hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

test code coverage improved and more JSon/field types

Browse Source
This commit is contained in:
Michael Hoennig 2019-04-25 18:53:16 +02:00
parent 070f321a06
commit a6fd210de5
11 changed files with 466 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
build.gradle
View File

@ -154,6 +154,11 @@ def jhipsterGeneratedClassesWithLowCoverage = [
'*_'
]
def specialExceptions = [
// lots of unreachable code due to error handling / verifications
'org.hostsharing.hsadminng.service.accessfilter.JSonAccessFilter'
]
jacocoTestCoverageVerification {
violationRules {
rule {
@ -165,7 +170,7 @@ jacocoTestCoverageVerification {
// Keep in mind, git will blame you ;-)
minimum = 0.95
}
excludes = jhipsterGeneratedClassesWithDecentCoverage + jhipsterGeneratedClassesWithLowCoverage
excludes = jhipsterGeneratedClassesWithDecentCoverage + jhipsterGeneratedClassesWithLowCoverage + specialExceptions
}
rule {
@ -177,6 +182,16 @@ jacocoTestCoverageVerification {
}
includes = jhipsterGeneratedClassesWithDecentCoverage
}
rule {
element = 'CLASS'
limit {
counter = 'LINE'
value = 'COVEREDRATIO'
minimum = 0.90
}
includes = specialExceptions
}
}
}

6
src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonAccessFilter.java
View File

@ -28,10 +28,6 @@ abstract class JSonAccessFilter<T> {
this.parentIdField = determineFieldWithAnnotation(dto.getClass(), ParentId.class);
}
boolean isParentIdField(final Field field) {
return field.equals(parentIdField);
}
Long getId() {
if (selfIdField == null) {
return null;
@ -95,7 +91,7 @@ abstract class JSonAccessFilter<T> {
@SuppressWarnings("unchecked")
protected Object loadDto(final Class<? extends IdToDtoResolver> resolverClass, final Long id) {
verify(id != null, "id must not be null");
verify(id != null, "id must not be null for " + resolverClass.getSimpleName());
final AutowireCapableBeanFactory beanFactory = ctx.getAutowireCapableBeanFactory();
verify(beanFactory != null, "no bean factory found, probably missing mock configuration for ApplicationContext, e.g. given(...)");

27
src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilter.java
View File

@ -11,6 +11,7 @@ import org.hostsharing.hsadminng.web.rest.errors.BadRequestAlertException;
import org.springframework.context.ApplicationContext;
import java.lang.reflect.Field;
import java.math.BigDecimal;
import java.time.LocalDate;
import java.util.HashSet;
import java.util.Set;
@ -40,8 +41,8 @@ public class JSonDeserializerWithAccessFilter<T> extends JSonAccessFilter<T> {
treeNode.fieldNames().forEachRemaining(fieldName -> {
try {
final Field field = dto.getClass().getDeclaredField(fieldName);
final Object newValue = readValue(treeNode, field);
writeValue(dto, field, newValue);
final Object newValue = readValueFromJSon(treeNode, field);
writeValueToDto(dto, field, newValue);
} catch (NoSuchFieldException e) {
throw new RuntimeException("setting field " + fieldName + " failed", e);
}
@ -69,12 +70,12 @@ public class JSonDeserializerWithAccessFilter<T> extends JSonAccessFilter<T> {
}
}
private Object readValue(final TreeNode treeNode, final Field field) {
return readValue(treeNode, field.getName(), field.getType());
private Object readValueFromJSon(final TreeNode treeNode, final Field field) {
return readValueFromJSon(treeNode, field.getName(), field.getType());
}
private Object readValue(final TreeNode treeNode, final String fieldName, final Class<?> fieldClass) {
private Object readValueFromJSon(final TreeNode treeNode, final String fieldName, final Class<?> fieldClass) {
final TreeNode fieldNode = treeNode.get(fieldName);
if (fieldNode instanceof NullNode) {
return null;
@ -88,23 +89,29 @@ public class JSonDeserializerWithAccessFilter<T> extends JSonAccessFilter<T> {
if (fieldNode instanceof LongNode) {
return ((LongNode) fieldNode).asLong();
}
if (fieldNode instanceof DoubleNode) {
// TODO: we need to figure out, why DeserializationFeature.USE_BIG_DECIMAL_FOR_FLOATS does not work
return ((DoubleNode) fieldNode).asDouble();
}
if (fieldNode instanceof ArrayNode && LocalDate.class.isAssignableFrom(fieldClass)) {
return LocalDate.of(((ArrayNode) fieldNode).get(0).asInt(), ((ArrayNode) fieldNode).get(1).asInt(), ((ArrayNode) fieldNode).get(2).asInt());
}
{
throw new NotImplementedException("property type not yet implemented: " + fieldNode + " -> " + fieldName + ": " + fieldClass);
}
throw new NotImplementedException("JSon node type not implemented: " + fieldNode.getClass() + " -> " + fieldName + ": " + fieldClass);
}
private void writeValue(final T dto, final Field field, final Object value) {
private void writeValueToDto(final T dto, final Field field, final Object value) {
if (value == null) {
ReflectionUtil.setValue(dto, field, null);
} else if (field.getType().isAssignableFrom(value.getClass())) {
ReflectionUtil.setValue(dto, field, value);
} else if (Integer.class.isAssignableFrom(field.getType()) || int.class.isAssignableFrom(field.getType())) {
} else if (int.class.isAssignableFrom(field.getType())) {
ReflectionUtil.setValue(dto, field, ((Number) value).intValue());
} else if (Long.class.isAssignableFrom(field.getType()) || long.class.isAssignableFrom(field.getType())) {
ReflectionUtil.setValue(dto, field, ((Number) value).longValue());
} else if (BigDecimal.class.isAssignableFrom(field.getType())) {
ReflectionUtil.setValue(dto, field, new BigDecimal(value.toString()));
} else if (Boolean.class.isAssignableFrom(field.getType()) || boolean.class.isAssignableFrom(field.getType())) {
ReflectionUtil.setValue(dto, field, Boolean.valueOf(value.toString()));
} else if (field.getType().isEnum()) {
ReflectionUtil.setValue(dto, field, Enum.valueOf((Class<Enum>) field.getType(), value.toString()));
} else if (LocalDate.class.isAssignableFrom(field.getType())) {

25
src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonSerializerWithAccessFilter.java
View File

@ -4,10 +4,12 @@ package org.hostsharing.hsadminng.service.accessfilter;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.SerializerProvider;
import org.apache.commons.lang3.NotImplementedException;
import org.hostsharing.hsadminng.service.util.ReflectionUtil;
import org.springframework.context.ApplicationContext;
import java.io.IOException;
import java.lang.reflect.Field;
import java.math.BigDecimal;
import java.time.LocalDate;
public class JSonSerializerWithAccessFilter<T> extends JSonAccessFilter<T> {
@ -41,32 +43,27 @@ public class JSonSerializerWithAccessFilter<T> extends JSonAccessFilter<T> {
// Alternatively extract the supported types to subclasses of some abstract class and
// here as well as in the deserializer just access the matching implementation through a map.
// Or even completely switch from Jackson to GSON?
final Object fieldValue = get(dto, field);
final Object fieldValue = ReflectionUtil.getValue(dto, field);
if (fieldValue == null) {
jsonGenerator.writeNullField(fieldName);
} else if (String.class.isAssignableFrom(field.getType())) {
jsonGenerator.writeStringField(fieldName, (String) fieldValue);
} else if (Integer.class.isAssignableFrom(field.getType()) || int.class.isAssignableFrom(field.getType())) {
jsonGenerator.writeNumberField(fieldName, (int) fieldValue);
} else if (Long.class.isAssignableFrom(field.getType()) || long.class.isAssignableFrom(field.getType())) {
jsonGenerator.writeNumberField(fieldName, (long) fieldValue);
} else if (LocalDate.class.isAssignableFrom(field.getType())) {
jsonGenerator.writeStringField(fieldName, fieldValue.toString()); // TODO proper format
jsonGenerator.writeStringField(fieldName, fieldValue.toString());
} else if (Enum.class.isAssignableFrom(field.getType())) {
jsonGenerator.writeStringField(fieldName, fieldValue.toString()); // TODO proper representation
} else if (String.class.isAssignableFrom(field.getType())) {
jsonGenerator.writeStringField(fieldName, (String) fieldValue);
jsonGenerator.writeStringField(fieldName, ((Enum) fieldValue).name());
} else if (Boolean.class.isAssignableFrom(field.getType()) || boolean.class.isAssignableFrom(field.getType())) {
jsonGenerator.writeBooleanField(fieldName, (Boolean) fieldValue);
} else if (BigDecimal.class.isAssignableFrom(field.getType())) {
jsonGenerator.writeNumberField(fieldName, (BigDecimal) fieldValue);
} else {
throw new NotImplementedException("property type not yet implemented: " + field);
}
}
}
private Object get(final Object dto, final Field field) {
try {
field.setAccessible(true);
return field.get(dto);
} catch (IllegalAccessException e) {
throw new RuntimeException("getting field " + field + " failed", e);
}
}
}

3
src/main/resources/config/application.yml
View File

@ -83,6 +83,9 @@ spring:
enabled: false
thymeleaf:
mode: HTML
jackson:
deserialization:
USE_BIG_DECIMAL_FOR_FLOATS: true
server:
servlet:

144
src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonAccessFilterTestFixture.java Normal file
View File

@ -0,0 +1,144 @@
package org.hostsharing.hsadminng.service.accessfilter;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.RandomUtils;
import org.hostsharing.hsadminng.service.IdToDtoResolver;
import org.hostsharing.hsadminng.service.dto.FluentBuilder;
import java.math.BigDecimal;
import java.time.LocalDate;
import static org.hostsharing.hsadminng.service.accessfilter.Role.*;
public class JSonAccessFilterTestFixture {
static GivenDto createSampleDto() {
final GivenDto dto = new GivenDto();
dto.customerId = 888L;
dto.restrictedField = RandomStringUtils.randomAlphabetic(10);
dto.openStringField = RandomStringUtils.randomAlphabetic(10);
dto.openIntegerField = RandomUtils.nextInt();
dto.openPrimitiveIntField = RandomUtils.nextInt();
dto.openLongField = RandomUtils.nextLong();
dto.openPrimitiveLongField = RandomUtils.nextLong();
dto.openBooleanField = true;
dto.openPrimitiveBooleanField = false;
dto.openBigDecimalField = new BigDecimal("987654321234567890987654321234567890.09");
dto.openLocalDateField = LocalDate.parse("2019-04-25");
dto.openLocalDateFieldAsString = "2019-04-25";
dto.openEnumField = TestEnum.GREEN;
dto.openEnumFieldAsString = "GREEN";
return dto;
}
static class GivenCustomerDto extends FluentBuilder<GivenCustomerDto> {
@SelfId(resolver = GivenService.class)
@AccessFor(read = ANYBODY)
Long id;
}
static abstract class GivenCustomerService implements IdToDtoResolver<GivenCustomerDto> {
}
static class GivenDto extends FluentBuilder<GivenDto> {
@SelfId(resolver = GivenService.class)
@AccessFor(read = ANYBODY)
Long id;
@ParentId(resolver = GivenCustomerService.class)
@AccessFor(init = ACTUAL_CUSTOMER_USER, update = ACTUAL_CUSTOMER_USER, read = ACTUAL_CUSTOMER_USER)
Long customerId;
@AccessFor(init = {TECHNICAL_CONTACT, FINANCIAL_CONTACT}, update = {TECHNICAL_CONTACT, FINANCIAL_CONTACT}, read = {TECHNICAL_CONTACT, FINANCIAL_CONTACT})
String restrictedField;
@AccessFor(init = ANYBODY, update = ANYBODY, read = ANYBODY)
String openStringField;
@AccessFor(init = ANYBODY, update = ANYBODY, read = ANYBODY)
Integer openIntegerField;
@AccessFor(init = ANYBODY, update = ANYBODY, read = ANYBODY)
int openPrimitiveIntField;
@AccessFor(init = ANYBODY, update = ANYBODY, read = ANYBODY)
Long openLongField;
@AccessFor(init = ANYBODY, update = ANYBODY, read = ANYBODY)
long openPrimitiveLongField;
@AccessFor(init = ANYBODY, update = ANYBODY, read = ANYBODY)
Boolean openBooleanField;
@AccessFor(read = ANYBODY)
boolean openPrimitiveBooleanField;
@AccessFor(init = ANYBODY, update = ANYBODY, read = ANYBODY)
LocalDate openLocalDateField;
transient String openLocalDateFieldAsString;
@AccessFor(init = ANYBODY, update = ANYBODY, read = ANYBODY)
LocalDate openLocalDateField2;
transient String openLocalDateField2AsString;
@AccessFor(init = ANYBODY, update = ANYBODY, read = ANYBODY)
TestEnum openEnumField;
transient String openEnumFieldAsString;
@AccessFor(init = ANYBODY, update = ANYBODY, read = ANYBODY)
BigDecimal openBigDecimalField;
@AccessFor(init = ANYBODY, update = ANYBODY, read = ANYBODY)
int[] openArrayField;
}
static abstract class GivenService implements IdToDtoResolver<GivenDto> {
}
enum TestEnum {
BLUE, GREEN
}
static abstract class GivenChildService implements IdToDtoResolver<GivenChildDto> {
}
public static class GivenChildDto extends FluentBuilder<GivenChildDto> {
@SelfId(resolver = GivenChildService.class)
@AccessFor(read = Role.ANY_CUSTOMER_USER)
Long id;
@AccessFor(init = Role.CONTRACTUAL_CONTACT, update = Role.CONTRACTUAL_CONTACT, read = ACTUAL_CUSTOMER_USER)
@ParentId(resolver = GivenService.class)
Long parentId;
@AccessFor(init = {TECHNICAL_CONTACT, FINANCIAL_CONTACT}, update = {TECHNICAL_CONTACT, FINANCIAL_CONTACT})
String restrictedField;
}
public static class GivenDtoWithMultipleSelfId {
@SelfId(resolver = GivenChildService.class)
@AccessFor(read = Role.ANY_CUSTOMER_USER)
Long id;
@SelfId(resolver = GivenChildService.class)
@AccessFor(read = Role.ANY_CUSTOMER_USER)
Long id2;
}
public static class GivenDtoWithUnknownFieldType {
@SelfId(resolver = GivenChildService.class)
@AccessFor(read = Role.ANYBODY)
Long id;
@AccessFor(init = Role.ANYBODY, read = Role.ANYBODY)
Arbitrary unknown;
}
public static class Arbitrary {
}
}

11
src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonBuilder.java
View File

@ -2,6 +2,8 @@ package org.hostsharing.hsadminng.service.accessfilter;
import org.apache.commons.lang3.tuple.ImmutablePair;
import java.util.List;
public class JSonBuilder {
@SafeVarargs
@ -12,6 +14,15 @@ public class JSonBuilder {
json.append(": ");
if (prop.right instanceof Number) {
json.append(prop.right);
} else if (prop.right instanceof List) {
json.append("[");
for ( int n = 0; n < ((List<Integer>)prop.right).size(); ++n ) {
if ( n > 0 ) {
json.append(",");
}
json.append(((List<Integer>)prop.right).get(n));
}
json.append("]");
} else {
json.append(inQuotes(prop.right));
}

179
src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilterUnitTest.java
View File

@ -3,10 +3,10 @@ package org.hostsharing.hsadminng.service.accessfilter;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.ObjectCodec;
import com.fasterxml.jackson.core.TreeNode;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.commons.lang3.NotImplementedException;
import org.apache.commons.lang3.tuple.ImmutablePair;
import org.hostsharing.hsadminng.service.IdToDtoResolver;
import org.hostsharing.hsadminng.service.dto.FluentBuilder;
import org.hostsharing.hsadminng.web.rest.errors.BadRequestAlertException;
import org.junit.Before;
import org.junit.Rule;
@ -18,10 +18,14 @@ import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
import org.springframework.context.ApplicationContext;
import java.io.IOException;
import java.math.BigDecimal;
import java.time.LocalDate;
import java.util.Arrays;
import java.util.Optional;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.catchThrowable;
import static org.hostsharing.hsadminng.service.accessfilter.JSonAccessFilterTestFixture.*;
import static org.hostsharing.hsadminng.service.accessfilter.JSonBuilder.asJSon;
import static org.hostsharing.hsadminng.service.accessfilter.MockSecurityContext.givenAuthenticatedUser;
import static org.hostsharing.hsadminng.service.accessfilter.MockSecurityContext.givenUserHavingRole;
@ -54,20 +58,33 @@ public class JSonDeserializerWithAccessFilterUnitTest {
@Mock
private GivenChildService givenChildService;
@Mock
private GivenCustomerService givenCustomerService;
@Before
public void init() {
givenAuthenticatedUser();
givenUserHavingRole(GivenDto.class, 1234L, Role.ACTUAL_CUSTOMER_USER);
given (ctx.getAutowireCapableBeanFactory()).willReturn(autowireCapableBeanFactory);
given(ctx.getAutowireCapableBeanFactory()).willReturn(autowireCapableBeanFactory);
given(autowireCapableBeanFactory.createBean(GivenService.class)).willReturn(givenService);
given(givenService.findOne(1234L)).willReturn(Optional.of(new GivenDto()
.with(dto -> dto.id = 1234L)
.with(dto -> dto.openIntegerField = 1)
.with(dto -> dto.openLongField = 2L)
.with(dto -> dto.openStringField = "3")
.with(dto -> dto.customerId = 888L)
.with(dto -> dto.openIntegerField = 11111)
.with(dto -> dto.openPrimitiveIntField = 2222)
.with(dto -> dto.openLongField = 33333333333333L)
.with(dto -> dto.openPrimitiveLongField = 44444444L)
.with(dto -> dto.openBooleanField = true)
.with(dto -> dto.openPrimitiveBooleanField = false)
.with(dto -> dto.openBigDecimalField = new BigDecimal("9876543.09"))
.with(dto -> dto.openStringField = "3333")
.with(dto -> dto.restrictedField = "initial value of restricted field")
));
given(autowireCapableBeanFactory.createBean(GivenCustomerService.class)).willReturn(givenCustomerService);
given(givenCustomerService.findOne(888L)).willReturn(Optional.of(new GivenCustomerDto()
.with(dto -> dto.id = 888L)
));
given(jsonParser.getCodec()).willReturn(codec);
}
@ -77,6 +94,7 @@ public class JSonDeserializerWithAccessFilterUnitTest {
// given
givenJSonTree(asJSon(
ImmutablePair.of("id", 1234L),
ImmutablePair.of("customerId", 888L),
ImmutablePair.of("openStringField", null)));
// when
@ -91,6 +109,7 @@ public class JSonDeserializerWithAccessFilterUnitTest {
// given
givenJSonTree(asJSon(
ImmutablePair.of("id", 1234L),
ImmutablePair.of("customerId", 888L),
ImmutablePair.of("openStringField", "String Value")));
// when
@ -105,6 +124,7 @@ public class JSonDeserializerWithAccessFilterUnitTest {
// given
givenJSonTree(asJSon(
ImmutablePair.of("id", 1234L),
ImmutablePair.of("customerId", 888L),
ImmutablePair.of("openIntegerField", 1234)));
// when
@ -115,26 +135,68 @@ public class JSonDeserializerWithAccessFilterUnitTest {
}
@Test
public void shouldDeserializeLongField() throws IOException {
// TODO: split in separate tests for each type, you see all errors at once (if any) and it's easier to debug when there are problems
public void shouldDeserializeAcessibleFieldOfAnyType() throws IOException {
// given
givenJSonTree(asJSon(
ImmutablePair.of("id", 1234L),
ImmutablePair.of("openLongField", 1234L)));
ImmutablePair.of("customerId", 888L),
ImmutablePair.of("openIntegerField", 11),
ImmutablePair.of("openPrimitiveIntField", 22),
ImmutablePair.of("openLongField", 333333333333333333L),
ImmutablePair.of("openPrimitiveLongField", 44444L),
ImmutablePair.of("openBooleanField", true),
ImmutablePair.of("openPrimitiveBooleanField", false),
// TODO: ImmutablePair.of("openBigDecimalField", new BigDecimal("99999999999999999999.1")),
// check why DeserializationFeature.USE_BIG_DECIMAL_FOR_FLOATS is not working!
ImmutablePair.of("openBigDecimalField", new BigDecimal("99999999999999.1")),
ImmutablePair.of("openLocalDateField", LocalDate.parse("2019-04-25")),
ImmutablePair.of("openLocalDateField2", Arrays.asList(2019, 4, 24)),
ImmutablePair.of("openEnumField", TestEnum.GREEN)
)
);
// when
GivenDto actualDto = new JSonDeserializerWithAccessFilter<>(ctx, jsonParser, null, GivenDto.class).deserialize();
// then
assertThat(actualDto.openLongField).isEqualTo(1234L);
assertThat(actualDto.openIntegerField).isEqualTo(11);
assertThat(actualDto.openPrimitiveIntField).isEqualTo(22);
assertThat(actualDto.openLongField).isEqualTo(333333333333333333L);
assertThat(actualDto.openPrimitiveLongField).isEqualTo(44444L);
assertThat(actualDto.openBooleanField).isEqualTo(true);
assertThat(actualDto.openPrimitiveBooleanField).isEqualTo(false);
assertThat(actualDto.openBigDecimalField).isEqualTo(new BigDecimal("99999999999999.1"));
assertThat(actualDto.openLocalDateField).isEqualTo(LocalDate.parse("2019-04-25"));
assertThat(actualDto.openLocalDateField2).isEqualTo(LocalDate.parse("2019-04-24"));
assertThat(actualDto.openEnumField).isEqualTo(TestEnum.GREEN);
}
@Test
public void shouldNotDeserializeFieldWithUnknownJSonNodeType() throws IOException {
// given
givenJSonTree(asJSon(
ImmutablePair.of("id", 1234L),
ImmutablePair.of("customerId", 888L),
ImmutablePair.of("openArrayField", Arrays.asList(11, 22, 33))
)
);
// when
Throwable exception = catchThrowable(() -> new JSonDeserializerWithAccessFilter<>(ctx, jsonParser, null, GivenDto.class).deserialize());
// then
assertThat(exception).isInstanceOf(NotImplementedException.class);
}
@Test
public void shouldDeserializeStringFieldIfRequiredRoleIsCoveredByUser() throws IOException {
// given
givenAuthenticatedUser();
givenUserHavingRole(GivenDto.class, 1234L, Role.FINANCIAL_CONTACT);
givenUserHavingRole(GivenCustomerDto.class, 888L, Role.FINANCIAL_CONTACT);
givenJSonTree(asJSon(
ImmutablePair.of("id", 1234L),
ImmutablePair.of("customerId", 888L),
ImmutablePair.of("restrictedField", "update value of restricted field")));
// when
@ -148,9 +210,10 @@ public class JSonDeserializerWithAccessFilterUnitTest {
public void shouldDeserializeUnchangedStringFieldIfRequiredRoleIsNotCoveredByUser() throws IOException {
// given
givenAuthenticatedUser();
givenUserHavingRole(GivenDto.class, 1234L, Role.ANY_CUSTOMER_USER);
givenUserHavingRole(GivenCustomerDto.class, 888L, Role.ACTUAL_CUSTOMER_USER);
givenJSonTree(asJSon(
ImmutablePair.of("id", 1234L),
ImmutablePair.of("customerId", 888L),
ImmutablePair.of("restrictedField", "initial value of restricted field")));
// when
@ -164,8 +227,11 @@ public class JSonDeserializerWithAccessFilterUnitTest {
public void shouldNotDeserializeUpatedStringFieldIfRequiredRoleIsNotCoveredByUser() throws IOException {
// given
givenAuthenticatedUser();
givenUserHavingRole(GivenDto.class, 1L, Role.ANY_CUSTOMER_USER);
givenJSonTree(asJSon(ImmutablePair.of("restrictedField", "updated value of restricted field")));
givenUserHavingRole(GivenCustomerDto.class, 888L, Role.ACTUAL_CUSTOMER_USER);
givenJSonTree(asJSon(
ImmutablePair.of("customerId", 888L),
ImmutablePair.of("restrictedField", "updated value of restricted field"))
);
// when
Throwable exception = catchThrowable(() -> new JSonDeserializerWithAccessFilter<>(ctx, jsonParser, null, GivenDto.class).deserialize());
@ -181,8 +247,11 @@ public class JSonDeserializerWithAccessFilterUnitTest {
public void shouldInitializeFieldIfRequiredRoleIsNotCoveredByUser() throws IOException {
// given
givenAuthenticatedUser();
givenUserHavingRole(GivenDto.class, 1L, Role.ANY_CUSTOMER_USER);
givenJSonTree(asJSon(ImmutablePair.of("restrictedField", "another value of restricted field")));
givenUserHavingRole(GivenCustomerDto.class, 888L, Role.ACTUAL_CUSTOMER_USER);
givenJSonTree(asJSon(
ImmutablePair.of("customerId", 888L),
ImmutablePair.of("restrictedField", "another value of restricted field"))
);
// when
Throwable exception = catchThrowable(() -> new JSonDeserializerWithAccessFilter<>(ctx, jsonParser, null, GivenDto.class).deserialize());
@ -199,7 +268,9 @@ public class JSonDeserializerWithAccessFilterUnitTest {
// given
givenAuthenticatedUser();
givenUserHavingRole(GivenDto.class, 9999L, Role.CONTRACTUAL_CONTACT);
givenJSonTree(asJSon(ImmutablePair.of("parentId", 1234L)));
givenJSonTree(asJSon(
ImmutablePair.of("parentId", 1234L))
);
// when
Throwable exception = catchThrowable(() -> new JSonDeserializerWithAccessFilter<>(ctx, jsonParser, null, GivenChildDto.class).deserialize());
@ -216,7 +287,9 @@ public class JSonDeserializerWithAccessFilterUnitTest {
// given
givenAuthenticatedUser();
givenUserHavingRole(GivenDto.class, 1234L, Role.CONTRACTUAL_CONTACT);
givenJSonTree(asJSon(ImmutablePair.of("parentId", 1234L)));
givenJSonTree(asJSon(
ImmutablePair.of("parentId", 1234L))
);
// when
final GivenChildDto actualDto = new JSonDeserializerWithAccessFilter<>(ctx, jsonParser, null, GivenChildDto.class).deserialize();
@ -229,9 +302,10 @@ public class JSonDeserializerWithAccessFilterUnitTest {
public void shouldNotUpdateFieldIfRequiredRoleIsNotCoveredByUser() throws IOException {
// given
givenAuthenticatedUser();
givenUserHavingRole(GivenDto.class, 1234L, Role.ANY_CUSTOMER_USER);
givenUserHavingRole(GivenCustomerDto.class, 888L, Role.ACTUAL_CUSTOMER_USER);
givenJSonTree(asJSon(
ImmutablePair.of("id", 1234L),
ImmutablePair.of("customerId", 888L),
ImmutablePair.of("restrictedField", "Restricted String Value")));
// when
@ -256,60 +330,29 @@ public class JSonDeserializerWithAccessFilterUnitTest {
assertThat(exception).isInstanceOf(AssertionError.class).hasMessage("multiple @SelfId detected in GivenDtoWithMultipleSelfId");
}
@Test
public void shouldDetectUnknownFieldType() throws IOException {
// given
givenAuthenticatedUser();
givenUserHavingRole(Role.ADMIN);
givenJSonTree(asJSon(ImmutablePair.of("unknown", new Arbitrary())));
// when
Throwable exception = catchThrowable(() -> new JSonDeserializerWithAccessFilter<>(ctx, jsonParser, null, GivenDtoWithUnknownFieldType.class).deserialize());
// then
assertThat(exception).isInstanceOf(NotImplementedException.class)
.hasMessageStartingWith("property type not yet implemented: ")
.hasMessageContaining("Arbitrary")
.hasMessageContaining("GivenDtoWithUnknownFieldType.unknown");
}
// --- only fixture code below ---
private void givenJSonTree(String givenJSon) throws IOException {
final ObjectMapper objectMapper = new ObjectMapper();
objectMapper.enable(DeserializationFeature.USE_BIG_DECIMAL_FOR_FLOATS);
given(codec.readTree(jsonParser)).willReturn(new ObjectMapper().readTree(givenJSon));
}
abstract class GivenService implements IdToDtoResolver<GivenDto> {
}
public static class GivenDto extends FluentBuilder<GivenDto> {
@SelfId(resolver = GivenService.class)
@AccessFor(read = Role.ANY_CUSTOMER_USER)
Long id;
@AccessFor(init = {Role.TECHNICAL_CONTACT, Role.FINANCIAL_CONTACT}, update = {Role.TECHNICAL_CONTACT, Role.FINANCIAL_CONTACT})
String restrictedField;
@AccessFor(init = Role.ANYBODY, update = Role.ANYBODY)
String openStringField;
@AccessFor(init = Role.ANYBODY, update = Role.ANYBODY)
Integer openIntegerField;
@AccessFor(init = Role.ANYBODY, update = Role.ANYBODY)
Long openLongField;
}
abstract class GivenChildService implements IdToDtoResolver<GivenChildDto> {
}
public static class GivenChildDto extends FluentBuilder<GivenChildDto> {
@SelfId(resolver = GivenChildService.class)
@AccessFor(read = Role.ANY_CUSTOMER_USER)
Long id;
@AccessFor(init = Role.CONTRACTUAL_CONTACT, update = Role.CONTRACTUAL_CONTACT, read = Role.ACTUAL_CUSTOMER_USER)
@ParentId(resolver = GivenService.class)
Long parentId;
@AccessFor(init = {Role.TECHNICAL_CONTACT, Role.FINANCIAL_CONTACT}, update = {Role.TECHNICAL_CONTACT, Role.FINANCIAL_CONTACT})
String restrictedField;
}
public static class GivenDtoWithMultipleSelfId {
@SelfId(resolver = GivenChildService.class)
@AccessFor(read = Role.ANY_CUSTOMER_USER)
Long id;
@SelfId(resolver = GivenChildService.class)
@AccessFor(read = Role.ANY_CUSTOMER_USER)
Long id2;
}
}

132
src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonSerializerWithAccessFilterUnitTest.java
View File

@ -2,10 +2,6 @@ package org.hostsharing.hsadminng.service.accessfilter;
import com.fasterxml.jackson.core.JsonGenerator;
import org.apache.commons.lang3.NotImplementedException;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.RandomUtils;
import org.hostsharing.hsadminng.service.IdToDtoResolver;
import org.hostsharing.hsadminng.service.dto.FluentBuilder;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
@ -20,6 +16,7 @@ import java.util.Optional;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.catchThrowable;
import static org.hostsharing.hsadminng.service.accessfilter.JSonAccessFilterTestFixture.*;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
@ -64,6 +61,87 @@ public class JSonSerializerWithAccessFilterUnitTest {
verify(jsonGenerator).writeStringField("openStringField", givenDTO.openStringField);
}
@Test
public void shouldSerializeIntegerField() throws IOException {
// when
new JSonSerializerWithAccessFilter<>(ctx, jsonGenerator, null, givenDTO).serialize();
// then
verify(jsonGenerator).writeNumberField("openIntegerField", givenDTO.openIntegerField);
}
@Test
public void shouldSerializePrimitiveIntField() throws IOException {
// when
new JSonSerializerWithAccessFilter<>(ctx, jsonGenerator, null, givenDTO).serialize();
// then
verify(jsonGenerator).writeNumberField("openPrimitiveIntField", givenDTO.openPrimitiveIntField);
}
@Test
public void shouldSerializeLongField() throws IOException {
// when
new JSonSerializerWithAccessFilter<>(ctx, jsonGenerator, null, givenDTO).serialize();
// then
verify(jsonGenerator).writeNumberField("openLongField", givenDTO.openLongField);
}
@Test
public void shouldSerializePrimitiveLongField() throws IOException {
// when
new JSonSerializerWithAccessFilter<>(ctx, jsonGenerator, null, givenDTO).serialize();
// then
verify(jsonGenerator).writeNumberField("openPrimitiveLongField", givenDTO.openPrimitiveLongField);
}
@Test
public void shouldSerializeBooleanField() throws IOException {
// when
new JSonSerializerWithAccessFilter<>(ctx, jsonGenerator, null, givenDTO).serialize();
// then
verify(jsonGenerator).writeBooleanField("openBooleanField", givenDTO.openBooleanField);
}
@Test
public void shouldSerializePrimitiveBooleanField() throws IOException {
// when
new JSonSerializerWithAccessFilter<>(ctx, jsonGenerator, null, givenDTO).serialize();
// then
verify(jsonGenerator).writeBooleanField("openPrimitiveBooleanField", givenDTO.openPrimitiveBooleanField);
}
@Test
public void shouldSerializeBigDecimalField() throws IOException {
// when
new JSonSerializerWithAccessFilter<>(ctx, jsonGenerator, null, givenDTO).serialize();
// then
verify(jsonGenerator).writeNumberField("openBigDecimalField", givenDTO.openBigDecimalField);
}
@Test
public void shouldSerializeLocalDateField() throws IOException {
// when
new JSonSerializerWithAccessFilter<>(ctx, jsonGenerator, null, givenDTO).serialize();
// then
verify(jsonGenerator).writeStringField("openLocalDateField", givenDTO.openLocalDateFieldAsString);
}
@Test
public void shouldSerializeEnumField() throws IOException {
// when
new JSonSerializerWithAccessFilter<>(ctx, jsonGenerator, null, givenDTO).serialize();
// then
verify(jsonGenerator).writeStringField("openEnumField", givenDTO.openEnumFieldAsString);
}
@Test
public void shouldSerializeRestrictedFieldIfRequiredRoleIsCoveredByUser() throws IOException {
@ -113,50 +191,4 @@ public class JSonSerializerWithAccessFilterUnitTest {
// --- fixture code below ---
private GivenDto createSampleDto() {
final GivenDto dto = new GivenDto();
dto.customerId = 888L;
dto.restrictedField = RandomStringUtils.randomAlphabetic(10);
dto.openStringField = RandomStringUtils.randomAlphabetic(10);
dto.openIntegerField = RandomUtils.nextInt();
dto.openLongField = RandomUtils.nextLong();
return dto;
}
private static class GivenCustomerDto extends FluentBuilder<GivenCustomerDto> {
@SelfId(resolver = GivenService.class)
@AccessFor(read = Role.ANYBODY)
Long id;
}
private abstract class GivenCustomerService implements IdToDtoResolver<GivenCustomerDto> {
}
private static class GivenDto {
@SelfId(resolver = GivenService.class)
@AccessFor(read = Role.ANYBODY)
Long id;
@ParentId(resolver = GivenCustomerService.class)
@AccessFor(read = {Role.TECHNICAL_CONTACT, Role.FINANCIAL_CONTACT})
Long customerId;
@AccessFor(read = {Role.TECHNICAL_CONTACT, Role.FINANCIAL_CONTACT})
String restrictedField;
@AccessFor(read = Role.ANYBODY)
String openStringField;
@AccessFor(read = Role.ANYBODY)
Integer openIntegerField;
@AccessFor(read = Role.ANYBODY)
Long openLongField;
}
private abstract class GivenService implements IdToDtoResolver<GivenService> {
}
}

47
src/test/java/org/hostsharing/hsadminng/service/accessfilter/RoleUnitTest.java
View File

@ -2,6 +2,8 @@ package org.hostsharing.hsadminng.service.accessfilter;
import org.junit.Test;
import java.lang.reflect.Field;
import static org.assertj.core.api.Assertions.assertThat;
public class RoleUnitTest {
@ -69,15 +71,60 @@ public class RoleUnitTest {
assertThat(Role.FINANCIAL_CONTACT.covers(Role.ACTUAL_CUSTOMER_USER)).isFalse();
}
@Test
public void isIndependent() {
assertThat(Role.HOSTMASTER.isIndependent()).isTrue();
assertThat(Role.SUPPORTER.isIndependent()).isTrue();
assertThat(Role.CONTRACTUAL_CONTACT.isIndependent()).isFalse();
assertThat(Role.ANY_CUSTOMER_USER.isIndependent()).isFalse();
}
@Test
public void isBroadest() {
assertThat(Role.broadest(Role.HOSTMASTER, Role.CONTRACTUAL_CONTACT)).isEqualTo(Role.HOSTMASTER);
assertThat(Role.broadest(Role.CONTRACTUAL_CONTACT, Role.HOSTMASTER)).isEqualTo(Role.HOSTMASTER);
assertThat(Role.broadest(Role.CONTRACTUAL_CONTACT, Role.ANY_CUSTOMER_USER)).isEqualTo(Role.CONTRACTUAL_CONTACT);
}
@Test
public void isAllowedToInit() {
assertThat(Role.HOSTMASTER.isAllowedToInit(someFieldWithoutAccessForAnnotation)).isFalse();
assertThat(Role.SUPPORTER.isAllowedToInit(someFieldWithoutAccessForAnnotation)).isFalse();
assertThat(Role.ADMIN.isAllowedToInit(someFieldWithAccessForAnnotation)).isTrue();
}
@Test
public void isAllowedToUpdate() {
assertThat(Role.HOSTMASTER.isAllowedToUpdate(someFieldWithoutAccessForAnnotation)).isFalse();
assertThat(Role.ANY_CUSTOMER_CONTACT.isAllowedToUpdate(someFieldWithAccessForAnnotation)).isFalse();
assertThat(Role.SUPPORTER.isAllowedToUpdate(someFieldWithAccessForAnnotation)).isTrue();
}
@Test
public void isAllowedToRead() {
assertThat(Role.HOSTMASTER.isAllowedToRead(someFieldWithoutAccessForAnnotation)).isFalse();
assertThat(Role.ANY_CUSTOMER_USER.isAllowedToRead(someFieldWithAccessForAnnotation)).isFalse();
assertThat(Role.ANY_CUSTOMER_CONTACT.isAllowedToRead(someFieldWithAccessForAnnotation)).isTrue();
}
// --- only test fixture below ---
static class TestDto {
@AccessFor(init = Role.ADMIN, update = Role.SUPPORTER, read = Role.ANY_CUSTOMER_CONTACT)
private Integer someFieldWithAccessForAnnotation;
private Integer someFieldWithoutAccessForAnnotation;
}
private static Field someFieldWithoutAccessForAnnotation;
private static Field someFieldWithAccessForAnnotation;
static {
try {
someFieldWithoutAccessForAnnotation = TestDto.class.getDeclaredField("someFieldWithoutAccessForAnnotation");
someFieldWithAccessForAnnotation = TestDto.class.getDeclaredField("someFieldWithAccessForAnnotation");
} catch (NoSuchFieldException e) {
throw new AssertionError("precondition failed", e);
}
}
}

24
src/test/java/org/hostsharing/hsadminng/web/rest/CustomerResourceIntTest.java
View File

@ -236,7 +236,29 @@ public class CustomerResourceIntTest {
@Test
@Transactional
public void createCustomerWithExistingId() throws Exception {
public void createCustomerWithExistingIdIsRejected() throws Exception {
// Initialize the database
final long existingCustomerId = customerRepository.saveAndFlush(customer).getId();
int databaseSizeBeforeCreate = customerRepository.findAll().size();
// Create the Customer with an existing ID
customer.setId(existingCustomerId);
CustomerDTO customerDTO = customerMapper.toDto(customer);
// An entity with an existing ID cannot be created, so this API call must fail
restCustomerMockMvc.perform(post("/api/customers")
.contentType(TestUtil.APPLICATION_JSON_UTF8)
.content(TestUtil.convertObjectToJsonBytes(customerDTO)))
.andExpect(status().isBadRequest());
// Validate the Customer in the database
List<Customer> customerList = customerRepository.findAll();
assertThat(customerList).hasSize(databaseSizeBeforeCreate);
}
@Test
@Transactional
public void createCustomerWithNonExistingIdIsRejected() throws Exception {
int databaseSizeBeforeCreate = customerRepository.findAll().size();
// Create the Customer with an existing ID