diff --git a/sql/24-hs-domain.sql b/sql/24-hs-domain.sql index ece72c8a..e00a16b7 100644 --- a/sql/24-hs-domain.sql +++ b/sql/24-hs-domain.sql @@ -132,9 +132,9 @@ do language plpgsql $$ select * from package where uuid = uu.packageUuid into pac; pacAdmin = 'admin@' || pac.name || '.example.com'; - set local hsadminng.currentUser to pacAdmin; + execute format('set local hsadminng.currentTask to %L', currentTask); + execute format('set local hsadminng.currentUser to %L', pacAdmin); set local hsadminng.assumedRoles = ''; - set local hsadminng.currentTask to currentTask; insert into Domain (name, unixUserUuid) diff --git a/sql/25-hs-emailaddress.sql b/sql/25-hs-emailaddress.sql index 9aa82621..542766ae 100644 --- a/sql/25-hs-emailaddress.sql +++ b/sql/25-hs-emailaddress.sql @@ -114,9 +114,9 @@ do language plpgsql $$ raise notice 'task: %', currentTask; pacAdmin = 'admin@' || dom.packageName || '.example.com'; - set local hsadminng.currentUser to pacAdmin; + execute format('set local hsadminng.currentTask to %L', currentTask); + execute format('set local hsadminng.currentUser to %L', pacAdmin); set local hsadminng.assumedRoles = ''; - set local hsadminng.currentTask to currentTask; insert into EMailAddress (localPart, domainUuid) diff --git a/src/main/java/net/hostsharing/hsadminng/context/Context.java b/src/main/java/net/hostsharing/hsadminng/context/Context.java index 20a40c2a..22a86f72 100644 --- a/src/main/java/net/hostsharing/hsadminng/context/Context.java +++ b/src/main/java/net/hostsharing/hsadminng/context/Context.java @@ -14,6 +14,16 @@ public class Context { @PersistenceContext private EntityManager em; + @Transactional(propagation = MANDATORY) + public void setCurrentTask(final String task) { + em.createNativeQuery( + String.format( + "set local hsadminng.currentTask = '%s';", + task + ) + ).executeUpdate(); + } + @Transactional(propagation = MANDATORY) public void setCurrentUser(final String userName) { em.createNativeQuery( diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java index 9bf51819..5270ec82 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java @@ -66,6 +66,7 @@ public class RbacGrantController implements RbacgrantsApi { final String assumedRoles, final RbacGrantResource body) { + context.setCurrentTask("granting role to user"); context.setCurrentUser(currentUser); if (assumedRoles != null && !assumedRoles.isBlank()) { context.assumeRoles(assumedRoles); @@ -89,6 +90,7 @@ public class RbacGrantController implements RbacgrantsApi { final UUID grantedRoleUuid, final UUID granteeUserUuid) { + context.setCurrentTask("revoking role from user"); context.setCurrentUser(currentUser); if (assumedRoles != null && !assumedRoles.isBlank()) { context.assumeRoles(assumedRoles); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java index a00f30cf..05d172de 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java @@ -34,6 +34,8 @@ public class RbacUserController implements RbacusersApi { public ResponseEntity createUser( @RequestBody final RbacUserResource body ) { + context.setCurrentTask("creating new user: " + body.getName()); + if (body.getUuid() == null) { body.setUuid(UUID.randomUUID()); } @@ -52,7 +54,7 @@ public class RbacUserController implements RbacusersApi { final String currentUser, final String assumedRoles, final String userName) { - return null; + return null; // TODO implement getUserById } @Override diff --git a/src/main/resources/db/changelog/100-hs-base.sql b/src/main/resources/db/changelog/100-hs-base.sql index 3b8b723f..33a803bb 100644 --- a/src/main/resources/db/changelog/100-hs-base.sql +++ b/src/main/resources/db/changelog/100-hs-base.sql @@ -21,6 +21,8 @@ grant select on global to restricted; /** A single row to be referenced as a global object. */ +set local hsadminng.currentUser to 'init'; +set local hsadminng.currentTask to 'initializing table "global"'; insert into RbacObject (objecttable) values ('global'); insert @@ -91,6 +93,9 @@ create or replace function hostsharingAdmin() language sql as $$ select 'global', (select uuid from RbacObject where objectTable = 'global'), 'admin'::RbacRoleType; $$; + +set local hsadminng.currentUser to 'init'; +set local hsadminng.currentTask to 'creating Hostsharing admin role'; select createRole(hostsharingAdmin()); -- ============================================================================ @@ -103,6 +108,9 @@ do language plpgsql $$ declare admins uuid ; begin + set local hsadminng.currentUser to 'init'; + set local hsadminng.currentTask to 'creating fake Hostsharing admin users'; + admins = findRoleId(hostsharingAdmin()); call grantRoleToUserUnchecked(admins, admins, createRbacUser('mike@hostsharing.net')); call grantRoleToUserUnchecked(admins, admins, createRbacUser('sven@hostsharing.net')); diff --git a/src/main/resources/db/changelog/113-hs-customer-rbac.sql b/src/main/resources/db/changelog/113-hs-customer-rbac.sql index 391cfe5e..8ca69b0d 100644 --- a/src/main/resources/db/changelog/113-hs-customer-rbac.sql +++ b/src/main/resources/db/changelog/113-hs-customer-rbac.sql @@ -206,6 +206,9 @@ do language plpgsql $$ hostsharingObjectUuid uuid; hsAdminRoleUuid uuid ; begin + set local hsadminng.currentUser to 'init'; + set local hsadminng.currentTask to 'granting global add-customer permission to Hostsharing admin role'; + hsAdminRoleUuid := findRoleId(hostsharingAdmin()); hostsharingObjectUuid := (select uuid from global); addCustomerPermissions := createPermissions(hostsharingObjectUuid, array ['add-customer']); diff --git a/src/main/resources/db/changelog/138-hs-unixuser-test-data.sql b/src/main/resources/db/changelog/138-hs-unixuser-test-data.sql index cc7803f3..b849b91f 100644 --- a/src/main/resources/db/changelog/138-hs-unixuser-test-data.sql +++ b/src/main/resources/db/changelog/138-hs-unixuser-test-data.sql @@ -31,9 +31,9 @@ begin currentTask = 'creating RBAC test unixuser #' || t || ' for package ' || pac.name || ' #' || pac.uuid; raise notice 'task: %', currentTask; pacAdmin = 'admin@' || pac.name || '.example.com'; - set local hsadminng.currentUser to 'mike@hostsharing.net'; -- TODO: use a package-admin + execute format('set local hsadminng.currentTask to %L', currentTask); + execute format('set local hsadminng.currentUser to %L', pacAdmin); set local hsadminng.assumedRoles = ''; - set local hsadminng.currentTask to currentTask; insert into unixuser (name, packageUuid) diff --git a/src/test/java/net/hostsharing/hsadminng/context/ContextBasedTest.java b/src/test/java/net/hostsharing/hsadminng/context/ContextBasedTest.java new file mode 100644 index 00000000..67340a18 --- /dev/null +++ b/src/test/java/net/hostsharing/hsadminng/context/ContextBasedTest.java @@ -0,0 +1,38 @@ +package net.hostsharing.hsadminng.context; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.TestInfo; +import org.springframework.beans.factory.annotation.Autowired; + +import static org.assertj.core.api.Assertions.assertThat; + +public class ContextBasedTest { + + @Autowired + Context context; + + TestInfo test; + + @BeforeEach + void init(TestInfo testInfo) { + this.test = testInfo; + } + + protected void context(final String currentUser, final String assumedRoles) { + context.setCurrentTask(test.getDisplayName()); + + context.setCurrentUser(currentUser); + assertThat(context.getCurrentUser()).as("precondition").isEqualTo(currentUser); + + if (assumedRoles != null) { + context.assumeRoles(assumedRoles); + assertThat(context.getAssumedRoles()).as("precondition").containsExactly(assumedRoles.split(";")); +// } else { +// context.assumeNoSpecialRole(); + } + } + + protected void context(final String currentUser) { + context(currentUser, null); + } +} diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerRepositoryIntegrationTest.java index 6ac1d1bf..a8c60a82 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerRepositoryIntegrationTest.java @@ -1,6 +1,7 @@ package net.hostsharing.hsadminng.hs.hscustomer; import net.hostsharing.hsadminng.context.Context; +import net.hostsharing.hsadminng.context.ContextBasedTest; import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; @@ -21,10 +22,7 @@ import static org.assertj.core.api.Assertions.assertThat; @DataJpaTest @ComponentScan(basePackageClasses = { Context.class, CustomerRepository.class }) @DirtiesContext -class CustomerRepositoryIntegrationTest { - - @Autowired - Context context; +class CustomerRepositoryIntegrationTest extends ContextBasedTest { @Autowired CustomerRepository customerRepository; @@ -37,7 +35,7 @@ class CustomerRepositoryIntegrationTest { @Test public void hostsharingAdmin_withoutAssumedRole_canCreateNewCustomer() { // given - currentUser("mike@hostsharing.net"); + context("mike@hostsharing.net", null); final var count = customerRepository.count(); // when @@ -58,8 +56,7 @@ class CustomerRepositoryIntegrationTest { @Test public void hostsharingAdmin_withAssumedCustomerRole_cannotCreateNewCustomer() { // given - currentUser("mike@hostsharing.net"); - assumedRoles("customer#aaa.admin"); + context("mike@hostsharing.net", "customer#aaa.admin"); // when final var result = attempt(em, () -> { @@ -77,7 +74,7 @@ class CustomerRepositoryIntegrationTest { @Test public void customerAdmin_withoutAssumedRole_cannotCreateNewCustomer() { // given - currentUser("admin@aaa.example.com"); + context("admin@aaa.example.com", null); // when final var result = attempt(em, () -> { @@ -105,7 +102,7 @@ class CustomerRepositoryIntegrationTest { @Test public void hostsharingAdmin_withoutAssumedRole_canViewAllCustomers() { // given - currentUser("mike@hostsharing.net"); + context("mike@hostsharing.net", null); // when final var result = customerRepository.findCustomerByOptionalPrefixLike(null); @@ -117,8 +114,7 @@ class CustomerRepositoryIntegrationTest { @Test public void hostsharingAdmin_withAssumedHostsharingAdminRole_canViewAllCustomers() { given: - currentUser("mike@hostsharing.net"); - assumedRoles("global#hostsharing.admin"); + context("mike@hostsharing.net", "global#hostsharing.admin"); // when final var result = customerRepository.findCustomerByOptionalPrefixLike(null); @@ -130,7 +126,7 @@ class CustomerRepositoryIntegrationTest { @Test public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnCustomer() { // given: - currentUser("admin@aaa.example.com"); + context("admin@aaa.example.com", null); // when: final var result = customerRepository.findCustomerByOptionalPrefixLike(null); @@ -141,8 +137,7 @@ class CustomerRepositoryIntegrationTest { @Test public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnCustomer() { - currentUser("admin@aaa.example.com"); - assumedRoles("package#aaa00.admin"); + context("admin@aaa.example.com", "package#aaa00.admin"); final var result = customerRepository.findCustomerByOptionalPrefixLike(null); @@ -152,8 +147,7 @@ class CustomerRepositoryIntegrationTest { @Test public void customerAdmin_withAssumedAlienPackageAdminRole_cannotViewAnyCustomer() { // given: - currentUser("admin@aaa.example.com"); - assumedRoles("package#aab00.admin"); + context("admin@aaa.example.com", "package#aab00.admin"); // when final var result = attempt( @@ -168,7 +162,7 @@ class CustomerRepositoryIntegrationTest { @Test void unknownUser_withoutAssumedRole_cannotViewAnyCustomers() { - currentUser("unknown@example.org"); + context("unknown@example.org", null); final var result = attempt( em, @@ -182,8 +176,7 @@ class CustomerRepositoryIntegrationTest { @Test @Transactional void unknownUser_withAssumedCustomerRole_cannotViewAnyCustomers() { - currentUser("unknown@example.org"); - assumedRoles("customer#aaa.admin"); + context("unknown@example.org", "customer#aaa.admin"); final var result = attempt( em, @@ -202,7 +195,7 @@ class CustomerRepositoryIntegrationTest { @Test public void hostsharingAdmin_withoutAssumedRole_canViewAllCustomers() { // given - currentUser("mike@hostsharing.net"); + context("mike@hostsharing.net", null); // when final var result = customerRepository.findCustomerByOptionalPrefixLike("aab"); @@ -214,7 +207,7 @@ class CustomerRepositoryIntegrationTest { @Test public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnCustomer() { // given: - currentUser("admin@aaa.example.com"); + context("admin@aaa.example.com", null); // when: final var result = customerRepository.findCustomerByOptionalPrefixLike("aab"); @@ -224,16 +217,6 @@ class CustomerRepositoryIntegrationTest { } } - void currentUser(final String currentUser) { - context.setCurrentUser(currentUser); - assertThat(context.getCurrentUser()).as("precondition").isEqualTo(currentUser); - } - - void assumedRoles(final String assumedRoles) { - context.assumeRoles(assumedRoles); - assertThat(context.getAssumedRoles()).as("precondition").containsExactly(assumedRoles.split(";")); - } - void exactlyTheseCustomersAreReturned(final List actualResult, final String... customerPrefixes) { assertThat(actualResult) .hasSize(customerPrefixes.length) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java index b3fe77f2..7fc99c39 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java @@ -5,7 +5,7 @@ import io.restassured.http.ContentType; import io.restassured.response.ValidatableResponse; import net.hostsharing.hsadminng.Accepts; import net.hostsharing.hsadminng.HsadminNgApplication; -import net.hostsharing.hsadminng.context.Context; +import net.hostsharing.hsadminng.context.ContextBasedTest; import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity; import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository; import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserEntity; @@ -35,7 +35,7 @@ import static org.hamcrest.CoreMatchers.is; ) @Accepts({ "GRT:S(Schema)" }) @Transactional(readOnly = true, propagation = Propagation.NEVER) -class RbacGrantControllerAcceptanceTest { +class RbacGrantControllerAcceptanceTest extends ContextBasedTest { @LocalServerPort Integer port; @@ -43,9 +43,6 @@ class RbacGrantControllerAcceptanceTest { @Autowired EntityManager em; - @Autowired - Context context; - @Autowired RbacUserRepository rbacUserRepository; @@ -360,29 +357,29 @@ class RbacGrantControllerAcceptanceTest { List findAllGrantsOf(final Subject grantingSubject) { return jpaAttempt.transacted(() -> { - context.setCurrentUser(grantingSubject.currentUser); + context(grantingSubject.currentUser, null); return rbacGrantRepository.findAll(); }).returnedValue(); } RbacUserEntity createRBacUser() { - return jpaAttempt.transacted(() -> - rbacUserRepository.create(new RbacUserEntity( - UUID.randomUUID(), - "test-user-" + RandomStringUtils.randomAlphabetic(8) + "@example.com")) - ).returnedValue(); + return jpaAttempt.transacted(() -> { + final String newUserName = "test-user-" + RandomStringUtils.randomAlphabetic(8) + "@example.com"; + context(newUserName, null); + return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), newUserName)); + }).returnedValue(); } RbacUserEntity findRbacUserByName(final String userName) { return jpaAttempt.transacted(() -> { - context.setCurrentUser("mike@hostsharing.net"); + context("mike@hostsharing.net", null); return rbacUserRepository.findByName(userName); }).returnedValue(); } RbacRoleEntity findRbacRoleByName(final String roleName) { return jpaAttempt.transacted(() -> { - context.setCurrentUser("mike@hostsharing.net"); + context("mike@hostsharing.net", null); return rbacRoleRepository.findByRoleName(roleName); }).returnedValue(); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java index 41ff47a8..18f847d3 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java @@ -2,6 +2,7 @@ package net.hostsharing.hsadminng.rbac.rbacgrant; import net.hostsharing.hsadminng.Accepts; import net.hostsharing.hsadminng.context.Context; +import net.hostsharing.hsadminng.context.ContextBasedTest; import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository; import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserEntity; import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserRepository; @@ -27,7 +28,7 @@ import static org.assertj.core.api.Assumptions.assumeThat; @DataJpaTest @ComponentScan(basePackageClasses = { RbacGrantRepository.class, Context.class, JpaAttempt.class }) @DirtiesContext -class RbacGrantRepositoryIntegrationTest { +class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { @Autowired Context context; @@ -54,7 +55,7 @@ class RbacGrantRepositoryIntegrationTest { @Accepts({ "GRT:L(List)" }) public void packageAdmin_canViewItsRbacGrants() { // given - currentUser("aaa00@aaa.example.com"); + context("aaa00@aaa.example.com", null); // when final var result = rbacGrantRepository.findAll(); @@ -69,7 +70,7 @@ class RbacGrantRepositoryIntegrationTest { @Accepts({ "GRT:L(List)" }) public void customerAdmin_canViewItsRbacGrants() { // given - currentUser("admin@aaa.example.com"); + context("admin@aaa.example.com", null); // when final var result = rbacGrantRepository.findAll(); @@ -87,8 +88,7 @@ class RbacGrantRepositoryIntegrationTest { @Accepts({ "GRT:L(List)" }) public void customerAdmin_withAssumedRole_canOnlyViewRbacGrantsVisibleByAssumedRole() { // given: - currentUser("admin@aaa.example.com"); - assumedRoles("package#aaa00.admin"); + context("admin@aaa.example.com", "package#aaa00.admin"); // when final var result = rbacGrantRepository.findAll(); @@ -106,8 +106,7 @@ class RbacGrantRepositoryIntegrationTest { @Test public void customerAdmin_canGrantOwnPackageAdminRole_toArbitraryUser() { // given - currentUser("admin@aaa.example.com"); - assumedRoles("customer#aaa.admin"); + context("admin@aaa.example.com", "customer#aaa.admin"); final var givenArbitraryUserUuid = rbacUserRepository.findByName("aac00@aac.example.com").getUuid(); final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("package#aaa00.admin").getUuid(); @@ -135,18 +134,17 @@ class RbacGrantRepositoryIntegrationTest { record Given(RbacUserEntity arbitraryUser, UUID packageOwnerRoleUuid) {} final var given = jpaAttempt.transacted(() -> { // to find the uuids of we need to have access rights to these - currentUser("admin@aaa.example.com"); + context("admin@aaa.example.com", null); return new Given( createNewUser(), rbacRoleRepository.findByRoleName("package#aaa00.owner").getUuid() ); - }).returnedValue(); + }).assumeSuccessful().returnedValue(); // when final var attempt = jpaAttempt.transacted(() -> { // now we try to use these uuids as a less privileged user - currentUser("aaa00@aaa.example.com"); - assumedRoles("package#aaa00.admin"); + context("aaa00@aaa.example.com", "package#aaa00.admin"); final var grant = RbacGrantEntity.builder() .granteeUserUuid(given.arbitraryUser.getUuid()) .grantedRoleUuid(given.packageOwnerRoleUuid) @@ -162,7 +160,7 @@ class RbacGrantRepositoryIntegrationTest { + " forbidden for {package#aaa00.admin}"); jpaAttempt.transacted(() -> { // finally, we use the new user to make sure, no roles were granted - currentUser(given.arbitraryUser.getName()); + context(given.arbitraryUser.getName(), null); assertThat(rbacGrantRepository.findAll()) .extracting(RbacGrantEntity::toDisplay) .hasSize(0); @@ -181,15 +179,13 @@ class RbacGrantRepositoryIntegrationTest { .grantingRole("package#aaa00.admin").toUser("aac00@aac.example.com")); // when - currentUser("admin@aaa.example.com"); - assumedRoles("customer#aaa.admin"); + context("admin@aaa.example.com", "customer#aaa.admin"); final var revokeAttempt = attempt(em, () -> { rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId()); }); // then - currentUser("admin@aaa.example.com"); - assumedRoles("customer#aaa.admin"); + context("admin@aaa.example.com", "customer#aaa.admin"); assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull(); assertThat(rbacGrantRepository.findAll()) .extracting(RbacGrantEntity::getGranteeUserName) @@ -204,16 +200,14 @@ class RbacGrantRepositoryIntegrationTest { .grantingRole("package#aaa00.admin").toUser(createNewUser().getName())); // when - currentUser("aaa00@aaa.example.com"); - assumedRoles("package#aaa00.admin"); + context("aaa00@aaa.example.com", "package#aaa00.admin"); final var revokeAttempt = attempt(em, () -> { rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId()); }); // then assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull(); - currentUser("admin@aaa.example.com"); - assumedRoles("customer#aaa.admin"); + context("admin@aaa.example.com", "customer#aaa.admin"); assertThat(rbacGrantRepository.findAll()) .extracting(RbacGrantEntity::getGranteeUserName) .doesNotContain("aac00@aac.example.com"); @@ -228,8 +222,7 @@ class RbacGrantRepositoryIntegrationTest { final var grantedByRole = rbacRoleRepository.findByRoleName("package#aaa00.owner"); // when - currentUser("aaa00@aaa.example.com"); - assumedRoles("package#aaa00.admin"); + context("aaa00@aaa.example.com", "package#aaa00.admin"); final var revokeAttempt = attempt(em, () -> { rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId()); }); @@ -243,8 +236,7 @@ class RbacGrantRepositoryIntegrationTest { } private RbacGrantEntity create(GrantBuilder with) { - currentUser(with.byUserName); - assumedRoles(with.assumedRole); + context(with.byUserName, with.assumedRole); final var givenArbitraryUserUuid = rbacUserRepository.findByName(with.granteeUserName).getUuid(); final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName(with.grantedRole).getUuid(); @@ -304,16 +296,6 @@ class RbacGrantRepositoryIntegrationTest { new RbacUserEntity(null, "test-user-" + System.currentTimeMillis() + "@example.com")); } - void currentUser(final String currentUser) { - context.setCurrentUser(currentUser); - assertThat(context.getCurrentUser()).as("precondition").isEqualTo(currentUser); - } - - void assumedRoles(final String assumedRoles) { - context.assumeRoles(assumedRoles); - assertThat(context.getAssumedRoles()).as("precondition").containsExactly(assumedRoles.split(";")); - } - void exactlyTheseRbacGrantsAreReturned(final List actualResult, final String... expectedGrant) { assertThat(actualResult) .filteredOn(g -> !g.getGranteeUserName().startsWith("test-user-")) // ignore test-users created by other tests diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java index 2a3ac1c9..c9042fcc 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java @@ -1,6 +1,7 @@ package net.hostsharing.hsadminng.rbac.rbacuser; import net.hostsharing.hsadminng.context.Context; +import net.hostsharing.hsadminng.context.ContextBasedTest; import net.hostsharing.test.Array; import net.hostsharing.test.JpaAttempt; import org.junit.jupiter.api.Nested; @@ -23,10 +24,7 @@ import static org.assertj.core.api.Assertions.assertThat; @DataJpaTest @ComponentScan(basePackageClasses = { RbacUserRepository.class, Context.class, JpaAttempt.class }) @DirtiesContext -class RbacUserRepositoryIntegrationTest { - - @Autowired - Context context; +class RbacUserRepositoryIntegrationTest extends ContextBasedTest { @Autowired RbacUserRepository rbacUserRepository; @@ -43,6 +41,7 @@ class RbacUserRepositoryIntegrationTest { public void anyoneCanCreateTheirOwnUser() { // given final var givenNewUserName = "test-user-" + System.currentTimeMillis() + "@example.com"; + context(givenNewUserName, null); // when final var result = rbacUserRepository.create( @@ -52,7 +51,7 @@ class RbacUserRepositoryIntegrationTest { assertThat(result).isNotNull().extracting(RbacUserEntity::getName).isEqualTo(givenNewUserName); // and the new user entity can be fetched by the user itself - currentUser(givenNewUserName); + context(givenNewUserName); assertThat(em.find(RbacUserEntity.class, result.getUuid())) .isNotNull().extracting(RbacUserEntity::getName).isEqualTo(givenNewUserName); } @@ -67,7 +66,7 @@ class RbacUserRepositoryIntegrationTest { // when: final var result = jpaAttempt.transacted(() -> { - currentUser("admin@aaa.example.com"); + context("admin@aaa.example.com"); return rbacUserRepository.create(new RbacUserEntity(givenUuid, newUserName)); }); @@ -76,7 +75,7 @@ class RbacUserRepositoryIntegrationTest { assertThat(result.returnedValue()).isNotNull() .extracting(RbacUserEntity::getUuid).isEqualTo(givenUuid); jpaAttempt.transacted(() -> { - currentUser(newUserName); + context(newUserName); assertThat(em.find(RbacUserEntity.class, givenUuid)) .isNotNull().extracting(RbacUserEntity::getName).isEqualTo(newUserName); }); @@ -101,7 +100,7 @@ class RbacUserRepositoryIntegrationTest { @Test public void hostsharingAdmin_withoutAssumedRole_canViewAllRbacUsers() { // given - currentUser("mike@hostsharing.net"); + context("mike@hostsharing.net"); // when final var result = rbacUserRepository.findByOptionalNameLike(null); @@ -113,8 +112,7 @@ class RbacUserRepositoryIntegrationTest { @Test public void hostsharingAdmin_withAssumedHostsharingAdminRole_canViewAllRbacUsers() { given: - currentUser("mike@hostsharing.net"); - assumedRoles("global#hostsharing.admin"); + context("mike@hostsharing.net", "global#hostsharing.admin"); // when final var result = rbacUserRepository.findByOptionalNameLike(null); @@ -126,8 +124,7 @@ class RbacUserRepositoryIntegrationTest { @Test public void hostsharingAdmin_withAssumedCustomerAdminRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() { given: - currentUser("mike@hostsharing.net"); - assumedRoles("customer#aaa.admin"); + context("mike@hostsharing.net", "customer#aaa.admin"); // when final var result = rbacUserRepository.findByOptionalNameLike(null); @@ -143,7 +140,7 @@ class RbacUserRepositoryIntegrationTest { @Test public void customerAdmin_withoutAssumedRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() { // given: - currentUser("admin@aaa.example.com"); + context("admin@aaa.example.com"); // when: final var result = rbacUserRepository.findByOptionalNameLike(null); @@ -158,8 +155,7 @@ class RbacUserRepositoryIntegrationTest { @Test public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyUsersHavingRolesInThatPackage() { - currentUser("admin@aaa.example.com"); - assumedRoles("package#aaa00.admin"); + context("admin@aaa.example.com", "package#aaa00.admin"); final var result = rbacUserRepository.findByOptionalNameLike(null); @@ -168,7 +164,7 @@ class RbacUserRepositoryIntegrationTest { @Test public void packageAdmin_withoutAssumedRole_canViewOnlyUsersHavingRolesInThatPackage() { - currentUser("aaa00@aaa.example.com"); + context("aaa00@aaa.example.com"); final var result = rbacUserRepository.findByOptionalNameLike(null); @@ -231,7 +227,7 @@ class RbacUserRepositoryIntegrationTest { @Test public void hostsharingAdmin_withoutAssumedRole_canViewTheirOwnPermissions() { // given - currentUser("mike@hostsharing.net"); + context("mike@hostsharing.net"); // when final var result = rbacUserRepository.findPermissionsOfUser("mike@hostsharing.net"); @@ -243,8 +239,7 @@ class RbacUserRepositoryIntegrationTest { @Test public void hostsharingAdmin_withAssumedHostmastersRole_willThrowException() { // given - currentUser("mike@hostsharing.net"); - assumedRoles("global#hostsharing.admin"); + context("mike@hostsharing.net", "global#hostsharing.admin"); // when final var result = attempt(em, () -> @@ -260,7 +255,7 @@ class RbacUserRepositoryIntegrationTest { @Test public void customerAdmin_withoutAssumedRole_canViewTheirOwnPermissions() { // given - currentUser("admin@aaa.example.com"); + context("admin@aaa.example.com"); // when final var result = rbacUserRepository.findPermissionsOfUser("admin@aaa.example.com"); @@ -302,7 +297,7 @@ class RbacUserRepositoryIntegrationTest { @Test public void customerAdmin_withoutAssumedRole_isNotAllowedToViewGlobalAdminsPermissions() { // given - currentUser("admin@aaa.example.com"); + context("admin@aaa.example.com"); // when final var result = attempt(em, () -> @@ -318,7 +313,7 @@ class RbacUserRepositoryIntegrationTest { @Test public void customerAdmin_withoutAssumedRole_canViewAllPermissionsWithinThePacketsRealm() { // given - currentUser("admin@aaa.example.com"); + context("admin@aaa.example.com"); // when final var result = rbacUserRepository.findPermissionsOfUser("aaa00@aaa.example.com"); @@ -354,7 +349,7 @@ class RbacUserRepositoryIntegrationTest { @Test public void customerAdmin_withoutAssumedRole_canNotViewPermissionsOfUnrelatedUsers() { // given - currentUser("admin@aaa.example.com"); + context("admin@aaa.example.com"); // when final var result = rbacUserRepository.findPermissionsOfUser("aab00@aab.example.com"); @@ -366,7 +361,7 @@ class RbacUserRepositoryIntegrationTest { @Test public void packetAdmin_withoutAssumedRole_canViewAllPermissionsWithinThePacketsRealm() { // given - currentUser("aaa00@aaa.example.com"); + context("aaa00@aaa.example.com"); // when final var result = rbacUserRepository.findPermissionsOfUser("aaa00@aaa.example.com"); @@ -401,16 +396,6 @@ class RbacUserRepositoryIntegrationTest { } } - void currentUser(final String currentUser) { - context.setCurrentUser(currentUser); - assertThat(context.getCurrentUser()).as("precondition").isEqualTo(currentUser); - } - - void assumedRoles(final String assumedRoles) { - context.assumeRoles(assumedRoles); - assertThat(context.getAssumedRoles()).as("precondition").containsExactly(assumedRoles.split(";")); - } - void exactlyTheseRbacUsersAreReturned(final List actualResult, final String... expectedUserNames) { assertThat(actualResult) .filteredOn(u -> !u.getName().startsWith("test-user-")) diff --git a/src/test/java/net/hostsharing/test/JpaAttempt.java b/src/test/java/net/hostsharing/test/JpaAttempt.java index 83c9fe6e..4c66d7b3 100644 --- a/src/test/java/net/hostsharing/test/JpaAttempt.java +++ b/src/test/java/net/hostsharing/test/JpaAttempt.java @@ -132,8 +132,9 @@ public class JpaAttempt { } } - public void assertSuccessful() { + public JpaResult assumeSuccessful() { assertThat(exception).isNull();; + return this; } private String firstRootCauseMessageLineOf(final RuntimeException exception) {