From 8d8075a2527c3ca13f2bb074004f125368863190 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Thu, 30 May 2024 15:45:43 +0200 Subject: [PATCH] fixing most tests except one with INSERT permission problems --- .../rbac/rbacdef/InsertTriggerGenerator.java | 6 +- .../7013-hs-hosting-asset-rbac.sql | 4 +- .../hsadminng/arch/ArchitectureTest.java | 5 +- ...sHostingAssetControllerAcceptanceTest.java | 89 +++++++++++-------- ...fficeDebitorRepositoryIntegrationTest.java | 2 +- .../office/debitor/TestHsOfficeDebitor.java | 1 + 6 files changed, 63 insertions(+), 44 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java index b3c37bad..7c8b08ea 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java @@ -150,7 +150,7 @@ public class InsertTriggerGenerator { returns trigger language plpgsql as $$ begin - raise exception '[403] insert into ${rawSubTable} not allowed regardless of current subject, no insert permissions grated at all'; + raise exception '[403] insert into ${rawSubTable} values(%) not allowed regardless of current subject, no insert permissions granted at all', NEW; end; $$; create trigger ${rawSubTable}_insert_permission_check_tg @@ -254,8 +254,8 @@ public class InsertTriggerGenerator { private void generateInsertPermissionsChecksFooter(final StringWriter plPgSql) { plPgSql.writeLn(); plPgSql.writeLn(""" - raise exception '[403] insert into ${rawSubTable} not allowed for current subjects % (%)', - currentSubjects(), currentSubjectsUuids(); + raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)', + NEW, currentSubjects(), currentSubjectsUuids(); end; $$; create trigger ${rawSubTable}_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index d1f8c163..ae6fe27a 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -232,8 +232,8 @@ begin return NEW; end if; - raise exception '[403] insert into hs_hosting_asset not allowed for current subjects % (%)', - currentSubjects(), currentSubjectsUuids(); + raise exception '[403] insert into hs_hosting_asset values(%) not allowed for current subjects % (%)', + NEW, currentSubjects(), currentSubjectsUuids(); end; $$; create trigger hs_hosting_asset_insert_permission_check_tg diff --git a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java index 0cb1a086..2c2f9f3d 100644 --- a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java +++ b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java @@ -39,6 +39,7 @@ public class ArchitectureTest { "..context", "..generated..", "..persistence..", + "..validation..", "..hs.office.bankaccount", "..hs.office.contact", "..hs.office.coopassets", @@ -50,9 +51,11 @@ public class ArchitectureTest { "..hs.office.person", "..hs.office.relation", "..hs.office.sepamandate", + "..hs.booking.project", "..hs.booking.item", + "..hs.booking.item.validators", "..hs.hosting.asset", - "..hs.hosting.asset.validator", + "..hs.hosting.asset.validators", "..errors", "..mapper", "..ping", diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java index cade487b..64c98006 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java @@ -5,8 +5,10 @@ import io.restassured.http.ContentType; import net.hostsharing.hsadminng.HsadminNgApplication; import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemEntity; import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRepository; +import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectEntity; import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRepository; import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository; +import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.junit.jupiter.api.Nested; @@ -20,6 +22,7 @@ import java.util.Map; import java.util.UUID; import static java.util.Map.entry; +import static java.util.Optional.ofNullable; import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.CLOUD_SERVER; import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_SERVER; import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals; @@ -68,7 +71,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup .header("current-user", "superuser-alex@hostsharing.net") .port(port) .when() - .get("http://localhost/api/hs/hosting/assets?projectUuid=" + givenProject.getUuid()) + .get("http://localhost/api/hs/hosting/assets?projectUuid=" + givenProject.getUuid() + "&type=MANAGED_WEBSPACE") .then().log().all().assertThat() .statusCode(200) .contentType("application/json") @@ -76,7 +79,18 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup [ { "type": "MANAGED_WEBSPACE", - "identifier": "aaa01", + "identifier": "sec01", + "caption": "some Webspace", + "config": { + "HDD": 2048, + "RAM": 1, + "SDD": 512, + "extra": 42 + } + }, + { + "type": "MANAGED_WEBSPACE", + "identifier": "fir01", "caption": "some Webspace", "config": { "HDD": 2048, @@ -86,24 +100,15 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup } }, { - "type": "MANAGED_SERVER", - "identifier": "vm1011", - "caption": "some ManagedServer", + "type": "MANAGED_WEBSPACE", + "identifier": "thi01", + "caption": "some Webspace", "config": { - "CPU": 2, + "HDD": 2048, + "RAM": 1, "SDD": 512, "extra": 42 } - }, - { - "type": "CLOUD_SERVER", - "identifier": "vm2011", - "caption": "another CloudServer", - "config": { - "CPU": 2, - "HDD": 1024, - "extra": 42 - } } ] """)); @@ -170,7 +175,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup void globalAdmin_canAddBookedAsset() { context.define("superuser-alex@hostsharing.net"); - final var givenBookingItem = givenBookingItem("First", "some PrivateCloud"); + final var givenBookingItem = givenBookingItem("D-1000111 default project", "some PrivateCloud"); final var location = RestAssured // @formatter:off .given() @@ -212,24 +217,28 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup void parentAssetAgent_canAddSubAsset() { context.define("superuser-alex@hostsharing.net"); - final var givenParentAsset = givenParentAsset("First", MANAGED_SERVER); + final var givenParentAsset = givenParentAsset("D-1000111 default project", MANAGED_SERVER); + + context.define("person-FirbySusan@example.com"); + + generateRbacDiagramForCurrentSubjects(RbacGrantsDiagramService.Include.ALL_NON_TEST_ENTITY_RELATED, "parentAssetAgent_canAddSubAsset"); // FIXME final var location = RestAssured // @formatter:off .given() - .header("current-user", "person-FirbySusan@example.com") - .contentType(ContentType.JSON) - .body(""" - { - "parentAssetUuid": "%s", - "type": "MANAGED_WEBSPACE", - "identifier": "fir90", - "caption": "some new ManagedWebspace in client's ManagedServer", - "config": { "SSD": 100, "Traffic": 250 } - } - """.formatted(givenParentAsset.getUuid())) - .port(port) + .header("current-user", "person-FirbySusan@example.com") + .contentType(ContentType.JSON) + .body(""" + { + "parentAssetUuid": "%s", + "type": "MANAGED_WEBSPACE", + "identifier": "fir90", + "caption": "some new ManagedWebspace in client's ManagedServer", + "config": { "SSD": 100, "Traffic": 250 } + } + """.formatted(givenParentAsset.getUuid())) + .port(port) .when() - .post("http://localhost/api/hs/hosting/assets") + .post("http://localhost/api/hs/hosting/assets") .then().log().all().assertThat() .statusCode(201) .contentType(ContentType.JSON) @@ -254,7 +263,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup void additionalValidationsArePerformend_whenAddingAsset() { context.define("superuser-alex@hostsharing.net"); - final var givenBookingItem = givenBookingItem("First", "some PrivateCloud"); + final var givenBookingItem = givenBookingItem("D-1000111 default project", "some PrivateCloud"); final var location = RestAssured // @formatter:off .given() @@ -410,7 +419,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup context.define("superuser-alex@hostsharing.net"); assertThat(assetRepo.findByUuid(givenAsset.getUuid())).isPresent().get() .matches(asset -> { - assertThat(asset.toString()).isEqualTo("HsHostingAssetEntity(CLOUD_SERVER, vm2001, some test-asset, D-1000111:some CloudServer, { CPUs: 2, RAM: 100, SSD: 250, Traffic: 2000 })"); + assertThat(asset.toString()).isEqualTo("HsHostingAssetEntity(CLOUD_SERVER, vm2001, some test-asset, D-1000111:D-1000111 default project:some CloudServer, { CPUs: 2, RAM: 100, SSD: 250, Traffic: 2000 })"); return true; }); } @@ -467,9 +476,15 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup .findAny().orElseThrow(); } - HsHostingAssetEntity givenParentAsset(final String debitorName, final HsHostingAssetType assetType) { - final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike(debitorName).stream().findAny().orElseThrow(); - final var givenAsset = assetRepo.findAllByCriteria(givenDebitor.getUuid(), null, assetType).stream().findAny().orElseThrow(); + HsHostingAssetEntity givenParentAsset(final String projectCaption, final HsHostingAssetType assetType) { + final var givenAsset = assetRepo.findAll().stream() + .filter(a -> ofNullable(a) + .map(HsHostingAssetEntity::getBookingItem) + .map(HsBookingItemEntity::getProject) + .map(HsBookingProjectEntity::getCaption) + .filter(c -> c.equals(projectCaption)) + .isPresent()) + .findAny().orElseThrow(); return givenAsset; } @@ -481,7 +496,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup context.define("superuser-alex@hostsharing.net"); final var newAsset = HsHostingAssetEntity.builder() .uuid(UUID.randomUUID()) - .bookingItem(givenBookingItem("First", "some CloudServer")) + .bookingItem(givenBookingItem("D-1000111 default project", "some CloudServer")) .type(hostingAssetType) .identifier("vm" + identifierSuffix) .caption("some test-asset") diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java index c234a680..b2e54d06 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java @@ -181,7 +181,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean .containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, "{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>sepamandate to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }", - "{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>hs_booking_item to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }", + "{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>hs_booking_project to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }", // owner "{ grant perm:debitor#D-1000122:DELETE to role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER by system and assume }", diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/TestHsOfficeDebitor.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/TestHsOfficeDebitor.java index 4305b87a..b8ddf8b5 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/TestHsOfficeDebitor.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/TestHsOfficeDebitor.java @@ -20,5 +20,6 @@ public class TestHsOfficeDebitor { .contact(TEST_CONTACT) .build()) .partner(TEST_PARTNER) + .defaultPrefix("abc") .build(); }