From 898ebe9c3c4509c47a4fefb9a36a28de715fc3b8 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Mon, 29 Apr 2024 11:38:16 +0200
Subject: [PATCH] fix wrongly rendered INSERT-permissions

---
 .../rbac/rbacdef/RbacViewMermaidFlowchartGenerator.java    | 7 +++----
 .../7013-hs-hosting-asset-rbac-CLOUD_SERVER.md             | 1 -
 .../7013-hs-hosting-asset-rbac-MANAGED_SERVER.md           | 1 -
 .../701-hosting-asset/7013-hs-hosting-asset-rbac.md        | 2 --
 4 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewMermaidFlowchartGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewMermaidFlowchartGenerator.java
index 67d605fb..a820ad6a 100644
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewMermaidFlowchartGenerator.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewMermaidFlowchartGenerator.java
@@ -5,7 +5,6 @@ import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.CaseDef;
 import org.apache.commons.lang3.StringUtils;
 
 import java.nio.file.*;
-import java.util.Comparator;
 import java.util.List;
 import java.util.Objects;
 import java.util.stream.Collectors;
@@ -133,7 +132,7 @@ public class RbacViewMermaidFlowchartGenerator {
         final var grantsOfRequestedType = rbacDef.getGrantDefs().stream()
                 .filter(g -> g.grantType() == grantType)
                 .filter(rbacDef::renderInDiagram)
-                .filter(this::isToBeRenderedInThisGraph)
+                .filter(this::isToBeRenderedForThisCase)
                 .toList();
         if ( !grantsOfRequestedType.isEmpty()) {
             flowchart.ensureSingleEmptyLine();
@@ -142,8 +141,8 @@ public class RbacViewMermaidFlowchartGenerator {
         }
     }
 
-    private boolean isToBeRenderedInThisGraph(final RbacView.RbacGrantDefinition g) {
-        if ( g.grantType() != ROLE_TO_ROLE )
+    private boolean isToBeRenderedForThisCase(final RbacView.RbacGrantDefinition g) {
+        if ( g.grantType() == ROLE_TO_USER )
             return true;
         if ( forCase == null && !g.isConditional() )
             return true;
diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac-CLOUD_SERVER.md b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac-CLOUD_SERVER.md
index 6a9497ad..65ae6608 100644
--- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac-CLOUD_SERVER.md
+++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac-CLOUD_SERVER.md
@@ -85,7 +85,6 @@ role:asset:TENANT ==> role:bookingItem:TENANT
 
 %% granting permissions to roles
 role:bookingItem:AGENT ==> perm:asset:INSERT
-role:parentServer:ADMIN ==> perm:asset:INSERT
 role:asset:OWNER ==> perm:asset:DELETE
 role:asset:ADMIN ==> perm:asset:UPDATE
 role:asset:TENANT ==> perm:asset:SELECT
diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac-MANAGED_SERVER.md b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac-MANAGED_SERVER.md
index 660881b6..773ae411 100644
--- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac-MANAGED_SERVER.md
+++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac-MANAGED_SERVER.md
@@ -85,7 +85,6 @@ role:asset:TENANT ==> role:bookingItem:TENANT
 
 %% granting permissions to roles
 role:bookingItem:AGENT ==> perm:asset:INSERT
-role:parentServer:ADMIN ==> perm:asset:INSERT
 role:asset:OWNER ==> perm:asset:DELETE
 role:asset:ADMIN ==> perm:asset:UPDATE
 role:asset:TENANT ==> perm:asset:SELECT
diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.md b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.md
index 16f3b8a2..cbbd80c0 100644
--- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.md
+++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.md
@@ -84,8 +84,6 @@ role:asset:ADMIN ==> role:asset:TENANT
 role:asset:TENANT ==> role:bookingItem:TENANT
 
 %% granting permissions to roles
-role:bookingItem:AGENT ==> perm:asset:INSERT
-role:parentServer:ADMIN ==> perm:asset:INSERT
 role:asset:OWNER ==> perm:asset:DELETE
 role:asset:ADMIN ==> perm:asset:UPDATE
 role:asset:TENANT ==> perm:asset:SELECT