From b5ef54e83cef45b9f89100248fcb318e5ad4d4d3 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Wed, 3 Apr 2024 08:46:50 +0200 Subject: [PATCH] baseline with green tests --- .../relation/HsOfficeRelationEntity.java | 11 +-- .../hsadminng/rbac/rbacdef/RbacView.java | 1 - .../RolesGrantsAndPermissionsGenerator.java | 10 +-- .../5033-hs-office-relation-rbac.md | 7 +- .../5033-hs-office-relation-rbac.sql | 66 ++++++++++++----- .../5043-hs-office-partner-rbac.md | 3 +- .../5063-hs-office-debitor-rbac.md | 6 +- .../5073-hs-office-sepamandate-rbac.md | 3 +- .../5103-hs-office-membership-rbac.md | 3 +- .../5113-hs-office-coopshares-rbac.md | 3 +- .../5123-hs-office-coopassets-rbac.md | 3 +- ...fficeRelationControllerAcceptanceTest.java | 2 +- ...ficeRelationRepositoryIntegrationTest.java | 70 ++----------------- 13 files changed, 74 insertions(+), 114 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationEntity.java index a46ab2d9..8d6c6fe8 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationEntity.java @@ -104,18 +104,21 @@ public class HsOfficeRelationEntity implements RbacObject, Stringifyable { .createRole(OWNER, (with) -> { with.owningUser(CREATOR); with.incomingSuperRole(GLOBAL, ADMIN); - with.incomingSuperRole("holderPerson", ADMIN).where("${REF}.type = 'REPRESENTATIVE'"); + // TODO: if type=REPRESENTATIIVE + // with.incomingSuperRole("holderPerson", ADMIN); with.permission(DELETE); }) .createSubRole(ADMIN, (with) -> { - with.incomingSuperRole("anchorPerson", ADMIN).where("${REF}.type <> 'REPRESENTATIVE'"); - with.outgoingSubRole("anchorPerson", OWNER).where("${REF}.type = 'REPRESENTATIVE'"); + with.incomingSuperRole("anchorPerson", ADMIN); + // TODO: if type=REPRESENTATIIVE + // with.outgoingSuperRole("anchorPerson", OWNER); with.permission(UPDATE); }) .createSubRole(AGENT, (with) -> { - with.incomingSuperRole("holderPerson", ADMIN).where("${REF}.type <> 'REPRESENTATIVE'"); + with.incomingSuperRole("holderPerson", ADMIN); }) .createSubRole(TENANT, (with) -> { + with.incomingSuperRole("holderPerson", ADMIN); with.incomingSuperRole("contact", ADMIN); with.outgoingSubRole("anchorPerson", REFERRER); with.outgoingSubRole("holderPerson", REFERRER); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java index a09b270b..d6c2d3cc 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java @@ -14,7 +14,6 @@ import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationEntity; import net.hostsharing.hsadminng.hs.office.sepamandate.HsOfficeSepaMandateEntity; import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject; -import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject; import net.hostsharing.hsadminng.test.cust.TestCustomerEntity; import net.hostsharing.hsadminng.test.dom.TestDomainEntity; import net.hostsharing.hsadminng.test.pac.TestPackageEntity; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java index 07d70314..4c4ce134 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java @@ -301,11 +301,11 @@ class RolesGrantsAndPermissionsGenerator { .replace("${permRef}", createPerm(NEW, grantDef.getPermDef())) .replace("${superRoleRef}", roleRef(NEW, grantDef.getSuperRoleDef())); }; - if (grantDef.isConditional()) { - return "if " + grantDef.getOnlyInCaseOf() + " then\n" - + " " + grantSql + "\n" - + "end if;"; - } +// if (grantDef.isConditional()) { +// return "if " + grantDef.getOnlyInCaseOf() + " then\n" +// + " " + grantSql + "\n" +// + "end if;"; +// } return grantSql; } diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.md b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.md index be9f89b7..8014cdaf 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.md @@ -82,13 +82,12 @@ role:global:ADMIN -.-> role:contact:OWNER role:contact:OWNER -.-> role:contact:ADMIN role:contact:ADMIN -.-> role:contact:REFERRER role:global:ADMIN ==> role:relation:OWNER -role:holderPerson:ADMIN ==> |??| role:relation:OWNER role:relation:OWNER ==> role:relation:ADMIN -role:anchorPerson:ADMIN ==> |??| role:relation:ADMIN -role:relation:ADMIN ==> |??| role:anchorPerson:OWNER +role:anchorPerson:ADMIN ==> role:relation:ADMIN role:relation:ADMIN ==> role:relation:AGENT -role:holderPerson:ADMIN ==> |??| role:relation:AGENT +role:holderPerson:ADMIN ==> role:relation:AGENT role:relation:AGENT ==> role:relation:TENANT +role:holderPerson:ADMIN ==> role:relation:TENANT role:contact:ADMIN ==> role:relation:TENANT role:relation:TENANT ==> role:anchorPerson:REFERRER role:relation:TENANT ==> role:holderPerson:REFERRER diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index aca2eb93..ff890a59 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -57,12 +57,16 @@ begin perform createRoleWithGrants( hsOfficeRelationADMIN(NEW), permissions => array['UPDATE'], - incomingSuperRoles => array[hsOfficeRelationOWNER(NEW)] + incomingSuperRoles => array[ + hsOfficePersonADMIN(newAnchorPerson), + hsOfficeRelationOWNER(NEW)] ); perform createRoleWithGrants( hsOfficeRelationAGENT(NEW), - incomingSuperRoles => array[hsOfficeRelationADMIN(NEW)] + incomingSuperRoles => array[ + hsOfficePersonADMIN(newHolderPerson), + hsOfficeRelationADMIN(NEW)] ); perform createRoleWithGrants( @@ -70,6 +74,7 @@ begin permissions => array['SELECT'], incomingSuperRoles => array[ hsOfficeContactADMIN(newContact), + hsOfficePersonADMIN(newHolderPerson), hsOfficeRelationAGENT(NEW)], outgoingSubRoles => array[ hsOfficeContactREFERRER(newContact), @@ -77,19 +82,6 @@ begin hsOfficePersonREFERRER(newHolderPerson)] ); - if NEW.type <> 'REPRESENTATIVE' then - call grantRoleToRole(hsOfficeRelationADMIN(NEW), hsOfficePersonADMIN(newAnchorPerson)); - end if; - if NEW.type <> 'REPRESENTATIVE' then - call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson)); - end if; - if NEW.type = 'REPRESENTATIVE' then - call grantRoleToRole(hsOfficePersonOWNER(newAnchorPerson), hsOfficeRelationADMIN(NEW)); - end if; - if NEW.type = 'REPRESENTATIVE' then - call grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson)); - end if; - call leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -126,12 +118,48 @@ create or replace procedure updateRbacRulesForHsOfficeRelation( NEW hs_office_relation ) language plpgsql as $$ -begin - if NEW.contactUuid is distinct from OLD.contactUuid then - delete from rbacgrants g where g.grantedbytriggerof = OLD.uuid; - call buildRbacSystemForHsOfficeRelation(NEW); +declare + oldHolderPerson hs_office_person; + newHolderPerson hs_office_person; + oldAnchorPerson hs_office_person; + newAnchorPerson hs_office_person; + oldContact hs_office_contact; + newContact hs_office_contact; + +begin + call enterTriggerForObjectUuid(NEW.uuid); + + SELECT * FROM hs_office_person WHERE uuid = OLD.holderUuid INTO oldHolderPerson; + assert oldHolderPerson.uuid is not null, format('oldHolderPerson must not be null for OLD.holderUuid = %s', OLD.holderUuid); + + SELECT * FROM hs_office_person WHERE uuid = NEW.holderUuid INTO newHolderPerson; + assert newHolderPerson.uuid is not null, format('newHolderPerson must not be null for NEW.holderUuid = %s', NEW.holderUuid); + + SELECT * FROM hs_office_person WHERE uuid = OLD.anchorUuid INTO oldAnchorPerson; + assert oldAnchorPerson.uuid is not null, format('oldAnchorPerson must not be null for OLD.anchorUuid = %s', OLD.anchorUuid); + + SELECT * FROM hs_office_person WHERE uuid = NEW.anchorUuid INTO newAnchorPerson; + assert newAnchorPerson.uuid is not null, format('newAnchorPerson must not be null for NEW.anchorUuid = %s', NEW.anchorUuid); + + SELECT * FROM hs_office_contact WHERE uuid = OLD.contactUuid INTO oldContact; + assert oldContact.uuid is not null, format('oldContact must not be null for OLD.contactUuid = %s', OLD.contactUuid); + + SELECT * FROM hs_office_contact WHERE uuid = NEW.contactUuid INTO newContact; + assert newContact.uuid is not null, format('newContact must not be null for NEW.contactUuid = %s', NEW.contactUuid); + + + if NEW.contactUuid <> OLD.contactUuid then + + call revokeRoleFromRole(hsOfficeRelationTENANT(OLD), hsOfficeContactADMIN(oldContact)); + call grantRoleToRole(hsOfficeRelationTENANT(NEW), hsOfficeContactADMIN(newContact)); + + call revokeRoleFromRole(hsOfficeContactREFERRER(oldContact), hsOfficeRelationTENANT(OLD)); + call grantRoleToRole(hsOfficeContactREFERRER(newContact), hsOfficeRelationTENANT(NEW)); + end if; + + call leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.md b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.md index 44154df0..a0caa074 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.md @@ -97,13 +97,12 @@ role:global:ADMIN -.-> role:partnerRel.contact:OWNER role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER role:global:ADMIN -.-> role:partnerRel:OWNER -role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:OWNER role:partnerRel:OWNER -.-> role:partnerRel:ADMIN role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:ADMIN -role:partnerRel:ADMIN -.-> role:partnerRel.anchorPerson:OWNER role:partnerRel:ADMIN -.-> role:partnerRel:AGENT role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT role:partnerRel:AGENT -.-> role:partnerRel:TENANT +role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:TENANT role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.md b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.md index 084d163b..5c43e03d 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.md @@ -150,13 +150,12 @@ role:global:ADMIN -.-> role:debitorRel.contact:OWNER role:debitorRel.contact:OWNER -.-> role:debitorRel.contact:ADMIN role:debitorRel.contact:ADMIN -.-> role:debitorRel.contact:REFERRER role:global:ADMIN -.-> role:debitorRel:OWNER -role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:OWNER role:debitorRel:OWNER -.-> role:debitorRel:ADMIN role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel:ADMIN -role:debitorRel:ADMIN -.-> role:debitorRel.anchorPerson:OWNER role:debitorRel:ADMIN -.-> role:debitorRel:AGENT role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:AGENT role:debitorRel:AGENT -.-> role:debitorRel:TENANT +role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:TENANT role:debitorRel.contact:ADMIN -.-> role:debitorRel:TENANT role:debitorRel:TENANT -.-> role:debitorRel.anchorPerson:REFERRER role:debitorRel:TENANT -.-> role:debitorRel.holderPerson:REFERRER @@ -176,13 +175,12 @@ role:global:ADMIN -.-> role:partnerRel.contact:OWNER role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER role:global:ADMIN -.-> role:partnerRel:OWNER -role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:OWNER role:partnerRel:OWNER -.-> role:partnerRel:ADMIN role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:ADMIN -role:partnerRel:ADMIN -.-> role:partnerRel.anchorPerson:OWNER role:partnerRel:ADMIN -.-> role:partnerRel:AGENT role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT role:partnerRel:AGENT -.-> role:partnerRel:TENANT +role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:TENANT role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.md b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.md index 3bd2102e..aa3059f9 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.md @@ -109,13 +109,12 @@ role:global:ADMIN -.-> role:debitorRel.contact:OWNER role:debitorRel.contact:OWNER -.-> role:debitorRel.contact:ADMIN role:debitorRel.contact:ADMIN -.-> role:debitorRel.contact:REFERRER role:global:ADMIN -.-> role:debitorRel:OWNER -role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:OWNER role:debitorRel:OWNER -.-> role:debitorRel:ADMIN role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel:ADMIN -role:debitorRel:ADMIN -.-> role:debitorRel.anchorPerson:OWNER role:debitorRel:ADMIN -.-> role:debitorRel:AGENT role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:AGENT role:debitorRel:AGENT -.-> role:debitorRel:TENANT +role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:TENANT role:debitorRel.contact:ADMIN -.-> role:debitorRel:TENANT role:debitorRel:TENANT -.-> role:debitorRel.anchorPerson:REFERRER role:debitorRel:TENANT -.-> role:debitorRel.holderPerson:REFERRER diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md index bf205df7..3681b8e6 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md @@ -95,13 +95,12 @@ role:global:ADMIN -.-> role:partnerRel.contact:OWNER role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER role:global:ADMIN -.-> role:partnerRel:OWNER -role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:OWNER role:partnerRel:OWNER -.-> role:partnerRel:ADMIN role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:ADMIN -role:partnerRel:ADMIN -.-> role:partnerRel.anchorPerson:OWNER role:partnerRel:ADMIN -.-> role:partnerRel:AGENT role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT role:partnerRel:AGENT -.-> role:partnerRel:TENANT +role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:TENANT role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md index e4d45686..26ff3d5c 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md @@ -96,13 +96,12 @@ role:global:ADMIN -.-> role:membership.partnerRel.contact:OWNER role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact:ADMIN role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER role:global:ADMIN -.-> role:membership.partnerRel:OWNER -role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:OWNER role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:ADMIN -role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel.anchorPerson:OWNER role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT +role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:TENANT role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md index 2f6bc29d..d220a38c 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md @@ -96,13 +96,12 @@ role:global:ADMIN -.-> role:membership.partnerRel.contact:OWNER role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact:ADMIN role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER role:global:ADMIN -.-> role:membership.partnerRel:OWNER -role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:OWNER role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:ADMIN -role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel.anchorPerson:OWNER role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT +role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:TENANT role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java index 78d64e6a..54218b67 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java @@ -362,7 +362,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean assertThat(givenRelation.getContact().getLabel()).isEqualTo("seventh contact"); final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth").get(0); - final var location = RestAssured // @formatter:off + RestAssured // @formatter:off .given() .header("current-user", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java index 2813bcf6..becc29d9 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java @@ -103,69 +103,6 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()); - // when - attempt(em, () -> { - final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Bessler").stream() - .filter(p -> p.getPersonType() == UNINCORPORATED_FIRM) - .findFirst().orElseThrow(); - final var givenHolderPerson = personRepo.findPersonByOptionalNameLike("Bert").stream() - .filter(p -> p.getPersonType() == NATURAL_PERSON) - .findFirst().orElseThrow(); - final var givenContact = contactRepo.findContactByOptionalLabelLike("fourth contact").stream() - .findFirst().orElseThrow(); - final var newRelation = HsOfficeRelationEntity.builder() - .anchor(givenAnchorPerson) - .holder(givenHolderPerson) - .type(HsOfficeRelationType.SUBSCRIBER) - .mark("dummy") - .contact(givenContact) - .build(); - return toCleanup(relationRepo.save(newRelation)); - }); - - // then - assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from( - initialRoleNames, - "hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:OWNER", - "hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:ADMIN", - "hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:AGENT", - "hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:TENANT")); - assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted( - initialGrantNames, - // TODO: this grant should only be created for DEBITOR-Relationships, thus the RBAC DSL needs to support conditional grants - "{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:INSERT>hs_office_sepamandate to role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:ADMIN by system and assume }", - - "{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:DELETE to role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:OWNER by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:OWNER to role:global#global:ADMIN by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:OWNER to user:superuser-alex@hostsharing.net by hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:OWNER and assume }", - - "{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:UPDATE to role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:ADMIN by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:ADMIN to role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:OWNER by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:ADMIN to role:hs_office_person#ErbenBesslerMelBessler:ADMIN by system and assume }", - - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:AGENT to role:hs_office_person#BesslerBert:ADMIN by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:AGENT to role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:ADMIN by system and assume }", - - "{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:SELECT to role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:TENANT by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:TENANT to role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:AGENT by system and assume }", - "{ grant role:hs_office_person#BesslerBert:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:TENANT by system and assume }", - "{ grant role:hs_office_person#ErbenBesslerMelBessler:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:TENANT by system and assume }", - "{ grant role:hs_office_contact#fourthcontact:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:TENANT by system and assume }", - - // SUBSCRIBER holder person -> (represented) anchor person - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-SUBSCRIBER-BesslerBert:TENANT to role:hs_office_contact#fourthcontact:ADMIN by system and assume }", - - null) - ); - } - - @Test - public void createsAndGrantsRolesForTypeRepresentative() { - // given - context("superuser-alex@hostsharing.net"); - final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); - final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()); - // when attempt(em, () -> { final var givenAnchorPerson = personRepo.findPersonByOptionalNameLike("Bessler").stream() @@ -203,9 +140,9 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea "{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:UPDATE to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }", "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }", - "{ grant role:hs_office_person#ErbenBesslerMelBessler:OWNER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }", + "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN to role:hs_office_person#ErbenBesslerMelBessler:ADMIN by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:hs_office_person#BesslerBert:ADMIN by system and assume }", + "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office_person#BesslerBert:ADMIN by system and assume }", "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }", "{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:SELECT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }", @@ -216,6 +153,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea // REPRESENTATIVE holder person -> (represented) anchor person "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office_contact#fourthcontact:ADMIN by system and assume }", + "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office_person#BesslerBert:ADMIN by system and assume }", null) ); @@ -279,10 +217,10 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea context("superuser-alex@hostsharing.net"); final var givenRelation = givenSomeTemporaryRelationBessler( "Bert", "fifth contact"); + assertThatRelationActuallyInDatabase(givenRelation); assertThatRelationIsVisibleForUserWithRole( givenRelation, "hs_office_person#ErbenBesslerMelBessler:ADMIN"); - assertThatRelationActuallyInDatabase(givenRelation); context("superuser-alex@hostsharing.net"); final var givenContact = contactRepo.findContactByOptionalLabelLike("sixth contact").stream().findFirst().orElseThrow();