defineContext now requires an existing user name or null to create a new user
This commit is contained in:
parent
8731f4a7b2
commit
a06feff42e
@ -30,7 +30,7 @@ public class RbacUserController implements RbacusersApi {
|
|||||||
public ResponseEntity<RbacUserResource> createUser(
|
public ResponseEntity<RbacUserResource> createUser(
|
||||||
final RbacUserResource body
|
final RbacUserResource body
|
||||||
) {
|
) {
|
||||||
context.define(body.getName());
|
context.define(null);
|
||||||
|
|
||||||
if (body.getUuid() == null) {
|
if (body.getUuid() == null) {
|
||||||
body.setUuid(UUID.randomUUID());
|
body.setUuid(UUID.randomUUID());
|
||||||
|
@ -17,8 +17,9 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
select uuid from RbacUser where name = currentUser into currentUserUuid;
|
select uuid from RbacUser where name = currentUser into currentUserUuid;
|
||||||
-- TODO: maybe this should be changed, and in this case no user name defined in context?
|
if currentUserUuid is null then
|
||||||
-- no exception if user does not exist because users can register themselves
|
raise exception '[401] user % given in `defineContext(...)` does not exist', currentUser;
|
||||||
|
end if;
|
||||||
return currentUserUuid;
|
return currentUserUuid;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
@ -166,7 +167,7 @@ begin
|
|||||||
if (length(currentUserName) > 0) then
|
if (length(currentUserName) > 0) then
|
||||||
raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName;
|
raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName;
|
||||||
else
|
else
|
||||||
raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` first;"';
|
raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user;"';
|
||||||
end if;
|
end if;
|
||||||
end if;
|
end if;
|
||||||
return string_to_array(currentSubjectsUuids, ';');
|
return string_to_array(currentSubjectsUuids, ';');
|
||||||
|
@ -69,16 +69,16 @@ class ContextIntegrationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void defineWithUnknownCurrentUserButWithAssumedRoles() {
|
void defineWithUnknownCurrentUser() {
|
||||||
// when
|
// when
|
||||||
final var result = jpaAttempt.transacted(() ->
|
final var result = jpaAttempt.transacted(() ->
|
||||||
context.define("unknown@example.org", "test_package#yyy00.admin")
|
context.define("unknown@example.org")
|
||||||
);
|
);
|
||||||
|
|
||||||
// then
|
// then
|
||||||
result.assertExceptionWithRootCauseMessage(
|
result.assertExceptionWithRootCauseMessage(
|
||||||
javax.persistence.PersistenceException.class,
|
javax.persistence.PersistenceException.class,
|
||||||
"ERROR: [403] undefined has no permission to assume role test_package#yyy00.admin");
|
"[401] user unknown@example.org given in `defineContext(...)` does not exist");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -492,7 +492,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
|
|||||||
RbacUserEntity createRBacUser() {
|
RbacUserEntity createRBacUser() {
|
||||||
return jpaAttempt.transacted(() -> {
|
return jpaAttempt.transacted(() -> {
|
||||||
final String newUserName = "test-user-" + RandomStringUtils.randomAlphabetic(8) + "@example.com";
|
final String newUserName = "test-user-" + RandomStringUtils.randomAlphabetic(8) + "@example.com";
|
||||||
context(newUserName, null);
|
context(null);
|
||||||
return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), newUserName));
|
return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), newUserName));
|
||||||
}).returnedValue();
|
}).returnedValue();
|
||||||
}
|
}
|
||||||
|
@ -300,7 +300,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
private RbacUserEntity createNewUserTransacted() {
|
private RbacUserEntity createNewUserTransacted() {
|
||||||
return jpaAttempt.transacted(() -> {
|
return jpaAttempt.transacted(() -> {
|
||||||
final var newUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
|
final var newUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
|
||||||
context(newUserName);
|
context(null);
|
||||||
return rbacUserRepository.create(new RbacUserEntity(null, newUserName));
|
return rbacUserRepository.create(new RbacUserEntity(null, newUserName));
|
||||||
}).assumeSuccessful().returnedValue();
|
}).assumeSuccessful().returnedValue();
|
||||||
}
|
}
|
||||||
|
@ -138,8 +138,8 @@ class RbacRoleRepositoryIntegrationTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void unknownUser_withoutAssumedRole_cannotViewAnyRbacRoles() {
|
void anonymousUser_withoutAssumedRole_cannotViewAnyRbacRoles() {
|
||||||
context.define("unknown@example.org");
|
context.define(null);
|
||||||
|
|
||||||
final var result = attempt(
|
final var result = attempt(
|
||||||
em,
|
em,
|
||||||
@ -147,7 +147,7 @@ class RbacRoleRepositoryIntegrationTest {
|
|||||||
|
|
||||||
result.assertExceptionWithRootCauseMessage(
|
result.assertExceptionWithRootCauseMessage(
|
||||||
JpaSystemException.class,
|
JpaSystemException.class,
|
||||||
"[401] currentSubjectsUuids () cannot be determined, unknown user name \"unknown@example.org\"");
|
"[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -47,7 +47,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
|
|||||||
public void anyoneCanCreateTheirOwnUser() {
|
public void anyoneCanCreateTheirOwnUser() {
|
||||||
// given
|
// given
|
||||||
final var givenNewUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
|
final var givenNewUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
|
||||||
context(givenNewUserName, null);
|
context(null);
|
||||||
|
|
||||||
// when
|
// when
|
||||||
final var result = rbacUserRepository.create(
|
final var result = rbacUserRepository.create(
|
||||||
|
Loading…
Reference in New Issue
Block a user