From 86148c325826ada7e5015afc2fbd628e9f394b4a Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 15 Mar 2024 18:41:02 +0100 Subject: [PATCH] fix HsOfficeRelationshipEntity tests --- .../HsOfficeRelationshipEntity.java | 6 +- .../rbac/rbacdef/InsertTriggerGenerator.java | 7 +- .../db/changelog/123-test-package-rbac.sql | 2 +- .../db/changelog/133-test-domain-rbac.sql | 2 +- .../changelog/203-hs-office-contact-rbac.sql | 2 +- .../changelog/213-hs-office-person-rbac.sql | 2 +- .../223-hs-office-relationship-rbac.md | 4 +- .../223-hs-office-relationship-rbac.sql | 65 +++++++++++++++++-- .../changelog/233-hs-office-partner-rbac.sql | 2 +- .../234-hs-office-partner-details-rbac.sql | 2 +- .../243-hs-office-bankaccount-rbac.sql | 2 +- .../253-hs-office-sepamandate-rbac.md | 2 +- .../253-hs-office-sepamandate-rbac.sql | 8 +-- .../changelog/273-hs-office-debitor-rbac.sql | 2 +- .../303-hs-office-membership-rbac.sql | 2 +- ...esTransactionControllerAcceptanceTest.java | 22 +++++-- ...sTransactionRepositoryIntegrationTest.java | 6 +- ...RelationshipRepositoryIntegrationTest.java | 14 ++-- 18 files changed, 112 insertions(+), 40 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java index 1ec9fd74..5424b285 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipEntity.java @@ -119,10 +119,12 @@ public class HsOfficeRelationshipEntity implements HasUuid, Stringifyable { with.outgoingSubRole("holderPerson", REFERRER); with.outgoingSubRole("contact", REFERRER); with.permission(SELECT); - }); + }) + + .toRole("anchorPerson", ADMIN).grantPermission(INSERT); } public static void main(String[] args) throws IOException { - rbac().generateWithBaseFileName("223-hs-office-relationship-rbac-generated"); + rbac().generateWithBaseFileName("223-hs-office-relationship-rbac"); } } diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java index a29deab1..88d07efa 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java @@ -80,12 +80,13 @@ public class InsertTriggerGenerator { strict as $$ begin call grantPermissionToRole( - ${rawSuperRoleDescriptor}, - createPermission(NEW.uuid, 'INSERT', '${rawSubTableName}')); + createPermission(NEW.uuid, 'INSERT', '${rawSubTableName}'), + ${rawSuperRoleDescriptor}); return NEW; end; $$; - create trigger ${rawSubTableName}_${rawSuperTableName}_insert_tg + -- z_... is to put it at the end of after insert triggers, to make sure the roles exist + create trigger z_${rawSubTableName}_${rawSuperTableName}_insert_tg after insert on ${rawSuperTableName} for each row execute procedure ${rawSubTableName}_${rawSuperTableName}_insert_tf(); diff --git a/src/main/resources/db/changelog/123-test-package-rbac.sql b/src/main/resources/db/changelog/123-test-package-rbac.sql index 1c320e58..bfa2a0e3 100644 --- a/src/main/resources/db/changelog/123-test-package-rbac.sql +++ b/src/main/resources/db/changelog/123-test-package-rbac.sql @@ -179,7 +179,7 @@ begin return NEW; end; $$; -create trigger test_package_test_customer_insert_tg +create trigger z_test_package_test_customer_insert_tg after insert on test_customer for each row execute procedure test_package_test_customer_insert_tf(); diff --git a/src/main/resources/db/changelog/133-test-domain-rbac.sql b/src/main/resources/db/changelog/133-test-domain-rbac.sql index 0fd691e6..796fba35 100644 --- a/src/main/resources/db/changelog/133-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/133-test-domain-rbac.sql @@ -178,7 +178,7 @@ begin return NEW; end; $$; -create trigger test_domain_test_package_insert_tg +create trigger z_test_domain_test_package_insert_tg after insert on test_package for each row execute procedure test_domain_test_package_insert_tf(); diff --git a/src/main/resources/db/changelog/203-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/203-hs-office-contact-rbac.sql index 66994dd8..ee40d154 100644 --- a/src/main/resources/db/changelog/203-hs-office-contact-rbac.sql +++ b/src/main/resources/db/changelog/203-hs-office-contact-rbac.sql @@ -114,7 +114,7 @@ begin return NEW; end; $$; -create trigger hs_office_contact_global_insert_tg +create trigger z_hs_office_contact_global_insert_tg after insert on global for each row execute procedure hs_office_contact_global_insert_tf(); diff --git a/src/main/resources/db/changelog/213-hs-office-person-rbac.sql b/src/main/resources/db/changelog/213-hs-office-person-rbac.sql index 3444c872..55a3bd82 100644 --- a/src/main/resources/db/changelog/213-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/213-hs-office-person-rbac.sql @@ -114,7 +114,7 @@ begin return NEW; end; $$; -create trigger hs_office_person_global_insert_tg +create trigger z_hs_office_person_global_insert_tg after insert on global for each row execute procedure hs_office_person_global_insert_tf(); diff --git a/src/main/resources/db/changelog/223-hs-office-relationship-rbac.md b/src/main/resources/db/changelog/223-hs-office-relationship-rbac.md index e971fda2..f22f90c4 100644 --- a/src/main/resources/db/changelog/223-hs-office-relationship-rbac.md +++ b/src/main/resources/db/changelog/223-hs-office-relationship-rbac.md @@ -1,6 +1,6 @@ ### rbac relationship -This code generated was by RbacViewMermaidFlowchartGenerator at 2024-03-15T15:30:23.331560468. +This code generated was by RbacViewMermaidFlowchartGenerator at 2024-03-15T17:17:00.854621634. ```mermaid %%{init:{'flowchart':{'htmlLabels':false}}}%% @@ -64,6 +64,7 @@ subgraph relationship["`**relationship**`"] perm:relationship:DELETE{{relationship:DELETE}} perm:relationship:UPDATE{{relationship:UPDATE}} perm:relationship:SELECT{{relationship:SELECT}} + perm:relationship:INSERT{{relationship:INSERT}} end end @@ -96,5 +97,6 @@ role:relationship:tenant ==> role:contact:referrer role:relationship:owner ==> perm:relationship:DELETE role:relationship:admin ==> perm:relationship:UPDATE role:relationship:tenant ==> perm:relationship:SELECT +role:anchorPerson:admin ==> perm:relationship:INSERT ``` diff --git a/src/main/resources/db/changelog/223-hs-office-relationship-rbac.sql b/src/main/resources/db/changelog/223-hs-office-relationship-rbac.sql index 1b394457..dd8092af 100644 --- a/src/main/resources/db/changelog/223-hs-office-relationship-rbac.sql +++ b/src/main/resources/db/changelog/223-hs-office-relationship-rbac.sql @@ -1,5 +1,5 @@ --liquibase formatted sql --- This code generated was by RbacViewPostgresGenerator at 2024-03-15T15:30:23.341470108. +-- This code generated was by RbacViewPostgresGenerator at 2024-03-15T17:17:00.864301165. -- ============================================================================ @@ -186,13 +186,68 @@ execute procedure updateTriggerForHsOfficeRelationship_tf(); --changeset hs-office-relationship-rbac-INSERT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- --- FIXME: Where is this case necessary? +/* + Creates INSERT INTO hs_office_relationship permissions for the related hs_office_person rows. + */ +do language plpgsql $$ + declare + row hs_office_person; + permissionUuid uuid; + roleUuid uuid; + begin + call defineContext('create INSERT INTO hs_office_relationship permissions for the related hs_office_person rows'); + + FOR row IN SELECT * FROM hs_office_person + LOOP + roleUuid := findRoleId(hsOfficePersonAdmin(row)); + permissionUuid := createPermission(row.uuid, 'INSERT', 'hs_office_relationship'); + call grantPermissionToRole(permissionUuid, roleUuid); + END LOOP; + END; +$$; + +/** + Adds hs_office_relationship INSERT permission to specified role of new hs_office_person rows. +*/ +create or replace function hs_office_relationship_hs_office_person_insert_tf() + returns trigger + language plpgsql + strict as $$ +begin + call grantPermissionToRole( + createPermission(NEW.uuid, 'INSERT', 'hs_office_relationship'), + hsOfficePersonAdmin(NEW)); + return NEW; +end; $$; + +create trigger z_hs_office_relationship_hs_office_person_insert_tg + after insert on hs_office_person + for each row +execute procedure hs_office_relationship_hs_office_person_insert_tf(); + +/** + Checks if the user or assumed roles are allowed to insert a row to hs_office_relationship. +*/ +create or replace function hs_office_relationship_insert_permission_missing_tf() + returns trigger + language plpgsql as $$ +begin + if ( not hasInsertPermission( + ( SELECT anchorPerson.uuid FROM + + (select * from hs_office_person as p where p.uuid = NEW.relAnchorUuid) AS anchorPerson + + ), 'INSERT', 'hs_office_relationship') ) then + raise exception + '[403] insert into hs_office_relationship not allowed for current subjects % (%)', + currentSubjects(), currentSubjectsUuids(); + end if; + return NEW; +end; $$; + create trigger hs_office_relationship_insert_permission_check_tg before insert on hs_office_relationship for each row - -- As there is no explicit INSERT grant specified for this table, - -- only global admins are allowed to insert any rows. - when ( not isGlobalAdmin() ) execute procedure hs_office_relationship_insert_permission_missing_tf(); --// diff --git a/src/main/resources/db/changelog/233-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/233-hs-office-partner-rbac.sql index b086f92d..ecaac314 100644 --- a/src/main/resources/db/changelog/233-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/233-hs-office-partner-rbac.sql @@ -110,7 +110,7 @@ begin return NEW; end; $$; -create trigger hs_office_partner_global_insert_tg +create trigger z_hs_office_partner_global_insert_tg after insert on global for each row execute procedure hs_office_partner_global_insert_tf(); diff --git a/src/main/resources/db/changelog/234-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/234-hs-office-partner-details-rbac.sql index 26aa4169..174021f1 100644 --- a/src/main/resources/db/changelog/234-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/234-hs-office-partner-details-rbac.sql @@ -95,7 +95,7 @@ begin return NEW; end; $$; -create trigger hs_office_partner_details_global_insert_tg +create trigger z_hs_office_partner_details_global_insert_tg after insert on global for each row execute procedure hs_office_partner_details_global_insert_tf(); diff --git a/src/main/resources/db/changelog/243-hs-office-bankaccount-rbac.sql b/src/main/resources/db/changelog/243-hs-office-bankaccount-rbac.sql index a13c131d..7b74f380 100644 --- a/src/main/resources/db/changelog/243-hs-office-bankaccount-rbac.sql +++ b/src/main/resources/db/changelog/243-hs-office-bankaccount-rbac.sql @@ -114,7 +114,7 @@ begin return NEW; end; $$; -create trigger hs_office_bankaccount_global_insert_tg +create trigger z_hs_office_bankaccount_global_insert_tg after insert on global for each row execute procedure hs_office_bankaccount_global_insert_tf(); diff --git a/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.md b/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.md index 3d904ce9..751a3e8f 100644 --- a/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.md +++ b/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.md @@ -1,6 +1,6 @@ ### rbac sepaMandate -This code generated was by RbacViewMermaidFlowchartGenerator at 2024-03-15T06:12:35.337470470. +This code generated was by RbacViewMermaidFlowchartGenerator at 2024-03-15T17:18:45.736693565. ```mermaid %%{init:{'flowchart':{'htmlLabels':false}}}%% diff --git a/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.sql index b5f98ca3..23a4f211 100644 --- a/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.sql @@ -1,5 +1,5 @@ --liquibase formatted sql --- This code generated was by RbacViewPostgresGenerator at 2024-03-15T06:12:35.345630060. +-- This code generated was by RbacViewPostgresGenerator at 2024-03-15T17:18:45.747792100. -- ============================================================================ @@ -134,12 +134,12 @@ create or replace function hs_office_sepamandate_hs_office_relationship_insert_t strict as $$ begin call grantPermissionToRole( - hsOfficeRelationshipAdmin(NEW), - createPermission(NEW.uuid, 'INSERT', 'hs_office_sepamandate')); + createPermission(NEW.uuid, 'INSERT', 'hs_office_sepamandate'), + hsOfficeRelationshipAdmin(NEW)); return NEW; end; $$; -create trigger hs_office_sepamandate_hs_office_relationship_insert_tg +create trigger z_hs_office_sepamandate_hs_office_relationship_insert_tg after insert on hs_office_relationship for each row execute procedure hs_office_sepamandate_hs_office_relationship_insert_tf(); diff --git a/src/main/resources/db/changelog/273-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/273-hs-office-debitor-rbac.sql index 9d05ff1f..534d773d 100644 --- a/src/main/resources/db/changelog/273-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/273-hs-office-debitor-rbac.sql @@ -225,7 +225,7 @@ begin return NEW; end; $$; -create trigger hs_office_debitor_global_insert_tg +create trigger z_hs_office_debitor_global_insert_tg after insert on global for each row execute procedure hs_office_debitor_global_insert_tf(); diff --git a/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql index 88c72c3a..67b46509 100644 --- a/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql @@ -124,7 +124,7 @@ begin return NEW; end; $$; -create trigger hs_office_membership_global_insert_tg +create trigger z_hs_office_membership_global_insert_tg after insert on global for each row execute procedure hs_office_membership_global_insert_tf(); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java index 3d120cd1..8fe68c67 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java @@ -223,12 +223,22 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid(); RestAssured // @formatter:off - .given().header("current-user", "contact-admin@firstcontact.example.com").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid).then().log().body().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals(""" - { - "transactionType": "SUBSCRIPTION", - "shareCount": 4 - } - """)); // @formatter:on + .given() + .header("current-user", "contact-admin@firstcontact.example.com") + .port(port) + .when() + .get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid) + .then() + .log().body() + .assertThat() + .statusCode(200) + .contentType("application/json") + .body("", lenientlyEquals(""" + { + "transactionType": "SUBSCRIPTION", + "shareCount": 4 + } + """)); // @formatter:on } } } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java index 609e7940..837e02fd 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java @@ -88,7 +88,6 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase context("superuser-alex@hostsharing.net"); final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() - .map(s -> s.replace("FirstGmbH-firstcontact", "...")) .map(s -> s.replace("hs_office_", "")) .toList(); @@ -109,11 +108,10 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase final var all = rawRoleRepo.findAll(); assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(initialRoleNames)); // no new roles created assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) - .map(s -> s.replace("FirstGmbH-firstcontact", "...")) .map(s -> s.replace("hs_office_", "")) .containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, - "{ grant perm SELECT on coopsharestransaction#temprefB to role membership#1000101:....tenant by system and assume }", + "{ grant perm SELECT on coopsharestransaction#temprefB to role membership#M-1000101.referrer by system and assume }", null)); } @@ -194,7 +192,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase @Test public void normalUser_canViewOnlyRelatedCoopSharesTransactions() { // given: - context("superuser-alex@hostsharing.net", "hs_office_partner#10001:FirstGmbH-firstcontact.admin"); + context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000101.admin"); // when: final var result = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange( diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepositoryIntegrationTest.java index f9926b98..abb80cbf 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relationship/HsOfficeRelationshipRepositoryIntegrationTest.java @@ -127,16 +127,18 @@ class HsOfficeRelationshipRepositoryIntegrationTest extends ContextBasedTestWith "hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.tenant")); assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, + "{ grant perm INSERT on hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert to role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.admin by system and assume }", "{ grant perm DELETE on hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert to role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.owner by system and assume }", "{ grant role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.owner to role global#global.admin by system and assume }", + "{ grant role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.owner to user superuser-alex@hostsharing.net by hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.owner and assume }", - "{ grant perm edit on hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert to role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.admin by system and assume }", + "{ grant perm UPDATE on hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert to role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.admin by system and assume }", "{ grant role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.admin to role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.owner by system and assume }", "{ grant role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.admin to role hs_office_person#ErbenBesslerMelBessler.admin by system and assume }", - "{ grant perm UPDATE on hs_office_relationship#BesslerAnita-with-REPRESENTATIVE-BesslerAnita to role hs_office_relationship#BesslerAnita-with-REPRESENTATIVE-BesslerAnita.admin by system and assume }", - "{ grant role hs_office_relationship#BesslerAnita-with-REPRESENTATIVE-BesslerAnita.admin to role hs_office_relationship#BesslerAnita-with-REPRESENTATIVE-BesslerAnita.owner by system and assume }", + "{ grant role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.agent to role hs_office_person#BesslerBert.admin by system and assume }", + "{ grant role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.agent to role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.admin by system and assume }", "{ grant perm SELECT on hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert to role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.tenant by system and assume }", "{ grant role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.tenant to role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.agent by system and assume }", @@ -145,7 +147,8 @@ class HsOfficeRelationshipRepositoryIntegrationTest extends ContextBasedTestWith "{ grant role hs_office_contact#fourthcontact.referrer to role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.tenant by system and assume }", // REPRESENTATIVE holder person -> (represented) anchor person - "{ grant role hs_office_person#BesslerBert.admin to role hs_office_person#ErbenBesslerMelBessler.admin by system and assume }", + "{ grant role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.tenant to role hs_office_contact#fourthcontact.admin by system and assume }", + "{ grant role hs_office_relationship#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert.tenant to role hs_office_person#BesslerBert.admin by system and assume }", null) ); @@ -195,7 +198,8 @@ class HsOfficeRelationshipRepositoryIntegrationTest extends ContextBasedTestWith result, "rel(relAnchor='LP Second e.K.', relType='REPRESENTATIVE', relHolder='NP Smith, Peter', contact='second contact')", "rel(relAnchor='IF Third OHG', relType='SUBSCRIBER', relMark='members-announce', relHolder='NP Smith, Peter', contact='third contact')", - "rel(relAnchor='LP Hostsharing eG', relType='PARTNER', relHolder='NP Smith, Peter', contact='sixth contact')"); + "rel(relAnchor='LP Hostsharing eG', relType='PARTNER', relHolder='NP Smith, Peter', contact='sixth contact')", + "rel(relAnchor='NP Smith, Peter', relType='ACCOUNTING', relHolder='NP Smith, Peter', contact='third contact')"); } }