defineContext now requires an existing user name or null to create a new user

2022-08-31 16:26:31 +02:00 · 2022-08-31 16:26:31 +02:00 · a06feff42e
commit a06feff42e
parent 8731f4a7b2
8 changed files with 28 additions and 27 deletions
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java
@ -30,7 +30,7 @@ public class RbacUserController implements RbacusersApi {
    public ResponseEntity<RbacUserResource> createUser(
            final RbacUserResource body
    ) {
-        context.define(body.getName());
+        context.define(null);
        if (body.getUuid() == null) {
            body.setUuid(UUID.randomUUID());
--- a/src/main/resources/db/changelog/054-rbac-context.sql
+++ b/src/main/resources/db/changelog/054-rbac-context.sql
@ -17,8 +17,9 @@ begin
    end if;
    select uuid from RbacUser where name = currentUser into currentUserUuid;
-    -- TODO: maybe this should be changed, and in this case no user name defined in context?
+    if currentUserUuid is null then
-    -- no exception if user does not exist because users can register themselves
+        raise exception '[401] user % given in `defineContext(...)` does not exist', currentUser;
    end if;
    return currentUserUuid;
 end; $$;
@ -166,7 +167,7 @@ begin
        if (length(currentUserName) > 0) then
            raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName;
        else
-            raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` first;"';
+            raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user;"';
        end if;
    end if;
    return string_to_array(currentSubjectsUuids, ';');
--- a/src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java
+++ b/src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java
@ -69,16 +69,16 @@ class ContextIntegrationTests {
    }
    @Test
-    void defineWithUnknownCurrentUserButWithAssumedRoles() {
+    void defineWithUnknownCurrentUser() {
        // when
        final var result = jpaAttempt.transacted(() ->
-                context.define("unknown@example.org", "test_package#yyy00.admin")
+                context.define("unknown@example.org")
        );
        // then
        result.assertExceptionWithRootCauseMessage(
                javax.persistence.PersistenceException.class,
-                "ERROR: [403] undefined has no permission to assume role test_package#yyy00.admin");
+                "[401] user unknown@example.org given in `defineContext(...)` does not exist");
    }
    @Test
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java
@ -492,7 +492,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
    RbacUserEntity createRBacUser() {
        return jpaAttempt.transacted(() -> {
            final String newUserName = "test-user-" + RandomStringUtils.randomAlphabetic(8) + "@example.com";
-            context(newUserName, null);
+            context(null);
            return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), newUserName));
        }).returnedValue();
    }
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java
@ -300,7 +300,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
    private RbacUserEntity createNewUserTransacted() {
        return jpaAttempt.transacted(() -> {
            final var newUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
-            context(newUserName);
+            context(null);
            return rbacUserRepository.create(new RbacUserEntity(null, newUserName));
        }).assumeSuccessful().returnedValue();
    }
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java
@ -138,8 +138,8 @@ class RbacRoleRepositoryIntegrationTest {
        }
        @Test
-        void unknownUser_withoutAssumedRole_cannotViewAnyRbacRoles() {
+        void anonymousUser_withoutAssumedRole_cannotViewAnyRbacRoles() {
-            context.define("unknown@example.org");
+            context.define(null);
            final var result = attempt(
                    em,
@ -147,7 +147,7 @@ class RbacRoleRepositoryIntegrationTest {
            result.assertExceptionWithRootCauseMessage(
                    JpaSystemException.class,
-                    "[401] currentSubjectsUuids () cannot be determined, unknown user name \"unknown@example.org\"");
+                    "[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user");
        }
    }
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
@ -47,7 +47,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
        public void anyoneCanCreateTheirOwnUser() {
            // given
            final var givenNewUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
-            context(givenNewUserName, null);
+            context(null);
            // when
            final var result = rbacUserRepository.create(