improve test code coverage and generic array return from native queries
This commit is contained in:
parent
a1c3e95032
commit
8af93603d5
@ -1,16 +0,0 @@
|
||||
package net.hostsharing.hsadminng.config;
|
||||
|
||||
import com.vladmihalcea.hibernate.type.array.UUIDArrayType;
|
||||
import org.hibernate.dialect.PostgreSQL95Dialect;
|
||||
|
||||
import java.sql.Types;
|
||||
|
||||
@SuppressWarnings("unused") // configured in application.yml
|
||||
public class PostgreSQL95CustomDialect extends PostgreSQL95Dialect {
|
||||
|
||||
public PostgreSQL95CustomDialect() {
|
||||
this.registerHibernateType(Types.OTHER, "pg-uuid");
|
||||
this.registerHibernateType(Types.ARRAY, UUIDArrayType.class.getName());
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,15 @@
|
||||
package net.hostsharing.hsadminng.config;
|
||||
|
||||
import org.hibernate.dialect.PostgreSQL95Dialect;
|
||||
|
||||
import java.sql.Types;
|
||||
|
||||
@SuppressWarnings("unused") // configured in application.yml
|
||||
public class PostgresCustomDialect extends PostgreSQL95Dialect {
|
||||
|
||||
public PostgresCustomDialect() {
|
||||
this.registerHibernateType(Types.OTHER, "pg-uuid");
|
||||
this.registerHibernateType(Types.ARRAY, "array");
|
||||
}
|
||||
|
||||
}
|
@ -1,5 +1,7 @@
|
||||
package net.hostsharing.hsadminng.context;
|
||||
|
||||
import com.vladmihalcea.hibernate.type.array.StringArrayType;
|
||||
import com.vladmihalcea.hibernate.type.array.UUIDArrayType;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.SneakyThrows;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
@ -80,11 +82,17 @@ public class Context {
|
||||
}
|
||||
|
||||
public String[] getAssumedRoles() {
|
||||
return (String[]) em.createNativeQuery("select assumedRoles()").getSingleResult();
|
||||
return (String[]) em.createNativeQuery("select assumedRoles() as roles")
|
||||
.unwrap(org.hibernate.query.NativeQuery.class)
|
||||
.addScalar("roles", StringArrayType.INSTANCE)
|
||||
.getSingleResult();
|
||||
}
|
||||
|
||||
public UUID[] currentSubjectsUuids() {
|
||||
return (UUID[]) em.createNativeQuery("select currentSubjectsUuids()").getSingleResult();
|
||||
return (UUID[]) em.createNativeQuery("select currentSubjectsUuids() as uuids")
|
||||
.unwrap(org.hibernate.query.NativeQuery.class)
|
||||
.addScalar("uuids", UUIDArrayType.INSTANCE) // TODO.BLOG
|
||||
.getSingleResult();
|
||||
}
|
||||
|
||||
private static String getCallerMethodNameFromStack() {
|
||||
|
@ -16,7 +16,7 @@ spring:
|
||||
jpa:
|
||||
properties:
|
||||
hibernate:
|
||||
dialect: net.hostsharing.hsadminng.config.PostgreSQL95CustomDialect
|
||||
dialect: net.hostsharing.hsadminng.config.PostgresCustomDialect
|
||||
|
||||
liquibase:
|
||||
contexts: dev
|
||||
|
@ -28,6 +28,7 @@ create or replace function determineCurrentSubjectsUuids(currentUserUuid uuid, a
|
||||
language plpgsql as $$
|
||||
declare
|
||||
roleName varchar(63);
|
||||
roleNameParts varchar(63);
|
||||
objectTableToAssume varchar(63);
|
||||
objectNameToAssume varchar(63);
|
||||
objectUuidToAssume uuid;
|
||||
@ -48,10 +49,10 @@ begin
|
||||
|
||||
foreach roleName in array string_to_array(assumedRoles, ';')
|
||||
loop
|
||||
roleName = overlay(roleName placing '#' from length(roleName) + 1 - strpos(reverse(roleName), '.'));
|
||||
objectTableToAssume = split_part(roleName, '#', 1);
|
||||
objectNameToAssume = split_part(roleName, '#', 2);
|
||||
roleTypeToAssume = split_part(roleName, '#', 3);
|
||||
roleNameParts = overlay(roleName placing '#' from length(roleName) + 1 - strpos(reverse(roleName), '.'));
|
||||
objectTableToAssume = split_part(roleNameParts, '#', 1);
|
||||
objectNameToAssume = split_part(roleNameParts, '#', 2);
|
||||
roleTypeToAssume = split_part(roleNameParts, '#', 3);
|
||||
|
||||
objectUuidToAssume = findObjectUuidByIdName(objectTableToAssume, objectNameToAssume);
|
||||
|
||||
@ -60,7 +61,10 @@ begin
|
||||
where r.objectUuid = objectUuidToAssume
|
||||
and r.roleType = roleTypeToAssume
|
||||
into roleUuidToAssume;
|
||||
if (not isGranted(currentUserUuid, roleUuidToAssume)) then
|
||||
if roleUuidToAssume is null then
|
||||
raise exception '[403] role % not accessible for user %', roleName, currentUser();
|
||||
end if;
|
||||
if not isGranted(currentUserUuid, roleUuidToAssume) then
|
||||
raise exception '[403] user % has no permission to assume role %', currentUser(), roleName;
|
||||
end if;
|
||||
roleIdsToAssume := roleIdsToAssume || roleUuidToAssume;
|
||||
@ -160,7 +164,7 @@ begin
|
||||
if (currentSubjectsUuids is null or length(currentSubjectsUuids) = 0 ) then
|
||||
currentUserName := currentUser();
|
||||
if (length(currentUserName) > 0) then
|
||||
raise exception '[401] currentUserUuid cannot be determined, unknown user name "%"', currentUserName;
|
||||
raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName;
|
||||
else
|
||||
raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` first;"';
|
||||
end if;
|
||||
|
@ -1,5 +1,6 @@
|
||||
package net.hostsharing.hsadminng.context;
|
||||
|
||||
import net.hostsharing.test.Array;
|
||||
import net.hostsharing.test.JpaAttempt;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@ -32,23 +33,26 @@ class ContextIntegrationTests {
|
||||
|
||||
context.define("mike@hostsharing.net", null);
|
||||
|
||||
final var currentTask = context.getCurrentTask();
|
||||
assertThat(currentTask).isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack");
|
||||
assertThat(context.getCurrentTask())
|
||||
.isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack");
|
||||
}
|
||||
|
||||
@Test
|
||||
@Transactional
|
||||
void defineWithCurrentUserButWithoutAssumedRoles() {
|
||||
// when
|
||||
context.define("mike@hostsharing.net");
|
||||
|
||||
final var currentUser = context.getCurrentUser();
|
||||
assertThat(currentUser).isEqualTo("mike@hostsharing.net");
|
||||
// then
|
||||
assertThat(context.getCurrentUser()).
|
||||
isEqualTo("mike@hostsharing.net");
|
||||
|
||||
final var currentUserUuid = context.getCurrentUserUUid();
|
||||
assertThat(currentUserUuid).isNotNull();
|
||||
assertThat(context.getCurrentUserUUid()).isNotNull();
|
||||
|
||||
final var assumedRoleUuids = context.currentSubjectsUuids();
|
||||
assertThat(assumedRoleUuids).containsExactly(currentUserUuid);
|
||||
assertThat(context.getAssumedRoles()).isEmpty();
|
||||
|
||||
assertThat(context.currentSubjectsUuids())
|
||||
.containsExactly(context.getCurrentUserUUid());
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -80,13 +84,17 @@ class ContextIntegrationTests {
|
||||
@Test
|
||||
@Transactional
|
||||
void defineWithCurrentUserAndAssumedRoles() {
|
||||
// given
|
||||
context.define("mike@hostsharing.net", "customer#xxx.owner;customer#yyy.owner");
|
||||
|
||||
// when
|
||||
final var currentUser = context.getCurrentUser();
|
||||
assertThat(currentUser).isEqualTo("mike@hostsharing.net");
|
||||
|
||||
final var assumedRoles = context.currentSubjectsUuids();
|
||||
assertThat(assumedRoles).hasSize(2);
|
||||
// then
|
||||
assertThat(context.getAssumedRoles())
|
||||
.isEqualTo(Array.of("customer#xxx.owner", "customer#yyy.owner"));
|
||||
assertThat(context.currentSubjectsUuids()).hasSize(2);
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -99,6 +107,6 @@ class ContextIntegrationTests {
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(
|
||||
javax.persistence.PersistenceException.class,
|
||||
"ERROR: [403] user customer-admin@xxx.example.com has no permission to assume role package#yyy00#admin");
|
||||
"ERROR: [403] user customer-admin@xxx.example.com has no permission to assume role package#yyy00.admin");
|
||||
}
|
||||
}
|
||||
|
@ -5,6 +5,7 @@ import io.restassured.http.ContentType;
|
||||
import io.restassured.response.ValidatableResponse;
|
||||
import net.hostsharing.hsadminng.Accepts;
|
||||
import net.hostsharing.hsadminng.HsadminNgApplication;
|
||||
import net.hostsharing.hsadminng.context.Context;
|
||||
import net.hostsharing.hsadminng.context.ContextBasedTest;
|
||||
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity;
|
||||
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository;
|
||||
@ -203,7 +204,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
|
||||
@Test
|
||||
@Accepts({ "GRT:R(Read)", "GRT:X(Access Control)" })
|
||||
void packageAdmin_withAssumedPackageAdmin_canNotReadItsOwnGrantByIdAnymore() {
|
||||
void packageAdmin_withAssumedPackageAdmin_canStillReadItsOwnGrantById() {
|
||||
// given
|
||||
final var givenCurrentUserAsPackageAdmin = new Subject(
|
||||
"pac-admin-xxx00@xxx.example.com",
|
||||
@ -225,21 +226,20 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
|
||||
@Test
|
||||
@Accepts({ "GRT:R(Read)", "GRT:X(Access Control)" })
|
||||
void packageAdmin_withAssumedUnixUserAdmin_canNotReadItsOwnGrantByIdAnymore() {
|
||||
void packageAdmin_withAssumedPackageTenantRole_canNotReadItsOwnGrantByIdAnymore() {
|
||||
|
||||
// given
|
||||
final var givenCurrentUserAsPackageAdmin = new Subject(
|
||||
"pac-admin-xxx00@xxx.example.com",
|
||||
"unixuser#xxx00-xxxa.admin");
|
||||
"package#xxx00.tenant");
|
||||
final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
|
||||
final var givenGrantedRole = findRbacRoleByName("package#xxx00.admin");
|
||||
|
||||
// when
|
||||
final var grant = givenCurrentUserAsPackageAdmin.getGrantById()
|
||||
.forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser);
|
||||
|
||||
// then
|
||||
grant.assertThat()
|
||||
.statusCode(401);
|
||||
.statusCode(404);
|
||||
}
|
||||
}
|
||||
|
||||
@ -453,8 +453,6 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
|
||||
private Subject currentSubject = Subject.this;
|
||||
private RbacRoleEntity grantedRole;
|
||||
private boolean assumed;
|
||||
private RbacUserEntity granteeUser;
|
||||
|
||||
GetGrantByIdFixture forGrantedRole(final RbacRoleEntity grantedRole) {
|
||||
this.grantedRole = grantedRole;
|
||||
@ -462,7 +460,6 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
}
|
||||
|
||||
ValidatableResponse toGranteeUser(final RbacUserEntity granteeUser) {
|
||||
this.granteeUser = granteeUser;
|
||||
|
||||
return RestAssured // @formatter:ff
|
||||
.given()
|
||||
@ -473,7 +470,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
||||
.get("http://localhost/api/rbac-grants/%s/%s".formatted(
|
||||
grantedRole.getUuid(), granteeUser.getUuid()
|
||||
))
|
||||
.then().log().all(); // @formatter:on
|
||||
.then().log().all();
|
||||
// @formatter:on
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -147,7 +147,7 @@ class RbacRoleRepositoryIntegrationTest {
|
||||
|
||||
result.assertExceptionWithRootCauseMessage(
|
||||
JpaSystemException.class,
|
||||
"[401] currentUserUuid cannot be determined, unknown user name \"unknown@example.org\"");
|
||||
"[401] currentSubjectsUuids () cannot be determined, unknown user name \"unknown@example.org\"");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -13,7 +13,7 @@ spring:
|
||||
properties:
|
||||
hibernate:
|
||||
default_schema: public
|
||||
dialect: net.hostsharing.hsadminng.config.PostgreSQL95CustomDialect
|
||||
dialect: net.hostsharing.hsadminng.config.PostgresCustomDialect
|
||||
format_sql: false
|
||||
hibernate:
|
||||
ddl-auto: none
|
||||
|
Loading…
Reference in New Issue
Block a user