fixing most tests except one with INSERT permission problems
This commit is contained in:
Michael Hoennig
parent
86c409015c
commit
8d8075a252
@ -150,7 +150,7 @@ public class InsertTriggerGenerator {
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
begin
|
||||
raise exception '[403] insert into ${rawSubTable} not allowed regardless of current subject, no insert permissions grated at all';
|
||||
raise exception '[403] insert into ${rawSubTable} values(%) not allowed regardless of current subject, no insert permissions granted at all', NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger ${rawSubTable}_insert_permission_check_tg
|
||||
@ -254,8 +254,8 @@ public class InsertTriggerGenerator {
|
||||
private void generateInsertPermissionsChecksFooter(final StringWriter plPgSql) {
|
||||
plPgSql.writeLn();
|
||||
plPgSql.writeLn("""
|
||||
raise exception '[403] insert into ${rawSubTable} not allowed for current subjects % (%)',
|
||||
currentSubjects(), currentSubjectsUuids();
|
||||
raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)',
|
||||
NEW, currentSubjects(), currentSubjectsUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger ${rawSubTable}_insert_permission_check_tg
|
||||
|
||||
@ -232,8 +232,8 @@ begin
|
||||
return NEW;
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_hosting_asset not allowed for current subjects % (%)',
|
||||
currentSubjects(), currentSubjectsUuids();
|
||||
raise exception '[403] insert into hs_hosting_asset values(%) not allowed for current subjects % (%)',
|
||||
NEW, currentSubjects(), currentSubjectsUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_hosting_asset_insert_permission_check_tg
|
||||
|
||||
@ -39,6 +39,7 @@ public class ArchitectureTest {
|
||||
"..context",
|
||||
"..generated..",
|
||||
"..persistence..",
|
||||
"..validation..",
|
||||
"..hs.office.bankaccount",
|
||||
"..hs.office.contact",
|
||||
"..hs.office.coopassets",
|
||||
@ -50,9 +51,11 @@ public class ArchitectureTest {
|
||||
"..hs.office.person",
|
||||
"..hs.office.relation",
|
||||
"..hs.office.sepamandate",
|
||||
"..hs.booking.project",
|
||||
"..hs.booking.item",
|
||||
"..hs.booking.item.validators",
|
||||
"..hs.hosting.asset",
|
||||
"..hs.hosting.asset.validator",
|
||||
"..hs.hosting.asset.validators",
|
||||
"..errors",
|
||||
"..mapper",
|
||||
"..ping",
|
||||
|
||||
@ -5,8 +5,10 @@ import io.restassured.http.ContentType;
|
||||
import net.hostsharing.hsadminng.HsadminNgApplication;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemEntity;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRepository;
|
||||
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectEntity;
|
||||
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRepository;
|
||||
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository;
|
||||
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService;
|
||||
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
|
||||
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
@ -20,6 +22,7 @@ import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import static java.util.Map.entry;
|
||||
import static java.util.Optional.ofNullable;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.CLOUD_SERVER;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_SERVER;
|
||||
import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
|
||||
@ -68,7 +71,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/hs/hosting/assets?projectUuid=" + givenProject.getUuid())
|
||||
.get("http://localhost/api/hs/hosting/assets?projectUuid=" + givenProject.getUuid() + "&type=MANAGED_WEBSPACE")
|
||||
.then().log().all().assertThat()
|
||||
.statusCode(200)
|
||||
.contentType("application/json")
|
||||
@ -76,7 +79,18 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
[
|
||||
{
|
||||
"type": "MANAGED_WEBSPACE",
|
||||
"identifier": "aaa01",
|
||||
"identifier": "sec01",
|
||||
"caption": "some Webspace",
|
||||
"config": {
|
||||
"HDD": 2048,
|
||||
"RAM": 1,
|
||||
"SDD": 512,
|
||||
"extra": 42
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "MANAGED_WEBSPACE",
|
||||
"identifier": "fir01",
|
||||
"caption": "some Webspace",
|
||||
"config": {
|
||||
"HDD": 2048,
|
||||
@ -86,24 +100,15 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "MANAGED_SERVER",
|
||||
"identifier": "vm1011",
|
||||
"caption": "some ManagedServer",
|
||||
"type": "MANAGED_WEBSPACE",
|
||||
"identifier": "thi01",
|
||||
"caption": "some Webspace",
|
||||
"config": {
|
||||
"CPU": 2,
|
||||
"HDD": 2048,
|
||||
"RAM": 1,
|
||||
"SDD": 512,
|
||||
"extra": 42
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "CLOUD_SERVER",
|
||||
"identifier": "vm2011",
|
||||
"caption": "another CloudServer",
|
||||
"config": {
|
||||
"CPU": 2,
|
||||
"HDD": 1024,
|
||||
"extra": 42
|
||||
}
|
||||
}
|
||||
]
|
||||
"""));
|
||||
@ -170,7 +175,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
void globalAdmin_canAddBookedAsset() {
|
||||
|
||||
context.define("superuser-alex@hostsharing.net");
|
||||
final var givenBookingItem = givenBookingItem("First", "some PrivateCloud");
|
||||
final var givenBookingItem = givenBookingItem("D-1000111 default project", "some PrivateCloud");
|
||||
|
||||
final var location = RestAssured // @formatter:off
|
||||
.given()
|
||||
@ -212,24 +217,28 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
void parentAssetAgent_canAddSubAsset() {
|
||||
|
||||
context.define("superuser-alex@hostsharing.net");
|
||||
final var givenParentAsset = givenParentAsset("First", MANAGED_SERVER);
|
||||
final var givenParentAsset = givenParentAsset("D-1000111 default project", MANAGED_SERVER);
|
||||
|
||||
context.define("person-FirbySusan@example.com");
|
||||
|
||||
generateRbacDiagramForCurrentSubjects(RbacGrantsDiagramService.Include.ALL_NON_TEST_ENTITY_RELATED, "parentAssetAgent_canAddSubAsset"); // FIXME
|
||||
|
||||
final var location = RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "person-FirbySusan@example.com")
|
||||
.contentType(ContentType.JSON)
|
||||
.body("""
|
||||
{
|
||||
"parentAssetUuid": "%s",
|
||||
"type": "MANAGED_WEBSPACE",
|
||||
"identifier": "fir90",
|
||||
"caption": "some new ManagedWebspace in client's ManagedServer",
|
||||
"config": { "SSD": 100, "Traffic": 250 }
|
||||
}
|
||||
""".formatted(givenParentAsset.getUuid()))
|
||||
.port(port)
|
||||
.header("current-user", "person-FirbySusan@example.com")
|
||||
.contentType(ContentType.JSON)
|
||||
.body("""
|
||||
{
|
||||
"parentAssetUuid": "%s",
|
||||
"type": "MANAGED_WEBSPACE",
|
||||
"identifier": "fir90",
|
||||
"caption": "some new ManagedWebspace in client's ManagedServer",
|
||||
"config": { "SSD": 100, "Traffic": 250 }
|
||||
}
|
||||
""".formatted(givenParentAsset.getUuid()))
|
||||
.port(port)
|
||||
.when()
|
||||
.post("http://localhost/api/hs/hosting/assets")
|
||||
.post("http://localhost/api/hs/hosting/assets")
|
||||
.then().log().all().assertThat()
|
||||
.statusCode(201)
|
||||
.contentType(ContentType.JSON)
|
||||
@ -254,7 +263,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
void additionalValidationsArePerformend_whenAddingAsset() {
|
||||
|
||||
context.define("superuser-alex@hostsharing.net");
|
||||
final var givenBookingItem = givenBookingItem("First", "some PrivateCloud");
|
||||
final var givenBookingItem = givenBookingItem("D-1000111 default project", "some PrivateCloud");
|
||||
|
||||
final var location = RestAssured // @formatter:off
|
||||
.given()
|
||||
@ -410,7 +419,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
context.define("superuser-alex@hostsharing.net");
|
||||
assertThat(assetRepo.findByUuid(givenAsset.getUuid())).isPresent().get()
|
||||
.matches(asset -> {
|
||||
assertThat(asset.toString()).isEqualTo("HsHostingAssetEntity(CLOUD_SERVER, vm2001, some test-asset, D-1000111:some CloudServer, { CPUs: 2, RAM: 100, SSD: 250, Traffic: 2000 })");
|
||||
assertThat(asset.toString()).isEqualTo("HsHostingAssetEntity(CLOUD_SERVER, vm2001, some test-asset, D-1000111:D-1000111 default project:some CloudServer, { CPUs: 2, RAM: 100, SSD: 250, Traffic: 2000 })");
|
||||
return true;
|
||||
});
|
||||
}
|
||||
@ -467,9 +476,15 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
.findAny().orElseThrow();
|
||||
}
|
||||
|
||||
HsHostingAssetEntity givenParentAsset(final String debitorName, final HsHostingAssetType assetType) {
|
||||
final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike(debitorName).stream().findAny().orElseThrow();
|
||||
final var givenAsset = assetRepo.findAllByCriteria(givenDebitor.getUuid(), null, assetType).stream().findAny().orElseThrow();
|
||||
HsHostingAssetEntity givenParentAsset(final String projectCaption, final HsHostingAssetType assetType) {
|
||||
final var givenAsset = assetRepo.findAll().stream()
|
||||
.filter(a -> ofNullable(a)
|
||||
.map(HsHostingAssetEntity::getBookingItem)
|
||||
.map(HsBookingItemEntity::getProject)
|
||||
.map(HsBookingProjectEntity::getCaption)
|
||||
.filter(c -> c.equals(projectCaption))
|
||||
.isPresent())
|
||||
.findAny().orElseThrow();
|
||||
return givenAsset;
|
||||
}
|
||||
|
||||
@ -481,7 +496,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
context.define("superuser-alex@hostsharing.net");
|
||||
final var newAsset = HsHostingAssetEntity.builder()
|
||||
.uuid(UUID.randomUUID())
|
||||
.bookingItem(givenBookingItem("First", "some CloudServer"))
|
||||
.bookingItem(givenBookingItem("D-1000111 default project", "some CloudServer"))
|
||||
.type(hostingAssetType)
|
||||
.identifier("vm" + identifierSuffix)
|
||||
.caption("some test-asset")
|
||||
|
||||
@ -181,7 +181,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
.containsExactlyInAnyOrder(Array.fromFormatted(
|
||||
initialGrantNames,
|
||||
"{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>sepamandate to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }",
|
||||
"{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>hs_booking_item to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }",
|
||||
"{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>hs_booking_project to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }",
|
||||
|
||||
// owner
|
||||
"{ grant perm:debitor#D-1000122:DELETE to role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER by system and assume }",
|
||||
|
||||
@ -20,5 +20,6 @@ public class TestHsOfficeDebitor {
|
||||
.contact(TEST_CONTACT)
|
||||
.build())
|
||||
.partner(TEST_PARTNER)
|
||||
.defaultPrefix("abc")
|
||||
.build();
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user