diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java index 2fd6c430..03d3ae49 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java @@ -1,7 +1,11 @@ package net.hostsharing.hsadminng.hs.office.coopassets; -import lombok.*; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; import net.hostsharing.hsadminng.errors.DisplayName; import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity; import net.hostsharing.hsadminng.persistence.HasUuid; @@ -10,7 +14,15 @@ import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; import org.hibernate.annotations.GenericGenerator; -import jakarta.persistence.*; +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.EnumType; +import jakarta.persistence.Enumerated; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.ManyToOne; +import jakarta.persistence.Table; import java.io.IOException; import java.math.BigDecimal; import java.time.LocalDate; @@ -20,8 +32,11 @@ import java.util.UUID; import static java.util.Optional.ofNullable; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @@ -109,7 +124,7 @@ public class HsOfficeCoopAssetsTransactionEntity implements Stringifyable, HasUu .toRole("membership", ADMIN).grantPermission(INSERT) .toRole("membership", ADMIN).grantPermission(UPDATE) - .toRole("membership", ADMIN).grantPermission(SELECT); + .toRole("membership", AGENT).grantPermission(SELECT); } public static void main(String[] args) throws IOException { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java index 4a36f63d..52222582 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java @@ -1,6 +1,10 @@ package net.hostsharing.hsadminng.hs.office.coopshares; -import lombok.*; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; import net.hostsharing.hsadminng.errors.DisplayName; import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity; import net.hostsharing.hsadminng.persistence.HasUuid; @@ -9,7 +13,15 @@ import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; -import jakarta.persistence.*; +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.EnumType; +import jakarta.persistence.Enumerated; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.Id; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.ManyToOne; +import jakarta.persistence.Table; import java.io.IOException; import java.time.LocalDate; import java.util.UUID; @@ -17,9 +29,11 @@ import java.util.UUID; import static java.util.Optional.ofNullable; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @@ -105,7 +119,7 @@ public class HsOfficeCoopSharesTransactionEntity implements Stringifyable, HasUu .toRole("membership", ADMIN).grantPermission(INSERT) .toRole("membership", ADMIN).grantPermission(UPDATE) - .toRole("membership", ADMIN).grantPermission(SELECT); + .toRole("membership", AGENT).grantPermission(SELECT); } public static void main(String[] args) throws IOException { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java index c4a4c8b9..b38d92b9 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java @@ -25,7 +25,6 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.REFERRER; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.fetchedBySql; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @@ -142,14 +141,14 @@ public class HsOfficeMembershipEntity implements HasUuid, Stringifyable { .createRole(OWNER, (with) -> { with.owningUser(CREATOR); - with.incomingSuperRole("partnerRel", ADMIN); - with.permission(DELETE); }) .createSubRole(ADMIN, (with) -> { - with.incomingSuperRole("partnerRel", AGENT); + with.incomingSuperRole("partnerRel", ADMIN); + with.permission(DELETE); with.permission(UPDATE); }) - .createSubRole(REFERRER, (with) -> { + .createSubRole(AGENT, (with) -> { + with.incomingSuperRole("partnerRel", AGENT); with.outgoingSubRole("partnerRel", TENANT); with.permission(SELECT); }); diff --git a/src/main/resources/db/changelog/303-hs-office-membership-rbac.md b/src/main/resources/db/changelog/303-hs-office-membership-rbac.md index 4f425f6e..339f9eb0 100644 --- a/src/main/resources/db/changelog/303-hs-office-membership-rbac.md +++ b/src/main/resources/db/changelog/303-hs-office-membership-rbac.md @@ -81,7 +81,7 @@ subgraph membership["`**membership**`"] role:membership:owner[[membership:owner]] role:membership:admin[[membership:admin]] - role:membership:referrer[[membership:referrer]] + role:membership:agent[[membership:agent]] end subgraph membership:permissions[ ] @@ -144,16 +144,16 @@ role:partnerRel.contact:admin -.-> role:partnerRel:tenant role:partnerRel:tenant -.-> role:partnerRel.anchorPerson:referrer role:partnerRel:tenant -.-> role:partnerRel.holderPerson:referrer role:partnerRel:tenant -.-> role:partnerRel.contact:referrer -role:partnerRel:admin ==> role:membership:owner role:membership:owner ==> role:membership:admin -role:partnerRel:agent ==> role:membership:admin -role:membership:admin ==> role:membership:referrer -role:membership:referrer ==> role:partnerRel:tenant +role:partnerRel:admin ==> role:membership:admin +role:membership:admin ==> role:membership:agent +role:partnerRel:agent ==> role:membership:agent +role:membership:agent ==> role:partnerRel:tenant %% granting permissions to roles role:global:admin ==> perm:membership:INSERT -role:membership:owner ==> perm:membership:DELETE +role:membership:admin ==> perm:membership:DELETE role:membership:admin ==> perm:membership:UPDATE -role:membership:referrer ==> perm:membership:SELECT +role:membership:agent ==> perm:membership:SELECT ``` diff --git a/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql index 17dbc84c..4f34cee8 100644 --- a/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql @@ -45,23 +45,23 @@ begin perform createRoleWithGrants( hsOfficeMembershipOwner(NEW), - permissions => array['DELETE'], - incomingSuperRoles => array[hsOfficeRelationAdmin(newPartnerRel)], userUuids => array[currentUserUuid()] ); perform createRoleWithGrants( hsOfficeMembershipAdmin(NEW), - permissions => array['UPDATE'], + permissions => array['DELETE', 'UPDATE'], incomingSuperRoles => array[ hsOfficeMembershipOwner(NEW), - hsOfficeRelationAgent(newPartnerRel)] + hsOfficeRelationAdmin(newPartnerRel)] ); perform createRoleWithGrants( - hsOfficeMembershipReferrer(NEW), + hsOfficeMembershipAgent(NEW), permissions => array['SELECT'], - incomingSuperRoles => array[hsOfficeMembershipAdmin(NEW)], + incomingSuperRoles => array[ + hsOfficeMembershipAdmin(NEW), + hsOfficeRelationAgent(newPartnerRel)], outgoingSubRoles => array[hsOfficeRelationTenant(newPartnerRel)] ); diff --git a/src/main/resources/db/changelog/313-hs-office-coopshares-rbac.md b/src/main/resources/db/changelog/313-hs-office-coopshares-rbac.md index cdc18b6f..70f268a8 100644 --- a/src/main/resources/db/changelog/313-hs-office-coopshares-rbac.md +++ b/src/main/resources/db/changelog/313-hs-office-coopshares-rbac.md @@ -145,7 +145,7 @@ subgraph membership["`**membership**`"] role:membership:owner[[membership:owner]] role:membership:admin[[membership:admin]] - role:membership:referrer[[membership:referrer]] + role:membership:agent[[membership:agent]] end end @@ -236,15 +236,15 @@ role:membership.partnerRel.contact:admin -.-> role:membership.partnerRel:tenant role:membership.partnerRel:tenant -.-> role:membership.partnerRel.anchorPerson:referrer role:membership.partnerRel:tenant -.-> role:membership.partnerRel.holderPerson:referrer role:membership.partnerRel:tenant -.-> role:membership.partnerRel.contact:referrer -role:membership.partnerRel:admin -.-> role:membership:owner role:membership:owner -.-> role:membership:admin -role:membership.partnerRel:agent -.-> role:membership:admin -role:membership:admin -.-> role:membership:referrer -role:membership:referrer -.-> role:membership.partnerRel:tenant +role:membership.partnerRel:admin -.-> role:membership:admin +role:membership:admin -.-> role:membership:agent +role:membership.partnerRel:agent -.-> role:membership:agent +role:membership:agent -.-> role:membership.partnerRel:tenant %% granting permissions to roles role:membership:admin ==> perm:coopSharesTransaction:INSERT role:membership:admin ==> perm:coopSharesTransaction:UPDATE -role:membership:admin ==> perm:coopSharesTransaction:SELECT +role:membership:agent ==> perm:coopSharesTransaction:SELECT ``` diff --git a/src/main/resources/db/changelog/313-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/313-hs-office-coopshares-rbac.sql index 0f063309..2cdfa55c 100644 --- a/src/main/resources/db/changelog/313-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/313-hs-office-coopshares-rbac.sql @@ -38,7 +38,7 @@ begin SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); - call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAdmin(newMembership)); + call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAgent(newMembership)); call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipAdmin(newMembership)); call leaveTriggerForObjectUuid(NEW.uuid); diff --git a/src/main/resources/db/changelog/323-hs-office-coopassets-rbac.md b/src/main/resources/db/changelog/323-hs-office-coopassets-rbac.md index cbbe3fad..210bd69f 100644 --- a/src/main/resources/db/changelog/323-hs-office-coopassets-rbac.md +++ b/src/main/resources/db/changelog/323-hs-office-coopassets-rbac.md @@ -145,7 +145,7 @@ subgraph membership["`**membership**`"] role:membership:owner[[membership:owner]] role:membership:admin[[membership:admin]] - role:membership:referrer[[membership:referrer]] + role:membership:agent[[membership:agent]] end end @@ -236,15 +236,15 @@ role:membership.partnerRel.contact:admin -.-> role:membership.partnerRel:tenant role:membership.partnerRel:tenant -.-> role:membership.partnerRel.anchorPerson:referrer role:membership.partnerRel:tenant -.-> role:membership.partnerRel.holderPerson:referrer role:membership.partnerRel:tenant -.-> role:membership.partnerRel.contact:referrer -role:membership.partnerRel:admin -.-> role:membership:owner role:membership:owner -.-> role:membership:admin -role:membership.partnerRel:agent -.-> role:membership:admin -role:membership:admin -.-> role:membership:referrer -role:membership:referrer -.-> role:membership.partnerRel:tenant +role:membership.partnerRel:admin -.-> role:membership:admin +role:membership:admin -.-> role:membership:agent +role:membership.partnerRel:agent -.-> role:membership:agent +role:membership:agent -.-> role:membership.partnerRel:tenant %% granting permissions to roles role:membership:admin ==> perm:coopAssetsTransaction:INSERT role:membership:admin ==> perm:coopAssetsTransaction:UPDATE -role:membership:admin ==> perm:coopAssetsTransaction:SELECT +role:membership:agent ==> perm:coopAssetsTransaction:SELECT ``` diff --git a/src/main/resources/db/changelog/323-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/323-hs-office-coopassets-rbac.sql index d1218873..4dda4e2e 100644 --- a/src/main/resources/db/changelog/323-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/323-hs-office-coopassets-rbac.sql @@ -38,7 +38,7 @@ begin SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); - call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAdmin(newMembership)); + call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAgent(newMembership)); call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipAdmin(newMembership)); call leaveTriggerForObjectUuid(NEW.uuid); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java index 7031476e..d6607501 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java @@ -112,7 +112,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase .map(s -> s.replace("hs_office_", "")) .containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, - "{ grant perm SELECT on coopassetstransaction#temprefB to role membership#M-1000101.admin by system and assume }", + "{ grant perm SELECT on coopassetstransaction#temprefB to role membership#M-1000101.agent by system and assume }", "{ grant perm UPDATE on coopassetstransaction#temprefB to role membership#M-1000101.admin by system and assume }", null)); } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java index 16880741..ed649f15 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java @@ -111,7 +111,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase .map(s -> s.replace("hs_office_", "")) .containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, - "{ grant perm SELECT on coopsharestransaction#temprefB to role membership#M-1000101.admin by system and assume }", + "{ grant perm SELECT on coopsharestransaction#temprefB to role membership#M-1000101.agent by system and assume }", "{ grant perm UPDATE on coopsharestransaction#temprefB to role membership#M-1000101.admin by system and assume }", null)); } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java index c0d69951..51ad5b4c 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java @@ -335,10 +335,10 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle } @Test - void partnerRelAgent_canPatchValidityOfRelatedMembership() { + void partnerRelAdmin_canPatchValidityOfRelatedMembership() { // given - final var givenPartnerAgent = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent"; + final var givenPartnerAgent = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin"; context.define("superuser-alex@hostsharing.net", givenPartnerAgent); final var givenMembership = givenSomeTemporaryMembershipBessler("First"); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java index a53b2705..fcf2e976 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java @@ -113,29 +113,31 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl initialRoleNames, "hs_office_membership#M-1000117.admin", "hs_office_membership#M-1000117.owner", - "hs_office_membership#M-1000117.referrer")); + "hs_office_membership#M-1000117.agent")); assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) .map(s -> s.replace("GmbH-firstcontact", "")) .map(s -> s.replace("hs_office_", "")) .containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, + // insert + "{ grant perm INSERT into coopassetstransaction with membership#M-1000117 to role membership#M-1000117.admin by system and assume }", + "{ grant perm INSERT into coopsharestransaction with membership#M-1000117 to role membership#M-1000117.admin by system and assume }", + // owner - "{ grant perm DELETE on membership#M-1000117 to role membership#M-1000117.owner by system and assume }", + "{ grant perm DELETE on membership#M-1000117 to role membership#M-1000117.admin by system and assume }", + "{ grant role membership#M-1000117.owner to user superuser-alex@hostsharing.net by membership#M-1000117.owner and assume }", // admin "{ grant perm UPDATE on membership#M-1000117 to role membership#M-1000117.admin by system and assume }", "{ grant role membership#M-1000117.admin to role membership#M-1000117.owner by system and assume }", - "{ grant role membership#M-1000117.owner to role relation#HostsharingeG-with-PARTNER-FirstGmbH.admin by system and assume }", - "{ grant role membership#M-1000117.owner to user superuser-alex@hostsharing.net by membership#M-1000117.owner and assume }", + "{ grant role membership#M-1000117.admin to role relation#HostsharingeG-with-PARTNER-FirstGmbH.admin by system and assume }", // agent - "{ grant role membership#M-1000117.admin to role relation#HostsharingeG-with-PARTNER-FirstGmbH.agent by system and assume }", - - // referrer - "{ grant perm SELECT on membership#M-1000117 to role membership#M-1000117.referrer by system and assume }", - "{ grant role membership#M-1000117.referrer to role membership#M-1000117.admin by system and assume }", - "{ grant role relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant to role membership#M-1000117.referrer by system and assume }", + "{ grant perm SELECT on membership#M-1000117 to role membership#M-1000117.agent by system and assume }", + "{ grant role membership#M-1000117.agent to role membership#M-1000117.admin by system and assume }", + "{ grant role membership#M-1000117.agent to role relation#HostsharingeG-with-PARTNER-FirstGmbH.agent by system and assume }", + "{ grant role relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant to role membership#M-1000117.agent by system and assume }", null)); } @@ -223,20 +225,20 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl } @Test - public void membershipReferrer_canViewButNotUpdateRelatedMembership() { + public void membershipAgent_canViewButNotUpdateRelatedMembership() { // given context("superuser-alex@hostsharing.net"); final var givenMembership = givenSomeTemporaryMembership("First", "13"); assertThatMembershipExistsAndIsAccessibleToCurrentContext(givenMembership); assertThatMembershipIsVisibleForRole( givenMembership, - "hs_office_membership#M-1000113.referrer"); + "hs_office_membership#M-1000113.agent"); final var newValidityEnd = LocalDate.now(); // when final var result = jpaAttempt.transacted(() -> { // TODO: we should test with debitor- and partner-admin as well - context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000113.referrer"); + context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000113.agent"); givenMembership.setValidity( Range.closedOpen(givenMembership.getValidity().lower(), newValidityEnd)); return membershipRepo.save(givenMembership);