refactor to only a single global admin object global#global.admin

This commit is contained in:
Michael Hoennig 2022-09-06 13:48:30 +02:00
parent 87e2b05926
commit da793ee546
24 changed files with 211 additions and 295 deletions

View File

@ -65,21 +65,21 @@ If you have at least Docker, the Java JDK and Gradle installed in appropriate ve
# the following command should return a JSON array with just all customers: # the following command should return a JSON array with just all customers:
curl \ curl \
-H 'current-user: mike@example.org' \ -H 'current-user: alex@hostsharing.net' \
http://localhost:8080/api/test/customers http://localhost:8080/api/test/customers
# the following command should return a JSON array with just all packages visible for the admin of the customer yyy: # the following command should return a JSON array with just all packages visible for the admin of the customer yyy:
curl \ curl \
-H 'current-user: mike@example.org' -H 'assumed-roles: test_customer#yyy.admin' \ -H 'current-user: alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy.admin' \
http://localhost:8080/api/test/packages http://localhost:8080/api/test/packages
# add a new customer # add a new customer
curl \ curl \
-H 'current-user: mike@example.org' -H "Content-Type: application/json" \ -H 'current-user: alex@hostsharing.net' -H "Content-Type: application/json" \
-d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \ -d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \
-X POST http://localhost:8080/api/test/customers -X POST http://localhost:8080/api/test/customers
If you wonder who 'mike@example.org' and 'sven@example.org' are and where the data comes from: If you wonder who 'alex@hostsharing.net' and 'fran@hostsharing.net' are and where the data comes from:
Mike and Sven are just example global admin accounts as part of the example data which is automatically inserted in Testcontainers and Development environments. Mike and Sven are just example global admin accounts as part of the example data which is automatically inserted in Testcontainers and Development environments.
Also try for example 'admin@xxx.example.com' or 'unknown@example.org'. Also try for example 'admin@xxx.example.com' or 'unknown@example.org'.

View File

@ -17,7 +17,7 @@ BEGIN
-- hostmaster accessing a single customer -- hostmaster accessing a single customer
SET SESSION SESSION AUTHORIZATION restricted; SET SESSION SESSION AUTHORIZATION restricted;
SET LOCAL hsadminng.currentUser = 'mike@example.org'; SET LOCAL hsadminng.currentUser = 'alex@hostsharing.net';
SET LOCAL hsadminng.assumedRoles = ''; SET LOCAL hsadminng.assumedRoles = '';
-- SELECT * -- SELECT *
SELECT count(*) INTO resultCount SELECT count(*) INTO resultCount
@ -27,7 +27,7 @@ BEGIN
-- hostmaster listing all customers -- hostmaster listing all customers
SET SESSION SESSION AUTHORIZATION restricted; SET SESSION SESSION AUTHORIZATION restricted;
SET LOCAL hsadminng.currentUser = 'mike@example.org'; SET LOCAL hsadminng.currentUser = 'alex@hostsharing.net';
SET LOCAL hsadminng.assumedRoles = ''; SET LOCAL hsadminng.assumedRoles = '';
-- SELECT * -- SELECT *
SELECT count(*) INTO resultCount SELECT count(*) INTO resultCount
@ -54,7 +54,7 @@ BEGIN
-- hostsharing admin assuming customer role and listing all accessible packages -- hostsharing admin assuming customer role and listing all accessible packages
SET SESSION SESSION AUTHORIZATION restricted; SET SESSION SESSION AUTHORIZATION restricted;
SET LOCAL hsadminng.currentUser = 'mike@example.org'; SET LOCAL hsadminng.currentUser = 'alex@hostsharing.net';
SET LOCAL hsadminng.assumedRoles = 'test_customer#aaa.admin;test_customer#aab.admin'; SET LOCAL hsadminng.assumedRoles = 'test_customer#aaa.admin;test_customer#aab.admin';
-- SELECT * -- SELECT *
SELECT count(*) INTO resultCount SELECT count(*) INTO resultCount
@ -63,7 +63,7 @@ BEGIN
-- hostsharing admin assuming two customer admin roles and listing all accessible domains -- hostsharing admin assuming two customer admin roles and listing all accessible domains
SET SESSION SESSION AUTHORIZATION restricted; SET SESSION SESSION AUTHORIZATION restricted;
SET LOCAL hsadminng.currentUser = 'mike@example.org'; SET LOCAL hsadminng.currentUser = 'alex@hostsharing.net';
SET LOCAL hsadminng.assumedRoles = 'test_customer#aab.admin;test_customer#aac.admin'; SET LOCAL hsadminng.assumedRoles = 'test_customer#aab.admin;test_customer#aac.admin';
-- SELECT c.prefix, c.reference, uu.* -- SELECT c.prefix, c.reference, uu.*
SELECT count(*) INTO resultCount SELECT count(*) INTO resultCount
@ -75,7 +75,7 @@ BEGIN
-- hostsharing admin assuming two customer admin roles and listing all accessible domains -- hostsharing admin assuming two customer admin roles and listing all accessible domains
-- ABORT; START TRANSACTION; -- ABORT; START TRANSACTION;
SET SESSION SESSION AUTHORIZATION restricted; SET SESSION SESSION AUTHORIZATION restricted;
SET LOCAL hsadminng.currentUser = 'mike@example.org'; SET LOCAL hsadminng.currentUser = 'alex@hostsharing.net';
SET LOCAL hsadminng.assumedRoles = 'test_customer#aac.admin;test_customer#aad.admin'; SET LOCAL hsadminng.assumedRoles = 'test_customer#aac.admin;test_customer#aad.admin';
-- SELECT p.name, uu.name, dom.name -- SELECT p.name, uu.name, dom.name
SELECT count(*) INTO resultCount SELECT count(*) INTO resultCount
@ -88,7 +88,7 @@ BEGIN
-- hostsharing admin assuming two customer admin roles and listing all accessible email addresses -- hostsharing admin assuming two customer admin roles and listing all accessible email addresses
-- ABORT; START TRANSACTION; -- ABORT; START TRANSACTION;
SET SESSION SESSION AUTHORIZATION restricted; SET SESSION SESSION AUTHORIZATION restricted;
SET LOCAL hsadminng.currentUser = 'mike@example.org'; SET LOCAL hsadminng.currentUser = 'alex@hostsharing.net';
SET LOCAL hsadminng.assumedRoles = 'test_customer#aae.admin;test_customer#aaf.admin'; SET LOCAL hsadminng.assumedRoles = 'test_customer#aae.admin;test_customer#aaf.admin';
-- SELECT c.prefix, p.name as "package", ema.localPart || '@' || dom.name as "email-address" -- SELECT c.prefix, p.name as "package", ema.localPart || '@' || dom.name as "email-address"
SELECT count(*) INTO resultCount SELECT count(*) INTO resultCount

View File

@ -9,10 +9,10 @@ select isGranted(findRoleId('test_package#aaa00.owner'), findRoleId('administrat
-- call grantRoleToRole(findRoleId('administrators'), findRoleId('test_package#aaa00.owner')); -- call grantRoleToRole(findRoleId('administrators'), findRoleId('test_package#aaa00.owner'));
select count(*) select count(*)
FROM queryAllPermissionsOfSubjectIdForObjectUuids(findRbacUser('sven@example.org'), FROM queryAllPermissionsOfSubjectIdForObjectUuids(findRbacUser('fran@hostsharing.net'),
ARRAY(select uuid from customer where reference < 1100000)); ARRAY(select uuid from customer where reference < 1100000));
select count(*) select count(*)
FROM queryAllPermissionsOfSubjectId(findRbacUser('sven@example.org')); FROM queryAllPermissionsOfSubjectId(findRbacUser('fran@hostsharing.net'));
select * select *
FROM queryAllPermissionsOfSubjectId(findRbacUser('alex@example.com')); FROM queryAllPermissionsOfSubjectId(findRbacUser('alex@example.com'));
select * select *
@ -33,7 +33,7 @@ $$
userId uuid; userId uuid;
result bool; result bool;
BEGIN BEGIN
userId = findRbacUser('mike@example.org'); userId = findRbacUser('alex@hostsharing.net');
result = (SELECT * FROM isPermissionGrantedToSubject(findPermissionId('package', 94928, 'add-package'), userId)); result = (SELECT * FROM isPermissionGrantedToSubject(findPermissionId('package', 94928, 'add-package'), userId));
IF (result) THEN IF (result) THEN
RAISE EXCEPTION 'expected permission NOT to be granted, but it is'; RAISE EXCEPTION 'expected permission NOT to be granted, but it is';

View File

@ -38,7 +38,7 @@ CREATE OR REPLACE RULE "_RETURN" AS
SELECT * FROM customer WHERE isPermissionGrantedToSubject(findPermissionId('test_customer', id, 'view'), currentUserUuid()); SELECT * FROM customer WHERE isPermissionGrantedToSubject(findPermissionId('test_customer', id, 'view'), currentUserUuid());
SELECT * from cust_view LIMIT 10; SELECT * from cust_view LIMIT 10;
select queryAllPermissionsOfSubjectId(findRbacUser('mike@example.org')); select queryAllPermissionsOfSubjectId(findRbacUser('alex@hostsharing.net'));
-- access control via view-rule with join to recursive permissions - really fast (38ms for 1 million rows) -- access control via view-rule with join to recursive permissions - really fast (38ms for 1 million rows)
SET SESSION SESSION AUTHORIZATION DEFAULT; SET SESSION SESSION AUTHORIZATION DEFAULT;
@ -73,7 +73,7 @@ GRANT ALL PRIVILEGES ON cust_view TO restricted;
SET SESSION SESSION AUTHORIZATION restricted; SET SESSION SESSION AUTHORIZATION restricted;
-- SET hsadminng.currentUser TO 'alex@example.com'; -- SET hsadminng.currentUser TO 'alex@example.com';
SET hsadminng.currentUser TO 'mike@example.org'; SET hsadminng.currentUser TO 'alex@hostsharing.net';
-- SET hsadminng.currentUser TO 'aaaaouq@example.com'; -- SET hsadminng.currentUser TO 'aaaaouq@example.com';
SELECT * from cust_view where reference=1144150; SELECT * from cust_view where reference=1144150;

View File

@ -16,7 +16,7 @@ create table Global
uuid uuid primary key references RbacObject (uuid) on delete cascade, uuid uuid primary key references RbacObject (uuid) on delete cascade,
name varchar(63) unique name varchar(63) unique
); );
-- create unique index Global_Singleton on Global ((0)); create unique index Global_Singleton on Global ((0));
grant select on global to restricted; grant select on global to restricted;
--// --//
@ -70,3 +70,87 @@ create or replace function globalIdNameByUuid(uuid uuid)
select idName from global_iv iv where iv.uuid = globalIdNameByUuid.uuid; select idName from global_iv iv where iv.uuid = globalIdNameByUuid.uuid;
$$; $$;
--// --//
--liquibase formatted sql
-- ============================================================================
--changeset rbac-global-PSEUDO-OBJECT:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
A single row to be referenced as a global object.
*/
begin transaction;
call defineContext('initializing table "global"', null, null, null);
insert
into RbacObject (objecttable) values ('global');
insert
into Global (uuid, name) values ((select uuid from RbacObject where objectTable = 'global'), 'global');
commit;
--//
-- ============================================================================
--changeset rbac-global-ADMIN-ROLE:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
A global administrator role.
*/
create or replace function globalAdmin()
returns RbacRoleDescriptor
returns null on null input
stable leakproof
language sql as $$
select 'global', (select uuid from RbacObject where objectTable = 'global'), 'admin'::RbacRoleType;
$$;
begin transaction;
call defineContext('creating global admin role', null, null, null);
select createRole(globalAdmin());
commit;
-- ============================================================================
--changeset rbac-global-ADMIN-USERS:1 context:dev,tc endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Create two users and assign both to the administrators role.
*/
do language plpgsql $$
declare
admins uuid ;
begin
call defineContext('creating fake test-realm admin users', null, null, null);
admins = findRoleId(globalAdmin());
call grantRoleToUserUnchecked(admins, admins, createRbacUser('alex@hostsharing.net'));
call grantRoleToUserUnchecked(admins, admins, createRbacUser('fran@hostsharing.net'));
end;
$$;
--//
-- ============================================================================
--changeset rbac-global-TEST:1 context:dev,tc runAlways:true endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Tests if currentUserUuid() can fetch the user from the session variable.
*/
do language plpgsql $$
declare
userName varchar;
begin
call defineContext('testing currentUserUuid', null, 'fran@hostsharing.net', null);
select userName from RbacUser where uuid = currentUserUuid() into userName;
if userName <> 'fran@hostsharing.net' then
raise exception 'setting or fetching initial currentUser failed, got: %', userName;
end if;
call defineContext('testing currentUserUuid', null, 'alex@hostsharing.net', null);
select userName from RbacUser where uuid = currentUserUuid() into userName;
if userName = 'alex@hostsharing.net' then
raise exception 'currentUser should not change in one transaction, but did change, got: %', userName;
end if;
end; $$;
--//

View File

@ -1,83 +0,0 @@
--liquibase formatted sql
-- ============================================================================
--changeset test-base-GLOBAL-OBJECT:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
A single row to be referenced as a global object.
*/
begin transaction;
call defineContext('initializing table "global"', null, null, null);
insert
into RbacObject (objecttable) values ('global');
insert
into Global (uuid, name) values ((select uuid from RbacObject where objectTable = 'global'), 'test-global');
commit;
--//
-- ============================================================================
--changeset test-base-ADMIN-ROLE:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
A global administrator role.
*/
create or replace function testGlobalAdmin()
returns RbacRoleDescriptor
returns null on null input
stable leakproof
language sql as $$
select 'global', (select uuid from RbacObject where objectTable = 'global'), 'admin'::RbacRoleType;
$$;
begin transaction;
call defineContext('creating test-global admin role', null, null, null);
select createRole(testGlobalAdmin());
commit;
-- ============================================================================
--changeset test-base-ADMIN-USERS:1 context:dev,tc endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Create two users and assign both to the administrators role.
*/
do language plpgsql $$
declare
admins uuid ;
begin
call defineContext('creating fake test-realm admin users', null, null, null);
admins = findRoleId(testGlobalAdmin());
call grantRoleToUserUnchecked(admins, admins, createRbacUser('mike@example.org'));
call grantRoleToUserUnchecked(admins, admins, createRbacUser('sven@example.org'));
end;
$$;
--//
-- ============================================================================
--changeset test-base-hostsharing-TEST:1 context:dev,tc runAlways:true endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Tests if currentUserUuid() can fetch the user from the session variable.
*/
do language plpgsql $$
declare
userName varchar;
begin
call defineContext('testing currentUserUuid', null, 'sven@example.org', null);
select userName from RbacUser where uuid = currentUserUuid() into userName;
if userName <> 'sven@example.org' then
raise exception 'setting or fetching initial currentUser failed, got: %', userName;
end if;
call defineContext('testing currentUserUuid', null, 'mike@example.org', null);
select userName from RbacUser where uuid = currentUserUuid() into userName;
if userName = 'mike@example.org' then
raise exception 'currentUser should not change in one transaction, but did change, got: %', userName;
end if;
end; $$;
--//

View File

@ -69,7 +69,7 @@ begin
testCustomerOwnerUuid = createRole( testCustomerOwnerUuid = createRole(
testCustomerOwner(NEW), testCustomerOwner(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']),
beneathRole(testGlobalAdmin()) beneathRole(globalAdmin())
); );
-- the admin role for the customer's admins, who can view and add products -- the admin role for the customer's admins, who can view and add products
@ -78,7 +78,7 @@ begin
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['view', 'add-package']), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['view', 'add-package']),
-- NO auto assume for customer owner to avoid exploding permissions for administrators -- NO auto assume for customer owner to avoid exploding permissions for administrators
withUser(NEW.adminUserName, 'create'), -- implicitly ignored if null withUser(NEW.adminUserName, 'create'), -- implicitly ignored if null
grantedByRole(testGlobalAdmin()) grantedByRole(globalAdmin())
); );
-- allow the customer owner role (thus administrators) to assume the customer admin role -- allow the customer owner role (thus administrators) to assume the customer admin role
@ -208,7 +208,7 @@ do language plpgsql $$
begin begin
call defineContext('granting global add-customer permission to global admin role', null, null, null); call defineContext('granting global add-customer permission to global admin role', null, null, null);
globalAdminRoleUuid := findRoleId(testGlobalAdmin()); globalAdminRoleUuid := findRoleId(globalAdmin());
globalObjectUuid := (select uuid from global); globalObjectUuid := (select uuid from global);
addCustomerPermissions := createPermissions(globalObjectUuid, array ['add-customer']); addCustomerPermissions := createPermissions(globalObjectUuid, array ['add-customer']);
call grantPermissionsToRole(globalAdminRoleUuid, addCustomerPermissions); call grantPermissionsToRole(globalAdminRoleUuid, addCustomerPermissions);
@ -234,7 +234,7 @@ create trigger test_customer_insert_trigger
before insert before insert
on test_customer on test_customer
for each row for each row
when ( currentUser() <> 'mike@example.org' or not hasGlobalPermission('add-customer') ) when ( currentUser() <> 'alex@hostsharing.net' or not hasGlobalPermission('add-customer') )
execute procedure addTestCustomerNotAllowedForCurrentSubjects(); execute procedure addTestCustomerNotAllowedForCurrentSubjects();
--// --//

View File

@ -30,7 +30,7 @@ declare
custAdminName varchar; custAdminName varchar;
begin begin
currentTask = 'creating RBAC test customer #' || custReference || '/' || custPrefix; currentTask = 'creating RBAC test customer #' || custReference || '/' || custPrefix;
call defineContext(currentTask, null, 'mike@example.org', 'global#test-global.admin'); call defineContext(currentTask, null, 'alex@hostsharing.net', 'global#global.admin');
execute format('set local hsadminng.currentTask to %L', currentTask); execute format('set local hsadminng.currentTask to %L', currentTask);
custRowId = uuid_generate_v4(); custRowId = uuid_generate_v4();

View File

@ -1,83 +0,0 @@
--liquibase formatted sql
-- ============================================================================
--changeset hs-base-GLOBAL-OBJECT:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
A single row to be referenced as a global object.
*/
begin transaction;
call defineContext('initializing table "global"', null, null, null);
insert
into RbacObject (objecttable) values ('global');
insert
into Global (uuid, name) values ((select uuid from RbacObject where objectTable = 'global'), 'hostsharing');
commit;
--//
-- ============================================================================
--changeset hs-base-ADMIN-ROLE:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
A global administrator role.
*/
create or replace function hsHostsharingAdmin()
returns RbacRoleDescriptor
returns null on null input
stable leakproof
language sql as $$
select 'global', (select uuid from RbacObject where objectTable = 'global'), 'admin'::RbacRoleType;
$$;
begin transaction;
call defineContext('creating Hostsharing admin role', null, null, null);
select createRole(hsHostsharingAdmin());
commit;
-- ============================================================================
--changeset hs-base-ADMIN-USERS:1 context:dev,tc endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Create two users and assign both to the administrators role.
*/
do language plpgsql $$
declare
admins uuid ;
begin
call defineContext('creating fake Hostsharing admin users', null, null, null);
admins = findRoleId(hsHostsharingAdmin());
call grantRoleToUserUnchecked(admins, admins, createRbacUser('mike@hostsharing.net'));
call grantRoleToUserUnchecked(admins, admins, createRbacUser('sven@hostsharing.net'));
end;
$$;
--//
-- ============================================================================
--changeset hs-base-hostsharing-TEST:1 context:dev,tc runAlways:true endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Tests if currentUserUuid() can fetch the user from the session variable.
*/
do language plpgsql $$
declare
userName varchar;
begin
call defineContext('testing currentUserUuid', null, 'sven@hostsharing.net', null);
select userName from RbacUser where uuid = currentUserUuid() into userName;
if userName <> 'sven@hostsharing.net' then
raise exception 'setting or fetching initial currentUser failed, got: %', userName;
end if;
call defineContext('testing currentUserUuid', null, 'mike@hostsharing.net', null);
select userName from RbacUser where uuid = currentUserUuid() into userName;
if userName = 'mike@ehostsharing.net' then
raise exception 'currentUser should not change in one transaction, but did change, got: %', userName;
end if;
end; $$;
--//

View File

@ -27,8 +27,6 @@ databaseChangeLog:
file: db/changelog/059-rbac-statistics.sql file: db/changelog/059-rbac-statistics.sql
- include: - include:
file: db/changelog/080-rbac-global.sql file: db/changelog/080-rbac-global.sql
- include:
file: db/changelog/100-test-base.sql
- include: - include:
file: db/changelog/110-test-customer.sql file: db/changelog/110-test-customer.sql
- include: - include:

View File

@ -31,7 +31,7 @@ class ContextIntegrationTests {
@Test @Test
void defineWithoutHttpServletRequestUsesCallStack() { void defineWithoutHttpServletRequestUsesCallStack() {
context.define("mike@example.org", null); context.define("alex@hostsharing.net", null);
assertThat(context.getCurrentTask()) assertThat(context.getCurrentTask())
.isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack"); .isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack");
@ -41,11 +41,11 @@ class ContextIntegrationTests {
@Transactional @Transactional
void defineWithCurrentUserButWithoutAssumedRoles() { void defineWithCurrentUserButWithoutAssumedRoles() {
// when // when
context.define("mike@example.org"); context.define("alex@hostsharing.net");
// then // then
assertThat(context.getCurrentUser()). assertThat(context.getCurrentUser()).
isEqualTo("mike@example.org"); isEqualTo("alex@hostsharing.net");
assertThat(context.getCurrentUserUUid()).isNotNull(); assertThat(context.getCurrentUserUUid()).isNotNull();
@ -85,11 +85,11 @@ class ContextIntegrationTests {
@Transactional @Transactional
void defineWithCurrentUserAndAssumedRoles() { void defineWithCurrentUserAndAssumedRoles() {
// given // given
context.define("mike@example.org", "test_customer#xxx.owner;test_customer#yyy.owner"); context.define("alex@hostsharing.net", "test_customer#xxx.owner;test_customer#yyy.owner");
// when // when
final var currentUser = context.getCurrentUser(); final var currentUser = context.getCurrentUser();
assertThat(currentUser).isEqualTo("mike@example.org"); assertThat(currentUser).isEqualTo("alex@hostsharing.net");
// then // then
assertThat(context.getAssumedRoles()) assertThat(context.getAssumedRoles())

View File

@ -41,7 +41,7 @@ class HsAdminPartnerRepositoryIntegrationTest extends ContextBasedTest {
@Test @Test
public void testHostsharingAdmin_withoutAssumedRole_canCreateNewCustomer() { public void testHostsharingAdmin_withoutAssumedRole_canCreateNewCustomer() {
// given // given
context("mike@example.org", null); context("alex@hostsharing.net", null);
final var count = partnerRepository.count(); final var count = partnerRepository.count();
// when // when
@ -67,9 +67,9 @@ class HsAdminPartnerRepositoryIntegrationTest extends ContextBasedTest {
class FindAllCustomers { class FindAllCustomers {
@Test @Test
public void testGlobalAdmin_withoutAssumedRole_canViewAllCustomers() { public void globalAdmin_withoutAssumedRole_canViewAllCustomers() {
// given // given
context("mike@example.org", null); context("alex@hostsharing.net", null);
// when // when
final var result = partnerRepository.findPartnerByOptionalNameLike(null); final var result = partnerRepository.findPartnerByOptionalNameLike(null);
@ -84,9 +84,9 @@ class HsAdminPartnerRepositoryIntegrationTest extends ContextBasedTest {
class FindByPrefixLike { class FindByPrefixLike {
@Test @Test
public void testGlobalAdmin_withoutAssumedRole_canViewAllCustomers() { public void globalAdmin_withoutAssumedRole_canViewAllCustomers() {
// given // given
context("mike@example.org", null); context("alex@hostsharing.net", null);
// when // when
final var result = partnerRepository.findPartnerByOptionalNameLike("Yps"); final var result = partnerRepository.findPartnerByOptionalNameLike("Yps");

View File

@ -61,10 +61,10 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
@Test @Test
@Accepts("GRT:L(List)") @Accepts("GRT:L(List)")
void testGlobalAdmin_withoutAssumedRole_canViewAllGrants() { void globalAdmin_withoutAssumedRole_canViewAllGrants() {
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/rbac/grants") .get("http://localhost/api/rbac/grants")
@ -73,23 +73,23 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
.contentType("application/json") .contentType("application/json")
.body("", hasItem( .body("", hasItem(
allOf( allOf(
hasEntry("grantedByRoleIdName", "global#test-global.admin"), hasEntry("grantedByRoleIdName", "global#global.admin"),
hasEntry("grantedRoleIdName", "test_customer#xxx.admin"), hasEntry("grantedRoleIdName", "test_customer#xxx.admin"),
hasEntry("granteeUserName", "customer-admin@xxx.example.com") hasEntry("granteeUserName", "customer-admin@xxx.example.com")
) )
)) ))
.body("", hasItem( .body("", hasItem(
allOf( allOf(
hasEntry("grantedByRoleIdName", "global#test-global.admin"), hasEntry("grantedByRoleIdName", "global#global.admin"),
hasEntry("grantedRoleIdName", "test_customer#yyy.admin"), hasEntry("grantedRoleIdName", "test_customer#yyy.admin"),
hasEntry("granteeUserName", "customer-admin@yyy.example.com") hasEntry("granteeUserName", "customer-admin@yyy.example.com")
) )
)) ))
.body("", hasItem( .body("", hasItem(
allOf( allOf(
hasEntry("grantedByRoleIdName", "global#test-global.admin"), hasEntry("grantedByRoleIdName", "global#global.admin"),
hasEntry("grantedRoleIdName", "global#test-global.admin"), hasEntry("grantedRoleIdName", "global#global.admin"),
hasEntry("granteeUserName", "sven@example.org") hasEntry("granteeUserName", "fran@hostsharing.net")
) )
)) ))
.body("", hasItem( .body("", hasItem(
@ -112,10 +112,10 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
@Test @Test
@Accepts({ "GRT:L(List)", "GRT:X(Access Control)" }) @Accepts({ "GRT:L(List)", "GRT:X(Access Control)" })
void testGlobalAdmin_withAssumedPackageAdminRole_canViewPacketRelatedGrants() { void globalAdmin_withAssumedPackageAdminRole_canViewPacketRelatedGrants() {
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.header("assumed-roles", "test_package#yyy00.admin") .header("assumed-roles", "test_package#yyy00.admin")
.port(port) .port(port)
.when() .when()
@ -498,14 +498,14 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
RbacUserEntity findRbacUserByName(final String userName) { RbacUserEntity findRbacUserByName(final String userName) {
return jpaAttempt.transacted(() -> { return jpaAttempt.transacted(() -> {
context("mike@example.org", null); context("alex@hostsharing.net", null);
return rbacUserRepository.findByName(userName); return rbacUserRepository.findByName(userName);
}).returnedValue(); }).returnedValue();
} }
RbacRoleEntity findRbacRoleByName(final String roleName) { RbacRoleEntity findRbacRoleByName(final String roleName) {
return jpaAttempt.transacted(() -> { return jpaAttempt.transacted(() -> {
context("mike@example.org", null); context("alex@hostsharing.net", null);
return rbacRoleRepository.findByRoleName(roleName); return rbacRoleRepository.findByRoleName(roleName);
}).returnedValue(); }).returnedValue();
} }

View File

@ -83,7 +83,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
// then // then
exactlyTheseRbacGrantsAreReturned( exactlyTheseRbacGrantsAreReturned(
result, result,
"{ grant assumed role test_customer#xxx.admin to user customer-admin@xxx.example.com by role global#test-global.admin }", "{ grant assumed role test_customer#xxx.admin to user customer-admin@xxx.example.com by role global#global.admin }",
"{ grant assumed role test_package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role test_customer#xxx.admin }", "{ grant assumed role test_package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role test_customer#xxx.admin }",
"{ grant assumed role test_package#xxx01.admin to user pac-admin-xxx01@xxx.example.com by role test_customer#xxx.admin }", "{ grant assumed role test_package#xxx01.admin to user pac-admin-xxx01@xxx.example.com by role test_customer#xxx.admin }",
"{ grant assumed role test_package#xxx02.admin to user pac-admin-xxx02@xxx.example.com by role test_customer#xxx.admin }"); "{ grant assumed role test_package#xxx02.admin to user pac-admin-xxx02@xxx.example.com by role test_customer#xxx.admin }");

View File

@ -38,12 +38,12 @@ class RbacRoleControllerAcceptanceTest {
@Test @Test
@Accepts({ "ROL:L(List)" }) @Accepts({ "ROL:L(List)" })
void testGlobalAdmin_withoutAssumedRole_canViewAllRoles() { void globalAdmin_withoutAssumedRole_canViewAllRoles() {
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/rbac/roles") .get("http://localhost/api/rbac/roles")
@ -54,7 +54,7 @@ class RbacRoleControllerAcceptanceTest {
.body("", hasItem(hasEntry("roleName", "test_customer#xxx.owner"))) .body("", hasItem(hasEntry("roleName", "test_customer#xxx.owner")))
.body("", hasItem(hasEntry("roleName", "test_customer#xxx.tenant"))) .body("", hasItem(hasEntry("roleName", "test_customer#xxx.tenant")))
// ... // ...
.body("", hasItem(hasEntry("roleName", "global#test-global.admin"))) .body("", hasItem(hasEntry("roleName", "global#global.admin")))
.body("", hasItem(hasEntry("roleName", "test_customer#yyy.admin"))) .body("", hasItem(hasEntry("roleName", "test_customer#yyy.admin")))
.body("", hasItem(hasEntry("roleName", "test_package#yyy00.admin"))) .body("", hasItem(hasEntry("roleName", "test_package#yyy00.admin")))
.body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa.owner"))) .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa.owner")))
@ -64,12 +64,12 @@ class RbacRoleControllerAcceptanceTest {
@Test @Test
@Accepts({ "ROL:L(List)", "ROL:X(Access Control)" }) @Accepts({ "ROL:L(List)", "ROL:X(Access Control)" })
void testGlobalAdmin_withAssumedPackageAdminRole_canViewPackageAdminRoles() { void globalAdmin_withAssumedPackageAdminRole_canViewPackageAdminRoles() {
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.header("assumed-roles", "test_package#yyy00.admin") .header("assumed-roles", "test_package#yyy00.admin")
.port(port) .port(port)
.when() .when()

View File

@ -37,13 +37,13 @@ class RbacRoleControllerRestTest {
// when // when
mockMvc.perform(MockMvcRequestBuilders mockMvc.perform(MockMvcRequestBuilders
.get("/api/rbac/roles") .get("/api/rbac/roles")
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.accept(MediaType.APPLICATION_JSON)) .accept(MediaType.APPLICATION_JSON))
// then // then
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(jsonPath("$", hasSize(3))) .andExpect(jsonPath("$", hasSize(3)))
.andExpect(jsonPath("$[0].roleName", is("global#test-global.admin"))) .andExpect(jsonPath("$[0].roleName", is("global#global.admin")))
.andExpect(jsonPath("$[1].roleName", is("test_customer#xxx.owner"))) .andExpect(jsonPath("$[1].roleName", is("test_customer#xxx.owner")))
.andExpect(jsonPath("$[2].roleName", is("test_customer#xxx.admin"))) .andExpect(jsonPath("$[2].roleName", is("test_customer#xxx.admin")))
.andExpect(jsonPath("$[2].uuid", is(customerXxxAdmin.getUuid().toString()))) .andExpect(jsonPath("$[2].uuid", is(customerXxxAdmin.getUuid().toString())))

View File

@ -40,7 +40,7 @@ class RbacRoleRepositoryIntegrationTest {
private static final String[] ALL_TEST_DATA_ROLES = Array.of( private static final String[] ALL_TEST_DATA_ROLES = Array.of(
// @formatter:off // @formatter:off
"global#test-global.admin", "global#global.admin",
"test_customer#xxx.admin", "test_customer#xxx.owner", "test_customer#xxx.tenant", "test_customer#xxx.admin", "test_customer#xxx.owner", "test_customer#xxx.tenant",
"test_package#xxx00.admin", "test_package#xxx00.owner", "test_package#xxx00.tenant", "test_package#xxx00.admin", "test_package#xxx00.owner", "test_package#xxx00.tenant",
"test_package#xxx01.admin", "test_package#xxx01.owner", "test_package#xxx01.tenant", "test_package#xxx01.admin", "test_package#xxx01.owner", "test_package#xxx01.tenant",
@ -57,9 +57,9 @@ class RbacRoleRepositoryIntegrationTest {
); );
@Test @Test
public void testGlobalAdmin_withoutAssumedRole_canViewAllRbacRoles() { public void globalAdmin_withoutAssumedRole_canViewAllRbacRoles() {
// given // given
context.define("mike@example.org"); context.define("alex@hostsharing.net");
// when // when
final var result = rbacRoleRepository.findAll(); final var result = rbacRoleRepository.findAll();
@ -69,9 +69,9 @@ class RbacRoleRepositoryIntegrationTest {
} }
@Test @Test
public void testGlobalAdmin_withAssumedtestGlobalAdminRole_canViewAllRbacRoles() { public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacRoles() {
given: given:
context.define("mike@example.org", "global#test-global.admin"); context.define("alex@hostsharing.net", "global#global.admin");
// when // when
final var result = rbacRoleRepository.findAll(); final var result = rbacRoleRepository.findAll();
@ -111,7 +111,7 @@ class RbacRoleRepositoryIntegrationTest {
noneOfTheseRbacRolesIsReturned( noneOfTheseRbacRolesIsReturned(
result, result,
// @formatter:off // @formatter:off
"global#test-global.admin", "global#global.admin",
"test_customer#xxx.owner", "test_customer#xxx.owner",
"test_package#yyy00.admin", "test_package#yyy00.admin",
"test_package#yyy00.owner", "test_package#yyy00.owner",

View File

@ -4,7 +4,7 @@ import static java.util.UUID.randomUUID;
public class TestRbacRole { public class TestRbacRole {
public static final RbacRoleEntity hostmasterRole = rbacRole("global", "test-global", RbacRoleType.admin); public static final RbacRoleEntity hostmasterRole = rbacRole("global", "global", RbacRoleType.admin);
static final RbacRoleEntity customerXxxOwner = rbacRole("test_customer", "xxx", RbacRoleType.owner); static final RbacRoleEntity customerXxxOwner = rbacRole("test_customer", "xxx", RbacRoleType.owner);
static final RbacRoleEntity customerXxxAdmin = rbacRole("test_customer", "xxx", RbacRoleType.admin); static final RbacRoleEntity customerXxxAdmin = rbacRole("test_customer", "xxx", RbacRoleType.admin);

View File

@ -82,13 +82,13 @@ class RbacUserControllerAcceptanceTest {
@Test @Test
@Accepts({ "USR:R(Read)" }) @Accepts({ "USR:R(Read)" })
void testGlobalAdmin_withoutAssumedRole_canGetArbitraryUser() { void globalAdmin_withoutAssumedRole_canGetArbitraryUser() {
final var givenUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); final var givenUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com");
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/rbac/users/" + givenUser.getUuid()) .get("http://localhost/api/rbac/users/" + givenUser.getUuid())
@ -101,13 +101,13 @@ class RbacUserControllerAcceptanceTest {
@Test @Test
@Accepts({ "USR:R(Read)", "USR:X(Access Control)" }) @Accepts({ "USR:R(Read)", "USR:X(Access Control)" })
void testGlobalAdmin_withAssumedCustomerAdminRole_canGetUserWithinInItsRealm() { void globalAdmin_withAssumedCustomerAdminRole_canGetUserWithinInItsRealm() {
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com"); final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.header("assumed-roles", "test_customer#yyy.admin") .header("assumed-roles", "test_customer#yyy.admin")
.port(port) .port(port)
.when() .when()
@ -161,12 +161,12 @@ class RbacUserControllerAcceptanceTest {
@Test @Test
@Accepts({ "USR:L(List)" }) @Accepts({ "USR:L(List)" })
void testGlobalAdmin_withoutAssumedRole_canViewAllUsers() { void globalAdmin_withoutAssumedRole_canViewAllUsers() {
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/rbac/users") .get("http://localhost/api/rbac/users")
@ -176,23 +176,23 @@ class RbacUserControllerAcceptanceTest {
.body("", hasItem(hasEntry("name", "customer-admin@xxx.example.com"))) .body("", hasItem(hasEntry("name", "customer-admin@xxx.example.com")))
.body("", hasItem(hasEntry("name", "customer-admin@yyy.example.com"))) .body("", hasItem(hasEntry("name", "customer-admin@yyy.example.com")))
.body("", hasItem(hasEntry("name", "customer-admin@zzz.example.com"))) .body("", hasItem(hasEntry("name", "customer-admin@zzz.example.com")))
.body("", hasItem(hasEntry("name", "mike@example.org"))) .body("", hasItem(hasEntry("name", "alex@hostsharing.net")))
// ... // ...
.body("", hasItem(hasEntry("name", "pac-admin-zzz01@zzz.example.com"))) .body("", hasItem(hasEntry("name", "pac-admin-zzz01@zzz.example.com")))
.body("", hasItem(hasEntry("name", "pac-admin-zzz02@zzz.example.com"))) .body("", hasItem(hasEntry("name", "pac-admin-zzz02@zzz.example.com")))
.body("", hasItem(hasEntry("name", "sven@example.org"))) .body("", hasItem(hasEntry("name", "fran@hostsharing.net")))
.body("size()", greaterThanOrEqualTo(14)); .body("size()", greaterThanOrEqualTo(14));
// @formatter:on // @formatter:on
} }
@Test @Test
@Accepts({ "USR:F(Filter)" }) @Accepts({ "USR:F(Filter)" })
void testGlobalAdmin_withoutAssumedRole_canViewAllUsersByName() { void globalAdmin_withoutAssumedRole_canViewAllUsersByName() {
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/rbac/users?name=pac-admin-zzz0") .get("http://localhost/api/rbac/users?name=pac-admin-zzz0")
@ -208,12 +208,12 @@ class RbacUserControllerAcceptanceTest {
@Test @Test
@Accepts({ "USR:L(List)", "USR:X(Access Control)" }) @Accepts({ "USR:L(List)", "USR:X(Access Control)" })
void testGlobalAdmin_withAssumedCustomerAdminRole_canViewUsersInItsRealm() { void globalAdmin_withAssumedCustomerAdminRole_canViewUsersInItsRealm() {
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.header("assumed-roles", "test_customer#yyy.admin") .header("assumed-roles", "test_customer#yyy.admin")
.port(port) .port(port)
.when() .when()
@ -276,13 +276,13 @@ class RbacUserControllerAcceptanceTest {
@Test @Test
@Accepts({ "PRM:L(List)" }) @Accepts({ "PRM:L(List)" })
void testGlobalAdmin_withoutAssumedRole_canViewArbitraryUsersPermissions() { void globalAdmin_withoutAssumedRole_canViewArbitraryUsersPermissions() {
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com"); final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions") .get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions")
@ -310,13 +310,13 @@ class RbacUserControllerAcceptanceTest {
@Test @Test
@Accepts({ "PRM:L(List)" }) @Accepts({ "PRM:L(List)" })
void testGlobalAdmin_withAssumedCustomerAdminRole_canViewArbitraryUsersPermissions() { void globalAdmin_withAssumedCustomerAdminRole_canViewArbitraryUsersPermissions() {
final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com"); final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com");
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.header("assumed-roles", "test_package#yyy00.admin") .header("assumed-roles", "test_package#yyy00.admin")
.port(port) .port(port)
.when() .when()
@ -455,7 +455,7 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off // @formatter:off
final var location = RestAssured final var location = RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.port(port) .port(port)
.when() .when()
.delete("http://localhost/api/rbac/users/" + givenUser.getUuid()) .delete("http://localhost/api/rbac/users/" + givenUser.getUuid())
@ -470,7 +470,7 @@ class RbacUserControllerAcceptanceTest {
RbacUserEntity findRbacUserByName(final String userName) { RbacUserEntity findRbacUserByName(final String userName) {
return jpaAttempt.transacted(() -> { return jpaAttempt.transacted(() -> {
context.define("mike@example.org"); context.define("alex@hostsharing.net");
return rbacUserRepository.findByName(userName); return rbacUserRepository.findByName(userName);
}).returnedValue(); }).returnedValue();
} }

View File

@ -99,7 +99,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
private static final String[] ALL_TEST_DATA_USERS = Array.of( private static final String[] ALL_TEST_DATA_USERS = Array.of(
// @formatter:off // @formatter:off
"mike@example.org", "sven@example.org", "alex@hostsharing.net", "fran@hostsharing.net",
"customer-admin@xxx.example.com", "customer-admin@xxx.example.com",
"pac-admin-xxx00@xxx.example.com", "pac-admin-xxx01@xxx.example.com", "pac-admin-xxx02@xxx.example.com", "pac-admin-xxx00@xxx.example.com", "pac-admin-xxx01@xxx.example.com", "pac-admin-xxx02@xxx.example.com",
"customer-admin@yyy.example.com", "customer-admin@yyy.example.com",
@ -110,9 +110,9 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
); );
@Test @Test
public void testGlobalAdmin_withoutAssumedRole_canViewAllRbacUsers() { public void globalAdmin_withoutAssumedRole_canViewAllRbacUsers() {
// given // given
context("mike@example.org"); context("alex@hostsharing.net");
// when // when
final var result = rbacUserRepository.findByOptionalNameLike(null); final var result = rbacUserRepository.findByOptionalNameLike(null);
@ -122,9 +122,9 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
} }
@Test @Test
public void testGlobalAdmin_withAssumedtestGlobalAdminRole_canViewAllRbacUsers() { public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacUsers() {
given: given:
context("mike@example.org", "global#test-global.admin"); context("alex@hostsharing.net", "global#global.admin");
// when // when
final var result = rbacUserRepository.findByOptionalNameLike(null); final var result = rbacUserRepository.findByOptionalNameLike(null);
@ -134,9 +134,9 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
} }
@Test @Test
public void testGlobalAdmin_withAssumedCustomerAdminRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() { public void globalAdmin_withAssumedCustomerAdminRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() {
given: given:
context("mike@example.org", "test_customer#xxx.admin"); context("alex@hostsharing.net", "test_customer#xxx.admin");
// when // when
final var result = rbacUserRepository.findByOptionalNameLike(null); final var result = rbacUserRepository.findByOptionalNameLike(null);
@ -190,7 +190,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
private static final String[] ALL_USER_PERMISSIONS = Array.of( private static final String[] ALL_USER_PERMISSIONS = Array.of(
// @formatter:off // @formatter:off
"global#test-global.admin -> global#test-global: add-customer", "global#global.admin -> global#global: add-customer",
"test_customer#xxx.admin -> test_customer#xxx: add-package", "test_customer#xxx.admin -> test_customer#xxx: add-package",
"test_customer#xxx.admin -> test_customer#xxx: view", "test_customer#xxx.admin -> test_customer#xxx: view",
@ -237,12 +237,12 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
); );
@Test @Test
public void testGlobalAdmin_withoutAssumedRole_canViewTheirOwnPermissions() { public void globalAdmin_withoutAssumedRole_canViewTheirOwnPermissions() {
// given // given
context("mike@example.org"); context("alex@hostsharing.net");
// when // when
final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("mike@example.org")); final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("alex@hostsharing.net"));
// then // then
allTheseRbacPermissionsAreReturned(result, ALL_USER_PERMISSIONS); allTheseRbacPermissionsAreReturned(result, ALL_USER_PERMISSIONS);
@ -294,7 +294,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
public void customerAdmin_withoutAssumedRole_isNotAllowedToViewGlobalAdminsPermissions() { public void customerAdmin_withoutAssumedRole_isNotAllowedToViewGlobalAdminsPermissions() {
// given // given
context("customer-admin@xxx.example.com"); context("customer-admin@xxx.example.com");
final UUID userUuid = userUUID("mike@example.org"); final UUID userUuid = userUUID("alex@hostsharing.net");
// when // when
final var result = attempt(em, () -> final var result = attempt(em, () ->

View File

@ -39,10 +39,10 @@ class TestCustomerControllerAcceptanceTest {
class ListCustomers { class ListCustomers {
@Test @Test
void testGlobalAdmin_withoutAssumedRoles_canViewAllCustomers_ifNoCriteriaGiven() { void globalAdmin_withoutAssumedRoles_canViewAllCustomers_ifNoCriteriaGiven() {
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/test/customers") .get("http://localhost/api/test/customers")
@ -57,10 +57,10 @@ class TestCustomerControllerAcceptanceTest {
} }
@Test @Test
void testGlobalAdmin_withoutAssumedRoles_canViewMatchingCustomers_ifCriteriaGiven() { void globalAdmin_withoutAssumedRoles_canViewMatchingCustomers_ifCriteriaGiven() {
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/test/customers?prefix=y") .get("http://localhost/api/test/customers?prefix=y")
@ -73,10 +73,10 @@ class TestCustomerControllerAcceptanceTest {
} }
@Test @Test
void testGlobalAdmin_withoutAssumedCustomerAdminRole_canOnlyViewOwnCustomer() { void globalAdmin_withoutAssumedCustomerAdminRole_canOnlyViewOwnCustomer() {
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.header("assumed-roles", "test_customer#yyy.admin") .header("assumed-roles", "test_customer#yyy.admin")
.port(port) .port(port)
.when() .when()
@ -110,11 +110,11 @@ class TestCustomerControllerAcceptanceTest {
class AddCustomer { class AddCustomer {
@Test @Test
void testGlobalAdmin_withoutAssumedRole_canAddCustomer() { void globalAdmin_withoutAssumedRole_canAddCustomer() {
final var location = RestAssured // @formatter:off final var location = RestAssured // @formatter:off
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.body(""" .body("""
{ {
@ -142,13 +142,13 @@ class TestCustomerControllerAcceptanceTest {
} }
@Test @Test
void testGlobalAdmin_withoutAssumedRole_canAddCustomerWithGivenUuid() { void globalAdmin_withoutAssumedRole_canAddCustomerWithGivenUuid() {
final var givenUuid = UUID.randomUUID(); final var givenUuid = UUID.randomUUID();
final var location = RestAssured // @formatter:off final var location = RestAssured // @formatter:off
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.body(""" .body("""
{ {
@ -180,11 +180,11 @@ class TestCustomerControllerAcceptanceTest {
} }
@Test @Test
void testGlobalAdmin_withAssumedCustomerAdminRole_canNotAddCustomer() { void globalAdmin_withAssumedCustomerAdminRole_canNotAddCustomer() {
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx.admin") .header("assumed-roles", "test_customer#xxx.admin")
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.body(""" .body("""
@ -205,7 +205,7 @@ class TestCustomerControllerAcceptanceTest {
// @formatter:on // @formatter:on
// finally, the new customer was not created // finally, the new customer was not created
context.define("sven@example.org"); context.define("fran@hostsharing.net");
assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0); assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
} }
@ -234,7 +234,7 @@ class TestCustomerControllerAcceptanceTest {
// @formatter:on // @formatter:on
// finally, the new customer was not created // finally, the new customer was not created
context.define("sven@example.org"); context.define("fran@hostsharing.net");
assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0); assertThat(testCustomerRepository.findCustomerByOptionalPrefixLike("uuu")).hasSize(0);
} }
} }

View File

@ -37,9 +37,9 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
class CreateCustomer { class CreateCustomer {
@Test @Test
public void testGlobalAdmin_withoutAssumedRole_canCreateNewCustomer() { public void globalAdmin_withoutAssumedRole_canCreateNewCustomer() {
// given // given
context("mike@example.org", null); context("alex@hostsharing.net", null);
final var count = testCustomerRepository.count(); final var count = testCustomerRepository.count();
// when // when
@ -58,9 +58,9 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
} }
@Test @Test
public void testGlobalAdmin_withAssumedCustomerRole_cannotCreateNewCustomer() { public void globalAdmin_withAssumedCustomerRole_cannotCreateNewCustomer() {
// given // given
context("mike@example.org", "test_customer#xxx.admin"); context("alex@hostsharing.net", "test_customer#xxx.admin");
// when // when
final var result = attempt(em, () -> { final var result = attempt(em, () -> {
@ -104,9 +104,9 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
class FindAllCustomers { class FindAllCustomers {
@Test @Test
public void testGlobalAdmin_withoutAssumedRole_canViewAllCustomers() { public void globalAdmin_withoutAssumedRole_canViewAllCustomers() {
// given // given
context("mike@example.org", null); context("alex@hostsharing.net", null);
// when // when
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null); final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null);
@ -116,9 +116,9 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
} }
@Test @Test
public void testGlobalAdmin_withAssumedtestGlobalAdminRole_canViewAllCustomers() { public void globalAdmin_withAssumedglobalAdminRole_canViewAllCustomers() {
given: given:
context("mike@example.org", "global#test-global.admin"); context("alex@hostsharing.net", "global#global.admin");
// when // when
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null); final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null);
@ -153,9 +153,9 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest {
class FindByPrefixLike { class FindByPrefixLike {
@Test @Test
public void testGlobalAdmin_withoutAssumedRole_canViewAllCustomers() { public void globalAdmin_withoutAssumedRole_canViewAllCustomers() {
// given // given
context("mike@example.org", null); context("alex@hostsharing.net", null);
// when // when
final var result = testCustomerRepository.findCustomerByOptionalPrefixLike("yyy"); final var result = testCustomerRepository.findCustomerByOptionalPrefixLike("yyy");

View File

@ -43,7 +43,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx.admin") .header("assumed-roles", "test_customer#xxx.admin")
.port(port) .port(port)
.when() .when()
@ -65,7 +65,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx.admin") .header("assumed-roles", "test_customer#xxx.admin")
.port(port) .port(port)
.when() .when()
@ -93,7 +93,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx.admin") .header("assumed-roles", "test_customer#xxx.admin")
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.body(format(""" .body(format("""
@ -123,7 +123,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx.admin") .header("assumed-roles", "test_customer#xxx.admin")
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.body(""" .body("""
@ -152,7 +152,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off // @formatter:off
RestAssured RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx.admin") .header("assumed-roles", "test_customer#xxx.admin")
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.body("{}") .body("{}")
@ -172,7 +172,7 @@ class TestPackageControllerAcceptanceTest {
// @formatter:off // @formatter:off
return UUID.fromString(RestAssured return UUID.fromString(RestAssured
.given() .given()
.header("current-user", "mike@example.org") .header("current-user", "alex@hostsharing.net")
.header("assumed-roles", "test_customer#xxx.admin") .header("assumed-roles", "test_customer#xxx.admin")
.port(port) .port(port)
.when() .when()
@ -185,7 +185,7 @@ class TestPackageControllerAcceptanceTest {
} }
String getDescriptionOfPackage(final String packageName) { String getDescriptionOfPackage(final String packageName) {
context.define("mike@example.org","test_customer#xxx.admin"); context.define("alex@hostsharing.net","test_customer#xxx.admin");
return testPackageRepository.findAllByOptionalNameLike(packageName).get(0).getDescription(); return testPackageRepository.findAllByOptionalNameLike(packageName).get(0).getDescription();
} }
} }

View File

@ -42,9 +42,9 @@ class TestPackageRepositoryIntegrationTest {
class FindAllByOptionalNameLike { class FindAllByOptionalNameLike {
@Test @Test
public void testGlobalAdmin_withoutAssumedRole_canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() { public void globalAdmin_withoutAssumedRole_canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() {
// given // given
context.define("mike@example.org"); context.define("alex@hostsharing.net");
// when // when
final var result = testPackageRepository.findAllByOptionalNameLike(null); final var result = testPackageRepository.findAllByOptionalNameLike(null);
@ -54,9 +54,9 @@ class TestPackageRepositoryIntegrationTest {
} }
@Test @Test
public void testGlobalAdmin_withAssumedtestGlobalAdminRole__canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() { public void globalAdmin_withAssumedglobalAdminRole__canNotViewAnyPackages_becauseThoseGrantsAreNotassumedd() {
given: given:
context.define("mike@example.org", "global#test-global.admin"); context.define("alex@hostsharing.net", "global#global.admin");
// when // when
final var result = testPackageRepository.findAllByOptionalNameLike(null); final var result = testPackageRepository.findAllByOptionalNameLike(null);
@ -93,17 +93,17 @@ class TestPackageRepositoryIntegrationTest {
@Test @Test
public void supportsOptimisticLocking() throws InterruptedException { public void supportsOptimisticLocking() throws InterruptedException {
// given // given
testGlobalAdminWithAssumedRole("test_package#xxx00.admin"); globalAdminWithAssumedRole("test_package#xxx00.admin");
final var pac = testPackageRepository.findAllByOptionalNameLike("%").get(0); final var pac = testPackageRepository.findAllByOptionalNameLike("%").get(0);
// when // when
final var result1 = jpaAttempt.transacted(() -> { final var result1 = jpaAttempt.transacted(() -> {
testGlobalAdminWithAssumedRole("test_package#xxx00.admin"); globalAdminWithAssumedRole("test_package#xxx00.admin");
pac.setDescription("description set by thread 1"); pac.setDescription("description set by thread 1");
testPackageRepository.save(pac); testPackageRepository.save(pac);
}); });
final var result2 = jpaAttempt.transacted(() -> { final var result2 = jpaAttempt.transacted(() -> {
testGlobalAdminWithAssumedRole("test_package#xxx00.admin"); globalAdminWithAssumedRole("test_package#xxx00.admin");
pac.setDescription("description set by thread 2"); pac.setDescription("description set by thread 2");
testPackageRepository.save(pac); testPackageRepository.save(pac);
sleep(1500); sleep(1500);
@ -125,8 +125,8 @@ class TestPackageRepositoryIntegrationTest {
} }
} }
private void testGlobalAdminWithAssumedRole(final String assumedRoles) { private void globalAdminWithAssumedRole(final String assumedRoles) {
context.define("mike@example.org", assumedRoles); context.define("alex@hostsharing.net", assumedRoles);
} }
void noPackagesAreReturned(final List<TestPackageEntity> actualResult) { void noPackagesAreReturned(final List<TestPackageEntity> actualResult) {