontact.owner to user customer-admin@forthcontact.example.com by role global#global.admin }");
|
|
||||||
|
|
||||||
context("person-ErbenBesslerMelBessler@example.com");
|
|
||||||
assertThat(grantDisplaysOf(rawGrantRepo.findAll())).doesNotContain(
|
|
||||||
"{ grant assumed role hs_office_person#ErbenBesslerMelBessler.owner to user person-ErbenBesslerMelBessl@example.com by role global#global.admin }");
|
|
||||||
}).assertSuccessful();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user