add RbacGrantsMermaidService and related cleanup
This commit is contained in:
Michael Hoennig
parent
e272b5b2ae
commit
9c03e7441f
@ -1,13 +1,13 @@
|
|||||||
package net.hostsharing.hsadminng.rbac.rbacgrant;
|
package net.hostsharing.hsadminng.rbac.rbacgrant;
|
||||||
|
|
||||||
import lombok.*;
|
import lombok.*;
|
||||||
import org.jetbrains.annotations.NotNull;
|
|
||||||
import org.springframework.data.annotation.Immutable;
|
import org.springframework.data.annotation.Immutable;
|
||||||
|
|
||||||
import jakarta.persistence.Column;
|
import jakarta.persistence.Column;
|
||||||
import jakarta.persistence.Entity;
|
import jakarta.persistence.Entity;
|
||||||
import jakarta.persistence.Id;
|
import jakarta.persistence.Id;
|
||||||
import jakarta.persistence.Table;
|
import jakarta.persistence.Table;
|
||||||
|
import jakarta.validation.constraints.NotNull;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
@ -103,28 +103,8 @@ public class RbacGrantController implements RbacGrantsApi {
|
|||||||
// public ResponseEntity<String> allGrantsOfUserAsMermaid(
|
// public ResponseEntity<String> allGrantsOfUserAsMermaid(
|
||||||
// @RequestHeader(name = "current-user") String currentUser,
|
// @RequestHeader(name = "current-user") String currentUser,
|
||||||
// @RequestHeader(name = "assumed-roles", required = false) String assumedRoles) {
|
// @RequestHeader(name = "assumed-roles", required = false) String assumedRoles) {
|
||||||
// context(currentUser);
|
// final var graph = RbacGrantsMermaidService.allGrantsToUser(currentUser);
|
||||||
// final var graph = new ArrayList<String>();
|
// return ResponseEntity.ok(graph);
|
||||||
// traverseGrantsTo( graph, context.getCurrentUserUUid());
|
|
||||||
// return ResponseEntity.ok("flowchart TB\n\n" + String.join("\n", graph));
|
|
||||||
// }
|
|
||||||
//
|
|
||||||
// private void traverseGrantsTo(final ArrayList<String> graph, final UUID refUuid) {
|
|
||||||
// final var grants = rawGrantRepo.findByAscendingUuid(refUuid);
|
|
||||||
// grants.forEach(g -> {
|
|
||||||
// graph.add(
|
|
||||||
// id(g.getAscendantIdName()) +
|
|
||||||
// (g.isAssumed() ? " --> " : " -.-> " ) +
|
|
||||||
// id(g.getDescendantIdName()));
|
|
||||||
// traverseGrantsTo(graph, g.getDescendantUuid());
|
|
||||||
// });
|
|
||||||
// }
|
|
||||||
//
|
|
||||||
// private String id(final String idName) {
|
|
||||||
// if ( idName.contains("@")) {
|
|
||||||
// return quoted(idName).replaceAll("@.*", "") + "[" + quoted(idName) + "]";
|
|
||||||
// }
|
|
||||||
// return quoted(idName);
|
|
||||||
// }
|
// }
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -0,0 +1,69 @@
|
|||||||
|
package net.hostsharing.hsadminng.rbac.rbacgrant;
|
||||||
|
|
||||||
|
import net.hostsharing.hsadminng.context.Context;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
|
import jakarta.validation.constraints.NotNull;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.EnumSet;
|
||||||
|
import java.util.UUID;
|
||||||
|
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsMermaidService.Include.*;
|
||||||
|
|
||||||
|
@Service
|
||||||
|
public class RbacGrantsMermaidService {
|
||||||
|
|
||||||
|
public enum Include {
|
||||||
|
PERMISSIONS,
|
||||||
|
NOT_ASSUMED,
|
||||||
|
TEST_ENTITIES,
|
||||||
|
NON_TEST_ENTITIES
|
||||||
|
}
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private Context context;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private RawRbacGrantRepository rawGrantRepo;
|
||||||
|
|
||||||
|
public String allGrantsToCurrentUser(final EnumSet<Include> include) {
|
||||||
|
final var graph = new ArrayList<String>();
|
||||||
|
traverseGrantsTo(graph, context.getCurrentUserUUid(), include);
|
||||||
|
return "flowchart TB\n\n" + String.join("\n", graph);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void traverseGrantsTo(final ArrayList<String> graph, final UUID refUuid, final EnumSet<Include> include) {
|
||||||
|
final var grants = rawGrantRepo.findByAscendingUuid(refUuid);
|
||||||
|
grants.forEach(g -> {
|
||||||
|
if (!include.contains(PERMISSIONS) && g.getDescendantIdName().startsWith("perm ")) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (!include.contains(TEST_ENTITIES) && g.getDescendantIdName().contains(" test_")) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (!include.contains(NON_TEST_ENTITIES) && !g.getDescendantIdName().contains(" test_")) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
graph.add(
|
||||||
|
id(g.getAscendantIdName()) +
|
||||||
|
(g.isAssumed() ? " --> " : " -.-> ") +
|
||||||
|
id(g.getDescendantIdName()));
|
||||||
|
if (include.contains(NOT_ASSUMED) || g.isAssumed()) {
|
||||||
|
traverseGrantsTo(graph, g.getDescendantUuid(), include);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
private String id(final String idName) {
|
||||||
|
if (idName.contains("@")) {
|
||||||
|
return quoted(idName).replaceAll("@.*", "") + "[" + quoted(idName) + "]";
|
||||||
|
}
|
||||||
|
return quoted(idName);
|
||||||
|
}
|
||||||
|
|
||||||
|
@NotNull
|
||||||
|
private static String quoted(final String idName) {
|
||||||
|
return idName.replace(" ", ":");
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -8,7 +8,6 @@ import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
|
|||||||
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
|
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
|
||||||
import net.hostsharing.test.Array;
|
import net.hostsharing.test.Array;
|
||||||
import net.hostsharing.test.JpaAttempt;
|
import net.hostsharing.test.JpaAttempt;
|
||||||
import org.jetbrains.annotations.NotNull;
|
|
||||||
import org.junit.jupiter.api.Nested;
|
import org.junit.jupiter.api.Nested;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
@ -20,10 +19,8 @@ import org.springframework.orm.jpa.JpaSystemException;
|
|||||||
import jakarta.persistence.EntityManager;
|
import jakarta.persistence.EntityManager;
|
||||||
import jakarta.persistence.PersistenceContext;
|
import jakarta.persistence.PersistenceContext;
|
||||||
import jakarta.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.UUID;
|
|
||||||
|
|
||||||
import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.NATURAL_PERSON;
|
import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.NATURAL_PERSON;
|
||||||
import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.UNINCORPORATED_FIRM;
|
import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.UNINCORPORATED_FIRM;
|
||||||
@ -201,37 +198,6 @@ class HsOfficeRelationshipRepositoryIntegrationTest extends ContextBasedTestWith
|
|||||||
"rel(relAnchor='IF Third OHG', relType='SUBSCRIBER', relMark='members-announce', relHolder='NP Smith, Peter', contact='third contact')",
|
"rel(relAnchor='IF Third OHG', relType='SUBSCRIBER', relMark='members-announce', relHolder='NP Smith, Peter', contact='third contact')",
|
||||||
"rel(relAnchor='LP Hostsharing eG', relType='PARTNER', relHolder='NP Smith, Peter', contact='sixth contact')");
|
"rel(relAnchor='LP Hostsharing eG', relType='PARTNER', relHolder='NP Smith, Peter', contact='sixth contact')");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
|
||||||
void visibilityTree() {
|
|
||||||
context("person-SmithPeter@example.com");
|
|
||||||
final var graph = new ArrayList<String>();
|
|
||||||
traverseGrantsTo( graph, context.getCurrentUserUUid());
|
|
||||||
System.out.println("flowchart TB\n\n" + String.join("\n", graph));
|
|
||||||
}
|
|
||||||
|
|
||||||
private void traverseGrantsTo(final ArrayList<String> graph, final UUID refUuid) {
|
|
||||||
final var grants = rawGrantRepo.findByAscendingUuid(refUuid);
|
|
||||||
grants.forEach(g -> {
|
|
||||||
graph.add(
|
|
||||||
id(g.getAscendantIdName()) +
|
|
||||||
(g.isAssumed() ? " --> " : " -.-> " ) +
|
|
||||||
id(g.getDescendantIdName()));
|
|
||||||
traverseGrantsTo(graph, g.getDescendantUuid());
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
private String id(final String idName) {
|
|
||||||
if ( idName.contains("@")) {
|
|
||||||
return quoted(idName).replaceAll("@.*", "") + "[" + quoted(idName) + "]";
|
|
||||||
}
|
|
||||||
return quoted(idName);
|
|
||||||
}
|
|
||||||
|
|
||||||
@NotNull
|
|
||||||
private static String quoted(final String idName) {
|
|
||||||
return idName.replace(" ", ":");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Nested
|
@Nested
|
||||||
|
|||||||
@ -0,0 +1,82 @@
|
|||||||
|
package net.hostsharing.hsadminng.rbac.rbacgrant;
|
||||||
|
|
||||||
|
import net.hostsharing.hsadminng.context.Context;
|
||||||
|
import net.hostsharing.hsadminng.hs.office.test.ContextBasedTestWithCleanup;
|
||||||
|
import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsMermaidService.Include;
|
||||||
|
import net.hostsharing.test.JpaAttempt;
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
|
||||||
|
import org.springframework.boot.test.mock.mockito.MockBean;
|
||||||
|
import org.springframework.context.annotation.Import;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
|
import java.util.EnumSet;
|
||||||
|
|
||||||
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
|
|
||||||
|
@DataJpaTest
|
||||||
|
@Import( { Context.class, JpaAttempt.class, RbacGrantsMermaidService.class})
|
||||||
|
class RbacGrantsMermaidServiceIntegrationTest extends ContextBasedTestWithCleanup {
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
RbacGrantsMermaidService grantsMermaidService;
|
||||||
|
|
||||||
|
@MockBean
|
||||||
|
HttpServletRequest request;
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void allGrantsToCurrentUser() {
|
||||||
|
context("pac-admin-xxx00@xxx.example.com");
|
||||||
|
final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.TEST_ENTITIES));
|
||||||
|
|
||||||
|
assertThat(graph).isEqualTo("""
|
||||||
|
flowchart TB
|
||||||
|
|
||||||
|
user:pac-admin-xxx00[user:pac-admin-xxx00@xxx.example.com] --> role:test_package#xxx00.admin
|
||||||
|
role:test_package#xxx00.admin --> role:test_domain#xxx00-aaaa.owner
|
||||||
|
role:test_domain#xxx00-aaaa.owner --> role:test_domain#xxx00-aaaa.admin
|
||||||
|
role:test_domain#xxx00-aaaa.admin --> role:test_package#xxx00.tenant
|
||||||
|
role:test_package#xxx00.tenant --> role:test_customer#xxx.tenant
|
||||||
|
role:test_package#xxx00.admin --> role:test_domain#xxx00-aaab.owner
|
||||||
|
role:test_domain#xxx00-aaab.owner --> role:test_domain#xxx00-aaab.admin
|
||||||
|
role:test_domain#xxx00-aaab.admin --> role:test_package#xxx00.tenant
|
||||||
|
role:test_package#xxx00.tenant --> role:test_customer#xxx.tenant
|
||||||
|
role:test_package#xxx00.admin --> role:test_package#xxx00.tenant
|
||||||
|
role:test_package#xxx00.tenant --> role:test_customer#xxx.tenant
|
||||||
|
""".trim());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void allGrantsToCurrentUserIncludingPermissions() {
|
||||||
|
context("pac-admin-xxx00@xxx.example.com");
|
||||||
|
final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.TEST_ENTITIES, Include.PERMISSIONS));
|
||||||
|
|
||||||
|
assertThat(graph).isEqualTo("""
|
||||||
|
flowchart TB
|
||||||
|
|
||||||
|
user:pac-admin-xxx00[user:pac-admin-xxx00@xxx.example.com] --> role:test_package#xxx00.admin
|
||||||
|
role:test_package#xxx00.admin --> perm:add-domain:on:test_package#xxx00
|
||||||
|
role:test_package#xxx00.admin --> role:test_domain#xxx00-aaaa.owner
|
||||||
|
role:test_domain#xxx00-aaaa.owner --> perm:*:on:test_domain#xxx00-aaaa
|
||||||
|
role:test_domain#xxx00-aaaa.owner --> role:test_domain#xxx00-aaaa.admin
|
||||||
|
role:test_domain#xxx00-aaaa.admin --> perm:edit:on:test_domain#xxx00-aaaa
|
||||||
|
role:test_domain#xxx00-aaaa.admin --> role:test_package#xxx00.tenant
|
||||||
|
role:test_package#xxx00.tenant --> perm:view:on:test_package#xxx00
|
||||||
|
role:test_package#xxx00.tenant --> role:test_customer#xxx.tenant
|
||||||
|
role:test_customer#xxx.tenant --> perm:view:on:test_customer#xxx
|
||||||
|
role:test_package#xxx00.admin --> role:test_domain#xxx00-aaab.owner
|
||||||
|
role:test_domain#xxx00-aaab.owner --> perm:*:on:test_domain#xxx00-aaab
|
||||||
|
role:test_domain#xxx00-aaab.owner --> role:test_domain#xxx00-aaab.admin
|
||||||
|
role:test_domain#xxx00-aaab.admin --> perm:edit:on:test_domain#xxx00-aaab
|
||||||
|
role:test_domain#xxx00-aaab.admin --> role:test_package#xxx00.tenant
|
||||||
|
role:test_package#xxx00.tenant --> perm:view:on:test_package#xxx00
|
||||||
|
role:test_package#xxx00.tenant --> role:test_customer#xxx.tenant
|
||||||
|
role:test_customer#xxx.tenant --> perm:view:on:test_customer#xxx
|
||||||
|
role:test_package#xxx00.admin --> role:test_package#xxx00.tenant
|
||||||
|
role:test_package#xxx00.tenant --> perm:view:on:test_package#xxx00
|
||||||
|
role:test_package#xxx00.tenant --> role:test_customer#xxx.tenant
|
||||||
|
role:test_customer#xxx.tenant --> perm:view:on:test_customer#xxx
|
||||||
|
""".trim());
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user